Hello community, here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2016-06-09 15:56:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old) and /work/SRC/openSUSE:Factory/.ImageMagick.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ImageMagick" Changes: -------- --- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2016-06-03 16:36:48.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick.changes 2016-06-09 15:56:42.000000000 +0200 @@ -1,0 +2,15 @@ +Mon Jun 6 08:51:19 UTC 2016 - pgajdos@suse.com + +- updated to 6.9.4-7: + * Fix small memory leak (patch provided by Андрей Черный). + * Coder path traversal is not authorized (bug report provided by + Masaaki Chida). + * Turn off alpha channel for the compare difference image (reference + http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29828). + * Support configure script --enable-pipes option to enable pipes (|) in + filenames. + * Support configure script --enable-indirect-reads option to enable + indirect reads (@) in filenames. +- remove ImageMagick-CVE-2016-5118.patch, use --enable-pipes=no instead + +------------------------------------------------------------------- Old: ---- ImageMagick-6.9.4-5.tar.xz ImageMagick-6.9.4-5.tar.xz.asc ImageMagick-CVE-2016-5118.patch New: ---- ImageMagick-6.9.4-7.tar.xz ImageMagick-6.9.4-7.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.v3QfT0/_old 2016-06-09 15:56:44.000000000 +0200 +++ /var/tmp/diff_new_pack.v3QfT0/_new 2016-06-09 15:56:44.000000000 +0200 @@ -63,7 +63,7 @@ %define maj 6 %define mfr_version %{maj}.9.4 -%define mfr_revision 5 +%define mfr_revision 7 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 2 @@ -93,7 +93,6 @@ # will ask upstream if needed, or if other solution exists Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch Patch20: ImageMagick-6.8.8-1-disable-insecure-coders.patch -Patch21: ImageMagick-CVE-2016-5118.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %package -n perl-PerlMagick @@ -254,7 +253,6 @@ %patch4 %patch11 %patch20 -p1 -%patch21 -p1 # remove executeable bits from per demos chmod -x PerlMagick/demo/*.pl @@ -295,7 +293,9 @@ --with-webp \ --with-wmf \ --with-quantum-depth=%{quantum_depth} \ - --without-gcc-arch + --without-gcc-arch \ + --enable-pipes=no \ + --enable-indirect-reads=no # don't build together, PerlMagick could be miscompiled when using parallel build[1] # [1] http://pkgs.fedoraproject.org/cgit/ImageMagick.git/tree/ImageMagick.spec make %{?_smp_mflags} all ++++++ ImageMagick-6.9.4-5.tar.xz -> ImageMagick-6.9.4-7.tar.xz ++++++ /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-6.9.4-5.tar.xz /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick-6.9.4-7.tar.xz differ: char 26, line 1