packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-2719

Browse Source
This commit is contained in:
cenhuilin 2022-08-11 02:57:02 +00:00
parent 99935de3a6
commit c82779ef8c
2 changed files with 133 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ImageMagick.spec
View File

@ -1,12 +1,14 @@
Name: ImageMagick Name: ImageMagick
Epoch: 1 Epoch: 1
Version: 7.1.0.28 Version: 7.1.0.28
Release: 1 Release: 2
Summary: Create, edit, compose, or convert bitmap images Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT License: ImageMagick and MIT
Url: http://www.imagemagick.org/ Url: http://www.imagemagick.org/
Source0: https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.0-28.tar.gz Source0: https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.0-28.tar.gz
Patch0001: backport-fix-CVE-2022-2719.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
BuildRequires: libgs-devel ghostscript-x11 libwmf-devel BuildRequires: libgs-devel ghostscript-x11 libwmf-devel
@ -160,6 +162,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick* %{_libdir}/pkgconfig/ImageMagick*
%changelog %changelog
* Wed Aug 10 2022 cenhuilin <cenhuilin@kylinos.cn> - 1:7.1.0.28-2
- fix CVE-2022-2719
* Fri May 13 2022 houyingchao <houyingchao@h-partners.com> - 7.1.0.28-1 * Fri May 13 2022 houyingchao <houyingchao@h-partners.com> - 7.1.0.28-1
- Upgrade to 7.1.0.28 for fix CVE-2022-1114 - Upgrade to 7.1.0.28 for fix CVE-2022-1114

127
backport-fix-CVE-2022-2719.patch Normal file
View File

@ -0,0 +1,127 @@
From 7a358f02b613cdb22ca2461ad50275b9e77cb9bd Mon Sep 17 00:00:00 2001
From: cenhuilin <cenhuilin@kylinos.cn>
Date: Wed, 10 Aug 2022 03:55:57 +0000
Subject: [PATCH] do not attempt to write a null image list
---
MagickWand/operation.c | 3 ++-
coders/tim2.c | 22 ++++++++++------------
2 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/MagickWand/operation.c b/MagickWand/operation.c
index 383dc7c..9559603 100644
--- a/MagickWand/operation.c
+++ b/MagickWand/operation.c
@@ -4923,7 +4923,8 @@ WandPrivate void CLINoImageOperator(MagickCLI *cli_wand,
(void) DeleteImageRegistry(key);
write_images=CloneImageList(_images,_exception);
write_info=CloneImageInfo(_image_info);
- (void) WriteImages(write_info,write_images,arg1,_exception);
+ if (write_images != (Image *) NULL)
+ (void) WriteImages(write_info,write_images,arg1,_exception);
write_info=DestroyImageInfo(write_info);
write_images=DestroyImageList(write_images);
break;
diff --git a/coders/tim2.c b/coders/tim2.c
index e55170d..c333b86 100644
--- a/coders/tim2.c
+++ b/coders/tim2.c
@@ -61,7 +61,6 @@
#include "MagickCore/string_.h"
#include "MagickCore/module.h"
-
/*
Typedef declarations
*/
@@ -124,7 +123,6 @@ typedef enum
RGBA16=2,
} TIM2ColorEncoding;
-
/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% %
@@ -142,7 +140,8 @@ typedef enum
%
% The format of the ReadTIM2Image method is:
%
-% Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception)
+% Image *ReadTIM2Image(const ImageInfo *image_info,
+% ExceptionInfo *exception)
%
% A description of each parameter follows:
%
@@ -600,13 +599,13 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
image_info->filename);
break;
}
- if (csm==CSM1)
+ if (csm == CSM1)
{
PixelInfo
*oldColormap;
- oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+1,
- sizeof(*image->colormap));
+ oldColormap=(PixelInfo *) AcquireQuantumMemory((size_t)(image->colors)+
+ 1,sizeof(*image->colormap));
if (oldColormap == (PixelInfo *) NULL)
ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
image_info->filename);
@@ -617,7 +616,8 @@ static MagickBooleanType ReadTIM2ImageData(const ImageInfo *image_info,
return(status);
}
-static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception)
+static Image *ReadTIM2Image(const ImageInfo *image_info,
+ ExceptionInfo *exception)
{
Image
*image;
@@ -626,6 +626,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
status;
ssize_t
+ i,
str_read;
TIM2FileHeader
@@ -685,7 +686,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
*/
if (file_header.image_count != 1)
ThrowReaderException(CoderError,"NumberOfImagesIsNotSupported");
- for (int i=0; i < file_header.image_count; ++i)
+ for (i=0; i < (ssize_t) file_header.image_count; i++)
{
char
clut_depth,
@@ -780,8 +781,7 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
break;
}
image=SyncNextImageInList(image);
- status=SetImageProgress(image,LoadImagesTag,image->scene-1,
- image->scene);
+ status=SetImageProgress(image,LoadImagesTag,image->scene-1,image->scene);
if (status == MagickFalse)
break;
}
@@ -791,7 +791,6 @@ static Image *ReadTIM2Image(const ImageInfo *image_info,ExceptionInfo *exception
return(GetFirstImageInList(image));
}
-
/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% %
@@ -826,7 +825,6 @@ ModuleExport size_t RegisterTIM2Image(void)
return(MagickImageCoderSignature);
}
-
/*
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% %
--
2.33.0