Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: imagemagick

imagemagick (8:6.9.10.23+dfsg-2.1ubuntu9) focal; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-*.patch: backport multiple upstream commits. - CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977, CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13137, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-13308, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13391, CVE-2019-13454, CVE-2019-14981, CVE-2019-15139, CVE-2019-15140, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16713 * debian/patches/200-disable-ghostscript-formats.patch: also disable PS2 and PS3 content per VU#332928 recommendations. -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Nov 2019 08:42:03 -0500 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu8) focal; urgency=medium * Build without libheif, to untangle the perl transition. -- Matthias Klose <doko@ubuntu.com> Mon, 21 Oct 2019 16:41:25 +0200 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu7) focal; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <doko@ubuntu.com> Sat, 19 Oct 2019 12:17:03 +0000 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu6) eoan; urgency=medium * Revert last upload, now the transitions have ended, and security team thinks we have to fix packages failing to build, instead of reverting a security fix (see: LP bug: 1839596) -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 18 Sep 2019 17:18:53 +0200 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu5) eoan; urgency=medium * Revert the 8:6.9.10.23+dfsg-2.1ubuntu3, disabling pdf generation breaks tools like: mlpost, kannel and others. LP: #1839596 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 09 Aug 2019 11:21:20 +0200 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu4) eoan; urgency=medium * Re-add build-dependency on libheif-dev, which after closer analysis appears to be tractable for an MIR. -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Jul 2019 15:09:33 -0700 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu3) eoan; urgency=medium * SECURITY UPDATE: code execution vulnerabilities in ghostscript as invoked by imagemagick - debian/patches/200-disable-ghostscript-formats.patch: disable ghostscript handled types by default in policy.xml - debian/tests/rose-*: remove pdf tests. -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Jun 2019 10:40:31 -0400 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu2) eoan; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/CVE-2019-*.patch: backport multiple upstream commits. - CVE-2019-7175, CVE-2019-7395, CVE-2019-7396, CVE-2019-7397, CVE-2019-7398, CVE-2019-10649, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 13:48:48 -0400 imagemagick (8:6.9.10.23+dfsg-2.1ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000 but is not in main. - demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra Recommends on libjxr-tools to Suggests, as it is in universe. - Drop build-dependency on libheif-dev. -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 07 May 2019 21:24:32 -0700

Modifications :
  1. Download patch debian/patches/CVE-2019-13135.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13135.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13135.patch 2019-11-11 13:10:35.000000000 +0000 @@ -0,0 +1,21 @@ +From 1e59b29e520d2beab73e8c78aacd5f1c0d76196d Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Tue, 18 Jun 2019 11:45:11 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1599 + +--- + coders/cut.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/cut.c b/coders/cut.c +index 2ef35f4c4..070136f22 100644 +--- a/coders/cut.c ++++ b/coders/cut.c +@@ -568,6 +568,7 @@ static Image *ReadCUTImage(const ImageInfo *image_info,ExceptionInfo *exception) + BImgBuff=(unsigned char *) AcquireQuantumMemory((size_t) ldblk, + sizeof(*BImgBuff)); /*Ldblk was set in the check phase*/ + if(BImgBuff==NULL) goto NoMemory; ++ (void) memset(BImgBuff,0,(size_t) ldblk*sizeof(*BImgBuff)); + + offset=SeekBlob(image,6 /*sizeof(Header)*/,SEEK_SET); + if (offset < 0)
  2. Download patch debian/patches/0023-Revert-hidden-ABI-break-by-changing-MagickFloatType-.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/0023-Revert-hidden-ABI-break-by-changing-MagickFloatType-.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/0023-Revert-hidden-ABI-break-by-changing-MagickFloatType-.patch 2018-12-18 19:12:23.000000000 +0000 @@ -0,0 +1,31 @@ +From: Balint Reczey <balint.reczey@canonical.com> +Date: Tue, 18 Dec 2018 20:04:57 +0100 +Subject: Revert hidden ABI break by changing MagickFloatType's size on i386 + +This reverts commit 94a86b3324bed28b4ed4a80ff0be05dc58c0023e. +--- + magick/magick-type.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magick/magick-type.h b/magick/magick-type.h +index 0fc437c..2f5e38f 100644 +--- a/magick/magick-type.h ++++ b/magick/magick-type.h +@@ -46,7 +46,7 @@ typedef float MagickFloatType; + #elif (MAGICKCORE_SIZEOF_FLOAT_T == MAGICKCORE_SIZEOF_DOUBLE) + typedef double MagickFloatType; + #elif (MAGICKCORE_SIZEOF_FLOAT_T == MAGICKCORE_SIZEOF_LONG_DOUBLE) +-typedef double MagickFloatType; ++typedef long double MagickFloatType; + #else + #error Your MagickFloatType type is neither a float, nor a double, nor a long double + #endif +@@ -55,7 +55,7 @@ typedef double MagickDoubleType; + #elif (MAGICKCORE_SIZEOF_DOUBLE_T == MAGICKCORE_SIZEOF_DOUBLE) + typedef double MagickDoubleType; + #elif (MAGICKCORE_SIZEOF_DOUBLE_T == MAGICKCORE_SIZEOF_LONG_DOUBLE) +-typedef double MagickDoubleType; ++typedef long double MagickDoubleType; + #else + #error Your MagickDoubleType type is neither a float, nor a double, nor a long double + #endif
  3. Download patch debian/patches/CVE-2019-13137.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13137.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13137.patch 2019-11-11 13:10:43.000000000 +0000 @@ -0,0 +1,19 @@ +From 7d11230060fa9c8f67e53c85224daf6648805c7b Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Tue, 18 Jun 2019 11:54:17 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1601 + +--- + coders/ps.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/coders/ps.c ++++ b/coders/ps.c +@@ -747,6 +747,7 @@ static Image *ReadPSImage(const ImageInf + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, + "InvalidGeometry","`%s'",option); ++ geometry=DestroyString(geometry); + image=DestroyImage(image); + return((Image *) NULL); + }
  4. Download patch debian/patches/CVE-2019-13309.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13309.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13309.patch 2019-11-11 13:20:58.000000000 +0000 @@ -0,0 +1,30 @@ +Backport of: + +From 5982632109cad48bc6dab867298fdea4dea57c51 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sun, 23 Jun 2019 11:47:36 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1616 + +--- + wand/mogrify.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/wand/mogrify.c ++++ b/wand/mogrify.c +@@ -7946,6 +7946,8 @@ WandExport MagickBooleanType MogrifyImag + channel,metric,&distortion,exception); + if (difference_image == (Image *) NULL) + break; ++ reconstruct_image=DestroyImage(reconstruct_image); ++ image=DestroyImage(image); + if (*images != (Image *) NULL) + *images=DestroyImage(*images); + *images=difference_image; +@@ -8288,6 +8290,7 @@ WandExport MagickBooleanType MogrifyImag + q=GetImageFromList(*images,index-1); + if (q == (Image *) NULL) + { ++ p=DestroyImage(p); + (void) ThrowMagickException(exception,GetMagickModule(), + OptionError,"NoSuchImage","`%s'",argv[i+1]); + status=MagickFalse;
  5. Download patch debian/control.d/quantum.in

    --- 8:6.9.10.23+dfsg-2.1/debian/control.d/quantum.in 2019-05-03 14:20:08.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/control.d/quantum.in 2019-05-08 02:12:00.000000000 +0000 @@ -65,8 +65,7 @@ Provides: libmagickcore-extra, libmagick libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-3-extra, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-4-extra, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-5-extra -Suggests: inkscape -Recommends: libjxr-tools +Suggests: inkscape, libjxr-tools Description: low-level image manipulation library - extra codecs (${UCQUANTUMDEPTH}) This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to MagickCore. @@ -84,7 +83,8 @@ Depends: libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION} (= ${binary:Version}), libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION}-extra (= ${binary:Version}), libbz2-dev, libdjvulibre-dev, - libexif-dev, libfreetype6-dev, libjpeg-dev, libopenjp2-7-dev, + libexif-dev, libfreetype6-dev, libjpeg-dev, +# libopenjp2-7-dev, Needed for JPEG2000 but not in main see MIR #711061 liblcms2-dev, liblqr-1-0-dev, libltdl-dev, libopenexr-dev, libpng-dev, librsvg2-dev, libtiff-dev, libwmf-dev, libx11-dev, libxext-dev, libxml2-dev, libxt-dev, zlib1g-dev,
  6. Download patch debian/patches/CVE-2019-13304-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13304-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13304-1.patch 2019-11-11 13:18:17.000000000 +0000 @@ -0,0 +1,28 @@ +From bfa3b9610c83227894c92b0d312ad327fceb6241 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Fri, 21 Jun 2019 20:33:10 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1614 + +--- + coders/pnm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/pnm.c b/coders/pnm.c +index c10558d24..d3500b3ae 100644 +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1762,13 +1762,13 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image) + { + *q++=(unsigned char) (GetPixelLuma(image,p) >= (QuantumRange/2.0) ? + '0' : '1'); +- *q++=' '; + if ((q-pixels+1) >= (ssize_t) sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); + q=pixels; + } ++ *q++=' '; + p++; + } + *q++='\n';
  7. Download patch debian/patches/CVE-2019-16710.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-16710.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-16710.patch 2019-11-11 13:29:18.000000000 +0000 @@ -0,0 +1,25 @@ +From 80deac0626d2d69e1da836d7d893db1e022b10fc Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Tue, 26 Mar 2019 16:36:30 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1528 + +--- + coders/dot.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/coders/dot.c b/coders/dot.c +index 837023d44..094866e16 100644 +--- a/coders/dot.c ++++ b/coders/dot.c +@@ -130,7 +130,10 @@ static Image *ReadDOTImage(const ImageInfo *image_info,ExceptionInfo *exception) + image=AcquireImage(image_info); + status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); + if (status == MagickFalse) +- return((Image *) NULL); ++ { ++ image=DestroyImageList(image); ++ return((Image *) NULL); ++ } + read_info=CloneImageInfo(image_info); + SetImageInfoBlob(read_info,(void *) NULL,0); + (void) CopyMagickString(read_info->magick,"SVG",MaxTextExtent);
