pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/graphics/ImageMagick
Module Name: pkgsrc
Committed By: triaxx
Date: Tue Feb 24 06:44:25 UTC 2026
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile Makefile.common distinfo
Log Message:
ImageMagick: Update to 7.1.2.15
pkgsrc changes:
---------------
* Fix several vulnerabilities:
o CVE-2026-25988
o CVE-2026-25987
o CVE-2026-25986
o CVE-2026-25985
o CVE-2026-25983
o CVE-2026-25982
o CVE-2026-25971
o CVE-2026-25970
o CVE-2026-25969
o CVE-2026-25968
o CVE-2026-25967
o CVE-2026-25966
o CVE-2026-25965
o CVE-2026-25898
upstream changes:
-----------------
7.1.2-15 - 2026-02-22
Commits
* Reverted changes that were committed by accident. 818ee63
* release b5fdb90
7.1.2-14 - 2026-02-22
Merged
* ICON: allow writing 256x256 icon rasters #8569
* replace MAGICK_FILTER_MODULE_PATH for MAGICK_CODER_FILTER_PATH #8561
Fixed
* ICON: allow writing 256x256 icon rasters (#8569) #1577
Commits
* beta release 915109f
* Code cleanup. 8135662
* Inline all byte buffer methods. 887a187
* Added overflow checks. 0d0752c
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85 332c156
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85 55c344f
* ImageMagick/ImageMagick#8538 f03ada7
* ImageMagick/ImageMagick#8537 85dc1a5
* Initialize the pixels with empty values to prevent possible heap information disclosure (GHSA-96pc-27rx-pr36) 51c9d33
* Also set the profile when pinging the image. 9f389d8
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv 0349df6
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv f4525ad
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4 5b91ab6
* ImageMagick/ImageMagick#8540 d97741f
* Allow null value when calling RelinquishDeviceBenchmark. 5fd4e5a
* Restored changes that were removed by accident. 96c0f67
* Moved permissions to the job level. 53af327
* Throw exception when memory allocation fails. d052e8a
* No longer allow mutations on the first image of the list (GHSA-fwqw-2x5x-w566) b4f8e1a
* Fixed out of bounds read in multiple coders that read raw pixel data (GHSA-jv4p-gjwq-9r2j) 077b426
* Corrected patch. 05e2958
* ImageMagick/ImageMagick#8542 40e5a1b
* Updated the Windows dependencies. 0843b13
* Run checks before accessing the image (GHSA-fwqw-2x5x-w566). 257200c
* Minor change to improve the readability. db700a3
* More changes to improve the readability. 178bde9
* Corrected loop initialization to prevent out of bounds read (GHSA-wrhr-rf8j-r842) 0c9ffcf
* block fd: filenames in security policies 0723275
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4x 266e59e
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm a253d1b
* jumbo security patch: addresses memory leak, stack overflow, out-of-bounds, integer overflow, OOB read 6b71e2b
* fix compiler exception 17b965c
* fix compiler exception 21e2d62
* git compiler exception a2acad8
* fix compiler exception be29d5c
* fix compiler exception 907f609
* fix compile exception 7bea1ca
* fix compiler exception d3360f2
* block SVG image format ddcdcb8
* prevent infinite recursion b095ed5
* utilize a global Splay tree to guard against recursion 38bc4fa
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6 412f3c8
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4 9afe96c
* eliminate compiler exception 6f6856b
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr 729253d
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4 16dd315
* ImageMagick/ImageMagick#8552 cbc4273
* fix potential memory leak 6dbae0a
* prevent a possible integer overflow d7cc315
* ImageMagick/ImageMagick#8553 9095421
* Removed temporary patch. 21ccb8d
* Revert security patches so we can make them in clean separate commits and reference an advisory. 04caff1
* Block reading from fd: in our more secure policies by default (GHSA-xwc6-v6g8-pw2h) 8d4c67a
* ithub.com/ImageMagick/ImageMagick/issues/8555 71fda22
* Prevent path traversal of paths that are blocked in the security policy (GHSA-8jvj-p28h-9gm7) 4a9dc10
* Added checks to prevent an out of bounds read (GHSA-pmq6-8289-hx3v) 4e1f538
* Fixed memory leak when writing MSL files (GHSA-gxcx-qjqp-8vjw) 1e88fca
* Correct previous patch. 276ef52
* Patch to resolve possible out of bounds write in the msl decoder (GHSA-3mwp-xqp2-q6ph). 56f0295
