Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: imagemagick@packages.debian.org Control: affects -1 + src:imagemagick [ Reason ] Imagemagick is affected in stable by a few securities problems. [ Impact ] Security problems with some exploit (image) in the wild [ Tests ] Yes testsuite is included in the package and autopkgtest [ Risks ] Code is complex,I prefer to not solve in a single step all the security bugs. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] + * Fix CVE-2021-3574: memory leak was found in TIFF coder + * Fix CVE-2021-4219: a special crafted file could lead to a DOS. + * Fix CVE-2021-20241 / CVE-2021-20243: divide by zero in + some coders (Closes: #1013282) + * Fix CVE-2021-20244: Fix a divide by zero in visual-effects.c + * Fix CVE-2021-20245: Fix a divide by zero in webp coder + * Fix CVE-2021-20246: Fix a divide by zero in resample code. + * Fix CVE-2021-20309: Fix a divide by zero in WaveImage function. + * Fix CVE-2021-39212: Postscript files could be read and written + when specifically excluded by a module policy in policy.xml file. + (Closes: #996588) + * Fix CVE-2022-1114: Heap use after free in RelinquishDCMInfo() + (Closes: #1013282) + * Fix CVE-2022-28463: Buffer overflow in cin coder. + * Fix CVE-2022-32545: Value outside the range of unsigned char + (Closes: #1016442) + * Fix CVE-2022-32546: Value outside the range of representable + values of type 'unsigned long' at coders/pcl.c, + * Use Salsa CI [ Other info ] Security team is ok with this.
diff -Nru imagemagick-6.9.11.60+dfsg/debian/changelog imagemagick-6.9.11.60+dfsg/debian/changelog --- imagemagick-6.9.11.60+dfsg/debian/changelog 2023-02-03 17:59:42.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/changelog 2023-05-26 07:10:27.000000000 +0000 @@ -1,3 +1,27 @@ +imagemagick (8:6.9.11.60+dfsg-1.3+deb11u2) bullseye-security; urgency=medium + + * Fix CVE-2021-3574: memory leak was found in TIFF coder + * Fix CVE-2021-4219: a special crafted file could lead to a DOS. + * Fix CVE-2021-20241 / CVE-2021-20243: divide by zero in + some coders (Closes: #1013282) + * Fix CVE-2021-20244: Fix a divide by zero in visual-effects.c + * Fix CVE-2021-20245: Fix a divide by zero in webp coder + * Fix CVE-2021-20246: Fix a divide by zero in resample code. + * Fix CVE-2021-20309: Fix a divide by zero in WaveImage function. + * Fix CVE-2021-39212: Postscript files could be read and written + when specifically excluded by a module policy in policy.xml file. + (Closes: #996588) + * Fix CVE-2022-1114: Heap use after free in RelinquishDCMInfo() + (Closes: #1013282) + * Fix CVE-2022-28463: Buffer overflow in cin coder. + * Fix CVE-2022-32545: Value outside the range of unsigned char + (Closes: #1016442) + * Fix CVE-2022-32546: Value outside the range of representable + values of type 'unsigned long' at coders/pcl.c, + * Use Salsa CI + + -- Bastien Roucariès <rouca@debian.org> Fri, 26 May 2023 07:10:27 +0000 + imagemagick (8:6.9.11.60+dfsg-1.3+deb11u1) bullseye-security; urgency=medium * Fix CVE-2022-44267 / CVE-2022-44268 diff -Nru imagemagick-6.9.11.60+dfsg/debian/debian/salsa-ci-enable-sec-and-update-repos.sh imagemagick-6.9.11.60+dfsg/debian/debian/salsa-ci-enable-sec-and-update-repos.sh --- imagemagick-6.9.11.60+dfsg/debian/debian/salsa-ci-enable-sec-and-update-repos.sh 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/debian/salsa-ci-enable-sec-and-update-repos.sh 2023-05-26 07:10:27.000000000 +0000 @@ -0,0 +1,23 @@ +#!/bin/sh + +set -x +set -e + +# Debug what repositories are available to begin with +grep -r "^deb " /etc/apt/sources.* + +# Enable the same repositories that were available at build time in +# registry.salsa.debian.org/salsa-ci-team/pipeline/base:bullseye +. /etc/os-release +cat << EOF > /etc/apt/sources.list.d/base-$VERSION_CODENAME-repos.list +deb http://deb.debian.org/debian $VERSION_CODENAME main +deb http://deb.debian.org/debian-security $VERSION_CODENAME-security main +deb http://deb.debian.org/debian $VERSION_CODENAME-updates main +EOF + +apt-get update + +# Ref +# bullseye piuparts test runner environment is missing the bullseye-updates apt repository: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/292 +# piuparts: doesn't install dependencies from experimental or -backports: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/58 +# autopkgtest: doesn't install dependencies from experimental or backports: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/85 diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0026-CVE-2021-3574-memory-leak.patch imagemagick-6.9.11.60+dfsg/debian/patches/0026-CVE-2021-3574-memory-leak.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0026-CVE-2021-3574-memory-leak.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0026-CVE-2021-3574-memory-leak.