Bug 246337
| Summary: | graphics/ImageMagick7: Update to 7.0.10-24 with fixed vulnerability | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Vladimir Druzenko <vvd> | ||||||||||||||
| Component: | Individual Port(s) | Assignee: | Koop Mast <kwm> | ||||||||||||||
| Status: | Closed FIXED | ||||||||||||||||
| Severity: | Affects Some People | CC: | diizzy, joneum, ports-secteam, rhurlin | ||||||||||||||
| Priority: | --- | Keywords: | buildisok | ||||||||||||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(kwm) vvd: maintainer-feedback? |
||||||||||||||
| Hardware: | Any | ||||||||||||||||
| OS: | Any | ||||||||||||||||
| URL: | https://imagemagick.org/script/changelog.php | ||||||||||||||||
| Attachments: |
|
||||||||||||||||
MASTER_SITES needs a refresh (several mirrors are broken), please adress that. https://imagemagick.org/script/mirror.php I think a good idea would be to place a few mirrors and use mainsite as fallback to offload main site. Both nluug.nl and umu.se also supports https :-) Does "make test" throw any errors and if so any difference compared to current version in tree? Did you try building it with Poudriere? Any reason why --enable-reproducible-build shouldn't be enabled? ...place a few mirrors in front Sorry about that typo (In reply to daniel.engberg.lists from comment #1) Are these questions to me? I'm just create patch for update version. It's much easier (and faster) process if you can provide as much information as possible and fix issues. Did you try "make test" and/or build it using Poudriere? "By tested" you mean building and runtime? (In reply to daniel.engberg.lists from comment #4) > Did you try "make test" No. > and/or build it using Poudriere? No. > "By tested" you mean building and runtime? Build + run several self tests in console, something like: $ convert logo: logo.pdf $ convert logo.pdf logo.png I'm not maintainer of this port - just user with knowledge how to update it. Your request about mirrors or other changes are for other PRs - this PR about update version only. If you want to add something to this patch - you can do it and attach it here. Or you can create separate PR{s} with your request{s}. Created attachment 214327 [details]
Update to 7.0.10-11
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/149007041 Created attachment 214800 [details]
Update to 7.0.10-14
While we waited, 3 new versions came out - 12, 13 and 14.
7.0.10-18 already released. Created attachment 216563 [details] Update to 7.0.10-24 with fixed vulnerability 2020-06-14 7.0.10-20 <quetzlzacatenango@image...> Fix out-of-bounds vulnerability when reading sixel images (reference https://github.com/ImageMagick/ImageMagick/issues/2143). Patch tested on 12.1 amd64: make check-plist/install, then run. Created attachment 216595 [details]
Update to 7.0.10-24 with fixed vulnerability
This is correct file.
Created attachment 216832 [details]
Update to 7.0.10-24 with fixed vulnerability
Fixed:
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: %%PORTDOCS%%%%DOCSDIR%%-7/www/cite.html
Error: Orphaned: %%PORTDOCS%%%%DOCSDIR%%-7/www/defines.html
Fixed pkg-plist with DOCS option on. A commit references this bug: Author: joneum Date: Tue Jul 28 13:02:36 UTC 2020 New revision: 543594 URL: https://svnweb.freebsd.org/changeset/ports/543594 Log: Update to 7.0.10-24 This Update fix a vulnerabiliy: 2020-06-14 7.0.10-20 <quetzlzacatenango@image...> Fix out-of-bounds vulnerability when reading sixel images (reference https://github.com/ImageMagick/ImageMagick/issues/2143). Full Changelog: https://imagemagick.org/script/changelog.php PR: 246337 Reported by: VVD <vvd@unislabs.com> Approved by: kwm (maintainer timeout) MFH: 2020Q3 Sponsored by: Netzkommune GmbH Changes: head/graphics/ImageMagick7/Makefile head/graphics/ImageMagick7/distinfo head/graphics/ImageMagick7/pkg-plist A commit references this bug: Author: joneum Date: Tue Jul 28 13:03:40 UTC 2020 New revision: 543595 URL: https://svnweb.freebsd.org/changeset/ports/543595 Log: MFH: r543594 Update to 7.0.10-24 This Update fix a vulnerabiliy: 2020-06-14 7.0.10-20 <quetzlzacatenango@image...> Fix out-of-bounds vulnerability when reading sixel images (reference https://github.com/ImageMagick/ImageMagick/issues/2143). Full Changelog: https://imagemagick.org/script/changelog.php PR: 246337 Reported by: VVD <vvd@unislabs.com> Approved by: kwm (maintainer timeout) Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat) Changes: _U branches/2020Q3/ branches/2020Q3/graphics/ImageMagick7/Makefile branches/2020Q3/graphics/ImageMagick7/distinfo branches/2020Q3/graphics/ImageMagick7/pkg-plist |
Created attachment 214320 [details] Update to 7.0.10-11 Tested on 12.1 amd64.