Bug 214517

Summary: graphics/ImageMagick: Update to 6.9.6-4 (security fixes)
Product: Ports & Packages Reporter: VK <vlad-fbsd>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Some People CC: feld, kwm, ports-secteam
Priority: --- Keywords: patch, security
Version: LatestFlags: bugzilla: maintainer-feedback? (kwm)
feld: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://github.com/ImageMagick/ImageMagick/blob/6.9.6-4/ChangeLog
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214511
Bug Depends on: 214520    
Bug Blocks:    
Attachments:
Description Flags
Bump ImageMagick to 6.9.6-4 vlad-fbsd: maintainer-approval? (kwm)

Description VK freebsd_triage 2016-11-14 22:41:35 UTC
Created attachment 177008 [details]
Bump ImageMagick to 6.9.6-4

Please bump ImageMagick to latest version, 6.9.6-4. Summarized changelog since 6.9.5-10:

  * Off by one memory allocation (reference
    https://github.com/ImageMagick/ImageMagick/issues/296).
  * Prevent fault in MSL interpreter (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
  * Added layer ZIP compression to the PSD encoder.
  * Unit test pass again after small SUN image patch.
  * Fixed incorrect RLE decoding when reading a DCM image that contains
    multiple segments.
  * Fixed incorrect RLE decoding when reading an SGI image (reference 
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

Fixes CVE-2016-9298 (upstream issue 296).

Passes Poudriere build test for 11.0 amd64, both ImageMagick and ImageMagick-nox11.

Currently testing 10.3 and 9.3.
Comment 1 VK freebsd_triage 2016-11-15 01:38:48 UTC
Poudriere builds passed for 10.3 and 9.3, amd64.
Comment 2 commit-hook freebsd_committer 2016-12-05 00:08:14 UTC
A commit references this bug:

Author: feld
Date: Mon Dec  5 00:07:34 UTC 2016
New revision: 427821
URL: https://svnweb.freebsd.org/changeset/ports/427821

Log:
  graphics/ImageMagick: Update to 6.9.6-4

  Summarized changelog since 6.9.5-10:

    * Off by one memory allocation (reference
      https://github.com/ImageMagick/ImageMagick/issues/296).
    * Prevent fault in MSL interpreter (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
    * Added layer ZIP compression to the PSD encoder.
    * Unit test pass again after small SUN image patch.
    * Fixed incorrect RLE decoding when reading a DCM image that contains
      multiple segments.
    * Fixed incorrect RLE decoding when reading an SGI image (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

  PR:		214517
  MFH:		2016Q4
  Security:	CVE-2016-9298

Changes:
  head/graphics/ImageMagick/Makefile
  head/graphics/ImageMagick/distinfo
  head/graphics/ImageMagick/pkg-plist
Comment 3 commit-hook freebsd_committer 2016-12-05 00:09:17 UTC
A commit references this bug:

Author: feld
Date: Mon Dec  5 00:08:23 UTC 2016
New revision: 427822
URL: https://svnweb.freebsd.org/changeset/ports/427822

Log:
  MFH: r427821

  graphics/ImageMagick: Update to 6.9.6-4

  Summarized changelog since 6.9.5-10:

    * Off by one memory allocation (reference
      https://github.com/ImageMagick/ImageMagick/issues/296).
    * Prevent fault in MSL interpreter (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
    * Added layer ZIP compression to the PSD encoder.
    * Unit test pass again after small SUN image patch.
    * Fixed incorrect RLE decoding when reading a DCM image that contains
      multiple segments.
    * Fixed incorrect RLE decoding when reading an SGI image (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

  PR:		214517
  Security:	CVE-2016-9298

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/graphics/ImageMagick/Makefile
  branches/2016Q4/graphics/ImageMagick/distinfo
  branches/2016Q4/graphics/ImageMagick/pkg-plist