aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2017-09-01 00:00:14 +0300
committerEfraim Flashner <efraim@flashner.co.il>2017-09-01 00:02:27 +0300
commit0ff44ba4642c4ae672a7c66108a46f8d311955c2 (patch)
treeee89ff0899ffca005626c6c7c6e6015256e19871 /gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
parentd36212e94d3e35daaafefed4e600e3b563d369c1 (diff)
downloadguix-0ff44ba4642c4ae672a7c66108a46f8d311955c2.tar
guix-0ff44ba4642c4ae672a7c66108a46f8d311955c2.tar.gz
gnu: graphicsmagick: Fix CVE-2017-{13775,13776,13777}.
* gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patches. * gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch, gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them.
Diffstat (limited to 'gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch')
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch179
1 files changed, 179 insertions, 0 deletions
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
new file mode 100644
index 0000000000..e129fd58fc
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
@@ -0,0 +1,179 @@
+http://openwall.com/lists/oss-security/2017/08/31/1
+http://openwall.com/lists/oss-security/2017/08/31/2
+http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/233a720bfd5e
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503779175 18000
+# Node ID 233a720bfd5efd378f133a776507ed41230da617
+# Parent b037d79b6ccd0cfba7ba9ce09b454ed46d688036
+XBM: Fix DOS issues.
+
+diff -r b037d79b6ccd -r 233a720bfd5e coders/xbm.c
+--- a/coders/xbm.c Sat Aug 26 14:14:13 2017 -0500
++++ b/coders/xbm.c Sat Aug 26 15:26:15 2017 -0500
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003 -2012 GraphicsMagick Group
++% Copyright (C) 2003-2017 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ % Copyright 1991-1999 E. I. du Pont de Nemours and Company
+ %
+@@ -121,13 +121,15 @@
+
+ static int XBMInteger(Image *image,short int *hex_digits)
+ {
++ unsigned int
++ flag;
++
+ int
+ c,
+- flag,
+ value;
+
+ value=0;
+- flag=0;
++ flag=0U;
+ for ( ; ; )
+ {
+ c=ReadBlobByte(image);
+@@ -158,18 +160,14 @@
+ Image
+ *image;
+
+- int
+- bit;
+-
+- long
+- y;
+-
+ register IndexPacket
+ *indexes;
+
+- register long
++ register size_t
++ bytes_per_line,
+ i,
+- x;
++ x,
++ y;
+
+ register PixelPacket
+ *q;
+@@ -177,22 +175,24 @@
+ register unsigned char
+ *p;
+
+- short int
+- hex_digits[256];
+-
+ unsigned char
+ *data;
+
+ unsigned int
++ bit,
++ byte,
++ padding,
++ version;
++
++ int
++ value;
++
++ short int
++ hex_digits[256];
++
++ MagickPassFail
+ status;
+
+- unsigned long
+- byte,
+- bytes_per_line,
+- padding,
+- value,
+- version;
+-
+ /*
+ Open image file.
+ */
+@@ -207,6 +207,8 @@
+ /*
+ Read X bitmap header.
+ */
++ (void) memset(buffer,0,sizeof(buffer));
++ name[0]='\0';
+ while (ReadBlobString(image,buffer) != (char *) NULL)
+ if (sscanf(buffer,"#define %s %lu",name,&image->columns) == 2)
+ if ((strlen(name) >= 6) &&
+@@ -278,6 +280,8 @@
+ /*
+ Initialize hex values.
+ */
++ for (i = 0; i < sizeof(hex_digits)/sizeof(hex_digits[0]); i++)
++ hex_digits[i]=(-1);
+ hex_digits['0']=0;
+ hex_digits['1']=1;
+ hex_digits['2']=2;
+@@ -311,40 +315,50 @@
+ */
+ p=data;
+ if (version == 10)
+- for (i=0; i < (long) (bytes_per_line*image->rows); (i+=2))
++ for (i=0; i < (bytes_per_line*image->rows); (i+=2))
+ {
+ value=XBMInteger(image,hex_digits);
++ if (value < 0)
++ {
++ MagickFreeMemory(data);
++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++ }
+ *p++=(unsigned char) value;
+ if (!padding || ((i+2) % bytes_per_line))
+ *p++=(unsigned char) (value >> 8);
+ }
+ else
+- for (i=0; i < (long) (bytes_per_line*image->rows); i++)
++ for (i=0; i < (bytes_per_line*image->rows); i++)
+ {
+ value=XBMInteger(image,hex_digits);
++ if (value < 0)
++ {
++ MagickFreeMemory(data);
++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++ }
+ *p++=(unsigned char) value;
+ }
+ /*
+ Convert X bitmap image to pixel packets.
+ */
+ p=data;
+- for (y=0; y < (long) image->rows; y++)
++ for (y=0; y < image->rows; y++)
+ {
+ q=SetImagePixels(image,0,y,image->columns,1);
+ if (q == (PixelPacket *) NULL)
+ break;
+ indexes=AccessMutableIndexes(image);
+- bit=0;
+- byte=0;
+- for (x=0; x < (long) image->columns; x++)
++ bit=0U;
++ byte=0U;
++ for (x=0; x < image->columns; x++)
+ {
+- if (bit == 0)
++ if (bit == 0U)
+ byte=(*p++);
+ indexes[x]=byte & 0x01 ? 0x01 : 0x00;
+ bit++;
+- byte>>=1;
+- if (bit == 8)
+- bit=0;
++ byte>>=1U;
++ if (bit == 8U)
++ bit=0U;
+ }
+ if (!SyncImagePixels(image))
+ break;
+