Summary: | graphics/ImageMagick7: Update to 7.0.3-7 (security fixes) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | VK <vlad-fbsd> | ||||||
Component: | Individual Port(s) | Assignee: | Mark Felder <feld> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Some People | CC: | feld, kwm, ports-secteam | ||||||
Priority: | --- | Keywords: | patch, security | ||||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(kwm) feld: merge-quarterly+ |
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
URL: | https://github.com/ImageMagick/ImageMagick/blob/ImageMagick-6/ChangeLog | ||||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214517 | ||||||||
Bug Depends on: | 214514 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
VK
2016-11-14 18:33:11 UTC
Poudriere build passed, ImageMagick7 and ImageMagick7-nox11, on 11.0, 10.3 and 9.3, amd64. Please ignore "no assigned CVEs" remark, I've filed a VuXML PR for that. Created attachment 177217 [details] Bump to latest, 7.0.3-7 The upstream meanwhile released 7.0.3-7 with more security fixes. New patch attached. * https://github.com/ImageMagick/ImageMagick/issues/298 (CVE pending) Build passed with Poudriere 11.0, amd64, both IM7 and IM7-nox11. Currently testing for 10.3 and 9.3. A commit references this bug: Author: feld Date: Sun Dec 4 23:59:11 UTC 2016 New revision: 427819 URL: https://svnweb.freebsd.org/changeset/ports/427819 Log: graphics/ImageMagick7: Update to 7.0.3-7 Summarized ChangeLog since 7.0.2-9: * Off by one memory allocation (reference https://github.com/ImageMagick/ImageMagick/issues/296). * The -extent option now matches the results of IMv6 (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=30779). * Prevent fault in MSL interpreter (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797). * Mask composite produces proper results for the convert utility (reference http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29675). * Added layer RLE compression to the PSD encoder. * Fixed incorrect parsing with ordered dither. (reference https://github.com/ImageMagick/ImageMagick/issues/254) * Unit test pass again after small SUN image patch. * Fixed incorrect RLE decoding when reading a DCM image that contains multiple segments. * Fixed incorrect RLE decoding when reading an SGI image (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514) * Added layer RLE compression to the PSD encoder. * Added define 'psd:preserve-opacity-mask' to preserve the opacity mask in a PSD file. * Fixed issue where the display window was used instead of the data window when reading EXR files (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&p=137849). * Fixed reading DXT1 images with an alpha channel. * Fixed incorrect padding calculation in PSD encoder. * Added define 'psd:additional-info' to preserve the additional information in a PSD file. * Prevent buffer overflow in BMP & SGI coders (bug report from pwchen&rayzhong of tencent). * Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and CALS coders (bug report from Donghai Zhu). * The -stream option now increments the pixel pointer properly (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30327). PR: 214511 MFH: 2016Q4 Changes: head/graphics/ImageMagick7/Makefile head/graphics/ImageMagick7/distinfo A commit references this bug: Author: feld Date: Mon Dec 5 00:01:46 UTC 2016 New revision: 427820 URL: https://svnweb.freebsd.org/changeset/ports/427820 Log: MFH: r427819 graphics/ImageMagick7: Update to 7.0.3-7 Summarized ChangeLog since 7.0.2-9: * Off by one memory allocation (reference https://github.com/ImageMagick/ImageMagick/issues/296). * The -extent option now matches the results of IMv6 (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=30779). * Prevent fault in MSL interpreter (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797). * Mask composite produces proper results for the convert utility (reference http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29675). * Added layer RLE compression to the PSD encoder. * Fixed incorrect parsing with ordered dither. (reference https://github.com/ImageMagick/ImageMagick/issues/254) * Unit test pass again after small SUN image patch. * Fixed incorrect RLE decoding when reading a DCM image that contains multiple segments. * Fixed incorrect RLE decoding when reading an SGI image (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514) * Added layer RLE compression to the PSD encoder. * Added define 'psd:preserve-opacity-mask' to preserve the opacity mask in a PSD file. * Fixed issue where the display window was used instead of the data window when reading EXR files (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&p=137849). * Fixed reading DXT1 images with an alpha channel. * Fixed incorrect padding calculation in PSD encoder. * Added define 'psd:additional-info' to preserve the additional information in a PSD file. * Prevent buffer overflow in BMP & SGI coders (bug report from pwchen&rayzhong of tencent). * Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and CALS coders (bug report from Donghai Zhu). * The -stream option now increments the pixel pointer properly (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30327). PR: 214511 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q4/ branches/2016Q4/graphics/ImageMagick7/Makefile branches/2016Q4/graphics/ImageMagick7/distinfo |