Navigation:
Browse pkgsrc
(this page)
graphics p5-Graph..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2017-07-23 21:52:52 by S.P.Zeidler | Files touched by this commit (1) |  |
Log message: Pullup ticket #5519 - requested by taca graphics/GraphicsMagick: security update Revisions pulled up: - graphics/p5-GraphicsMagick/Makefile 1.31 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Sun Jul 9 20:02:28 UTC 2017 Modified Files: pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common PLIST distinfo pkgsrc/graphics/p5-GraphicsMagick: Makefile Log message: 1.3.26: Security Fixes: --------------- DPX: Fix excessive use of memory (DOS issue) due to file header claiming \ large image dimensions but insufficient backing data. (CVE-2017-10799). JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350). MAT: Fix excessive use of memory (DOS issue) due to continuing processing \ with insufficient data and claimed large image size. Verify each file extent to \ make sure that it is within range of file size. (CVE-2017-10800). META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800). PCX: Fix denial of service issue. RLE: Fix abnomally slow operation (denial of service issue) with \ intentionally corrupt colormapped file. PICT: Fix possible buffer overflow vulnerability given suitably truncated \ input file. PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a \ JDAT chunk must match the JHDR dimensions (CVE-2016-9830). PNG: Avoid NULL dereference when MAGN chunk processing fails. SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header. SGI: Fix denial of service issues. Delay large memory allocations until file \ header has fully passed sanity checks. TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have \ only 2 samples per pixel (CVE-2017-6335). TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only \ 1 sample per pixel (CVE-2017-10794). WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997). Bug fixes: ---------- DifferenceImage(): Fix Fix all-black difference image if an input file is \ colormapped. EXIF orientation was not being properly detected for some files. -frame: The import command -frame handling was improperly implemented and was \ using already freed data. GIF: Fixes for "Excessive LZW string data" problem. Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and \ PathSmoothCurvetoRel::operator(). PAM: Support writing GRAYSCALE PAM format. PNG: Fix memory leaks. SVG: Fixed a memory leak. Fixed a possible null pointer dereference. TclMagick: Problem that TkMagick could not resolve functions from TclMagick \ under Linux is fixed. TclMagick: Fix parser validatation in magickCmd() to avoid crash given a \ syntax error. TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG \ library in state 0. (LibJpeg)."). TXT: Fixed memory leak. XCF: Error checking is improved. New Features: ------------- EXIF rotation: Support is added such that the EXIF orientation tag is updated \ when the image is rotated. MAT: Now support reading multiple images from Matlab V4 format. Magick++: Orientation method now updates orientation in EXIF profile, if it \ exists. Magick++: Added Image attribute method which accepts a 'char *' argument, and \ will remove the attribute if the value argument is NULL. -orient: The -orient command line option now also updates the orientation in \ the EXIF profile, if it exists. PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds \ of what JasPer supports). Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), \ MagickSetImageOrientation(), MagickRemoveImageOption(), and \ MagickClearException(). To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/p5-GraphicsMagick/Makefile |
New packages: