pool/ImageMagick
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 393906 from graphics

Browse Source 
- Disable insecure coders [bnc#978061]
  * ImageMagick-6.8.8-1-disable-insecure-coders.patch
  * CVE-2016-3714
  * CVE-2016-3715
  * CVE-2016-3716
  * CVE-2016-3717
  * CVE-2016-3718 (forwarded request 393905 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/393906
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ImageMagick?expand=0&rev=125
This commit is contained in:
Dominique Leuenberger 2016-05-10 07:26:00 +00:00 committed by Git OBS Bridge
commit fd6bf7f72a
7 changed files with 59 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ImageMagick-6.8.8-1-disable-insecure-coders.patch Normal file
View File

@ -0,0 +1,20 @@
Index: ImageMagick-6.8.8-1/config/policy.xml
Disable insecure loaders by default bsc#978061
sflees@suse.de
===================================================================
--- ImageMagick-6.8.8-1.orig/config/policy.xml
+++ ImageMagick-6.8.8-1/config/policy.xml
@@ -56,4 +56,11 @@
<!-- <policy domain="resource" name="time" value="3600"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->
<policy domain="cache" name="shared-secret" value="passphrase"/>
+ <!-- Disable insecure coders by default -->
+ <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="URL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

3
ImageMagick-6.9.3-10.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e33f021c879f31703f9e620f578ccf7d221a34941589da4bbe967b16a814336a
size 8784108

17
ImageMagick-6.9.3-10.tar.xz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXKf1FAAoJEImrY9SCdzd6rUQP+wQAnK8TATsxTUrGhocQnBrT
vc8l15R1U96Y8fqoOEr6xRzFtrRUt0gaxbdo5VJXMCSIMYGuwWqD7NijsgPo6INL
iuCb+fqkdwD+MdVHXyTnWfmG3xdY+VLTVkEzW7PNdz4I15WCoe8iZNQSpN8EY8Yv
RxrAB9nT5awFSfLg+5AixwxerktjresoQfknzC7uZjcHG6T568teUF5Ap7xMjAOd
w2NPQzEPXZt3cOuW/Sw/PqGNqHnY9yDJ+ciUTaVAyI8T48A5KIJq6OrVeDDsyNnJ
nxfqlo0vAiT8os3ZoSD8CByIeOf5DqlWYin9ymRojqn3MUsTFC92ZH2MlVRK/jVJ
sRjA7pOjqR9Ml5nGP92Ze+9l73RNt840jJEXKyySlVEMSSLloS+MjuUQFH0xhLf9
FEZ2qZKKaTA3QAoiag1LBuaU/mms9Sv2PXbgW3JZWxw7xMWh9EazVJyPfbhaA4mh
//eX1iuZsggoQs9VQTcr5CTJBy9WxUIVglcxFEXyuLZPu+JkYIYUV1JT2yEpypIq
T7onwUyrSXjPSh4KqeeI1U1yUIfPEFLADHo219vNLiH0ceG51d+lEbqAMB/6CMPf
sMFMjzGRrU4Sc5YqSjPoPw65yHnWjMAzTSBNbjUT1oXlEUJ82qfI4nygK0Evdfpm
jr2tioHe8JIfFvnAxPM5
=cE7v
-----END PGP SIGNATURE-----

3
ImageMagick-6.9.3-8.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:90ac96f51fa62caf8e24d3e169e6ba5f0059b04101e53eb27e70317339233a89
size 8775168

17
ImageMagick-6.9.3-8.tar.xz.asc
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXC5BsAAoJEImrY9SCdzd6Q/kP/1LZ+sqLKz3UtSPAz7YHx4HO
tHPjqV2lxRm4CrSYf5zJheo+S0bBs3UAtNNlHJ2E3qviW8S2BSKIjj9+lEf608ju
pO0dRmWOcm0I24DVuWK0h1fH/Y0QzpLhtIdzZW4S/a5D5+OUB5LJALwieaIiLUiA
h+i0aZockCQxKOkqaz4/tlm2Q47lVo5EBTqJ7Sq+4mQxiOlo0uTN2ZbVYGHKs6hG
PkaGy7qmKlXPLatt6Ths6Qyu68+WLCyAWxuG/CvauVpWMkZhxnVGeghf5eGRDMAx
A3x3366LqzN57JFwVSqHkl9TegZsc42LutqNiMRi6sYZLu+Q4LfdgAyh1OqhZi8U
4mMO2kZvein8nofMtJzPv1fdGU/IYXjQlXWEH757/Cut7lxg6CPlRBB/HsDJ2ZIw
FqZhEfs7jtLnLAgS+FMJ+3O6r9Dwkb1zefRnm/EOp5/LsOKff4ecOh6gqtoo/U4K
g7Lr6PhliBmo/v2s9Gglk+l85SA6lovNeJcDEUZUmPh2G4Uk9ZWM526WjOSmq417
MSDnfF4oDMK/wyqMq5LWSU9OfBUUW4stn00Qx+HHhW6ZZ/tUWtKXr+fAilIvy9Ww
6LvKqy7+VNRjAUy6ZvvI+rdiPxqa0RZJY55/93YLeNVyORVneXNJQTHdcekxzApr
mF1ItW9KW21/KjAN8LV3
=RCdJ
-----END PGP SIGNATURE-----

16
ImageMagick.changes
View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Thu May 5 13:31:42 UTC 2016 - vcizek@suse.com
- Disable insecure coders [bnc#978061]
* ImageMagick-6.8.8-1-disable-insecure-coders.patch
* CVE-2016-3714
* CVE-2016-3715
* CVE-2016-3716
* CVE-2016-3717
* CVE-2016-3718
-------------------------------------------------------------------
Thu May 5 09:02:32 UTC 2016 - pgajdos@suse.com
- Update to 6.9.3-10: fix imagetragick
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 14 14:30:54 UTC 2016 - pgajdos@suse.com Thu Apr 14 14:30:54 UTC 2016 - pgajdos@suse.com

4
ImageMagick.spec
View File

@ -63,7 +63,7 @@ BuildRequires: zip
%define maj 6 %define maj 6
%define mfr_version %{maj}.9.3 %define mfr_version %{maj}.9.3
%define mfr_revision 8 %define mfr_revision 10
%define quantum_depth 16 %define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision} %define source_version %{mfr_version}-%{mfr_revision}
%define clibver 2 %define clibver 2
@ -92,6 +92,7 @@ Patch4: ImageMagick-6.8.5.7-no-XPMCompliance.patch
# bugs # bugs
# will ask upstream if needed, or if other solution exists # will ask upstream if needed, or if other solution exists
Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch
Patch20: ImageMagick-6.8.8-1-disable-insecure-coders.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package -n perl-PerlMagick %package -n perl-PerlMagick
@ -251,6 +252,7 @@ HTML documentation for ImageMagick library and scene examples.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch11 -p1 %patch11 -p1
%patch20 -p1
# remove executeable bits from per demos # remove executeable bits from per demos
chmod -x PerlMagick/demo/*.pl chmod -x PerlMagick/demo/*.pl