graphicsmagick: 1.3.32 → 1.3.35

Fixes: CVE-2020-10938
This commit is contained in:
Martin Weinelt 2020-05-05 23:54:05 +02:00 committed by Frederik Rietdijk
parent 8fe050fb78
commit 459bad4be4
2 changed files with 2 additions and 45 deletions

View File

@ -1,42 +0,0 @@
# reduced version of commit f30492f40f78d867b43422215057dd21de4ba447
# from upstream hg repository:
RegisterPNGImage(): Pass correct size value to strlcat().
diff -r 95c4711e8bee -r f30492f40f78 coders/png.c
--- a/coders/png.c Mon Jun 17 07:24:30 2019 -0500
+++ b/coders/png.c Mon Jun 17 18:54:43 2019 -0500
@@ -6427,26 +6427,26 @@
*version='\0';
#if defined(PNG_LIBPNG_VER_STRING)
- (void) strlcat(version,"libpng ",MaxTextExtent);
- (void) strlcat(version,PNG_LIBPNG_VER_STRING,MaxTextExtent);
+ (void) strlcat(version,"libpng ",sizeof(version));
+ (void) strlcat(version,PNG_LIBPNG_VER_STRING,sizeof(version));
#if (PNG_LIBPNG_VER > 10005)
if (LocaleCompare(PNG_LIBPNG_VER_STRING,png_get_header_ver(NULL)) != 0)
{
- (void) strlcat(version,",",MaxTextExtent);
- (void) strlcat(version,png_get_libpng_ver(NULL),MaxTextExtent);
+ (void) strlcat(version,",",sizeof(version));
+ (void) strlcat(version,png_get_libpng_ver(NULL),sizeof(version));
}
#endif
#endif
#if defined(ZLIB_VERSION)
if (*version != '\0')
- (void) strlcat(version,", ",MaxTextExtent);
- (void) strlcat(version,"zlib ",MaxTextExtent);
- (void) strlcat(version,ZLIB_VERSION,MaxTextExtent);
+ (void) strlcat(version,", ",sizeof(version));
+ (void) strlcat(version,"zlib ",sizeof(version));
+ (void) strlcat(version,ZLIB_VERSION,sizeof(version));
if (LocaleCompare(ZLIB_VERSION,zlib_version) != 0)
{
- (void) strlcat(version,",",MaxTextExtent);
- (void) strlcat(version,zlib_version,MaxTextExtent);
+ (void) strlcat(version,",",sizeof(version));
+ (void) strlcat(version,zlib_version,sizeof(version));
}
#endif

View File

@ -4,16 +4,15 @@
stdenv.mkDerivation rec {
pname = "graphicsmagick";
version = "1.3.32";
version = "1.3.35";
src = fetchurl {
url = "mirror://sourceforge/graphicsmagick/GraphicsMagick-${version}.tar.xz";
sha256 = "1qclp9i31idpcbbqswmnq2q11lmv0a7cvdb1y72xcky8sshaahmq";
sha256 = "0l024l4hawm9s3jqrgi2j0lxgm61dqh8sgkj1017ma7y11hqv2hq";
};
patches = [
./disable-popen.patch
./1.3.32-darwin-png-strlcat-fix.patch
];
configureFlags = [