From unknown Mon Jun 23 13:08:53 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#28397 <28397@debbugs.gnu.org> To: bug#28397 <28397@debbugs.gnu.org> Subject: Status: [PATCH] gnu: graphicsmagick: Fix CVE-2017-14042. Reply-To: bug#28397 <28397@debbugs.gnu.org> Date: Mon, 23 Jun 2025 20:08:53 +0000 retitle 28397 [PATCH] gnu: graphicsmagick: Fix CVE-2017-14042. reassign 28397 guix-patches submitter 28397 Kei Kebreau severity 28397 normal tag 28397 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 09 09:43:54 2017 Received: (at submit) by debbugs.gnu.org; 9 Sep 2017 13:43:54 +0000 Received: from localhost ([127.0.0.1]:56983 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dqg38-0005gh-Ek for submit@debbugs.gnu.org; Sat, 09 Sep 2017 09:43:54 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33014) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dqg34-0005gT-R4 for submit@debbugs.gnu.org; Sat, 09 Sep 2017 09:43:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dqg2y-0007kt-CQ for submit@debbugs.gnu.org; Sat, 09 Sep 2017 09:43:45 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:43379) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dqg2y-0007ke-8q for submit@debbugs.gnu.org; Sat, 09 Sep 2017 09:43:44 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52218) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dqg2w-00041L-NJ for guix-patches@gnu.org; Sat, 09 Sep 2017 09:43:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dqg2r-0007hS-PU for guix-patches@gnu.org; Sat, 09 Sep 2017 09:43:42 -0400 Received: from mout02.posteo.de ([185.67.36.66]:54140) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dqg2r-0007hE-FD for guix-patches@gnu.org; Sat, 09 Sep 2017 09:43:37 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id B863820467 for ; Sat, 9 Sep 2017 15:43:33 +0200 (CEST) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3xqFl86XqXz10HD; Sat, 9 Sep 2017 15:43:31 +0200 (CEST) From: Kei Kebreau To: guix-patches@gnu.org Subject: [PATCH] gnu: graphicsmagick: Fix CVE-2017-14042. Date: Sat, 9 Sep 2017 09:43:08 -0400 Message-Id: <20170909134308.29996-1-kkebreau@posteo.net> X-Mailer: git-send-email 2.14.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit Cc: Kei Kebreau X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- .../patches/graphicsmagick-CVE-2017-14042.patch | 80 ++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch diff --git a/gnu/local.mk b/gnu/local.mk index 1ac9d5efe..c88b51378 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -678,6 +678,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 57ac7fda9..632be7034 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -182,7 +182,8 @@ script.") "graphicsmagick-CVE-2017-12936.patch" "graphicsmagick-CVE-2017-12937.patch" "graphicsmagick-CVE-2017-13775.patch" - "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch")))) + "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch" + "graphicsmagick-CVE-2017-14042.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch new file mode 100644 index 000000000..755e188c5 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch @@ -0,0 +1,80 @@ +http://openwall.com/lists/oss-security/2017/08/28/5 +http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn +# Date 1503268616 18000 +# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072 +# Parent 83a5b946180835f260bcb91e3d06327a8e2577e3 +PNM: For binary formats, verify sufficient backing file data before memory request. + +diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c +--- a/coders/pnm.c Sun Aug 20 17:31:35 2017 -0500 ++++ b/coders/pnm.c Sun Aug 20 17:36:56 2017 -0500 +@@ -569,7 +569,7 @@ + (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u", + image->colors); + } +- number_pixels=image->columns*image->rows; ++ number_pixels=MagickArraySize(image->columns,image->rows); + if (number_pixels == 0) + ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image); + if (image->storage_class == PseudoClass) +@@ -858,14 +858,14 @@ + if (1 == bits_per_sample) + { + /* PBM */ +- bytes_per_row=((image->columns+7) >> 3); ++ bytes_per_row=((image->columns+7U) >> 3); + import_options.grayscale_miniswhite=MagickTrue; + quantum_type=GrayQuantum; + } + else + { + /* PGM & XV_332 */ +- bytes_per_row=((bits_per_sample+7)/8)*image->columns; ++ bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns); + if (XV_332_Format == format) + { + quantum_type=IndexQuantum; +@@ -878,7 +878,8 @@ + } + else + { +- bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns; ++ bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel), ++ image->columns); + if (3 == samples_per_pixel) + { + /* PPM */ +@@ -915,6 +916,28 @@ + is_monochrome=MagickFalse; + } + } ++ ++ /* Validate file size before allocating memory */ ++ if (BlobIsSeekable(image)) ++ { ++ const magick_off_t file_size = GetBlobSize(image); ++ const magick_off_t current_offset = TellBlob(image); ++ if ((file_size > 0) && ++ (current_offset > 0) && ++ (file_size > current_offset)) ++ { ++ const magick_off_t remaining = file_size-current_offset; ++ const magick_off_t needed = (magick_off_t) image->rows * ++ (magick_off_t) bytes_per_row; ++ if ((remaining < (magick_off_t) bytes_per_row) || ++ (remaining < needed)) ++ { ++ ThrowException(exception,CorruptImageError,UnexpectedEndOfFile, ++ image->filename); ++ break; ++ } ++ } ++ } + + scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1); + if (scanline_set == (ThreadViewDataSet *) NULL) -- 2.14.1 From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 10 09:29:33 2017 Received: (at 28397) by debbugs.gnu.org; 10 Sep 2017 13:29:33 +0000 Received: from localhost ([127.0.0.1]:58595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dr2In-0007Ix-2P for submit@debbugs.gnu.org; Sun, 10 Sep 2017 09:29:33 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42239) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dr2Ik-0007Ii-0t for 28397@debbugs.gnu.org; Sun, 10 Sep 2017 09:29:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dr2Ib-0007zN-1u for 28397@debbugs.gnu.org; Sun, 10 Sep 2017 09:29:24 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:60933) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dr2Ia-0007zB-VB; Sun, 10 Sep 2017 09:29:21 -0400 Received: from [2a01:e0a:1d:7270:6a6c:dc17:fc02:cfda] (port=35380 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dr2Ia-0003Ka-Dy; Sun, 10 Sep 2017 09:29:20 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Kei Kebreau Subject: Re: [bug#28397] [PATCH] gnu: graphicsmagick: Fix CVE-2017-14042. References: <20170909134308.29996-1-kkebreau@posteo.net> Date: Sun, 10 Sep 2017 15:29:18 +0200 In-Reply-To: <20170909134308.29996-1-kkebreau@posteo.net> (Kei Kebreau's message of "Sat, 9 Sep 2017 09:43:08 -0400") Message-ID: <87377u7kcx.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28397 Cc: 28397@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Kei Kebreau skribis: > * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. > * gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch: New files. > * gnu/local.mk (dist_patch_DATA): Register them. LGTM, thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 10 09:47:09 2017 Received: (at 28397-done) by debbugs.gnu.org; 10 Sep 2017 13:47:09 +0000 Received: from localhost ([127.0.0.1]:58608 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dr2Zo-0007iN-TL for submit@debbugs.gnu.org; Sun, 10 Sep 2017 09:47:09 -0400 Received: from mout02.posteo.de ([185.67.36.66]:46274) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dr2Zl-0007hs-D0 for 28397-done@debbugs.gnu.org; Sun, 10 Sep 2017 09:47:07 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id B5B85209CE for <28397-done@debbugs.gnu.org>; Sun, 10 Sep 2017 15:46:59 +0200 (CEST) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3xqsmf30c7zyxS; Sun, 10 Sep 2017 15:46:57 +0200 (CEST) From: Kei Kebreau To: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [bug#28397] [PATCH] gnu: graphicsmagick: Fix CVE-2017-14042. References: <20170909134308.29996-1-kkebreau@posteo.net> <87377u7kcx.fsf@gnu.org> Date: Sun, 10 Sep 2017 09:46:33 -0400 In-Reply-To: <87377u7kcx.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 10 Sep 2017 15:29:18 +0200") Message-ID: <87poayd5ty.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -5.1 (-----) X-Debbugs-Envelope-To: 28397-done Cc: 28397-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Kei Kebreau skribis: > >> * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. >> * gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch: New files. >> * gnu/local.mk (dist_patch_DATA): Register them. > > LGTM, thank you! > > Ludo=E2=80=99. Pushed to master as 2cc752c0b0ab801509574d601c1024b73aed0dab. Thanks for reviewing! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlm1QjkACgkQ5qXuPBlG eg1hbw//WrVwYtYymN3JPMcOj9TZuUYMKksTtqH5LK61Atq7nmflUFAP/9VCq8Fl OT0uU14apgNlFRj9MlPnp8wPGK7q7akD96yuNvx0fkQG4c0Pv44hGzE5QxB5Y6Ty GiGmIC0tjuteiIrb4LjAOHe3Ty9jVe1OZaWT5AcOdECPIKGkdrDCHbTTKjSCaUev p+wNAVFaatxeUplHXMVbQDim/nRD5qLAW3YVx6IaLngzYcHbuqmYmgZIW3Ok2VN6 YBwemggighn6qpqUB+82Z7SnhBFYufRw6UQ3GAsNew8yrLLuMOIFkx6tKfwnTbbu G2sIBQsVXkBND3kRWi8jIwBEV6UKp47Usht/NGAU/AMdc73XsM/ulCz0Hidcz1ye go2uWWR+Yj2O/X17GBG22fYBIJWtrUQIL1VSbOF8A0n3QpGRFP3hCK9RsHYGSN1v sh69ANAV82LzxvzWTiIAT3d/MEe9iLGNBSpZVsu//YqcY/VHrTjbvrq/7jN5Eo1U bUoj1d4UCUIxdYgcr4X3FW9KE2IfpaYHAfPHbNdd37iT9I+f5SjdyTrrpBLzA6OE wvlvVqhydZfj1bAuW8T9TwOhi8tFlRZZVTFYNiXJhgi9nRNu70ilSMXsNlTcO17T +GUYKMz/CV+htaQaFPHK4qVepidf2pG9JtCDWuqCqsSfwB7jHn0= =nXw/ -----END PGP SIGNATURE----- --=-=-=-- From unknown Mon Jun 23 13:08:53 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 09 Oct 2017 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator