Subject: CVS commit: [pkgsrc-2017Q2] pkgsrc/graphics/p5-GraphicsMagick
From: S.P.Zeidler
Date: 2017-07-23 21:52:52
Message id: 20170723195252.AC14EFAA6@cvs.NetBSD.org

Log Message:
Pullup ticket #5519 - requested by taca
graphics/GraphicsMagick: security update

Revisions pulled up:
- graphics/p5-GraphicsMagick/Makefile                          1.31

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Sun Jul  9 20:02:28 UTC 2017

   Modified Files:
   	pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common PLIST distinfo
   	pkgsrc/graphics/p5-GraphicsMagick: Makefile

   Log Message:
   1.3.26:

   Security Fixes:
   ---------------
   DPX: Fix excessive use of memory (DOS issue) due to file header claiming \ 
large image dimensions but insufficient backing data. (CVE-2017-10799).
   JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
   MAT: Fix excessive use of memory (DOS issue) due to continuing processing \ 
with insufficient data and claimed large image size. Verify each file extent to \ 
make sure that it is within range of file size. (CVE-2017-10800).
   META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
   PCX: Fix denial of service issue.
   RLE: Fix abnomally slow operation (denial of service issue) with \ 
intentionally corrupt colormapped file.
   PICT: Fix possible buffer overflow vulnerability given suitably truncated \ 
input file.
   PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a \ 
JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
   PNG: Avoid NULL dereference when MAGN chunk processing fails.
   SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
   SGI: Fix denial of service issues. Delay large memory allocations until file \ 
header has fully passed sanity checks.
   TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have \ 
only 2 samples per pixel (CVE-2017-6335).
   TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only \ 
1 sample per pixel (CVE-2017-10794).
   WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).

   Bug fixes:
   ----------
   DifferenceImage(): Fix Fix all-black difference image if an input file is \ 
colormapped.
   EXIF orientation was not being properly detected for some files.
   -frame: The import command -frame handling was improperly implemented and was \ 
using already freed data.
   GIF: Fixes for "Excessive LZW string data" problem.
   Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and \ 
PathSmoothCurvetoRel::operator().
   PAM: Support writing GRAYSCALE PAM format.
   PNG: Fix memory leaks.
   SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
   TclMagick: Problem that TkMagick could not resolve functions from TclMagick \ 
under Linux is fixed.
   TclMagick: Fix parser validatation in magickCmd() to avoid crash given a \ 
syntax error.
   TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG \ 
library in state 0. (LibJpeg).").
   TXT: Fixed memory leak.
   XCF: Error checking is improved.

   New Features:
   -------------
   EXIF rotation: Support is added such that the EXIF orientation tag is updated \ 
when the image is rotated.
   MAT: Now support reading multiple images from Matlab V4 format.
   Magick++: Orientation method now updates orientation in EXIF profile, if it \ 
exists.
   Magick++: Added Image attribute method which accepts a 'char *' argument, and \ 
will remove the attribute if the value argument is NULL.
   -orient: The -orient command line option now also updates the orientation in \ 
the EXIF profile, if it exists.
   PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds \ 
of what JasPer supports).
   Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), \ 
MagickSetImageOrientation(), MagickRemoveImageOption(), and \ 
MagickClearException().

   To generate a diff of this commit:

   cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/p5-GraphicsMagick/Makefile

Files:
RevisionActionfile
1.30.2.1modifypkgsrc/graphics/p5-GraphicsMagick/Makefile