Hello community, here is the log from the commit of package GraphicsMagick for openSUSE:Factory checked in at 2017-07-21 22:50:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old) and /work/SRC/openSUSE:Factory/.GraphicsMagick.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "GraphicsMagick" Fri Jul 21 22:50:45 2017 rev:58 rq:511779 version:1.3.26 Changes: -------- --- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes 2017-07-01 14:06:35.167304852 +0200 +++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new/GraphicsMagick.changes 2017-07-21 22:50:46.669060471 +0200 @@ -1,0 +2,79 @@ +Fri Jul 21 08:47:35 UTC 2017 - tchva...@suse.com + +- Drop patches not meintioned in the changelog ever: + * GraphicsMagick-debian-fixed.patch + * GraphicsMagick-include.patch + * GraphicsMagick-perl-link.patch + * The package builds just fine without them and there is no + refference explaining it +- Convert the deps to pkgconfig variants where possible. + +------------------------------------------------------------------- +Fri Jul 21 08:29:03 UTC 2017 - tchva...@suse.com + +- Version update to 1.3.26: + * DPX: Fix excessive use of memory (DOS issue) due to file header + claiming large image dimensions but insufficient backing + data. (CVE-2017-10799 bsc#1047054). + * JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350). + * MAT: Fix excessive use of memory (DOS issue) due to continuing + processing with insufficient data and claimed large image + size. Verify each file extent to make sure that it is within range + of file size. (CVE-2017-10800 bsc#1047044). + * META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800). + * PCX: Fix denial of service issue. + * RLE: Fix abnomally slow operation (denial of service issue) with + intentionally corrupt colormapped file. + * PICT: Fix possible buffer overflow vulnerability given suitably + truncated input file. + * PNG: Enforce spec requirement that the dimensions of the JPEG + embedded in a JDAT chunk must match the JHDR dimensions + (CVE-2016-9830). + * PNG: Avoid NULL dereference when MAGN chunk processing fails. + * SCT: Fix stack-buffer read overflow (underflow?) while reading SCT + header. + * SGI: Fix denial of service issues. Delay large memory allocations + until file header has fully passed sanity checks. + * TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to + have only 2 samples per pixel (CVE-2017-6335 bsc#1027255). + * TIFF: Fix out of bounds read when reading RGB TIFF which claims to + have only 1 sample per pixel (CVE-2017-10794). + * WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash + (CVE-2016-7997). + * DifferenceImage(): Fix Fix all-black difference image if an input + file is colormapped. + * EXIF orientation was not being properly detected for some files. + * -frame: The `import` command -frame handling was improperly + implemented and was using already freed data. + * GIF: Fixes for "Excessive LZW string data" problem. + * Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and + PathSmoothCurvetoRel::operator(). + * PAM: Support writing GRAYSCALE PAM format. + * PNG: Fix memory leaks. + * SVG: Fixed a memory leak. Fixed a possible null pointer dereference. + * TclMagick: Problem that TkMagick could not resolve functions from + TclMagick under Linux is fixed. + * TclMagick: Fix parser validatation in magickCmd() to avoid crash + given a syntax error. + * TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG + library in state 0. (LibJpeg)."). + * TXT: Fixed memory leak. + * XCF: Error checking is improved. + * EXIF rotation: Support is added such that the EXIF orientation tag + is updated when the image is rotated. + * MAT: Now support reading multiple images from Matlab V4 format. + * Magick++: Orientation method now updates orientation in EXIF + profile, if it exists. + * Magick++: Added Image attribute method which accepts a 'char *' + argument, and will remove the attribute if the value argument is + NULL. + * -orient: The -orient command line option now also updates the + orientation in the EXIF profile, if it exists. + * PGX: Support PGX JPEG 2000 format for reading and writing (within + the bounds of what JasPer supports). + * Wand API: Added MagickAutoOrientImage(), + MagickGetImageOrientation(), MagickSetImageOrientation(), + MagickRemoveImageOption(), and MagickClearException(). +- Drop merged patch GraphicsMagick-CVE-2017-8350.patch + +------------------------------------------------------------------- Old: ---- GraphicsMagick-1.3.25.tar.bz2 GraphicsMagick-CVE-2017-8350.patch GraphicsMagick-debian-fixed.patch GraphicsMagick-include.patch GraphicsMagick-perl-link.patch New: ---- GraphicsMagick-1.3.26.