Accepting request 393906 from graphics

- Disable insecure coders [bnc#978061] * ImageMagick-6.8.8-1-disable-insecure-coders.patch * CVE-2016-3714 * CVE-2016-3715 * CVE-2016-3716 * CVE-2016-3717 * CVE-2016-3718 (forwarded request 393905 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/393906 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ImageMagick?expand=0&rev=125
2016-05-10 07:26:00 +00:00 · 2016-05-10 07:26:00 +00:00 · fd6bf7f72a
commit fd6bf7f72a
parent 70fe8bafe6 27ecdde9e5
7 changed files with 59 additions and 21 deletions
--- a/ImageMagick-6.8.8-1-disable-insecure-coders.patch
+++ b/ImageMagick-6.8.8-1-disable-insecure-coders.patch
@ -0,0 +1,20 @@
+Index: ImageMagick-6.8.8-1/config/policy.xml
+
+Disable insecure loaders by default bsc#978061
+sflees@suse.de
+
+===================================================================
+--- ImageMagick-6.8.8-1.orig/config/policy.xml
+++ ImageMagick-6.8.8-1/config/policy.xml
+@@ -56,4 +56,11 @@
+   <!-- <policy domain="resource" name="time" value="3600"/> -->
+   <!-- <policy domain="system" name="precision" value="6"/> -->
+   <policy domain="cache" name="shared-secret" value="passphrase"/>
+  <!-- Disable insecure coders by default -->
+  <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
+  <policy domain="coder" rights="none" pattern="HTTPS" />
+  <policy domain="coder" rights="none" pattern="MVG" />
+  <policy domain="coder" rights="none" pattern="MSL" />
+ </policymap>
--- a/ImageMagick-6.9.3-10.tar.xz
+++ b/ImageMagick-6.9.3-10.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e33f021c879f31703f9e620f578ccf7d221a34941589da4bbe967b16a814336a
+size 8784108
--- a/ImageMagick-6.9.3-10.tar.xz.asc
+++ b/ImageMagick-6.9.3-10.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJXKf1FAAoJEImrY9SCdzd6rUQP+wQAnK8TATsxTUrGhocQnBrT
+vc8l15R1U96Y8fqoOEr6xRzFtrRUt0gaxbdo5VJXMCSIMYGuwWqD7NijsgPo6INL
+iuCb+fqkdwD+MdVHXyTnWfmG3xdY+VLTVkEzW7PNdz4I15WCoe8iZNQSpN8EY8Yv
+RxrAB9nT5awFSfLg+5AixwxerktjresoQfknzC7uZjcHG6T568teUF5Ap7xMjAOd
+w2NPQzEPXZt3cOuW/Sw/PqGNqHnY9yDJ+ciUTaVAyI8T48A5KIJq6OrVeDDsyNnJ
+nxfqlo0vAiT8os3ZoSD8CByIeOf5DqlWYin9ymRojqn3MUsTFC92ZH2MlVRK/jVJ
+sRjA7pOjqR9Ml5nGP92Ze+9l73RNt840jJEXKyySlVEMSSLloS+MjuUQFH0xhLf9
+FEZ2qZKKaTA3QAoiag1LBuaU/mms9Sv2PXbgW3JZWxw7xMWh9EazVJyPfbhaA4mh
+//eX1iuZsggoQs9VQTcr5CTJBy9WxUIVglcxFEXyuLZPu+JkYIYUV1JT2yEpypIq
+T7onwUyrSXjPSh4KqeeI1U1yUIfPEFLADHo219vNLiH0ceG51d+lEbqAMB/6CMPf
+sMFMjzGRrU4Sc5YqSjPoPw65yHnWjMAzTSBNbjUT1oXlEUJ82qfI4nygK0Evdfpm
+jr2tioHe8JIfFvnAxPM5
+=cE7v
+-----END PGP SIGNATURE-----
--- a/ImageMagick-6.9.3-8.tar.xz
+++ b/ImageMagick-6.9.3-8.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:90ac96f51fa62caf8e24d3e169e6ba5f0059b04101e53eb27e70317339233a89
-size 8775168
--- a/ImageMagick-6.9.3-8.tar.xz.asc
+++ b/ImageMagick-6.9.3-8.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXC5BsAAoJEImrY9SCdzd6Q/kP/1LZ+sqLKz3UtSPAz7YHx4HO
-tHPjqV2lxRm4CrSYf5zJheo+S0bBs3UAtNNlHJ2E3qviW8S2BSKIjj9+lEf608ju
-pO0dRmWOcm0I24DVuWK0h1fH/Y0QzpLhtIdzZW4S/a5D5+OUB5LJALwieaIiLUiA
-h+i0aZockCQxKOkqaz4/tlm2Q47lVo5EBTqJ7Sq+4mQxiOlo0uTN2ZbVYGHKs6hG
-PkaGy7qmKlXPLatt6Ths6Qyu68+WLCyAWxuG/CvauVpWMkZhxnVGeghf5eGRDMAx
-A3x3366LqzN57JFwVSqHkl9TegZsc42LutqNiMRi6sYZLu+Q4LfdgAyh1OqhZi8U
-4mMO2kZvein8nofMtJzPv1fdGU/IYXjQlXWEH757/Cut7lxg6CPlRBB/HsDJ2ZIw
-FqZhEfs7jtLnLAgS+FMJ+3O6r9Dwkb1zefRnm/EOp5/LsOKff4ecOh6gqtoo/U4K
-g7Lr6PhliBmo/v2s9Gglk+l85SA6lovNeJcDEUZUmPh2G4Uk9ZWM526WjOSmq417
-MSDnfF4oDMK/wyqMq5LWSU9OfBUUW4stn00Qx+HHhW6ZZ/tUWtKXr+fAilIvy9Ww
-6LvKqy7+VNRjAUy6ZvvI+rdiPxqa0RZJY55/93YLeNVyORVneXNJQTHdcekxzApr
-mF1ItW9KW21/KjAN8LV3
-=RCdJ
-----END PGP SIGNATURE-----
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu May  5 13:31:42 UTC 2016 - vcizek@suse.com
+
+- Disable insecure coders [bnc#978061]
+  * ImageMagick-6.8.8-1-disable-insecure-coders.patch
+  * CVE-2016-3714
+  * CVE-2016-3715
+  * CVE-2016-3716
+  * CVE-2016-3717
+  * CVE-2016-3718
+
+-------------------------------------------------------------------
+Thu May  5 09:02:32 UTC 2016 - pgajdos@suse.com
+
+- Update to 6.9.3-10: fix imagetragick
+
 -------------------------------------------------------------------
 Thu Apr 14 14:30:54 UTC 2016 - pgajdos@suse.com

--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -63,7 +63,7 @@ BuildRequires:  zip

 %define maj           6
 %define mfr_version   %{maj}.9.3
-%define mfr_revision  8
+%define mfr_revision  10
 %define quantum_depth 16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver   2
@ -92,6 +92,7 @@ Patch4:         ImageMagick-6.8.5.7-no-XPMCompliance.patch
 # bugs
 # will ask upstream if needed, or if other solution exists
 Patch11:        ImageMagick-6.8.4.0-dont-build-in-install.patch
+Patch20:        ImageMagick-6.8.8-1-disable-insecure-coders.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %package -n perl-PerlMagick
@ -251,6 +252,7 @@ HTML documentation for ImageMagick library and scene examples.
 %patch3  -p1
 %patch4  -p1
 %patch11 -p1
+%patch20 -p1

 # remove executeable bits from per demos
 chmod -x PerlMagick/demo/*.pl