  8. Download patch debian/patches/CVE-2019-13304-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13304-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13304-2.patch 2019-11-11 13:18:25.000000000 +0000 @@ -0,0 +1,20 @@ +From a2f84f23d064e98f423aa0d050ff98838cf0a1b1 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 10 Aug 2019 07:25:32 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1614 + +--- + coders/pnm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1762,7 +1762,7 @@ static MagickBooleanType WritePNMImage(c + { + *q++=(unsigned char) (GetPixelLuma(image,p) >= (QuantumRange/2.0) ? + '0' : '1'); +- if ((q-pixels+1) >= (ssize_t) sizeof(pixels)) ++ if ((q-pixels+2) >= (ssize_t) sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels);
  9. Download patch debian/patches/CVE-2019-16711.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-16711.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-16711.patch 2019-11-11 13:29:23.000000000 +0000 @@ -0,0 +1,38 @@ +From 448f301a781405a45717bb53578475de06df973a Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Thu, 11 Apr 2019 07:36:54 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1542 + +--- + coders/ps2.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/coders/ps2.c b/coders/ps2.c +index 21107b18f..9f4b8fa28 100644 +--- a/coders/ps2.c ++++ b/coders/ps2.c +@@ -204,19 +204,19 @@ static MagickBooleanType Huffman2DEncodeImage(const ImageInfo *image_info, + unsigned char + *group4; + +- status=MagickTrue; +- write_info=CloneImageInfo(image_info); +- (void) CopyMagickString(write_info->filename,"GROUP4:",MaxTextExtent); +- (void) CopyMagickString(write_info->magick,"GROUP4",MaxTextExtent); + group4_image=CloneImage(inject_image,0,0,MagickTrue,&image->exception); + if (group4_image == (Image *) NULL) + return(MagickFalse); ++ write_info=CloneImageInfo(image_info); ++ (void) CopyMagickString(write_info->filename,"GROUP4:",MaxTextExtent); ++ (void) CopyMagickString(write_info->magick,"GROUP4",MaxTextExtent); + group4=(unsigned char *) ImageToBlob(write_info,group4_image,&length, + &image->exception); ++ write_info=DestroyImageInfo(write_info); + group4_image=DestroyImage(group4_image); + if (group4 == (unsigned char *) NULL) + return(MagickFalse); +- write_info=DestroyImageInfo(write_info); ++ status=MagickTrue; + if (WriteBlob(image,length,group4) != (ssize_t) length) + status=MagickFalse; + group4=(unsigned char *) RelinquishMagickMemory(group4);
  10. Download patch debian/control

    --- 8:6.9.10.23+dfsg-2.1/debian/control 2019-05-03 14:20:08.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/control 2019-10-21 14:41:23.000000000 +0000 @@ -2,7 +2,8 @@ Source: imagemagick Section: graphics Priority: optional -Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Uploaders: Luciano Bello <luciano@debian.org>, Nelson A. de Oliveira <naoliv@debian.org>, Bastien Roucariès <rouca@debian.org>, @@ -27,9 +28,10 @@ Build-Depends: debhelper (>= 11), libx11-dev, libxext-dev, libxt-dev, # for plugins ghostscript, libdjvulibre-dev, libexif-dev, - libjpeg-dev, libopenjp2-7-dev, + libjpeg-dev, +# libopenjp2-7-dev, Needed for JPEG2000 but not in main see MIR #711061 libopenexr-dev, libperl-dev, libpng-dev, libtiff-dev, - libwmf-dev, libheif-dev, libwebp-dev, + libwmf-dev, libwebp-dev, # libgraphviz-dev, incompatible license against fftw # for converting svg libpango1.0-dev, librsvg2-bin, librsvg2-dev, libxml2-dev, @@ -259,8 +261,7 @@ Provides: libmagickcore-extra, libmagick libmagickcore-6.q16-3-extra, libmagickcore-6.q16-4-extra, libmagickcore-6.q16-5-extra -Suggests: inkscape -Recommends: libjxr-tools +Suggests: inkscape, libjxr-tools Description: low-level image manipulation library - extra codecs (Q16) This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to MagickCore. @@ -278,7 +279,8 @@ Depends: libmagickcore-6.q16-6 (= ${binary:Version}), libmagickcore-6.q16-6-extra (= ${binary:Version}), libbz2-dev, libdjvulibre-dev, - libexif-dev, libfreetype6-dev, libjpeg-dev, libopenjp2-7-dev, + libexif-dev, libfreetype6-dev, libjpeg-dev, +# libopenjp2-7-dev, Needed for JPEG2000 but not in main see MIR #711061 liblcms2-dev, liblqr-1-0-dev, libltdl-dev, libopenexr-dev, libpng-dev, librsvg2-dev, libtiff-dev, libwmf-dev, libx11-dev, libxext-dev, libxml2-dev, libxt-dev, zlib1g-dev, @@ -474,8 +476,7 @@ Provides: libmagickcore-extra, libmagick libmagickcore-6.q16hdri-3-extra, libmagickcore-6.q16hdri-4-extra, libmagickcore-6.q16hdri-5-extra -Suggests: inkscape -Recommends: libjxr-tools +Suggests: inkscape, libjxr-tools Description: low-level image manipulation library - extra codecs (Q16HDRI) This package adds support for SVG, WMF, OpenEXR, DjVu and Graphviz to MagickCore. @@ -493,7 +494,8 @@ Depends: libmagickcore-6.q16hdri-6 (= ${binary:Version}), libmagickcore-6.q16hdri-6-extra (= ${binary:Version}), libbz2-dev, libdjvulibre-dev, - libexif-dev, libfreetype6-dev, libjpeg-dev, libopenjp2-7-dev, + libexif-dev, libfreetype6-dev, libjpeg-dev, +# libopenjp2-7-dev, Needed for JPEG2000 but not in main see MIR #711061 liblcms2-dev, liblqr-1-0-dev, libltdl-dev, libopenexr-dev, libpng-dev, librsvg2-dev, libtiff-dev, libwmf-dev, libx11-dev, libxext-dev, libxml2-dev, libxt-dev, zlib1g-dev,
  11. Download patch debian/patches/CVE-2019-13297.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13297.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13297.patch 2019-11-11 13:10:55.000000000 +0000 @@ -0,0 +1,22 @@ +From 35c7032723d85eee7318ff6c82f031fa2666b773 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Fri, 21 Jun 2019 17:30:44 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1609 + +--- + magick/threshold.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/threshold.c b/magick/threshold.c +index a53e839e6..4a8c6b2e7 100644 +--- a/magick/threshold.c ++++ b/magick/threshold.c +@@ -202,7 +202,7 @@ MagickExport Image *AdaptiveThresholdImage(const Image *image, + threshold_image=CloneImage(image,0,0,MagickTrue,exception); + if (threshold_image == (Image *) NULL) + return((Image *) NULL); +- if (width == 0) ++ if ((width == 0) || (height == 0)) + return(threshold_image); + if (SetImageStorageClass(threshold_image,DirectClass) == MagickFalse) + {
  12. Download patch debian/patches/CVE-2019-11598-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11598-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11598-1.patch 2019-06-12 17:47:49.000000000 +0000 @@ -0,0 +1,29 @@ +From e2a21735e3a3f3930bd431585ec36334c4c2eb77 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Mon, 8 Apr 2019 18:38:04 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1540 + +--- + magick/quantize.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/magick/quantize.c b/magick/quantize.c +index d677e9739..461d83997 100644 +--- a/magick/quantize.c ++++ b/magick/quantize.c +@@ -3260,11 +3260,11 @@ static MagickBooleanType SetGrayscaleImage(Image *image) + if (image->type != GrayscaleType) + (void) TransformImageColorspace(image,GRAYColorspace); + if (image->storage_class == PseudoClass) +- colormap_index=(ssize_t *) AcquireQuantumMemory(image->colors+1, +- sizeof(*colormap_index)); ++ colormap_index=(ssize_t *) AcquireQuantumMemory(MagickMax(image->colors+1, ++ MaxMap),sizeof(*colormap_index)); + else +- colormap_index=(ssize_t *) AcquireQuantumMemory(MaxColormapSize+1, +- sizeof(*colormap_index)); ++ colormap_index=(ssize_t *) AcquireQuantumMemory(MagickMax(MaxColormapSize+1, ++ MaxMap),sizeof(*colormap_index)); + if (colormap_index == (ssize_t *) NULL) + ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", + image->filename);
  13. Download patch debian/patches/CVE-2019-16713.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-16713.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-16713.patch 2019-11-11 13:35:01.000000000 +0000 @@ -0,0 +1,42 @@ +From 6954a3f7f1bf1dad417260c5965f2c30a64fa25e Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <dirk@lemstra.org> +Date: Sun, 28 Apr 2019 10:32:34 +0200 +Subject: [PATCH] Fixed memory leak reported in #1558 and fixed other leak. + +--- + coders/dot.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/coders/dot.c b/coders/dot.c +index 094866e16..c22336cda 100644 +--- a/coders/dot.c ++++ b/coders/dot.c +@@ -130,10 +130,7 @@ static Image *ReadDOTImage(const ImageInfo *image_info,ExceptionInfo *exception) + image=AcquireImage(image_info); + status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); + if (status == MagickFalse) +- { +- image=DestroyImageList(image); +- return((Image *) NULL); +- } ++ return(DestroyImageList(image)); + read_info=CloneImageInfo(image_info); + SetImageInfoBlob(read_info,(void *) NULL,0); + (void) CopyMagickString(read_info->magick,"SVG",MaxTextExtent); +@@ -148,7 +145,7 @@ static Image *ReadDOTImage(const ImageInfo *image_info,ExceptionInfo *exception) + if (graph == (graph_t *) NULL) + { + (void) RelinquishUniqueFileResource(read_info->filename); +- return ((Image *) NULL); ++ return(DestroyImageList(image)); + } + option=GetImageOption(image_info,"dot:layout-engine"); + if (option == (const char *) NULL) +@@ -158,6 +155,7 @@ static Image *ReadDOTImage(const ImageInfo *image_info,ExceptionInfo *exception) + gvRenderFilename(graphic_context,graph,(char *) "svg",read_info->filename); + gvFreeLayout(graphic_context,graph); + agclose(graph); ++ image=DestroyImageList(image); + /* + Read SVG graph. + */
  14. Download patch debian/patches/CVE-2019-14981.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-14981.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-14981.patch 2019-11-11 13:21:25.000000000 +0000 @@ -0,0 +1,22 @@ +From b522d2d857d2f75b659936b59b0da9df1682c256 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Thu, 18 Apr 2019 19:55:44 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1552 + +--- + magick/feature.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/feature.c b/magick/feature.c +index db33743d2..434c5c5c1 100644 +--- a/magick/feature.c ++++ b/magick/feature.c +@@ -2313,7 +2313,7 @@ MagickExport Image *MeanShiftImage(const Image *image,const size_t width, + } + } + } +- gamma=1.0/count; ++ gamma=PerceptibleReciprocal(count); + mean_location.x=gamma*sum_location.x; + mean_location.y=gamma*sum_location.y; + mean_pixel.red=gamma*sum_pixel.red;
  15. Download patch debian/patches/CVE-2019-12975-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-12975-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-12975-1.patch 2019-11-11 13:09:51.000000000 +0000 @@ -0,0 +1,39 @@ +From c01d8b02f3fa912a320ddad07a03212822f267ec Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 23 Mar 2019 14:52:24 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1517 + +--- + coders/dpx.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/coders/dpx.c ++++ b/coders/dpx.c +@@ -2035,13 +2035,16 @@ static MagickBooleanType WriteDPXImage(c + pixels=GetQuantumPixels(quantum_info); + for (y=0; y < (ssize_t) image->rows; y++) + { ++ size_t ++ length; ++ + p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); + if (p == (const PixelPacket *) NULL) + break; +- (void) ExportQuantumPixels(image,(const CacheView *) NULL,quantum_info, ++ length=ExportQuantumPixels(image,(const CacheView *) NULL,quantum_info, + quantum_type,pixels,&image->exception); + count=WriteBlob(image,extent,pixels); +- if (count != (ssize_t) extent) ++ if (count != (ssize_t) length) + break; + status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, + image->rows); +@@ -2049,6 +2052,8 @@ static MagickBooleanType WriteDPXImage(c + break; + } + quantum_info=DestroyQuantumInfo(quantum_info); ++ if (y < (ssize_t) image->rows) ++ ThrowWriterException(CorruptImageError,"UnableToWriteImageData"); + (void) CloseBlob(image); + return(status); + }
  16. Download patch debian/patches/CVE-2019-11598-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11598-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11598-2.patch 2019-06-12 17:47:53.000000000 +0000 @@ -0,0 +1,111 @@ +From dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 11 May 2019 08:26:11 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1540 + +--- + coders/exr.c | 2 ++ + magick/quantize.c | 30 ++++++++++++++---------------- + 2 files changed, 16 insertions(+), 16 deletions(-) + +diff --git a/coders/exr.c b/coders/exr.c +index c594d4d5c..a1fdeeef4 100644 +--- a/coders/exr.c ++++ b/coders/exr.c +@@ -272,6 +272,8 @@ static Image *ReadEXRImage(const ImageInfo *image_info,ExceptionInfo *exception) + SetPixelOpacity(q,image->background_color.opacity); + q++; + } ++ if (SyncAuthenticPixels(image,exception) == MagickFalse) ++ break; + continue; + } + memset(scanline,0,columns*sizeof(*scanline)); +diff --git a/magick/quantize.c b/magick/quantize.c +index 461d83997..776a3a1e7 100644 +--- a/magick/quantize.c ++++ b/magick/quantize.c +@@ -2132,10 +2132,8 @@ MagickExport MagickBooleanType GetImageQuantizeError(Image *image) + mean_error, + mean_error_per_pixel; + +- size_t +- index; +- + ssize_t ++ index, + y; + + assert(image != (Image *) NULL); +@@ -2168,7 +2166,7 @@ MagickExport MagickBooleanType GetImageQuantizeError(Image *image) + indexes=GetCacheViewAuthenticIndexQueue(image_view); + for (x=0; x < (ssize_t) image->columns; x++) + { +- index=1UL*GetPixelIndex(indexes+x); ++ index=(ssize_t) GetPixelIndex(indexes+x); + if (image->matte != MagickFalse) + { + alpha=(MagickRealType) (QuantumScale*(GetPixelAlpha(p))); +@@ -3215,16 +3213,16 @@ extern "C" { + + static int IntensityCompare(const void *x,const void *y) + { ++ double ++ intensity; ++ + PixelPacket + *color_1, + *color_2; + +- int +- intensity; +- + color_1=(PixelPacket *) x; + color_2=(PixelPacket *) y; +- intensity=PixelPacketIntensity(color_1)-(int) PixelPacketIntensity(color_2); ++ intensity=PixelPacketIntensity(color_1)-PixelPacketIntensity(color_2); + return((int) intensity); + } + +@@ -3249,6 +3247,9 @@ static MagickBooleanType SetGrayscaleImage(Image *image) + register ssize_t + i; + ++ size_t ++ extent; ++ + ssize_t + *colormap_index, + j, +@@ -3259,19 +3260,15 @@ static MagickBooleanType SetGrayscaleImage(Image *image) + exception=(&image->exception); + if (image->type != GrayscaleType) + (void) TransformImageColorspace(image,GRAYColorspace); +- if (image->storage_class == PseudoClass) +- colormap_index=(ssize_t *) AcquireQuantumMemory(MagickMax(image->colors+1, +- MaxMap),sizeof(*colormap_index)); +- else +- colormap_index=(ssize_t *) AcquireQuantumMemory(MagickMax(MaxColormapSize+1, +- MaxMap),sizeof(*colormap_index)); ++ extent=MagickMax(image->colors+1,MagickMax(MaxColormapSize,MaxMap+1)); ++ colormap_index=(ssize_t *) AcquireQuantumMemory(extent, ++ sizeof(*colormap_index)); + if (colormap_index == (ssize_t *) NULL) + ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed", + image->filename); + if (image->storage_class != PseudoClass) + { +- (void) memset(colormap_index,(-1),MaxColormapSize* +- sizeof(*colormap_index)); ++ (void) memset(colormap_index,(-1),extent*sizeof(*colormap_index)); + if (AcquireImageColormap(image,MaxColormapSize) == MagickFalse) + { + colormap_index=(ssize_t *) RelinquishMagickMemory(colormap_index); +@@ -3334,6 +3331,7 @@ static MagickBooleanType SetGrayscaleImage(Image *image) + } + image_view=DestroyCacheView(image_view); + } ++ (void) memset(colormap_index,0,extent*sizeof(*colormap_index)); + for (i=0; i < (ssize_t) image->colors; i++) + image->colormap[i].opacity=(unsigned short) i; + qsort((void *) image->colormap,image->colors,sizeof(PixelPacket),
  17. Download patch debian/patches/CVE-2019-15139-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-15139-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-15139-1.patch 2019-11-11 13:23:34.000000000 +0000 @@ -0,0 +1,30 @@ +Backport of: + +From 6d46f0a046a58e7c4567a86ba1b9cb847d5b1968 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 20 Apr 2019 09:39:53 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1553 + +--- + coders/xwd.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/coders/xwd.c ++++ b/coders/xwd.c +@@ -252,6 +252,8 @@ static Image *ReadXWDImage(const ImageIn + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (header.ncolors > 256) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); ++ if ((MagickSizeType) header.xoffset >= GetBlobSize(image)) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + switch (header.visual_class) { + case StaticGray: + case GrayScale: +@@ -638,6 +640,7 @@ ModuleExport size_t RegisterXWDImage(voi + entry->encoder=(EncodeImageHandler *) WriteXWDImage; + #endif + entry->magick=(IsImageFormatHandler *) IsXWD; ++ entry->seekable_stream=MagickTrue; + entry->adjoin=MagickFalse; + entry->description=ConstantString("X Windows system window dump (color)"); + entry->module=ConstantString("XWD");
  18. Download patch debian/patches/CVE-2019-12975-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-12975-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-12975-2.patch 2019-11-11 13:09:57.000000000 +0000 @@ -0,0 +1,23 @@ +From b9c3aa197020ca091a21145cf46855afd4ddcb07 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 30 Mar 2019 08:46:12 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1517 + +--- + coders/dpx.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/coders/dpx.c ++++ b/coders/dpx.c +@@ -2043,8 +2043,10 @@ static MagickBooleanType WriteDPXImage(c + break; + length=ExportQuantumPixels(image,(const CacheView *) NULL,quantum_info, + quantum_type,pixels,&image->exception); ++ if (length == 0) ++ break; + count=WriteBlob(image,extent,pixels); +- if (count != (ssize_t) length) ++ if (count != (ssize_t) extent) + break; + status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, + image->rows);
  19. Download patch debian/patches/CVE-2019-11470.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11470.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11470.patch 2019-06-12 17:35:49.000000000 +0000 @@ -0,0 +1,22 @@ +From a0473b29add9521ffd4c74f6f623b418811762b0 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 9 Feb 2019 21:21:19 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1472 + +--- + coders/cin.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/cin.c b/coders/cin.c +index 91c53c69d..ac0c23039 100644 +--- a/coders/cin.c ++++ b/coders/cin.c +@@ -724,6 +724,8 @@ static Image *ReadCINImage(const ImageInfo *image_info,ExceptionInfo *exception) + (void) CloseBlob(image); + return(image); + } ++ if (((MagickSizeType) image->columns*image->rows) > GetBlobSize(image)) ++ ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); + for ( ; offset < (MagickOffsetType) cin.file.image_offset; offset++) + { + int
  20. Download patch debian/patches/CVE-2019-10649.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-10649.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-10649.patch 2019-06-12 17:30:57.000000000 +0000 @@ -0,0 +1,23 @@ +From e3417aebe17cbe274b7361aa92c83226ca5b646b Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Thu, 28 Mar 2019 20:23:31 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1533 + +--- + coders/svg.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: imagemagick-6.9.10.23+dfsg/coders/svg.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/svg.c 2019-06-12 13:30:55.035848450 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/svg.c 2019-06-12 13:30:55.031848428 -0400 +@@ -2733,6 +2733,9 @@ static void SVGEndElement(void *context, + SVGProcessStyleElement(context,name,value); + (void) FormatLocaleFile(svg_info->file,"pop class\n"); + } ++ for (j=0; tokens[j] != (char *) NULL; j++) ++ tokens[j]=DestroyString(tokens[j]); ++ tokens=(char **) RelinquishMagickMemory(tokens); + break; + } + if (LocaleCompare((const char *) name,"svg") == 0)
  21. Download patch debian/patches/CVE-2019-15139-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-15139-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-15139-2.patch 2019-11-11 13:25:21.000000000 +0000 @@ -0,0 +1,47 @@ +Backport of: + +From e295b8193a1413a39d5c0b3e18fa7ca952c35cdf Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 20 Apr 2019 12:18:23 -0400 +Subject: [PATCH] ... + +--- + coders/xwd.c | 12 ++++++------ + configure | 2 +- + 2 files changed, 7 insertions(+), 7 deletions(-) + +--- a/coders/xwd.c ++++ b/coders/xwd.c +@@ -252,7 +252,7 @@ static Image *ReadXWDImage(const ImageIn + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (header.ncolors > 256) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); +- if ((MagickSizeType) header.xoffset >= GetBlobSize(image)) ++ if (header.xoffset >= header.pixmap_width) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + switch (header.visual_class) { + case StaticGray: +@@ -306,10 +306,11 @@ static Image *ReadXWDImage(const ImageIn + ximage->red_mask=header.red_mask; + ximage->green_mask=header.green_mask; + ximage->blue_mask=header.blue_mask; +- if ((ximage->width < 0) || (ximage->height < 0) || (ximage->depth < 0) || +- (ximage->format < 0) || (ximage->byte_order < 0) || +- (ximage->bitmap_bit_order < 0) || (ximage->bitmap_pad < 0) || +- (ximage->bytes_per_line < 0)) ++ if ((ximage->depth < 0) || (ximage->format < 0) || (ximage->xoffset < 0) || ++ (ximage->width < 0) || (ximage->height < 0) || (ximage->bitmap_pad < 0) || ++ (ximage->bytes_per_line < 0) || (ximage->byte_order < 0) || ++ (ximage->bitmap_unit < 0) || (ximage->bitmap_bit_order < 0) || ++ (ximage->bits_per_pixel < 0)) + { + ximage=(XImage *) RelinquishMagickMemory(ximage); + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); +@@ -640,7 +641,6 @@ ModuleExport size_t RegisterXWDImage(voi + entry->encoder=(EncodeImageHandler *) WriteXWDImage; + #endif + entry->magick=(IsImageFormatHandler *) IsXWD; +- entry->seekable_stream=MagickTrue; + entry->adjoin=MagickFalse; + entry->description=ConstantString("X Windows system window dump (color)"); + entry->module=ConstantString("XWD");
  22. Download patch debian/patches/CVE-2019-13308-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13308-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13308-1.patch 2019-11-11 13:42:03.000000000 +0000 @@ -0,0 +1,33 @@ +Backport of: + +From f6ffc702c6eecd963587273a429dcd608c648984 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sun, 16 Jun 2019 12:18:36 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1588 + +--- + magick/annotate.c | 3 +++ + magick/fourier.c | 12 ++++++++---- + 2 files changed, 11 insertions(+), 4 deletions(-) + +--- a/magick/fourier.c ++++ b/magick/fourier.c +@@ -245,10 +245,14 @@ MagickExport Image *ComplexImages(const + + if (status == MagickFalse) + continue; +- Ar=GetCacheViewVirtualPixels(Ar_view,0,y,Ar_image->columns,1,exception); +- Ai=GetCacheViewVirtualPixels(Ai_view,0,y,Ai_image->columns,1,exception); +- Br=GetCacheViewVirtualPixels(Br_view,0,y,Br_image->columns,1,exception); +- Bi=GetCacheViewVirtualPixels(Bi_view,0,y,Bi_image->columns,1,exception); ++ Ar=GetCacheViewVirtualPixels(Ar_view,0,y, ++ MagickMax(Ar_image->columns,Cr_image->columns),1,exception); ++ Ai=GetCacheViewVirtualPixels(Ai_view,0,y, ++ MagickMax(Ai_image->columns,Ci_image->columns),1,exception); ++ Br=GetCacheViewVirtualPixels(Br_view,0,y, ++ MagickMax(Br_image->columns,Cr_image->columns),1,exception); ++ Bi=GetCacheViewVirtualPixels(Bi_view,0,y, ++ MagickMax(Bi_image->columns,Ci_image->columns),1,exception); + Cr=QueueCacheViewAuthenticPixels(Cr_view,0,y,Cr_image->columns,1,exception); + Ci=QueueCacheViewAuthenticPixels(Ci_view,0,y,Ci_image->columns,1,exception); + if ((Ar == (const PixelPacket *) NULL) ||
  23. Download patch debian/patches/CVE-2019-11472.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11472.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11472.patch 2019-06-12 17:45:04.000000000 +0000 @@ -0,0 +1,23 @@ +From f663dfb8431c97d95682a2b533cca1c8233d21b4 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 14 Apr 2019 11:49:45 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1546 + +--- + coders/xwd.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/coders/xwd.c b/coders/xwd.c +index 186b3f1ca..94a2907c9 100644 +--- a/coders/xwd.c ++++ b/coders/xwd.c +@@ -243,6 +243,9 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if ((header.bits_per_pixel == 0) || (header.bits_per_pixel > 32)) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); ++ if ((header.bitmap_bit_order != MSBFirst) && ++ (header.bitmap_bit_order != LSBFirst)) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (((header.bitmap_pad % 8) != 0) || (header.bitmap_pad > 32)) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (header.bitmap_unit > 32)
  24. Download patch debian/patches/CVE-2019-13295.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13295.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13295.patch 2019-11-11 13:10:50.000000000 +0000 @@ -0,0 +1,22 @@ +From 55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Fri, 21 Jun 2019 16:52:14 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1608 + +--- + magick/threshold.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/magick/threshold.c b/magick/threshold.c +index 763eb8552..a53e839e6 100644 +--- a/magick/threshold.c ++++ b/magick/threshold.c +@@ -202,6 +202,8 @@ MagickExport Image *AdaptiveThresholdImage(const Image *image, + threshold_image=CloneImage(image,0,0,MagickTrue,exception); + if (threshold_image == (Image *) NULL) + return((Image *) NULL); ++ if (width == 0) ++ return(threshold_image); + if (SetImageStorageClass(threshold_image,DirectClass) == MagickFalse) + { + InheritException(exception,&threshold_image->exception);
  25. Download patch debian/tests/rose-6.q16

    --- 8:6.9.10.23+dfsg-2.1/debian/tests/rose-6.q16 2019-05-03 14:20:08.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/tests/rose-6.q16 2019-09-18 15:18:38.000000000 +0000 @@ -3,7 +3,6 @@ CONVERT=convert-im6.q16 set -e -$CONVERT rose: pdf:/dev/null $CONVERT rose: png:/dev/null $CONVERT rose: jpeg:/dev/null $CONVERT rose: bmp:/dev/null
  26. Download patch debian/patches/CVE-2019-13308-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13308-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13308-2.patch 2019-11-11 13:20:05.000000000 +0000 @@ -0,0 +1,188 @@ +From 19651f3db63fa1511ed83a348c4c82fa553f8d01 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Mon, 17 Jun 2019 08:48:42 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1595 + +--- + coders/gif.c | 6 ++- + magick/fourier.c | 99 +++++++++++++++++++++++++++--------------------- + 2 files changed, 59 insertions(+), 46 deletions(-) + +diff --git a/coders/gif.c b/coders/gif.c +index c101547e9..9830eb7d3 100644 +--- a/coders/gif.c ++++ b/coders/gif.c +@@ -685,13 +685,15 @@ static MagickBooleanType EncodeImage(const ImageInfo *image_info,Image *image, + /* + Probe hash table. + */ ++ next_pixel=MagickFalse; ++ displacement=1; + index=(IndexPacket) ((size_t) GetPixelIndex(indexes+x) & 0xff); + p++; + k=(ssize_t) (((size_t) index << (MaxGIFBits-8))+waiting_code); + if (k >= MaxHashTable) + k-=MaxHashTable; +- next_pixel=MagickFalse; +- displacement=1; ++ if (k < 0) ++ continue; + if (hash_code[k] > 0) + { + if ((hash_prefix[k] == waiting_code) && +diff --git a/magick/fourier.c b/magick/fourier.c +index bff711d0f..83dfcb24a 100644 +--- a/magick/fourier.c ++++ b/magick/fourier.c +@@ -226,9 +226,9 @@ MagickExport Image *ComplexImages(const Image *images,const ComplexOperator op, + progress=0; + #if defined(MAGICKCORE_OPENMP_SUPPORT) + #pragma omp parallel for schedule(static) shared(progress,status) \ +- magick_number_threads(images,complex_images,images->rows,1L) ++ magick_number_threads(Cr_image,complex_images,Cr_image->rows,1L) + #endif +- for (y=0; y < (ssize_t) images->rows; y++) ++ for (y=0; y < (ssize_t) Cr_image->rows; y++) + { + register const PixelPacket + *magick_restrict Ai, +@@ -245,14 +245,10 @@ MagickExport Image *ComplexImages(const Image *images,const ComplexOperator op, + + if (status == MagickFalse) + continue; +- Ar=GetCacheViewVirtualPixels(Ar_view,0,y, +- MagickMax(Ar_image->columns,Cr_image->columns),1,exception); +- Ai=GetCacheViewVirtualPixels(Ai_view,0,y, +- MagickMax(Ai_image->columns,Ci_image->columns),1,exception); +- Br=GetCacheViewVirtualPixels(Br_view,0,y, +- MagickMax(Br_image->columns,Cr_image->columns),1,exception); +- Bi=GetCacheViewVirtualPixels(Bi_view,0,y, +- MagickMax(Bi_image->columns,Ci_image->columns),1,exception); ++ Ar=GetCacheViewVirtualPixels(Ar_view,0,y,Cr_image->columns,1,exception); ++ Ai=GetCacheViewVirtualPixels(Ai_view,0,y,Cr_image->columns,1,exception); ++ Br=GetCacheViewVirtualPixels(Br_view,0,y,Cr_image->columns,1,exception); ++ Bi=GetCacheViewVirtualPixels(Bi_view,0,y,Cr_image->columns,1,exception); + Cr=QueueCacheViewAuthenticPixels(Cr_view,0,y,Cr_image->columns,1,exception); + Ci=QueueCacheViewAuthenticPixels(Ci_view,0,y,Ci_image->columns,1,exception); + if ((Ar == (const PixelPacket *) NULL) || +@@ -264,7 +260,7 @@ MagickExport Image *ComplexImages(const Image *images,const ComplexOperator op, + status=MagickFalse; + continue; + } +- for (x=0; x < (ssize_t) images->columns; x++) ++ for (x=0; x < (ssize_t) Cr_image->columns; x++) + { + switch (op) + { +@@ -305,55 +301,70 @@ MagickExport Image *ComplexImages(const Image *images,const ComplexOperator op, + gamma; + + gamma=PerceptibleReciprocal(Br->red*Br->red+Bi->red*Bi->red+snr); +- Cr->red=gamma*(Ar->red*Br->red+Ai->red*Bi->red); +- Ci->red=gamma*(Ai->red*Br->red-Ar->red*Bi->red); +- gamma=PerceptibleReciprocal(Br->green*Br->green+Bi->green*Bi->green+ +- snr); +- Cr->green=gamma*(Ar->green*Br->green+Ai->green*Bi->green); +- Ci->green=gamma*(Ai->green*Br->green-Ar->green*Bi->green); +- gamma=PerceptibleReciprocal(Br->blue*Br->blue+Bi->blue*Bi->blue+snr); +- Cr->blue=gamma*(Ar->blue*Br->blue+Ai->blue*Bi->blue); +- Ci->blue=gamma*(Ai->blue*Br->blue-Ar->blue*Bi->blue); ++ Cr->red=gamma*((double) Ar->red*Br->red+(double) Ai->red*Bi->red); ++ Ci->red=gamma*((double) Ai->red*Br->red-(double) Ar->red*Bi->red); ++ gamma=PerceptibleReciprocal((double) Br->green*Br->green+(double) ++ Bi->green*Bi->green+snr); ++ Cr->green=gamma*((double) Ar->green*Br->green+(double) ++ Ai->green*Bi->green); ++ Ci->green=gamma*((double) Ai->green*Br->green-(double) ++ Ar->green*Bi->green); ++ gamma=PerceptibleReciprocal((double) Br->blue*Br->blue+(double) ++ Bi->blue*Bi->blue+snr); ++ Cr->blue=gamma*((double) Ar->blue*Br->blue+(double) ++ Ai->blue*Bi->blue); ++ Ci->blue=gamma*((double) Ai->blue*Br->blue-(double) ++ Ar->blue*Bi->blue); + if (images->matte != MagickFalse) + { +- gamma=PerceptibleReciprocal(Br->opacity*Br->opacity+Bi->opacity* +- Bi->opacity+snr); +- Cr->opacity=gamma*(Ar->opacity*Br->opacity+Ai->opacity* +- Bi->opacity); +- Ci->opacity=gamma*(Ai->opacity*Br->opacity-Ar->opacity* +- Bi->opacity); ++ gamma=PerceptibleReciprocal((double) Br->opacity*Br->opacity+ ++ (double) Bi->opacity*Bi->opacity+snr); ++ Cr->opacity=gamma*((double) Ar->opacity*Br->opacity+(double) ++ Ai->opacity*Bi->opacity); ++ Ci->opacity=gamma*((double) Ai->opacity*Br->opacity-(double) ++ Ar->opacity*Bi->opacity); + } + break; + } + case MagnitudePhaseComplexOperator: + { +- Cr->red=sqrt(Ar->red*Ar->red+Ai->red*Ai->red); +- Ci->red=atan2(Ai->red,Ar->red)/(2.0*MagickPI)+0.5; +- Cr->green=sqrt(Ar->green*Ar->green+Ai->green*Ai->green); +- Ci->green=atan2(Ai->green,Ar->green)/(2.0*MagickPI)+0.5; +- Cr->blue=sqrt(Ar->blue*Ar->blue+Ai->blue*Ai->blue); ++ Cr->red=sqrt((double) Ar->red*Ar->red+(double) Ai->red*Ai->red); ++ Ci->red=atan2((double) Ai->red,(double) Ar->red)/(2.0*MagickPI)+0.5; ++ Cr->green=sqrt((double) Ar->green*Ar->green+(double) ++ Ai->green*Ai->green); ++ Ci->green=atan2((double) Ai->green,(double) Ar->green)/ ++ (2.0*MagickPI)+0.5; ++ Cr->blue=sqrt((double) Ar->blue*Ar->blue+(double) Ai->blue*Ai->blue); + Ci->blue=atan2(Ai->blue,Ar->blue)/(2.0*MagickPI)+0.5; + if (images->matte != MagickFalse) + { +- Cr->opacity=sqrt(Ar->opacity*Ar->opacity+Ai->opacity*Ai->opacity); +- Ci->opacity=atan2(Ai->opacity,Ar->opacity)/(2.0*MagickPI)+0.5; ++ Cr->opacity=sqrt((double) Ar->opacity*Ar->opacity+(double) ++ Ai->opacity*Ai->opacity); ++ Ci->opacity=atan2((double) Ai->opacity,(double) Ar->opacity)/ ++ (2.0*MagickPI)+0.5; + } + break; + } + case MultiplyComplexOperator: + { +- Cr->red=QuantumScale*(Ar->red*Br->red-Ai->red*Bi->red); +- Ci->red=QuantumScale*(Ai->red*Br->red+Ar->red*Bi->red); +- Cr->green=QuantumScale*(Ar->green*Br->green-Ai->green*Bi->green); +- Ci->green=QuantumScale*(Ai->green*Br->green+Ar->green*Bi->green); +- Cr->blue=QuantumScale*(Ar->blue*Br->blue-Ai->blue*Bi->blue); +- Ci->blue=QuantumScale*(Ai->blue*Br->blue+Ar->blue*Bi->blue); ++ Cr->red=QuantumScale*((double) Ar->red*Br->red-(double) ++ Ai->red*Bi->red); ++ Ci->red=QuantumScale*((double) Ai->red*Br->red+(double) ++ Ar->red*Bi->red); ++ Cr->green=QuantumScale*((double) Ar->green*Br->green-(double) ++ Ai->green*Bi->green); ++ Ci->green=QuantumScale*((double) Ai->green*Br->green+(double) ++ Ar->green*Bi->green); ++ Cr->blue=QuantumScale*((double) Ar->blue*Br->blue-(double) ++ Ai->blue*Bi->blue); ++ Ci->blue=QuantumScale*((double) Ai->blue*Br->blue+(double) ++ Ar->blue*Bi->blue); + if (images->matte != MagickFalse) + { +- Cr->opacity=QuantumScale*(Ar->opacity*Br->opacity-Ai->opacity* +- Bi->opacity); +- Ci->opacity=QuantumScale*(Ai->opacity*Br->opacity+Ar->opacity* +- Bi->opacity); ++ Cr->opacity=QuantumScale*((double) Ar->opacity*Br->opacity- ++ (double) Ai->opacity*Bi->opacity); ++ Ci->opacity=QuantumScale*((double) Ai->opacity*Br->opacity+ ++ (double) Ar->opacity*Bi->opacity); + } + break; + } +@@ -380,7 +391,7 @@ MagickExport Image *ComplexImages(const Image *images,const ComplexOperator op, + Ci->green=Ai->green-Bi->green; + Cr->blue=Ar->blue-Br->blue; + Ci->blue=Ai->blue-Bi->blue; +- if (images->matte != MagickFalse) ++ if (Cr_image->matte != MagickFalse) + { + Cr->opacity=Ar->opacity-Br->opacity; + Ci->opacity=Ai->opacity-Bi->opacity;
  27. Download patch debian/control.d/noquantum.in

    --- 8:6.9.10.23+dfsg-2.1/debian/control.d/noquantum.in 2019-05-03 14:20:08.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/control.d/noquantum.in 2019-10-21 14:41:14.000000000 +0000 @@ -1,7 +1,8 @@ Source: imagemagick Section: graphics Priority: optional -Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org> Uploaders: Luciano Bello <luciano@debian.org>, Nelson A. de Oliveira <naoliv@debian.org>, Bastien Roucariès <rouca@debian.org>, @@ -26,9 +27,10 @@ Build-Depends: debhelper (>= 11), libx11-dev, libxext-dev, libxt-dev, # for plugins ghostscript, libdjvulibre-dev, libexif-dev, - libjpeg-dev, libopenjp2-7-dev, + libjpeg-dev, +# libopenjp2-7-dev, Needed for JPEG2000 but not in main see MIR #711061 libopenexr-dev, libperl-dev, libpng-dev, libtiff-dev, - libwmf-dev, libheif-dev, libwebp-dev, + libwmf-dev, libwebp-dev, # libgraphviz-dev, incompatible license against fftw # for converting svg libpango1.0-dev, librsvg2-bin, librsvg2-dev, libxml2-dev,
  28. Download patch debian/patches/CVE-2019-7395.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-7395.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-7395.patch 2019-06-12 17:30:11.000000000 +0000 @@ -0,0 +1,22 @@ +From d646562fbfb8bd230879fef7d67a62bf28bb1e19 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 20 Jan 2019 11:04:19 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1451 + +--- + coders/psd.c | 2 ++ + 1 file changed, 2 insertions(+) + +Index: imagemagick-6.9.10.23+dfsg/coders/psd.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/psd.c 2019-06-12 13:30:09.099587203 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/psd.c 2019-06-12 13:30:09.099587203 -0400 +@@ -2704,6 +2704,8 @@ static size_t WritePSDChannel(const PSDI + if (deflateInit(&stream,level) != Z_OK) + { + quantum_info=DestroyQuantumInfo(quantum_info); ++ compressed_pixels=(unsigned char *) RelinquishMagickMemory( ++ compressed_pixels); + return(0); + } + }
  29. Download patch debian/patches/CVE-2019-11597-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11597-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11597-1.patch 2019-06-12 17:45:23.000000000 +0000 @@ -0,0 +1,30 @@ +From 1d6c036f0388d7857c725342f7212b60e39a14c1 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 27 Apr 2019 10:08:03 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1555 + +--- + coders/tiff.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +Index: imagemagick-6.9.10.23+dfsg/coders/tiff.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/tiff.c 2019-06-12 13:45:21.551788760 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/tiff.c 2019-06-12 13:45:21.547788745 -0400 +@@ -4053,6 +4053,8 @@ RestoreMSCWarning + if (image->colorspace == LabColorspace) + DecodeLabImage(image,&image->exception); + DestroyTIFFInfo(&tiff_info); ++ if (exception->severity > ErrorException) ++ break; + DisableMSCWarning(4127) + if (0 && (image_info->verbose != MagickFalse)) + RestoreMSCWarning +@@ -4066,6 +4068,6 @@ RestoreMSCWarning + break; + } while (image_info->adjoin != MagickFalse); + TIFFClose(tiff); +- return(MagickTrue); ++ return(exception->severity > ErrorException ? MagickFalse : MagickTrue); + } + #endif
  30. Download patch debian/patches/CVE-2019-13454.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13454.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13454.patch 2019-11-11 13:21:16.000000000 +0000 @@ -0,0 +1,88 @@ +From 4f31d78716ac94c85c244efcea368fea202e2ed4 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Mon, 8 Jul 2019 06:21:03 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1629 + +--- + magick/layer.c | 56 ++++++++++++++++++++++++++------------------------ + 1 file changed, 29 insertions(+), 27 deletions(-) + +diff --git a/magick/layer.c b/magick/layer.c +index 79bbaf524..96b23459f 100644 +--- a/magick/layer.c ++++ b/magick/layer.c +@@ -1639,45 +1639,47 @@ MagickExport void OptimizeImageTransparency(const Image *image, + % o exception: return any errors or warnings in this structure. + % + */ +-MagickExport void RemoveDuplicateLayers(Image **images, +- ExceptionInfo *exception) ++MagickExport void RemoveDuplicateLayers(Image **images,ExceptionInfo *exception) + { +- register Image +- *curr, +- *next; +- + RectangleInfo + bounds; + ++ register Image ++ *image, ++ *next; ++ + assert((*images) != (const Image *) NULL); + assert((*images)->signature == MagickCoreSignature); + if ((*images)->debug != MagickFalse) +- (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",(*images)->filename); ++ (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s", ++ (*images)->filename); + assert(exception != (ExceptionInfo *) NULL); + assert(exception->signature == MagickCoreSignature); +- +- curr=GetFirstImageInList(*images); +- for (; (next=GetNextImageInList(curr)) != (Image *) NULL; curr=next) ++ image=GetFirstImageInList(*images); ++ for ( ; (next=GetNextImageInList(image)) != (Image *) NULL; image=next) + { +- if ( curr->columns != next->columns || curr->rows != next->rows +- || curr->page.x != next->page.x || curr->page.y != next->page.y ) ++ if ((image->columns != next->columns) || (image->rows != next->rows) || ++ (image->page.x != next->page.x) || (image->page.y != next->page.y)) + continue; +- bounds=CompareImageBounds(curr,next,CompareAnyLayer,exception); +- if ( bounds.x < 0 ) { +- /* +- the two images are the same, merge time delays and delete one. +- */ +- size_t time; +- time = curr->delay*1000/curr->ticks_per_second; +- time += next->delay*1000/next->ticks_per_second; +- next->ticks_per_second = 100L; +- next->delay = time*curr->ticks_per_second/1000; +- next->iterations = curr->iterations; +- *images = curr; +- (void) DeleteImageFromList(images); +- } ++ bounds=CompareImageBounds(image,next,CompareAnyLayer,exception); ++ if (bounds.x < 0) ++ { ++ /* ++ Two images are the same, merge time delays and delete one. ++ */ ++ size_t ++ time; ++ ++ time=1000*image->delay*PerceptibleReciprocal(image->ticks_per_second); ++ time+=1000*next->delay*PerceptibleReciprocal(next->ticks_per_second); ++ next->ticks_per_second=100L; ++ next->delay=time*image->ticks_per_second/1000; ++ next->iterations=image->iterations; ++ *images=image; ++ (void) DeleteImageFromList(images); ++ } + } +- *images = GetFirstImageInList(*images); ++ *images=GetFirstImageInList(*images); + } + + /*
  31. Download patch debian/patches/CVE-2019-7396.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-7396.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-7396.patch 2019-06-12 17:30:18.000000000 +0000 @@ -0,0 +1,21 @@ +From 5c258c08eca75f74e6d1cdcc968db89b34656768 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 20 Jan 2019 11:01:40 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1452 + +--- + coders/sixel.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/sixel.c b/coders/sixel.c +index 840323b56..5ebee1a7b 100644 +--- a/coders/sixel.c ++++ b/coders/sixel.c +@@ -1056,6 +1056,7 @@ static Image *ReadSIXELImage(const ImageInfo *image_info,ExceptionInfo *exceptio + if (sixel_decode(image,(unsigned char *)sixel_buffer, &sixel_pixels, &image->columns, &image->rows, &sixel_palette, &image->colors) == MagickFalse) + { + sixel_buffer=(char *) RelinquishMagickMemory(sixel_buffer); ++ sixel_pixels=(unsigned char *) RelinquishMagickMemory(sixel_pixels); + ThrowReaderException(CorruptImageError,"CorruptImage"); + } + sixel_buffer=(char *) RelinquishMagickMemory(sixel_buffer);
  32. Download patch debian/patches/series

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/series 2019-05-03 14:27:07.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/series 2019-11-11 13:41:58.000000000 +0000 @@ -23,3 +23,52 @@ 0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch 0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch 0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch +CVE-2019-7175.patch +CVE-2019-7395.patch +CVE-2019-7396.patch +CVE-2019-7397.patch +CVE-2019-7398.patch +CVE-2019-10649.patch +CVE-2019-11470.patch +CVE-2019-11472-pre1.patch +CVE-2019-11472-pre2.patch +CVE-2019-11472.patch +CVE-2019-11597-1.patch +CVE-2019-11597-2.patch +CVE-2019-11597-3.patch +CVE-2019-11598-1.patch +CVE-2019-11598-2.patch +200-disable-ghostscript-formats.patch +CVE-2019-12974.patch +CVE-2019-12975-1.patch +CVE-2019-12975-2.patch +CVE-2019-12976.patch +CVE-2019-12977.patch +CVE-2019-12978.patch +CVE-2019-12979.patch +CVE-2019-13135.patch +CVE-2019-13137.patch +CVE-2019-13295.patch +CVE-2019-13297.patch +CVE-2019-13300.patch +CVE-2019-13301.patch +CVE-2019-13304-1.patch +CVE-2019-13304-2.patch +CVE-2019-13305-1.patch +CVE-2019-13305-2.patch +CVE-2019-13307-1.patch +CVE-2019-13307-2.patch +CVE-2019-13307-3.patch +CVE-2019-13308-1.patch +CVE-2019-13308-2.patch +CVE-2019-13309.patch +CVE-2019-13311.patch +CVE-2019-13454.patch +CVE-2019-14981.patch +CVE-2019-15139-1.patch +CVE-2019-15139-2.patch +CVE-2019-15140.patch +CVE-2019-16708.patch +CVE-2019-16710.patch +CVE-2019-16711.patch +CVE-2019-16713.patch
  33. Download patch debian/patches/CVE-2019-12974.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-12974.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-12974.patch 2019-11-11 13:09:42.000000000 +0000 @@ -0,0 +1,42 @@ +From b4391bdd60df0a77e97a6ef1674f2ffef0e19e24 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 23 Mar 2019 16:19:07 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1515 + +--- + coders/pango.c | 7 +++++-- + coders/vid.c | 7 +++++-- + 2 files changed, 10 insertions(+), 4 deletions(-) + +--- a/coders/pango.c ++++ b/coders/pango.c +@@ -196,8 +196,11 @@ static Image *ReadPANGOImage(const Image + property=InterpretImageProperties(image_info,image,option+6); + else + property=InterpretImageProperties(image_info,image,option); +- (void) SetImageProperty(image,"caption",property); +- property=DestroyString(property); ++ if (property != (char *) NULL) ++ { ++ (void) SetImageProperty(image,"caption",property); ++ property=DestroyString(property); ++ } + caption=ConstantString(GetImageProperty(image,"caption")); + /* + Get context. +--- a/coders/vid.c ++++ b/coders/vid.c +@@ -176,8 +176,11 @@ static Image *ReadVIDImage(const ImageIn + if (next_image == (Image *) NULL) + break; + label=InterpretImageProperties(image_info,next_image,DefaultTileLabel); +- (void) SetImageProperty(next_image,"label",label); +- label=DestroyString(label); ++ if (label != (char *) NULL) ++ { ++ (void) SetImageProperty(next_image,"label",label); ++ label=DestroyString(label); ++ } + if (image_info->debug != MagickFalse) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "geometry: %.20gx%.20g",(double) next_image->columns,(double)
