svn commit: r442142 - in branches/2017Q2/graphics/ImageMagick: . files
Koop Mast
kwm at FreeBSD.org
Wed May 31 09:00:34 UTC 2017
Author: kwm
Date: Wed May 31 09:00:30 2017
New Revision: 442142
URL: https://svnweb.freebsd.org/changeset/ports/442142
Log:
Manualy backport CVE patches, due to shared library bump in ImageMagick.
PR: 219497
Approved by: ports-secteam@ (feld@)
Security: 50776801-4183-11e7-b291-b499baebfeaf
Added:
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5506 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5507 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5508 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5509 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5510 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5511 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6497 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6498 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6499 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6500 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6501 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6502 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7275 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7606 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7619 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7941 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7942 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7943 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8343 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8344 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8345 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8346 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8347 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8348 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8349 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8350 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8351 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8352 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8353 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8354 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8355 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8356 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8357 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8765 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8830 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-9141 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-9142 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-9143 (contents, props changed)
branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-9144 (contents, props changed)
Modified:
branches/2017Q2/graphics/ImageMagick/Makefile
Modified: branches/2017Q2/graphics/ImageMagick/Makefile
==============================================================================
--- branches/2017Q2/graphics/ImageMagick/Makefile Wed May 31 08:22:54 2017 (r442141)
+++ branches/2017Q2/graphics/ImageMagick/Makefile Wed May 31 09:00:30 2017 (r442142)
@@ -2,7 +2,7 @@
PORTNAME= ImageMagick
DISTVERSION= 6.9.6-4
-PORTREVISION= 1
+PORTREVISION= 2
PORTEPOCH= 1
CATEGORIES= graphics perl5
MASTER_SITES= http://www.imagemagick.org/download/ \
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5506
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5506 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,27 @@
+From 6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 12 Jan 2017 12:51:14 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/354
+
+---
+ magick/profile.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/magick/profile.c b/magick/profile.c
+index 7c12a1c933..6313388a2b 100644
+--- magick/profile.c
++++ magick/profile.c
+@@ -2071,10 +2071,10 @@ static MagickBooleanType SyncExifProfile(Image *image, StringInfo *profile)
+ The directory entry contains an offset.
+ */
+ offset=(ssize_t) ReadProfileLong(endian,q+8);
+- if ((ssize_t) (offset+number_bytes) < offset)
+- continue; /* prevent overflow */
+- if ((size_t) (offset+number_bytes) > length)
++ if ((offset < 0) || ((size_t) (offset+number_bytes) > length))
+ continue;
++ if (~length < number_bytes)
++ continue; /* prevent overflow */
+ p=(unsigned char *) (exif+offset);
+ }
+ switch (tag_value)
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5507
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5507 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,49 @@
+From 4493d9ca1124564da17f9b628ef9d0f1a6be9738 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Tue, 10 Jan 2017 20:14:38 -0500
+Subject: [PATCH] ...
+
+ * Recognize XML policy closing tags (reference
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31182).
+ * Fix memory leak in MPC image format.
+
+
+diff --git a/coders/mpc.c b/coders/mpc.c
+index eda0c36cb2..89fead527f 100644
+--- coders/mpc.c
++++ coders/mpc.c
+@@ -67,6 +67,7 @@
+ #include "magick/profile.h"
+ #include "magick/property.h"
+ #include "magick/quantum-private.h"
++#include "magick/resource_.h"
+ #include "magick/static.h"
+ #include "magick/statistic.h"
+ #include "magick/string_.h"
+@@ -841,7 +842,9 @@ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ /*
+ Create image colormap.
+ */
+- if (AcquireImageColormap(image,image->colors) == MagickFalse)
++ image->colormap=(PixelPacket *) AcquireQuantumMemory(image->colors+1,
++ sizeof(*image->colormap));
++ if (image->colormap == (PixelPacket *) NULL)
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ if (image->colors != 0)
+ {
+@@ -930,12 +933,9 @@ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0))
+ if (image->scene >= (image_info->scene+image_info->number_scenes-1))
+ break;
+- status=SetImageExtent(image,image->columns,image->rows);
+- if (status == MagickFalse)
+- {
+- InheritException(exception,&image->exception);
+- return(DestroyImageList(image));
+- }
++ if ((AcquireMagickResource(WidthResource,image->columns) == MagickFalse) ||
++ (AcquireMagickResource(HeightResource,image->rows) == MagickFalse))
++ ThrowReaderException(ImageError,"WidthOrHeightExceedsLimit");
+ /*
+ Attach persistent pixel cache.
+ */
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5508
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5508 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,230 @@
+From e5dc6d628a1c6049dc95adcea5e49aaa7ef2c778 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Fri, 2 Dec 2016 11:07:56 -0500
+Subject: [PATCH] Fix possible buffer overflow when writing compressed TIFFS
+
+---
+ coders/tiff.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index f18e210127..c6c6f60afb 100644
+--- coders/tiff.c
++++ coders/tiff.c
+@@ -1581,9 +1581,9 @@ RestoreMSCWarning
+ rows_per_strip);
+ (void) SetImageProperty(image,"tiff:rows-per-strip",value);
+ }
+- if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_CONTIG))
++ if ((samples_per_pixel >= 3) && (interlace == PLANARCONFIG_CONTIG))
+ method=ReadRGBAMethod;
+- if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_SEPARATE))
++ if ((samples_per_pixel >= 4) && (interlace == PLANARCONFIG_SEPARATE))
+ method=ReadCMYKAMethod;
+ if ((photometric != PHOTOMETRIC_RGB) &&
+ (photometric != PHOTOMETRIC_CIELAB) &&
+
+
+From fde5f55af94f189f16958535a9c22b439d71ac93 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 1 Dec 2016 20:05:59 -0500
+Subject: [PATCH] Fix possible buffer overflow when writing compressed TIFFS
+
+---
+ ChangeLog | 4 ++++
+ coders/tiff.c | 38 +++++++++++++++++++++-----------------
+ 2 files changed, 25 insertions(+), 17 deletions(-)
+
+2016-12-02 6.9.6-7 Cristy <quetzlzacatenango at image...>
+ * Fix possible buffer overflow when writing compressed TIFFS (vulnerability
+ report from Cisco Talos, CVE-2016-8707).
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 35a14b6882..f18e210127 100644
+--- coders/tiff.c
++++ coders/tiff.c
+@@ -1154,7 +1154,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+ width;
+
+ unsigned char
+- *pixels;
++ *tiff_pixels;
+
+ /*
+ Open image.
+@@ -1606,7 +1606,13 @@ RestoreMSCWarning
+ method=ReadTileMethod;
+ quantum_info->endian=LSBEndian;
+ quantum_type=RGBQuantum;
+- pixels=GetQuantumPixels(quantum_info);
++ tiff_pixels=(unsigned char *) AcquireMagickMemory(TIFFScanlineSize(tiff)+
++ sizeof(uint32));
++ if (tiff_pixels == (unsigned char *) NULL)
++ {
++ TIFFClose(tiff);
++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++ }
+ switch (method)
+ {
+ case ReadSingleSampleMethod:
+@@ -1643,7 +1649,6 @@ RestoreMSCWarning
+ TIFFClose(tiff);
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ }
+- pixels=GetQuantumPixels(quantum_info);
+ for (y=0; y < (ssize_t) image->rows; y++)
+ {
+ int
+@@ -1652,14 +1657,14 @@ RestoreMSCWarning
+ register PixelPacket
+ *magick_restrict q;
+
+- status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels);
++ status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) tiff_pixels);
+ if (status == -1)
+ break;
+ q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
+ if (q == (PixelPacket *) NULL)
+ break;
+ (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
+- quantum_type,pixels,exception);
++ quantum_type,tiff_pixels,exception);
+ if (SyncAuthenticPixels(image,exception) == MagickFalse)
+ break;
+ if (image->previous == (Image *) NULL)
+@@ -1700,7 +1705,6 @@ RestoreMSCWarning
+ TIFFClose(tiff);
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ }
+- pixels=GetQuantumPixels(quantum_info);
+ for (y=0; y < (ssize_t) image->rows; y++)
+ {
+ int
+@@ -1709,14 +1713,14 @@ RestoreMSCWarning
+ register PixelPacket
+ *magick_restrict q;
+
+- status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels);
++ status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) tiff_pixels);
+ if (status == -1)
+ break;
+ q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
+ if (q == (PixelPacket *) NULL)
+ break;
+ (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
+- quantum_type,pixels,exception);
++ quantum_type,tiff_pixels,exception);
+ if (SyncAuthenticPixels(image,exception) == MagickFalse)
+ break;
+ if (image->previous == (Image *) NULL)
+@@ -1745,7 +1749,7 @@ RestoreMSCWarning
+ status;
+
+ status=TIFFReadPixels(tiff,bits_per_sample,(tsample_t) i,y,(char *)
+- pixels);
++ tiff_pixels);
+ if (status == -1)
+ break;
+ q=GetAuthenticPixels(image,0,y,image->columns,1,exception);
+@@ -1771,7 +1775,7 @@ RestoreMSCWarning
+ default: quantum_type=UndefinedQuantum; break;
+ }
+ (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
+- quantum_type,pixels,exception);
++ quantum_type,tiff_pixels,exception);
+ if (SyncAuthenticPixels(image,exception) == MagickFalse)
+ break;
+ }
+@@ -1787,7 +1791,6 @@ RestoreMSCWarning
+ }
+ case ReadYCCKMethod:
+ {
+- pixels=GetQuantumPixels(quantum_info);
+ for (y=0; y < (ssize_t) image->rows; y++)
+ {
+ int
+@@ -1805,14 +1808,14 @@ RestoreMSCWarning
+ unsigned char
+ *p;
+
+- status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels);
++ status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) tiff_pixels);
+ if (status == -1)
+ break;
+ q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
+ if (q == (PixelPacket *) NULL)
+ break;
+ indexes=GetAuthenticIndexQueue(image);
+- p=pixels;
++ p=tiff_pixels;
+ for (x=0; x < (ssize_t) image->columns; x++)
+ {
+ SetPixelCyan(q,ScaleCharToQuantum(ClampYCC((double) *p+
+@@ -1861,13 +1864,13 @@ RestoreMSCWarning
+ break;
+ if (i == 0)
+ {
+- if (TIFFReadRGBAStrip(tiff,(tstrip_t) y,(uint32 *) pixels) == 0)
++ if (TIFFReadRGBAStrip(tiff,(tstrip_t) y,(uint32 *) tiff_pixels) == 0)
+ break;
+ i=(ssize_t) MagickMin((ssize_t) rows_per_strip,(ssize_t)
+ image->rows-y);
+ }
+ i--;
+- p=((uint32 *) pixels)+image->columns*i;
++ p=((uint32 *) tiff_pixels)+image->columns*i;
+ for (x=0; x < (ssize_t) image->columns; x++)
+ {
+ SetPixelRed(q,ScaleCharToQuantum((unsigned char)
+@@ -1920,8 +1923,8 @@ RestoreMSCWarning
+ TIFFClose(tiff);
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ }
+- tile_pixels=(uint32 *) AcquireQuantumMemory(columns,
+- rows*sizeof(*tile_pixels));
++ tile_pixels=(uint32 *) AcquireQuantumMemory(columns,rows*
++ sizeof(*tile_pixels));
+ if (tile_pixels == (uint32 *) NULL)
+ {
+ TIFFClose(tiff);
+@@ -2078,6 +2081,7 @@ RestoreMSCWarning
+ break;
+ }
+ }
++ tiff_pixels=(unsigned char *) RelinquishMagickMemory(tiff_pixels);
+ SetQuantumImageType(image,quantum_type);
+ next_tiff_frame:
+ if (quantum_info != (QuantumInfo *) NULL)
+
+
+From c073a7712d82476b5fbee74856c46b88af9c3175 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 5 Jan 2017 12:07:59 -0500
+Subject: [PATCH]
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
+
+---
+ ChangeLog | 4 ++++
+ coders/tiff.c | 5 +++--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+2017-01-04 6.9.7-3 Cristy <quetzlzacatenango at image...>
+ * Increase memory allocation for TIFF pixels (reference
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161).
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 55a6683f71..6304b397fe 100644
+--- coders/tiff.c
++++ coders/tiff.c
+@@ -1606,8 +1606,9 @@ RestoreMSCWarning
+ method=ReadTileMethod;
+ quantum_info->endian=LSBEndian;
+ quantum_type=RGBQuantum;
+- tiff_pixels=(unsigned char *) AcquireMagickMemory(TIFFScanlineSize(tiff)+
+- sizeof(uint32));
++ tiff_pixels=(unsigned char *) AcquireMagickMemory(MagickMax(
++ TIFFScanlineSize(tiff),(size_t) (image->columns*samples_per_pixel*
++ pow(2.0,ceil(log(bits_per_sample)/log(2.0))))));
+ if (tiff_pixels == (unsigned char *) NULL)
+ {
+ TIFFClose(tiff);
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5509
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5509 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,22 @@
+From 37a1710e2dab6ed91128ea648d654a22fbe2a6af Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Tue, 10 Jan 2017 09:04:04 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/350
+
+---
+ coders/psd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/psd.c b/coders/psd.c
+index 58496fd96d..14e375b9ed 100644
+--- coders/psd.c
++++ coders/psd.c
+@@ -2606,7 +2606,7 @@ static ssize_t WritePSDChannels(const PSDInfo *psd_info,
+ compact_pixels=(unsigned char *) NULL;
+ if (next_image->compression == RLECompression)
+ {
+- compact_pixels=AcquireCompactPixels(image);
++ compact_pixels=AcquireCompactPixels(next_image);
+ if (compact_pixels == (unsigned char *) NULL)
+ return(0);
+ }
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5510
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5510 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,22 @@
+From e87af64b1ff1635a32d9b6162f1b0e260fb54ed9 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Sun, 8 Jan 2017 08:40:43 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/348
+
+---
+ coders/psd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/psd.c b/coders/psd.c
+index a6f7ec4b0b..58496fd96d 100644
+--- coders/psd.c
++++ coders/psd.c
+@@ -2486,7 +2486,7 @@ static size_t WritePSDChannel(const PSDInfo *psd_info,
+ next_image->depth=16;
+ monochrome=IsMonochromeImage(image,&image->exception) && (image->depth == 1)
+ ? MagickTrue : MagickFalse;
+- quantum_info=AcquireQuantumInfo(image_info,image);
++ quantum_info=AcquireQuantumInfo(image_info,next_image);
+ if (quantum_info == (QuantumInfo *) NULL)
+ return(0);
+ pixels=GetQuantumPixels(quantum_info);
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5511
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-5511 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,23 @@
+From 7d65a814ac76bd04760072c33e452371692ee790 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Sat, 7 Jan 2017 16:56:30 +0100
+Subject: [PATCH] Fix improper cast that could cause an overflow as
+ demonstrated in #347.
