[Bug 214511] graphics/ImageMagick7: Update to 7.0.3-6

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Nov 14 18:33:12 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214511

            Bug ID: 214511
           Summary: graphics/ImageMagick7: Update to 7.0.3-6
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/ImageMagick/ImageMagick/blob/ImageM
                    agick-6/ChangeLog
                OS: Any
            Status: New
          Keywords: needs-qa, patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: kwm at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
                CC: ports-secteam at FreeBSD.org
             Flags: maintainer-feedback?(kwm at FreeBSD.org),
                    merge-quarterly?
          Assignee: kwm at FreeBSD.org

Created attachment 177002
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177002&action=edit
Bump IM7 to latest

Please bump ImageMagick7 to latest version, 7.0.3-6. There are some security
fixes there as well (no assigned CVEs as of yet, afaik).

Summarized ChangeLog since 7.0.2-9:

  * Off by one memory allocation (reference
    https://github.com/ImageMagick/ImageMagick/issues/296).
  * The -extent option now matches the results of IMv6 (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=30779).
  * Prevent fault in MSL interpreter (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797).
  * Mask composite produces proper results for the convert utility (reference
    http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29675).
  * Added layer RLE compression to the PSD encoder.
  * Fixed incorrect parsing with ordered dither. (reference
    https://github.com/ImageMagick/ImageMagick/issues/254)
  * Unit test pass again after small SUN image patch.
  * Fixed incorrect RLE decoding when reading a DCM image that contains
    multiple segments.
  * Fixed incorrect RLE decoding when reading an SGI image (reference 
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)
  * Added layer RLE compression to the PSD encoder.
  * Added define 'psd:preserve-opacity-mask' to preserve the opacity mask
    in a PSD file.
  * Fixed issue where the display window was used instead of the data window
    when reading EXR files (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&p=137849).
  * Fixed reading DXT1 images with an alpha channel.
  * Fixed incorrect padding calculation in PSD encoder.
  * Added define 'psd:additional-info' to preserve the additional information
    in a PSD file.
  * Prevent buffer overflow in BMP & SGI coders (bug report from
    pwchen&rayzhong of tencent).
  * Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and
    CALS coders (bug report from Donghai Zhu).
  * The -stream option now increments the pixel pointer properly (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30327).

Note that vulnerability to CVE-2016-8866 (incomplete fix to CVE-2016-8862)
still appears unfixed, but at least the bump covers many other fixes.

https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/

Request merge to Quarterly, all the changes are bug or security fixes.

Currently running Poudriere tests.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list