ALT Linux repositórios
S: | 1.3.42-alt1 |
5.0: | 1.3.1-alt3 |
4.1: | 1.1.11-alt1 |
4.0: | 1.1.8-alt1 |
3.0: | |
+backports: | 1.1.7-alt5.0.M30 |
Group :: Gráficos
RPM: GraphicsMagick
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
30 julho 2007 Slava Dubrovskiy <dubrsl at altlinux.org> 1.1.8-alt1
- New version
- Removed patches from debian (in upstream)
- Security Fixes:
+ Shell command injection via delegates subsystem (CVE-2005-4601).
+ Insecure use of filenames as a "sprintf" specification (CVE-2006-0082).
+ EXIF IFD stack overflow vulnerability.
+ BMP format: Verify seek before proceeding.
+ DCM format: Buffer overflow prevention (CVE-2006-5456).
+ DCM format: Integer overflow prevention (CVE-2007-1797).
+ PALM format: Heap overflow prevention (CVE-2006-5456).
+ SGI format: Fixes for RLE decoding issue (CVE-2006-4144).
+ XCF format: Buffer overflow prevention, infinite loop prevention. - Bugs Fixed:
+ Typo when searching for HTMLDecodeDelegate.
+ Avoid crash if delegate program fails to return an image.
+ EXIF memory leak fixes.
+ Command parser memory leak fixes.
+ Deadlock fix for event log initialization.
+ Work with latest Ghostscript "GPL Ghostscript" under Windows.
+ 'gm import' now returns image of appropriate depth.
+ Fixed memory map resource managment.
+ Fixed includedir variable in pkg-config files.
+ Fixed validation of -affine argument.
+ Fixed bug where fseeko() and ftello() were not used when available.
+ Fixed issue when pread() and pwrite() prototypes are missing.
+ Fixed pixel cache issues when size_t is an unsigned type.
+ Fixed dcraw delegate options to work with modern dcraw.
+ Fixed -level argument parsing to allow embedded % characters.
+ Fix for segfault in InitializeMagick(NULL).
+ Fix for segfault in ModifyCache().
+ Fix for Wand MagickGetQuantumDepth() interface.
+ Fix for GrayscalePseudoClassImage() on 64-bit systems.
+ Fix for MagickReallocMemory memory leak under certain error conditions.
+ Validate BLOB access range.
+ ICON format: Segfault fix.
+ JPEG format: Fixed reading 12-bit grayscale JPEG.
+ MAT format: Stability improvements.
+ MIFF format: Handle a compression value of 'None'.
+ PCX format: Segfault fix. Heap overflow fix.
+ PDF format: Fixed writing with JPEG compression.
+ PICT format: Segfault fix.
+ PNG format: Fixed compile problem with some libpng versions. Segfault fix.
+ PNM format: Fixed scaling problem due to rounding error. Validate scaling.
+ PSD format: Fixed memory leak with layerd PSD files.
+ SGI format: Handle 16-bit SGI image files correctly.
+ SUN format: Segfault fix.
+ TIFF format: Secure error reporting. Finally support LZW under Windows.
+ WPG format: Fixed crash with clip-art WPG files.
+ XWD format: Fix for integer under/overflow. - Feature Improvements
+ CIN format: Implementation is entirely replaced.
+ MAT format: Support Byte and Word formats, as well as big/little endian.
+ WPG format: Support for CTM translation.
- Delete fonts-ttf-ms from BuildPreReq (#11385)
- Split of libraries, documents and imagemagick-compat packages
- Add GraphicsMagick.desktop
- Add GraphicsMagick-libpath.patch for fix link PerlMagick
- Add chrpath -r /usr/lib /usr/lib/perl5/vendor_perl/i386-linux/auto/Graphics/Magick/Magick.so
- Add graphicsmagick_1.1.7-11.diff.gz from Debian
+ config/delegates.mgk.in: Lose obsolete option -2 when calling dcraw
delegate. Fixes support for raw image data from digital cameras.
+ coders/png.c: Fix syntax errors in asm controlling code of PNG coder.
+ coders/dcm.c: Fix buffer overflow, thanks to M Joonas Pihlaja. (CVE-2006-5456)
+ coders/palm.c: Fix multiple heap overflows, thanks to M Joonas Pihlaja. (CVE-2006-5456)
+ coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
+ coders/sgi.c: Fix multiple heap overflow vulnerabilities in SGI coder due to - missing boundary checks in SGIDecode();
- missing validation of pixel depth field;
- integer overflow via large columns and rows fields (CVE-2006-4144)
- missing validation of chunk size fields (variable 'runlength') in
run-length encoded images.
+ coders/sgi.c: Check for bogus values of 'bytes_per_pixel' and 'depth'.
+ coders/sgi.c: Fix calculation of internal depth value.
+ magick/cache.c: Include definition of HAVE_PREAD before checking its
value. Now really pulls in proper declarations of pread() and pwrite().
+ coders/wpg.c: Fix segfault in WPG decoder.
+ tests/drawtest.c: Make sure filename strings do not run out of bounds.
+ magick/cache.c: Define as _XOPEN_SOURCE to pull in declarations for
Unix98 extensions pread() and pwrite().
+ magick/montage.c: Fix bogus modulation of brightness when creating
shadows around tiles in montage. Instead, drop constant grey shadow
like current ImageMagick.
+ PerlMagick/t/montage.t: Update reference signatures for montage test
cases with shadow according to above change.
+ magick/tempfile.c: Canonify relative paths before referring to
them in a symlink.
+ magick/{blob.c,command.c,image.c,log.c,utility.c,utility.h}:
FormatString() was called with unsanitized user input. Introduced
new helper function FormatStringNumeric() to allow a single numeric
format expansion. (This is a more complete fix for CAN-2005-0397
reported against ImageMagick.)
+ magick/attribute.c: Apply missing piece of fix for heap overflow in
EXIF parser from ImageMagick patch. (CAN-2004-0981)
+ configure.ac, configure: Fix typo that lead to an undefined delegate
for HTML conversion.
+ magick/constitute.c: Apply upstream fix for potential NULL pointer
dereference in ReadImage().
+ magick/{delegate.c,symbols.h,tempfile.h,tempfile.c}: When calling
external delegates, check filename against whitelist of safe
characters, and pass securely named symlink to delegate if check fails.
(CVE-2005-4601)
- Rebuild with new libjasper
- Fix russian filename in dialog "Open ..."
- Update BuildRequires
- Cleanup spec
- removed miff.4.gz & quantize.5.gz for compatibility with ImageMagick
- in GraphicsMagick-devel added dir /usr/include/GraphicsMagick
- in perl-GraphicsMagick added dir /usr/lib/perl5/vendor_perl/i386-linux/auto/Graphics/
- Compatibility with ImageMagick is cleaned (#9074)
- initial build