CVS commit: [pkgsrc-2017Q2] pkgsrc/graphics/GraphicsMagick

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2017Q2] pkgsrc/graphics/GraphicsMagick
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sun, 23 Jul 2017 19:52:42 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Sun Jul 23 19:52:42 UTC 2017

Modified Files:
        pkgsrc/graphics/GraphicsMagick [pkgsrc-2017Q2]: Makefile
            Makefile.common PLIST distinfo

Log Message:
Pullup ticket #5518 - requested by taca
graphics/GraphicsMagick: security update

Revisions pulled up:
- graphics/GraphicsMagick/Makefile                              1.81
- graphics/GraphicsMagick/Makefile.common                       1.17
- graphics/GraphicsMagick/PLIST                                 1.25
- graphics/GraphicsMagick/distinfo                              1.43

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Sun Jul  9 20:02:28 UTC 2017

   Modified Files:
        pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common PLIST distinfo
        pkgsrc/graphics/p5-GraphicsMagick: Makefile

   Log Message:
   1.3.26:

   Security Fixes:
   ---------------
   DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799).
   JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
   MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file 
size. (CVE-2017-10800).
   META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
   PCX: Fix denial of service issue.
   RLE: Fix abnomally slow operation (denial of service issue) with intentionally corrupt colormapped file.
   PICT: Fix possible buffer overflow vulnerability given suitably truncated input file.
   PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
   PNG: Avoid NULL dereference when MAGN chunk processing fails.
   SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
   SGI: Fix denial of service issues. Delay large memory allocations until file header has fully passed sanity checks.
   TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335).
   TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794).
   WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).

   Bug fixes:
   ----------
   DifferenceImage(): Fix Fix all-black difference image if an input file is colormapped.
   EXIF orientation was not being properly detected for some files.
   -frame: The import command -frame handling was improperly implemented and was using already freed data.
   GIF: Fixes for "Excessive LZW string data" problem.
   Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and PathSmoothCurvetoRel::operator().
   PAM: Support writing GRAYSCALE PAM format.
   PNG: Fix memory leaks.
   SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
   TclMagick: Problem that TkMagick could not resolve functions from TclMagick under Linux is fixed.
   TclMagick: Fix parser validatation in magickCmd() to avoid crash given a syntax error.
   TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG library in state 0. (LibJpeg).").
   TXT: Fixed memory leak.
   XCF: Error checking is improved.

   New Features:
   -------------
   EXIF rotation: Support is added such that the EXIF orientation tag is updated when the image is rotated.
   MAT: Now support reading multiple images from Matlab V4 format.
   Magick++: Orientation method now updates orientation in EXIF profile, if it exists.
   Magick++: Added Image attribute method which accepts a 'char *' argument, and will remove the attribute if the value argument is NULL.
   -orient: The -orient command line option now also updates the orientation in the EXIF profile, if it exists.
   PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds of what JasPer supports).
   Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), MagickSetImageOrientation(), MagickRemoveImageOption(), and MagickClearException().

   To generate a diff of this commit:
   cvs rdiff -u -r1.80 -r1.81 pkgsrc/graphics/GraphicsMagick/Makefile
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/graphics/GraphicsMagick/Makefile.common
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/graphics/GraphicsMagick/PLIST
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/graphics/GraphicsMagick/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.80.4.1 pkgsrc/graphics/GraphicsMagick/Makefile
cvs rdiff -u -r1.16 -r1.16.4.1 pkgsrc/graphics/GraphicsMagick/Makefile.common
cvs rdiff -u -r1.24 -r1.24.8.1 pkgsrc/graphics/GraphicsMagick/PLIST
cvs rdiff -u -r1.42 -r1.42.8.1 pkgsrc/graphics/GraphicsMagick/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/GraphicsMagick/Makefile
diff -u pkgsrc/graphics/GraphicsMagick/Makefile:1.80 pkgsrc/graphics/GraphicsMagick/Makefile:1.80.4.1
--- pkgsrc/graphics/GraphicsMagick/Makefile:1.80        Thu Mar  9 10:47:24 2017
+++ pkgsrc/graphics/GraphicsMagick/Makefile     Sun Jul 23 19:52:42 2017
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.80 2017/03/09 10:47:24 jperkin Exp $
+# $NetBSD: Makefile,v 1.80.4.1 2017/07/23 19:52:42 spz Exp $
 
-PKGREVISION=   2
 .include "Makefile.common"
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost

Index: pkgsrc/graphics/GraphicsMagick/Makefile.common
diff -u pkgsrc/graphics/GraphicsMagick/Makefile.common:1.16 pkgsrc/graphics/GraphicsMagick/Makefile.common:1.16.4.1
--- pkgsrc/graphics/GraphicsMagick/Makefile.common:1.16 Thu Jan 19 18:52:11 2017
+++ pkgsrc/graphics/GraphicsMagick/Makefile.common      Sun Jul 23 19:52:42 2017
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.16 2017/01/19 18:52:11 agc Exp $
+# $NetBSD: Makefile.common,v 1.16.4.1 2017/07/23 19:52:42 spz Exp $
 # used by graphics/GraphicsMagick/Makefile
 # used by graphics/p5-GraphicsMagick/Makefile
 
 GM_MAJOR_VER=  1.3
-GM_MINOR_VER=  25
+GM_MINOR_VER=  26
 DISTVERSION=   ${GM_MAJOR_VER}.${GM_MINOR_VER}
 DISTNAME=      GraphicsMagick-${DISTVERSION}
 CATEGORIES=    graphics

Index: pkgsrc/graphics/GraphicsMagick/PLIST
diff -u pkgsrc/graphics/GraphicsMagick/PLIST:1.24 pkgsrc/graphics/GraphicsMagick/PLIST:1.24.8.1
--- pkgsrc/graphics/GraphicsMagick/PLIST:1.24   Wed Sep  7 06:29:31 2016
+++ pkgsrc/graphics/GraphicsMagick/PLIST        Sun Jul 23 19:52:42 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2016/09/07 06:29:31 wiz Exp $
+@comment $NetBSD: PLIST,v 1.24.8.1 2017/07/23 19:52:42 spz Exp $
 bin/GraphicsMagick++-config
 bin/GraphicsMagick-config
 bin/GraphicsMagickWand-config
@@ -234,6 +234,7 @@ share/doc/GraphicsMagick/www/ChangeLog-2
 share/doc/GraphicsMagick/www/ChangeLog-2013.html
 share/doc/GraphicsMagick/www/ChangeLog-2014.html
 share/doc/GraphicsMagick/www/ChangeLog-2015.html
+share/doc/GraphicsMagick/www/ChangeLog-2016.html
 share/doc/GraphicsMagick/www/Changelog.html
 share/doc/GraphicsMagick/www/Changes.html
 share/doc/GraphicsMagick/www/Copyright.html
@@ -369,6 +370,7 @@ share/doc/GraphicsMagick/www/quantize.ht
 share/doc/GraphicsMagick/www/reference.html
 share/doc/GraphicsMagick/www/security.html
 share/doc/GraphicsMagick/www/smile.c
+share/doc/GraphicsMagick/www/thanks.html
 share/doc/GraphicsMagick/www/time.html
 share/doc/GraphicsMagick/www/tools.html
 share/doc/GraphicsMagick/www/utilities.html

Index: pkgsrc/graphics/GraphicsMagick/distinfo
diff -u pkgsrc/graphics/GraphicsMagick/distinfo:1.42 pkgsrc/graphics/GraphicsMagick/distinfo:1.42.8.1
--- pkgsrc/graphics/GraphicsMagick/distinfo:1.42        Wed Sep  7 06:29:31 2016
+++ pkgsrc/graphics/GraphicsMagick/distinfo     Sun Jul 23 19:52:42 2017
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.42 2016/09/07 06:29:31 wiz Exp $
+$NetBSD: distinfo,v 1.42.8.1 2017/07/23 19:52:42 spz Exp $
 
-SHA1 (GraphicsMagick-1.3.25.tar.xz) = 0dcf4c1f6f3ead29147ea0392a148ce50cd64bb4
-RMD160 (GraphicsMagick-1.3.25.tar.xz) = 6a4e8c415c3d268a46f1327c819d7ec2afd9bc60
-SHA512 (GraphicsMagick-1.3.25.tar.xz) = d62d6aee96d7b8444f1aa206b0c5cbbed9511612cb71d667af072ea52b68dcd11088699debc58faacbb014ad83fb8c2b3e474220f506069f7b5d22f0340f8ef8
-Size (GraphicsMagick-1.3.25.tar.xz) = 5387880 bytes
+SHA1 (GraphicsMagick-1.3.26.tar.xz) = 2cc885d1b157996aa14c98e34f7aa17815d00c41
+RMD160 (GraphicsMagick-1.3.26.tar.xz) = 3dd490364c3e4498c308c38b26a0fe41cf4e81f2
+SHA512 (GraphicsMagick-1.3.26.tar.xz) = b33ca0f1c858428693aee27a9089acff9e63d1110f85fa036894cfefe6274e7b2422758ea39852f94fdb4823c9c3f3c44b0d8906627503301f5928096f739f22
+Size (GraphicsMagick-1.3.26.tar.xz) = 5400564 bytes
 SHA1 (patch-config_delegates.mgk.in) = c7a38daeeccd12e19480d1222e400899da1d4153

Prev by Date: CVS commit: pkgsrc/devel/py-test-xdist
Next by Date: CVS commit: [pkgsrc-2017Q2] pkgsrc/graphics/p5-GraphicsMagick
Previous by Thread: CVS commit: pkgsrc/devel/py-test-xdist
Next by Thread: CVS commit: [pkgsrc-2017Q2] pkgsrc/graphics/p5-GraphicsMagick
Indexes:

Home | Main Index | Thread Index | Old Index