Slackware has issued an advisory on May 30: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749 The issue was reported by the GraphicsMagick author, here: http://seclists.org/oss-sec/2016/q2/432
Whiteboard: (none) => MGA5TOO
Fixed upstream in 6.9.4-6, along with another possible security issue with "indirect reads" which use "@" instead of "|" for the pipes/popen CVE-2016-5118 issue. Freeze push requested for Cauldron. For Mageia 5, you'll need to rebuild ruby-rmagick again since you didn't remove the explicit version requirement last time.
Updated imagemagick-6.9.4.6-1.mga5.src.rpm submitted to mga5 core/updates_testing. I'll try to get to preparing an advisory soon. I've tested "convert" on converting a .jpg to a .png and it worked.
Package list: imagemagick-6.9.4.6-1.mga5 imagemagick-desktop-6.9.4.6-1.mga5 libmagick-6Q16_2-6.9.4.6-1.mga5 libmagick++-6Q16_6-6.9.4.6-1.mga5 libmagick-devel-6.9.4.6-1.mga5 perl-Image-Magick-6.9.4.6-1.mga5 imagemagick-doc-6.9.4.6-1.mga5 from imagemagick-6.9.4.6-1.mga5.src.rpm Shlomi, remember that ruby-rmagick needs rebuilt again too. Freeze push was pushed in Cauldron, setting version to 5.
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
Debian has issued an advisory for this on June 1: https://www.debian.org/security/2016/dsa-3591
Advisory: I have uploaded an upgraded imagemagick package to Mageia 5 core/updates_testing. It can be tested by running the imagemagick's command line tools. Suggested advisory: =================== Updated imagemagick package fixes CVE-2016-5118 and Mageia bug #18598. Slackware has issued an advisory on May 30: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749 The issue was reported by the GraphicsMagick author, here: http://seclists.org/oss-sec/2016/q2/432 ("CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename") References: * http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749 * http://seclists.org/oss-sec/2016/q2/432 * https://www.debian.org/security/2016/dsa-3591 * https://security-tracker.debian.org/tracker/CVE-2016-5118 Updated packages in core/updates_testing: ======================== imagemagick-6.9.4.6-1.mga5 imagemagick-desktop-6.9.4.6-1.mga5 libmagick-6Q16_2-6.9.4.6-1.mga5 libmagick++-6Q16_6-6.9.4.6-1.mga5 libmagick-devel-6.9.4.6-1.mga5 perl-Image-Magick-6.9.4.6-1.mga5 imagemagick-doc-6.9.4.6-1.mga5 Source RPMs: imagemagick-6.9.4.6-1.mga5.src.rpm
Assigning to QA.
Status: NEW => ASSIGNEDCC: (none) => qa-bugs
(In reply to David Walser from comment #1) > For Mageia 5, you'll need to rebuild ruby-rmagick again since you didn't > remove the explicit version requirement last time. (In reply to David Walser from comment #3) > Shlomi, remember that ruby-rmagick needs rebuilt again too.
CC: qa-bugs => shlomif
Whiteboard: (none) => feedback
6.9.4-7 fixes a path traversal issue: https://github.com/ImageMagick/ImageMagick/blob/ImageMagick-6/ChangeLog see the magick/module.c part of this commit for the fix: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb We might as well update it again. Please remember to rebuild ruby-rmagick this time.
6.9.4-8 disables indirect reads by policy, and it fixes a heap overflow: http://git.imagemagick.org/repos/ImageMagick/blob/ImageMagick-6/ChangeLog
(In reply to David Walser from comment #9) > 6.9.4-8 disables indirect reads by policy, and it fixes a heap overflow: > http://git.imagemagick.org/repos/ImageMagick/blob/ImageMagick-6/ChangeLog imagemagick 6.9.4.8 was just submitted to the core 5 updates_testing repository. Sorry it took me so long. I'll see about rebuilding ruby-rmagick next.
Thanks. Package list is below. Just need an advisory. ruby-rmagick-2.13.2-21.2.mga5 ruby-rmagick-doc-2.13.2-21.2.mga5 imagemagick-6.9.4.8-1.mga5 imagemagick-desktop-6.9.4.8-1.mga5 libmagick-6Q16_2-6.9.4.8-1.mga5 libmagick++-6Q16_6-6.9.4.8-1.mga5 libmagick-devel-6.9.4.8-1.mga5 perl-Image-Magick-6.9.4.8-1.mga5 imagemagick-doc-6.9.4.8-1.mga5 Source RPMs: ruby-rmagick-2.13.2-21.2.mga5.src.rpm imagemagick-6.9.4.8-1.mga5.src.rpm
Assignee: shlomif => qa-bugsWhiteboard: feedback => (none)
Installed the updates on x86_64 and generated some images using the built-in image creation functions. $ convert -size 200x160 canvas:MistyRose rose.png $ convert -size 100x100 gradient:tomato-steelblue gradient_5.jpg $ convert -size 60x500 gradient:'#FFF-#0FF' -rotate 90 -set colorspace HSB -colorspace RGB rainbow_2.jpg $ convert -size 100x100 plasma:yellow yellowplasma.jpg $ convert -size 400x200 xc: -sparse-color barycentric '0,0 skyblue -%w,%h skyblue %w,%h black' diagonal_gradient.jpg Converted a jpeg image to PNG format and then the png image to GIF without any degradation. Resized an image in place by 60%. $ mogrify -resize 60%x60% -quality 100 ensemble.jpg Generated a squashed image in a different image format. $ convert -resize 120%x80% -quality 100 ensemble.png squashed.jpg Create a vignetted picture of a rose (from stock image). $ convert rose: -background black -vignette 0x5 rose_vignette.gif Make a vignette from an image: $ convert -background none -vignette 0x10 ensemble.jpg vignette.jpg Hide a message in another image: $ convert -gravity center -size 60x50 label:"Morning QA" message.png $ composite message.png rose: -stegano +15+2 rose_message.png And recover the message: $ convert -size 60x50+15+2 stegano:rose_message.png recovered.png Examine a set of images: $ identify *{gif,png} ensemble.gif GIF 550x845 550x845+0+0 8-bit sRGB 256c 355KB 0.000u 0:00.000 message.gif GIF 50x40 50x40+0+0 8-bit sRGB 128c 728B 0.000u 0:00.000 pbl130.gif GIF 343x664 343x664+0+0 8-bit sRGB 256c 128KB 0.000u 0:00.000 rose_vignette.gif GIF 70x46 70x46+0+0 8-bit sRGB 256c 3.73KB 0.000u 0:00.000 ensemble.png PNG 660x676 660x676+0+0 8-bit sRGB 535KB 0.000u 0:00.000 message.png PNG 60x50 60x50+0+0 16-bit sRGB 932B 0.000u 0:00.000 recovered.png PNG 60x50 60x50+0+0 16-bit sRGB 1.75KB 0.000u 0:00.000 rose_message.png PNG 70x46 70x46+0+0 16-bit sRGB 13.3KB 0.000u 0:00.000 Rotate an image: $ mogrify -rotate 270 anyimage.jpg Most of these and many other examples can be found at http://www.imagemagick.org/Usage/transform/ This looks fine so far. Can we assume that functionality tests are all that is required here? Shall look into ruby-rmagick next.
CC: (none) => tarazed25
(In reply to Len Lawrence from comment #12) > This looks fine so far. Can we assume that functionality tests are all that > is required here? Mostly, yes. There's a PoC for the CVE in this message: http://seclists.org/oss-sec/2016/q2/432 It would be nice to try that.
Testing+ M5 x64 Further to Len's exhaustive work in Comment 12, I tried the POC. The URL in Comment 13 (thanks David) shows identical data to the same problem for GraphicksMagic. BEFORE UPDATE imagemagick-6.9.4.2-0.1.mga5 lib64magick-6Q16_2-6.9.4.2-0.1.mga5 lib64magick++-6Q16_5-6.8.9.9-4.2.mga5 [note] perl-Image-Magick-6.9.4.2-0.1.mga5 ruby-rmagick-2.13.2-21.1.mga5 $ rm -f hello.txt $ convert '|echo Hello > hello.txt;' null: convert: no decode delegate for this image format `TXT;' @ error/constitute.c/ReadImage/504. convert: no images defined `null:' @ error/convert.c/ConvertImageCommand/3257. $ cat hello.txt Hello which is *wrong*. AFTER UPDATE imagemagick-6.9.4.8-1.mga5 lib64magick-6Q16_2-6.9.4.8-1.mga5 lib64magick++-6Q16_5-6.8.9.9-4.2.mga5 [note] perl-Image-Magick-6.9.4.8-1.mga5 ruby-rmagick-2.13.2-21.2.mga5 $ rm -f hello.txt $ convert '|echo Hello > hello.txt;' null: convert: unable to open image `|echo Hello > hello.txt;': No such file or directory @ error/blob.c/OpenBlob/2705. convert: no decode delegate for this image format `TXT;' @ error/constitute.c/ReadImage/504. convert: no images defined `null:' @ error/convert.c/ConvertImageCommand/3257. $ cat hello.txt cat: hello.txt: No such file or directory which is *correct*. So that is sorted. ______________________________________ lib64magick++-6Q16_5-6.8.9.9-4.2.mga5 stays the same after the update, whereas it should be (Comment 11): lib64magick++-6Q16_6-6.9.4.8-1.mga5 It was not in Updates Testing. Witholding the MGA5-64-OK for the moment, but please put it if this incident is unimportant.
CC: (none) => lewyssmith
libmagick++-6Q16_6 is in updates_testing, so you might have a mirror issue if you don't see it. It will not just automatically replace the _5 one with the _6 one though, so you might have just had a misunderstanding there. You raise an important issue though, I hadn't noticed that library major changed, so we'll need to rebuild all of the packages that use it (we should have done so last time): converseen cuneiform-linux inkscape k3d kcm-grub2 kxstitch performous perl-Image-SubImageFind pfstools pstoedit pythonmagick synfig vdr-plugin-skinelchi vdr-plugin-skinenigmang
(In reply to David Walser from comment #15) > libmagick++-6Q16_6 is in updates_testing, so you might have a mirror issue > if you don't see it. It will not just automatically replace the _5 one with > the _6 one though, so you might have just had a misunderstanding there. > > I hadn't noticed that library major changed > Well, I had lib64magick++-6Q16_5 before the update, so the subtle (despite being called 'major') number change would have meant legitimately that I did not see the new lib64magick++-6Q16_6 not having the prior one! Will the update automatically make the _5 to _6 jump?
(In reply to Lewis Smith from comment #16) > Will the update automatically make the _5 to _6 jump? If you didn't have _5 installed, you won't have either, but if you did, currently all of the packages that are built against it require _5. They won't require _6 until we rebuild them. Once we do that, updating the rebuilt packages will install _6 and _5 will get orphaned.
@Lewis Thanks for chasing up the PoC. As I did not have the packages installed before the update only the "6" library packages appeared. Tested the RMagick gem with ruby: #!/bin/env ruby # # rim.rb # Test harness for some RMagick methods # Refer to https://rmagick.github.io/usage.html for detailed usage. require 'RMagick' include Magick box = { } generate = Proc.new { |colour| Image.new( 240, 180 ){ self.background_color = colour } } # Create image object from a JPEG file star = ImageList.new( "MariaSharapova_2.jpg" ) maria = star.minify # Display half size image maria.display # Convert an image to another format star.write "tennis_star.png" puts star.inspect # This returns image information: # [MariaSharapova_2.jpg=>tennis_star.png JPEG 564x749 564x749+0+0 DirectClass 8-bit 433kb] # Display the original image in PNG format ImageList.new( "tennis_star.png" ).display star = ImageList.new( "MariaSharapova_3.jpg" ) newimage = star.frame( width=25, height=25, x=25, y=25, inner_bevel=6, outer_bevel=6, color='OliveDrab' ) newimage.display # Create a coloured panel and display it rectangle = Image.new( 220, 160 ) { self.background_color = "CadetBlue" } rectangle.display colour = %w( red orange yellow green blue indigo violet ) colour.each { |hue| box[hue] = generate.call hue } # Create an animated gif names = [ ] box.each_key { |s| box[s].write( "#{s}.gif" ); names << "#{s}.gif" } animation = ImageList.new( *names ) animation.write( "rainbow.gif" ) # Show the animation system "eom rainbow.gif" exit All the tests worked as expected so maybe we can give this the OK?
To be more precise, before the update rmagick and the lib64 packages were not installed.
Well, we can make a note that as far as ImageMagick itself, you've tested it and it's MGA5-64-OK. We still need Shlomi to rebuild the packages I listed in Comment 15.
OK David. Thanks. So that means we shall have to revisit this bug or will it be a new one?
I guess we could do it either way, but since we should have rebuilt those last time, the sooner we can get that done the better.
Running some checks on i586 in virtualbox Before update the PoC gave the result posted in comment 14. $ convert '|echo Hello > hello.txt;' null: convert: no decode delegate for this image format `TXT;' @ error/constitute.c/ReadImage/504. convert: no images defined `null:' @ error/convert.c/ConvertImageCommand/3257. $ cat hello.txt Hello Updated and installed the packages. Cherrypicking: - imagemagick-6.9.4.8-1 - libmagick-6Q16_2-6.9.4.8-1 Manual: libmagick++-6Q16_6-6.9.4.8-1 libmagick-devel-6.9.4.8-1 pulled in 15 other packages perl-Image-Magick-6.9.4.8-1 imagemagick-doc-6.9.4.8-1 imagemagick-desktop-6.9.4.8-1 pulled in luit and xterm ruby-rmagick-2.13.2-21.2 ruby-rmagick-doc-2.13.2-21.2 PoC test after update: $ rm hello.txt $ convert '|echo Hello > hello.txt;' null: convert: unable to open image `|echo Hello > hello.txt;': No such file or directory @ error/blob.c/OpenBlob/2705. convert: no decode delegate for this image format `TXT;' @ error/constitute.c/ReadImage/504. convert: no images defined `null:' @ error/convert.c/ConvertImageCommand/3257. $ cat hello.txt cat: hello.txt: No such file or directory Just as Lewis said. Put imagemagick through its paces by running convert/mogrify/identify on a selection of images and exercized some of the canvas image creation commands as before, using eom to view images. Not quite true that PNG or JPEG images convert to GIF without degradation. The limited colourspace of GIF images means that the conversions can never be perfect. Tested rmagick gem using the earlier ruby script. No problems there either. ImageMagick is good for 32bits.
Assigning to Shlomi to rebuild the packages listed in Comment 15.
CC: (none) => qa-bugsAssignee: qa-bugs => shlomif
(In reply to David Walser from comment #15) > libmagick++-6Q16_6 is in updates_testing, so you might have a mirror issue > if you don't see it. It will not just automatically replace the _5 one with > the _6 one though, so you might have just had a misunderstanding there. > > You raise an important issue though, I hadn't noticed that library major > changed, so we'll need to rebuild all of the packages that use it (we should > have done so last time): > converseen submitted. > cuneiform-linux submitted. > inkscape still getting built. > k3d this fails to build here - [ 12%] Building CXX object k3dsdk/CMakeFiles/k3dsdk.dir/user_property_changed_signal.cpp.o [ 12%] Building CXX object k3dsdk/CMakeFiles/k3dsdk.dir/ustring.cpp.o [ 12%] Building CXX object k3dsdk/CMakeFiles/k3dsdk.dir/utility_gl.cpp.o [ 12%] Building CXX object k3dsdk/CMakeFiles/k3dsdk.dir/uuid.cpp.o /home/shlomif/Download/unpack/Mageia/5/k3d/BUILD/k3d-source-0.8.0.2/k3dsdk/uuid.cpp:32:24: fatal error: uuid/uuid.h: No such file or directory #include <uuid/uuid.h> ^ compilation terminated. k3dsdk/CMakeFiles/k3dsdk.dir/build.make:2745: recipe for target 'k3dsdk/CMakeFiles/k3dsdk.dir/uuid.cpp.o' failed make[2]: *** [k3dsdk/CMakeFiles/k3dsdk.dir/uuid.cpp.o] Error 1 CMakeFiles/Makefile2:107: recipe for target 'k3dsdk/CMakeFiles/k3dsdk.dir/all' failed make[1]: *** [k3dsdk/CMakeFiles/k3dsdk.dir/all] Error 2 Makefile:117: recipe for target 'all' failed make: *** [all] Error 2 error: Bad exit status from /home/shlomif/Download/unpack/Mageia/5/k3d/BUILDROOT/rpm-tmp.BGqAVH (%build) RPM build errors: Bad exit status from /home/shlomif/Download/unpack/Mageia/5/k3d/BUILDROOT/rpm-tmp.BGqAVH (%build) error: failed! shlomif[rpms]:$mageia/5/k3d$ ack -g uuid.h BUILD/k3d-source-0.8.0.2/k3dsdk/uuid.h > kcm-grub2 > kxstitch > performous > perl-Image-SubImageFind > pfstools > pstoedit > pythonmagick > synfig > vdr-plugin-skinelchi > vdr-plugin-skinenigmang I'll deal with those later.
For k3d, try changing the BR pkgconfig(uuid) to uuid-devel. Unfortunately, there's some ossp_uuid thing that also provides pkgconfig(uuid) that might be messing it up.
(In reply to Shlomi Fish from comment #25) > (In reply to David Walser from comment #15) > > libmagick++-6Q16_6 is in updates_testing, so you might have a mirror issue > > if you don't see it. It will not just automatically replace the _5 one with > > the _6 one though, so you might have just had a misunderstanding there. > > > > You raise an important issue though, I hadn't noticed that library major > > changed, so we'll need to rebuild all of the packages that use it (we should > > have done so last time): > > converseen > > submitted. > > > cuneiform-linux > > submitted. > > > inkscape > > still getting built. > > > k3d > > this fails to build here - > [ 12%] Building CXX object > k3dsdk/CMakeFiles/k3dsdk.dir/user_property_changed_signal.cpp.o > [ 12%] Building CXX object k3dsdk/CMakeFiles/k3dsdk.dir/ustring.cpp.o > [ 12%] Building CXX object k3dsdk/CMakeFiles/k3dsdk.dir/utility_gl.cpp.o > [ 12%] Building CXX object k3dsdk/CMakeFiles/k3dsdk.dir/uuid.cpp.o > /home/shlomif/Download/unpack/Mageia/5/k3d/BUILD/k3d-source-0.8.0.2/k3dsdk/ > uuid.cpp:32:24: fatal error: uuid/uuid.h: No such file or directory > #include <uuid/uuid.h> > ^ > compilation terminated. > k3dsdk/CMakeFiles/k3dsdk.dir/build.make:2745: recipe for target > 'k3dsdk/CMakeFiles/k3dsdk.dir/uuid.cpp.o' failed > make[2]: *** [k3dsdk/CMakeFiles/k3dsdk.dir/uuid.cpp.o] Error 1 > CMakeFiles/Makefile2:107: recipe for target > 'k3dsdk/CMakeFiles/k3dsdk.dir/all' failed > make[1]: *** [k3dsdk/CMakeFiles/k3dsdk.dir/all] Error 2 > Makefile:117: recipe for target 'all' failed > make: *** [all] Error 2 > error: Bad exit status from > /home/shlomif/Download/unpack/Mageia/5/k3d/BUILDROOT/rpm-tmp.BGqAVH (%build) > > > RPM build errors: > Bad exit status from > /home/shlomif/Download/unpack/Mageia/5/k3d/BUILDROOT/rpm-tmp.BGqAVH (%build) > error: failed! > shlomif[rpms]:$mageia/5/k3d$ ack -g uuid.h > BUILD/k3d-source-0.8.0.2/k3dsdk/uuid.h > > > > kcm-grub2 > > kxstitch > > performous > > perl-Image-SubImageFind > > pfstools > > pstoedit > > pythonmagick > > synfig > > vdr-plugin-skinelchi > > vdr-plugin-skinenigmang > > I'll deal with those later. I submitted most of them yesterday now.
(In reply to David Walser from comment #26) > For k3d, try changing the BR pkgconfig(uuid) to uuid-devel. Unfortunately, > there's some ossp_uuid thing that also provides pkgconfig(uuid) that might > be messing it up. Thanks! I'm going to try that.
(In reply to David Walser from comment #26) > For k3d, try changing the BR pkgconfig(uuid) to uuid-devel. Unfortunately, > there's some ossp_uuid thing that also provides pkgconfig(uuid) that might > be messing it up. Yeah, I fixed prefer.vendor.list in meta-task for this issue in cauldron yesterday.... I guess we could push a meta-task update in mga5 too
CC: (none) => tmb
SRPMS for the rebuilds: converseen-0.8.3-3.1.mga5 cuneiform-linux-1.1.0-6.1.mga5 inkscape-0.91-1.1.mga5 k3d-0.8.0.2-10.1.mga5 kcm-grub2-0.5.8-12.2.mga5 kxstitch-1.2.0-3.1.mga5 performous-0.8.0-0.20141015.2.1.mga5 perl-Image-SubImageFind-0.30.0-2.1.mga5 pfstools-1.8.5-1.1.mga5 pstoedit-3.62-5.1.mga5 pythonmagick-0.9.12-1.mga5 synfig-0.64.1-6.1.mga5 vdr-plugin-skinelchi-0.2.8-6.1.mga5 vdr-plugin-skinenigmang-0.1.2-8.1.mga5 pfstools hasn't been successfully built yet, because first octave needs to be rebuilt because of the graphicsmagick update (Bug 17714).
Full package list for the rebuilds once they're done will be: converseen-0.8.3-3.1.mga5 cuneiform-linux-1.1.0-6.1.mga5 libcuneiform0-1.1.0-6.1.mga5 libcuneiform-devel-1.1.0-6.1.mga5 inkscape-0.91-1.1.mga5 k3d-0.8.0.2-10.1.mga5 k3d-devel-0.8.0.2-10.1.mga5 kcm-grub2-0.5.8-12.2.mga5 kxstitch-1.2.0-3.1.mga5 kxstitch-handbook-1.2.0-3.1.mga5 performous-0.8.0-0.20141015.2.1.mga5 perl-Image-SubImageFind-0.30.0-2.1.mga5 pfstools-1.8.5-1.1.mga5 libpfstools1.2_0-1.8.5-1.1.mga5 pfstools-qt-1.8.5-1.1.mga5 pfstools-glview-1.8.5-1.1.mga5 pfstools-exr-1.8.5-1.1.mga5 pfstools-imgmagick-1.8.5-1.1.mga5 pfstools-octave-1.8.5-1.1.mga5 pfstools-gdal-1.8.5-1.1.mga5 libpfstools-devel-1.8.5-1.1.mga5 pstoedit-3.62-5.1.mga5 libpstoedit0-3.62-5.1.mga5 libpstoedit-devel-3.62-5.1.mga5 pythonmagick-0.9.12-1.mga5 synfig-0.64.1-6.1.mga5 libsynfig0-0.64.1-6.1.mga5 libsynfig-devel-0.64.1-6.1.mga5 vdr-plugin-skinelchi-0.2.8-6.1.mga5 vdr-plugin-skinenigmang-0.1.2-8.1.mga5
Package lists in Comment 11 (imagemagick and ruby-rmagick), Comment 30 (srpms for rebuilt packages), Comment 31 (rpms for rebuilt packages). Suggested advisory: =================== Updated imagemagick package fixes security vulnerabilities: The OpenBlob function in blob.c in ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename (CVE-2016-5118). Also, several packages have been rebuilt to use the updated Magick++-6.Q16 library. These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2, kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit, pythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118 http://seclists.org/oss-sec/2016/q2/432 http://git.imagemagick.org/repos/ImageMagick/blob/ImageMagick-6/ChangeLog https://www.debian.org/security/2016/dsa-3591
CC: qa-bugs => (none)Whiteboard: feedback => (none)
Actually assigning to QA. See Comment 32 for needed info. It sounded like imagemagick itself (and ruby-rmagick) had been tested already, so we should just need a quick check for the rebuilt packages.
Assignee: shlomif => qa-bugs
Checking or downloading these packages for x86_64....
Pre-update. Had to give up on testing the vdr skins because I could not get anywhere with vdr. Installed it and ran w_scan to generate a channels.conf file launched vdr as a service and went looking for frontends. kodi was mentioned but that proved totally intractable. After wasting over five hours on all this it became obvious that getting kodi to work would take several months, so that goes into the bin. I am quite happy with vlc for TV so it looks like somebody else will have to test those skins. Going on to the other packages right now.
The pfs packages install a set of tools named pfs*, 38 of them, most of which should be used in a pipe from an HDR (high dynamic range) image stream; $ pfsin someimage.hdr | pfsglview The problem is to find HDR images. The site http://pages.cs.wisc.edu/~csverma/CS766_09/HDRI/DataSet/ provides several HDR datasets but they come as JPEG images which cause a segfault; $ pfsin aligned_00241.jpg | pfsglview /bin/pfsin: line 87: 29622 Segmentation fault pfsinimgmagick "$file_pattern" $global_arguments $extra_arguments terminate called after throwing an instance of 'PFSglViewException' Abort $ pfsin aligned_00241.jpg | pfsrotate -r 180 /bin/pfsin: line 87: 31722 Segmentation fault pfsinimgmagick "$file_pattern" $global_arguments $extra_arguments Maybe this will disappear after the update. Watch this space. $ cuneiform -l eng aligned_00259.jpg Cuneiform for Linux 1.1.0 *** Error in `cuneiform': free(): invalid pointer: 0x0000000000d44ff0 *** converseen launches a gui which I think is for editing images, manipulating transparency and that sort of thing. Images can be added but the application segfaults when one is selected. $ converseen File converseen libpng warning: iCCP: known incorrect sRGB profile Segmentation fault followed by a backtrace. inkscape, k3d and kxstitch look like they are working. The guis appear and samples display alright. performous fails; $ performous logger/notice: Logging all notices, warnings and errors. Log file: /home/lcl/.cache/performous/infolog.txt core/notice: Performous 0.8 starting... Build date: Nov 14 2014 Internationalization: Enabled MIDI Hardware I/O: Enabled Webcam support: Enabled core/notice: Starting the audio subsystem (errors printed on console may be ignored). ALSA lib pcm_dsnoop.c:618:(snd_pcm_dsnoop_open) unable to open slave ALSA lib pcm_dmix.c:1022:(snd_pcm_dmix_open) unable to open slave ALSA lib pcm.c:2239:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.rear ALSA lib pcm.c:2239:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.center_lfe ALSA lib pcm.c:2239:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.side ALSA lib pcm_dmix.c:1022:(snd_pcm_dmix_open) unable to open slave Cannot connect to server socket err = No such file or directory Cannot connect to server request channel jack server is not running or cannot be started audio/error: Audio device 'dev="USBMIC" mics="blue,red"': No such device. audio/error: Audio device 'dev="Microphone" mics="*"': No such device. audio/error: Audio device 'mics="blue"': Device doesn't have enough input channels libGL error: No matching fbConfigs or visuals found libGL error: failed to load driver: swrast libGL error: No matching fbConfigs or visuals found libGL error: failed to load driver: i965 libGL error: No matching fbConfigs or visuals found libGL error: failed to load driver: swrast FATAL ERROR: OpenGL 2.1 is required but not available pythonmagick is a python wrapper for ImageMagick as you would expect. It needs a test script; I am willing but expect MrsB would rap my knuckles. $ urpmq --whatrequires pythonmagick pythonmagick Going for the updates now.
