Apply security fixes from upstream for CVE-2012-0260, CVE-2012-1798,

CVE-2012-1610, CVE-2012-0259.
2012-04-27 08:09:56 +00:00 · 2012-04-27 08:09:56 +00:00 · fa5e146cc5
commit fa5e146cc5
parent 0d61a49cd0
4 changed files with 71 additions and 2 deletions
--- a/graphics/ImageMagick/Makefile
+++ b/graphics/ImageMagick/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.118 2011/12/02 14:36:14 espie Exp $
+# $OpenBSD: Makefile,v 1.119 2012/04/27 08:09:56 jasper Exp $

 SHARED_ONLY=		Yes

@ -8,7 +8,7 @@ VER=			6.6.6
 DASHVER=		10
 DISTNAME=		ImageMagick-${VER}-${DASHVER}
 PKGNAME=		ImageMagick-${VER}.${DASHVER}
-REVISION=		5
+REVISION=		6

 SHARED_LIBS +=		Magick++	14.0	# .1.0
 SHARED_LIBS +=		MagickCore	2.0	# .1.0
--- a/graphics/ImageMagick/patches/patch-coders_jpeg_c
+++ b/graphics/ImageMagick/patches/patch-coders_jpeg_c
@ -0,0 +1,29 @@
+$OpenBSD: patch-coders_jpeg_c,v 1.1 2012/04/27 08:09:56 jasper Exp $
+
+Security fix for CVE-2012-0260, Excessive memory use with JPEG restart markers.
+
+--- coders/jpeg.c.orig	Fri Apr 27 09:40:28 2012
+++ coders/jpeg.c	Fri Apr 27 09:57:14 2012
+@@ -210,6 +210,8 @@ static MagickBooleanType IsJPEG(const unsigned char *m
+ 
+ static MagickBooleanType EmitMessage(j_common_ptr jpeg_info,int level)
+ {
+#define JPEGExcessiveWarnings  1000
+
+   char
+     message[JMSG_LENGTH_MAX];
+ 
+@@ -224,11 +226,11 @@ static MagickBooleanType EmitMessage(j_common_ptr jpeg
+   image=error_manager->image;
+   if (level < 0)
+     {
+-      if ((jpeg_info->err->num_warnings == 0) ||
+      if ((jpeg_info->err->num_warnings++ > JPEGExcessiveWarnings) ||
+	  (jpeg_info->err->num_warnings == 0) ||
+           (jpeg_info->err->trace_level >= 3))
+         ThrowBinaryException(CorruptImageWarning,(char *) message,
+           image->filename);
+-      jpeg_info->err->num_warnings++;
+     }
+   else
+     if (jpeg_info->err->trace_level >= level)
--- a/graphics/ImageMagick/patches/patch-coders_tiff_c
+++ b/graphics/ImageMagick/patches/patch-coders_tiff_c
@ -0,0 +1,15 @@
+$OpenBSD: patch-coders_tiff_c,v 1.1 2012/04/27 08:09:56 jasper Exp $
+
+Security fix for CVE-2012-1798, Copying of invalid memory when reading TIFF EXIF IFD.
+
+--- coders/tiff.c.orig	Fri Apr 27 09:42:38 2012
+++ coders/tiff.c	Fri Apr 27 09:43:24 2012
+@@ -596,7 +596,7 @@ static void TIFFGetEXIFProperties(TIFF *tiff,Image *im
+           *ascii;
+ 
+         if (TIFFGetField(tiff,exif_info[i].tag,&ascii) != 0)
+-          (void) CopyMagickMemory(value,ascii,MaxTextExtent);
+          (void) CopyMagickString(value,ascii,MaxTextExtent);
+         break;
+       }
+       case TIFF_SHORT:
--- a/graphics/ImageMagick/patches/patch-magick_property_c
+++ b/graphics/ImageMagick/patches/patch-magick_property_c
@ -0,0 +1,25 @@
+$OpenBSD: patch-magick_property_c,v 1.1 2012/04/27 08:09:56 jasper Exp $
+
+Chunk 1: Security fix for CVE-2012-1610, Potential EXIF Interger Overflow
+Chunk 2: Security fix for CVE-2012-0259, JPEG EXIF tag crash.
+
+--- magick/property.c.orig	Fri Apr 27 09:39:10 2012
+++ magick/property.c	Fri Apr 27 09:46:04 2012
+@@ -1287,6 +1287,8 @@ static MagickBooleanType GetEXIFProperty(const Image *
+         break;
+       components=(ssize_t) ((int) ReadPropertyLong(endian,q+4));
+       number_bytes=(size_t) components*tag_bytes[format];
+      if (number_bytes < components)
+        break; /* prevent overflow */
+       if (number_bytes <= 4)
+         p=q+8;
+       else
+@@ -1308,6 +1310,8 @@ static MagickBooleanType GetEXIFProperty(const Image *
+             buffer[MaxTextExtent],
+             *value;
+ 
+	  value=(char *) NULL;
+	  *buffer='\0';
+           switch (format)
+           {
+             case EXIF_FMT_BYTE: