commit ImageMagick

31 Oct 2006

Hello community,

here is the log from the commit of package ImageMagick
checked in at Mon Oct 30 17:50:54 CET 2006.

--------

--- ImageMagick/ImageMagick.changes	2006-10-18 15:55:04.000000000 +0200
+++ /mounts/work_src_done/STABLE/ImageMagick/ImageMagick.changes	2006-10-30 17:30:47.000000000 +0100
@@ -1,0 +2,5 @@
+Mon Oct 30 17:29:59 CET 2006 - nadvornik@suse.cz
+
+- fixed overflows in dcm and palm codecs CVE-2006-5456 [#215685]
+
+-------------------------------------------------------------------

New:
----
  ImageMagick-6.3.0.0-CVE-2006-5456.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ImageMagick.spec ++++++
--- /var/tmp/diff_new_pack.Jaq78U/_old	2006-10-30 17:50:16.000000000 +0100
+++ /var/tmp/diff_new_pack.Jaq78U/_new	2006-10-30 17:50:16.000000000 +0100
@@ -21,13 +21,14 @@
 Group:          Productivity/Graphics/Other
 Autoreqprov:    on
 Version:        6.3.0.0
-Release:        1
+Release:        6
 Summary:        Viewer and Converter for Images
 URL:            http://www.imagemagick.org
 Source:         ImageMagick-6.3.0-0.tar.bz2
 Source2:        xtp-%{xtp_version}.tar.bz2
 Patch1:         ImageMagick-%{version}-examples.patch
 Patch2:         ImageMagick-%{version}-doc.patch
+Patch3:         ImageMagick-%{version}-CVE-2006-5456.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %package -n perl-PerlMagick
 Requires:       perl = %{perl_version}
@@ -56,6 +57,7 @@
 %setup -n ImageMagick-6.3.0 -b 2
 %patch1
 %patch2
+%patch3
 
 %build
 cp -f /usr/share/libtool/libltdl/*.{c,h} ltdl
@@ -284,6 +286,8 @@
 
 
 %changelog -n ImageMagick
+* Mon Oct 30 2006 - nadvornik@suse.cz
+- fixed overflows in dcm and palm codecs CVE-2006-5456 [#215685]
 * Wed Oct 18 2006 - postadal@suse.cz
 - disabled -fstack-protector for %%suse_version <= 1000
 * Tue Oct 17 2006 - nadvornik@suse.cz
@@ -374,7 +378,7 @@
 - used perl_process_packlist
 * Mon Feb 10 2003 - nadvornik@suse.cz
 - updated to 5.5.4-4:
-- fixed bug [#23111]
+  - fixed bug [#23111]
 - copied ltdl sources from libtool package
 * Thu Dec 19 2002 - adrian@suse.de
 - add liblcms-devel to #neededforbuild
@@ -409,24 +413,24 @@
 - html files installed correctly
 * Tue Jan 15 2002 - nadvornik@suse.cz
 - update to 5.4.2:
-- new scripting language utility, conjure
+    - new scripting language utility, conjure
 * Mon Dec 03 2001 - nadvornik@suse.cz
 - update to 5.4.1:
-- better SVG support
-- changed default background color to none
-- eliminated the libMagick.so dependancy on libtiff, libpng, libjpeg
-- coders/wmf.c updated for libwmf 0.2
+    - better SVG support
+    - changed default background color to none
+    - eliminated the libMagick.so dependancy on libtiff, libpng, libjpeg
+    - coders/wmf.c updated for libwmf 0.2
 * Thu Oct 18 2001 - nadvornik@suse.cz
 - update to 5.4.0:
-- Text drawing now handles UTF8-encoding
-- Added a MATLAB encoder
-- Uses SHA instead of MD5 for image signatures
+    - Text drawing now handles UTF8-encoding
+    - Added a MATLAB encoder
+    - Uses SHA instead of MD5 for image signatures
 * Fri Aug 24 2001 - nadvornik@suse.cz
 - update to 5.3.8:
-- Added a new method SetImageClipMask().
-- Added @ to the image geometry specification. Use it to specify
+    - Added a new method SetImageClipMask().
+    - Added @ to the image geometry specification. Use it to specify
   the square-root of the maximum area in pixels of an image
-- many bugfixes
+    - many bugfixes
 * Tue Aug 21 2001 - nadvornik@suse.cz
 - removed wv-devel from neededforbuild, it is no longer needed
 - fixed segfault in svg converting

++++++ ImageMagick-6.3.0.0-CVE-2006-5456.patch ++++++
--- coders/dcm.c
+++ coders/dcm.c
@@ -2950,7 +2950,7 @@
             /*
               Photometric interpretation.
             */
-            for (i=0; i < (long) length; i++)
+            for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)
               photometric[i]=(char) data[i];
             photometric[i]='\0';
             break;
--- coders/palm.c
+++ coders/palm.c
@@ -398,7 +398,7 @@
               image->compression=RLECompression;
               for (i=0; i < (long) bytes_per_row; )
               {
-                count=ReadBlobByte(image);
+                count=Min(ReadBlobByte(image), bytes_per_row-i);
                 byte=ReadBlobByte(image);
                 (void) ResetMagickMemory(one_row+i,(int) byte,count);
                 i+=count;
@@ -431,6 +431,8 @@
       indexes=GetIndexes(image);
       if (bits_per_pixel == 16)
         {
+          if (image->columns > 2*bytes_per_row)
+            ThrowReaderException(CorruptImageError,"ImproperImageHeader");
           for (x=0; x < (long) image->columns; x++)
           {
             color16=(*ptr++ << 8);
@@ -447,6 +449,8 @@
           bit=8-bits_per_pixel;
           for (x=0; x < (long) image->columns; x++)
           {
+	    if (ptr - one_row >= bytes_per_row)
+              ThrowReaderException(CorruptImageError,"ImproperImageHeader");
             index=(IndexPacket) (mask-(((*ptr) & (mask << bit)) >> bit));
             indexes[x]=index;
             *q++=image->colormap[index];

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

root＠suse.de

tags

participants (1)