Summary: | graphics/ImageMagick7: upgrade to 7.0.11-12 and fix some vulnerabilities | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Thierry Thomas <thierry> | ||||
Component: | Individual Port(s) | Assignee: | Koop Mast <kwm> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | arnaud, freebsd, george, thierry, vvd | ||||
Priority: | --- | Keywords: | security | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(kwm) |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://imagemagick.org/script/changelog.php | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255821 | ||||||
Attachments: |
|
Description
Thierry Thomas
2021-05-11 21:11:31 UTC
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0e7c332de8bbd7100f615c8b07569925f6a2e42c commit 0e7c332de8bbd7100f615c8b07569925f6a2e42c Author: Thierry Thomas <thierry@FreeBSD.org> AuthorDate: 2021-05-13 14:17:39 +0000 Commit: Thierry Thomas <thierry@FreeBSD.org> CommitDate: 2021-05-13 14:43:16 +0000 security/vuxml: declare vulnerabilities for ImageMagick7 PR: 255802 security/vuxml/vuln.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) Plz, remove "USES+= compiler:openmp" at least for amd64 and i386. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252379 (In reply to VVD from comment #2) Do not hesitate to replace the proposed patch! This patch works fine for me on FreeBSD 12.2-RELEASE-p6 r369558 on amd64, but is the new dependency on ffmpeg really needed? Could that be made an option? (In reply to george from comment #4) The proposed patch has been well tested, and I suggest that we commit it as quick as possible, to fix the vulnerabilities. After that, it will be possible to reorganize the options; Koop, what do you think? A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b9e10f61aefb128744fcd0556b93b3e45bb2df1f commit b9e10f61aefb128744fcd0556b93b3e45bb2df1f Author: Thierry Thomas <thierry@FreeBSD.org> AuthorDate: 2021-05-11 21:00:13 +0000 Commit: Thierry Thomas <thierry@FreeBSD.org> CommitDate: 2021-05-27 20:54:09 +0000 graphics/ImageMagick7: upgrade to 7.0.11-12 and fix some vulnerabilities Changelog at <https://imagemagick.org/script/changelog.php>. PR: 255802 Approved by: maintainerĂ¢s time-out Security: CVE-2020-27829 Security: CVE-2020-29599 Security: CVE-2021-20176 Security: CVE-2021-20241 Security: CVE-2021-20243 Security: CVE-2021-20244 Security: CVE-2021-20245 Security: CVE-2021-20246 graphics/ImageMagick7/Makefile | 7 +- graphics/ImageMagick7/distinfo | 6 +- graphics/ImageMagick7/pkg-plist | 793 +++------------------------------------- 3 files changed, 54 insertions(+), 752 deletions(-) Just committed. Why is there a new dependency on ffmpeg for a graphics library? It can't even be disabled with a config option. (In reply to Peter Putzer from comment #8) You are right: see PR 256215. |