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,40 @@ +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Tue, 13 Apr 2021 21:41:34 -0400 +Subject: CVE-2021-3574: memory leak + +Memory leak due to crafted tiff file + +bug: https://github.com/ImageMagick/ImageMagick/issues/3540 +origin: https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792.patch +--- + coders/tiff.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index a3caa..8e89e 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1332,6 +1332,11 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + TIFFClose(tiff); + ThrowReaderException(CorruptImageError,"UnsupportedBitsPerPixel"); + } ++ if (samples_per_pixel > MaxPixelChannels) ++ { ++ TIFFClose(tiff); ++ ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded"); ++ } + if (sample_format == SAMPLEFORMAT_IEEEFP) + (void) SetImageProperty(image,"quantum:format","floating-point"); + switch (photometric) +@@ -1700,11 +1705,6 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + } + if (image->matte != MagickFalse) + (void) SetImageAlphaChannel(image,OpaqueAlphaChannel); +- if (samples_per_pixel > MaxPixelChannels) +- { +- TIFFClose(tiff); +- ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded"); +- } + method=ReadGenericMethod; + rows_per_strip=(uint32) image->rows; + if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0027-CVE-2021-4219-Dos.patch imagemagick-6.9.11.60+dfsg/debian/patches/0027-CVE-2021-4219-Dos.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0027-CVE-2021-4219-Dos.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0027-CVE-2021-4219-Dos.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,26 @@ +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Wed, 22 Dec 2021 16:00:28 -0500 +Subject: CVE-2021-4219: Dos + +bug: https://github.com/ImageMagick/ImageMagick/issues/4626 +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023282 +origin: https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb.patch +--- + magick/draw.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/magick/draw.c b/magick/draw.c +index 75b3d..ba216 100644 +--- a/magick/draw.c ++++ b/magick/draw.c +@@ -5452,7 +5452,9 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image, + { + (void) CopyMagickString(clone_info->filename,primitive_info->text, + MagickPathExtent); +- status&=SetImageInfo(clone_info,0,exception); ++ status&=SetImageInfo(clone_info,1,exception); ++ (void) CopyMagickString(clone_info->filename,primitive_info->text, ++ MagickPathExtent); + if (clone_info->size != (char *) NULL) + clone_info->size=DestroyString(clone_info->size); + if (clone_info->extract != (char *) NULL) diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0028-CVE-2021-20241.patch imagemagick-6.9.11.60+dfsg/debian/patches/0028-CVE-2021-20241.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0028-CVE-2021-20241.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0028-CVE-2021-20241.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,26 @@ +From: Zhang Xiaohui <ruc_zhangxiaohui@163.com> +Date: Tue, 2 Feb 2021 16:10:05 +0800 +Subject: CVE-2021-20241: + +fix division by zero in WriteJP2Image() in coders/jp2.c + +origin: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745.patch +--- + coders/jp2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/coders/jp2.c b/coders/jp2.c +index 0354f..b5078 100644 +--- a/coders/jp2.c ++++ b/coders/jp2.c +@@ -1064,8 +1064,8 @@ static MagickBooleanType WriteJP2Image(const ImageInfo *image_info,Image *image) + + scale=(double) (((size_t) 1UL << jp2_image->comps[i].prec)-1)/ + QuantumRange; +- q=jp2_image->comps[i].data+(y/jp2_image->comps[i].dy* +- image->columns/jp2_image->comps[i].dx+x/jp2_image->comps[i].dx); ++ q=jp2_image->comps[i].data+(ssize_t) (y*PerceptibleReciprocal(jp2_image->comps[i].dy)* ++ image->columns*PerceptibleReciprocal(jp2_image->comps[i].dx)+x*PerceptibleReciprocal(jp2_image->comps[i].dx)); + switch (i) + { + case 0: diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0029-CVE-2021-20243.patch imagemagick-6.9.11.60+dfsg/debian/patches/0029-CVE-2021-20243.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0029-CVE-2021-20243.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0029-CVE-2021-20243.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,23 @@ +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Wed, 3 Feb 2021 15:30:39 -0500 +Subject: CVE-2021-20243 + +bug: https://github.com/ImageMagick/ImageMagick/pull/3177 +origin: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745.patch +--- + magick/resize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/resize.c b/magick/resize.c +index fe662..56e94 100644 +--- a/magick/resize.c ++++ b/magick/resize.c +@@ -1611,7 +1611,7 @@ MagickExport MagickRealType GetResizeFilterWeight( + */ + assert(resize_filter != (ResizeFilter *) NULL); + assert(resize_filter->signature == MagickCoreSignature); +- x_blur=fabs((double) x)/resize_filter->blur; /* X offset with blur scaling */ ++ x_blur=fabs((double) x)*PerceptibleReciprocal(resize_filter->blur); /* X offset with blur scaling */ + if ((resize_filter->window_support < MagickEpsilon) || + (resize_filter->window == Box)) + scale=1.0; /* Point or Box Filter -- avoid division by zero */ diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0030-CVE-2021-20244-uses-the-PerceptibleReciprocal-to-pre.patch imagemagick-6.9.11.60+dfsg/debian/patches/0030-CVE-2021-20244-uses-the-PerceptibleReciprocal-to-pre.