As correcções de segurança
GraphicsMagick-1.3.17-alt1
build Slava Dubrovskiy,
2012-10-14
- New version
- Bugfix release (CVE-2012-3438 and CVE-2012-3386)
GraphicsMagick-1.3.12-alt1 build Slava Dubrovskiy, 2010-03-26
- New version
- Bugfix release (CVE-2010-0205)
MySQL-5.0.89-alt1 build Anton Farygin, 2010-01-25
- new version (closes #18943)
- fixed CVE-2009-2446 from upstream (closes #20724)
- setup utf8 encoding instead of latin1 by default (closes #12390)
- include C99 aliasing violation patch from mythtv (closes #22452)
- removed username-length patch
- wait for mysqld shutdown (closes #22234)
- don't run initial setup mysql database if mysql.user table already exists
GraphicsMagick-1.3.8-alt1 build Slava Dubrovskiy, 2010-01-23
- New version
- Fix ALT (#22348)
- Change number of bits in a pixel quantum 8 -> 16
- Fix build with libfpx
- Security Fixes:
+ Fix for CVE-2009-1882 "Integer overflow in the XMakeImage function".
+ Fix lockup due to hanging in loop while parsing malformed
sub-image specification (SourceForge issue 2886560).
+ Libltdl: Updated libtool to 2.2.6b in order to fix security issue.
Resolves CVE-2009-3736 as it pertains to GraphicsMagick.
- Bug fixes:
+ -convolve, -recolor: Validate that user-provided matrix is square
when parsing -convolve and -recolor commands in order to avoid a
core dump.
+ CALS: Reading images taller than the image width resulted in a
failure.
+ ConstituteImage(), DispatchImage(): 'A' and 'T' should indicate
transparency and 'O' should indicate opacity. Behavior was
inconsistent. In some cases 'O' meant transparency while in other
cases it meant opacity. Also, in a few cases, matte was not
getting enabled in the image as it should.
+ DCRAW: Module name was not registered so modules based builds were
not supporting formats provided via 'dcraw'.
+ GetOptimalKernelWidth1D(), GetOptimalKernelWidth2D(): In the Q32
build, convolution kernel size was estimated incorrectly for large
sigmas on 32-bit systems due to arithmetic overflow. This could
cause wrong results for -convolve, -blur, -sharpen, and other
algorithms which use these functions.
+ Image Size: Fixed the ability to pass the image size via the
filename specification like "myfile.jpg[640x480]" rather than
needing to use -size.
+ IPTC: Blob data needed to be padded to an even size. Size is now
correctly reported.
+ IPTC: Returned IPTC string values were one character too short.
+ Large Files: Large pixel cache files were not working under GNU Linux.
+ JP2: Fixed some value scaling problems.
+ JP2: Fix possible crash at exit when Jasper is used by a modules build.
+ MPC: is_monochrome and is_grayscale flags were not managed
properly for the MPC coder.
+ PCL: Page was not always being ejected.
+ PNG: The png8 encoder would fail when trying to write a 1-color image.
+ PSD: PSD parser was confused by 0x0 pixel layers, resulting in
image data corruption of all following layers.
+ -rotate, -shear: Some internally-reported errors were potentially
being lost.
+ Subrange/stdin: Commands now support reading an image from stdin
in conjunction with a subrange specification (e.g. "-[1]").
+ Magick++ STL ShadeImage: Implementation was completely botched.
- New Features:
+ CALS Type 1 files may now be written (Work contributed by John
Sergeant). CALS support is dependent on the TIFF library.
+ GROUP4RAW encoder supports reading/writing RAW Group4 data.
+ JP2: JPEG 2000 may now be written in arbitrary bit depths ranging
from 2 to 16 rather than just 8 or 16.
+ JPEG: IJG JPEG library version 7 is now supported.
+ JPEG: Added jpeg:block-smoothing and jpeg:fancy-upsampling defines
to control these JPEG library options.
+ JPEG: Detect and apply colorspaces appropriately for ITU FAX JPEG.
+ Resource Limits: There is now a "threads" resource limit which
allows specifying the number of OpenMP threads which may be used,
similar to the OMP_NUM_THREADS environment variable.
+ TIFF: Allow CIELAB TIFF to be read.
+ MagickGetImageAttribute()/MagickSetImageAttribute(): New Wand
methods to support getting and setting an image attribute.
Contributed by Mikko Koppanen.
+ ClonePixelWand(): New Wand method to deep-copy an existing pixel wand.
+ ClonePixelWands(): New Wand method to deep-copy an array of
existing pixel wands.
+ MagickCdlImage(): New Wand method to apply the ASC CDL to an
image.
+ MagickGetImageBoundingBox(): New Wand method to return the crop
bounding box required to remove any solid-color border from the
image.
+ MagickGetImageFuzz(), MagickSetImageFuzz(): New Wand methods to
get and set the color comparison fuzz factor.
+ MagickHaldClutImage(): New Wand method to apply a Hald CLUT to an
image.
+ MagickSetResolution(): New Wand method to set the wand resolution.
+ MagickSetResolutionUnits(): New Wand method to set the wand
resolution units.
MySQL-5.0.83-alt2 build L.A. Kostis, 2009-06-29
- Security fixes:
+ CVE-2008-4456: potential XSS in HTML output (closes #19843).
- Remove obsoleted macros.
aMule-2.2.5-alt1 build Ilya Mashkin, 2009-05-18
- 2.2.5
- fixed CVE-2009-1440 (Closes: #19829)
GraphicsMagick-1.2-alt1 build Slava Dubrovskiy, 2008-05-01
- New version
- Remove all patches
- Update spec
- Security fixes:
+ Fixes for CERT security alert TA04-217A described at
"http://www.us-cert.gov/cas/techalerts/TA04-217A.html".
+ AVI, BMP, & DIB security fixes.
+ PSD security fixes.
+ P7 format security fix.
+ Fix EXIF IFD stack overflow vulnerability.
+ SGI security fix for RLE encoding (CVE-2006-4144)
+ XCF security fix (CVE-2006-3743)
+ PALM heap overflow fix (CVE-2006-5456)
+ DCM security fix (CVE-2006-5456)
+ Fix for shell command injection in delegate code via file names)
(CVE-2005-4601). Delegate execution is much more secure now.
+ Don't use filenames as printf specifications (CVE-2006-0082).
+ Fix integer overflow in DCM coder (CVE-2007-1797).
+ XWD integer overflow fix (CVE-2007-1797).
+ Implementation has replaced usage of strcpy, strcat, and strncat
with the more security conscious strlcat and strlcpy.
+ DCM, DIB, XCF, XBM, and XWD security fix for integer overflow
vulnerability (IDefense 09.19.07).
+ Do not access X11 or invoke convenience or stealth delegate programs
based on the file extension. In particular, these file extensions are
rejected for consideration as a format specifier: 'autotrace',
'browse', 'dcraw', 'edit', 'gs-color', 'gs-color+alpha', 'gs-gray',
'gs-mono', 'launch', 'mpeg-encode', 'print', 'scan', 'show', 'win',
'xc', and 'x'.
- Bug fixes:
+ Ghostscript sometimes displays an error message and fails, yet it
returns a success error code to GraphicsMagick. Verify that
Ghostscript has updated the output file before attempting to use it.
+ Fixed a configure script syntax error when testing for trio.
+ When requesting a list of formats, all of the modules in the module
search path are considered. Previously only the modules in the same
directory as the LOGO module were listed.
+ Ensure that an image clip mask is respected by the negate algorithm.
+ The BMP writer was sometimes writing incorrect BMP v4 files.
+ Support reading and writing large PCX files.
+ Fixed a bug which could cause possible truncation while cloning the
image cache.
+ Ensure that MIFF files indicate the compression which was actually used.
+ Properly handle errors from libtiff so that corrupted images are not
output.
+ Fix for stripped-TIFF reader. Discard extra samples beyond alpha in
scanline TIFFs.
+ Endian option now controls TIFF byte-order rather than bit-order.
+ TIFF writer can now write to pipes and other non-seekable output
destinations.
+ JBIG writer was writing empty files for some libjbig releases.
+ Improved handling of corrupt GIF files.
+ Handle large SUN format images.
+ Properly compute image depth for 16-bit SGI image files.
+ For the gmdisplay program, ensure that only RGB data is sent to Windows.
+ Many memory leak fixes.
+ PDF writer is fixed so that Ghoscript 8.5 doesn't warn about the output.
+ PDF writer now writes proper output with CCITT compression.
+ Properly use fseeko() and ftello() if they are available.
+ Fixed a infinite loop bug in the XWD reader.
+ Fix minor memory leak in ProfileImage().
+ Fixed -level command parsing when a percent symbol is supplied within the
argument rather than at the end.
+ Fix pixel scaling problem caused by floating point
rounding error (noticed under AIX).
+ Fixed a memory leak in the GIF coder in the error return path.
+ Fix for SourceForge bug id 1353744 "MagickGetQuantumDepth doesn't work".
+ Fix for SourceForge bug id 1315109 "segfault in InitializeMagick(NULL)".
+ Fix for SourceForge bug id 1391421 "problem doing resize on 273x1 JPEG".
+ Fix for SourceForge bug id 1510075 "Failed to write PDF with JPEG compression".
+ Fix for SourceForge bug id 1572357 "GetOnePixel definition appears incorrect".
+ Fix for SourceForge bug id 1576616 Fix includedir variable in pkg-config files".
+ Fix for SourceForge bug id 1173713 "segfault in ModifyCache".
+ Fix for SourceForge bug id 1431805 "clip art wpg files cause access violation
in graphics magick".
+ Fix for SourceForge bug id 1743141 "Affine matrix option parsing".
+ Fix for SourceForge bug id 1625477 "Memory leak reading layered PSD Image".
+ Fix for SourceForge bug id 1878992 "literal square brackets in file
name cause large delay and bug id 1783209 "converting runs slowly
when subimage is specified".
+ Fix for SourceForge bug id 1883527 "compression of tiff-file has no effect".
+ Successfully read files in the form "file[123]".
+ Fix reading 12-bit grayscale JPEG.
+ Set image depth appropriately when importing image from X11 display.
+ Fix map resource tracking.
+ Fix reading recent variants of ImageMagick's MIFF format.
+ Output bilevel TIFF meeting the TIFF Class F specification.
- New Utilities:
+ A 'benchmark' subcommand is now available to benchmark the
performance of any other arbitrary subcommand (e.g. 'convert').
- Feature improvements:
+ LZW compression is now enabled by default.
+ Support industry-standard subsampling notation like "4:2:2".
+ If gm is executed under a traditional alternate name (e.g.
convert), it will invoke the appropriate sub-command. This allows
use of hard links, symbolic links, or just copying 'gm' to the
desired sub-command name in order to achieve 100% ImageMagick 5.5.2
utility compatibility.
+ Provide the --enable-magick-compat option when configuring to install
ImageMagick utilities compatibility links.
+ Identify -verbose output includes normalized (0.0-1.0) statistics.
+ Identify and convert now print "pixels per second" rates to help
evaluate performance.
+ Added the identify +ping option to force reading the complete file.
+ The display program now supports the +progress option to disable any
visual progress indication (and hourglass cursor) while loading images.
+ Support writing grayscale TGA files.
+ Provide explicit support for Rec 601 and Rec 709 grayscale spaces.
+ Include some support for a log RGB space based on the 2.048 density
range as defined for the Cineon Digital Film System.
+ Added utilities command-line support for industry standard subsampling
notation like 4:4:4 and 4:2:2.
+ Use MAGICK_IOBUF_SIZE to tune the size of the I/O buffer.
+ Use -type Bilevel, Grayscale, TrueColor, or TrueColorMatte to
influence the type of image that Ghostscript returns.
+ Use '-define tiff:fill-order={msb2lsb|lsb2msb}' to control TIFF bit
fill order.
+ The -version option now dumps a feature list as well as the build
options.
+ The -endian option now supports the option 'native'.
+ A -monitor is added to enable progress monitoring for the command line
utilities.
+ Use the -output-directory option to 'mogrify' to send output files to
the specified directory.
+ Use the -create-directories option in conjunction with
-output-directory and 'mogrify' to create any necessary subdirectories.
+ A Pixels resource limit is added. Use '-limit Pixels value' to limit
the maximum number of pixels in an image to 'value'.
+ The already supported option '-type Optimize' is now honored by
formats that need to choose a subformat based on the properties of
the image. Grueling tests of many/all pixels are not performed
unless '-type Optimize' is supplied.
+ Added a a -set option to the composite, convert, display, mogrify,
import commands in order to allow setting an image attribute.
+ Display utility no longer defaults to reading from standard input if
stdin is not a tty.
+ May now be configured to use the umem memory allocation library
available in Solaris 9, Update 3 and later, or from the portable umem
project.
- Coder additions/improvements:
+ Replaced existing DPX "support" with all-new DPX support conforming
to the SMPTE 268M-2003 standard.
+ Cineon reader completely rewritten.
+ TIFF coder is completely re-written. Now supports reading and
writing RGB, CMYK, and grayscale, scanline-oriented TIFF images
with arbitrary (1 to 32 bits) depth. Includes support for tiled
TIFF, floating point TIFF, LogLuv TIFF, BigTIFF, arbitrary depths,
and associated alpha.
+ TIFF coder now supports retrieving and saving XMP profiles.
+ MATLAB support is much improved and supports writing as well.
+ WPG reader now supports CTM translations.
+ ART format now supports writing.
+ Support 32-bit raw RGB images.
+ Support 32-bit raw CMYK images.
+ Support 32-bit raw gray images.
+ JP2 coder reads images in YCbCr colorspace and retrieves an embedded
ICC ICM color profile if present.
- Performance improvments:
+ The DispatchImage() and ConstituteImage() functions incorporate
special case code for BGR, BGRO, BGRP, RGB, RGBO, and I formats (8
bit only) in order to improve performance dramatically.
+ When writing very large JPEG images, don't enable Huffman compression
since doing so requires libjpeg to buffer the entire image in memory.
+ When using the 'identify' -verbose option, -verbose must be specified
twice in order to obtain the color count. This makes normal use of
-verbose much faster.
+ Significantly improved read/write speed for bilevel and gray images.
+ TIFF I/O is considerably faster.
+ Postscript writer is 10-15X faster.
+ PNM formats writer is 10-100X faster.
+ Rotate by 90 or 270 degrees is 2-9X faster.
PolicyKit-0.7-alt3 build Valery Inozemtsev, 2008-04-04
- fixed CVE-2008-1658
- drop polkit-bash-completion.sh (close #15232)
MySQL-5.0.51-alt2.a build L.A. Kostis, 2008-03-16
- 5.0.51a.
- Security fixes:
+ CVE-2008-0226, CVE-2008-0227 (Three vulnerabilities in yaSSL versions 1.7.5
that could lead to a server crash or execution of unauthorized code.)
+ ALTER VIEW retained the original DEFINER value, even when altered by
another user, which could allow that user to gain the access rights of the
view (MySQL #29908).
- Add glibc-locales to -server deps (ALT #13909 #14731).
- Make links to mysqld_safe for backwards compatibility (ALT #14863).
- Update html documentation to 10265 revsion.
SDL_image-1.2.6-alt3 build Pavlov Konstantin, 2008-02-14
- Buffer overflow fix in RLE decompression (CVE-2008-0544).
SDL_image-1.2.6-alt2 build Pavlov Konstantin, 2008-02-01
- Fix GIF handling buffer overflow (CVE-2007-6697).
MySQL-5.0.51-alt1 build L.A. Kostis, 2008-01-01
- 5.0.51.
- Security fixes:
+ CVE-2007-5969 (RENAME TABLE System Table Overwrite Vulnerability)
+ CVE-2007-6303 CVE-2007-6304
(Server Privilege Escalation And Denial Of Service Vulnerabilities)
- Update html documentation to 9232 revision.
GraphicsMagick-1.1.8-alt1 build Slava Dubrovskiy, 2007-07-30
- New version
- Removed patches from debian (in upstream)
- Security Fixes:
+ Shell command injection via delegates subsystem (CVE-2005-4601).
+ Insecure use of filenames as a "sprintf" specification (CVE-2006-0082).
+ EXIF IFD stack overflow vulnerability.
+ BMP format: Verify seek before proceeding.
+ DCM format: Buffer overflow prevention (CVE-2006-5456).
+ DCM format: Integer overflow prevention (CVE-2007-1797).
+ PALM format: Heap overflow prevention (CVE-2006-5456).
+ SGI format: Fixes for RLE decoding issue (CVE-2006-4144).
+ XCF format: Buffer overflow prevention, infinite loop prevention.
- Bugs Fixed:
+ Typo when searching for HTMLDecodeDelegate.
+ Avoid crash if delegate program fails to return an image.
+ EXIF memory leak fixes.
+ Command parser memory leak fixes.
+ Deadlock fix for event log initialization.
+ Work with latest Ghostscript "GPL Ghostscript" under Windows.
+ 'gm import' now returns image of appropriate depth.
+ Fixed memory map resource managment.
+ Fixed includedir variable in pkg-config files.
+ Fixed validation of -affine argument.
+ Fixed bug where fseeko() and ftello() were not used when available.
+ Fixed issue when pread() and pwrite() prototypes are missing.
+ Fixed pixel cache issues when size_t is an unsigned type.
+ Fixed dcraw delegate options to work with modern dcraw.
+ Fixed -level argument parsing to allow embedded % characters.
+ Fix for segfault in InitializeMagick(NULL).
+ Fix for segfault in ModifyCache().
+ Fix for Wand MagickGetQuantumDepth() interface.
+ Fix for GrayscalePseudoClassImage() on 64-bit systems.
+ Fix for MagickReallocMemory memory leak under certain error conditions.
+ Validate BLOB access range.
+ ICON format: Segfault fix.
+ JPEG format: Fixed reading 12-bit grayscale JPEG.
+ MAT format: Stability improvements.
+ MIFF format: Handle a compression value of 'None'.
+ PCX format: Segfault fix. Heap overflow fix.
+ PDF format: Fixed writing with JPEG compression.
+ PICT format: Segfault fix.
+ PNG format: Fixed compile problem with some libpng versions. Segfault fix.
+ PNM format: Fixed scaling problem due to rounding error. Validate scaling.
+ PSD format: Fixed memory leak with layerd PSD files.
+ SGI format: Handle 16-bit SGI image files correctly.
+ SUN format: Segfault fix.
+ TIFF format: Secure error reporting. Finally support LZW under Windows.
+ WPG format: Fixed crash with clip-art WPG files.
+ XWD format: Fix for integer under/overflow.
- Feature Improvements
+ CIN format: Implementation is entirely replaced.
+ MAT format: Support Byte and Word formats, as well as big/little endian.
+ WPG format: Support for CTM translation.
MySQL-5.0.41-alt1 build L.A. Kostis, 2007-05-28
- 5.0.41 release.
- Fix CVE-2007-2583 DoS (Failure to Handle Exceptional Conditions).
- Added patches from BK:
+ BUG#28337 (NOT EXISTS with GROUP BY behaves different in 5.0.40).
- Update ALTLinux patches:
+ install-db patch.
+ username-length patch.
- Updated html help (to 6552 revision).
- Allow custom nice setting for mysqld (fix ALT #10941).
- Added mysqld-multi (fix ALT #5715).
- Added several files for -server and client.
MySQL-5.0.21-alt1 build LAKostis, 2006-05-10
- 5.0.21.
- Remove bk patches (merged to upstream).
- Update install_db patch.
- Update -no-atomic patch.
- Remove tinfo patch (http://bugs.mysql.com/bug.php?id=18912).
- Security fixes:
+ CVE-2006-1516;
+ CVE-2006-1517;
+ CVE-2006-1518.
MySQL-5.0.18-alt2 build LAKostis, 2006-04-09
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009