From fd14b1dcf3036346dbdc4c38d56aa01f588a1a69d54cdb599d63356e9172c198 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Tue, 31 May 2016 07:28:14 +0000
Subject: [PATCH 1/2] - security update:   * CVE-2016-5118 [bsc#982178]     +
 GraphicsMagick-CVE-2016-5118.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=256
---
 ImageMagick-CVE-2016-5118.patch | 14 ++++++++++++++
 ImageMagick.changes             |  7 +++++++
 ImageMagick.spec                |  2 ++
 3 files changed, 23 insertions(+)
 create mode 100644 ImageMagick-CVE-2016-5118.patch

diff --git a/ImageMagick-CVE-2016-5118.patch b/ImageMagick-CVE-2016-5118.patch
new file mode 100644
index 0000000..0505061
--- /dev/null
+++ b/ImageMagick-CVE-2016-5118.patch
@@ -0,0 +1,14 @@
+Index: ImageMagick-6.9.4-1/magick/blob.c
+===================================================================
+--- ImageMagick-6.9.4-1.orig/magick/blob.c	2016-05-09 19:28:58.000000000 +0200
++++ ImageMagick-6.9.4-1/magick/blob.c	2016-05-30 17:33:03.569022390 +0200
+@@ -80,6 +80,9 @@
+   Define declarations.
+ */
+ #define MagickMaxBlobExtent  65541
++
++#undef MAGICKCORE_HAVE_POPEN
++
+ #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
+ # define MAP_ANONYMOUS  MAP_ANON
+ #endif
diff --git a/ImageMagick.changes b/ImageMagick.changes
index 921700e..270a8c4 100644
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue May 31 07:23:22 UTC 2016 - pgajdos@suse.com
+
+- security update:
+  * CVE-2016-5118 [bsc#982178]
+    + GraphicsMagick-CVE-2016-5118.patch
+
 -------------------------------------------------------------------
 Tue May 17 09:10:23 UTC 2016 - pgajdos@suse.com
 
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 7c7bfb7..2a30a81 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -93,6 +93,7 @@ Patch4:         ImageMagick-6.8.5.7-no-XPMCompliance.patch
 # will ask upstream if needed, or if other solution exists
 Patch11:        ImageMagick-6.8.4.0-dont-build-in-install.patch
 Patch20:        ImageMagick-6.8.8-1-disable-insecure-coders.patch
+Patch21:        ImageMagick-CVE-2016-5118.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %package -n perl-PerlMagick
@@ -253,6 +254,7 @@ HTML documentation for ImageMagick library and scene examples.
 %patch4
 %patch11
 %patch20 -p1
+%patch21 -p1
 
 # remove executeable bits from per demos
 chmod -x PerlMagick/demo/*.pl

From 6d2fad2b575ef8a742ed9eba4c98969418bb95600a017e1aee2781e5517a6770 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Tue, 31 May 2016 08:38:38 +0000
Subject: [PATCH 2/2] =?UTF-8?q?-=20updated=20to=206.9.4-5:=20=20=20*=20Mos?=
 =?UTF-8?q?t=20OpenCL=20operations=20are=20now=20executed=20asynchronous.?=
 =?UTF-8?q?=20=20=20*=20Security=20improvements=20to=20TEXT=20coder=20brok?=
 =?UTF-8?q?e=20it=20(reference=20=20=20=20=20https://www.imagemagick.org/d?=
 =?UTF-8?q?iscourse-server/viewtopic.php=3Ff=3D3&t=3D29754).=20=20=20*=20F?=
 =?UTF-8?q?ix=20stroke=20offset=20problem=20for=20-annotate=20(reference?=
 =?UTF-8?q?=20=20=20=20=20https://www.imagemagick.org/discourse-server/vie?=
 =?UTF-8?q?wtopic.php=3Ff=3D3&t=3D29626).=20=20=20*=20Add=20additional=20c?=
 =?UTF-8?q?hecks=20to=20DCM=20reader=20to=20prevent=20data-driven=20faults?=
 =?UTF-8?q?=20(bug=20=20=20=20=20report=20from=20Hanno=20B=C3=B6ck).=20=20?=
 =?UTF-8?q?=20*=20Fixed=20proper=20placement=20of=20text=20annotation=20fo?=
 =?UTF-8?q?r=20east=20/=20west=20gravity.=202016-05-15=20=206.9.4-3=20Cris?=
 =?UTF-8?q?ty=20=20<quetzlzacatenango@image...>=20=20=20*=20Fix=20pixel=20?=
 =?UTF-8?q?cache=20on=20disk=20regression=20(reference=20=20=20=20=20https?=
 =?UTF-8?q?://github.com/ImageMagick/ImageMagick/issues/202).=20=20=20*=20?=
 =?UTF-8?q?Quote=20passwords=20when=20passed=20to=20a=20delegate=20program?=
 =?UTF-8?q?.=20=20=20*=20Can=20read=20geo-related=20EXIF=20metdata=20once-?=
 =?UTF-8?q?again=20(reference=20=20=20=20=20https://github.com/ImageMagick?=
 =?UTF-8?q?/ImageMagick/issues/198).=20=20=20*=20Sanitize=20all=20delegate?=
 =?UTF-8?q?=20emedded=20formatting=20characters.=20=20=20*=20Don't=20sync?=
 =?UTF-8?q?=20pixel=20cache=20in=20AcquireAuthenticCacheView()=20(bug=20re?=
 =?UTF-8?q?port=20from=20=20=20=20=20Hanno=20B=C3=B6ck).=20=20=20=20=20+?=
 =?UTF-8?q?=20ImageMagick-CVE-2016-5118.patch?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=257
---
 ...gick-6.8.8-1-disable-insecure-coders.patch | 14 +++++------
 ImageMagick-6.9.4-1.tar.xz                    |  3 ---
 ImageMagick-6.9.4-1.tar.xz.asc                | 17 -------------
 ImageMagick-6.9.4-5.tar.xz                    |  3 +++
 ImageMagick-6.9.4-5.tar.xz.asc                | 17 +++++++++++++
 ImageMagick.changes                           | 24 ++++++++++++++++++-
 ImageMagick.spec                              |  2 +-
 7 files changed, 51 insertions(+), 29 deletions(-)
 delete mode 100644 ImageMagick-6.9.4-1.tar.xz
 delete mode 100644 ImageMagick-6.9.4-1.tar.xz.asc
 create mode 100644 ImageMagick-6.9.4-5.tar.xz
 create mode 100644 ImageMagick-6.9.4-5.tar.xz.asc

diff --git a/ImageMagick-6.8.8-1-disable-insecure-coders.patch b/ImageMagick-6.8.8-1-disable-insecure-coders.patch
index 6ce2835..35b7335 100644
--- a/ImageMagick-6.8.8-1-disable-insecure-coders.patch
+++ b/ImageMagick-6.8.8-1-disable-insecure-coders.patch
@@ -1,11 +1,11 @@
-Index: ImageMagick-6.9.4-1/config/policy.xml
+Index: ImageMagick-6.9.4-5/config/policy.xml
 ===================================================================
---- ImageMagick-6.9.4-1.orig/config/policy.xml	2016-05-09 19:28:58.000000000 +0200
-+++ ImageMagick-6.9.4-1/config/policy.xml	2016-05-17 11:09:37.470928022 +0200
-@@ -64,4 +64,15 @@
-   <!-- <policy domain="coder" rights="none" pattern="HTTPS" /> -->
-   <!-- <policy domain="path" rights="none" pattern="@*" /> -->
-   <policy domain="cache" name="shared-secret" value="passphrase"/>
+--- ImageMagick-6.9.4-5.orig/config/policy.xml	2016-05-31 10:30:53.221396378 +0200
++++ ImageMagick-6.9.4-5/config/policy.xml	2016-05-31 10:31:24.605900830 +0200
+@@ -66,4 +66,15 @@
+ 	<!-- <policy domain="path" rights="none" pattern="@*" /> -->
+   <!-- <policy domain="path" rights="none" pattern="|*" /> -->
+   <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
 +  <!-- Disable insecure coders by default -->
 +  <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
 +  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
diff --git a/ImageMagick-6.9.4-1.tar.xz b/ImageMagick-6.9.4-1.tar.xz
deleted file mode 100644
index 08e287d..0000000
--- a/ImageMagick-6.9.4-1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2ea0fef839cd5d6f134502b7cf7ee0e57a3f230b19771515d4aa44354f4c6b3b
-size 8789688
diff --git a/ImageMagick-6.9.4-1.tar.xz.asc b/ImageMagick-6.9.4-1.tar.xz.asc
deleted file mode 100644
index c60bc0e..0000000
--- a/ImageMagick-6.9.4-1.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXMTreAAoJEImrY9SCdzd6H30P/RG55RDq9x9co7ff6DVcVIqh
-6/zgKm1cvhgk3ssaaqXuQMlqITfDEo4vKfYFapJMYlSPY8o3p+6WWwGSVGurZiLR
-smhlqPLPIyaRmnwoBpiTb+LgzeLfauxznaXI1uh0T2oFPu3UkFay9ChIh1gI2whk
-8HU3fB3EMo8E6Zykb3qsBf4tL59/QJeVyJBa/C1byq1kqZDGaDOhsSalupeIWNSp
-FWpRLp7Gw77r4zyrr6TIjEayY+tgm6zvVJPl2ipvGZ/o+1HkOozhUJp3ni+tWDA4
-UkhJBZIqwc2BETIIl9u3hXI/m8UJ69198b1X0XMpcH7K81iEpOp9kYAfqZfXJjBp
-9Krc0fXLaeaDkSVc70xzXyJwbKJst61gJcCp017+Am+ZLOpxqFuJSOJS6Ua2Fjec
-p/6YuIaxNbI+if8E3Yy34DZh0AojPJ0+GoZk8ZChZL8q9X70eX8Vw04MrUKExS3M
-IK5at4Fk/HRTvfj9gOG+TxChjWcnfpJDr3g+VTIsTFmBqZ4fBkHyFCMPxFTUkCif
-TF6AoGrZxdSOdpDstk6nNDJfzI/n/mipnORRxxivLswrA8gabt04AZJT+fww7Y4x
-rRaBglb7W+GgZSo4yS/Ve+wYLQf8Rhwi2JayJicJ2RnaAyRb4v0eHcHrua4yF5eM
-o6IQM3HqSMPUrXs3uiSp
-=UZ1q
------END PGP SIGNATURE-----
diff --git a/ImageMagick-6.9.4-5.tar.xz b/ImageMagick-6.9.4-5.tar.xz
new file mode 100644
index 0000000..36941a8
--- /dev/null
+++ b/ImageMagick-6.9.4-5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:39a65b8e2371db36cb63709dea0b15f08a6870f8ce6103432f068112d9513c5a
+size 8784244
diff --git a/ImageMagick-6.9.4-5.tar.xz.asc b/ImageMagick-6.9.4-5.tar.xz.asc
new file mode 100644
index 0000000..e9b8fe7
--- /dev/null
+++ b/ImageMagick-6.9.4-5.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJXTFLsAAoJEImrY9SCdzd6GLgQAJeeF5t6PQkb8dAuyc9Ss5j7
+xeg2mG7ez716czxZHzfGkHEDUAUhwpxcNGvR8mIYUpfDQU6C6XdS1DdFCWwfDXdA
+2KcCtsmjHyWVlkLR+HNg76zq11GSXeLaXS2xTuoiXvzYKuUL5izy7rwVQ3j4LPSM
+MptdXajRLQVX1NvHAAuRSTG1vAddd5FGKWx1mNfKEUPXiD++OA+YyoaPlH6SZeMc
+jlHYSpLOsVIobgShbqPo91w4LJ/ofSUFQqK/99tTeGMaxrfEmn8TtWp44g7vZrFO
+Zlmuxmpe9d9PUAPqE2mc8qFfa7/tVi+qiIdgio3cELT2f0bS5woSN5vRo2SsA6Cm
+QtD615yXSrxrG2CQ5vINhRmHK2OoQLheIRzIhZcvgrIJejxsA3ku8LAdvddXHzG5
+UB4AngmaQX8Y9/FGZHpJLD0xkn/k+zNySALQvq+67MJLQI8G63bJfZXssWTk5az8
+G3Z25Z2x+rmkvUlJj7qEUHLhZ50GkSjxHJUixKYwYd24C+ga0fJDtyr9cPQPoUPj
+K7+CwtdO3cV8FM71e1koJuvMcdnhVIezn556U70uQB8FchuLSQ6lGFO/3Ar3gBu8
+4pkrK0+tDKJSC+mXMDUL8Jr+wY+dGL+ZXmYTI7TP4WwEyyT3dqimTWcEQjJEBKNS
+M1q6F1wzyRsCLS9EYOdg
+=Y14c
+-----END PGP SIGNATURE-----
diff --git a/ImageMagick.changes b/ImageMagick.changes
index 270a8c4..cc0a6ce 100644
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@@ -1,9 +1,31 @@
+-------------------------------------------------------------------
+Tue May 31 08:32:29 UTC 2016 - pgajdos@suse.com
+
+- updated to 6.9.4-5:
+  * Most OpenCL operations are now executed asynchronous.
+  * Security improvements to TEXT coder broke it (reference
+    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29754).
+  * Fix stroke offset problem for -annotate (reference
+    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29626).
+  * Add additional checks to DCM reader to prevent data-driven faults (bug
+    report from Hanno Böck).
+  * Fixed proper placement of text annotation for east / west gravity.
+2016-05-15  6.9.4-3 Cristy  <quetzlzacatenango@image...>
+  * Fix pixel cache on disk regression (reference
+    https://github.com/ImageMagick/ImageMagick/issues/202).
+  * Quote passwords when passed to a delegate program.
+  * Can read geo-related EXIF metdata once-again (reference
+    https://github.com/ImageMagick/ImageMagick/issues/198).
+  * Sanitize all delegate emedded formatting characters.
+  * Don't sync pixel cache in AcquireAuthenticCacheView() (bug report from
+    Hanno Böck).
+
 -------------------------------------------------------------------
 Tue May 31 07:23:22 UTC 2016 - pgajdos@suse.com
 
 - security update:
   * CVE-2016-5118 [bsc#982178]
-    + GraphicsMagick-CVE-2016-5118.patch
+    + ImageMagick-CVE-2016-5118.patch
 
 -------------------------------------------------------------------
 Tue May 17 09:10:23 UTC 2016 - pgajdos@suse.com
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 2a30a81..9654a24 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -63,7 +63,7 @@ BuildRequires:  zip
 
 %define maj           6
 %define mfr_version   %{maj}.9.4
-%define mfr_revision  1
+%define mfr_revision  5
 %define quantum_depth 16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver   2