* Keep a splay tree of read files to prevent a stack overflow (GHSA-8mpr-6xr2-chhc) 9313e53
* ImageMagick/ImageMagick#8555 a3d3de5
* ImageMagick/ImageMagick#8294 783af7c
* Fixed possible memory leak (GHSA-gm37-qx7w-p258) 30ce0e8
* Switch back to DestroyImage. 6a35526
* Set the count during the loop to make sure RelinquishIconDirectory frees the correct number of icons. fbbc4c9
* ImageMagick/ImageMagick#8556 4403def
* eliminate compiler warning b3357d6
* protect against relative paths 30fa8ba
* correct glob expression afbe0f1
* clarify path policy 795f581
* Added missing calls to DestroyImageInfo. 3d1e6fe
* Added workflow for the OpenSSF Scorecard. 89d20b0
* ImageMagick/ImageMagick#8557 7e128ba
* Pin all actions. de4e2c4
* Also update dockerfiles. 22a0933
* Pin more version. dc2303d
* Removed dockerfile updates from dependabot.yml fffcabb
* Added name to workflow. c94f0ff
* Correct pinning. 5a7452e
* Pin python versions. c53e7d2
* Corrected path. a64f30d
* Corrected install. d831c6e
* Added extra options to the pip install. 0ed22db
* Moved all windows implementations in utility-private to nt-base-private. afc7d4a
* Use CreateWidePath instead of create_wchar_path. 97500fe
* Corrected method name. 4599a45
* Improved the NTRealPathWide implementation. 9c7992e
* Added comment about the limitations of realpath. 2240bc0
* Fixed out of bound read with negative pixel index (GHSA-vpxv-r9pg-7gpr) c9c87db
* Prevent out of bounds heap write in uhdr encoder (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h) ffe589d
* Prevent memory leak in early exits (GHSA-g2pr-qxjg-7r2w) 93ad259
* Fixed NULL pointer dereference in ReadSFWImage (GHSA-p33r-fqw2-rqmm) 0c7d0b9
* Prevent code injection via PostScript header (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v) 26088a8
* Added extra check to prevent out of bounds heap write on 32-bit systems (GHSA-6j5f-24fw-pqp4) 23fde73
* Fixed possible memory leak (GHSA-3q5f-gmjc-38r8) e639409
* Disable multithreading when reading svg and msl files because of the splay tree. 410ecdd
* Corrected check to determine if the encoder supports multi threading. 764bff7
* latest autoconf/automake updates 706b179
* Fixed possible memory leak in multiple coders that write raw pixel data (GHSA-wfx3-6g53-9fgc) fe0a49a
* Properly escape strings when creating an MVG file in the internal SVG decoder (GHSA-xpg8-7m6m-jf56) f63c78b
* reset channel map when cache resources are exhausted 364606e
* revert and correct documentation instead e417d67
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84 5a545ab
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x2j6-6h5m-gjg4 13e1eac
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2 b9c80ad
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7 4354fc1
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7 bbae021
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84 1a51eb9
* Moved allocation to fix possible memory leak when at recursion depth. 7e63bb5
* Fixed out of bound read with negative pixel index (GHSA-vpxv-r9pg-7gpr) 21525d8
* Corrected previous patch and added more overflow checks. 31f10b1
* ImageMagick/ImageMagick#8562 7771657
* ImageMagick/ImageMagick#8563 49000e7
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x2j6-6h5m-gjg4 e5dcf54
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c 40cfaa7
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c e2d5b4f
* Ignore the return value differently. ca3b0da
* Corrected type to avoid an overflow (GHSA-r99p-5442-q2x2) e87695b
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q 3392b4b
* fix compiler warning 8ddc98d
* Removed unused return value. a48c7cb
* Fixed possible infinite loop (GHSA-v994-63cg-9wj3) 880057c
* Updated the Windows dependencies. f584f36
* cosmetic cfa749d
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v c448c69
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9 436e5d2
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mh5h-j6mf-5vr6 33531ba
* avoid deadly embrace for recursive MSL/SVG 017a836
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h4rj-wc46-x92p f9d6311
* base recursion detection based on thread id d72e868
* standards‑compliant thread id string efd91b9
* eliminate compiler warning 7b0899b
