From d6669a0ed7330e482691b0488e852ea12473e3dae7a2da830facf8d101275770 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 29 Jun 2023 09:17:50 +0000 Subject: [PATCH] - version update to 7.1.1.12 - added patches fix CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c + ImageMagick-CVE-2023-3428.patch OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=661 --- ImageMagick-7.1.1-11.tar.xz | 3 --- ImageMagick-7.1.1-11.tar.xz.asc | 16 ---------------- ImageMagick-7.1.1-12.tar.xz | 3 +++ ImageMagick-7.1.1-12.tar.xz.asc | 16 ++++++++++++++++ ImageMagick-CVE-2023-3428.patch | 14 ++++++++++++++ ImageMagick.changes | 8 ++++++++ ImageMagick.spec | 5 ++++- 7 files changed, 45 insertions(+), 20 deletions(-) delete mode 100644 ImageMagick-7.1.1-11.tar.xz delete mode 100644 ImageMagick-7.1.1-11.tar.xz.asc create mode 100644 ImageMagick-7.1.1-12.tar.xz create mode 100644 ImageMagick-7.1.1-12.tar.xz.asc create mode 100644 ImageMagick-CVE-2023-3428.patch diff --git a/ImageMagick-7.1.1-11.tar.xz b/ImageMagick-7.1.1-11.tar.xz deleted file mode 100644 index 7150283..0000000 --- a/ImageMagick-7.1.1-11.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4a8b0fb3a498bd7ac294e4f6f463597d19267a012d38e48c8d6a822735bf797e -size 10196156 diff --git a/ImageMagick-7.1.1-11.tar.xz.asc b/ImageMagick-7.1.1-11.tar.xz.asc deleted file mode 100644 index 8bcf1b1..0000000 --- a/ImageMagick-7.1.1-11.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmR1CX4ACgkQiatj1IJ3 -N3pcxA/+LlBOo7ZhRnf33cV68FmhK2lI0DOcG0xBf7fzdbyB1vHGGI7k+cp8AVAu -1+McFOWPUOFVumEgYxvxJ6XukopULOEVtsnCI603O0dkJyoRgQ/XVHl0oWs3wXrH -03jOKa761SErmNyjrKZB8Lz2f8+qjPizmod2eeTaOaj6WA8ut7EuDRWoLNVDtsdn -WaiAY2MQN22aZ4NLQcSYjLlpF9IYG76jvU/4letvrzwgkY7CTFi4rExCJC+zIy9I -weSRdX7FfFXs/rlIBcqx0pGrpmCGkDzFQjGCJjj8AbfwNWN1UY8hhG6tEjwQVRDs -7GEUiY3inFvPdKzf6Mo/+gDrZgjtS4cLj0mCQZ6j4tt6dRKzpLEZ8k76CF00PSan -p7nA7GuHXai2pUQj085MzzSeGx4GKuCCtKldXoeUjaRBWlqBJSjPJbaQC9s/WBRX -kbN7c3ZAS9TsZAlzM4d2oK/S/2FIZZGZrSA0LFmyIVhaVNG07u+3QCIOD6sA2m/8 -ZapQFTEnFXxrMVxxnoRnm1VeZFM7TrzKQufwh6jEd0HOg2uER846VcNBWQhaiLbN -Bkh2WfAMpy4RczyWtMxXR5+zfgMrIUwo0tcT9DH3maPoiCpFDyOOMtwgCrggDSRl -DZkJd0IMCAbbh8gNWDpIgyUTxTw5Qis8xuxbCtxluOWa6VwyPOI= -=Qm8k ------END PGP SIGNATURE----- diff --git a/ImageMagick-7.1.1-12.tar.xz b/ImageMagick-7.1.1-12.tar.xz new file mode 100644 index 0000000..1d6eb67 --- /dev/null +++ b/ImageMagick-7.1.1-12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a761aa8c3b0690910600ba838d15379b676820f1ed912382d31c9b5da1ca1878 +size 10197236 diff --git a/ImageMagick-7.1.1-12.tar.xz.asc b/ImageMagick-7.1.1-12.tar.xz.asc new file mode 100644 index 0000000..4449049 --- /dev/null +++ b/ImageMagick-7.1.1-12.