pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/graphics/GraphicsMagick

Module Name:    pkgsrc
Committed By:   kikadf
Date:           Mon Sep  1 14:55:27 UTC 2025

Modified Files:
        pkgsrc/graphics/GraphicsMagick: Makefile distinfo
Added Files:
        pkgsrc/graphics/GraphicsMagick/patches: patch-coders_jxl.c

Log Message:
graphics/GraphicsMagick: fix CVE-2025-32460

* Patch from upstream after 1.3.45, unreleased


To generate a diff of this commit:
cvs rdiff -u -r1.151 -r1.152 pkgsrc/graphics/GraphicsMagick/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/graphics/GraphicsMagick/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/graphics/GraphicsMagick/patches/patch-coders_jxl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/graphics/GraphicsMagick/Makefile
diff -u pkgsrc/graphics/GraphicsMagick/Makefile:1.151 pkgsrc/graphics/GraphicsMagick/Makefile:1.152
--- pkgsrc/graphics/GraphicsMagick/Makefile:1.151       Sat Aug 30 22:45:13 2025
+++ pkgsrc/graphics/GraphicsMagick/Makefile     Mon Sep  1 14:55:27 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.151 2025/08/30 22:45:13 wiz Exp $
+# $NetBSD: Makefile,v 1.152 2025/09/01 14:55:27 kikadf Exp $
 
-PKGREVISION=   13
+PKGREVISION=   14
 .include "Makefile.common"
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost

Index: pkgsrc/graphics/GraphicsMagick/distinfo
diff -u pkgsrc/graphics/GraphicsMagick/distinfo:1.59 pkgsrc/graphics/GraphicsMagick/distinfo:1.60
--- pkgsrc/graphics/GraphicsMagick/distinfo:1.59        Wed Nov 15 13:20:53 2023
+++ pkgsrc/graphics/GraphicsMagick/distinfo     Mon Sep  1 14:55:27 2025
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.59 2023/11/15 13:20:53 adam Exp $
+$NetBSD: distinfo,v 1.60 2025/09/01 14:55:27 kikadf Exp $
 
 BLAKE2s (GraphicsMagick-1.3.42.tar.xz) = 0a0fbc4559bc93c98d329819b0cf87611f8e6cc38a02865cbea454df24bb1e0a
 SHA512 (GraphicsMagick-1.3.42.tar.xz) = b512c9c4c06ec60f7d31e140da08f2bc16d492a2dab82778f1b38c074a25340159e59bfbaa30b2997a6fbd10a500ae1bda527e3c3854e4462bcae837e818428a
 Size (GraphicsMagick-1.3.42.tar.xz) = 5553692 bytes
+SHA1 (patch-coders_jxl.c) = fe72e6a52839a55f6f8c56ade0e439f4631d8ef9
 SHA1 (patch-config_delegates.mgk.in) = c52192a35bede530d310688a576ef2181a9f073c
 SHA1 (patch-configure) = 327dcb718ebaf65f2d2c97440c1cc7fdb9e03482

Added files:

Index: pkgsrc/graphics/GraphicsMagick/patches/patch-coders_jxl.c
diff -u /dev/null pkgsrc/graphics/GraphicsMagick/patches/patch-coders_jxl.c:1.1
--- /dev/null   Mon Sep  1 14:55:28 2025
+++ pkgsrc/graphics/GraphicsMagick/patches/patch-coders_jxl.c   Mon Sep  1 14:55:27 2025
@@ -0,0 +1,50 @@
+$NetBSD: patch-coders_jxl.c,v 1.1 2025/09/01 14:55:27 kikadf Exp $
+
+* Fix CVE-2025-32460, https://sourceforge.net/p/graphicsmagick/code/ci/8e56520435df50f618a03f2721a39a70a515f1cb/
+  Patch from upstream after 1.3.45, unreleased
+
+
+--- coders/jxl.c.orig  2023-08-12 17:29:53.000000000 +0200
++++ coders/jxl.c
+@@ -596,7 +596,7 @@ static Image *ReadJXLImage(const ImageIn
+                       ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+                   }
+                 grayscale=MagickTrue;
+-                pixel_format.num_channels=1;
++                pixel_format.num_channels=image->matte ? 2 : 1;
+                 pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
+                                   (basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
+                                    JXL_TYPE_FLOAT));
+@@ -773,10 +773,32 @@ static Image *ReadJXLImage(const ImageIn
+             size_t
+               out_len;
+ 
++            if (image->logging)
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                                    "JxlPixelFormat:\n"
++                                    "    num_channels: %u\n"
++                                    "    data_type: %s\n"
++                                    "    endianness: %s\n"
++                                    "    align: %" MAGICK_SIZE_T_F "u",
++                                    pixel_format.num_channels,
++                                    pixel_format.data_type == JXL_TYPE_FLOAT ? "float" :
++                                    (pixel_format.data_type == JXL_TYPE_UINT8 ? "uint8" :
++                                     (pixel_format.data_type == JXL_TYPE_UINT16 ? "uint16" :
++                                      (pixel_format.data_type == JXL_TYPE_FLOAT16 ? "float16" :
++                                       "unknown"))) ,
++                                    pixel_format.endianness == JXL_NATIVE_ENDIAN ? "native" :
++                                    (pixel_format.endianness == JXL_LITTLE_ENDIAN ? "little" :
++                                     (pixel_format.endianness == JXL_BIG_ENDIAN ? "big" : "unknown")),
++                                    pixel_format.align);
++
+             status=JxlDecoderImageOutBufferSize(jxl_decoder,&pixel_format,&out_len);
+             if (status != JXL_DEC_SUCCESS)
+               break;
+ 
++            if (image->logging)
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                                    "JxlDecoderImageOutBufferSize() returns %" MAGICK_SIZE_T_F "u",
++                                    (MAGICK_SIZE_T) out_len);
+             out_buf=MagickAllocateResourceLimitedArray(unsigned char *,out_len,sizeof(*out_buf));
+             if (out_buf == (unsigned char *) NULL)
+               ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
Home | Main Index | Thread Index | Old Index