pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
GraphicsMagick: ad patch to fix CVE-2025-32460
Module Name: pkgsrc-wip
Committed By: kikadf <kikadf.01%gmail.com@localhost>
Pushed By: kikadf
Date: Mon Sep 1 16:00:08 2025 +0200
Changeset: 2327f313dd7019d1cbd9e1738a955c57b211f188
Modified Files:
GraphicsMagick/Makefile
GraphicsMagick/Makefile.common
GraphicsMagick/buildlink3.mk
GraphicsMagick/distinfo
Added Files:
GraphicsMagick/patches/patch-coders_jxl.c
Log Message:
GraphicsMagick: ad patch to fix CVE-2025-32460
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=2327f313dd7019d1cbd9e1738a955c57b211f188
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
GraphicsMagick/Makefile | 2 +-
GraphicsMagick/Makefile.common | 4 +--
GraphicsMagick/buildlink3.mk | 2 +-
GraphicsMagick/distinfo | 1 +
GraphicsMagick/patches/patch-coders_jxl.c | 50 +++++++++++++++++++++++++++++++
5 files changed, 55 insertions(+), 4 deletions(-)
diffs:
diff --git a/GraphicsMagick/Makefile b/GraphicsMagick/Makefile
index a7bb2d1345..0edec8f963 100644
--- a/GraphicsMagick/Makefile
+++ b/GraphicsMagick/Makefile
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.151 2025/08/30 22:45:13 wiz Exp $
-PKGREVISION= 13
+PKGREVISION= 14
.include "Makefile.common"
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
diff --git a/GraphicsMagick/Makefile.common b/GraphicsMagick/Makefile.common
index 2c8aa6bdc3..d39dd5f414 100755
--- a/GraphicsMagick/Makefile.common
+++ b/GraphicsMagick/Makefile.common
@@ -12,5 +12,5 @@ MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=graphicsmagick/}
MASTER_SITES+= ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/${GM_MAJOR_VER}/
EXTRACT_SUFX= .tar.xz
-DISTINFO_FILE= ${.CURDIR}/../../graphics/GraphicsMagick/distinfo
-PATCHDIR= ${.CURDIR}/../../graphics/GraphicsMagick/patches
+DISTINFO_FILE= ${.CURDIR}/../../wip/GraphicsMagick/distinfo
+PATCHDIR= ${.CURDIR}/../../wip/GraphicsMagick/patches
diff --git a/GraphicsMagick/buildlink3.mk b/GraphicsMagick/buildlink3.mk
index 35920416a4..0dd6a2c22e 100644
--- a/GraphicsMagick/buildlink3.mk
+++ b/GraphicsMagick/buildlink3.mk
@@ -7,7 +7,7 @@ GRAPHICSMAGICK_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.GraphicsMagick+= GraphicsMagick>=1.3.12nb6
BUILDLINK_ABI_DEPENDS.GraphicsMagick+= GraphicsMagick>=1.3.42nb13
-BUILDLINK_PKGSRCDIR.GraphicsMagick?= ../../graphics/GraphicsMagick
+BUILDLINK_PKGSRCDIR.GraphicsMagick?= ../../wip/GraphicsMagick
pkgbase := GraphicsMagick
.include "../../mk/pkg-build-options.mk"
diff --git a/GraphicsMagick/distinfo b/GraphicsMagick/distinfo
index 6f2180e020..c3d958c313 100644
--- a/GraphicsMagick/distinfo
+++ b/GraphicsMagick/distinfo
@@ -3,5 +3,6 @@ $NetBSD: distinfo,v 1.59 2023/11/15 13:20:53 adam Exp $
BLAKE2s (GraphicsMagick-1.3.42.tar.xz) = 0a0fbc4559bc93c98d329819b0cf87611f8e6cc38a02865cbea454df24bb1e0a
SHA512 (GraphicsMagick-1.3.42.tar.xz) = b512c9c4c06ec60f7d31e140da08f2bc16d492a2dab82778f1b38c074a25340159e59bfbaa30b2997a6fbd10a500ae1bda527e3c3854e4462bcae837e818428a
Size (GraphicsMagick-1.3.42.tar.xz) = 5553692 bytes
+SHA1 (patch-coders_jxl.c) = fe72e6a52839a55f6f8c56ade0e439f4631d8ef9
SHA1 (patch-config_delegates.mgk.in) = c52192a35bede530d310688a576ef2181a9f073c
SHA1 (patch-configure) = 327dcb718ebaf65f2d2c97440c1cc7fdb9e03482
diff --git a/GraphicsMagick/patches/patch-coders_jxl.c b/GraphicsMagick/patches/patch-coders_jxl.c
new file mode 100644
index 0000000000..b1e2055a86
--- /dev/null
+++ b/GraphicsMagick/patches/patch-coders_jxl.c
@@ -0,0 +1,50 @@
+$NetBSD$
+
+* Fix CVE-2025-32460, https://sourceforge.net/p/graphicsmagick/code/ci/8e56520435df50f618a03f2721a39a70a515f1cb/
+ Patch from upstream after 1.3.45, unreleased
+
+
+--- coders/jxl.c.orig 2023-08-12 17:29:53.000000000 +0200
++++ coders/jxl.c
+@@ -596,7 +596,7 @@ static Image *ReadJXLImage(const ImageIn
+ ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+ }
+ grayscale=MagickTrue;
+- pixel_format.num_channels=1;
++ pixel_format.num_channels=image->matte ? 2 : 1;
+ pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
+ (basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
+ JXL_TYPE_FLOAT));
+@@ -773,10 +773,32 @@ static Image *ReadJXLImage(const ImageIn
+ size_t
+ out_len;
+
++ if (image->logging)
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ "JxlPixelFormat:\n"
++ " num_channels: %u\n"
++ " data_type: %s\n"
++ " endianness: %s\n"
++ " align: %" MAGICK_SIZE_T_F "u",
++ pixel_format.num_channels,
++ pixel_format.data_type == JXL_TYPE_FLOAT ? "float" :
++ (pixel_format.data_type == JXL_TYPE_UINT8 ? "uint8" :
++ (pixel_format.data_type == JXL_TYPE_UINT16 ? "uint16" :
++ (pixel_format.data_type == JXL_TYPE_FLOAT16 ? "float16" :
++ "unknown"))) ,
++ pixel_format.endianness == JXL_NATIVE_ENDIAN ? "native" :
++ (pixel_format.endianness == JXL_LITTLE_ENDIAN ? "little" :
++ (pixel_format.endianness == JXL_BIG_ENDIAN ? "big" : "unknown")),
++ pixel_format.align);
++
+ status=JxlDecoderImageOutBufferSize(jxl_decoder,&pixel_format,&out_len);
+ if (status != JXL_DEC_SUCCESS)
+ break;
+
++ if (image->logging)
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ "JxlDecoderImageOutBufferSize() returns %" MAGICK_SIZE_T_F "u",
++ (MAGICK_SIZE_T) out_len);
+ out_buf=MagickAllocateResourceLimitedArray(unsigned char *,out_len,sizeof(*out_buf));
+ if (out_buf == (unsigned char *) NULL)
+ ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
Home |
Main Index |
Thread Index |
Old Index