From 9c65a192efcc98f1662117363cfb0e028dc5ff90482a9f5b2e2d13df422a124d Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Mon, 22 Oct 2018 09:43:10 +0000 Subject: [PATCH 1/4] - security update * CVE-2018-17100 [bsc#1108637] + tiff-CVE-2018-17100.patch OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=391 --- ImageMagick.changes | 5 +++++ ImageMagick.spec | 12 +++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ImageMagick.changes b/ImageMagick.changes index 47495ff..8bac5b1 100644 --- a/ImageMagick.changes +++ b/ImageMagick.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Oct 22 09:40:38 UTC 2018 - Petr Gajdos + +- add a possibility to build with ASAN + ------------------------------------------------------------------- Wed Oct 3 08:07:50 UTC 2018 - Petr Gajdos diff --git a/ImageMagick.spec b/ImageMagick.spec index 5020053..c893fae 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -12,10 +12,11 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%define asan_build 0 %define maj 7 %define mfr_version %{maj}.0.8 %define mfr_revision 12 @@ -339,6 +340,11 @@ export CONFIGURE_RELATIVE_PATH="ImageMagick%{libspec}%{clibver}" --enable-pipes=no \ --enable-reproducible-build=yes \ --disable-openmp +%if %{asan_build} +sed -i -e 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' \ + -e 's/\(^LIBS =.*\)/\1 -lasan/' \ + Makefile +%endif # don't build together, PerlMagick could be miscompiled when using parallel build[1] # [1] http://pkgs.fedoraproject.org/cgit/ImageMagick.git/tree/ImageMagick.spec make %{?_smp_mflags} all @@ -355,6 +361,10 @@ dos2unix www/api/*.php chmod -x PerlMagick/demo/*.pl %check +%if %{asan_build} +# ASAN needs /proc to be mounted +exit 0 +%endif %ifarch i586 # https://github.com/ImageMagick/ImageMagick/issues/1215 rm PerlMagick/t/montage.t From e6cbfcbfa6f246381f0930127085d5c8c53b995fe1bc14292246f26986483f95 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Wed, 31 Oct 2018 08:07:26 +0000 Subject: [PATCH 2/4] - update to 7.0.8-14: * Adding coder headers with magic.xml will no longer be supported. * Adding coder aliases with coder.xml will no longer be supported. * fixing oss-fuzz issues OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=392 --- ImageMagick-7.0.8-12.tar.bz2 | 3 --- ImageMagick-7.0.8-12.tar.bz2.asc | 16 ---------------- ImageMagick-7.0.8-14.tar.bz2 | 3 +++ ImageMagick-7.0.8-14.tar.bz2.asc | 16 ++++++++++++++++ ImageMagick.changes | 8 ++++++++ ImageMagick.spec | 2 +- 6 files changed, 28 insertions(+), 20 deletions(-) delete mode 100644 ImageMagick-7.0.8-12.tar.bz2 delete mode 100644 ImageMagick-7.0.8-12.tar.bz2.asc create mode 100644 ImageMagick-7.0.8-14.tar.bz2 create mode 100644 ImageMagick-7.0.8-14.tar.bz2.asc diff --git a/ImageMagick-7.0.8-12.tar.bz2 b/ImageMagick-7.0.8-12.tar.bz2 deleted file mode 100644 index 6c76912..0000000 --- a/ImageMagick-7.0.8-12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:40855289517d04f8250ce70c028b62762d384b33a8294c0e7e494400d08c9c4e -size 10838305 diff --git a/ImageMagick-7.0.8-12.tar.bz2.asc b/ImageMagick-7.0.8-12.tar.bz2.asc deleted file mode 100644 index 755a52a..0000000 --- a/ImageMagick-7.0.8-12.tar.bz2.