VDR has it's own frontend, maybe web based but it's been a long time since I used it so can't be sure now. By default it's a bit psychedelic. The skins presumably skin this frontend.
The immersive interface for kodi takes over the monitor just like MythTV. TCP port 8100 is mentioned in some of the configuration options so I tried localhost:8100 in firefox, without any result. Thanks. $ urpmq --whatrequires kodi kodi xbmc-addon-xvdr xbmc seems to be an alias for kodi: # urpmi xbmc A requested package cannot be installed: kodi-14.0-2.mga5.x86_64 (in order to keep kodi-14.0-2.1.mga5.x86_64) # urpmi xbmc-addon-xvdr Package xbmc-addon-xvdr-0.9.8-1.git20131223.3.mga5.x86_64 is already installed
Just ensure the packages update cleanly then Len. They're pretty obscure.
After updating all packages: pfsin, pfsinmulti, pfscat, pfsglview, pfscut, pfsrotate, pfsflip, pfsout all work. Note that output of a JPEG input file to HDR format creates someimage.hdr which cannot be viewed in a standard application like eom or gwenview. Use :- $ pfsin somefile.hdr | pfsglview $ pfsv somefile.hdr does not work but it works for the original JPEG files. I am happy with pfs tools after the update. cuneiform is an OCR application but I don't know how to run it. It does not fail when an image is thrown at it. It just hangs. performous fails in exactly the same way as before, on the OpenGL 2.1 error, but I would guess this has nothing to do with imagemagick, probably more a case of PEBCK. On the face of it converseen seems to work. It accepted a jpeg image, displayed it and ran a null conversion on it and output the result as a new jpeg, which looked like the original image when viewed, as expected. synfig is an image animation program but I don't know what kind of input it expects without a self-teaching course. It does not crash; simply complains about the arguments. Have to leave it at that. As before, inkscape, k3d, and kxstitch present guis which work as far as I can tell. kcm-grub2 has something to do with editing the bootloader. Web searches indicate that it is integrated into KDE system settings under the entry Startup and Shutdown. Opened that and looked at the grub2 editor but made no changes. No reason to suppose it is not working. I am inclined to say that the packages work but would prefer to defer to higher authorities. However, noting Claire's comment 39 giving them the OK.
Whiteboard: (none) => MGA5-64-OK
I just noticed the references to the plugins when vdr.service is stopped. # systemctl stop vdr # systemctl status vdr â vdr.service - Video Disk Recorder Loaded: loaded (/usr/lib/systemd/system/vdr.service; enabled) Active: inactive (dead) since Sun 2016-06-26 22:54:06 BST; 9s ago Docs: man:vdr(1) file:///usr/share/doc/vdr/README.install.urpmi file:///usr/share/doc/vdr/MANUAL file:///usr/share/doc/vdr/INSTALL Process: 8204 ExecStart=/usr/bin/runvdr (code=exited, status=0/SUCCESS) Main PID: 8204 (code=exited, status=0/SUCCESS) Jun 26 22:54:04 vega vdr[8218]: [8218] stopping plugin: skinenigmang Jun 26 22:54:04 vega vdr[8218]: [8218] stopping plugin: skinelchi Jun 26 22:54:04 vega vdr[8218]: [8218] stopping plugin: xvdr Jun 26 22:54:04 vega vdr[8218]: [8218] XVDR: XVDR Server stopped Jun 26 22:54:04 vega vdr[8218]: [8218] saved setup to /var/lib/vdr/config/s...nf Jun 26 22:54:05 vega vdr[8218]: [8224] section handler thread ended (pid=82...4) Jun 26 22:54:05 vega vdr[8218]: [8223] tuner on frontend 0/0 thread ended (...3) Jun 26 22:54:05 vega vdr[8218]: [8218] deleting plugin: skinenigmang Jun 26 22:54:05 vega vdr[8218]: [8218] deleting plugin: skinelchi Jun 26 22:54:05 vega vdr[8218]: [8218] deleting plugin: xvdr Hint: Some lines were ellipsized, use -l to show in full. Just to emphasize that the skins were plugged in.
Another rider. had a look at converseen again. Found an icon named swfdec.png with a transparent background which I converted to some vile colour which showed up in the saved image.
CVE-2016-5841 and CVE-2016-5842 have been assigned: http://openwall.com/lists/oss-security/2016/06/25/3 They were fixed in 6.9.4-10 (already in Cauldron). Shlomi, we should update this again. QA: note that this won't affect the rebuilt packages from Comment 31, as they were just rebuilt against an updated library major, so only imagemagick itself would need to be retested.
Ran some tests on the rebuilt packages in i586 virtualbox. Updated all the packages and checked the PoC. That was OK. Tested a number of the pfstools - all ran fine. Had a look at some of the other packages and tested those that were amenable to testing like converseen, k3d and inkscape, albeit shallow testing. Giving this a pass for 32-bits.
