Now
pkgsrc-2018Q2 commitmail json YAML
pkgsrc/graphics/ImageMagick/Makefile@1.244.2.1
/
diff
pkgsrc/graphics/ImageMagick/Makefile.common@1.174.2.1 / diff
pkgsrc/graphics/ImageMagick/distinfo@1.189.2.1 / diff
pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml@1.2.2.2 / diff
pkgsrc/graphics/ImageMagick/Makefile.common@1.174.2.1 / diff
pkgsrc/graphics/ImageMagick/distinfo@1.189.2.1 / diff
pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml@1.2.2.2 / diff
Pullup ticket #5820 - requested by leot
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile 1.246-1.247
- graphics/ImageMagick/Makefile.common 1.175
- graphics/ImageMagick/distinfo 1.190-1.192
- graphics/ImageMagick/patches/patch-config_policy.xml 1.1-1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Aug 16 08:23:16 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
Log Message:
ImageMagick: update to 7.0.8.10.
2018-08-13 7.0.8-10 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-10, GIT revision 14646:48fba3256:201=
80813
2018-08-12 7.0.8-10 Dirk Lemstra <dirk@lem.....org>
* Added dcraw coder (dcraw:img.cr2) that can be used to force the use of=
the
dcraw delegate when libraw is the default raw delegate.
* Restored thread support for the HEIC coder.
2018-08-08 7.0.8-10 Cristy <quetzlzacatenango@image...>
* ThumbnailImage function no longer reveals sensitive information (refer=
ence
https://github.com/ImageMagick/ImageMagick/issues/1243).
2018-08-06 7.0.8-9 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-9, GIT revision 14618:a3663c3dc:2018=
0805.
2018-07-24 7.0.8-9 Cristy <quetzlzacatenango@image...>
* XBM coder leaves the hex image data uninitialized if hex value of the
pixel is negative.
* More improvements to SVG text handling.
* New -range threshold option that combines hard and soft thresholding.
2018-07-23 7.0.8-8 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-8, GIT revision 14583:300fdbcfd:2018=
0723.
2018-07-20 7.0.8-8 Cristy <quetzlzacatenango@image...>
* Non-HDRI ScaleLongToQuantum() private method no longer adds a half int=
erval.
* Fixed memset() negative-size-param (reference
https://github.com/ImageMagick/ImageMagick/issues/1217).
2018-07-16 7.0.8-7 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-7, GIT revision 14561:f85c23180:2018=
0716.
2018-07-15 7.0.8-7 Cristy <quetzlzacatenango@image...>
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
2018-07-08 7.0.8-6 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-6, GIT revision 14541:db940ccd2:2018=
0708.
2018-07-06 7.0.8-6 Cristy <quetzlzacatenango@image...>
* Improve SVG support for tspan element.
* Add support for -fx image.extent.
2018-07-04 7.0.8-5 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-5, GIT revision 14514:bba545bbb:2018=
0704.
2018-07-04 7.0.8-5 Cristy <quetzlzacatenango@image...>
* Fixed a few potential memory leaks
https://github.com/ImageMagick/ImageMagick/issues).
2018-07-02 7.0.8-4 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-4, GIT revision 14505:4613eed4a:2018=
0702.
2018-06-28 7.0.8-4 Cristy <quetzlzacatenango@image...>
* Small tweaks to compile under Cygwin.
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
* Support %B property, the image file size without any decorations.
2018-06-24 7.0.8-3 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-3, GIT revision 14489:c63c504e8:2018=
0624.
2018-06-24 7.0.8-3 Cristy <quetzlzacatenango@image...>
* Apply translate component of SVG transform rotate.
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Aug 22 13:39:24 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile distinfo
Added Files:
pkgsrc/graphics/ImageMagick/patches: patch-config_policy.xml
Log Message:
ImageMagick: Disable ghostscript coders by default in policy.xml
Disable ghostscript coders in policy.xml as a workaround for
VU#332928 (<https://www.kb.cert.org/vuls/id/332928>).
Please note that apart commenting/removing lines added in policy.xml,
the ghostscript coders can be enabled per-user by copying policy.xml
to ~/.config/ImageMagick/policy.xml and adjusting it with the
following lines:
| [...]
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"PS" />
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"EPS" />
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"PDF" />
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"XPS" />
| [...]
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: leot
Date: Thu Aug 23 14:52:23 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile distinfo
pkgsrc/graphics/ImageMagick/patches: patch-config_policy.xml
Log Message:
ImageMagick: Also block PS2 and PS3 coders in policy.xml
At least when reading PS2 and PS3 files via
`convert PS2:<input> <output>' and `convert PS3:<input> <output>'
gslib/ghostscript will be invoked and hence subject to VU#332928.
Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from
VU#332928 update).
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile 1.246-1.247
- graphics/ImageMagick/Makefile.common 1.175
- graphics/ImageMagick/distinfo 1.190-1.192
- graphics/ImageMagick/patches/patch-config_policy.xml 1.1-1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Aug 16 08:23:16 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
Log Message:
ImageMagick: update to 7.0.8.10.
2018-08-13 7.0.8-10 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-10, GIT revision 14646:48fba3256:201=
80813
2018-08-12 7.0.8-10 Dirk Lemstra <dirk@lem.....org>
* Added dcraw coder (dcraw:img.cr2) that can be used to force the use of=
the
dcraw delegate when libraw is the default raw delegate.
* Restored thread support for the HEIC coder.
2018-08-08 7.0.8-10 Cristy <quetzlzacatenango@image...>
* ThumbnailImage function no longer reveals sensitive information (refer=
ence
https://github.com/ImageMagick/ImageMagick/issues/1243).
2018-08-06 7.0.8-9 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-9, GIT revision 14618:a3663c3dc:2018=
0805.
2018-07-24 7.0.8-9 Cristy <quetzlzacatenango@image...>
* XBM coder leaves the hex image data uninitialized if hex value of the
pixel is negative.
* More improvements to SVG text handling.
* New -range threshold option that combines hard and soft thresholding.
2018-07-23 7.0.8-8 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-8, GIT revision 14583:300fdbcfd:2018=
0723.
2018-07-20 7.0.8-8 Cristy <quetzlzacatenango@image...>
* Non-HDRI ScaleLongToQuantum() private method no longer adds a half int=
erval.
* Fixed memset() negative-size-param (reference
https://github.com/ImageMagick/ImageMagick/issues/1217).
2018-07-16 7.0.8-7 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-7, GIT revision 14561:f85c23180:2018=
0716.
2018-07-15 7.0.8-7 Cristy <quetzlzacatenango@image...>
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
2018-07-08 7.0.8-6 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-6, GIT revision 14541:db940ccd2:2018=
0708.
2018-07-06 7.0.8-6 Cristy <quetzlzacatenango@image...>
* Improve SVG support for tspan element.
* Add support for -fx image.extent.
2018-07-04 7.0.8-5 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-5, GIT revision 14514:bba545bbb:2018=
0704.
2018-07-04 7.0.8-5 Cristy <quetzlzacatenango@image...>
* Fixed a few potential memory leaks
https://github.com/ImageMagick/ImageMagick/issues).
2018-07-02 7.0.8-4 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-4, GIT revision 14505:4613eed4a:2018=
0702.
2018-06-28 7.0.8-4 Cristy <quetzlzacatenango@image...>
* Small tweaks to compile under Cygwin.
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
* Support %B property, the image file size without any decorations.
2018-06-24 7.0.8-3 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-3, GIT revision 14489:c63c504e8:2018=
0624.
2018-06-24 7.0.8-3 Cristy <quetzlzacatenango@image...>
* Apply translate component of SVG transform rotate.
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Aug 22 13:39:24 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile distinfo
Added Files:
pkgsrc/graphics/ImageMagick/patches: patch-config_policy.xml
Log Message:
ImageMagick: Disable ghostscript coders by default in policy.xml
Disable ghostscript coders in policy.xml as a workaround for
VU#332928 (<https://www.kb.cert.org/vuls/id/332928>).
Please note that apart commenting/removing lines added in policy.xml,
the ghostscript coders can be enabled per-user by copying policy.xml
to ~/.config/ImageMagick/policy.xml and adjusting it with the
following lines:
| [...]
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"PS" />
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"EPS" />
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"PDF" />
| <policy domain=3D"coder" rights=3D"read|write" pattern=3D"XPS" />
| [...]
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: leot
Date: Thu Aug 23 14:52:23 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile distinfo
pkgsrc/graphics/ImageMagick/patches: patch-config_policy.xml
Log Message:
ImageMagick: Also block PS2 and PS3 coders in policy.xml
At least when reading PS2 and PS3 files via
`convert PS2:<input> <output>' and `convert PS3:<input> <output>'
gslib/ghostscript will be invoked and hence subject to VU#332928.
Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from
VU#332928 update).