summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-12-10 19:15:44 +0100
committerMarius Bakke <mbakke@fastmail.com>2017-12-10 19:15:44 +0100
commit0f4ab4a59f4a8955135c7579c3579b8656e4060a (patch)
treece4b745b946d471e90fa80788e2c023b51fe8850
parent4cb779411514117af2e117f8edcdd701541c6f9e (diff)
downloadguix-0f4ab4a59f4a8955135c7579c3579b8656e4060a.tar.gz
gnu: graphicsmagick: Update to 1.3.27.
* gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/imagemagick.scm (graphicsmagick): Update to 1.3.27.
[source](patches): Remove.
-rw-r--r--gnu/local.mk9
-rw-r--r--gnu/packages/imagemagick.scm14
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch137
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch28
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch16
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch28
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch195
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch179
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch80
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch72
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch210
11 files changed, 2 insertions, 966 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 75065b019d..22f2a8f927 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -704,15 +704,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-14165.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-14649.patch	\
   %D%/packages/patches/graphite2-ffloat-store.patch		\
   %D%/packages/patches/grep-gnulib-lock.patch                   \
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 42f4a7c92e..ac9fca8600 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -164,7 +164,7 @@ script.")
 (define-public graphicsmagick
   (package
     (name "graphicsmagick")
-    (version "1.3.26")
+    (version "1.3.27")
     (source (origin
               (method url-fetch)
               (uri
@@ -176,17 +176,7 @@ script.")
                                  "/GraphicsMagick-" version ".tar.xz")))
               (sha256
                (base32
-                "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))
-              (patches
-               (search-patches "graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch"
-                               "graphicsmagick-CVE-2017-12935.patch"
-                               "graphicsmagick-CVE-2017-12936.patch"
-                               "graphicsmagick-CVE-2017-12937.patch"
-                               "graphicsmagick-CVE-2017-13775.patch"
-                               "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch"
-                               "graphicsmagick-CVE-2017-14042.patch"
-                               "graphicsmagick-CVE-2017-14165.patch"
-                               "graphicsmagick-CVE-2017-14649.patch"))))
+                "0rq35p3rml10cxz2z4s7xcfsilhhk19mmy094g3ivz0fg797hcnh"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
deleted file mode 100644
index dbcaea1343..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-http://www.openwall.com/lists/oss-security/2017/09/01/6
-
-CVE-2017-11403:
-http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
-
-CVE-2017-14103:
-http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
-# Date 1503875721 14400
-# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2
-# Parent  f0f2ea85a2930f3b6dcd72352719adb9660f2aad
-Attempt to fix Issue 440.
-
-diff -ru a/coders/png.c b/coders/png.c
---- a/coders/png.c	1969-12-31 19:00:00.000000000 -0500
-+++ b/coders/png.c	2017-09-10 11:31:56.543194173 -0400
-@@ -3106,7 +3106,9 @@
-       if (length > PNG_MAX_UINT || count == 0)
-         {
-           DestroyJNGInfo(color_image_info,alpha_image_info);
--          ThrowReaderException(CorruptImageError,CorruptImage,image);
-+          (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+              "chunk length (%lu) > PNG_MAX_UINT",length);
-+          return ((Image*)NULL);
-         }
-
-       chunk=(unsigned char *) NULL;
-@@ -3117,13 +3119,16 @@
-           if (chunk == (unsigned char *) NULL)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
--                                   image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    Could not allocate chunk memory");
-+              return ((Image*)NULL);
-             }
-           if (ReadBlob(image,length,chunk) < length)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(CorruptImageError,CorruptImage,image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    chunk reading was incomplete");
-+              return ((Image*)NULL);
-             }
-           p=chunk;
-         }
-@@ -3198,7 +3203,7 @@
-                   jng_width, jng_height);
-               MagickFreeMemory(chunk);
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+              return ((Image *)NULL);
-             }
-
-           /* Temporarily set width and height resources to match JHDR */
-@@ -3233,8 +3238,9 @@
-           if (color_image == (Image *) NULL)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
--                                   image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    could not open color_image blob");
-+              return ((Image *)NULL);
-             }
-           if (logging)
-             (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-@@ -3245,7 +3251,9 @@
-           if (status == MagickFalse)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(CoderError,UnableToOpenBlob,color_image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    could not open color_image blob");
-+              return ((Image *)NULL);
-             }
-
-           if (!image_info->ping && jng_color_type >= 12)
-@@ -3255,17 +3263,18 @@
-               if (alpha_image_info == (ImageInfo *) NULL)
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
--                  ThrowReaderException(ResourceLimitError,
--                                       MemoryAllocationFailed, image);
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "    could not allocate alpha_image_info",length);
-+                  return ((Image *)NULL);
-                 }
-               GetImageInfo(alpha_image_info);
-               alpha_image=AllocateImage(alpha_image_info);
-               if (alpha_image == (Image *) NULL)
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
--                  ThrowReaderException(ResourceLimitError,
--                                       MemoryAllocationFailed,
--                                       alpha_image);
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "    could not allocate alpha_image");
-+                  return ((Image *)NULL);
-                 }
-               if (logging)
-                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-@@ -3277,7 +3286,9 @@
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
-                   DestroyImage(alpha_image);
--                  ThrowReaderException(CoderError,UnableToOpenBlob,image);
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "    could not allocate alpha_image blob");
-+                  return ((Image *)NULL);
-                 }
-               if (jng_alpha_compression_method == 0)
-                 {
-@@ -3613,6 +3624,8 @@
-               alpha_image = (Image *)NULL;
-               DestroyImageInfo(alpha_image_info);
-               alpha_image_info = (ImageInfo *)NULL;
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  " Destroy the JNG image");
-               DestroyImage(jng_image);
-               jng_image = (Image *)NULL;
-             }
-@@ -5146,8 +5159,8 @@
-
-       if (image == (Image *) NULL)
-         {
--          DestroyImageList(previous);
-           CloseBlob(previous);
-+          DestroyImageList(previous);
-           MngInfoFreeStruct(mng_info,&have_mng_structure);
-           return((Image *) NULL);
-         }
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
deleted file mode 100644
index 2cb3d46f62..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
-
-diff -ur a/coders/png.c b/coders/png.c
---- a/coders/png.c	2017-07-04 17:32:08.000000000 -0400
-+++ b/coders/png.c	2017-08-19 11:16:20.933969362 -0400
-@@ -4101,11 +4101,17 @@
-                   mng_info->image=image;
-                 }
- 
--              if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
--                                                     > 65535L))
--                (void) ThrowException(&image->exception,ImageError,
--                                      WidthOrHeightExceedsLimit,
--                                      image->filename);
-+              if ((mng_info->mng_width > 65535L) ||
-+                  (mng_info->mng_height > 65535L))
-+                {
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "  MNG width or height is too large: %lu, %lu",
-+                      mng_info->mng_width,mng_info->mng_height);
-+                  MagickFreeMemory(chunk);
-+                  ThrowReaderException(CorruptImageError,
-+                     ImproperImageHeader,image);
-+                }
-+
-               FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
-                            mng_info->mng_height);
-               mng_info->frame.left=0;
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
deleted file mode 100644
index 7036f37438..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd.
-
-diff -ur a/coders/wmf.c b/coders/wmf.c
---- a/coders/wmf.c	2016-09-05 15:20:23.000000000 -0400
-+++ b/coders/wmf.c	2017-08-19 10:38:08.984187264 -0400
-@@ -2719,8 +2719,8 @@
-   if(image->exception.severity != UndefinedException)
-     ThrowException2(exception,
-                    CoderWarning,
--                   ddata->image->exception.reason,
--                   ddata->image->exception.description);
-+                   image->exception.reason,
-+                   image->exception.description);
- 
-   if(logging)
-     (void) LogMagickEvent(CoderEvent,GetMagickModule(),"leave ReadWMFImage()");
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
deleted file mode 100644
index 71af9ffe59..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978.
