Hello community, here is the log from the commit of package ImageMagick for openSUSE:Leap:15.2 checked in at 2020-02-10 16:41:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/ImageMagick (Old) and /work/SRC/openSUSE:Leap:15.2/.ImageMagick.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick" Mon Feb 10 16:41:44 2020 rev:55 rq:769231 version:7.0.7.34 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/ImageMagick/ImageMagick.changes 2020-01-15 14:45:17.761202024 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ImageMagick.new.26092/ImageMagick.changes 2020-02-10 16:41:59.419726039 +0100 @@ -1,0 +2,23 @@ +Wed Jan 29 08:26:53 UTC 2020 - [email protected] + +- added patches + bsc#1161194, https://github.com/ImageMagick/ImageMagick/issues/1428 + + ImageMagick-convert-tiff-resize-png.patch + +------------------------------------------------------------------- +Wed Jan 8 10:44:25 UTC 2020 - [email protected] + +- security update +- added patches + CVE-2019-19949 [bsc#1160369] + + ImageMagick-CVE-2019-19949.patch + +------------------------------------------------------------------- +Fri Jan 3 12:55:59 UTC 2020 - [email protected] + +- security update +- added patches + CVE-2019-19948 [bsc#1159861] + + ImageMagick-CVE-2019-19948.patch + +------------------------------------------------------------------- New: ---- ImageMagick-CVE-2019-19948.patch ImageMagick-CVE-2019-19949.patch ImageMagick-convert-tiff-resize-png.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.nRs8rS/_old 2020-02-10 16:42:00.555726840 +0100 +++ /var/tmp/diff_new_pack.nRs8rS/_new 2020-02-10 16:42:00.555726840 +0100 @@ -180,6 +180,12 @@ Patch81: ImageMagick-CVE-2019-16712.patch # CVE-2019-16713 [bsc#1151786] Patch82: ImageMagick-CVE-2019-16713.patch +# CVE-2019-19948 [bsc#1159861] +Patch83: ImageMagick-CVE-2019-19948.patch +# CVE-2019-19949 [bsc#1160369] +Patch84: ImageMagick-CVE-2019-19949.patch +# bsc#1161194, https://github.com/ImageMagick/ImageMagick/issues/1428 +Patch85: ImageMagick-convert-tiff-resize-png.patch BuildRequires: chrpath BuildRequires: dos2unix BuildRequires: fdupes @@ -546,6 +552,9 @@ %patch80 -p1 %patch81 -p1 %patch82 -p1 +%patch83 -p1 +%patch84 -p1 +%patch85 -p1 %build # bsc#1088463 ++++++ ImageMagick-CVE-2019-19948.patch ++++++ diff --git a/coders/sgi.c b/coders/sgi.c index 236bf4cb91..415598122c 100644 --- a/coders/sgi.c +++ b/coders/sgi.c @@ -953,8 +953,6 @@ static MagickBooleanType WriteSGIImage(const ImageInfo *image_info,Image *image, assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename); - if ((image->columns > 65535UL) || (image->rows > 65535UL)) - ThrowWriterException(ImageError,"WidthOrHeightExceedsLimit"); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); @@ -967,6 +965,8 @@ static MagickBooleanType WriteSGIImage(const ImageInfo *image_info,Image *image, /* Initialize SGI raster file header. */ + if ((image->columns > 65535UL) || (image->rows > 65535UL)) + ThrowWriterException(ImageError,"WidthOrHeightExceedsLimit"); (void) TransformImageColorspace(image,sRGBColorspace,exception); (void) memset(&iris_info,0,sizeof(iris_info)); iris_info.magic=0x01DA; ++++++ ImageMagick-CVE-2019-19949.patch ++++++ diff --git a/coders/png.c b/coders/png.c index 84b95c234f..077cc845b1 100644 --- a/coders/png.c +++ b/coders/png.c @@ -8180,8 +8180,11 @@ Magick_png_write_raw_profile(const ImageInfo *image_info,png_struct *ping, unsigned char hex[16]={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; - if (LocaleNCompare((char *) profile_type+1, "ng-chunk-",9) == 0) - return; + if (length > 1) + { + if (LocaleNCompare((char *) profile_type+1, "ng-chunk-",9) == 0) + return; + } if (image_info->verbose) { ++++++ ImageMagick-convert-tiff-resize-png.patch ++++++ diff --git a/coders/png.c b/coders/png.c index c80b4bcdcd..6754a6b9b5 100644 --- a/coders/png.c +++ b/coders/png.c @@ -8757,6 +8757,7 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info, Sometimes we get PseudoClass images whose RGB values don't match the colors in the colormap. This code syncs the RGB values. */ + image->depth=GetImageQuantumDepth(image,MagickFalse); if (image->depth <= 8 && image->taint && image->storage_class == PseudoClass) (void) SyncImage(image,exception);