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0030-CVE-2021-20244-uses-the-PerceptibleReciprocal-to-pre.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0030-CVE-2021-20244-uses-the-PerceptibleReciprocal-to-pre.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,37 @@ +From: ruc_zhangxiaohui <553441439@qq.com> +Date: Thu, 4 Feb 2021 04:19:08 +0800 +Subject: CVE-2021-20244: uses the PerceptibleReciprocal() to prevent the + divide-by-zero from occurring (#3194) + +A crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero + +origin: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02.patch +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013282 +Co-authored-by: Zhang Xiaohui <ruc_zhangxiaohui@163.com> +(cherry picked from commit 329dd528ab79531d884c0ba131e97d43f872ab5d) + +This backports the fix for CVE-2021-20244 to IM6. +--- + magick/visual-effects.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/magick/visual-effects.c b/magick/visual-effects.c +index 11dce..46f1d 100644 +--- a/magick/visual-effects.c ++++ b/magick/visual-effects.c +@@ -1101,11 +1101,11 @@ MagickExport Image *ImplodeImage(const Image *image,const double amount, + */ + factor=1.0; + if (distance > 0.0) +- factor=pow(sin((double) (MagickPI*sqrt((double) distance)/ +- radius/2)),-amount); ++ factor=pow(sin((double) (MagickPI*sqrt((double) distance)* ++ PerceptibleReciprocal(radius)/2)),-amount); + status=InterpolateMagickPixelPacket(image,image_view, +- UndefinedInterpolatePixel,(double) (factor*delta.x/scale.x+ +- center.x),(double) (factor*delta.y/scale.y+center.y),&pixel, ++ UndefinedInterpolatePixel,(double) (factor*delta.x*PerceptibleReciprocal(scale.x)+ ++ center.x),(double) (factor*delta.y*PerceptibleReciprocal(scale.y)+center.y),&pixel, + exception); + if (status == MagickFalse) + break; diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0031-CVE-2021-20245-Division-by-zero-in-WriteAnimatedWEBP.patch imagemagick-6.9.11.60+dfsg/debian/patches/0031-CVE-2021-20245-Division-by-zero-in-WriteAnimatedWEBP.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0031-CVE-2021-20245-Division-by-zero-in-WriteAnimatedWEBP.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0031-CVE-2021-20245-Division-by-zero-in-WriteAnimatedWEBP.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,26 @@ +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Wed, 3 Feb 2021 16:04:25 -0500 +Subject: CVE-2021-20245 Division by zero in WriteAnimatedWEBPImage() in + coders/webp.c + +bug: https://github.com/ImageMagick/ImageMagick/issues/3176 +origin: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca.patch +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013282 +--- + coders/webp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/coders/webp.c b/coders/webp.c +index 3c7d9..2bad2b 100644 +--- a/coders/webp.c ++++ b/coders/webp.c +@@ -881,7 +881,8 @@ static MagickBooleanType WriteAnimatedWEBPImage(const ImageInfo *image_info, + + WriteSingleWEBPImage(image_info, image, &picture, current, exception); + +- effective_delta = image->delay*1000/image->ticks_per_second; ++ effective_delta = image->delay*1000*PerceptibleReciprocal( ++ image->ticks_per_second); + if (effective_delta < 10) + effective_delta = 100; /* Consistent with gif2webp */ + frame_timestamp+=effective_delta; diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0032-CVE-2021-20246-division-by-zero-in-MagickCore-resamp.patch imagemagick-6.9.11.60+dfsg/debian/patches/0032-CVE-2021-20246-division-by-zero-in-MagickCore-resamp.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0032-CVE-2021-20246-division-by-zero-in-MagickCore-resamp.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0032-CVE-2021-20246-division-by-zero-in-MagickCore-resamp.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,28 @@ +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Wed, 3 Feb 2021 15:50:29 -0500 +Subject: CVE-2021-20246: division by zero in MagickCore/resample.c + +bug:https://github.com/ImageMagick/ImageMagick/issues/3195 +origin: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74.patch +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013282 +--- + magick/resample.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magick/resample.c b/magick/resample.c +index 593af..d5c72 100644 +--- a/magick/resample.c ++++ b/magick/resample.c +@@ -1212,10 +1212,10 @@ MagickExport void ScaleResampleFilter(ResampleFilter *resample_filter, + { double scale; + #if FILTER_LUT + /* scale so that F = WLUT_WIDTH; -- hardcoded */ +- scale = (double)WLUT_WIDTH/F; ++ scale=(double) WLUT_WIDTH*PerceptibleReciprocal(F); + #else + /* scale so that F = resample_filter->F (support^2) */ +- scale = resample_filter->F/F; ++ scale=resample_filter->F*PerceptibleReciprocal(F); + #endif + resample_filter->A = A*scale; + resample_filter->B = B*scale; diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0033-CVE-2021-20309-Division-by-zero-in-WaveImage.patch imagemagick-6.9.11.60+dfsg/debian/patches/0033-CVE-2021-20309-Division-by-zero-in-WaveImage.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0033-CVE-2021-20309-Division-by-zero-in-WaveImage.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0033-CVE-2021-20309-Division-by-zero-in-WaveImage.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,24 @@ +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Thu, 25 Feb 2021 19:34:36 -0500 +Subject: CVE-2021-20309: Division by zero in WaveImage() + +bug: https://github.com/ImageMagick/ImageMagick/issues/3296 +origin: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f.patch +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013282 +--- + magick/visual-effects.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/visual-effects.c b/magick/visual-effects.c +index 46f1d..87fd0b 100644 +--- a/magick/visual-effects.c ++++ b/magick/visual-effects.c +@@ -3328,7 +3328,7 @@ MagickExport Image *WaveImage(const Image *image,const double amplitude, + } + for (i=0; i < (ssize_t) wave_image->columns; i++) + sine_map[i]=(float) fabs(amplitude)+amplitude*sin((double) +- ((2.0*MagickPI*i)/wave_length)); ++ ((2.0*MagickPI*i)*PerceptibleReciprocal(wave_length))); + /* + Wave image. + */ diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0034-partial-CVE-2021-39212-Fixed-incorrect-check-when-mo.patch imagemagick-6.9.11.60+dfsg/debian/patches/0034-partial-CVE-2021-39212-Fixed-incorrect-check-when-mo.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0034-partial-CVE-2021-39212-Fixed-incorrect-check-when-mo.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0034-partial-CVE-2021-39212-Fixed-incorrect-check-when-mo.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,68 @@ +From: Dirk Lemstra <dirk@lemstra.org> +Date: Sat, 11 Sep 2021 10:57:09 +0200 +Subject: [partial] CVE-2021-39212: Fixed incorrect check when module is used + as the domain in policy.xml that would allow the use of a disabled module. + +origin: https://github.com/ImageMagick/ImageMagick6/commit/8cd2fcd33460826628a7590dc3ce74d7785e1598.patch +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996588 +bug-ubuntu-security: https://ubuntu.com/security/CVE-2021-39212 +bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr +--- + magick/module.c | 10 +++++----- + magick/static.c | 8 ++++---- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/magick/module.c b/magick/module.c +index 9f160..1ea993 100644 +--- a/magick/module.c ++++ b/magick/module.c +@@ -1279,18 +1279,18 @@ MagickExport MagickBooleanType OpenModule(const char *module, + module_info=(ModuleInfo *) GetModuleInfo(module,exception); + if (module_info != (ModuleInfo *) NULL) + return(MagickTrue); ++ (void) CopyMagickString(module_name,module,MaxTextExtent); ++ p=GetCoderInfo(module,exception); ++ if (p != (CoderInfo *) NULL) ++ (void) CopyMagickString(module_name,p->name,MaxTextExtent); + rights=ReadPolicyRights; +- if (IsRightsAuthorized(ModulePolicyDomain,rights,module) == MagickFalse) ++ if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse) + { + errno=EPERM; + (void) ThrowMagickException(exception,GetMagickModule(),PolicyError, + "NotAuthorized","`%s'",module); + return(MagickFalse); + } +- (void) CopyMagickString(module_name,module,MaxTextExtent); +- p=GetCoderInfo(module,exception); +- if (p != (CoderInfo *) NULL) +- (void) CopyMagickString(module_name,p->name,MaxTextExtent); + if (GetValueFromSplayTree(module_list,module_name) != (void *) NULL) + return(MagickTrue); /* module already opened, return */ + /* +diff --git a/magick/static.c b/magick/static.c +index 8c68f..a2b11 100644 +--- a/magick/static.c ++++ b/magick/static.c +@@ -395,17 +395,17 @@ MagickExport MagickBooleanType RegisterStaticModule(const char *module, + */ + assert(module != (const char *) NULL); + (void) CopyMagickString(module_name,module,MagickPathExtent); ++ p=GetCoderInfo(module,exception); ++ if (p != (CoderInfo *) NULL) ++ (void) CopyMagickString(module_name,p->name,MagickPathExtent); + rights=ReadPolicyRights; +- if (IsRightsAuthorized(ModulePolicyDomain,rights,module) == MagickFalse) ++ if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse) + { + errno=EPERM; + (void) ThrowMagickException(exception,GetMagickModule(),PolicyError, + "NotAuthorized","`%s'",module); + return(MagickFalse); + } +- p=GetCoderInfo(module,exception); +- if (p != (CoderInfo *) NULL) +- (void) CopyMagickString(module_name,p->name,MagickPathExtent); + extent=sizeof(MagickModules)/sizeof(MagickModules[0]); + for (i=0; i < (ssize_t) extent; i++) + if (LocaleCompare(MagickModules[i].module,module_name) == 0) diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0035-partial-CVE-2021-39212-Added-missing-policy-checks-i.patch imagemagick-6.9.11.60+dfsg/debian/patches/0035-partial-CVE-2021-39212-Added-missing-policy-checks-i.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0035-partial-CVE-2021-39212-Added-missing-policy-checks-i.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0035-partial-CVE-2021-39212-Added-missing-policy-checks-i.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,36 @@ +From: Dirk Lemstra <dirk@lemstra.org> +Date: Sat, 11 Sep 2021 12:30:44 +0200 +Subject: [partial] CVE-2021-39212: Added missing policy checks in + RegisterStaticModules. + +origin: https://github.com/ImageMagick/ImageMagick6/commit/69ea5587de17ef89476be47a3cb7f855c0355a74 +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996588 +bug-ubuntu-security: https://ubuntu.com/security/CVE-2021-39212 +bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr +--- + magick/static.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/magick/static.c b/magick/static.c +index a2b11..3b036 100644 +--- a/magick/static.c ++++ b/magick/static.c +@@ -398,7 +398,7 @@ MagickExport MagickBooleanType RegisterStaticModule(const char *module, + p=GetCoderInfo(module,exception); + if (p != (CoderInfo *) NULL) + (void) CopyMagickString(module_name,p->name,MagickPathExtent); +- rights=ReadPolicyRights; ++ rights=AllPolicyRights; + if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse) + { + errno=EPERM; +@@ -452,6 +452,9 @@ MagickExport void RegisterStaticModules(void) + { + if (MagickModules[i].registered == MagickFalse) + { ++ if (IsRightsAuthorized(ModulePolicyDomain,AllPolicyRights, ++ MagickModules[i].module) == MagickFalse) ++ continue; + (void) (MagickModules[i].register_module)(); + MagickModules[i].registered=MagickTrue; + } diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0036-partial-CVE-2021-39212-Use-AllPolicyRights-instead.patch imagemagick-6.9.11.60+dfsg/debian/patches/0036-partial-CVE-2021-39212-Use-AllPolicyRights-instead.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0036-partial-CVE-2021-39212-Use-AllPolicyRights-instead.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0036-partial-CVE-2021-39212-Use-AllPolicyRights-instead.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,27 @@ +From: Dirk Lemstra <dirk@lemstra.org> +Date: Sat, 11 Sep 2021 12:43:45 +0200 +Subject: [partial] CVE-2021-39212: Use AllPolicyRights instead. + +(cherry picked from commit b60e17133b982d28816386b83174c2bc06dd39bd) + +origin: https://github.com/ImageMagick/ImageMagick6/commit/b60e17133b982d28816386b83174c2bc06dd39bd +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996588 +bug-ubuntu-security: https://ubuntu.com/security/CVE-2021-39212 +bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr +--- + magick/module.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/module.c b/magick/module.c +index 1ea993..da267 100644 +--- a/magick/module.c ++++ b/magick/module.c +@@ -1283,7 +1283,7 @@ MagickExport MagickBooleanType OpenModule(const char *module, + p=GetCoderInfo(module,exception); + if (p != (CoderInfo *) NULL) + (void) CopyMagickString(module_name,p->name,MaxTextExtent); +- rights=ReadPolicyRights; ++ rights=AllPolicyRights; + if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse) + { + errno=EPERM; diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0037-CVE-2021-39212-Use-the-correct-rights.patch imagemagick-6.9.11.60+dfsg/debian/patches/0037-CVE-2021-39212-Use-the-correct-rights.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0037-CVE-2021-39212-Use-the-correct-rights.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0037-CVE-2021-39212-Use-the-correct-rights.