From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34954)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dj5vv-0006hG-Cq
	for guix-patches@gnu.org; Sat, 19 Aug 2017 11:45:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dj5vq-0001PW-Cm
	for guix-patches@gnu.org; Sat, 19 Aug 2017 11:45:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:37064)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dj5vq-0001PO-91
	for guix-patches@gnu.org; Sat, 19 Aug 2017 11:45:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dj5vq-0004YS-27
	for guix-patches@gnu.org; Sat, 19 Aug 2017 11:45:02 -0400
Subject: [bug#28147] [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935, 12936,
	12937}.
Resent-Message-ID: <handler.28147.B.150315747817460@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34903)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kei@openmailbox.org>) id 1dj5vE-0006T2-Kj
	for guix-patches@gnu.org; Sat, 19 Aug 2017 11:44:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kei@openmailbox.org>) id 1dj5vB-000166-FZ
	for guix-patches@gnu.org; Sat, 19 Aug 2017 11:44:24 -0400
Received: from lb1.openmailbox.org ([5.79.108.160]:56608
	helo=mta-1.openmailbox.og)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <kei@openmailbox.org>) id 1dj5vB-00015Z-4f
	for guix-patches@gnu.org; Sat, 19 Aug 2017 11:44:21 -0400
Received: from [127.0.0.1] (unknown [10.0.0.4])
	by mta-1.openmailbox.og (Postfix) with ESMTP id 936664E001C
	for <guix-patches@gnu.org>; Sat, 19 Aug 2017 17:44:17 +0200 (CEST)
Content-Type: multipart/mixed; boundary="===============4289273377680358066=="
MIME-Version: 1.0
From: kei@openmailbox.org
Date: Sat, 19 Aug 2017 15:44:17 -0000
Message-Id: <20170819154419.70A3A4E003E@mta-1.openmailbox.og>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 28147@debbugs.gnu.org

--===============4289273377680358066==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64


--===============4289273377680358066==
Content-Type: text/x-patch
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="0001-gnu-graphicsmagick-Fix-CVE-2017-12935-12936-12937.patch"

RnJvbSBlMTg0ZDQ0MjlhMDBiNjVmZjIzNzg2NGNjZTA0ZDEwNjFhY2NkYmJjIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLZWkgS2VicmVhdSA8a2VpQG9wZW5tYWlsYm94Lm9yZz4KRGF0ZTogU2F0LCAxOSBBdWcgMjAxNyAxMTozOTozMyAtMDQwMApTdWJqZWN0OiBbUEFUQ0hdIGdudTogZ3JhcGhpY3NtYWdpY2s6IEZpeCBDVkUtMjAxNy17MTI5MzUsMTI5MzYsMTI5Mzd9LgoKKiBnbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNS5wYXRjaCwKZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2gsCmdudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM3LnBhdGNoOiBOZXcgZmlsZXMuCiogZ251L2xvY2FsLm1rIChkaXN0X3BhdGNoX0RBVEEpOiBBZGQgdGhlbS4KKiBnbnUvcGFja2FnZXMvaW1hZ2VtYWdpY2suc2NtIChncmFwaGljc21hZ2ljaylbc291cmNlXTogVXNlIHRoZW0uCi0tLQogZ251L2xvY2FsLm1rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgMyArKysKIGdudS9wYWNrYWdlcy9pbWFnZW1hZ2ljay5zY20gICAgICAgICAgICAgICAgICAgICAgIHwgIDYgKysrKy0KIC4uLi9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoICAgIHwgMjggKysrKysrKysrKysrKysrKysrKysrKwogLi4uL3BhdGNoZXMvZ3JhcGhpY3
 NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2ggICAgfCAxNiArKysrKysrKysrKysrCiAuLi4vcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNy5wYXRjaCAgICB8IDI4ICsrKysrKysrKysrKysrKysrKysrKysKIDUgZmlsZXMgY2hhbmdlZCwgODAgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQogY3JlYXRlIG1vZGUgMTAwNjQ0IGdudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoCiBjcmVhdGUgbW9kZSAxMDA2NDQgZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2gKIGNyZWF0ZSBtb2RlIDEwMDY0NCBnbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNy5wYXRjaAoKZGlmZiAtLWdpdCBhL2dudS9sb2NhbC5tayBiL2dudS9sb2NhbC5tawppbmRleCAyZDQ5YjFlOTcuLjFjNjE1OGNiZiAxMDA2NDQKLS0tIGEvZ251L2xvY2FsLm1rCisrKyBiL2dudS9sb2NhbC5tawpAQCAtNjc5LDYgKzY3OSw5IEBAIGRpc3RfcGF0Y2hfREFUQSA9CQkJCQkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9nb2JqZWN0LWludHJvc3BlY3Rpb24tYWJzb2x1dGUtc2hsaWItcGF0aC5wYXRjaCBcCiAgICVEJS9wYWNrYWdlcy9wYXRjaGVzL2dvYmplY3QtaW50cm9zcGVjdGlvbi1jYy5wYXRjaAkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9nb2JqZWN0LWludHJvc3BlY3Rpb24
 tZ2lyZXBvc2l0b3J5LnBhdGNoCVwKKyAgJUQlL3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzUucGF0Y2gJXAorICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNi5wYXRjaAlcCisgICVEJS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM3LnBhdGNoCVwKICAgJUQlL3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpdGUyLWZmbG9hdC1zdG9yZS5wYXRjaAkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9ncmVwLXRpbWluZy1zZW5zaXRpdmUtdGVzdC5wYXRjaAkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9nc2wtdGVzdC1pNjg2LnBhdGNoCQkJXApkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL2ltYWdlbWFnaWNrLnNjbSBiL2dudS9wYWNrYWdlcy9pbWFnZW1hZ2ljay5zY20KaW5kZXggOGUxNzMwNzU0Li4zYmQ3MDVmYTIgMTAwNjQ0Ci0tLSBhL2dudS9wYWNrYWdlcy9pbWFnZW1hZ2ljay5zY20KKysrIGIvZ251L3BhY2thZ2VzL2ltYWdlbWFnaWNrLnNjbQpAQCAtMTc1LDcgKzE3NSwxMSBAQCBzY3JpcHQuIikKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIvR3JhcGhpY3NNYWdpY2stIiB2ZXJzaW9uICIudGFyLnh6IikpKQogICAgICAgICAgICAgICAoc2hhMjU2CiAgICAgICAgICAgICAgICAoYmFzZTMyCi0gICAgICAgICAgICAgICAgIjEyMnpnczk2ZHFyeXM2Mm1uaDh4NXl2ZmZmNmtt
 NGQzeXJudmF4emczbWc1c3ByaWI4N3YiKSkpKQorICAgICAgICAgICAgICAgICIxMjJ6Z3M5NmRxcnlzNjJtbmg4eDV5dmZmZjZrbTRkM3lybnZheHpnM21nNXNwcmliODd2IikpCisgICAgICAgICAgICAgIChwYXRjaGVzCisgICAgICAgICAgICAgICAoc2VhcmNoLXBhdGNoZXMgImdyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoIgorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNi5wYXRjaCIKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzcucGF0Y2giKSkpKQogICAgIChidWlsZC1zeXN0ZW0gZ251LWJ1aWxkLXN5c3RlbSkKICAgICAoYXJndW1lbnRzCiAgICAgIGAoIzpjb25maWd1cmUtZmxhZ3MKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoIGIvZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzUucGF0Y2gKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwLi4yY2IzZDQ2ZjYKLS0tIC9kZXYvbnVsbAorKysgYi9nbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNS5wYXRjaApAQCAtMCwwICsxLDI4IEBACitUaGlzIHBhdGNoIGNvbWVzIGZyb20gaHR0cDovL2hnLmNvZGUuc2YubmV0L3AvZ3JhcGhpY3NtY
 WdpY2svY29kZS9yZXYvY2Q2OTlhNDRmMTg4LgorCitkaWZmIC11ciBhL2NvZGVycy9wbmcuYyBiL2NvZGVycy9wbmcuYworLS0tIGEvY29kZXJzL3BuZy5jCTIwMTctMDctMDQgMTc6MzI6MDguMDAwMDAwMDAwIC0wNDAwCisrKysgYi9jb2RlcnMvcG5nLmMJMjAxNy0wOC0xOSAxMToxNjoyMC45MzM5NjkzNjIgLTA0MDAKK0BAIC00MTAxLDExICs0MTAxLDE3IEBACisgICAgICAgICAgICAgICAgICAgbW5nX2luZm8tPmltYWdlPWltYWdlOworICAgICAgICAgICAgICAgICB9CisgCistICAgICAgICAgICAgICBpZiAoKG1uZ19pbmZvLT5tbmdfd2lkdGggPiA2NTUzNUwpIHx8IChtbmdfaW5mby0+bW5nX2hlaWdodAorLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPiA2NTUzNUwpKQorLSAgICAgICAgICAgICAgICAodm9pZCkgVGhyb3dFeGNlcHRpb24oJmltYWdlLT5leGNlcHRpb24sSW1hZ2VFcnJvciwKKy0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdpZHRoT3JIZWlnaHRFeGNlZWRzTGltaXQsCistICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbWFnZS0+ZmlsZW5hbWUpOworKyAgICAgICAgICAgICAgaWYgKChtbmdfaW5mby0+bW5nX3dpZHRoID4gNjU1MzVMKSB8fAorKyAgICAgICAgICAgICAgICAgIChtbmdfaW5mby0+bW5nX2hlaWdodCA+IDY1NTM1TCkpCisrICAgICAgICAgICAgICAgIHsKKysgICAgICAgIC
 AgICAgICAgICAodm9pZCkgTG9nTWFnaWNrRXZlbnQoQ29kZXJFdmVudCxHZXRNYWdpY2tNb2R1bGUoKSwKKysgICAgICAgICAgICAgICAgICAgICAgIiAgTU5HIHdpZHRoIG9yIGhlaWdodCBpcyB0b28gbGFyZ2U6ICVsdSwgJWx1IiwKKysgICAgICAgICAgICAgICAgICAgICAgbW5nX2luZm8tPm1uZ193aWR0aCxtbmdfaW5mby0+bW5nX2hlaWdodCk7CisrICAgICAgICAgICAgICAgICAgTWFnaWNrRnJlZU1lbW9yeShjaHVuayk7CisrICAgICAgICAgICAgICAgICAgVGhyb3dSZWFkZXJFeGNlcHRpb24oQ29ycnVwdEltYWdlRXJyb3IsCisrICAgICAgICAgICAgICAgICAgICAgSW1wcm9wZXJJbWFnZUhlYWRlcixpbWFnZSk7CisrICAgICAgICAgICAgICAgIH0KKysKKyAgICAgICAgICAgICAgIEZvcm1hdFN0cmluZyhwYWdlX2dlb21ldHJ5LCIlbHV4JWx1KzArMCIsbW5nX2luZm8tPm1uZ193aWR0aCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICBtbmdfaW5mby0+bW5nX2hlaWdodCk7CisgICAgICAgICAgICAgICBtbmdfaW5mby0+ZnJhbWUubGVmdD0wOwpkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2ggYi9nbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNi5wYXRjaApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAuLjcwMzZmMzc0MwotLS0gL2Rldi9udWxsCisrKyBiL2d