-
-diff -ur a/coders/sun.c b/coders/sun.c
---- a/coders/sun.c	2016-05-30 13:19:54.000000000 -0400
-+++ b/coders/sun.c	2017-08-18 18:00:00.191023610 -0400
-@@ -1,5 +1,5 @@
- /*
--% Copyright (C) 2003-2015 GraphicsMagick Group
-+% Copyright (C) 2003-2017 GraphicsMagick Group
- % Copyright (C) 2002 ImageMagick Studio
- % Copyright 1991-1999 E. I. du Pont de Nemours and Company
- %
-@@ -577,6 +577,7 @@
-           for (bit=7; bit >= 0; bit--)
-             {
-               index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
-+              VerifyColormapIndex(image,index);
-               indexes[x+7-bit]=index;
-               q[x+7-bit]=image->colormap[index];
-             }
-@@ -587,6 +588,7 @@
-             for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--)
-               {
-                 index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
-+                VerifyColormapIndex(image,index);
-                 indexes[x+7-bit]=index;
-                 q[x+7-bit]=image->colormap[index];
-               }
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch
deleted file mode 100644
index 83478c13b3..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/31/3
-http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/b037d79b6ccd
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503774853 18000
-# Node ID b037d79b6ccd0cfba7ba9ce09b454ed46d688036
-# Parent  198ea602ea7cc767dc3022bbcf887bcd4534158d
-JNX: Fix DOS issues
-
-diff -r 198ea602ea7c -r b037d79b6ccd coders/jnx.c
---- a/coders/jnx.c	Tue Aug 22 08:08:30 2017 -0500
-+++ b/coders/jnx.c	Sat Aug 26 14:14:13 2017 -0500
-@@ -1,5 +1,5 @@
- /*
--% Copyright (C) 2012-2015 GraphicsMagick Group
-+% Copyright (C) 2012-2017 GraphicsMagick Group
- %
- % This program is covered by multiple licenses, which are described in
- % Copyright.txt. You should have received a copy of Copyright.txt with this
-@@ -100,6 +100,7 @@
- 
-   char img_label_str[MaxTextExtent];
- 
-+
-   alloc_size = TileInfo->PicSize + 2;
- 
-   if (image->logging)
-@@ -242,6 +243,9 @@
-     total_tiles,
-     current_tile;
- 
-+  magick_off_t
-+    file_size;
-+
-   /* Open image file. */
-   assert(image_info != (const ImageInfo *) NULL);
-   assert(image_info->signature == MagickSignature);
-@@ -254,9 +258,8 @@
-   if (status == False)
-     ThrowReaderException(FileOpenError, UnableToOpenFile, image);
- 
--  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
--
-   /* Read JNX image header. */
-+  (void) memset(&JNXHeader, 0, sizeof(JNXHeader));
-   JNXHeader.Version = ReadBlobLSBLong(image);
-   if (JNXHeader.Version > 4)
-     ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
-@@ -266,8 +269,6 @@
-   JNXHeader.MapBounds.SouthWest.lat = ReadBlobLSBLong(image);
-   JNXHeader.MapBounds.SouthWest.lon = ReadBlobLSBLong(image);
-   JNXHeader.Levels = ReadBlobLSBLong(image);
--  if (JNXHeader.Levels > 20)
--    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
-   JNXHeader.Expiration = ReadBlobLSBLong(image);
-   JNXHeader.ProductID = ReadBlobLSBLong(image);
-   JNXHeader.CRC = ReadBlobLSBLong(image);
-@@ -279,7 +280,41 @@
-   if (EOFBlob(image))
-     ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
- 
-+  file_size = GetBlobSize(image);
-+
-+  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                        "JNX Header:\n"
-+                        "    Version:    %u\n"
-+                        "    DeviceSN:   %u\n"
-+                        "    MapBounds:\n"
-+                        "      NorthEast: lat = %u, lon = %u\n"
-+                        "      SouthWest: lat = %u, lon = %u\n"
-+                        "    Levels:     %u\n"
-+                        "    Expiration: %u\n"
-+                        "    ProductID:  %u\n"
-+                        "    CRC:        %u\n"
-+                        "    SigVersion: %u\n"
-+                        "    SigOffset:  %u\n"
-+                        "    ZOrder:     %u",
-+                        JNXHeader.Version,
-+                        JNXHeader.DeviceSN,
-+                        JNXHeader.MapBounds.NorthEast.lat,
-+                        JNXHeader.MapBounds.NorthEast.lon,
-+                        JNXHeader.MapBounds.SouthWest.lat,
-+                        JNXHeader.MapBounds.SouthWest.lon,
-+                        JNXHeader.Levels,
-+                        JNXHeader.Expiration,
-+                        JNXHeader.ProductID,
-+                        JNXHeader.CRC,
-+                        JNXHeader.SigVersion,
-+                        JNXHeader.SigOffset,
-+                        JNXHeader.ZOrder);
-+
-+  if (JNXHeader.Levels > 20)
-+    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
-+
-   /* Read JNX image level info. */
-+  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
-   total_tiles = 0;
-   current_tile = 0;
-   for (i = 0; i < JNXHeader.Levels; i++)
-@@ -302,11 +337,23 @@
-         {
-           JNXLevelInfo[i].Copyright = NULL;
-         }
-+
-+      if (EOFBlob(image))
-+        ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+
-+      if (image->logging)
-+        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                              "Level[%u] Info:"
-+                              "  TileCount: %4u"
-+                              "  TilesOffset: %6u"
-+                              "  Scale: %04u",
-+                              i,
-+                              JNXLevelInfo[i].TileCount,
-+                              JNXLevelInfo[i].TilesOffset,
-+                              JNXLevelInfo[i].Scale
-+                              );
-     }
- 
--  if (EOFBlob(image))
--    ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
--
-   /* Get the current limit */
-   SaveLimit = GetMagickResourceLimit(MapResource);
- 
-@@ -316,11 +363,32 @@
-   /* Read JNX image data. */
-   for (i = 0; i < JNXHeader.Levels; i++)
-     {
-+      /*
-+        Validate TileCount against remaining file data
-+      */
-+      const magick_off_t current_offset = TellBlob(image);
-+      const size_t pos_list_entry_size =
-+        sizeof(magick_uint32_t) + sizeof(magick_uint32_t) + sizeof(magick_uint32_t) +
-+        sizeof(magick_uint32_t) + sizeof(magick_uint16_t) + sizeof(magick_uint16_t) +
-+        sizeof(magick_uint32_t) + sizeof(magick_uint32_t);
-+      const magick_off_t remaining = file_size-current_offset;
-+      const size_t needed = MagickArraySize(pos_list_entry_size,JNXLevelInfo[i].TileCount);
-+
-+      if ((needed == 0U) || (remaining <= 0) || (remaining < (magick_off_t) needed))
-+        {
-+          (void) SetMagickResourceLimit(MapResource, SaveLimit);
-+          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+        }
-+
-       PositionList = MagickAllocateArray(TJNXTileInfo *,
-                                          JNXLevelInfo[i].TileCount,
-                                          sizeof(TJNXTileInfo));
-       if (PositionList == NULL)
--        continue;
-+        {
-+          (void) SetMagickResourceLimit(MapResource, SaveLimit);
-+          ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
-+                               image);
-+        }
- 
-       (void) SeekBlob(image, JNXLevelInfo[i].TilesOffset, SEEK_SET);
-       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
-@@ -333,12 +401,15 @@
-           PositionList[j].PicHeight = ReadBlobLSBShort(image);
-           PositionList[j].PicSize = ReadBlobLSBLong(image);
-           PositionList[j].PicOffset = ReadBlobLSBLong(image);
--        }
- 
--      if (EOFBlob(image))
--        {
--          MagickFreeMemory(PositionList);
--          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+          if (EOFBlob(image) ||
-+              ((magick_off_t) PositionList[j].PicOffset +
-+               PositionList[j].PicSize > file_size))
-+            {
-+              (void) SetMagickResourceLimit(MapResource, SaveLimit);
-+              MagickFreeMemory(PositionList);
-+              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+            }
-         }
- 
-       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
-@@ -351,6 +422,9 @@
-           image = ExtractTileJPG(image, image_info, PositionList+j, exception);
-           (void) SetMonitorHandler(previous_handler);
- 
-+          if (exception->severity >= ErrorException)
-+            break;
-+
-           current_tile++;
-           if (QuantumTick(current_tile,total_tiles))
-             if (!MagickMonitorFormatted(current_tile,total_tiles,exception,
-
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
deleted file mode 100644
index e129fd58fc..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/31/1
-http://openwall.com/lists/oss-security/2017/08/31/2
-http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/233a720bfd5e
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503779175 18000
-# Node ID 233a720bfd5efd378f133a776507ed41230da617
-# Parent  b037d79b6ccd0cfba7ba9ce09b454ed46d688036
-XBM: Fix DOS issues.
-
-diff -r b037d79b6ccd -r 233a720bfd5e coders/xbm.c
---- a/coders/xbm.c	Sat Aug 26 14:14:13 2017 -0500
-+++ b/coders/xbm.c	Sat Aug 26 15:26:15 2017 -0500
-@@ -1,5 +1,5 @@
- /*
--% Copyright (C) 2003 -2012 GraphicsMagick Group
-+% Copyright (C) 2003-2017 GraphicsMagick Group
- % Copyright (C) 2002 ImageMagick Studio
- % Copyright 1991-1999 E. I. du Pont de Nemours and Company
- %
-@@ -121,13 +121,15 @@
- 
- static int XBMInteger(Image *image,short int *hex_digits)
- {
-+  unsigned int
-+    flag;
-+
-   int
-     c,
--    flag,
-     value;
- 
-   value=0;
--  flag=0;
-+  flag=0U;
-   for ( ; ; )
-   {
-     c=ReadBlobByte(image);
-@@ -158,18 +160,14 @@
-   Image
-     *image;
- 
--  int
--    bit;
--
--  long
--    y;
--
-   register IndexPacket
-     *indexes;
- 
--  register long
-+  register size_t
-+    bytes_per_line,
-     i,
--    x;
-+    x,
-+    y;
- 
-   register PixelPacket
-     *q;
-@@ -177,22 +175,24 @@
-   register unsigned char
-     *p;
- 
--  short int
--    hex_digits[256];
--
-   unsigned char
-     *data;
- 
-   unsigned int
-+    bit,
-+    byte,
-+    padding,
-+    version;
-+
-+  int
-+    value;
-+
-+  short int
-+    hex_digits[256];
-+
-+  MagickPassFail
-     status;
- 
--  unsigned long
--    byte,
--    bytes_per_line,
--    padding,
--    value,
--    version;
--
-   /*
-     Open image file.
-   */
-@@ -207,6 +207,8 @@
-   /*
-     Read X bitmap header.
-   */
-+  (void) memset(buffer,0,sizeof(buffer));
-+  name[0]='\0';
-   while (ReadBlobString(image,buffer) != (char *) NULL)
-     if (sscanf(buffer,"#define %s %lu",name,&image->columns) == 2)
-       if ((strlen(name) >= 6) &&
-@@ -278,6 +280,8 @@
-   /*
-     Initialize hex values.
-   */
-+  for (i = 0; i < sizeof(hex_digits)/sizeof(hex_digits[0]); i++)
-+    hex_digits[i]=(-1);
-   hex_digits['0']=0;
-   hex_digits['1']=1;
-   hex_digits['2']=2;
-@@ -311,40 +315,50 @@
-   */
-   p=data;
-   if (version == 10)
--    for (i=0; i < (long) (bytes_per_line*image->rows); (i+=2))
-+    for (i=0; i < (bytes_per_line*image->rows); (i+=2))
-     {
-       value=XBMInteger(image,hex_digits);
-+      if (value < 0)
-+        {
-+          MagickFreeMemory(data);
-+          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+        }
-       *p++=(unsigned char) value;
-       if (!padding || ((i+2) % bytes_per_line))
-         *p++=(unsigned char) (value >> 8);
-     }
-   else
--    for (i=0; i < (long) (bytes_per_line*image->rows); i++)
-+    for (i=0; i < (bytes_per_line*image->rows); i++)
-     {
-       value=XBMInteger(image,hex_digits);
-+      if (value < 0)
-+        {
-+          MagickFreeMemory(data);
-+          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+        }
-       *p++=(unsigned char) value;
-     }
-   /*
-     Convert X bitmap image to pixel packets.
-   */
-   p=data;
--  for (y=0; y < (long) image->rows; y++)
-+  for (y=0; y < image->rows; y++)
-   {
-     q=SetImagePixels(image,0,y,image->columns,1);
-     if (q == (PixelPacket *) NULL)
-       break;
-     indexes=AccessMutableIndexes(image);
--    bit=0;
--    byte=0;
--    for (x=0; x < (long) image->columns; x++)
-+    bit=0U;
-+    byte=0U;
-+    for (x=0; x < image->columns; x++)
-     {
--      if (bit == 0)
-+      if (bit == 0U)
-         byte=(*p++);
-       indexes[x]=byte & 0x01 ? 0x01 : 0x00;
-       bit++;
--      byte>>=1;
--      if (bit == 8)
--        bit=0;
-+      byte>>=1U;
-+      if (bit == 8U)
-+        bit=0U;
-     }
-     if (!SyncImagePixels(image))
-       break;
-
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
deleted file mode 100644
index 46f6b032c7..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/28/5
-http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503268616 18000
-# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072
-# Parent  83a5b946180835f260bcb91e3d06327a8e2577e3
-PNM: For binary formats, verify sufficient backing file data before memory request.
