Bug 214517

Summary:

graphics/ImageMagick: Update to 6.9.6-4 (security fixes)

Product:

Ports & Packages

Reporter:

VK <vlad-fbsd>

Component:

Individual Port(s)

Assignee:

Mark Felder <feld>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

feld, kwm, ports-secteam

Priority:

---

Keywords:

patch, security

Version:

Latest

Flags:

bugzilla: maintainer-feedback? (kwm)
feld: merge-quarterly+

Hardware:

Any

OS:

Any

URL:

https://github.com/ImageMagick/ImageMagick/blob/6.9.6-4/ChangeLog

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214511

Bug Depends on:

214520

Bug Blocks:

Attachments:

Description	Flags
Bump ImageMagick to 6.9.6-4	vlad-fbsd: maintainer-approval? (kwm)

Description VK 2016-11-14 22:41:35 UTC

Created attachment 177008 [details]
Bump ImageMagick to 6.9.6-4

Please bump ImageMagick to latest version, 6.9.6-4. Summarized changelog since 6.9.5-10:

  * Off by one memory allocation (reference
    https://github.com/ImageMagick/ImageMagick/issues/296).
  * Prevent fault in MSL interpreter (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
  * Added layer ZIP compression to the PSD encoder.
  * Unit test pass again after small SUN image patch.
  * Fixed incorrect RLE decoding when reading a DCM image that contains
    multiple segments.
  * Fixed incorrect RLE decoding when reading an SGI image (reference 
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

Fixes CVE-2016-9298 (upstream issue 296).

Passes Poudriere build test for 11.0 amd64, both ImageMagick and ImageMagick-nox11.

Currently testing 10.3 and 9.3.

Comment 1 VK 2016-11-15 01:38:48 UTC

Poudriere builds passed for 10.3 and 9.3, amd64.

Comment 2 commit-hook freebsd_committer

2016-12-05 00:08:14 UTC

A commit references this bug:

Author: feld
Date: Mon Dec  5 00:07:34 UTC 2016
New revision: 427821
URL: https://svnweb.freebsd.org/changeset/ports/427821

Log:
  graphics/ImageMagick: Update to 6.9.6-4

  Summarized changelog since 6.9.5-10:

    * Off by one memory allocation (reference
      https://github.com/ImageMagick/ImageMagick/issues/296).
    * Prevent fault in MSL interpreter (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
    * Added layer ZIP compression to the PSD encoder.
    * Unit test pass again after small SUN image patch.
    * Fixed incorrect RLE decoding when reading a DCM image that contains
      multiple segments.
    * Fixed incorrect RLE decoding when reading an SGI image (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

  PR:		214517
  MFH:		2016Q4
  Security:	CVE-2016-9298

Changes:
  head/graphics/ImageMagick/Makefile
  head/graphics/ImageMagick/distinfo
  head/graphics/ImageMagick/pkg-plist

Comment 3 commit-hook freebsd_committer

2016-12-05 00:09:17 UTC

A commit references this bug:

Author: feld
Date: Mon Dec  5 00:08:23 UTC 2016
New revision: 427822
URL: https://svnweb.freebsd.org/changeset/ports/427822

Log:
  MFH: r427821

  graphics/ImageMagick: Update to 6.9.6-4

  Summarized changelog since 6.9.5-10:

    * Off by one memory allocation (reference
      https://github.com/ImageMagick/ImageMagick/issues/296).
    * Prevent fault in MSL interpreter (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
    * Added layer ZIP compression to the PSD encoder.
    * Unit test pass again after small SUN image patch.
    * Fixed incorrect RLE decoding when reading a DCM image that contains
      multiple segments.
    * Fixed incorrect RLE decoding when reading an SGI image (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

  PR:		214517
  Security:	CVE-2016-9298

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/graphics/ImageMagick/Makefile
  branches/2016Q4/graphics/ImageMagick/distinfo
  branches/2016Q4/graphics/ImageMagick/pkg-plist