gnu: graphicsmagick: Fix CVE-2017-{12935,12936,12937}.

* gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch,
gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/imagemagick.scm (graphicsmagick)[source]: Use them.

1 files changed, 28 insertions, 0 deletions

diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
new file mode 100644
index 0000000000..2cb3d46f62
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
@@ -0,0 +1,28 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
+
+diff -ur a/coders/png.c b/coders/png.c
+--- a/coders/png.c	2017-07-04 17:32:08.000000000 -0400
++++ b/coders/png.c	2017-08-19 11:16:20.933969362 -0400
+@@ -4101,11 +4101,17 @@
+                   mng_info->image=image;
+                 }
+ 
+-              if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
+-                                                     > 65535L))
+-                (void) ThrowException(&image->exception,ImageError,
+-                                      WidthOrHeightExceedsLimit,
+-                                      image->filename);
++              if ((mng_info->mng_width > 65535L) ||
++                  (mng_info->mng_height > 65535L))
++                {
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "  MNG width or height is too large: %lu, %lu",
++                      mng_info->mng_width,mng_info->mng_height);
++                  MagickFreeMemory(chunk);
++                  ThrowReaderException(CorruptImageError,
++                     ImproperImageHeader,image);
++                }
++
+               FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
+                            mng_info->mng_height);
+               mng_info->frame.left=0;