- removed obsolete elegates-safer,disable-mvg-ext,disable-tmp-magick-prefix,image-sanity-check,CVE-2016-5118 patches
- psd coder module is marked as broken, available only with enabled "broken" bcond
+++ /dev/null
-http://www.openwall.com/lists/oss-security/2016/05/29/7
-
-Date: Sun, 29 May 2016 15:03:10 -0500 (CDT)
-From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
-To: oss security list <oss-security@...ts.openwall.com>
-Subject: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability
- via filename
-
-All existing releases of GraphicsMagick and ImageMagick support a file
-open syntax where if the first character of the file specification is
-a '|', then the remainder of the filename is passed to the shell for
-execution using the POSIX popen(3C) function. File opening is handled
-by an OpenBlob() function in the source file blob.c. Unlike the
-vulnerability described by CVE-2016-3714, this functionality is
-supported by the core file opening function rather than a delegates
-subsystem usually used to execute external programs.
-
-The funtionality can be demonstrated as follows:
-
- % rm -f hello.txt
- % convert '|echo Hello > hello.txt;' null:
- % ls hello.txt
- hello.txt
-
-The same weakness in the native SVG readers may be used to provoke
-this problem. This example returns a valid image given a known file
-(but an actual file is not necessary):
-
- <?xml version="1.0" standalone="no"?>
- <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
- "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
- <svg width="4in" height="3in" version="1.1"
- xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
- <desc>Illustrates how a shell command may be embedded in a SVG.
- </desc>
- <image x="200" y="200" width="100px" height="100px"
- xlink:href="|echo Hello > hello.txt; cat /usr/lib/firefox/browser/icons/mozicon128.png">
- <title>My image</title>
- </image>
- </svg>
-
-Or in MVG:
-
- push graphic-context
- viewbox 0 0 640 480
- image copy 200,200 100,100 "|echo Hello > hello.txt; cat /usr/lib/firefox/browser/icons/mozicon128.png"
- pop graphic-context
-
-Previously supplied recommended patches for GraphicsMagick do
-successfully block this attack vector in SVG and MVG.
-
-It is highly likely that there are many paths leading to a suitable
-filename which may be executed outside of SVG and MVG since the
-software is quite complex and powerful. The examples above are not
-meant to suggest that other avenues to the same weakness are not
-available.
-
-The simple solution to the problem is to disable the popen support
-(HAVE_POPEN) in GraphicsMagick's magick/blob.c as is done by the
-attached patch.
-
-This issue was discovered by Bob Friesenhahn, of the GraphicsMagick
-project.
-
-Bob
---
-Bob Friesenhahn
-bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
-GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
-diff -r 33200fc645f6 magick/blob.c
---- a/magick/blob.c Sat Nov 07 14:49:16 2015 -0600
-+++ b/magick/blob.c Sun May 29 14:12:57 2016 -0500
-@@ -68,6 +68,7 @@
- */
- #define DefaultBlobQuantum 65541
-
-+#undef HAVE_POPEN
-
- /*
- Enum declarations.
#
# Conditional build:
-%bcond_without fpx # without FlashPIX module (which uses fpx library)
-%bcond_with gs # with PostScript support through ghostscript library (warning: breaks jpeg!)
-%bcond_without jasper # without JPEG2000 module (which uses jasper library)
-%bcond_without cxx # without Magick++ library
+%bcond_with broken # broken/dangerous coders (currently PSD)
+%bcond_without fpx # FlashPIX module (which uses fpx library)
+%bcond_with gs # PostScript support through ghostscript library (warning: breaks jpeg!)
+%bcond_without jasper # JPEG2000 module (which uses jasper library)
+%bcond_without cxx # Magick++ library
%bcond_without openmp # OpenMP support
%define pdir Graphics
Summary(tr.UTF-8): X altında resim gösterme, çevirme ve değişiklik yapma
Summary(uk.UTF-8): Перегляд, конвертування та обробка зображень під X Window
Name: GraphicsMagick
-Version: 1.3.23
-Release: 3
+Version: 1.3.25
+Release: 1
License: MIT
Group: X11/Applications/Graphics
Source0: http://downloads.sourceforge.net/graphicsmagick/%{name}-%{version}.tar.xz
-# Source0-md5: 9885ff5d91bc215a0adb3be1185e9777
+# Source0-md5: 6eed966b22588fb068442319a8aa17f6
Patch0: %{name}-link.patch
Patch1: %{name}-ldflags.patch
-# https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
-Patch2: elegates-safer.patch
-Patch3: disable-mvg-ext.patch
-Patch4: disable-tmp-magick-prefix.patch
-Patch5: image-sanity-check.patch
-Patch6: CVE-2016-5118.patch
URL: http://www.graphicsmagick.org/
BuildRequires: autoconf >= 2.69
BuildRequires: automake >= 1:1.11
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
find PerlMagick scripts www -type f -exec perl -pi -e 's=!%{_prefix}/local/bin/perl=!%{__perl}=' {} \;
%{__autoconf}
%{__automake}
%configure \
+ %{?with_broken:--enable-broken-coders} \
--enable-fast-install \
--enable-shared \
%{!?with_openmp:--disable-openmp} \
%{modulesdir}/coders/pnm.la
%attr(755,root,root) %{modulesdir}/coders/preview.so
%{modulesdir}/coders/preview.la
+%if %{with broken}
%attr(755,root,root) %{modulesdir}/coders/psd.so
%{modulesdir}/coders/psd.la
+%endif
%attr(755,root,root) %{modulesdir}/coders/ps.so
%{modulesdir}/coders/ps.la
%attr(755,root,root) %{modulesdir}/coders/pwp.so
+++ /dev/null
-diff -r 33200fc645f6 coders/mvg.c\r
---- a/coders/mvg.c Sat Nov 07 14:49:16 2015 -0600\r
-+++ b/coders/mvg.c Sat May 07 20:11:54 2016 -0500\r
-@@ -234,6 +234,7 @@\r
- entry->seekable_stream=True;\r
- entry->description="Magick Vector Graphics";\r
- entry->module="MVG";\r
-+ entry->extension_treatment=IgnoreExtensionTreatment;\r
- (void) RegisterMagickInfo(entry);\r
- }\r
- \f\r
+++ /dev/null
-diff -r 33200fc645f6 magick/image.c\r
---- a/magick/image.c Sat Nov 07 14:49:16 2015 -0600\r
-+++ b/magick/image.c Sat May 07 20:12:57 2016 -0500\r
-@@ -2780,9 +2780,6 @@\r
- (void) strlcpy(image_info->magick,magic,MaxTextExtent);\r
- if (LocaleCompare(magic,"TMP") != 0)\r
- image_info->affirm=MagickTrue;\r
-- else\r
-- /* input file will be automatically removed */\r
-- image_info->temporary=MagickTrue;\r
- }\r
- }\r
- }\r
+++ /dev/null
-diff -r 33200fc645f6 config/delegates.mgk.in\r
---- a/config/delegates.mgk.in Sat Nov 07 14:49:16 2015 -0600\r
-+++ b/config/delegates.mgk.in Sun May 08 18:23:04 2016 -0500\r
-@@ -78,28 +78,27 @@\r
- <delegate decode="dvi" command='"@DVIDecodeDelegate@" -q -o "%o" "%i"' />\r
- <delegate decode="edit" stealth="True" command='"@EditorDelegate@" -title "Edit Image Comment" -e vi "%o"' />\r
- <delegate decode="emf" command='"@WMFDecodeDelegate@" -o "%o" "%i"' />\r
-- <delegate decode="eps" encode="pdf" mode="bi" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-- <delegate decode="eps" encode="ps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-+ <delegate decode="eps" encode="pdf" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-+ <delegate decode="eps" encode="ps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
- <delegate decode="fig" command='"@FIGDecodeDelegate@" -L ps "%i" "%o"' />\r
-- <delegate decode="gplt" command='"@EchoDelegate@" "set size 1.25,0.62; set terminal postscript portrait color solid; set output \"%o\"; load \"%i\"" > "%u"; "@GnuplotDecodeDelegate@" "%u"' />\r
- \r
- <!-- Read monochrome Postscript, EPS, and PDF -->\r
-- <delegate decode="gs-mono" stealth="True" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSMonoDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
-+ <delegate decode="gs-mono" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSMonoDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
- \r
- <!-- Read grayscale Postscript, EPS, and PDF -->\r
-- <delegate decode="gs-gray" stealth="True" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSGrayDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
-+ <delegate decode="gs-gray" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSGrayDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
- \r
- <!-- Read colormapped Postscript, EPS, and PDF -->\r
-- <delegate decode="gs-palette" stealth="True" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPaletteDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
-+ <delegate decode="gs-palette" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPaletteDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
- \r
- <!-- Read color Postscript, EPS, and PDF -->\r
-- <delegate decode="gs-color" stealth="True" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
-+ <delegate decode="gs-color" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
- \r
- <!-- Read color+alpha Postscript, EPS, and PDF -->\r