+
+---
+ coders/psd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/psd.c b/coders/psd.c
+index 1f15d65b1b..a6f7ec4b0b 100644
+--- coders/psd.c
++++ coders/psd.c
+@@ -1671,7 +1671,7 @@ ModuleExport MagickBooleanType ReadPSDLayers(Image *image,
+ /*
+ Layer name.
+ */
+- length=(MagickSizeType) ReadBlobByte(image);
++ length=(MagickSizeType) (unsigned char) ReadBlobByte(image);
+ combined_length+=length+1;
+ if (length > 0)
+ (void) ReadBlob(image,(size_t) length++,layer_info[i].name);
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6497
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6497 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,27 @@
+From 7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Sat, 11 Feb 2017 10:31:39 +0100
+Subject: [PATCH] Added missing null check.
+
+---
+ coders/psd.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/coders/psd.c b/coders/psd.c
+index 14e375b9ed..fb93c57dd1 100644
+--- coders/psd.c
++++ coders/psd.c
+@@ -1284,8 +1284,11 @@ static MagickBooleanType ReadPSDChannel(Image *image,
+ }
+ mask=CloneImage(image,layer_info->mask.page.width,
+ layer_info->mask.page.height,MagickFalse,exception);
+- mask->matte=MagickFalse;
+- channel_image=mask;
++ if (mask != (Image *) NULL)
++ {
++ mask->matte=MagickFalse;
++ channel_image=mask;
++ }
+ }
+
+ offset=TellBlob(image);
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6498
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6498 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,43 @@
+From 65f75a32a93ae4044c528a987a68366ecd4b46b9 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 19 Jan 2017 19:30:48 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/pull/359
+
+---
+ coders/tga.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/coders/tga.c b/coders/tga.c
+index d8adc52f7b..7b87278ef5 100644
+--- coders/tga.c
++++ coders/tga.c
+@@ -710,6 +710,7 @@ static MagickBooleanType WriteTGAImage(const ImageInfo *image_info,Image *image)
+ compression;
+
+ const char
++ *comment,
+ *value;
+
+ const double
+@@ -766,9 +767,9 @@ static MagickBooleanType WriteTGAImage(const ImageInfo *image_info,Image *image)
+ compression=image_info->compression;
+ range=GetQuantumRange(5UL);
+ tga_info.id_length=0;
+- value=GetImageProperty(image,"comment");
+- if (value != (const char *) NULL)
+- tga_info.id_length=(unsigned char) MagickMin(strlen(value),255);
++ comment=GetImageProperty(image,"comment");
++ if (comment != (const char *) NULL)
++ tga_info.id_length=(unsigned char) MagickMin(strlen(comment),255);
+ tga_info.colormap_type=0;
+ tga_info.colormap_index=0;
+ tga_info.colormap_length=0;
+@@ -852,7 +853,7 @@ static MagickBooleanType WriteTGAImage(const ImageInfo *image_info,Image *image)
+ (void) WriteBlobByte(image,tga_info.bits_per_pixel);
+ (void) WriteBlobByte(image,tga_info.attributes);
+ if (tga_info.id_length != 0)
+- (void) WriteBlob(image,tga_info.id_length,(unsigned char *) value);
++ (void) WriteBlob(image,tga_info.id_length,(unsigned char *) comment);
+ if (tga_info.colormap_type != 0)
+ {
+ unsigned char
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6499
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6499 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,37 @@
+From 3358f060fc182551822576b2c0a8850faab5d543 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Thu, 9 Feb 2017 21:53:23 +0100
+Subject: [PATCH] Fixed memory leak when creating nested exceptions in
+ Magick++.
+
+ 2017-02-09 6.9.7-8 Dirk Lemstra <dirk at lem.....org>
+ * Fixed memory leak when creating nested exceptions in Magick++ (reference
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634)
+
+diff --git a/Magick++/lib/Exception.cpp b/Magick++/lib/Exception.cpp
+index 92ca629707..8ef34bc0a0 100644
+--- Magick++/lib/Exception.cpp
++++ Magick++/lib/Exception.cpp
+@@ -852,12 +852,18 @@ MagickPPExport void Magick::throwException(ExceptionInfo *exception_,
+ exception_->description) != 0))
+ {
+ if (nestedException == (Exception *) NULL)
+- nestedException=createException(p);
++ {
++ nestedException=createException(p);
++ q=nestedException;
++ }
+ else
+ {
+- q=createException(p);
+- nestedException->nested(q);
+- nestedException=q;
++ Exception
++ *r;
++
++ r=createException(p);
++ q->nested(r);
++ q=r;
+ }
+ }
+ }
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6500
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6500 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,23 @@
+From 3007531bfd326c5c1e29cd41d2cd80c166de8528 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Wed, 8 Feb 2017 13:38:04 -0500
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/375
+ https://github.com/ImageMagick/ImageMagick/issues/376
+
+---
+ coders/sun.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/sun.c b/coders/sun.c
+index 150f3357fd..c11a33c62b 100644
+--- coders/sun.c
++++ coders/sun.c
+@@ -458,7 +458,7 @@ static Image *ReadSUNImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ ThrowReaderException(ResourceLimitError,"ImproperImageHeader");
+ }
+ pixels_length=height*bytes_per_line;
+- sun_pixels=(unsigned char *) AcquireQuantumMemory(pixels_length,
++ sun_pixels=(unsigned char *) AcquireQuantumMemory(pixels_length+image->rows,
+ sizeof(*sun_pixels));
+ if (sun_pixels == (unsigned char *) NULL)
+ {
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6501
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6501 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,29 @@
+From d31fec57e9dfb0516deead2053a856e3c71e9751 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Thu, 9 Feb 2017 18:13:47 -0500
+Subject: [PATCH] =?UTF-8?q?Check=20for=20image=20list=20before=20we=20dest?=
+ =?UTF-8?q?roy=20the=20last=20image=20in=20XCF=20coder=20(patch=20sent=20p?=
+ =?UTF-8?q?rivately=20by=20=D0=90=D0=BD=D0=B4=D1=80=D0=B5=D0=B9=20=D0=A7?=
+ =?UTF-8?q?=D0=B5=D1=80=D0=BD=D1=8B=D0=B9)?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ coders/xcf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/xcf.c b/coders/xcf.c
+index 083f217ca0..2feef82ff1 100644
+--- coders/xcf.c
++++ coders/xcf.c
+@@ -1445,7 +1445,8 @@ static Image *ReadXCFImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ }
+
+ (void) CloseBlob(image);
+- DestroyImage(RemoveFirstImageFromList(&image));
++ if (GetNextImageInList(image) != (Image *) NULL)
++ DestroyImage(RemoveFirstImageFromList(&image));
+ if (image_type == GIMP_GRAY)
+ image->type=GrayscaleType;
+ return(GetFirstImageInList(image));
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6502
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-6502 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,25 @@
+From 126c7c98ea788241922c30df4a5633ea692cf8df Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Sat, 18 Feb 2017 11:24:41 +0100
+Subject: [PATCH] Fixed fd leak for webp coder (patch from #382)
+
+---
+ ChangeLog | 4 ++++
+ coders/webp.c | 1 +
+ 2 files changed, 5 insertions(+)
+
+ 2017-02-18 6.9.7-9 Dirk Lemstra <dirk at lem.....org>
+ * Fixed fd leak for webp coder (reference
+ https://github.com/ImageMagick/ImageMagick/pull/382)
+diff --git a/coders/webp.c b/coders/webp.c
+index 811b3d4336..11703f85af 100644
+--- coders/webp.c
++++ coders/webp.c
+@@ -368,6 +368,7 @@ static Image *ReadWEBPImage(const ImageInfo *image_info,
+ }
+ WebPFreeDecBuffer(webp_image);
+ stream=(unsigned char*) RelinquishMagickMemory(stream);
++ (void) CloseBlob(image);
+ return(image);
+ }
+ #endif
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7275
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7275 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,22 @@
+From d94d85622f120f82240921ae7a83a72afcb79ddf Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Mon, 21 Nov 2016 20:54:14 +0100
+Subject: [PATCH] Lowered max map_length to prevent an overflow (#271).
+
+---
+ coders/rle.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/rle.c b/coders/rle.c
+index 117bde8d51..a14fafa6c1 100644
+--- coders/rle.c
++++ coders/rle.c
+@@ -227,7 +227,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ bits_per_pixel=(size_t) ReadBlobByte(image);
+ number_colormaps=(size_t) ReadBlobByte(image);
+ map_length=(unsigned char) ReadBlobByte(image);
+- if (map_length >= 32)
++ if (map_length >= 22)
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ one=1;
+ map_length=one << map_length;
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7606
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7606 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,23 @@
+From b2b0aa6bb0d110f8560fe2091671a27d78877f22 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Fri, 31 Mar 2017 15:23:42 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415
+
+---
+ coders/rle.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/rle.c b/coders/rle.c
+index 18a3ef5c60..d1ccffd7dc 100644
+--- coders/rle.c
++++ coders/rle.c
+@@ -274,7 +274,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ p=colormap;
+ for (i=0; i < (ssize_t) number_colormaps; i++)
+ for (x=0; x < (ssize_t) map_length; x++)
+- *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image));
++ *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum(
++ ReadBlobLSBShort(image)));
+ }
+ if ((flags & 0x08) != 0)
+ {
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7619
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7619 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,121 @@
+diff --git a/magick/enhance.c b/magick/enhance.c
+index bbcbd85..010fba7 100644
+--- magick/enhance.c
++++ magick/enhance.c
+@@ -3474,11 +3474,7 @@ static inline void ModulateHCL(const double percent_hue,
+ Increase or decrease color luma, chroma, or hue.
+ */
+ ConvertRGBToHCL(*red,*green,*blue,&hue,&chroma,&luma);
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue > 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ chroma*=0.01*percent_chroma;
+ luma*=0.01*percent_luma;
+ ConvertHCLToRGB(hue,chroma,luma,red,green,blue);
+@@ -3497,11 +3493,7 @@ static inline void ModulateHCLp(const double percent_hue,
+ Increase or decrease color luma, chroma, or hue.
+ */
+ ConvertRGBToHCLp(*red,*green,*blue,&hue,&chroma,&luma);
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue > 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ chroma*=0.01*percent_chroma;
+ luma*=0.01*percent_luma;
+ ConvertHCLpToRGB(hue,chroma,luma,red,green,blue);
+@@ -3520,11 +3512,7 @@ static inline void ModulateHSB(const double percent_hue,
+ Increase or decrease color brightness, saturation, or hue.
+ */
+ ConvertRGBToHSB(*red,*green,*blue,&hue,&saturation,&brightness);
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue > 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ saturation*=0.01*percent_saturation;
+ brightness*=0.01*percent_brightness;
+ ConvertHSBToRGB(hue,saturation,brightness,red,green,blue);
+@@ -3543,11 +3531,7 @@ static inline void ModulateHSI(const double percent_hue,
+ Increase or decrease color intensity, saturation, or hue.
+ */
+ ConvertRGBToHSI(*red,*green,*blue,&hue,&saturation,&intensity);
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue > 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ saturation*=0.01*percent_saturation;
+ intensity*=0.01*percent_intensity;
+ ConvertHSIToRGB(hue,saturation,intensity,red,green,blue);
+@@ -3566,11 +3550,7 @@ static inline void ModulateHSL(const double percent_hue,
+ Increase or decrease color lightness, saturation, or hue.
+ */
+ ConvertRGBToHSL(*red,*green,*blue,&hue,&saturation,&lightness);
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue >= 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ saturation*=0.01*percent_saturation;
+ lightness*=0.01*percent_lightness;
+ ConvertHSLToRGB(hue,saturation,lightness,red,green,blue);
+@@ -3589,11 +3569,7 @@ static inline void ModulateHSV(const double percent_hue,
+ Increase or decrease color value, saturation, or hue.
+ */
+ ConvertRGBToHSV(*red,*green,*blue,&hue,&saturation,&value);
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue >= 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ saturation*=0.01*percent_saturation;
+ value*=0.01*percent_value;
+ ConvertHSVToRGB(hue,saturation,value,red,green,blue);
+@@ -3612,11 +3588,7 @@ static inline void ModulateHWB(const double percent_hue,
+ Increase or decrease color blackness, whiteness, or hue.
+ */
+ ConvertRGBToHWB(*red,*green,*blue,&hue,&whiteness,&blackness);
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue >= 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ blackness*=0.01*percent_blackness;
+ whiteness*=0.01*percent_whiteness;
+ ConvertHWBToRGB(hue,whiteness,blackness,red,green,blue);
+@@ -3637,11 +3609,7 @@ static inline void ModulateLCHab(const double percent_luma,
+ ConvertRGBToLCHab(*red,*green,*blue,&luma,&chroma,&hue);
+ luma*=0.01*percent_luma;
+ chroma*=0.01*percent_chroma;
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue >= 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ ConvertLCHabToRGB(luma,chroma,hue,red,green,blue);
+ }
+
+@@ -3660,11 +3628,7 @@ static inline void ModulateLCHuv(const double percent_luma,
+ ConvertRGBToLCHuv(*red,*green,*blue,&luma,&chroma,&hue);
+ luma*=0.01*percent_luma;
+ chroma*=0.01*percent_chroma;
+- hue+=0.5*(0.01*percent_hue-1.0);
+- while (hue < 0.0)
+- hue+=1.0;
+- while (hue >= 1.0)
+- hue-=1.0;
++ hue+=fmod((percent_hue-100.0),200.0)/200.0;
+ ConvertLCHuvToRGB(luma,chroma,hue,red,green,blue);
+ }
+
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7941
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7941 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,89 @@
+From 721dc1305b2bfff92e5ca605dc1a47c61ce90b9f Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Mon, 17 Apr 2017 19:03:46 +0200
+Subject: [PATCH] Fixed memory leak reported in #428.
+
+---
+ coders/sgi.c | 40 +++++++++++++++++++++++++++++++---------
+ 1 file changed, 31 insertions(+), 9 deletions(-)
+
+diff --git a/coders/sgi.c b/coders/sgi.c
+index 57932e8713..82f511415d 100644
+--- coders/sgi.c
++++ coders/sgi.c
+@@ -403,7 +403,10 @@ static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ scanline=(unsigned char *) AcquireQuantumMemory(iris_info.columns,
+ bytes_per_pixel*sizeof(*scanline));
+ if (scanline == (unsigned char *) NULL)
+- ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++ {
++ pixel_info=RelinquishVirtualMemory(pixel_info);
++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++ }
+ for (z=0; z < (ssize_t) iris_info.depth; z++)
+ {
+ p=pixels+bytes_per_pixel*z;
+@@ -460,12 +463,11 @@ static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ (runlength == (size_t *) NULL) ||
+ (packet_info == (MemoryInfo *) NULL))
+ {
+- if (offsets == (ssize_t *) NULL)
+- offsets=(ssize_t *) RelinquishMagickMemory(offsets);
+- if (runlength == (size_t *) NULL)
+- runlength=(size_t *) RelinquishMagickMemory(runlength);
+- if (packet_info == (MemoryInfo *) NULL)
++ offsets=(ssize_t *) RelinquishMagickMemory(offsets);
++ runlength=(size_t *) RelinquishMagickMemory(runlength);
++ if (packet_info != (MemoryInfo *) NULL)
+ packet_info=RelinquishVirtualMemory(packet_info);
++ pixel_info=RelinquishVirtualMemory(pixel_info);
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ }
+ packets=(unsigned char *) GetVirtualMemoryBlob(packet_info);
+@@ -475,7 +477,13 @@ static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
+ runlength[i]=ReadBlobMSBLong(image);
+ if (runlength[i] > (4*(size_t) iris_info.columns+10))
+- ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++ {
++ offsets=(ssize_t *) RelinquishMagickMemory(offsets);
++ runlength=(size_t *) RelinquishMagickMemory(runlength);
++ packet_info=RelinquishVirtualMemory(packet_info);
++ pixel_info=RelinquishVirtualMemory(pixel_info);
++ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++ }
+ }
+ /*
+ Check data order.
+@@ -512,7 +520,14 @@ static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ (runlength[y+z*iris_info.rows]/bytes_per_pixel),packets,
+ (ssize_t) iris_info.columns,p+bytes_per_pixel*z);
+ if (status == MagickFalse)
+- ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++ {
++ offsets=(ssize_t *) RelinquishMagickMemory(offsets);
++ runlength=(size_t *) RelinquishMagickMemory(runlength);
++ packet_info=RelinquishVirtualMemory(packet_info);
++ pixel_info=RelinquishVirtualMemory(pixel_info);
++ ThrowReaderException(CorruptImageError,
++ "ImproperImageHeader");
++ }
+ p+=(iris_info.columns*4*bytes_per_pixel);
+ }
+ }
+@@ -543,7 +558,14 @@ static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ (runlength[y+z*iris_info.rows]/bytes_per_pixel),packets,
+ (ssize_t) iris_info.columns,p+bytes_per_pixel*z);
+ if (status == MagickFalse)
+- ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++ {
++ offsets=(ssize_t *) RelinquishMagickMemory(offsets);
++ runlength=(size_t *) RelinquishMagickMemory(runlength);
++ packet_info=RelinquishVirtualMemory(packet_info);
++ pixel_info=RelinquishVirtualMemory(pixel_info);
++ ThrowReaderException(CorruptImageError,
++ "ImproperImageHeader");
++ }
+ }
+ p+=(iris_info.columns*4*bytes_per_pixel);
+ }
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7942
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7942 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,25 @@
+From fd84a5e8028778fd88772775361a2ee2b4bb6c47 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Mon, 17 Apr 2017 18:52:51 +0200
+Subject: [PATCH] Fixed memory leak reported in #429
+
+---
+ coders/avs.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/coders/avs.c b/coders/avs.c
+index a368732ff7..50cf05f18a 100644
+--- coders/avs.c
++++ coders/avs.c
+@@ -178,7 +178,10 @@ static Image *ReadAVSImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
+ count=ReadBlob(image,length,pixels);
+ if (count != length)
+- ThrowReaderException(CorruptImageError,"UnableToReadImageData");
++ {
++ pixel_info=RelinquishVirtualMemory(pixel_info);
++ ThrowReaderException(CorruptImageError,"UnableToReadImageData");
++ }
+ p=pixels;
+ q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
+ if (q == (PixelPacket *) NULL)
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7943
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-7943 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,22 @@
+From 2e3410d0a07c3e30a42c9626c00e180870907a6b Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk at git.imagemagick.org>
+Date: Mon, 17 Apr 2017 18:08:02 +0200
+Subject: [PATCH] Fixed leak reported in: #427.
+
+---
+ coders/svg.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/coders/svg.c b/coders/svg.c
+index bfa60db3d7..5c74114d62 100644
+--- coders/svg.c
++++ coders/svg.c
+@@ -3265,6 +3265,8 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ image->rows=svg_info->height;
+ if (exception->severity >= ErrorException)
+ {
++ svg_info=DestroySVGInfo(svg_info);
++ (void) RelinquishUniqueFileResource(filename);
+ image=DestroyImage(image);
+ return((Image *) NULL);
+ }
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8343
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8343 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,25 @@
+From c52b177e0cb11c896b8cc9525a3184c5c0f322c3 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Wed, 26 Apr 2017 16:21:23 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/444
+
+---
+ coders/aai.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/coders/aai.c b/coders/aai.c
+index 5384064154..d3e5b69460 100644
+--- coders/aai.c
++++ coders/aai.c
+@@ -173,7 +173,10 @@ static Image *ReadAAIImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
+ count=ReadBlob(image,length,pixels);
+ if ((size_t) count != length)
+- ThrowReaderException(CorruptImageError,"UnableToReadImageData");
++ {
++ pixels=(unsigned char *) RelinquishMagickMemory(pixels);
++ ThrowReaderException(CorruptImageError,"UnableToReadImageData");
++ }
+ p=pixels;
+ q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
+ if (q == (PixelPacket *) NULL)
Added: branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8344
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/graphics/ImageMagick/files/patch-CVE-2017-8344 Wed May 31 09:00:30 2017 (r442142)
@@ -0,0 +1,144 @@
+From 4c6289b2f39a47a430ce27b61d3e3967201e77e8 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior at imagemagick.org>
+Date: Wed, 26 Apr 2017 16:58:26 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/446
+
+---
+ coders/pcx.c | 42 ++++++++++++++++++++++++------------------
+ 1 file changed, 24 insertions(+), 18 deletions(-)
+
+--- coders/pcx.c.orig 2016-11-08 13:30:03.000000000 +0100
++++ coders/pcx.c 2017-05-29 14:14:11.583378000 +0200
+@@ -203,11 +203,15 @@ static MagickBooleanType IsPCX(const unsigned char *ma
+ static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
+ #define ThrowPCXException(severity,tag) \
+- { \
++{ \
++ if (scanline != (unsigned char *) NULL) \
+ scanline=(unsigned char *) RelinquishMagickMemory(scanline); \
++ if (pixel_info != (MemoryInfo *) NULL) \
+ pixel_info=RelinquishVirtualMemory(pixel_info); \
+- ThrowReaderException(severity,tag); \
+- }
++ if (page_table != (MagickOffsetType *) NULL) \
++ page_table=(MagickOffsetType *) RelinquishMagickMemory(page_table); \
++ ThrowReaderException(severity,tag); \
++}
+
+ Image
+ *image;
+@@ -281,6 +285,8 @@ static Image *ReadPCXImage(const ImageInfo *image_info
+ Determine if this a PCX file.
+ */
+ page_table=(MagickOffsetType *) NULL;
++ scanline=(unsigned char *) NULL;
++ pixel_info=(MemoryInfo *) NULL;
+ if (LocaleCompare(image_info->magick,"DCX") == 0)
+ {
+ size_t
+@@ -291,11 +297,11 @@ static Image *ReadPCXImage(const ImageInfo *image_info
+ */
+ magic=ReadBlobLSBLong(image);
+ if (magic != 987654321)
+- ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++ ThrowPCXException(CorruptImageError,"ImproperImageHeader");
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list