all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#28147] [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935, 12936, 12937}.
@ 2017-08-19 15:44 kei
  2017-08-19 16:11 ` Marius Bakke
  0 siblings, 1 reply; 2+ messages in thread
From: kei @ 2017-08-19 15:44 UTC (permalink / raw)
  To: 28147

[-- Attachment #1: Type: text/plain, Size: 0 bytes --]



[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-graphicsmagick-Fix-CVE-2017-12935-12936-12937.patch --]
[-- Type: text/x-patch, Size: 6640 bytes --]

From e184d4429a00b65ff237864cce04d1061accdbbc Mon Sep 17 00:00:00 2001
From: Kei Kebreau <kei@openmailbox.org>
Date: Sat, 19 Aug 2017 11:39:33 -0400
Subject: [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935,12936,12937}.

* gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/imagemagick.scm (graphicsmagick)[source]: Use them.
---
 gnu/local.mk                                       |  3 +++
 gnu/packages/imagemagick.scm                       |  6 ++++-
 .../patches/graphicsmagick-CVE-2017-12935.patch    | 28 ++++++++++++++++++++++
 .../patches/graphicsmagick-CVE-2017-12936.patch    | 16 +++++++++++++
 .../patches/graphicsmagick-CVE-2017-12937.patch    | 28 ++++++++++++++++++++++
 5 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
 create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
 create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 2d49b1e97..1c6158cbf 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -679,6 +679,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch	\
   %D%/packages/patches/graphite2-ffloat-store.patch		\
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
   %D%/packages/patches/gsl-test-i686.patch			\
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 8e1730754..3bd705fa2 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -175,7 +175,11 @@ script.")
                                  "/GraphicsMagick-" version ".tar.xz")))
               (sha256
                (base32
-                "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))))
+                "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))
+              (patches
+               (search-patches "graphicsmagick-CVE-2017-12935.patch"
+                               "graphicsmagick-CVE-2017-12936.patch"
+                               "graphicsmagick-CVE-2017-12937.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
new file mode 100644
index 000000000..2cb3d46f6
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
@@ -0,0 +1,28 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
+
+diff -ur a/coders/png.c b/coders/png.c
+--- a/coders/png.c	2017-07-04 17:32:08.000000000 -0400
++++ b/coders/png.c	2017-08-19 11:16:20.933969362 -0400
+@@ -4101,11 +4101,17 @@
+                   mng_info->image=image;
+                 }
+ 
+-              if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
+-                                                     > 65535L))
+-                (void) ThrowException(&image->exception,ImageError,
+-                                      WidthOrHeightExceedsLimit,
+-                                      image->filename);
++              if ((mng_info->mng_width > 65535L) ||
++                  (mng_info->mng_height > 65535L))
++                {
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "  MNG width or height is too large: %lu, %lu",
++                      mng_info->mng_width,mng_info->mng_height);
++                  MagickFreeMemory(chunk);
++                  ThrowReaderException(CorruptImageError,
++                     ImproperImageHeader,image);
++                }
++
+               FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
+                            mng_info->mng_height);
+               mng_info->frame.left=0;
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
new file mode 100644
index 000000000..7036f3743
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
@@ -0,0 +1,16 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd.
+
+diff -ur a/coders/wmf.c b/coders/wmf.c
+--- a/coders/wmf.c	2016-09-05 15:20:23.000000000 -0400
++++ b/coders/wmf.c	2017-08-19 10:38:08.984187264 -0400
+@@ -2719,8 +2719,8 @@
+   if(image->exception.severity != UndefinedException)
+     ThrowException2(exception,
+                    CoderWarning,
+-                   ddata->image->exception.reason,
+-                   ddata->image->exception.description);
++                   image->exception.reason,
++                   image->exception.description);
+ 
+   if(logging)
+     (void) LogMagickEvent(CoderEvent,GetMagickModule(),"leave ReadWMFImage()");
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
new file mode 100644
index 000000000..71af9ffe5
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
@@ -0,0 +1,28 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978.
+
+diff -ur a/coders/sun.c b/coders/sun.c
+--- a/coders/sun.c	2016-05-30 13:19:54.000000000 -0400
++++ b/coders/sun.c	2017-08-18 18:00:00.191023610 -0400
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003-2015 GraphicsMagick Group
++% Copyright (C) 2003-2017 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ % Copyright 1991-1999 E. I. du Pont de Nemours and Company
+ %
+@@ -577,6 +577,7 @@
+           for (bit=7; bit >= 0; bit--)
+             {
+               index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
++              VerifyColormapIndex(image,index);
+               indexes[x+7-bit]=index;
+               q[x+7-bit]=image->colormap[index];
+             }
+@@ -587,6 +588,7 @@
+             for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--)
+               {
+                 index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
++                VerifyColormapIndex(image,index);
+                 indexes[x+7-bit]=index;
+                 q[x+7-bit]=image->colormap[index];
+               }
-- 
2.13.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-08-19 16:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-19 15:44 [bug#28147] [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935, 12936, 12937} kei
2017-08-19 16:11 ` Marius Bakke

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.