-
-diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c
---- a/coders/pnm.c	Sun Aug 20 17:31:35 2017 -0500
-+++ b/coders/pnm.c	Sun Aug 20 17:36:56 2017 -0500
-@@ -569,7 +569,7 @@
-           (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u",
-                                 image->colors);
-         }
--      number_pixels=image->columns*image->rows;
-+      number_pixels=MagickArraySize(image->columns,image->rows);
-       if (number_pixels == 0)
-         ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
-       if (image->storage_class == PseudoClass)
-@@ -858,14 +858,14 @@
-		if (1 == bits_per_sample)
-		  {
-		    /* PBM */
--		    bytes_per_row=((image->columns+7) >> 3);
-+		    bytes_per_row=((image->columns+7U) >> 3);
-		    import_options.grayscale_miniswhite=MagickTrue;
-		    quantum_type=GrayQuantum;
-		  }
-		else
-		  {
-		    /* PGM & XV_332 */
--		    bytes_per_row=((bits_per_sample+7)/8)*image->columns;
-+		    bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns);
-		    if (XV_332_Format == format)
-		      {
-			quantum_type=IndexQuantum;
-@@ -878,7 +878,8 @@
-	      }
-	    else
-	      {
--		bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns;
-+		bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel),
-+                                              image->columns);
-		if (3 == samples_per_pixel)
-		  {
-		    /* PPM */
-@@ -915,6 +916,28 @@
-		    is_monochrome=MagickFalse;
-		  }
-	      }
-+
-+            /* Validate file size before allocating memory */
-+            if (BlobIsSeekable(image))
-+              {
-+                const magick_off_t file_size = GetBlobSize(image);
-+                const magick_off_t current_offset = TellBlob(image);
-+                if ((file_size > 0) &&
-+                    (current_offset > 0) &&
-+                    (file_size > current_offset))
-+                  {
-+                    const magick_off_t remaining = file_size-current_offset;
-+                    const magick_off_t needed = (magick_off_t) image->rows *
-+                      (magick_off_t) bytes_per_row;
-+                    if ((remaining < (magick_off_t) bytes_per_row) ||
-+                        (remaining < needed))
-+                      {
-+                        ThrowException(exception,CorruptImageError,UnexpectedEndOfFile,
-+                                       image->filename);
-+                        break;
-+                      }
-+                  }
-+              }
-
-             scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1);
-             if (scanline_set == (ThreadViewDataSet *) NULL)
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
deleted file mode 100644
index 1f55d90d38..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa
-http://openwall.com/lists/oss-security/2017/09/06/4
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503257388 18000
-# Node ID 493da54370aa42cb430c52a69eb75db0001a5589
-# Parent  f8724674907902b7bc37c04f252fe30fbdd88e6f
-SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions.
-
-diff -r f87246749079 -r 493da54370aa coders/sun.c
---- a/coders/sun.c	Sun Aug 20 12:21:03 2017 +0200
-+++ b/coders/sun.c	Sun Aug 20 14:29:48 2017 -0500
-@@ -498,6 +498,12 @@
-     if (sun_info.depth < 8)
-       image->depth=sun_info.depth;
- 
-+    if (image_info->ping)
-+      {
-+        CloseBlob(image);
-+        return(image);
-+      }
-+
-     /*
-       Compute bytes per line and bytes per image for an unencoded
-       image.
