- security update:

* CVE-2016-5118 [bsc#982178] + GraphicsMagick-CVE-2016-5118.patch OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=256
2016-05-31 07:28:14 +00:00 · 2016-05-31 07:28:14 +00:00 · fd14b1dcf3
commit fd14b1dcf3
parent b1059c89a0
3 changed files with 23 additions and 0 deletions
--- a/ImageMagick-CVE-2016-5118.patch
+++ b/ImageMagick-CVE-2016-5118.patch
@ -0,0 +1,14 @@
+Index: ImageMagick-6.9.4-1/magick/blob.c
+===================================================================
+--- ImageMagick-6.9.4-1.orig/magick/blob.c	2016-05-09 19:28:58.000000000 +0200
+++ ImageMagick-6.9.4-1/magick/blob.c	2016-05-30 17:33:03.569022390 +0200
+@@ -80,6 +80,9 @@
+   Define declarations.
+ */
+ #define MagickMaxBlobExtent  65541
+
+#undef MAGICKCORE_HAVE_POPEN
+
+ #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
+ # define MAP_ANONYMOUS  MAP_ANON
+ #endif
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue May 31 07:23:22 UTC 2016 - pgajdos@suse.com
+
+- security update:
+  * CVE-2016-5118 [bsc#982178]
+    + GraphicsMagick-CVE-2016-5118.patch
+
 -------------------------------------------------------------------
 Tue May 17 09:10:23 UTC 2016 - pgajdos@suse.com

--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -93,6 +93,7 @@ Patch4:         ImageMagick-6.8.5.7-no-XPMCompliance.patch
 # will ask upstream if needed, or if other solution exists
 Patch11:        ImageMagick-6.8.4.0-dont-build-in-install.patch
 Patch20:        ImageMagick-6.8.8-1-disable-insecure-coders.patch
+Patch21:        ImageMagick-CVE-2016-5118.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %package -n perl-PerlMagick
@ -253,6 +254,7 @@ HTML documentation for ImageMagick library and scene examples.
 %patch4
 %patch11
 %patch20 -p1
+%patch21 -p1

 # remove executeable bits from per demos
 chmod -x PerlMagick/demo/*.pl