-- <delegate decode="gs-color+alpha" stealth="True" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorAlphaDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
-+ <delegate decode="gs-color+alpha" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSColorAlphaDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
- \r
- <!-- Read CMYK Postscript, EPS, and PDF -->\r
-- <delegate decode="gs-cmyk" stealth="True" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSCMYKDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
-+ <delegate decode="gs-cmyk" stealth="True" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSCMYKDevice@ -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />\r
- \r
- <delegate decode="hpg" command='"@HPGLDecodeDelegate@" -q -m eps -f `basename "%o"` "%i" && mv -f `basename "%o"` "%o"' />\r
- <delegate decode="hpgl" command='"@HPGLDecodeDelegate@" -q -m eps -f `basename "%o"` "%i" && mv -f `basename "%o"` "%o"' />\r
-@@ -108,16 +107,14 @@\r
- <!-- Read HTML file -->\r
- <delegate decode="html" command='"@HTMLDecodeDelegate@" -U -o "%o" "%i"' />\r
- <delegate decode="ilbm" command='"@ILBMDecodeDelegate@" "%i" > "%o"' />\r
-- <!-- Read UNIX manual page -->\r
-- <delegate decode="man" command='"@MANDelegate@" -man -Tps "%i" > "%o"' />\r
- <!-- Read MPEG file using mpeg2decode -->\r
- <delegate decode="mpeg" command='"@MPEGDecodeDelegate@" -q -b "%i" -f -o3 "%u%%05d"; @GMDelegate@ convert -temporary "%u*.ppm" "miff:%o" ; rm -f "%u"*.ppm ' />\r
- <!-- Write MPEG file using mpeg2encode -->\r
- <delegate encode="mpeg-encode" stealth="True" command='"@MPEGEncodeDelegate@" "%i" "%o"' />\r
- <!-- Convert PDF to Encapsulated Poscript using Ghostscript -->\r
-- <delegate decode="pdf" encode="eps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-+ <delegate decode="pdf" encode="eps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
- <!-- Convert PDF to Postcript using Ghostscript -->\r
-- <delegate decode="pdf" encode="ps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-+ <delegate decode="pdf" encode="ps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
- <!-- Convert PNM file to ILBM format using ppmtoilbm -->\r
- <delegate decode="pnm" encode="ilbm" mode="encode" command='"@ILBMEncodeDelegate@" -24if "%i" > "%o"' />\r
- <delegate decode="pnm" encode="launch" mode="encode" command='"@LaunchDelegate@" "%i"' />\r
-@@ -125,8 +122,8 @@\r
- <!-- Read Persistance Of Vision file using povray -->\r
- <delegate decode="pov" command='@POVDelegate@ "+i"%i"" +o"%o" +fn%q +w%w +h%h +a -q9 -kfi"%s" -kff"%n"\r
- "@GMDelegate@" convert -adjoin "%o*.png" "%o"' />\r
-- <delegate decode="ps" encode="eps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-- <delegate decode="ps" encode="pdf" mode="bi" command='"@PSDelegate@" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-+ <delegate decode="ps" encode="eps" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSEPSDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
-+ <delegate decode="ps" encode="pdf" mode="bi" command='"@PSDelegate@" -q -dBATCH -dSAFER -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=@GSPDFDevice@ "-sOutputFile=%o" -- "%i" -c quit' />\r
- <delegate decode="ps" encode="print" mode="encode" command='"@PrintDelegate@" "%i"' />\r
- <!-- Read Radiance file using ra_ppm -->\r
- <delegate decode="rad" command='"@RADDecodeDelegate@" -g 1.0 "%i" "%o"' />\r
-@@ -141,5 +138,5 @@\r
- <delegate decode="txt" encode="ps" mode="bi" command='"@TXTDelegate@" -o "%o" "%i"' />\r
- <!-- Render WMF file using wmf2eps (fallback in case libwmf not available) -->\r
- <delegate decode="wmf" command='"@WMFDecodeDelegate@" -o "%o" "%i"' />\r
-- <delegate encode="show" stealth="True" command='"@GMDelegate@" display -immutable -delay 0 -window_group %g -title "%l of %f" "tmp:%o" &' />\r
-+ <delegate encode="show" stealth="True" command='"@GMDelegate@" display -immutable -delay 0 -window_group %g -title "%l of %f" "%o" &' />\r
- </delegatemap>\r
+++ /dev/null
-diff -r 33200fc645f6 magick/render.c\r
---- a/magick/render.c Sat Nov 07 14:49:16 2015 -0600\r
-+++ b/magick/render.c Sun May 08 18:21:47 2016 -0500\r
-@@ -4096,6 +4096,24 @@\r
- &image->exception);\r
- else\r
- {\r
-+ /*\r
-+ Sanity check URL/path before passing it to ReadImage()\r
-+\r
-+ This is a temporary fix until suitable flags can be passed\r
-+ to keep SetImageInfo() from doing potentially dangerous\r
-+ magick things.\r
-+ */\r
-+#define VALID_PREFIX(str,url) (LocaleNCompare(str,url,sizeof(str)-1) == 0)\r
-+ if (!VALID_PREFIX("http://", primitive_info->text) &&\r
-+ !VALID_PREFIX("https://", primitive_info->text) &&\r
-+ !VALID_PREFIX("ftp://", primitive_info->text) &&\r
-+ !(IsAccessibleNoLogging(primitive_info->text))\r
-+ )\r
-+ {\r
-+ ThrowException(&image->exception,FileOpenError,UnableToOpenFile,primitive_info->text);\r
-+ status=MagickFail;\r
-+ break;\r
-+ }\r
- (void) strlcpy(clone_info->filename,primitive_info->text,\r
- MaxTextExtent);\r
- composite_image=ReadImage(clone_info,&image->exception);\r
projects / packages / GraphicsMagick.git / commitdiff