Bug 214517 - graphics/ImageMagick: Update to 6.9.6-4 (security fixes)
Summary: graphics/ImageMagick: Update to 6.9.6-4 (security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Mark Felder
URL: https://github.com/ImageMagick/ImageM...
Keywords: patch, security
Depends on: 214520
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-14 22:41 UTC by VK
Modified: 2016-12-05 00:09 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (kwm)
feld: merge-quarterly+


Attachments
Bump ImageMagick to 6.9.6-4 (971 bytes, patch)
2016-11-14 22:41 UTC, VK
vlad-fbsd: maintainer-approval? (kwm)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2016-11-14 22:41:35 UTC
Created attachment 177008 [details]
Bump ImageMagick to 6.9.6-4

Please bump ImageMagick to latest version, 6.9.6-4. Summarized changelog since 6.9.5-10:

  * Off by one memory allocation (reference
    https://github.com/ImageMagick/ImageMagick/issues/296).
  * Prevent fault in MSL interpreter (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
  * Added layer ZIP compression to the PSD encoder.
  * Unit test pass again after small SUN image patch.
  * Fixed incorrect RLE decoding when reading a DCM image that contains
    multiple segments.
  * Fixed incorrect RLE decoding when reading an SGI image (reference 
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

Fixes CVE-2016-9298 (upstream issue 296).

Passes Poudriere build test for 11.0 amd64, both ImageMagick and ImageMagick-nox11.

Currently testing 10.3 and 9.3.
Comment 1 VK freebsd_triage 2016-11-15 01:38:48 UTC
Poudriere builds passed for 10.3 and 9.3, amd64.
Comment 2 commit-hook freebsd_committer 2016-12-05 00:08:14 UTC
A commit references this bug:

Author: feld
Date: Mon Dec  5 00:07:34 UTC 2016
New revision: 427821
URL: https://svnweb.freebsd.org/changeset/ports/427821

Log:
  graphics/ImageMagick: Update to 6.9.6-4

  Summarized changelog since 6.9.5-10:

    * Off by one memory allocation (reference
      https://github.com/ImageMagick/ImageMagick/issues/296).
    * Prevent fault in MSL interpreter (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
    * Added layer ZIP compression to the PSD encoder.
    * Unit test pass again after small SUN image patch.
    * Fixed incorrect RLE decoding when reading a DCM image that contains
      multiple segments.
    * Fixed incorrect RLE decoding when reading an SGI image (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

  PR:		214517
  MFH:		2016Q4
  Security:	CVE-2016-9298

Changes:
  head/graphics/ImageMagick/Makefile
  head/graphics/ImageMagick/distinfo
  head/graphics/ImageMagick/pkg-plist
Comment 3 commit-hook freebsd_committer 2016-12-05 00:09:17 UTC
A commit references this bug:

Author: feld
Date: Mon Dec  5 00:08:23 UTC 2016
New revision: 427822
URL: https://svnweb.freebsd.org/changeset/ports/427822

Log:
  MFH: r427821

  graphics/ImageMagick: Update to 6.9.6-4

  Summarized changelog since 6.9.5-10:

    * Off by one memory allocation (reference
      https://github.com/ImageMagick/ImageMagick/issues/296).
    * Prevent fault in MSL interpreter (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
    * Added layer ZIP compression to the PSD encoder.
    * Unit test pass again after small SUN image patch.
    * Fixed incorrect RLE decoding when reading a DCM image that contains
      multiple segments.
    * Fixed incorrect RLE decoding when reading an SGI image (reference
      https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)

  PR:		214517
  Security:	CVE-2016-9298

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/graphics/ImageMagick/Makefile
  branches/2016Q4/graphics/ImageMagick/distinfo
  branches/2016Q4/graphics/ImageMagick/pkg-plist