* gnu/packages/patches/imagemagick-CVE-2020-27829.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/imagemagick.scm (imagemagick/fixed): Apply patch to existing graft. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 ++- .../patches/imagemagick-CVE-2020-27829.patch | 23 +++++++++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/imagemagick-CVE-2020-27829.patch
diff --git a/gnu/local.mk b/gnu/local.mk index 40956598db..fe70238345 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1220,6 +1220,7 @@ dist_patch_DATA = \ %D%/packages/patches/id3lib-UTF16-writing-bug.patch \ %D%/packages/patches/idris-disable-test.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ + %D%/packages/patches/imagemagick-CVE-2020-27829.patch \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index a3562f2e13..1618a28596 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -143,7 +143,8 @@ text, lines, polygons, ellipses and Bézier curves.") "6.9.12-2.tar.xz")) (sha256 (base32 - "17da5zihz58qm41y61sbvw626m5xfwr2nzszlikrvxyq1j1q7asa")))) + "17da5zihz58qm41y61sbvw626m5xfwr2nzszlikrvxyq1j1q7asa")) + (patches (search-patches "imagemagick-CVE-2020-27829.patch")))) (arguments (substitute-keyword-arguments (package-arguments imagemagick) ((#:phases phases) diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch new file mode 100644 index 0000000000..74debdc98e --- /dev/null +++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch @@ -0,0 +1,23 @@ +From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warr...@imagemagick.org> +Date: Mon, 30 Nov 2020 16:27:26 +0000 +Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by + Hardik Shah) + +--- + coders/tiff.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletion(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index e98f927abd..1eecf17aea 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + extent+=image->columns*sizeof(uint32); + #endif + strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, +- sizeof(*strip_pixels)); ++ 2*sizeof(*strip_pixels)); + if (strip_pixels == (unsigned char *) NULL) + ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); + (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); -- 2.31.0