diff options
| author | Kei Kebreau <kei@openmailbox.org> | 2017-08-19 11:39:33 -0400 |
|---|---|---|
| committer | Kei Kebreau <kei@openmailbox.org> | 2017-08-20 08:35:45 -0400 |
| commit | 6d7d9d9507484773eff697a01f422ea984936373 (patch) | |
| tree | eb2fa4594f1b14e58805ef899992559648912a34 /gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch | |
| parent | a8cd352304807ef60d06c35da07c5456f036688c (diff) | |
| download | gnu-guix-6d7d9d9507484773eff697a01f422ea984936373.tar gnu-guix-6d7d9d9507484773eff697a01f422ea984936373.tar.gz | |
gnu: graphicsmagick: Fix CVE-2017-{12935,12936,12937}.
* gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/imagemagick.scm (graphicsmagick)[source]: Use them.
Diffstat (limited to 'gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch')
| -rw-r--r-- | gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch new file mode 100644 index 0000000000..2cb3d46f62 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch @@ -0,0 +1,28 @@ +This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188. + +diff -ur a/coders/png.c b/coders/png.c +--- a/coders/png.c 2017-07-04 17:32:08.000000000 -0400 ++++ b/coders/png.c 2017-08-19 11:16:20.933969362 -0400 +@@ -4101,11 +4101,17 @@ + mng_info->image=image; + } + +- if ((mng_info->mng_width > 65535L) || (mng_info->mng_height +- > 65535L)) +- (void) ThrowException(&image->exception,ImageError, +- WidthOrHeightExceedsLimit, +- image->filename); ++ if ((mng_info->mng_width > 65535L) || ++ (mng_info->mng_height > 65535L)) ++ { ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " MNG width or height is too large: %lu, %lu", ++ mng_info->mng_width,mng_info->mng_height); ++ MagickFreeMemory(chunk); ++ ThrowReaderException(CorruptImageError, ++ ImproperImageHeader,image); ++ } ++ + FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width, + mng_info->mng_height); + mng_info->frame.left=0; |