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,65 @@ +From: Dirk Lemstra <dirk@lemstra.org> +Date: Sat, 11 Sep 2021 17:01:23 +0200 +Subject: CVE-2021-39212: Use the correct rights. + +(cherry picked from commit 428e68597fa904d0bdc133d878e12acd7dc60fa3) + +origin: https://github.com/ImageMagick/ImageMagick6/commit/428e68597fa904d0bdc133d878e12acd7dc60fa3 +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996588 +bug-ubuntu-security: https://ubuntu.com/security/CVE-2021-39212 +bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr +--- + magick/module.c | 2 +- + magick/static.c | 8 ++++++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/magick/module.c b/magick/module.c +index da267..3d177 100644 +--- a/magick/module.c ++++ b/magick/module.c +@@ -1283,7 +1283,7 @@ MagickExport MagickBooleanType OpenModule(const char *module, + p=GetCoderInfo(module,exception); + if (p != (CoderInfo *) NULL) + (void) CopyMagickString(module_name,p->name,MaxTextExtent); +- rights=AllPolicyRights; ++ rights=ReadPolicyRights|WritePolicyRights; + if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse) + { + errno=EPERM; +diff --git a/magick/static.c b/magick/static.c +index 3b036..1268d 100644 +--- a/magick/static.c ++++ b/magick/static.c +@@ -398,7 +398,7 @@ MagickExport MagickBooleanType RegisterStaticModule(const char *module, + p=GetCoderInfo(module,exception); + if (p != (CoderInfo *) NULL) + (void) CopyMagickString(module_name,p->name,MagickPathExtent); +- rights=AllPolicyRights; ++ rights=ReadPolicyRights|WritePolicyRights; + if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse) + { + errno=EPERM; +@@ -441,18 +441,22 @@ MagickExport MagickBooleanType RegisterStaticModule(const char *module, + */ + MagickExport void RegisterStaticModules(void) + { ++ PolicyRights ++ rights; ++ + size_t + extent; + + ssize_t + i; + ++ rights=ReadPolicyRights|WritePolicyRights; + extent=sizeof(MagickModules)/sizeof(MagickModules[0]); + for (i=0; i < (ssize_t) extent; i++) + { + if (MagickModules[i].registered == MagickFalse) + { +- if (IsRightsAuthorized(ModulePolicyDomain,AllPolicyRights, ++ if (IsRightsAuthorized(ModulePolicyDomain,rights, + MagickModules[i].module) == MagickFalse) + continue; + (void) (MagickModules[i].register_module)(); diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0038-Fix-CVE-2022-1114-Heap-use-after-free-in-RelinquishD.patch imagemagick-6.9.11.60+dfsg/debian/patches/0038-Fix-CVE-2022-1114-Heap-use-after-free-in-RelinquishD.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0038-Fix-CVE-2022-1114-Heap-use-after-free-in-RelinquishD.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0038-Fix-CVE-2022-1114-Heap-use-after-free-in-RelinquishD.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,38 @@ +From: Cristy <urban-warrior@imagemagick.org> +Date: Tue, 15 Mar 2022 21:59:36 -0400 +Subject: Fix CVE-2022-1114: Heap use after free in RelinquishDCMInfo() + +bug: https://github.com/ImageMagick/ImageMagick/issues/4947 +bug-debian: https://bugs.debian.org/1013282 +origin: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f.patch +--- + coders/dcm.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/coders/dcm.c b/coders/dcm.c +index d274ad..439aa 100644 +--- a/coders/dcm.c ++++ b/coders/dcm.c +@@ -3242,15 +3242,15 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception) + RelinquishMagickMemory(info_copy); + } + +- /* +- If we're entering a sequence, push the current image parameters onto +- the stack, so we can restore them at the end of the sequence. +- */ + if (strcmp(explicit_vr,"SQ") == 0) + { +- DCMInfo *info_copy = (DCMInfo *) AcquireMagickMemory(sizeof(info)); +- memcpy(info_copy,&info,sizeof(info)); +- AppendValueToLinkedList(stack,info_copy); ++ /* ++ If we're entering a sequence, push the current image parameters ++ onto the stack, so we can restore them at the end of the sequence. ++ */ ++ DCMInfo *clone_info = (DCMInfo *) AcquireMagickMemory(sizeof(info)); ++ (void) memcpy(clone_info,&info,sizeof(info)); ++ AppendValueToLinkedList(stack,clone_info); + sequence_depth++; + } + diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0039-CVE-2022-28463-buffer-overflow-in-cin-coder.patch imagemagick-6.9.11.60+dfsg/debian/patches/0039-CVE-2022-28463-buffer-overflow-in-cin-coder.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0039-CVE-2022-28463-buffer-overflow-in-cin-coder.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0039-CVE-2022-28463-buffer-overflow-in-cin-coder.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,25 @@ +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 26 Mar 2022 09:27:36 -0400 +Subject: CVE-2022-28463: buffer overflow in cin coder + +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013282 +bug: https://github.com/ImageMagick/ImageMagick/issues/4988 +origin: https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680.patch +(cherry picked from commit e6ea5876e0228165ee3abc6e959aa174cee06680) +--- + coders/cin.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/cin.c b/coders/cin.c +index 2f814e..67c56 100644 +--- a/coders/cin.c ++++ b/coders/cin.c +@@ -450,6 +450,8 @@ static Image *ReadCINImage(const ImageInfo *image_info,ExceptionInfo *exception) + image->endian=(magick[0] == 0x80) && (magick[1] == 0x2a) && + (magick[2] == 0x5f) && (magick[3] == 0xd7) ? MSBEndian : LSBEndian; + cin.file.image_offset=ReadBlobLong(image); ++ if (cin.file.image_offset < 712) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + offset+=4; + cin.file.generic_length=ReadBlobLong(image); + offset+=4; diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,111 @@ +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 19 Mar 2022 07:01:57 -0400 +Subject: CVE-2022-32545: undefined behavior value outside char range + +bug: https://github.com/ImageMagick/ImageMagick/pull/4963 +bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2091811 +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016442 +origin: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa.patch + +(cherry picked from commit 450949ed017f009b399c937cf362f0058eacc5fa) +--- + coders/emf.c | 3 ++- + coders/psd.c | 5 +++-- + magick/widget.c | 6 ++++++ + wand/animate.c | 5 ++++- + wand/display.c | 5 ++++- + 5 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/coders/emf.c b/coders/emf.c +index 6a9db..fd93c 100644 +--- a/coders/emf.c ++++ b/coders/emf.c +@@ -411,7 +411,8 @@ static HENHMETAFILE ReadEnhMetaFile(const char *path,ssize_t *width, + } + ReadFile(hFile,pBits,dwSize,&dwSize,NULL); + CloseHandle(hFile); +- if (((PAPMHEADER) pBits)->dwKey != 0x9ac6cdd7l) ++ if (((PAPMHEADER) pBits)->dwKey != 0x9ac6cdd7l || ++ (((PAPMHEADER) pBits)->wInch == 0)) + { + pBits=(BYTE *) DestroyString((char *) pBits); + return((HENHMETAFILE) NULL); +diff --git a/coders/psd.c b/coders/psd.c +index 3dc25..5c70c 100644 +--- a/coders/psd.c ++++ b/coders/psd.c +@@ -1045,8 +1045,9 @@ static MagickBooleanType ReadPSDChannelPixels(Image *image, + number_bits=8; + for (bit=0; bit < number_bits; bit++) + { +- SetPSDPixel(image,channels,type,packet_size,(((unsigned char) pixel) +- & (0x01 << (7-bit))) != 0 ? 0 : QuantumRange,q++,indexes,x++); ++ SetPSDPixel(image,channels,type,packet_size, ++ (((unsigned char) ((ssize_t) pixel)) & (0x01 << (7-bit))) != 0 ? 0 : ++ QuantumRange,q++,indexes,x++); + } + if (x != (ssize_t) image->columns) + x--; +diff --git a/magick/widget.c b/magick/widget.c +index e93a3..605558 100644 +--- a/magick/widget.c ++++ b/magick/widget.c +@@ -7858,6 +7858,8 @@ MagickExport int XMenuWidget(Display *display,XWindows *windows, + break; + } + state&=(~InactiveWidgetState); ++ if (selection_info.height == 0) ++ break; + id=(event.xbutton.y-top_offset)/(int) selection_info.height; + selection_info.id=id; + if ((id < 0) || (id >= (int) number_selections)) +@@ -7911,6 +7913,8 @@ MagickExport int XMenuWidget(Display *display,XWindows *windows, + if (event.xcrossing.state == 0) + break; + state&=(~InactiveWidgetState); ++ if (selection_info.height == 0) ++ break; + id=((event.xcrossing.y-top_offset)/(int) selection_info.height); + if ((selection_info.id >= 0) && + (selection_info.id < (int) number_selections)) +@@ -7997,6 +8001,8 @@ MagickExport int XMenuWidget(Display *display,XWindows *windows, + break; + if (state & InactiveWidgetState) + break; ++ if (selection_info.height == 0) ++ break; + id=(event.xmotion.y-top_offset)/(int) selection_info.height; + if ((selection_info.id >= 0) && + (selection_info.id < (int) number_selections)) +diff --git a/wand/animate.c b/wand/animate.c +index 0f704..adc84 100644 +--- a/wand/animate.c ++++ b/wand/animate.c +@@ -1143,7 +1143,10 @@ WandExport MagickBooleanType AnimateImageCommand(ImageInfo *image_info, + if (i == (ssize_t) argc) + ThrowAnimateException(OptionError,"MissingArgument",option); + if (XRemoteCommand(display,resource_info.window_id,argv[i]) != 0) +- return(MagickFalse); ++ { ++ DestroyAnimate(); ++ return(MagickFalse); ++ } + i--; + break; + } +diff --git a/wand/display.c b/wand/display.c +index b7b9e..27aba 100644 +--- a/wand/display.c ++++ b/wand/display.c +@@ -1491,7 +1491,10 @@ WandExport MagickBooleanType DisplayImageCommand(ImageInfo *image_info, + if (i == (ssize_t) argc) + ThrowDisplayException(OptionError,"MissingArgument",option); + if (XRemoteCommand(display,resource_info.window_id,argv[i]) != 0) +- return(MagickFalse); ++ { ++ DestroyDisplay(); ++ return(MagickFalse); ++ } + i--; + break; + } diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0041-CVE-2022-32546-outside-the-range-of-representable-va.