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJbp6TtAAoJEImrY9SCdzd6CoIQAJyEii045XMzveL62p8bA7Fv -pNCKr+3R4usenIbt8/CUmGET/8lfJLDWIpz31v29eKCX5mvkL+9sCZZwUDrV4kNL -SsIy3sZv3CWVAnWou8O/fKMvvYk192KyN45GljpGPAwSeAkCyjEFoZG7DzH3IWbb -jZ7g929wPxDIds2H5EP62oHwTcOR2cy8Q/Xw1BPXBAZjH1N9wB4VMTVh5mEALFR5 -Z0P/h9QdDoH6ItgOGBPrbdrBQhP4BDTsx1pXQGufQGD33sGC3UnnjDiCB7ZIUpFM -w5Q9BModbOsMp2P/nhz7AME1CRcYLtHph6Hhyisqe3RgiPg/+kxRCZx8XWjw7JL2 -Ta5fxgSqLS//ewXphgNANXFTgQx6NliW7wlzyHng8XCRJcJvuxrfIKOQ+g+kJ0lh -vlhPTX+vlcECR0Vqi9owpjxlLtCOe6Pw16YuixqGBySQqvnb/mlAOOuk/Rhmo/Sn -H04cMYtETB5kPOHvvoW3eieE8UcxvrDlrFlV9vJz/SapS0eilTyJFoH4GHOr6ptY -rI4NdlZsUUav61uK6KT04reEHnEOLnaaWUeLOKVspWtFoq7+SEc+z6rgcxzEhs6n -UXj2/Yy+cwAu//QdsPgEurpA7ZlxWcQJpVoid23OinOrAtz4Gm6HaMU+JmXV5pVU -oJbv2YMIS/rajLs81m2V -=ihQy ------END PGP SIGNATURE----- diff --git a/ImageMagick-7.0.8-14.tar.bz2 b/ImageMagick-7.0.8-14.tar.bz2 new file mode 100644 index 0000000..c79e61c --- /dev/null +++ b/ImageMagick-7.0.8-14.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1b209d9ebaae668b531540e32d7fd90a2c7dfe0d48f4de555e3969ae14171f0e +size 10793480 diff --git a/ImageMagick-7.0.8-14.tar.bz2.asc b/ImageMagick-7.0.8-14.tar.bz2.asc new file mode 100644 index 0000000..ef9e0cf --- /dev/null +++ b/ImageMagick-7.0.8-14.tar.bz2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJb0ILZAAoJEImrY9SCdzd6ZmUQAJNRFbQgEq0fRBjoPgQhzr7t +tmfDpdsB9PnvOJPg5G4P97A+7Op9rA0NY2J5SuQpQVCLqKAenWKkb3pIiu1Sos0Z +YHhcujT8wKX4ajSO8YsqwKlg6crTcAEW2+PG0ChCpG8FdNzomtlt1CxQtJubKyJ0 +KnWJ52BrfM1FOVNb4UGo8xaGv28lnAgaehU0daMaEbLIhaOxIdkUWkzsT7IWHTET +/4nvnOIQ94qpbzmC5ZxTyKy2xAhV2nThpgX1v3BhoACULyqn7OBfQYaPM4Ks/6J0 +z46tCairOPzotTlXhaxy+HbhWPgLQfgqgi4Az2VewHuO3UhsdXvVO622ttPMV82v +B1Us2bxmwVibKqMEeRM0Rb6YZd2q38iUzG1FnW3K+T+5rT6RMbotbsKiQj1DqjOU +xCgSUsLbem0H/IjSnFUvh1ZOHz3HpRBi107om6SL6wrEPrBpc1cENWl6eHv2lz2Y +LF3LvY+X4hHANhlwzCiWMt3LGx/gwlrkCjHdjKu48ELVIof5nz5kB8oCzdug2riL +OczIojfYnFaT/yBJD0i0QoWkTajUY7Py2/D89Tp0tjtqbnnVBOq/doiFewlpsjrR +7EYm6QvWWyGWuhTMAVC+hucAOFjjzGQRO7qThbfcMGqIz2vjGZTkQ0+mJjK2EtBG +bs9N3a8qM5f+f6PeS+y+ +=MxpH +-----END PGP SIGNATURE----- diff --git a/ImageMagick.changes b/ImageMagick.changes index 8bac5b1..0006b68 100644 --- a/ImageMagick.changes +++ b/ImageMagick.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Oct 31 07:58:16 UTC 2018 - Petr Gajdos + +- update to 7.0.8-14: + * Adding coder headers with magic.xml will no longer be supported. + * Adding coder aliases with coder.xml will no longer be supported. + * fixing oss-fuzz issues + ------------------------------------------------------------------- Mon Oct 22 09:40:38 UTC 2018 - Petr Gajdos diff --git a/ImageMagick.spec b/ImageMagick.spec index c893fae..a2c171e 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -19,7 +19,7 @@ %define asan_build 0 %define maj 7 %define mfr_version %{maj}.0.8 -%define mfr_revision 12 +%define mfr_revision 14 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 6 From cc7e44bbc013673ac38c35938ac2dec86c796838c34ebcd347276eba88349ef4 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Wed, 31 Oct 2018 08:35:42 +0000 Subject: [PATCH 3/4] - asan_build: build ASAN included - debug_build: build more suitable for debugging OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=393 --- ImageMagick.changes | 3 ++- ImageMagick.spec | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/ImageMagick.changes b/ImageMagick.changes index 0006b68..fb828f5 100644 --- a/ImageMagick.changes +++ b/ImageMagick.changes @@ -9,7 +9,8 @@ Wed Oct 31 07:58:16 UTC 2018 - Petr Gajdos ------------------------------------------------------------------- Mon Oct 22 09:40:38 UTC 2018 - Petr Gajdos -- add a possibility to build with ASAN +- asan_build: build ASAN included +- debug_build: build more suitable for debugging ------------------------------------------------------------------- Wed Oct 3 08:07:50 UTC 2018 - Petr Gajdos diff --git a/ImageMagick.spec b/ImageMagick.spec index a2c171e..f537b03 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -16,6 +16,7 @@ # +%define debug_build 1 %define asan_build 0 %define maj 7 %define mfr_version %{maj}.0.8 @@ -149,6 +150,7 @@ Requires: pkgconfig(bzip2) Requires: libbz2-devel %endif +%if !