* Restored check that was removed by accident. 2ede3c9
* Escape more strings when creating an MVG file in the internal SVG decoder (GHSA-xpg8-7m6m-jf56) 9db9636
* Refactored code to improve the readability. 5c611d3
* Only disable multi threading for the RSVG decoder. 0be03b0
* private method name change 8f3c54f
* ImageMagick/ImageMagick#8567 e046417
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8 7cfae4d
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7r58-28vv-qj5p c12ff82
* add TEXT as a restricted module 83847c3
* https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f 0377e60
* protect against deep glob recursion e739a38
* assign critical memory 09c8589
* Write after we have checked if the realloc failed (GHSA-3j4x-rwrx-xxj9) 168ffe1
* latest automake/autoconfig updates c95a254
* Removed unnecessary typecast. 0106750
* Also escape > 9dda5c0
* Properly escape the strings that are written as raw html (GHSA-rw6c-xp26-225v) 81129f7
* Corrected possible use after free when allocation fails (GHSA-2gq3-ww97-wfjm) f504995
* Use a consistent check. 6aa3dd7
* Updated the Windows dependencies. 7a758ee
* partial TOCTOU patch: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3 3eb1126
* Updated the code-signing action. 27e4942
* Use the full path instead. 97b82c9
* Updated configure. 9e4cd4f
* Use the Installer from the Configure artifacts instead. a7d01e0
* Added missing clone. dc468e6
* Updated configure. 48a4a53
* release ab3e1de
To generate a diff of this commit:
cvs rdiff -u -r1.363 -r1.364 pkgsrc/graphics/ImageMagick/Makefile
cvs rdiff -u -r1.294 -r1.295 pkgsrc/graphics/ImageMagick/Makefile.common
cvs rdiff -u -r1.316 -r1.317 pkgsrc/graphics/ImageMagick/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/ImageMagick/Makefile
diff -u pkgsrc/graphics/ImageMagick/Makefile:1.363 pkgsrc/graphics/ImageMagick/Makefile:1.364
--- pkgsrc/graphics/ImageMagick/Makefile:1.363 Fri Feb 6 10:04:57 2026
+++ pkgsrc/graphics/ImageMagick/Makefile Tue Feb 24 06:44:25 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.363 2026/02/06 10:04:57 wiz Exp $
+# $NetBSD: Makefile,v 1.364 2026/02/24 06:44:25 triaxx Exp $
-PKGREVISION= 1
+#PKGREVISION= 1
.include "Makefile.common"
PKGNAME= ImageMagick-${DISTVERSION}
Index: pkgsrc/graphics/ImageMagick/Makefile.common
diff -u pkgsrc/graphics/ImageMagick/Makefile.common:1.294 pkgsrc/graphics/ImageMagick/Makefile.common:1.295
--- pkgsrc/graphics/ImageMagick/Makefile.common:1.294 Tue Jan 20 08:23:23 2026
+++ pkgsrc/graphics/ImageMagick/Makefile.common Tue Feb 24 06:44:25 2026
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile.common,v 1.294 2026/01/20 08:23:23 triaxx Exp $
+# $NetBSD: Makefile.common,v 1.295 2026/02/24 06:44:25 triaxx Exp $
#
# used by graphics/p5-PerlMagick/Makefile
#
# Changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
IM_MAJOR_VER= 7.1.2
-IM_MINOR_VER= 13
+IM_MINOR_VER= 15
IM_MAJOR_LIB_VER= 7
.if ${IM_MINOR_VER} != NONE
Index: pkgsrc/graphics/ImageMagick/distinfo
diff -u pkgsrc/graphics/ImageMagick/distinfo:1.316 pkgsrc/graphics/ImageMagick/distinfo:1.317
--- pkgsrc/graphics/ImageMagick/distinfo:1.316 Tue Jan 20 08:23:23 2026
+++ pkgsrc/graphics/ImageMagick/distinfo Tue Feb 24 06:44:25 2026
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.316 2026/01/20 08:23:23 triaxx Exp $
+$NetBSD: distinfo,v 1.317 2026/02/24 06:44:25 triaxx Exp $
-BLAKE2s (ImageMagick-7.1.2-13.tar.xz) = 80f75a2a7e6a290194d5afb2ed43b15aceceabc5044b8316357764319c62557d
-SHA512 (ImageMagick-7.1.2-13.tar.xz) = d666994797ef14f89960e4e934b7bd72e2657a274a56ac24b2e5f4f45219c20a0826afc5115e6e00fe87d88ef1052348f3e14cb31b94e70149dff241fa93d259
-Size (ImageMagick-7.1.2-13.tar.xz) = 10805152 bytes
+BLAKE2s (ImageMagick-7.1.2-15.tar.xz) = 68509ebc02ac17b0e68d6ca7277346d1c9e0463732fb4f04faa3a02a0bd01972
+SHA512 (ImageMagick-7.1.2-15.tar.xz) = cc0eb08110c25668ea67cc10bf916f7a960d0e35afa10a4de3661c18e0b2ebe3c4cf27ea721c1689b34284485d506a1d4812ec7a908c32ce6dc868111decba65
+Size (ImageMagick-7.1.2-15.tar.xz) = 10798676 bytes
SHA1 (patch-MagickCore_random.c) = 56b33395e4bbdffbff5094c40ecf4e2d4be3d813
SHA1 (patch-ghostscript-private.h) = ab25d5b565c11b98bf623f9f8afd0fedae9bf1fa
Home |
Main Index |
Thread Index |
Old Index