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmSY0TYACgkQiatj1IJ3 +N3paEQ//XtBcUOXIaaEFQPYWjOicVQff4Uq9NQxxhdwzRGtSytfqv7SrQo1+3ZNG +DjQ1hY5xMRUL/+2pmpuLgc5WAtGQ0LxOFAsW1f8gPo2XxfCQlXkCq0HaX3JzvngH +ZSSu+y1YtG+YkZtEUVyQwyJCCfS1FptDjOQkq208mxbn8P4C0DqV4Yl6ap2Lpehd +sqL1ssUVC0l9z4TELlcZCnUl7sf8L5Ya0JdQ+vZzNykr5sB+9PiXv8lAT4Gs2Xo6 +5IGC2cBJn4n/L3dcSCWJ3we9ypXZpMYzsCSYI97qlvHXB789br6J6m5Hohlp0uFN +5iH0ztXH3dqlKflKX3WA1w/dlqZ0Z93q0mKmFJNe6wBK7We//3FbeqWzbrn3zNq7 +EQBdfH72LBypw2tHdnpAnk3m77IxAUQ8XLd5j9kJquunihUBGNkO6Yag7CaehCtG +bvaWjuDBZ3tfUPzhKpg8Shpg7GQTltmblsFU+HalL6FlbiUdt4P5S40mdoDXJ7xe +RbZOEpD7GyuTRKDf11GTQ6pvGvwdjEMy8EQWnK9JxNhaa8REQdH9sOmwPqoVcV3i +qLML7P6Xb5ADfuLILlz6vqagkQD7Hr2FvymD4SdCFMESL6+CSxKWG1mWd93Vs5LR +0nHTfd61ub1F/JZlpw8jy3SGuzQz38jD5Mhlmd66T/6FgXvKXD4= +=j99y +-----END PGP SIGNATURE----- diff --git a/ImageMagick-CVE-2023-3428.patch b/ImageMagick-CVE-2023-3428.patch new file mode 100644 index 0000000..bf19f28 --- /dev/null +++ b/ImageMagick-CVE-2023-3428.patch @@ -0,0 +1,14 @@ +diff --git a/coders/tiff.c b/coders/tiff.c +index 9e0d0b1201..df4274cacd 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -2010,7 +2010,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + number_pixels=(MagickSizeType) columns*rows; + if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) + ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); +- extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff), ++ extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff), + TIFFTileSize(tiff)); + tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, + sizeof(*tile_pixels)); + diff --git a/ImageMagick.changes b/ImageMagick.changes index 81ed519..d10aa3f 100644 --- a/ImageMagick.changes +++ b/ImageMagick.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jun 29 09:17:27 UTC 2023 - pgajdos@suse.com + +- version update to 7.1.1.12 +- added patches + fix CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c + + ImageMagick-CVE-2023-3428.patch + ------------------------------------------------------------------- Tue May 30 08:33:42 UTC 2023 - pgajdos@suse.com diff --git a/ImageMagick.spec b/ImageMagick.spec index 87e0c41..4d02cf4 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -20,7 +20,7 @@ %define asan_build 0 %define maj 7 %define mfr_version %{maj}.1.1 -%define mfr_revision 11 +%define mfr_revision 12 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 10 @@ -55,6 +55,8 @@ Patch2: ImageMagick-library-installable-in-parallel.patch Patch4: ImageMagick-filter.t-disable-Contrast.patch #%%endif #%%endif +# CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c +Patch5: ImageMagick-CVE-2023-3428.patch BuildRequires: chrpath BuildRequires: dejavu-fonts BuildRequires: fdupes @@ -297,6 +299,7 @@ preserved. %patch4 -p1 %endif %endif +%patch5 -p1 %build # bsc#1088463