- updated to 6.9.4-7:

* Fix small memory leak (patch provided by Андрей Черный). * Coder path traversal is not authorized (bug report provided by Masaaki Chida). * Turn off alpha channel for the compare difference image (reference http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29828). * Support configure script --enable-pipes option to enable pipes (|) in filenames. * Support configure script --enable-indirect-reads option to enable indirect reads (@) in filenames. - remove ImageMagick-CVE-2016-5118.patch, use --enable-pipes=no instead OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=259
2016-06-06 09:03:41 +00:00 · 2016-06-06 09:03:41 +00:00 · 4e9ec2b869
commit 4e9ec2b869
parent 6d2fad2b57
7 changed files with 39 additions and 38 deletions
--- a/ImageMagick-6.9.4-5.tar.xz
+++ b/ImageMagick-6.9.4-5.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:39a65b8e2371db36cb63709dea0b15f08a6870f8ce6103432f068112d9513c5a
-size 8784244
--- a/ImageMagick-6.9.4-5.tar.xz.asc
+++ b/ImageMagick-6.9.4-5.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXTFLsAAoJEImrY9SCdzd6GLgQAJeeF5t6PQkb8dAuyc9Ss5j7
-xeg2mG7ez716czxZHzfGkHEDUAUhwpxcNGvR8mIYUpfDQU6C6XdS1DdFCWwfDXdA
-2KcCtsmjHyWVlkLR+HNg76zq11GSXeLaXS2xTuoiXvzYKuUL5izy7rwVQ3j4LPSM
-MptdXajRLQVX1NvHAAuRSTG1vAddd5FGKWx1mNfKEUPXiD++OA+YyoaPlH6SZeMc
-jlHYSpLOsVIobgShbqPo91w4LJ/ofSUFQqK/99tTeGMaxrfEmn8TtWp44g7vZrFO
-Zlmuxmpe9d9PUAPqE2mc8qFfa7/tVi+qiIdgio3cELT2f0bS5woSN5vRo2SsA6Cm
-QtD615yXSrxrG2CQ5vINhRmHK2OoQLheIRzIhZcvgrIJejxsA3ku8LAdvddXHzG5
-UB4AngmaQX8Y9/FGZHpJLD0xkn/k+zNySALQvq+67MJLQI8G63bJfZXssWTk5az8
-G3Z25Z2x+rmkvUlJj7qEUHLhZ50GkSjxHJUixKYwYd24C+ga0fJDtyr9cPQPoUPj
-K7+CwtdO3cV8FM71e1koJuvMcdnhVIezn556U70uQB8FchuLSQ6lGFO/3Ar3gBu8
-4pkrK0+tDKJSC+mXMDUL8Jr+wY+dGL+ZXmYTI7TP4WwEyyT3dqimTWcEQjJEBKNS
-M1q6F1wzyRsCLS9EYOdg
-=Y14c
-----END PGP SIGNATURE-----
--- a/ImageMagick-6.9.4-7.tar.xz
+++ b/ImageMagick-6.9.4-7.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f54fc8dcdb328404d1f89ddebe75d603e22894d3786ca2f2a9677478135b4c86
+size 8792244
--- a/ImageMagick-6.9.4-7.tar.xz.asc
+++ b/ImageMagick-6.9.4-7.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJXUbUTAAoJEImrY9SCdzd6fGUQAKPX/kantePbnSjHHHhcWEnA
+VUaC/hROkOIA678eTmwK8EwHaYld+taDx47ok1MxLh4kODffHfQyx2IV3s8fHtM3
+JW1P1pYPhn6k4tr+5NmUZ8ODDRt506JUrAfrywH/cBbBmL0+ZEXUncZqZDP5bUmf
+DYRc2Cyzf3UfJFBwCHBlmHYnKjR162w1baqWkFpTMXoT00+hK3UZnVqjEqykOkmE
+k5nO4L/Od1yKhvj0OttrC0AuCMYjoWsVVmnP/iKspVnS60rnrcV+H0Hp3syZCTTB
+Qn/u0soPbb2ca6SY8wVXXXCp8ELYCTEmTgtPIuLfaeYxHSijXI/86xDL1qVBiJ28
+KojGa9tXmBqxZjikJAcnODUdwdWgA5SC3dKXeQYcSbQ3aB8t0RjwW9m81bxWJ3bv
+m9f3diF8TAgocHsaQ90s8rREDPA3jT030aGouYXP0CUija4dklhTLBXKUI4tfGoi
+87rgLq1B1my1tVbNZC7oU590u4R3+GC+E8GthxFTE+hD8EpEw9OwlAuQYJqk9FvU
+9o9arRx23Lg/ZApMKA6QoDxRDcYXqOVfSYfvFtecDWCrhFnNw6l5Sg8MaG0wpWBg
+OYalC7cflMlIKDhjJ6JwTICON6nR0QIXqXAzTZNtrX5dpdZwRH8MNVb1RO6zfPqY
+tEdR7rmpLXNUJZpj0rPW
+=qQzc
+-----END PGP SIGNATURE-----
--- a/ImageMagick-CVE-2016-5118.patch
+++ b/ImageMagick-CVE-2016-5118.patch
@ -1,14 +0,0 @@
-Index: ImageMagick-6.9.4-1/magick/blob.c
-===================================================================
--- ImageMagick-6.9.4-1.orig/magick/blob.c	2016-05-09 19:28:58.000000000 +0200
-+++ ImageMagick-6.9.4-1/magick/blob.c	2016-05-30 17:33:03.569022390 +0200
-@@ -80,6 +80,9 @@
-   Define declarations.
- */
- #define MagickMaxBlobExtent  65541
-+
-+#undef MAGICKCORE_HAVE_POPEN
-+
- #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
- # define MAP_ANONYMOUS  MAP_ANON
- #endif
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Mon Jun  6 08:51:19 UTC 2016 - pgajdos@suse.com
+
+- updated to 6.9.4-7:
+  * Fix small memory leak (patch provided by Андрей Черный).
+  * Coder path traversal is not authorized (bug report provided by
+    Masaaki Chida).
+  * Turn off alpha channel for the compare difference image (reference
+    http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29828).
+  * Support configure script --enable-pipes option to enable pipes (|) in
+    filenames.
+  * Support configure script --enable-indirect-reads option to enable
+    indirect reads (@) in filenames.
+- remove ImageMagick-CVE-2016-5118.patch, use --enable-pipes=no instead
+
 -------------------------------------------------------------------
 Tue May 31 08:32:29 UTC 2016 - pgajdos@suse.com

