Re: [Pkg-gmagick-im-team] squeeze update of imagemagick?
Hello Bastien,
I uploaded a fixed version to squeeze (8:6.6.0.4-3+squeeze7) and updated
the security tracker entries with all my findings.
I also opened #806441 to track the status of those issues in all Debian
releases. I attached the two patches I used there.
And here I attach the debdiff if you want to integrate my changes in a
git repository or similar.
Cheers,
On Sat, 17 Oct 2015, Bastien Roucaries wrote:
>
>
> Le 14 octobre 2015 00:56:36 GMT+02:00, ben@decadent.org.uk a écrit :
> >Hello dear maintainer(s),
> >
> >the Debian LTS team would like to fix the security issues which are
> >currently open in the Squeeze version of imagemagick:
> >https://security-tracker.debian.org/tracker/source-package/imagemagick
> >
> >Would you like to take care of this yourself? We are still understaffed
> >so
> >any help is always highly appreciated.
> >
> >If yes, please follow the workflow we have defined here:
> >http://wiki.debian.org/LTS/Development
> >
> >If that workflow is a burden to you, feel free to just prepare an
> >updated source package and send it to debian-lts@lists.debian.org
> >(via a debdiff, or with an URL pointing to the the source package,
> >or even with a pointer to your packaging repository), and the members
> >of the LTS team will take care of the rest. Indicate clearly whether
> >you
> >have tested the updated package or not.
>
>
> Will take care
> >If you don't want to take care of this update, it's not a problem, we
> >will do our best with your package. Just let us know whether you would
> >like to review and/or test the updated package before it gets released.
> >
> >Thank you very much.
> >
> >Ben Hutchings,
> > on behalf of the Debian LTS team.
> >
> >PS: A member of the LTS team might start working on this update at
> >any point in time. You can verify whether someone is registered
> >on this update in this file:
> >https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
>
> --
> Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
>
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
diff --git a/debian/changelog b/debian/changelog
index 1f4da02..6733b7d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+imagemagick (8:6.6.0.4-3+squeeze7) squeeze-lts; urgency=medium
+
+ * Non-maintainer upload by the Debian LTS team.
+ * Add fix-overflow-in-icon-parsing.patch to fix an integer overflow
+ that can lead to a buffer overrun in the icon parsing code.
+ * Add fix-overflow-in-pict-parsing.patch to fix an integer overflow
+ that can lead to a double free.
+
+ -- Raphaël Hertzog <hertzog@debian.org> Fri, 27 Nov 2015 14:01:49 +0100
+
imagemagick (8:6.6.0.4-3+squeeze6) squeeze-lts; urgency=high
* Acknowledge NMUs (Closes: #768494).
diff --git a/debian/patches/fix-overflow-in-icon-parsing.patch b/debian/patches/fix-overflow-in-icon-parsing.patch
new file mode 100644
index 0000000..4b5a3ce
--- /dev/null
+++ b/debian/patches/fix-overflow-in-icon-parsing.patch
@@ -0,0 +1,20 @@
+Description: Fix buffer overflow in icon parsing code
+ This patch backports a small extract of a larger upstream
+ commit that addresses this specific issue.
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
+Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
+Applied-Upstream: 7.0.0
+Last-Update: 2015-11-26
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/coders/icon.c
++++ b/coders/icon.c
+@@ -275,6 +275,8 @@ static Image *ReadICONImage(const ImageI
+ Icon image encoded as a compressed PNG image.
+ */
+ length=icon_file.directory[i].size;
++ if (~length < 12)
++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ png=(unsigned char *) AcquireQuantumMemory(length+12,sizeof(*png));
+ if (png == (unsigned char *) NULL)
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
diff --git a/debian/patches/fix-overflow-in-pict-parsing.patch b/debian/patches/fix-overflow-in-pict-parsing.patch
new file mode 100644
index 0000000..6196dc8
--- /dev/null
+++ b/debian/patches/fix-overflow-in-pict-parsing.patch
@@ -0,0 +1,45 @@
+Description: Fix overflow in pict image parsing
+ Backport a small part of an upstream commit fixing
+ an issue with pict image parsing.
+Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
+Applied-Upstream: 7.0.0
+Last-Update: 2015-11-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/coders/pict.c
++++ b/coders/pict.c
+@@ -1589,6 +1589,7 @@ static MagickBooleanType WritePICTImage(
+ x;
+
+ size_t
++ row_bytes,
+ count;
+
+ unsigned char
+@@ -1602,7 +1603,6 @@ static MagickBooleanType WritePICTImage(
+
+ unsigned short
+ base_address,
+- row_bytes,
+ transfer_mode;
+
+ /*
+@@ -1633,7 +1633,7 @@ static MagickBooleanType WritePICTImage(
+ source_rectangle=size_rectangle;
+ destination_rectangle=size_rectangle;
+ base_address=0xff;
+- row_bytes=(unsigned short) (image->columns | 0x8000);
++ row_bytes=image->columns;
+ bounds.top=0;
+ bounds.left=0;
+ bounds.bottom=(short) image->rows;
+@@ -1663,7 +1663,7 @@ static MagickBooleanType WritePICTImage(
+ pixmap.bits_per_pixel=32;
+ pixmap.pack_type=0x04;
+ transfer_mode=0x40;
+- row_bytes=(unsigned short) ((4*image->columns) | 0x8000);
++ row_bytes=4*image->columns;
+ }
+ /*
+ Allocate memory.
diff --git a/debian/patches/series b/debian/patches/series
index 1e57eb6..acd983a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -57,3 +57,5 @@
0056-During-identification-of-image-do-not-fill-memory.patch
0057-Fix-correctly-the-xpm-crash-problem.patch
0058-Avoid-a-memory-leak-in-quantum-management.patch
+fix-overflow-in-icon-parsing.patch
+fix-overflow-in-pict-parsing.patch
Reply to: