Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2017-07-23 21:52:52 by S.P.Zeidler | Files touched by this commit (1) | |
Log message:
Pullup ticket #5519 - requested by taca
graphics/GraphicsMagick: security update
Revisions pulled up:
- graphics/p5-GraphicsMagick/Makefile 1.31
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Sun Jul 9 20:02:28 UTC 2017
Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common PLIST distinfo
pkgsrc/graphics/p5-GraphicsMagick: Makefile
Log message:
1.3.26:
Security Fixes:
---------------
DPX: Fix excessive use of memory (DOS issue) due to file header claiming \
large image dimensions but insufficient backing data. (CVE-2017-10799).
JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
MAT: Fix excessive use of memory (DOS issue) due to continuing processing \
with insufficient data and claimed large image size. Verify each file extent to \
make sure that it is within range of file size. (CVE-2017-10800).
META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
PCX: Fix denial of service issue.
RLE: Fix abnomally slow operation (denial of service issue) with \
intentionally corrupt colormapped file.
PICT: Fix possible buffer overflow vulnerability given suitably truncated \
input file.
PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a \
JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
PNG: Avoid NULL dereference when MAGN chunk processing fails.
SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
SGI: Fix denial of service issues. Delay large memory allocations until file \
header has fully passed sanity checks.
TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have \
only 2 samples per pixel (CVE-2017-6335).
TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only \
1 sample per pixel (CVE-2017-10794).
WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).
Bug fixes:
----------
DifferenceImage(): Fix Fix all-black difference image if an input file is \
colormapped.
EXIF orientation was not being properly detected for some files.
-frame: The import command -frame handling was improperly implemented and was \
using already freed data.
GIF: Fixes for "Excessive LZW string data" problem.
Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and \
PathSmoothCurvetoRel::operator().
PAM: Support writing GRAYSCALE PAM format.
PNG: Fix memory leaks.
SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
TclMagick: Problem that TkMagick could not resolve functions from TclMagick \
under Linux is fixed.
TclMagick: Fix parser validatation in magickCmd() to avoid crash given a \
syntax error.
TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG \
library in state 0. (LibJpeg).").
TXT: Fixed memory leak.
XCF: Error checking is improved.
New Features:
-------------
EXIF rotation: Support is added such that the EXIF orientation tag is updated \
when the image is rotated.
MAT: Now support reading multiple images from Matlab V4 format.
Magick++: Orientation method now updates orientation in EXIF profile, if it \
exists.
Magick++: Added Image attribute method which accepts a 'char *' argument, and \
will remove the attribute if the value argument is NULL.
-orient: The -orient command line option now also updates the orientation in \
the EXIF profile, if it exists.
PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds \
of what JasPer supports).
Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), \
MagickSetImageOrientation(), MagickRemoveImageOption(), and \
MagickClearException().
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/p5-GraphicsMagick/Makefile
|
Next | Query returned 1 messages, browsing 1 to 10 | previous