Hello community,
here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2016-06-03 16:36:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old)
and /work/SRC/openSUSE:Factory/.ImageMagick.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2016-05-24 09:33:46.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick.changes 2016-06-03 16:36:48.000000000 +0200
@@ -1,0 +2,29 @@
+Tue May 31 08:32:29 UTC 2016 - pgajdos@suse.com
+
+- updated to 6.9.4-5:
+ * Most OpenCL operations are now executed asynchronous.
+ * Security improvements to TEXT coder broke it (reference
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29754).
+ * Fix stroke offset problem for -annotate (reference
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29626).
+ * Add additional checks to DCM reader to prevent data-driven faults (bug
+ report from Hanno Böck).
+ * Fixed proper placement of text annotation for east / west gravity.
+2016-05-15 6.9.4-3 Cristy
+ * Fix pixel cache on disk regression (reference
+ https://github.com/ImageMagick/ImageMagick/issues/202).
+ * Quote passwords when passed to a delegate program.
+ * Can read geo-related EXIF metdata once-again (reference
+ https://github.com/ImageMagick/ImageMagick/issues/198).
+ * Sanitize all delegate emedded formatting characters.
+ * Don't sync pixel cache in AcquireAuthenticCacheView() (bug report from
+ Hanno Böck).
+
+-------------------------------------------------------------------
+Tue May 31 07:23:22 UTC 2016 - pgajdos@suse.com
+
+- security update:
+ * CVE-2016-5118 [bsc#982178]
+ + ImageMagick-CVE-2016-5118.patch
+
+-------------------------------------------------------------------
Old:
----
ImageMagick-6.9.4-1.tar.xz
ImageMagick-6.9.4-1.tar.xz.asc
New:
----
ImageMagick-6.9.4-5.tar.xz
ImageMagick-6.9.4-5.tar.xz.asc
ImageMagick-CVE-2016-5118.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ImageMagick.spec ++++++
--- /var/tmp/diff_new_pack.KJYFE7/_old 2016-06-03 16:36:50.000000000 +0200
+++ /var/tmp/diff_new_pack.KJYFE7/_new 2016-06-03 16:36:50.000000000 +0200
@@ -63,7 +63,7 @@
%define maj 6
%define mfr_version %{maj}.9.4
-%define mfr_revision 1
+%define mfr_revision 5
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 2
@@ -93,6 +93,7 @@
# will ask upstream if needed, or if other solution exists
Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch
Patch20: ImageMagick-6.8.8-1-disable-insecure-coders.patch
+Patch21: ImageMagick-CVE-2016-5118.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package -n perl-PerlMagick
@@ -253,6 +254,7 @@
%patch4
%patch11
%patch20 -p1
+%patch21 -p1
# remove executeable bits from per demos
chmod -x PerlMagick/demo/*.pl
++++++ ImageMagick-6.8.8-1-disable-insecure-coders.patch ++++++
--- /var/tmp/diff_new_pack.KJYFE7/_old 2016-06-03 16:36:50.000000000 +0200
+++ /var/tmp/diff_new_pack.KJYFE7/_new 2016-06-03 16:36:50.000000000 +0200
@@ -1,11 +1,11 @@
-Index: ImageMagick-6.9.4-1/config/policy.xml
+Index: ImageMagick-6.9.4-5/config/policy.xml
===================================================================
---- ImageMagick-6.9.4-1.orig/config/policy.xml 2016-05-09 19:28:58.000000000 +0200
-+++ ImageMagick-6.9.4-1/config/policy.xml 2016-05-17 11:09:37.470928022 +0200
-@@ -64,4 +64,15 @@
- <!-- <policy domain="coder" rights="none" pattern="HTTPS" /> -->
- <!-- <policy domain="path" rights="none" pattern="@*" /> -->
- <policy domain="cache" name="shared-secret" value="passphrase"/>
+--- ImageMagick-6.9.4-5.orig/config/policy.xml 2016-05-31 10:30:53.221396378 +0200
++++ ImageMagick-6.9.4-5/config/policy.xml 2016-05-31 10:31:24.605900830 +0200
+@@ -66,4 +66,15 @@
+ <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+ <!-- <policy domain="path" rights="none" pattern="|*" /> -->
+ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+ <!-- Disable insecure coders by default -->
+ <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
++++++ ImageMagick-6.9.4-1.tar.xz -> ImageMagick-6.9.4-5.tar.xz ++++++
/work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-6.9.4-1.tar.xz /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick-6.9.4-5.tar.xz differ: char 26, line 1
++++++ ImageMagick-CVE-2016-5118.patch ++++++
Index: ImageMagick-6.9.4-1/magick/blob.c
===================================================================
--- ImageMagick-6.9.4-1.orig/magick/blob.c 2016-05-09 19:28:58.000000000 +0200
+++ ImageMagick-6.9.4-1/magick/blob.c 2016-05-30 17:33:03.569022390 +0200
@@ -80,6 +80,9 @@
Define declarations.
*/
#define MagickMaxBlobExtent 65541
+
+#undef MAGICKCORE_HAVE_POPEN
+
#if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
# define MAP_ANONYMOUS MAP_ANON
#endif