 udS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM2LnBhdGNoCkBAIC0wLDAgKzEsMTYgQEAKK1RoaXMgcGF0Y2ggY29tZXMgZnJvbSBodHRwOi8vaGcuY29kZS5zZi5uZXQvcC9ncmFwaGljc21hZ2ljay9jb2RlL3Jldi9iZTg5OGI3Yzk3YmQuCisKK2RpZmYgLXVyIGEvY29kZXJzL3dtZi5jIGIvY29kZXJzL3dtZi5jCistLS0gYS9jb2RlcnMvd21mLmMJMjAxNi0wOS0wNSAxNToyMDoyMy4wMDAwMDAwMDAgLTA0MDAKKysrKyBiL2NvZGVycy93bWYuYwkyMDE3LTA4LTE5IDEwOjM4OjA4Ljk4NDE4NzI2NCAtMDQwMAorQEAgLTI3MTksOCArMjcxOSw4IEBACisgICBpZihpbWFnZS0+ZXhjZXB0aW9uLnNldmVyaXR5ICE9IFVuZGVmaW5lZEV4Y2VwdGlvbikKKyAgICAgVGhyb3dFeGNlcHRpb24yKGV4Y2VwdGlvbiwKKyAgICAgICAgICAgICAgICAgICAgQ29kZXJXYXJuaW5nLAorLSAgICAgICAgICAgICAgICAgICBkZGF0YS0+aW1hZ2UtPmV4Y2VwdGlvbi5yZWFzb24sCistICAgICAgICAgICAgICAgICAgIGRkYXRhLT5pbWFnZS0+ZXhjZXB0aW9uLmRlc2NyaXB0aW9uKTsKKysgICAgICAgICAgICAgICAgICAgaW1hZ2UtPmV4Y2VwdGlvbi5yZWFzb24sCisrICAgICAgICAgICAgICAgICAgIGltYWdlLT5leGNlcHRpb24uZGVzY3JpcHRpb24pOworIAorICAgaWYobG9nZ2luZykKKyAgICAgKHZvaWQpIExvZ01hZ2lja0V2ZW50KENvZGVyRXZlbnQsR2V0TWFnaWNrTW9kdWxlKCksImxl
 YXZlIFJlYWRXTUZJbWFnZSgpIik7CmRpZmYgLS1naXQgYS9nbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNy5wYXRjaCBiL2dudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM3LnBhdGNoCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMC4uNzFhZjlmZmU1Ci0tLSAvZGV2L251bGwKKysrIGIvZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzcucGF0Y2gKQEAgLTAsMCArMSwyOCBAQAorVGhpcyBwYXRjaCBjb21lcyBmcm9tIGh0dHA6Ly9oZy5jb2RlLnNmLm5ldC9wL2dyYXBoaWNzbWFnaWNrL2NvZGUvcmV2Lzk1ZDAwZDU1ZTk3OC4KKworZGlmZiAtdXIgYS9jb2RlcnMvc3VuLmMgYi9jb2RlcnMvc3VuLmMKKy0tLSBhL2NvZGVycy9zdW4uYwkyMDE2LTA1LTMwIDEzOjE5OjU0LjAwMDAwMDAwMCAtMDQwMAorKysrIGIvY29kZXJzL3N1bi5jCTIwMTctMDgtMTggMTg6MDA6MDAuMTkxMDIzNjEwIC0wNDAwCitAQCAtMSw1ICsxLDUgQEAKKyAvKgorLSUgQ29weXJpZ2h0IChDKSAyMDAzLTIwMTUgR3JhcGhpY3NNYWdpY2sgR3JvdXAKKyslIENvcHlyaWdodCAoQykgMjAwMy0yMDE3IEdyYXBoaWNzTWFnaWNrIEdyb3VwCisgJSBDb3B5cmlnaHQgKEMpIDIwMDIgSW1hZ2VNYWdpY2sgU3R1ZGlvCisgJSBDb3B5cmlnaHQgMTk5MS0xOTk5IEUuIEkuIGR1IFBvbnQgZGUgTmVtb3VycyBhbmQgQ
 29tcGFueQorICUKK0BAIC01NzcsNiArNTc3LDcgQEAKKyAgICAgICAgICAgZm9yIChiaXQ9NzsgYml0ID49IDA7IGJpdC0tKQorICAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAgIGluZGV4PSgoKnApICYgKDB4MDEgPDwgYml0KSA/IDB4MDEgOiAweDAwKTsKKysgICAgICAgICAgICAgIFZlcmlmeUNvbG9ybWFwSW5kZXgoaW1hZ2UsaW5kZXgpOworICAgICAgICAgICAgICAgaW5kZXhlc1t4KzctYml0XT1pbmRleDsKKyAgICAgICAgICAgICAgIHFbeCs3LWJpdF09aW1hZ2UtPmNvbG9ybWFwW2luZGV4XTsKKyAgICAgICAgICAgICB9CitAQCAtNTg3LDYgKzU4OCw3IEBACisgICAgICAgICAgICAgZm9yIChiaXQ9NzsgYml0ID49IChsb25nKSAoOC0oaW1hZ2UtPmNvbHVtbnMgJSA4KSk7IGJpdC0tKQorICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAgICBpbmRleD0oKCpwKSAmICgweDAxIDw8IGJpdCkgPyAweDAxIDogMHgwMCk7CisrICAgICAgICAgICAgICAgIFZlcmlmeUNvbG9ybWFwSW5kZXgoaW1hZ2UsaW5kZXgpOworICAgICAgICAgICAgICAgICBpbmRleGVzW3grNy1iaXRdPWluZGV4OworICAgICAgICAgICAgICAgICBxW3grNy1iaXRdPWltYWdlLT5jb2xvcm1hcFtpbmRleF07CisgICAgICAgICAgICAgICB9Ci0tIAoyLjEzLjQKCg==
--===============4289273377680358066==--