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK
With special thanks to Len for his widespread & difficult testing of things depending on this update, validating it.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Based on comment 30, should this update be held till bug 17714 has been tested too?
CC: (none) => davidwhodgins
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK feedback
(In reply to Dave Hodgins from comment #46) > Based on comment 30, should this update be held till bug 17714 has been > tested > too? Yes, and imagemagick needs to be updated again anyway (Bug 18841).
Depends on: (none) => 17714
Thanks. Removing validated_update from this bug.
Keywords: validated_update => (none)
Shlomi has uploaded 6.9.5.2, fixing CVE-2016-584[12]. Suggested advisory: =================== Updated imagemagick package fixes security vulnerabilities: The OpenBlob function in blob.c in ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename (CVE-2016-5118). Integer overflow in MagickCore/profile.c (CVE-2016-5841). Buffer overread in MagickCore/property.c (CVE-2016-5842). Also, several packages have been rebuilt to use the updated Magick++-6.Q16 library. These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2, kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit, pythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5842 http://seclists.org/oss-sec/2016/q2/432 http://openwall.com/lists/oss-security/2016/06/25/3 http://git.imagemagick.org/repos/ImageMagick/blob/ImageMagick-6/ChangeLog https://www.debian.org/security/2016/dsa-3591 =================== Updated pacakges in core/updates_testing: =================== imagemagick-6.9.5.2-1.mga5 imagemagick-desktop-6.9.5.2-1.mga5 libmagick-6Q16_2-6.9.5.2-1.mga5 libmagick++-6Q16_6-6.9.5.2-1.mga5 libmagick-devel-6.9.5.2-1.mga5 perl-Image-Magick-6.9.5.2-1.mga5 imagemagick-doc-6.9.5.2-1.mga5 converseen-0.8.3-3.1.mga5 cuneiform-linux-1.1.0-6.1.mga5 libcuneiform0-1.1.0-6.1.mga5 libcuneiform-devel-1.1.0-6.1.mga5 inkscape-0.91-1.1.mga5 k3d-0.8.0.2-10.1.mga5 k3d-devel-0.8.0.2-10.1.mga5 kcm-grub2-0.5.8-12.2.mga5 kxstitch-1.2.0-3.1.mga5 kxstitch-handbook-1.2.0-3.1.mga5 performous-0.8.0-0.20141015.2.1.mga5 perl-Image-SubImageFind-0.30.0-2.1.mga5 pfstools-1.8.5-1.1.mga5 libpfstools1.2_0-1.8.5-1.1.mga5 pfstools-qt-1.8.5-1.1.mga5 pfstools-glview-1.8.5-1.1.mga5 pfstools-exr-1.8.5-1.1.mga5 pfstools-imgmagick-1.8.5-1.1.mga5 pfstools-octave-1.8.5-1.1.mga5 pfstools-gdal-1.8.5-1.1.mga5 libpfstools-devel-1.8.5-1.1.mga5 pstoedit-3.62-5.1.mga5 libpstoedit0-3.62-5.1.mga5 libpstoedit-devel-3.62-5.1.mga5 pythonmagick-0.9.12-1.mga5 synfig-0.64.1-6.1.mga5 libsynfig0-0.64.1-6.1.mga5 libsynfig-devel-0.64.1-6.1.mga5 vdr-plugin-skinelchi-0.2.8-6.1.mga5 vdr-plugin-skinenigmang-0.1.2-8.1.mga5 from SRPMS: imagemagick-6.9.5.2-1.mga5.src.rpm converseen-0.8.3-3.1.mga5.src.rpm cuneiform-linux-1.1.0-6.1.mga5.src.rpm inkscape-0.91-1.1.mga5.src.rpm k3d-0.8.0.2-10.1.mga5.src.rpm kcm-grub2-0.5.8-12.2.mga5.src.rpm kxstitch-1.2.0-3.1.mga5.src.rpm performous-0.8.0-0.20141015.2.1.mga5.src.rpm perl-Image-SubImageFind-0.30.0-2.1.mga5.src.rpm pfstools-1.8.5-1.1.mga5.src.rpm pstoedit-3.62-5.1.mga5.src.rpm pythonmagick-0.9.12-1.mga5.src.rpm synfig-0.64.1-6.1.mga5.src.rpm vdr-plugin-skinelchi-0.2.8-6.1.mga5.src.rpm vdr-plugin-skinenigmang-0.1.2-8.1.mga5.src.rpm
Whiteboard: MGA5-64-OK MGA5-32-OK feedback => (none)
Summary: imagemagick new security issue CVE-2016-5118 => imagemagick new security issues CVE-2016-5118, CVE-2016-5841, and CVE-2016-5842
*** Bug 18841 has been marked as a duplicate of this bug. ***
CC: lewyssmith => (none)
Hope to get round to this later today.
x86_64 / Mate / nvidia Before updates: Looked for any new PoC. Did not see any. Checked current status: The pipe text insertion vulnerability had been fixed. $ convert '|echo Hello > hello.txt;' null: convert: unable to open image `|echo Hello > hello.txt;': No such file or directory @ error/blob.c/OpenBlob/2705. convert: no decode delegate for this image format `TXT;' @ error/constitute.c/ReadImage/504. convert: no images defined `null:' @ error/convert.c/ConvertImageCommand/3257. $ ls hello.txt ls: cannot access hello.txt: No such file or directory The related SVG command insertion weakness seems to have been corrected. $ display test.svg This shows an image with the text "Linked image" framed in a red line box. $ ls hello.txt ls: cannot access hello.txt: No such file or directory
Ran updates. Most of the dependent packages were already in place. Put ImageMagick through its paces; display, identify, mogrify, convert with flip, rotate, resize and other options. Conversions from svg to png, png to jpeg, jpeg to gif, png to tiff, jpeg to tiff, tiff to jpeg. Other functions worked fine as well. A comprehensive guide to the functionality of ImageMagick can be found at the aforementioned link http://www.imagemagick.org/Usage/transform/ ------------------------------------------------------------------------------------ $ identify *.tif* example.tiff TIFF 200x200 200x200+0+0 8-bit sRGB 120KB 0.000u 0:00.000 PIA13706_fig1.tif TIFF 8192x7051 8192x7051+0+0 8-bit sRGB 13.62MB 0.000u 0:00.000 The large TIFF image displayed fine. $ convert -resize 20x20% -quality 100 PIA13706_fig1.tif mars.jpg $ identify mars.jpg mars.jpg JPEG 1638x1410 1638x1410+0+0 8-bit sRGB 993KB 0.000u 0:00.000 $ display mars.jpg $ convert -resize 200x200% mars.jpg SantaMaria.tif $ identify SantaMaria.tif SantaMaria.tif TIFF 3276x2820 3276x2820+0+0 8-bit sRGB 27.74MB 0.000u 0:00.000 $ ls -l SantaMaria.tif -rw-r--r-- 1 lcl wireshark 27741804 Jul 17 10:32 SantaMaria.tif $ display SantaMaria.tif Both the JPEG and doubly converted TIFF images looked fine, with no obvious loss of image quality. Several options at a time: $ convert -flip -resize 50% -quality 100 clock.png x.jpg Convert in place: $ mogrify -resize 80x80% -quality 100 mars.jpg $ identify mars.jpg mars.jpg JPEG 1310x1128 1310x1128+0+0 8-bit sRGB 684KB 0.000u 0:00.000 Use image from built-in image library: $ convert rose: rose.png Image creation functions: $ convert -size 200x160 canvas:MistyRose rosy.jpg That creates a pink rectangle and this a horizontal rainbow, sort of. $ convert -size 60x500 gradient:'#FFF-#0FF' -rotate 90 -set colorspace HSB -colorspace RGB rainbow_2.jpg Make image from text: $ convert -gravity center -size 200x120 label:"Morning QA" message.png Make a vignette from a stock image: $ convert rose: -background PeachPuff -vignette 0x5 rose_vignette.gif Create a diagonal colour gradient: $ convert -size 400x200 xc: -sparse-color barycentric '0,0 skyblue -%w,%h skyblue %w,%h black' diagonal_gradient.jpg That should do for now. Having a look at some of the dependent packages next.
Used converseen to fill in a transparent png image with a pale blue colour. Opened kxstitch and the handbook and made up a palette but took it no further. The application acts a bit like a bitmap editor. A few childish scribbles with inkscape - seems to work. Created some interesting 3D objects with k3d. Started vdr service but had trouble finding a front end for it to test the skins. The two plugins listed installed to /usr/share/vdr/defaults as .defaults and .params files. Hints on the web that xine could be configured as a frontend for vdr but nothing specific. Installed vdr-plugin-xineliboutput and xineliboutput-sxfe and attempted to configure xineliboutput but could not get vdr.service started properly. No future in this but the status message indicated that the plugins had been loaded. # systemctl status -l vdr.service â vdr.service - Video Disk Recorder Loaded: loaded (/usr/lib/systemd/system/vdr.service; disabled) Active: failed (Result: exit-code) since Sun 2016-07-17 17:11:11 BST; 2s ago Docs: man:vdr(1) file:///usr/share/doc/vdr/README.install.urpmi file:///usr/share/doc/vdr/MANUAL file:///usr/share/doc/vdr/INSTALL Process: 12398 ExecStart=/usr/bin/runvdr (code=exited, status=1/FAILURE) Main PID: 12398 (code=exited, status=1/FAILURE) Jul 17 17:11:10 vega vdr[12414]: [12420] section handler thread ended (pid=12414, tid=12420) Jul 17 17:11:11 vega vdr[12414]: [12419] tuner on frontend 0/0 thread ended (pid=12414, tid=12419) Jul 17 17:11:11 vega vdr[12414]: [12414] [xine..put] cXinelibDevice::StopDevice(): Stopping device ... Jul 17 17:11:11 vega vdr[12414]: [12414] deleting plugin: skinenigmang Jul 17 17:11:11 vega vdr[12414]: [12414] deleting plugin: xineliboutput Jul 17 17:11:11 vega vdr[12414]: [12414] deleting plugin: skinelchi Jul 17 17:11:11 vega runvdr[12398]: VDR configuration error Jul 17 17:11:11 vega systemd[1]: vdr.service: main process exited, code=exited, status=1/FAILURE Jul 17 17:11:11 vega systemd[1]: Unit vdr.service entered failed state. Jul 17 17:11:11 vega systemd[1]: vdr.service failed.
Thanks. The rebuilt packages had already been checked, so only imagemagick needed to be checked again.
Right, so I shall pass this for 64-bits. Thanks David.
Validating
Keywords: (none) => validated_update
advisory uploaded.
Whiteboard: MGA5-64-OK => advisory MGA5-64-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0257.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED