!5 fix CVE-2018-16329

Merge pull request !5 from eaglegai/eaglegai
2020-07-09 16:13:30 +08:00 · 2020-07-09 16:13:30 +08:00 · 3cf7c3da47
commit 3cf7c3da47
parent c0d5e0897d 3b48691d89
2 changed files with 78 additions and 1 deletions
--- a/CVE-2018-16329.patch
+++ b/CVE-2018-16329.patch
@ -0,0 +1,70 @@
+From 5bf7ff59c8ada957d6a681a0a2cc29f3813ad4bc Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Wed, 1 Apr 2020 19:14:12 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1225
+
+---
+ magick/property.c | 12 ++++++++++++
+ 1 files changed, 12 insertions(+)
+
+diff --git a/magick/property.c b/magick/property.c
+index 4fd7e9d..4c09e40 100644
+--- a/magick/property.c
+++ b/magick/property.c
+@@ -2526,6 +2526,13 @@ MagickExport const char *GetImageProperty(const Image *image,
+ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
+   Image *image,const char letter)
+ {
+#define WarnNoImageInfoReturn(format,arg) \
+  if (image_info == (ImageInfo *) NULL ) { \
+    (void) ThrowMagickException(&image->exception,GetMagickModule(), \
+      OptionWarning,"NoImageInfoForProperty",format,arg); \
+    return((const char *) NULL); \
+  }
+
+   char
+     value[MaxTextExtent];
+ 
+@@ -2658,6 +2665,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
+       /*
+         Output Filename - for delegate use only
+       */
+      WarnNoImageInfoReturn("\"%%%c\"",letter);
+       string=image_info->filename;
+       break;
+     }
+@@ -2702,6 +2710,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
+       /*
+         Image scene number.
+       */
+      WarnNoImageInfoReturn("\"%%%c\"",letter);
+       if (image_info->number_scenes != 0)
+         (void) FormatLocaleString(value,MaxTextExtent,"%.20g",(double)
+           image_info->scene);
+@@ -2723,6 +2732,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
+       /*
+         Unique filename.
+       */
+      WarnNoImageInfoReturn("\"%%%c\"",letter);
+       string=image_info->unique;
+       break;
+     }
+@@ -2883,6 +2893,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
+       /*
+         Image scenes.
+       */
+      WarnNoImageInfoReturn("\"%%%c\"",letter);
+       if (image_info->number_scenes == 0)
+         string="2147483647";
+       else
+@@ -2941,6 +2952,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
+       /*
+         Zero filename.
+       */
+      WarnNoImageInfoReturn("\"%%%c\"",letter);
+       string=image_info->zero;
+       break;
+     }
+-- 
+1.8.3.1
+
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -1,13 +1,14 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.10.67
-Release:        6
+Release:        7
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick
 Url:            http://www.imagemagick.org/
 Source0:        https://mirrors.sohu.com/gentoo/distfiles/db/ImageMagick-6.9.10-67.tar.xz

 Patch0001:      CVE-2019-7397.patch
+Patch0002:      CVE-2018-16329.patch

 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -164,6 +165,12 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*

 %changelog
+* Sun Apr 26 2020 openEuler Buildteam <buildteam@openeuler.org> - 6.9.10.67-7
+- Type:cves
+- ID:CVE-2018-16329
+- SUG:restart
+- DESC:fix CVE-2018-16329
+
 * Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 6.9.10.67-6
 - delete the jasper