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,27 @@ +From: Cristy <urban-warrior@imagemagick.org> +Date: Thu, 24 Mar 2022 11:38:59 -0400 +Subject: CVE-2022-32546 outside the range of representable values of type + 'unsigned long' at coders/pcl.c, + +bug: https://github.com/ImageMagick/ImageMagick/pull/4986 +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016442 +origin: https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943.patch +--- + coders/pcl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/coders/pcl.c b/coders/pcl.c +index a6bd6..f1d9a 100644 +--- a/coders/pcl.c ++++ b/coders/pcl.c +@@ -294,8 +294,8 @@ static Image *ReadPCLImage(const ImageInfo *image_info,ExceptionInfo *exception) + /* + Set PCL render geometry. + */ +- width=(size_t) floor(bounds.x2-bounds.x1+0.5); +- height=(size_t) floor(bounds.y2-bounds.y1+0.5); ++ width=(size_t) CastDoubleToLong(floor(bounds.x2-bounds.x1+0.5)); ++ height=(size_t) CastDoubleToLong(floor(bounds.y2-bounds.y1+0.5)); + if (width > page.width) + page.width=width; + if (height > page.height) diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch 2023-05-25 21:50:29.000000000 +0000 @@ -0,0 +1,33 @@ +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 9 Apr 2022 08:40:54 -0400 +Subject: Fix CVE-2022-32547: unaligned access in property + +bug: https://github.com/ImageMagick/ImageMagick/pull/5034 +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016442 +origin: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b.patch +bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2091813 +--- + magick/property.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/magick/property.c b/magick/property.c +index 0381b..f83954 100644 +--- a/magick/property.c ++++ b/magick/property.c +@@ -1513,12 +1513,14 @@ static MagickBooleanType GetEXIFProperty(const Image *image, + } + case EXIF_FMT_SINGLE: + { +- EXIFMultipleValues(4,"%f",(double) *(float *) p1); ++ EXIFMultipleValues(4,"%.20g",(double) ++ ReadPropertySignedLong(endian,p1)); + break; + } + case EXIF_FMT_DOUBLE: + { +- EXIFMultipleValues(8,"%f",*(double *) p1); ++ EXIFMultipleValues(8,"%.20g",(double) ++ ReadPropertySignedLong(endian,p1)); + break; + } + case EXIF_FMT_STRING: diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/series imagemagick-6.9.11.60+dfsg/debian/patches/series --- imagemagick-6.9.11.60+dfsg/debian/patches/series 2023-02-03 17:59:07.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/series 2023-05-25 21:50:29.000000000 +0000 @@ -23,3 +23,20 @@ 0001-https-github.com-ImageMagick-ImageMagick6-issues-145.patch 0023-disable-ghostscript-formats.patch move-profile-property-to-cli-option.patch +0026-CVE-2021-3574-memory-leak.patch +0027-CVE-2021-4219-Dos.patch +0028-CVE-2021-20241.patch +0029-CVE-2021-20243.patch +0030-CVE-2021-20244-uses-the-PerceptibleReciprocal-to-pre.patch +0031-CVE-2021-20245-Division-by-zero-in-WriteAnimatedWEBP.patch +0032-CVE-2021-20246-division-by-zero-in-MagickCore-resamp.patch +0033-CVE-2021-20309-Division-by-zero-in-WaveImage.patch +0034-partial-CVE-2021-39212-Fixed-incorrect-check-when-mo.patch +0035-partial-CVE-2021-39212-Added-missing-policy-checks-i.patch +0036-partial-CVE-2021-39212-Use-AllPolicyRights-instead.patch +0037-CVE-2021-39212-Use-the-correct-rights.patch +0038-Fix-CVE-2022-1114-Heap-use-after-free-in-RelinquishD.patch +0039-CVE-2022-28463-buffer-overflow-in-cin-coder.patch +0040-CVE-2022-32545-undefined-behavior-value-outside-char.patch +0041-CVE-2022-32546-outside-the-range-of-representable-va.patch +0042-Fix-CVE-2022-32547-unaligned-access-in-property.patch diff -Nru imagemagick-6.9.11.60+dfsg/debian/salsa-ci-enable-sec-and-update-repos.sh imagemagick-6.9.11.60+dfsg/debian/salsa-ci-enable-sec-and-update-repos.sh --- imagemagick-6.9.11.60+dfsg/debian/salsa-ci-enable-sec-and-update-repos.sh 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/salsa-ci-enable-sec-and-update-repos.sh 2023-05-26 07:10:27.000000000 +0000 @@ -0,0 +1,23 @@ +#!/bin/sh + +set -x +set -e + +# Debug what repositories are available to begin with +grep -r "^deb " /etc/apt/sources.* + +# Enable the same repositories that were available at build time in +# registry.salsa.debian.org/salsa-ci-team/pipeline/base:bullseye +. /etc/os-release +cat << EOF > /etc/apt/sources.list.d/base-$VERSION_CODENAME-repos.list +deb http://deb.debian.org/debian $VERSION_CODENAME main +deb http://deb.debian.org/debian-security $VERSION_CODENAME-security main +deb http://deb.debian.org/debian $VERSION_CODENAME-updates main +EOF + +apt-get update + +# Ref +# bullseye piuparts test runner environment is missing the bullseye-updates apt repository: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/292 +# piuparts: doesn't install dependencies from experimental or -backports: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/58 +# autopkgtest: doesn't install dependencies from experimental or backports: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/85 diff -Nru imagemagick-6.9.11.60+dfsg/debian/salsa-ci.yml imagemagick-6.9.11.60+dfsg/debian/salsa-ci.yml --- imagemagick-6.9.11.60+dfsg/debian/salsa-ci.yml 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/salsa-ci.yml 2023-05-26 07:10:27.000000000 +0000 @@ -0,0 +1,8 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +variables: + RELEASE: 'bullseye' + SALSA_CI_PIUPARTS_PRE_INSTALL_SCRIPT: 'debian/salsa-ci-enable-sec-and-update-repos.sh'
Attachment:
signature.asc
Description: This is a digitally signed message part.