packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!5 fix CVE-2018-16329

Browse Source 
Merge pull request !5 from eaglegai/eaglegai
This commit is contained in:
openeuler-ci-bot 2020-07-09 16:13:30 +08:00 committed by Gitee
commit 3cf7c3da47
2 changed files with 78 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
CVE-2018-16329.patch Normal file
View File

@ -0,0 +1,70 @@
From 5bf7ff59c8ada957d6a681a0a2cc29f3813ad4bc Mon Sep 17 00:00:00 2001
From: Cristy <mikayla-grace@urban-warrior.org>
Date: Wed, 1 Apr 2020 19:14:12 -0400
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1225
---
magick/property.c | 12 ++++++++++++
1 files changed, 12 insertions(+)
diff --git a/magick/property.c b/magick/property.c
index 4fd7e9d..4c09e40 100644
--- a/magick/property.c
+++ b/magick/property.c
@@ -2526,6 +2526,13 @@ MagickExport const char *GetImageProperty(const Image *image,
static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
Image *image,const char letter)
{
+#define WarnNoImageInfoReturn(format,arg) \
+ if (image_info == (ImageInfo *) NULL ) { \
+ (void) ThrowMagickException(&image->exception,GetMagickModule(), \
+ OptionWarning,"NoImageInfoForProperty",format,arg); \
+ return((const char *) NULL); \
+ }
+
char
value[MaxTextExtent];
@@ -2658,6 +2665,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
/*
Output Filename - for delegate use only
*/
+ WarnNoImageInfoReturn("\"%%%c\"",letter);
string=image_info->filename;
break;
}
@@ -2702,6 +2710,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
/*
Image scene number.
*/
+ WarnNoImageInfoReturn("\"%%%c\"",letter);
if (image_info->number_scenes != 0)
(void) FormatLocaleString(value,MaxTextExtent,"%.20g",(double)
image_info->scene);
@@ -2723,6 +2732,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
/*
Unique filename.
*/
+ WarnNoImageInfoReturn("\"%%%c\"",letter);
string=image_info->unique;
break;
}
@@ -2883,6 +2893,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
/*
Image scenes.
*/
+ WarnNoImageInfoReturn("\"%%%c\"",letter);
if (image_info->number_scenes == 0)
string="2147483647";
else
@@ -2941,6 +2952,7 @@ static const char *GetMagickPropertyLetter(const ImageInfo *image_info,
/*
Zero filename.
*/
+ WarnNoImageInfoReturn("\"%%%c\"",letter);
string=image_info->zero;
break;
}
--
1.8.3.1

9
ImageMagick.spec
View File

@ -1,13 +1,14 @@
Name: ImageMagick Name: ImageMagick
Epoch: 1 Epoch: 1
Version: 6.9.10.67 Version: 6.9.10.67
Release: 6 Release: 7
Summary: Create, edit, compose, or convert bitmap images Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick License: ImageMagick
Url: http://www.imagemagick.org/ Url: http://www.imagemagick.org/
Source0: https://mirrors.sohu.com/gentoo/distfiles/db/ImageMagick-6.9.10-67.tar.xz Source0: https://mirrors.sohu.com/gentoo/distfiles/db/ImageMagick-6.9.10-67.tar.xz
Patch0001: CVE-2019-7397.patch Patch0001: CVE-2019-7397.patch
Patch0002: CVE-2018-16329.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -164,6 +165,12 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick++* %{_libdir}/pkgconfig/ImageMagick++*
%changelog %changelog
* Sun Apr 26 2020 openEuler Buildteam <buildteam@openeuler.org> - 6.9.10.67-7
- Type:cves
- ID:CVE-2018-16329
- SUG:restart
- DESC:fix CVE-2018-16329
* Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 6.9.10.67-6 * Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 6.9.10.67-6
- delete the jasper - delete the jasper