%{debug_build} %package extra Summary: Extra codecs for the ImageMagick image viewer/converter Group: Productivity/Graphics/Other @@ -160,6 +162,7 @@ Recommends: hp2xx Recommends: libwmf Recommends: netpbm Recommends: transfig +%endif %package -n libMagickCore%{libspec}%{clibver} Summary: C runtime library for ImageMagick @@ -216,6 +219,7 @@ different image formats. Image processing operations are available from the command line as well as through C, C++, and Perl-based programming interfaces. +%if !%{debug_build} %description extra This package adds support for djvu, wmf and jpeg2000 formats and installs optional helper applications. @@ -229,6 +233,7 @@ add special effects to an image and save your completed work in many different image formats. Image processing operations are available from the command line as well as through C, C++, and Perl-based programming interfaces. +%endif %description -n libMagickCore%{libspec}%{clibver} ImageMagick is a robust collection of tools and libraries to read, @@ -309,12 +314,20 @@ sed -i 's:\.t1:.otf:' config/type-urw-base35.xml.in export MODULES_DIRNAME="modules%{libspec}%{clibver}" export SHAREARCH_DIRNAME="config%{libspec}%{clibver}" export CONFIGURE_RELATIVE_PATH="ImageMagick%{libspec}%{clibver}" +%if %{debug_build} +export CFLAGS="%{optflags} -O0" +export CXXFLAGS="%{optflags} -O0" +%endif %configure \ --disable-silent-rules \ --enable-shared \ --without-frozenpaths \ --with-magick_plus_plus \ +%if !%{debug_build} --with-modules \ +%else + --without-modules \ +%endif --with-threads \ %if %{urw_base35_fonts} --with-urw-base35-font-dir=/usr/share/fonts/truetype \ @@ -361,6 +374,11 @@ dos2unix www/api/*.php chmod -x PerlMagick/demo/*.pl %check +%if %{debug_build} +# testsuite does not succeed with -O0 for some reason, +# research TODO +exit 0 +%endif %if %{asan_build} # ASAN needs /proc to be mounted exit 0 @@ -437,6 +455,7 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con %dir %{_sysconfdir}/ImageMagick* %config %{_sysconfdir}/ImageMagick*/* %dir %{_libdir}/ImageMagick* +%if !%{debug_build} %dir %{_libdir}/ImageMagick*/modules* %dir %{_libdir}/ImageMagick*/modules*/* %exclude %{_libdir}/ImageMagick*/modules*/*/wmf.* @@ -447,6 +466,7 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con %{_libdir}/ImageMagick*/modules*/*/*.so # don't remove la files, see bnc#579798 %{_libdir}/ImageMagick*/modules*/*/*.la +%endif %{_libdir}/ImageMagick*/config* %files -n libMagickWand%{libspec}%{cwandver} @@ -455,6 +475,7 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con %endif %{_libdir}/libMagickWand*.so.%{cwandver}* +%if !%{debug_build} %files extra %if 0%{?suse_version} < 1315 %defattr(-,root,root) @@ -467,6 +488,7 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con %endif %{_libdir}/ImageMagick*/modules*/*/djvu.so %{_libdir}/ImageMagick*/modules*/*/djvu.la +%endif %files devel %if 0%{?suse_version} < 1315 From ec9cd2bc06a596ed7563a77302ff6ae1c4a6bce5e331c0e399d60137a616123b Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Wed, 31 Oct 2018 08:38:12 +0000 Subject: [PATCH 4/4] OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=394 --- ImageMagick.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ImageMagick.spec b/ImageMagick.spec index f537b03..0de59b4 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -16,7 +16,7 @@ # -%define debug_build 1 +%define debug_build 0 %define asan_build 0 %define maj 7 %define mfr_version %{maj}.0.8