  34. Download patch debian/patches/CVE-2019-11597-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11597-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11597-2.patch 2019-06-12 17:45:30.000000000 +0000 @@ -0,0 +1,66 @@ +From c979b348d64a25a04f12ea7fe7888b2b23f230a7 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <dirk@lemstra.org> +Date: Sun, 28 Apr 2019 10:41:53 +0200 +Subject: [PATCH] Fixed memory leaks reported in ImageMagick/ImageMagick#1555. + +--- + coders/pdf.c | 8 ++++---- + coders/ps3.c | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +Index: imagemagick-6.9.10.23+dfsg/coders/pdf.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/pdf.c 2019-06-12 13:45:28.175814880 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/pdf.c 2019-06-12 13:45:28.171814864 -0400 +@@ -1204,19 +1204,19 @@ static MagickBooleanType Huffman2DEncode + unsigned char + *group4; + ++ group4_image=CloneImage(inject_image,0,0,MagickTrue,&image->exception); ++ if (group4_image == (Image *) NULL) ++ return(MagickFalse); + status=MagickTrue; + write_info=CloneImageInfo(image_info); + (void) CopyMagickString(write_info->filename,"GROUP4:",MaxTextExtent); + (void) CopyMagickString(write_info->magick,"GROUP4",MaxTextExtent); +- group4_image=CloneImage(inject_image,0,0,MagickTrue,&image->exception); +- if (group4_image == (Image *) NULL) +- return(MagickFalse); + group4=(unsigned char *) ImageToBlob(write_info,group4_image,&length, + &image->exception); + group4_image=DestroyImage(group4_image); ++ write_info=DestroyImageInfo(write_info); + if (group4 == (unsigned char *) NULL) + return(MagickFalse); +- write_info=DestroyImageInfo(write_info); + if (WriteBlob(image,length,group4) != (ssize_t) length) + status=MagickFalse; + group4=(unsigned char *) RelinquishMagickMemory(group4); +Index: imagemagick-6.9.10.23+dfsg/coders/ps3.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/ps3.c 2019-06-12 13:45:28.175814880 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/ps3.c 2019-06-12 13:45:28.171814864 -0400 +@@ -219,19 +219,19 @@ static MagickBooleanType Huffman2DEncode + unsigned char + *group4; + ++ group4_image=CloneImage(inject_image,0,0,MagickTrue,&image->exception); ++ if (group4_image == (Image *) NULL) ++ return(MagickFalse); + status=MagickTrue; + write_info=CloneImageInfo(image_info); + (void) CopyMagickString(write_info->filename,"GROUP4:",MaxTextExtent); + (void) CopyMagickString(write_info->magick,"GROUP4",MaxTextExtent); +- group4_image=CloneImage(inject_image,0,0,MagickTrue,&image->exception); +- if (group4_image == (Image *) NULL) +- return(MagickFalse); + group4=(unsigned char *) ImageToBlob(write_info,group4_image,&length, + &image->exception); + group4_image=DestroyImage(group4_image); ++ write_info=DestroyImageInfo(write_info); + if (group4 == (unsigned char *) NULL) + return(MagickFalse); +- write_info=DestroyImageInfo(write_info); + if (WriteBlob(image,length,group4) != (ssize_t) length) + status=MagickFalse; + group4=(unsigned char *) RelinquishMagickMemory(group4);
  35. Download patch debian/patches/CVE-2019-13311.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13311.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13311.patch 2019-11-11 13:21:11.000000000 +0000 @@ -0,0 +1,78 @@ +From bb812022d0bc12107db215c981cab0b1ccd73d91 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Mon, 1 Jul 2019 19:53:22 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1623 + +--- + wand/mogrify.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +--- a/wand/mogrify.c ++++ b/wand/mogrify.c +@@ -7867,6 +7867,9 @@ WandExport MagickBooleanType MogrifyImag + clut_image=RemoveFirstImageFromList(images); + if (clut_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -7911,9 +7914,6 @@ WandExport MagickBooleanType MogrifyImag + } + if (LocaleCompare("compare",option+1) == 0) + { +- const char +- *option; +- + double + distortion; + +@@ -7934,6 +7934,9 @@ WandExport MagickBooleanType MogrifyImag + reconstruct_image=RemoveFirstImageFromList(images); + if (reconstruct_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -7989,6 +7992,9 @@ WandExport MagickBooleanType MogrifyImag + composite_image=RemoveFirstImageFromList(images); + if (composite_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -8220,6 +8226,9 @@ WandExport MagickBooleanType MogrifyImag + hald_image=RemoveFirstImageFromList(images); + if (hald_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ image=DestroyImage(image); + status=MagickFalse; + break; + } +@@ -8250,11 +8259,16 @@ WandExport MagickBooleanType MogrifyImag + phase_image=RemoveFirstImageFromList(images); + if (phase_image == (Image *) NULL) + { ++ (void) ThrowMagickException(exception,GetMagickModule(), ++ OptionError,"ImageSequenceRequired","`%s'",option); ++ magnitude_image=DestroyImage(magnitude_image); + status=MagickFalse; + break; + } + fourier_image=InverseFourierTransformImage(magnitude_image, + phase_image,*option == '-' ? MagickTrue : MagickFalse,exception); ++ magnitude_image=DestroyImage(magnitude_image); ++ phase_image=DestroyImage(phase_image); + if (fourier_image == (Image *) NULL) + break; + if (*images != (Image *) NULL)
  36. Download patch debian/patches/CVE-2019-7397.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-7397.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-7397.patch 2019-06-12 17:30:26.000000000 +0000 @@ -0,0 +1,69 @@ +From 3b28c8d93aa469f6d90c8b3c05fe3d88c2584e32 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 20 Jan 2019 10:17:40 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1454 + +--- + coders/pdf.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/coders/pdf.c b/coders/pdf.c +index 274deab67..5aa768680 100644 +--- a/coders/pdf.c ++++ b/coders/pdf.c +@@ -1982,6 +1982,7 @@ RestoreMSCWarning + pixel_info=RelinquishVirtualMemory(pixel_info); + if (status == MagickFalse) + { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + (void) CloseBlob(image); + return(MagickFalse); + } +@@ -2096,6 +2097,7 @@ RestoreMSCWarning + pixel_info=RelinquishVirtualMemory(pixel_info); + if (status == MagickFalse) + { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + (void) CloseBlob(image); + return(MagickFalse); + } +@@ -2196,6 +2198,7 @@ RestoreMSCWarning + pixel_info=RelinquishVirtualMemory(pixel_info); + if (status == MagickFalse) + { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + (void) CloseBlob(image); + return(MagickFalse); + } +@@ -2497,6 +2500,7 @@ RestoreMSCWarning + pixel_info=RelinquishVirtualMemory(pixel_info); + if (status == MagickFalse) + { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + (void) CloseBlob(image); + return(MagickFalse); + } +@@ -2599,6 +2603,7 @@ RestoreMSCWarning + pixel_info=RelinquishVirtualMemory(pixel_info); + if (status == MagickFalse) + { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + (void) CloseBlob(image); + return(MagickFalse); + } +@@ -2686,6 +2691,7 @@ RestoreMSCWarning + pixel_info=RelinquishVirtualMemory(pixel_info); + if (status == MagickFalse) + { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + (void) CloseBlob(image); + return(MagickFalse); + } +@@ -2890,6 +2896,7 @@ RestoreMSCWarning + pixel_info=RelinquishVirtualMemory(pixel_info); + if (status == MagickFalse) + { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + (void) CloseBlob(image); + return(MagickFalse); + }
  37. Download patch debian/patches/CVE-2019-11597-3.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11597-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11597-3.patch 2019-06-12 17:47:31.000000000 +0000 @@ -0,0 +1,42 @@ +Backport of: + +From 3c53413eb544cc567309b4c86485eae43e956112 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 28 Apr 2019 09:26:45 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1560 + +--- + coders/tiff.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +Index: imagemagick-6.9.10.23+dfsg/coders/tiff.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/tiff.c 2019-06-12 13:45:41.739868265 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/tiff.c 2019-06-12 13:47:13.048224465 -0400 +@@ -4053,13 +4053,15 @@ RestoreMSCWarning + if (image->colorspace == LabColorspace) + DecodeLabImage(image,&image->exception); + DestroyTIFFInfo(&tiff_info); +- if (exception->severity > ErrorException) +- break; + DisableMSCWarning(4127) + if (0 && (image_info->verbose != MagickFalse)) + RestoreMSCWarning + TIFFPrintDirectory(tiff,stdout,MagickFalse); +- (void) TIFFWriteDirectory(tiff); ++ if (TIFFWriteDirectory(tiff) == 0) ++ { ++ status=MagickFalse; ++ break; ++ } + image=SyncNextImageInList(image); + if (image == (Image *) NULL) + break; +@@ -4068,6 +4070,6 @@ RestoreMSCWarning + break; + } while (image_info->adjoin != MagickFalse); + TIFFClose(tiff); +- return(exception->severity > ErrorException ? MagickFalse : MagickTrue); ++ return(status); + } + #endif
  38. Download patch debian/patches/CVE-2019-7398.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-7398.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-7398.patch 2019-06-12 17:48:48.000000000 +0000 @@ -0,0 +1,25 @@ +From 20c360e14cd5d70b5bbd0b54afa241eae4aec45d Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 20 Jan 2019 10:50:08 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1453 + +--- + coders/dib.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Index: imagemagick-6.9.10.23+dfsg/coders/dib.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/dib.c 2019-06-12 14:02:09.842836624 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/dib.c 2019-06-12 14:04:13.178952743 -0400 +@@ -1380,7 +1380,10 @@ static MagickBooleanType WriteDIBImage(c + dib_colormap=(unsigned char *) AcquireQuantumMemory((size_t) + (1UL << dib_info.bits_per_pixel),4*sizeof(*dib_colormap)); + if (dib_colormap == (unsigned char *) NULL) +- ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed"); ++ { ++ pixels=(unsigned char *) RelinquishMagickMemory(pixels); ++ ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed"); ++ } + q=dib_colormap; + for (i=0; i < (ssize_t) MagickMin(image->colors,dib_info.number_colors); i++) + {
  39. Download patch debian/patches/CVE-2019-12976.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-12976.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-12976.patch 2019-11-11 13:10:06.000000000 +0000 @@ -0,0 +1,25 @@ +From ff840181f631b1b7f29160cae24d792fcd176bae Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 23 Mar 2019 14:36:27 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1520 + +--- + coders/pcl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/coders/pcl.c b/coders/pcl.c +index 644d9f78f..777dff311 100644 +--- a/coders/pcl.c ++++ b/coders/pcl.c +@@ -319,7 +319,10 @@ static Image *ReadPCLImage(const ImageInfo *image_info,ExceptionInfo *exception) + else + delegate_info=GetDelegateInfo("pcl:color",(char *) NULL,exception); + if (delegate_info == (const DelegateInfo *) NULL) +- return((Image *) NULL); ++ { ++ image=DestroyImage(image); ++ return((Image *) NULL); ++ } + if ((page.width == 0) || (page.height == 0)) + (void) ParseAbsoluteGeometry(PSPageGeometry,&page); + if (image_info->page != (char *) NULL)
  40. Download patch debian/patches/CVE-2019-13307-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13307-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13307-1.patch 2019-11-11 13:18:50.000000000 +0000 @@ -0,0 +1,35 @@ +From 91e58d967a92250439ede038ccfb0913a81e59fe Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 22 Jun 2019 08:23:29 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1615 + +--- + magick/statistic.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -164,18 +164,17 @@ static MagickPixelPacket **AcquirePixelT + + size_t + columns, +- number_threads; ++ rows; + +- number_threads=(size_t) GetMagickResourceLimit(ThreadResource); +- pixels=(MagickPixelPacket **) AcquireQuantumMemory(number_threads, +- sizeof(*pixels)); ++ rows=MagickMax(GetImageListLength(images), ++ (size_t) GetMagickResourceLimit(ThreadResource)); ++ pixels=(MagickPixelPacket **) AcquireQuantumMemory(rows,sizeof(*pixels)); + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); +- (void) memset(pixels,0,number_threads*sizeof(*pixels)); + columns=images->columns; + for (next=images; next != (Image *) NULL; next=next->next) + columns=MagickMax(next->columns,columns); +- for (i=0; i < (ssize_t) number_threads; i++) ++ for (i=0; i < (ssize_t) rows; i++) + { + pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, + sizeof(**pixels));
  41. Download patch debian/patches/CVE-2019-7175.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-7175.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-7175.patch 2019-06-12 17:29:57.000000000 +0000 @@ -0,0 +1,31 @@ +From ffedc1feed46ae5dfad2aeaf4bd9c42174ec0ad1 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 20 Jan 2019 11:12:07 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1450 + +--- + coders/pcd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/coders/pcd.c b/coders/pcd.c +index ec28d91de..3f15f81df 100644 +--- a/coders/pcd.c ++++ b/coders/pcd.c +@@ -205,6 +205,8 @@ static MagickBooleanType DecodeImage(Image *image,unsigned char *luma, + if (pcd_table[i] == (PCDTable *) NULL) + { + buffer=(unsigned char *) RelinquishMagickMemory(buffer); ++ for (j=0; j < i; j++) ++ pcd_table[j]=(PCDTable *) RelinquishMagickMemory(pcd_table[j]); + ThrowBinaryImageException(ResourceLimitError,"MemoryAllocationFailed", + image->filename); + } +@@ -216,6 +218,8 @@ static MagickBooleanType DecodeImage(Image *image,unsigned char *luma, + if (r->length > 16) + { + buffer=(unsigned char *) RelinquishMagickMemory(buffer); ++ for (j=0; j <= i; j++) ++ pcd_table[j]=(PCDTable *) RelinquishMagickMemory(pcd_table[j]); + return(MagickFalse); + } + PCDGetBits(16);
  42. Download patch debian/patches/CVE-2019-12977.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-12977.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-12977.patch 2019-11-11 13:10:14.000000000 +0000 @@ -0,0 +1,19 @@ +From e6103897fae2ed47e24b9cf7de719eea877b0504 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 23 Mar 2019 16:13:55 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1518 + +--- + coders/jp2.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/coders/jp2.c ++++ b/coders/jp2.c +@@ -866,6 +866,7 @@ static MagickBooleanType WriteJP2Image(c + /* + Set tile size. + */ ++ (void) memset(&geometry,0,sizeof(geometry)); + flags=ParseAbsoluteGeometry(image_info->extract,&geometry); + parameters.cp_tdx=(int) geometry.width; + parameters.cp_tdy=(int) geometry.width;
  43. Download patch debian/patches/CVE-2019-16708.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-16708.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-16708.patch 2019-11-11 13:29:13.000000000 +0000 @@ -0,0 +1,25 @@ +From 13801f5d0bd7a6fdb119682d34946636afdb2629 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Wed, 27 Mar 2019 14:22:00 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1531 + +--- + magick/xwindow.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/magick/xwindow.c b/magick/xwindow.c +index 837755e1f..1fe76203e 100644 +--- a/magick/xwindow.c ++++ b/magick/xwindow.c +@@ -297,6 +297,11 @@ MagickExport void DestroyXResources(void) + (void) XFreePixmap(windows->display,magick_windows[i]->shadow_stipple); + magick_windows[i]->shadow_stipple=(Pixmap) NULL; + } ++ if (magick_windows[i]->matte_image != (XImage *) NULL) ++ { ++ XDestroyImage(magick_windows[i]->matte_image); ++ magick_windows[i]->matte_image=(XImage *) NULL; ++ } + if (magick_windows[i]->ximage != (XImage *) NULL) + { + XDestroyImage(magick_windows[i]->ximage);
  44. Download patch debian/patches/CVE-2019-13307-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13307-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13307-2.patch 2019-11-11 13:18:56.000000000 +0000 @@ -0,0 +1,68 @@ +From e6d26d4e2f07375ddbf46a857d309d51eeff7ee1 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 22 Jun 2019 09:04:54 -0400 +Subject: [PATCH] ... + +--- + magick/statistic.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -136,13 +136,19 @@ + % + */ + +-static MagickPixelPacket **DestroyPixelThreadSet(MagickPixelPacket **pixels) ++static MagickPixelPacket **DestroyPixelThreadSet(const Image *images, ++ MagickPixelPacket **pixels) + { + register ssize_t + i; + ++ size_t ++ rows; ++ + assert(pixels != (MagickPixelPacket **) NULL); +- for (i=0; i < (ssize_t) GetMagickResourceLimit(ThreadResource); i++) ++ rows=MagickMax(GetImageListLength(images), ++ (size_t) GetMagickResourceLimit(ThreadResource)); ++ for (i=0; i < (ssize_t) rows; i++) + if (pixels[i] != (MagickPixelPacket *) NULL) + pixels[i]=(MagickPixelPacket *) RelinquishMagickMemory(pixels[i]); + pixels=(MagickPixelPacket **) RelinquishMagickMemory(pixels); +@@ -171,6 +177,7 @@ static MagickPixelPacket **AcquirePixelT + pixels=(MagickPixelPacket **) AcquireQuantumMemory(rows,sizeof(*pixels)); + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); ++ (void) memset(pixels,0,rows*sizeof(*pixels)); + columns=images->columns; + for (next=images; next != (Image *) NULL; next=next->next) + columns=MagickMax(next->columns,columns); +@@ -179,7 +186,7 @@ static MagickPixelPacket **AcquirePixelT + pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, + sizeof(**pixels)); + if (pixels[i] == (MagickPixelPacket *) NULL) +- return(DestroyPixelThreadSet(pixels)); ++ return(DestroyPixelThreadSet(images,pixels)); + for (j=0; j < (ssize_t) columns; j++) + GetMagickPixelPacket(images,&pixels[i][j]); + } +@@ -786,7 +793,7 @@ MagickExport Image *EvaluateImages(const + } + } + evaluate_view=DestroyCacheView(evaluate_view); +- evaluate_pixels=DestroyPixelThreadSet(evaluate_pixels); ++ evaluate_pixels=DestroyPixelThreadSet(images,evaluate_pixels); + random_info=DestroyRandomInfoThreadSet(random_info); + if (status == MagickFalse) + image=DestroyImage(image); +@@ -2916,7 +2923,7 @@ MagickExport Image *PolynomialImageChann + } + } + polynomial_view=DestroyCacheView(polynomial_view); +- polynomial_pixels=DestroyPixelThreadSet(polynomial_pixels); ++ polynomial_pixels=DestroyPixelThreadSet(images,polynomial_pixels); + if (status == MagickFalse) + image=DestroyImage(image); + return(image);
  45. Download patch debian/patches/CVE-2019-13300.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13300.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13300.patch 2019-11-11 13:12:36.000000000 +0000 @@ -0,0 +1,56 @@ +Backport of: + +From 5e409ae7a389cdf2ed17469303be3f3f21cec450 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sun, 16 Jun 2019 14:36:10 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1586 + +--- + magick/statistic.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -149,9 +149,12 @@ static MagickPixelPacket **DestroyPixelT + return(pixels); + } + +-static MagickPixelPacket **AcquirePixelThreadSet(const Image *image, ++static MagickPixelPacket **AcquirePixelThreadSet(const Image *images, + const size_t number_images) + { ++ const Image ++ *next; ++ + MagickPixelPacket + **pixels; + +@@ -160,6 +163,7 @@ static MagickPixelPacket **AcquirePixelT + j; + + size_t ++ columns, + number_threads; + + number_threads=(size_t) GetMagickResourceLimit(ThreadResource); +@@ -168,14 +172,17 @@ static MagickPixelPacket **AcquirePixelT + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); + (void) memset(pixels,0,number_threads*sizeof(*pixels)); ++ columns=images->columns; ++ for (next=images; next != (Image *) NULL; next=next->next) ++ columns=MagickMax(next->columns,columns); + for (i=0; i < (ssize_t) number_threads; i++) + { +- pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(image->columns, ++ pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns, + sizeof(**pixels)); + if (pixels[i] == (MagickPixelPacket *) NULL) + return(DestroyPixelThreadSet(pixels)); +- for (j=0; j < (ssize_t) image->columns; j++) +- GetMagickPixelPacket(image,&pixels[i][j]); ++ for (j=0; j < (ssize_t) columns; j++) ++ GetMagickPixelPacket(images,&pixels[i][j]); + } + return(pixels); + }
  46. Download patch debian/patches/CVE-2019-12978.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-12978.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-12978.patch 2019-11-11 13:10:18.000000000 +0000 @@ -0,0 +1,22 @@ +From ae1ded6140bfa8ae9f6dcba5413b72d98ed94614 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 23 Mar 2019 14:42:22 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1519 + +--- + coders/pango.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/pango.c b/coders/pango.c +index e77abe788..0a3f320fd 100644 +--- a/coders/pango.c ++++ b/coders/pango.c +@@ -185,6 +185,8 @@ static Image *ReadPANGOImage(const ImageInfo *image_info, + assert(exception->signature == MagickCoreSignature); + image=AcquireImage(image_info); + (void) ResetImagePage(image,"0x0+0+0"); ++ if ((image->columns != 0) && (image->rows != 0)) ++ (void) SetImageBackgroundColor(image); + /* + Format caption. + */
  47. Download patch debian/patches/CVE-2019-13307-3.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13307-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13307-3.patch 2019-11-11 13:19:04.000000000 +0000 @@ -0,0 +1,20 @@ +From 643921ca69a20b203faebd0b287d8b7012dc749d Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 22 Jun 2019 10:25:00 -0400 +Subject: [PATCH] ... + +--- + magick/statistic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/magick/statistic.c ++++ b/magick/statistic.c +@@ -178,7 +178,7 @@ static MagickPixelPacket **AcquirePixelT + if (pixels == (MagickPixelPacket **) NULL) + return((MagickPixelPacket **) NULL); + (void) memset(pixels,0,rows*sizeof(*pixels)); +- columns=images->columns; ++ columns=GetImageListLength(images); + for (next=images; next != (Image *) NULL; next=next->next) + columns=MagickMax(next->columns,columns); + for (i=0; i < (ssize_t) rows; i++)
  48. Download patch debian/patches/CVE-2019-11472-pre1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-11472-pre1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-11472-pre1.patch 2019-06-12 17:43:36.000000000 +0000 @@ -0,0 +1,41 @@ +From 61158d1a0affcd6a8b5b365a9e0bd4086bfb16bd Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Thu, 4 Apr 2019 08:09:13 -0400 +Subject: [PATCH] ... + +--- + coders/xwd.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +Index: imagemagick-6.9.10.23+dfsg/coders/xwd.c +=================================================================== +--- imagemagick-6.9.10.23+dfsg.orig/coders/xwd.c 2019-06-12 13:43:34.635362475 -0400 ++++ imagemagick-6.9.10.23+dfsg/coders/xwd.c 2019-06-12 13:43:34.631362460 -0400 +@@ -481,17 +481,16 @@ static Image *ReadXWDImage(const ImageIn + for (x=0; x < (ssize_t) image->columns; x++) + { + pixel=XGetPixel(ximage,(int) x,(int) y); +- index=(IndexPacket) ((pixel >> red_shift) & red_mask); +- if (index < header.ncolors) +- SetPixelRed(q,ScaleShortToQuantum(colors[(ssize_t) index].red)); +- index=(IndexPacket) ((pixel >> green_shift) & green_mask); +- if (index < header.ncolors) +- SetPixelGreen(q,ScaleShortToQuantum(colors[(ssize_t) +- index].green)); +- index=(IndexPacket) ((pixel >> blue_shift) & blue_mask); +- if (index < header.ncolors) +- SetPixelBlue(q,ScaleShortToQuantum(colors[(ssize_t) +- index].blue)); ++ index=ConstrainColormapIndex(image,(pixel >> red_shift) & ++ red_mask); ++ SetPixelRed(q,ScaleShortToQuantum(colors[(ssize_t) index].red)); ++ index=ConstrainColormapIndex(image,(pixel >> green_shift) & ++ green_mask); ++ SetPixelGreen(q,ScaleShortToQuantum(colors[(ssize_t) ++ index].green)); ++ index=ConstrainColormapIndex(image,(pixel >> blue_shift) & ++ blue_mask); ++ SetPixelBlue(q,ScaleShortToQuantum(colors[(ssize_t) index].blue)); + q++; + } + if (SyncAuthenticPixels(image,exception) == MagickFalse)
  49. Download patch debian/patches/CVE-2019-13301.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13301.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13301.patch 2019-11-11 13:18:04.000000000 +0000 @@ -0,0 +1,27 @@ +Backport of: + +From 0b7d3675438cbcde824e751895847a0794406e08 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 15 Jun 2019 22:04:30 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1589 + +--- + magick/annotate.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/magick/annotate.c ++++ b/magick/annotate.c +@@ -323,7 +323,12 @@ MagickExport MagickBooleanType AnnotateI + (void) ParseGeometry(annotate_info->geometry,&geometry_info); + } + if (SetImageStorageClass(image,DirectClass) == MagickFalse) +- return(MagickFalse); ++ { ++ annotate_info=DestroyDrawInfo(annotate_info); ++ annotate=DestroyDrawInfo(annotate); ++ textlist=(char **) RelinquishMagickMemory(textlist); ++ return(MagickFalse); ++ } + if (IsGrayColorspace(image->colorspace) != MagickFalse) + (void) SetImageColorspace(image,sRGBColorspace); + status=MagickTrue;
  50. Download patch debian/patches/CVE-2019-12979.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-12979.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-12979.patch 2019-11-11 13:10:28.000000000 +0000 @@ -0,0 +1,29 @@ +From 27b1c74979ac473a430e266ff6c4b645664bc805 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 23 Mar 2019 14:05:29 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1522 + +--- + magick/image.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/magick/image.c b/magick/image.c +index a295bc2a5..721925aef 100644 +--- a/magick/image.c ++++ b/magick/image.c +@@ -252,10 +252,11 @@ MagickExport Image *AcquireImage(const ImageInfo *image_info) + geometry_info; + + flags=ParseGeometry(image_info->density,&geometry_info); +- image->x_resolution=geometry_info.rho; +- image->y_resolution=geometry_info.sigma; +- if ((flags & SigmaValue) == 0) +- image->y_resolution=image->x_resolution; ++ if ((flags & RhoValue) != 0) ++ image->x_resolution=geometry_info.rho; ++ image->y_resolution=image->x_resolution; ++ if ((flags & SigmaValue) != 0) ++ image->y_resolution=geometry_info.sigma; + } + if (image_info->page != (char *) NULL) + {
  51. Download patch debian/patches/CVE-2019-11472-pre2.patch
  52. Download patch debian/tests/rose-6.q16hdri

    --- 8:6.9.10.23+dfsg-2.1/debian/tests/rose-6.q16hdri 2019-05-03 14:20:08.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/tests/rose-6.q16hdri 2019-09-18 15:18:51.000000000 +0000 @@ -3,7 +3,6 @@ CONVERT=convert-im6.q16hdri set -e -$CONVERT rose: pdf:/dev/null $CONVERT rose: png:/dev/null $CONVERT rose: jpeg:/dev/null $CONVERT rose: bmp:/dev/null
  53. Download patch debian/patches/200-disable-ghostscript-formats.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/200-disable-ghostscript-formats.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/200-disable-ghostscript-formats.patch 2019-11-11 13:42:03.000000000 +0000 @@ -0,0 +1,24 @@ +Author: Steve Beattie <steve.beattie@canonical.com> +Subject: disable ghostscript handled formats based on -SAFER insecurity + +Based on Tavis Ormandy's Recommendations +updated: 2019-11-11 + +--- + config/policy.xml | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/config/policy.xml ++++ b/config/policy.xml +@@ -86,4 +86,11 @@ + <policy domain="delegate" rights="none" pattern="HTTP" /> + <!-- in order to avoid to get image with password text --> + <policy domain="path" rights="none" pattern="@*"/> ++ <!-- disable ghostscript format types --> ++ <policy domain="coder" rights="none" pattern="PS" /> ++ <policy domain="coder" rights="none" pattern="PS2" /> ++ <policy domain="coder" rights="none" pattern="PS3" /> ++ <policy domain="coder" rights="none" pattern="EPS" /> ++ <policy domain="coder" rights="none" pattern="PDF" /> ++ <policy domain="coder" rights="none" pattern="XPS" /> + </policymap>
  54. Download patch debian/patches/CVE-2019-13305-1.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13305-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13305-1.patch 2019-11-11 13:18:33.000000000 +0000 @@ -0,0 +1,31 @@ +From cb5ec7d98195aa74d5ed299b38eff2a68122f3fa Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Fri, 21 Jun 2019 20:16:54 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1612 + +--- + coders/pnm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/coders/pnm.c b/coders/pnm.c +index 56f606343..7f818a869 100644 +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1832,7 +1832,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image) + extent=(size_t) count; + (void) strncpy((char *) q,buffer,extent); + q+=extent; +- if ((q-pixels+extent+1) >= sizeof(pixels)) ++ if ((q-pixels+extent+2) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); +@@ -1907,7 +1907,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image) + extent=(size_t) count; + (void) strncpy((char *) q,buffer,extent); + q+=extent; +- if ((q-pixels+extent+1) >= sizeof(pixels)) ++ if ((q-pixels+extent+2) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels);
  55. Download patch debian/patches/CVE-2019-15140.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-15140.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-15140.patch 2019-11-11 13:25:42.000000000 +0000 @@ -0,0 +1,41 @@ +From 5caef6e97f3f575cf7bea497865a4c1e624b8010 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sat, 27 Apr 2019 08:32:39 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1554 + +--- + coders/mat.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/coders/mat.c ++++ b/coders/mat.c +@@ -969,10 +969,10 @@ MATLAB_KO: + } + + filepos = TellBlob(image); +- while(!EOFBlob(image)) /* object parser loop */ ++ while(filepos < GetBlobSize(image) && !EOFBlob(image)) /* object parser loop */ + { + Frames = 1; +- if (filepos != (unsigned int) filepos) ++ if(filepos > GetBlobSize(image) || filepos < 0) + break; + if(SeekBlob(image,filepos,SEEK_SET) != filepos) break; + /* printf("pos=%X\n",TellBlob(image)); */ +@@ -981,7 +981,7 @@ MATLAB_KO: + if(EOFBlob(image)) break; + MATLAB_HDR.ObjectSize = ReadBlobXXXLong(image); + if(EOFBlob(image)) break; +- if((MagickSizeType) (MATLAB_HDR.ObjectSize+filepos) > GetBlobSize(image)) ++ if((MagickSizeType) (MATLAB_HDR.ObjectSize+filepos) >= GetBlobSize(image)) + goto MATLAB_KO; + filepos += (MagickOffsetType) MATLAB_HDR.ObjectSize + 4 + 4; + +@@ -1284,6 +1284,7 @@ RestoreMSCWarning + { + if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), + " MAT cannot read scanrow %u from a file.", (unsigned)(MATLAB_HDR.SizeY-i-1)); ++ ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); + goto ExitLoop; + } + if((CellType==miINT8 || CellType==miUINT8) && (MATLAB_HDR.StructureFlag & FLAG_LOGICAL))
  56. Download patch debian/patches/CVE-2019-13305-2.patch

    --- 8:6.9.10.23+dfsg-2.1/debian/patches/CVE-2019-13305-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 8:6.9.10.23+dfsg-2.1ubuntu9/debian/patches/CVE-2019-13305-2.patch 2019-11-11 13:18:37.000000000 +0000 @@ -0,0 +1,49 @@ +From 5c7fbf9a14fb83c9685ad69d48899f490a37609d Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Fri, 21 Jun 2019 20:27:25 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1613 + +--- + coders/pnm.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/coders/pnm.c b/coders/pnm.c +index 7f818a869..c10558d24 100644 +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1830,14 +1830,14 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image) + count=(ssize_t) FormatLocaleString(buffer,MaxTextExtent,"%u ", + ScaleQuantumToLong(index)); + extent=(size_t) count; +- (void) strncpy((char *) q,buffer,extent); +- q+=extent; +- if ((q-pixels+extent+2) >= sizeof(pixels)) ++ if ((q-pixels+extent+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); + q=pixels; + } ++ (void) strncpy((char *) q,buffer,extent); ++ q+=extent; + p++; + } + *q++='\n'; +@@ -1905,14 +1905,14 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image) + ScaleQuantumToLong(GetPixelGreen(p)), + ScaleQuantumToLong(GetPixelBlue(p))); + extent=(size_t) count; +- (void) strncpy((char *) q,buffer,extent); +- q+=extent; +- if ((q-pixels+extent+2) >= sizeof(pixels)) ++ if ((q-pixels+extent+1) >= sizeof(pixels)) + { + *q++='\n'; + (void) WriteBlob(image,q-pixels,pixels); + q=pixels; + } ++ (void) strncpy((char *) q,buffer,extent); ++ q+=extent; + p++; + } + *q++='\n';

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: kbibtex

kbibtex (0.8.1-1ubuntu3) disco; urgency=medium * debian/tests/run: Pass --class to xdotool, to exclude the Qt Selection window from the search results. -- Dmitry Shachnev <mitya57@ubuntu.com> Wed, 03 Apr 2019 13:52:18 +0300 kbibtex (0.8.1-1ubuntu2) disco; urgency=medium * No-change rebuild for icu soname changes. -- Matthias Klose <doko@ubuntu.com> Tue, 13 Nov 2018 08:02:07 +0000 kbibtex (0.8.1-1ubuntu1) disco; urgency=medium * Merge from Debian unstable. Remaining changes: - Use real KDE Frameworks -dev package build depends, instead of dropped transitionals. + kio-dev -> libkf5kio-dev + kdoctools-dev -> libkf5doctools-dev -- Rik Mills <rikmills@kubuntu.org> Sun, 11 Nov 2018 09:24:08 +0000

Modifications :
  1. Download patch debian/control

    --- 0.8.1-1/debian/control 2018-10-19 15:15:57.000000000 +0000 +++ 0.8.1-1ubuntu3/debian/control 2018-11-11 09:24:08.000000000 +0000 @@ -1,5 +1,6 @@ Source: kbibtex -Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org> Uploaders: Bastien Roucariès <rouca@debian.org> Section: kde Priority: optional @@ -8,13 +9,13 @@ Build-Depends: debhelper (>= 11), extra-cmake-modules, qtbase5-dev-tools, qtbase5-dev, - kdoctools-dev, libkf5i18n-dev, libkf5xmlgui-dev, - kio-dev (>= 5.6.0~), libkf5iconthemes-dev (>= 5.6.0~), libkf5itemviews-dev (>= 5.6.0~), libkf5completion-dev (>= 5.6.0~), + libkf5doctools-dev, + libkf5kio-dev, libkf5parts-dev (>= 5.6.0~), libkf5coreaddons-dev (>= 5.6.0~), libkf5service-dev (>= 5.6.0~),
  2. Download patch debian/tests/run

    --- 0.8.1-1/debian/tests/run 2017-09-19 13:13:34.000000000 +0000 +++ 0.8.1-1ubuntu3/debian/tests/run 2019-04-03 10:52:16.000000000 +0000 @@ -10,13 +10,13 @@ case "$1" in # send save config xdotool key alt+s # check if exist - WINDOSWSID=$(timeout $TIMEOUT xdotool search --sync kbibtex) + WINDOSWSID=$(timeout $TIMEOUT xdotool search --sync --class kbibtex) test "X$WINDOSWSID" != "X" # send quit xdotool windowclose "$WINDOSWSID" sleep $TIMEOUT # check if close - test "X$(xdotool search kbibtex)" = "X" + test "X$(xdotool search --class kbibtex)" = "X" exit 0 ;; insideorgrab)
  1. imagemagick
  2. kbibtex