Update to 6.9.9-3. Fixes bug #1299275

Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485
Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470
Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463
Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845
Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391
Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847
Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824
Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801
Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798
Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796
Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774
Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757
Fix CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function - bug #1473717
Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835
Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121
Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669
Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253
Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584
Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898
Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444
Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446
Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445
Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510
Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442
Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478
Fix CVE-2016-10071 ImageMagick: Out-of-bounds read in mat.c - bug #1410513
Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469
Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466
Fix CVE-2016-10052 ImageMagick: Out-of-bounds write in exif (jpeg) reader - bug #1410459
Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454
Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452
Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448
Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698
Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141
Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138
ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428
Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,1378739,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,1378756,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,1378767,1378768,1378772,1378773,1378775,1378776,1378777,1378790
Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file  - bug #1354500,1361578
epel8
Kevin Fenzi 8 years ago
parent 40c1a441bb
commit 42733cb3a5

1
.gitignore vendored

@ -22,3 +22,4 @@ ImageMagick-6.4.0-multilib.patch
/ImageMagick-6.9.1-3.tar.bz2 /ImageMagick-6.9.1-3.tar.bz2
/ImageMagick-6.9.2-7.tar.xz /ImageMagick-6.9.2-7.tar.xz
/ImageMagick-6.9.3-0.tar.xz /ImageMagick-6.9.3-0.tar.xz
/ImageMagick-6.9.9-3.tar.xz

@ -1,28 +0,0 @@
diff -NurEbBH ImageMagick-6.9.2-7.orig/wand/MagickWand-config.in ImageMagick-6.9.2-7/wand/MagickWand-config.in
--- ImageMagick-6.9.2-7.orig/wand/MagickWand-config.in 2015-11-26 17:14:07.000000000 +0300
+++ ImageMagick-6.9.2-7/wand/MagickWand-config.in 2015-12-05 21:53:37.350660894 +0300
@@ -38,19 +38,19 @@
echo '@PACKAGE_VERSION@ Q@QUANTUM_DEPTH@ @MAGICK_HDRI@'
;;
--cflags)
- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand
+ pkg-config --cflags MagickWand
;;
--cxxflags)
- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand
+ pkg-config --cflags MagickWand
;;
--cppflags)
- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand
+ pkg-config --cflags MagickWand
;;
--ldflags)
- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --libs MagickWand
+ pkg-config --libs MagickWand
;;
--libs)
- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --libs MagickWand
+ pkg-config --libs MagickWand
;;
*)
echo "${usage}" 1>&2

@ -0,0 +1,28 @@
diff -Nur ImageMagick-6.9.9-3.orig/wand/MagickWand-config.in ImageMagick-6.9.9-3/wand/MagickWand-config.in
--- ImageMagick-6.9.9-3.orig/wand/MagickWand-config.in 2017-07-24 06:37:55.000000000 -0700
+++ ImageMagick-6.9.9-3/wand/MagickWand-config.in 2017-07-27 15:17:55.343675457 -0700
@@ -38,19 +38,19 @@
echo '@PACKAGE_VERSION@ Q@QUANTUM_DEPTH@ @MAGICK_HDRI@'
;;
--cflags)
- @PKG_CONFIG@ --cflags MagickWand
+ pkg-config --cflags MagickWand
;;
--cxxflags)
- @PKG_CONFIG@ --cflags MagickWand
+ pkg-config --cflags MagickWand
;;
--cppflags)
- @PKG_CONFIG@ --cflags MagickWand
+ pkg-config --cflags MagickWand
;;
--ldflags)
- @PKG_CONFIG@ --libs MagickWand
+ pkg-config --libs MagickWand
;;
--libs)
- @PKG_CONFIG@ --libs MagickWand
+ pkg-config --libs MagickWand
;;
*)
echo "${usage}" 1>&2

@ -1,18 +1,17 @@
%global VER 6.9.3 %global VER 6.9.9
%global Patchlevel 0 %global Patchlevel 3
Name: ImageMagick Name: ImageMagick
Version: %{VER}.%{Patchlevel} Version: %{VER}.%{Patchlevel}
Release: 8%{?dist} Release: 1%{?dist}
Summary: An X application for displaying and manipulating images Summary: An X application for displaying and manipulating images
Group: Applications/Multimedia Group: Applications/Multimedia
License: ImageMagick License: ImageMagick
Url: http://www.imagemagick.org/ Url: http://www.imagemagick.org/
Source0: ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar.xz Source0: https://www.imagemagick.org/download/%{name}-%{VER}-%{Patchlevel}.tar.xz
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
BuildRequires: libtiff-devel, giflib-devel, zlib-devel, perl-devel >= 5.8.1 BuildRequires: libtiff-devel, giflib-devel, zlib-devel, perl-devel >= 5.8.1
BuildRequires: perl-generators BuildRequires: perl-generators
@ -24,7 +23,7 @@ BuildRequires: fftw-devel, OpenEXR-devel, libwebp-devel
BuildRequires: jbigkit-devel BuildRequires: jbigkit-devel
BuildRequires: openjpeg2-devel >= 2.1.0 BuildRequires: openjpeg2-devel >= 2.1.0
Patch0: ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch Patch0: ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch
%description %description
ImageMagick is an image display and manipulation tool for the X ImageMagick is an image display and manipulation tool for the X
@ -175,9 +174,6 @@ cp -a www/source %{buildroot}%{_datadir}/doc/%{name}-%{VER}
# Delete *ONLY* _libdir/*.la files! .la files used internally to handle plugins - BUG#185237!!! # Delete *ONLY* _libdir/*.la files! .la files used internally to handle plugins - BUG#185237!!!
rm %{buildroot}%{_libdir}/*.la rm %{buildroot}%{_libdir}/*.la
# fix weird perl Magick.so permissions
chmod 755 %{buildroot}%{perl_vendorarch}/auto/Image/Magick/Magick.so
# perlmagick: fix perl path of demo files # perlmagick: fix perl path of demo files
%{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl %{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl
@ -249,8 +245,8 @@ make %{?_smp_mflags} check
%files libs %files libs
%doc LICENSE NOTICE AUTHORS.txt QuickStart.txt %doc LICENSE NOTICE AUTHORS.txt QuickStart.txt
%{_libdir}/libMagickCore-6.Q16.so.2* %{_libdir}/libMagickCore-6.Q16.so.5*
%{_libdir}/libMagickWand-6.Q16.so.2* %{_libdir}/libMagickWand-6.Q16.so.5*
%{_libdir}/%{name}-%{VER} %{_libdir}/%{name}-%{VER}
%{_datadir}/%{name}-6 %{_datadir}/%{name}-6
%exclude %{_libdir}/%{name}-%{VER}/modules-Q16/coders/djvu.* %exclude %{_libdir}/%{name}-%{VER}/modules-Q16/coders/djvu.*
@ -291,7 +287,7 @@ make %{?_smp_mflags} check
%files c++ %files c++
%doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README %doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README
%doc www/Magick++/COPYING %doc www/Magick++/COPYING
%{_libdir}/libMagick++-6.Q16.so.6* %{_libdir}/libMagick++-6.Q16.so.8*
%files c++-devel %files c++-devel
%doc Magick++/examples %doc Magick++/examples
@ -310,6 +306,47 @@ make %{?_smp_mflags} check
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
%changelog %changelog
* Thu Jul 27 2017 Kevin Fenzi <kevin@scrye.com> - 6.9.9.3-1
- Update to 6.9.9-3. Fixes bug #1299275
- Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485
- Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470
- Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463
- Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845
- Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391
- Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847
- Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824
- Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801
- Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798
- Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796
- Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774
- Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757
- Fix CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function - bug #1473717
- Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835
- Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121
- Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669
- Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253
- Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584
- Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898
- Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444
- Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446
- Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445
- Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510
- Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442
- Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478
- Fix CVE-2016-10071 ImageMagick: Out-of-bounds read in mat.c - bug #1410513
- Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469
- Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466
- Fix CVE-2016-10052 ImageMagick: Out-of-bounds write in exif (jpeg) reader - bug #1410459
- Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454
- Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452
- Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448
- Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698
- Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141
- Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138
- ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428
- Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,1378739,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,1378756,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,1378767,1378768,1378772,1378773,1378775,1378776,1378777,1378790
- Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file - bug #1354500,1361578
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.9.3.0-8 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.9.3.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

@ -1 +1 @@
87939f4f82d6f24a28d3106a58d523d8 ImageMagick-6.9.3-0.tar.xz SHA512 (ImageMagick-6.9.9-3.tar.xz) = df1cad5cd087d18dea233eec52a7b1119d766a551b26b606e3e9b03547db5a3c132980608eccad16dd8415158e449c63bc0baf725995ccc3ddfe254d5008f676

Loading…
Cancel
Save