-@@ -522,15 +528,37 @@
-       if (bytes_per_image > sun_info.length)
-         ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
- 
--    if (image_info->ping)
--      {
--        CloseBlob(image);
--        return(image);
--      }
-     if (sun_info.type == RT_ENCODED)
-       sun_data_length=(size_t) sun_info.length;
-     else
-       sun_data_length=bytes_per_image;
-+
-+    /*
-+      Verify that data length claimed by header is supported by file size
-+    */
-+    if (sun_info.type == RT_ENCODED)
-+      {
-+        if (sun_data_length < bytes_per_image/255U)
-+          {
-+            ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+          }
-+      }
-+    if (BlobIsSeekable(image))
-+      {
-+        const magick_off_t file_size = GetBlobSize(image);
-+        const magick_off_t current_offset = TellBlob(image);
-+        if ((file_size > 0) &&
-+            (current_offset > 0) &&
-+            (file_size > current_offset))
-+        {
-+          const magick_off_t remaining = file_size-current_offset;
-+          if (remaining < (magick_off_t) sun_data_length)
-+            {
-+              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+            }
-+        }
-+      }
-+
-     sun_data=MagickAllocateMemory(unsigned char *,sun_data_length);
-     if (sun_data == (unsigned char *) NULL)
-       ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
-
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch
deleted file mode 100644
index 8e1166ba7a..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch
+++ /dev/null
@@ -1,210 +0,0 @@
-http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a
-http://www.openwall.com/lists/oss-security/2017/09/22/2
-
-Some changes were made to make the patch apply.
-
-Notably, the DestroyJNG() function in the upstream diff has been replaced by
-its equivalent, a series of calls to MagickFreeMemory(), DestroyImageInfo(),
-and DestroyImage(). See
-http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5.
-
-# HG changeset patch
-# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
-# Date 1504014487 14400
-# Node ID 358608a46f0a9c55e9bb8b37d09bf1ac9bc87f06
-# Parent  38c362f0ae5e7a914c3fe822284c6953f8e6eee2
-Fix Issue 439
-
-diff -ru a/coders/png.c b/coders/png.c
---- a/coders/png.c	1969-12-31 19:00:00.000000000 -0500
-+++ b/coders/png.c	2017-09-30 08:20:16.218944991 -0400
-@@ -1176,15 +1176,15 @@
-   /* allocate space */
-   if (length == 0)
-     {
--      (void) ThrowException2(&image->exception,CoderWarning,
--                             "invalid profile length",(char *) NULL);
-+      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+          "invalid profile length");
-       return (MagickFail);
-     }
-   info=MagickAllocateMemory(unsigned char *,length);
-   if (info == (unsigned char *) NULL)
-     {
--      (void) ThrowException2(&image->exception,CoderWarning,
--                             "unable to copy profile",(char *) NULL);
-+      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+          "Unable to copy profile");
-       return (MagickFail);
-     }
-   /* copy profile, skipping white space and column 1 "=" signs */
-@@ -1197,8 +1197,8 @@
-           if (*sp == '\0')
-             {
-               MagickFreeMemory(info);
--              (void) ThrowException2(&image->exception,CoderWarning,
--                                     "ran out of profile data",(char *) NULL);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "ran out of profile data");
-               return (MagickFail);
-             }
-           sp++;
-@@ -1234,8 +1234,9 @@
-   if(SetImageProfile(image,profile_name,info,length) == MagickFail)
-     {
-       MagickFreeMemory(info);
--      (void) ThrowException(&image->exception,ResourceLimitError,
--                            MemoryAllocationFailed,"unable to copy profile");
-+      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+           "unable to copy profile");
-+      return MagickFail;
-     }
-   MagickFreeMemory(info);
-   return MagickTrue;
-@@ -3285,7 +3286,6 @@
-               if (status == MagickFalse)
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
--                  DestroyImage(alpha_image);
-                   (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-                       "    could not allocate alpha_image blob");
-                   return ((Image *)NULL);
-@@ -3534,7 +3534,7 @@
-       CloseBlob(color_image);
-       if (logging)
-         (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                              "    Reading jng_image from color_blob.");
-+            "    Reading jng_image from color_blob.");
-
-       FormatString(color_image_info->filename,"%.1024s",color_image->filename);
-
-@@ -3558,13 +3558,18 @@
-
-       if (logging)
-         (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                              "    Copying jng_image pixels to main image.");
-+            "    Copying jng_image pixels to main image.");
-       image->rows=jng_height;
-       image->columns=jng_width;
-       length=image->columns*sizeof(PixelPacket);
-+      if ((jng_height == 0 || jng_width == 0) && logging)
-+        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+            "    jng_width=%lu jng_height=%lu",
-+            (unsigned long)jng_width,(unsigned long)jng_height);
-       for (y=0; y < (long) image->rows; y++)
-         {
--          s=AcquireImagePixels(jng_image,0,y,image->columns,1,&image->exception);
-+          s=AcquireImagePixels(jng_image,0,y,image->columns,1,
-+             &image->exception);
-           q=SetImagePixels(image,0,y,image->columns,1);
-           (void) memcpy(q,s,length);
-           if (!SyncImagePixels(image))
-@@ -3589,45 +3594,79 @@
-               CloseBlob(alpha_image);
-               if (logging)
-                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                                      "    Reading opacity from alpha_blob.");
-+                     "    Reading opacity from alpha_blob.");
-
-               FormatString(alpha_image_info->filename,"%.1024s",
-                            alpha_image->filename);
-
-               jng_image=ReadImage(alpha_image_info,exception);
-
--              for (y=0; y < (long) image->rows; y++)
-+              if (jng_image == (Image *)NULL)
-                 {
--                  s=AcquireImagePixels(jng_image,0,y,image->columns,1,
--                                       &image->exception);
--                  if (image->matte)
--                    {
--                      q=SetImagePixels(image,0,y,image->columns,1);
--                      for (x=(long) image->columns; x > 0; x--,q++,s++)
--                        q->opacity=(Quantum) MaxRGB-s->red;
--                    }
--                  else
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                       "    jng_image is NULL.");
-+                  if (color_image_info)
-+                    DestroyImageInfo(color_image_info);
-+                  if (alpha_image_info)
-+                    DestroyImageInfo(alpha_image_info);
-+                  if (color_image)
-+                    DestroyImage(color_image);
-+                  if (alpha_image)
-+                    DestroyImage(alpha_image);
-+                }
-+              else
-+                {
-+
-+                  if (logging)
-                     {
--                      q=SetImagePixels(image,0,y,image->columns,1);
--                      for (x=(long) image->columns; x > 0; x--,q++,s++)
--                        {
--                          q->opacity=(Quantum) MaxRGB-s->red;
--                          if (q->opacity != OpaqueOpacity)
--                            image->matte=MagickTrue;
--                        }
-+                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                          "    Read jng_image.");
-+                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                          "      jng_image->width=%lu, jng_image->height=%lu",
-+                          (unsigned long)jng_width,(unsigned long)jng_height);
-+                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                          "      image->rows=%lu, image->columns=%lu",
-+                         (unsigned long)image->rows,
-+                         (unsigned long)image->columns);
-                     }
--                  if (!SyncImagePixels(image))
--                    break;
--                }
--              (void) LiberateUniqueFileResource(alpha_image->filename);
--              DestroyImage(alpha_image);
--              alpha_image = (Image *)NULL;
--              DestroyImageInfo(alpha_image_info);
--              alpha_image_info = (ImageInfo *)NULL;
--              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                  " Destroy the JNG image");
--              DestroyImage(jng_image);
--              jng_image = (Image *)NULL;
-+
-+                  for (y=0; y < (long) image->rows; y++)
-+                   {
-+                     s=AcquireImagePixels(jng_image,0,y,image->columns,1,
-+                                          &image->exception);
-+                     if (image->matte)
-+                       {
-+                         q=SetImagePixels(image,0,y,image->columns,1);
-+                         for (x=(long) image->columns; x > 0; x--,q++,s++)
-+                           q->opacity=(Quantum) MaxRGB-s->red;
-+                       }
-+                     else
-+                       {
-+                         q=SetImagePixels(image,0,y,image->columns,1);
-+                         for (x=(long) image->columns; x > 0; x--,q++,s++)
-+                           {
-+                             q->opacity=(Quantum) MaxRGB-s->red;
-+                             if (q->opacity != OpaqueOpacity)
-+                               image->matte=MagickTrue;
-+                           }
-+                       }
-+                     if (!SyncImagePixels(image))
-+                       break;
-+                   }
-+                 (void) LiberateUniqueFileResource(alpha_image->filename);
-+                 if (color_image_info)
-+                   DestroyImageInfo(color_image_info);
-+                 if (alpha_image_info)
-+                   DestroyImageInfo(alpha_image_info);
-+                 if (color_image)
-+                   DestroyImage(color_image);
-+                 if (alpha_image)
-+                   DestroyImage(alpha_image);
-+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                     " Destroy the JNG image");
-+                 DestroyImage(jng_image);
-+                 jng_image = (Image *)NULL;
-+               }
-             }
-         }