--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -63,7 +63,7 @@ BuildRequires:  zip

 %define maj           6
 %define mfr_version   %{maj}.9.4
-%define mfr_revision  5
+%define mfr_revision  7
 %define quantum_depth 16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver   2
@ -93,7 +93,6 @@ Patch4:         ImageMagick-6.8.5.7-no-XPMCompliance.patch
 # will ask upstream if needed, or if other solution exists
 Patch11:        ImageMagick-6.8.4.0-dont-build-in-install.patch
 Patch20:        ImageMagick-6.8.8-1-disable-insecure-coders.patch
-Patch21:        ImageMagick-CVE-2016-5118.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %package -n perl-PerlMagick
@ -254,7 +253,6 @@ HTML documentation for ImageMagick library and scene examples.
 %patch4
 %patch11
 %patch20 -p1
-%patch21 -p1

 # remove executeable bits from per demos
 chmod -x PerlMagick/demo/*.pl
@ -295,7 +293,9 @@ automake
  --with-webp \
  --with-wmf \
  --with-quantum-depth=%{quantum_depth} \
-  --without-gcc-arch
+  --without-gcc-arch \
+  --enable-pipes=no \
+  --enable-indirect-reads=no
 # don't build together, PerlMagick could be miscompiled when using parallel build[1]
 # [1] http://pkgs.fedoraproject.org/cgit/ImageMagick.git/tree/ImageMagick.spec
 make %{?_smp_mflags} all