Accepting request 1095937 from graphics

- version update to 7.1.1.12 - added patches fix CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c + ImageMagick-CVE-2023-3428.patch OBS-URL: https://build.opensuse.org/request/show/1095937 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ImageMagick?expand=0&rev=277
2023-06-30 17:58:00 +00:00 · 2023-06-30 17:58:00 +00:00 · 8576a05e9e
commit 8576a05e9e
parent c4b7259823 d6669a0ed7
7 changed files with 45 additions and 20 deletions
--- a/ImageMagick-7.1.1-11.tar.xz
+++ b/ImageMagick-7.1.1-11.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4a8b0fb3a498bd7ac294e4f6f463597d19267a012d38e48c8d6a822735bf797e
-size 10196156
--- a/ImageMagick-7.1.1-11.tar.xz.asc
+++ b/ImageMagick-7.1.1-11.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmR1CX4ACgkQiatj1IJ3
-N3pcxA/+LlBOo7ZhRnf33cV68FmhK2lI0DOcG0xBf7fzdbyB1vHGGI7k+cp8AVAu
-1+McFOWPUOFVumEgYxvxJ6XukopULOEVtsnCI603O0dkJyoRgQ/XVHl0oWs3wXrH
-03jOKa761SErmNyjrKZB8Lz2f8+qjPizmod2eeTaOaj6WA8ut7EuDRWoLNVDtsdn
-WaiAY2MQN22aZ4NLQcSYjLlpF9IYG76jvU/4letvrzwgkY7CTFi4rExCJC+zIy9I
-weSRdX7FfFXs/rlIBcqx0pGrpmCGkDzFQjGCJjj8AbfwNWN1UY8hhG6tEjwQVRDs
-7GEUiY3inFvPdKzf6Mo/+gDrZgjtS4cLj0mCQZ6j4tt6dRKzpLEZ8k76CF00PSan
-p7nA7GuHXai2pUQj085MzzSeGx4GKuCCtKldXoeUjaRBWlqBJSjPJbaQC9s/WBRX
-kbN7c3ZAS9TsZAlzM4d2oK/S/2FIZZGZrSA0LFmyIVhaVNG07u+3QCIOD6sA2m/8
-ZapQFTEnFXxrMVxxnoRnm1VeZFM7TrzKQufwh6jEd0HOg2uER846VcNBWQhaiLbN
-Bkh2WfAMpy4RczyWtMxXR5+zfgMrIUwo0tcT9DH3maPoiCpFDyOOMtwgCrggDSRl
-DZkJd0IMCAbbh8gNWDpIgyUTxTw5Qis8xuxbCtxluOWa6VwyPOI=
-=Qm8k
-----END PGP SIGNATURE-----
--- a/ImageMagick-7.1.1-12.tar.xz
+++ b/ImageMagick-7.1.1-12.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a761aa8c3b0690910600ba838d15379b676820f1ed912382d31c9b5da1ca1878
+size 10197236
--- a/ImageMagick-7.1.1-12.tar.xz.asc
+++ b/ImageMagick-7.1.1-12.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmSY0TYACgkQiatj1IJ3
+N3paEQ//XtBcUOXIaaEFQPYWjOicVQff4Uq9NQxxhdwzRGtSytfqv7SrQo1+3ZNG
+DjQ1hY5xMRUL/+2pmpuLgc5WAtGQ0LxOFAsW1f8gPo2XxfCQlXkCq0HaX3JzvngH
+ZSSu+y1YtG+YkZtEUVyQwyJCCfS1FptDjOQkq208mxbn8P4C0DqV4Yl6ap2Lpehd
+sqL1ssUVC0l9z4TELlcZCnUl7sf8L5Ya0JdQ+vZzNykr5sB+9PiXv8lAT4Gs2Xo6
+5IGC2cBJn4n/L3dcSCWJ3we9ypXZpMYzsCSYI97qlvHXB789br6J6m5Hohlp0uFN
+5iH0ztXH3dqlKflKX3WA1w/dlqZ0Z93q0mKmFJNe6wBK7We//3FbeqWzbrn3zNq7
+EQBdfH72LBypw2tHdnpAnk3m77IxAUQ8XLd5j9kJquunihUBGNkO6Yag7CaehCtG
+bvaWjuDBZ3tfUPzhKpg8Shpg7GQTltmblsFU+HalL6FlbiUdt4P5S40mdoDXJ7xe
+RbZOEpD7GyuTRKDf11GTQ6pvGvwdjEMy8EQWnK9JxNhaa8REQdH9sOmwPqoVcV3i
+qLML7P6Xb5ADfuLILlz6vqagkQD7Hr2FvymD4SdCFMESL6+CSxKWG1mWd93Vs5LR
+0nHTfd61ub1F/JZlpw8jy3SGuzQz38jD5Mhlmd66T/6FgXvKXD4=
+=j99y
+-----END PGP SIGNATURE-----
--- a/ImageMagick-CVE-2023-3428.patch
+++ b/ImageMagick-CVE-2023-3428.patch
@ -0,0 +1,14 @@
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 9e0d0b1201..df4274cacd 100644
+--- a/coders/tiff.c
+++ b/coders/tiff.c
+@@ -2010,7 +2010,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         number_pixels=(MagickSizeType) columns*rows;
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+-        extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
+        extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
+           TIFFTileSize(tiff));
+         tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
+           sizeof(*tile_pixels));
+
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Jun 29 09:17:27 UTC 2023 - pgajdos@suse.com
+
+- version update to 7.1.1.12
+- added patches
+  fix CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c
+  + ImageMagick-CVE-2023-3428.patch
+
 -------------------------------------------------------------------
 Tue May 30 08:33:42 UTC 2023 - pgajdos@suse.com

--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -20,7 +20,7 @@
 %define asan_build     0
 %define maj            7
 %define mfr_version    %{maj}.1.1
-%define mfr_revision   11
+%define mfr_revision   12
 %define quantum_depth  16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver        10
@ -55,6 +55,8 @@ Patch2:         ImageMagick-library-installable-in-parallel.patch
 Patch4:         ImageMagick-filter.t-disable-Contrast.patch
 #%%endif
 #%%endif
+# CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c
+Patch5:         ImageMagick-CVE-2023-3428.patch
 BuildRequires:  chrpath
 BuildRequires:  dejavu-fonts
 BuildRequires:  fdupes
@ -297,6 +299,7 @@ preserved.
 %patch4 -p1
 %endif
 %endif
+%patch5 -p1

 %build
 # bsc#1088463