rpms/GraphicsMagick/FC-5 GraphicsMagick-palm.patch, NONE, 1.1 GraphicsMagick.spec, 1.6, 1.7

Wed Mar 7 10:17:46 UTC 2007

Author: ixs

Update of /cvs/extras/rpms/GraphicsMagick/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31393/FC-5

Modified Files:
	GraphicsMagick.spec 
Added Files:
	GraphicsMagick-palm.patch 
Log Message:
* Wed Mar 07 2007 Andreas Thienemann <andreas at bawue.net> - 1.1.7-7
- Fix potential CVE-2007-0770 issue.


GraphicsMagick-palm.patch:

--- NEW FILE GraphicsMagick-palm.patch ---
--- graphicsmagick-1.1.7.orig/coders/dcm.c
+++ graphicsmagick-1.1.7/coders/dcm.c
@@ -3022,7 +3022,7 @@
             /*
               Photometric interpretation.
             */
-            for (i=0; i < (long) length; i++)
+            for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)
               photometric[i]=data[i];
             photometric[i]='\0';
             break;
--- graphicsmagick-1.1.7.orig/coders/palm.c
+++ graphicsmagick-1.1.7/coders/palm.c
@@ -541,7 +541,8 @@
         image->compression = RLECompression;
         for (i = 0; i < (long) bytes_per_row; )
           {
           count = ReadBlobByte(image);
+          count = Min(count, bytes_per_row-i);
           byte = ReadBlobByte(image);
           memset(one_row + i, (int) byte, count);
           i += count;
@@ -579,6 +579,8 @@
     indexes=GetIndexes(image);
     if(bits_per_pixel == 16)
       {
+      if (image->columns > 2*bytes_per_row)
+        ThrowReaderException(CorruptImageError,CorruptImage,image);
       for (x=0; x < (long) image->columns; x++)
         {
         color16 = (*ptr++ << 8);
@@ -595,6 +597,8 @@
       bit = 8 - bits_per_pixel;
       for(x = 0; x < (long) image->columns; x++)
         {
+	if (ptr - one_row >= bytes_per_row)
+          ThrowReaderException(CorruptImageError,CorruptImage,image);
         index =(IndexPacket) (mask - (((*ptr) & (mask << bit)) >> bit));
         indexes[x] = index;
         *q++ = image->colormap[index];



Index: GraphicsMagick.spec
===================================================================
RCS file: /cvs/extras/rpms/GraphicsMagick/FC-5/GraphicsMagick.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- GraphicsMagick.spec	1 Dec 2006 19:48:51 -0000	1.6
+++ GraphicsMagick.spec	7 Mar 2007 10:17:13 -0000	1.7
@@ -1,12 +1,12 @@
 Summary: An ImageMagick fork, offering faster image generation and better quality
 Name: GraphicsMagick
 Version: 1.1.7
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: MIT
 Group: Applications/Multimedia
 Source0: http://download.sourceforge.net/graphicsmagick/GraphicsMagick-%{version}.tar.bz2
 Patch0: GraphicsMagick-gslib.patch
-
+Patch1: GraphicsMagick-palm.patch
 Url: http://www.graphicsmagick.org/
 Buildroot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
@@ -16,12 +16,7 @@
 BuildRequires: ghostscript-devel
 BuildRequires: libwmf-devel
 BuildRequires: lcms-devel, libxml2-devel, librsvg2-devel
-%if 0%{?fedora} > 4 || 0%{?rhel} > 4
-%define x_deps libX11-devel libXext-devel libXt-devel
-%else
-%define x_deps  xorg-x11-devel
-%endif
-BuildRequires: %{x_deps}
+BuildRequires: libX11-devel libXext-devel libXt-devel
 
 %description
 GraphicsMagick is a comprehensive image processing package which is initially
@@ -33,13 +28,8 @@
 Summary: Static libraries and header files for GraphicsMagick app development
 Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}
-Requires: %{x_deps}
-Requires: ghostscript-devel
-Requires: bzip2-devel
-Requires: libtiff-devel
-Requires: libjpeg-devel
-Requires: lcms-devel
-Requires: pkgconfig
+Requires: ghostscript-devel, bzip2-devel, libtiff-devel, libjpeg-devel
+Requires: lcms-devel, pkgconfig, libX11-devel, libXext-devel, libXt-devel
 
 %description devel
 GraphicsMagick-devel contains the static libraries and header files you'll
@@ -98,6 +88,7 @@
 %prep
 %setup -q
 %patch0 -p 1 -b .gslib 
+%patch1 -p 1 -b .palm
 # Regenerating configure script
 autoconf
 
@@ -181,11 +172,6 @@
 #endif
 EOF
 
-%if "%{?rhel}" == "4"
-# el4/ImageMagick conflicts
-rm -f %{buildroot}%{_mandir}/man{4/miff.4,5/quantize.5}*
-%endif
-
 
 %clean
 rm -rf %{buildroot}
@@ -240,7 +226,11 @@
 %{_mandir}/man3/*
 %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
 
+
 %changelog
+* Wed Mar 07 2007 Andreas Thienemann <andreas at bawue.net> - 1.1.7-7
+- Fix potential CVE-2007-0770 issue.
+
 * Fri Dec 01 2006 Rex Dieter <rexdieter[AT]users.sf.net> - 1.1.7-6
 - *really* fix magick_config-64.h (bug #217959)
 - make buildable on rhel4 too.