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ GraphicsMagick.spec ++++++ --- /var/tmp/diff_new_pack.TxcFvN/_old 2017-07-21 22:50:47.572932968 +0200 +++ /var/tmp/diff_new_pack.TxcFvN/_new 2017-07-21 22:50:47.572932968 +0200 @@ -16,15 +16,15 @@ # -Name: GraphicsMagick -Version: 1.3.25 -Release: 0 # Define Quantum depth %define quant 16 %define base_version 1.3 %define so_ver 3 %define pp_so_ver 12 %define wand_so_ver 2 +Name: GraphicsMagick +Version: 1.3.26 +Release: 0 Summary: Viewer and Converter for Images License: MIT Group: Productivity/Graphics/Convertors @@ -33,29 +33,24 @@ # following typemap file is needed for building PerlMagick with perl 5.16; # should be present in Graphics Magick 1.4.0 Source1: typemap -Patch0: %{name}-perl-link.patch -Patch2: %{name}-debian-fixed.patch -Patch10: %{name}-include.patch -Patch11: GraphicsMagick-CVE-2017-8350.patch BuildRequires: cups-client BuildRequires: dcraw -BuildRequires: freetype2-devel BuildRequires: gcc-c++ BuildRequires: ghostscript-fonts-other BuildRequires: ghostscript-fonts-std BuildRequires: ghostscript-library -BuildRequires: libbz2-devel BuildRequires: libjasper-devel BuildRequires: libjbig-devel -BuildRequires: liblcms2-devel BuildRequires: libltdl-devel -BuildRequires: libtiff-devel -BuildRequires: libwebp-devel BuildRequires: libwmf-devel -BuildRequires: libxml2-devel BuildRequires: pkgconfig +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(freetype2) +BuildRequires: pkgconfig(lcms2) +BuildRequires: pkgconfig(libtiff-4) +BuildRequires: pkgconfig(libwebp) +BuildRequires: pkgconfig(libxml-2.0) Requires: xorg-x11-fonts -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description GraphicsMagick(TM) provides a powerful image manipulation @@ -228,16 +223,11 @@ %prep %setup -q -%patch0 -p1 -%patch2 -p1 -%patch10 -%patch11 -p1 %build -export PERLOPTS="PREFIX=%{buildroot}%{_prefix}" # This shouldn't be there yet. rm -f PerlMagick/Makefile.PL -export CFLAGS="$RPM_OPT_FLAGS -fPIE" +export CFLAGS="%{optflags} -fPIE" %configure --enable-shared --disable-static \ --with-modules --enable-lzw \ --with-frozenpaths \ @@ -249,7 +239,6 @@ --with-x \ --x-libraries=%{_libdir} \ --x-includes=%{_prefix}/include -# --with-perl-options="$PERLOPTS" \ make %{?_smp_mflags} LDFLAGS="-pie" cd PerlMagick if [ -e PerlMagick/typemap ]; then @@ -275,36 +264,31 @@ rm -f `find %{buildroot}%{_libexecdir}/perl*/ -name perllocal.pod -type f` rm -f `find %{buildroot}%{_libexecdir}/perl*/ -name .packlist -type f` rm -f %{buildroot}%{_localstatedir}/adm/perl-modules/GraphicsMagick -rm -f %{buildroot}%{_libdir}/*.la +rm -f %{buildroot}%{_libdir}/libGraphicsMagick.la +rm -f %{buildroot}%{_libdir}/libGraphicsMagick++.la +rm -f %{buildroot}%{_libdir}/libGraphicsMagickWand.la %check -make check +make %{?_smp_mflags} check %post -n libGraphicsMagick-Q%{quant}-%{so_ver} -p /sbin/ldconfig - %postun -n libGraphicsMagick-Q%{quant}-%{so_ver} -p /sbin/ldconfig - %post -n libGraphicsMagickWand-Q%{quant}-%{wand_so_ver} -p /sbin/ldconfig - %postun -n libGraphicsMagickWand-Q%{quant}-%{wand_so_ver} -p /sbin/ldconfig - %post -n libGraphicsMagick++-Q%{quant}-%{pp_so_ver} -p /sbin/ldconfig - %postun -n libGraphicsMagick++-Q%{quant}-%{pp_so_ver} -p /sbin/ldconfig %files -%defattr(644, root, root, 755) %docdir %{_defaultdocdir}/%{name} %{_defaultdocdir}/%{name} %doc %{_datadir}/%{name}-%{version} %exclude %{_datadir}/%{name}-%{version}/config %attr(755, root, root) %{_bindir}/gm -%doc %{_mandir}/man1/gm.1.gz -%doc %{_mandir}/man4/*gz -%doc %{_mandir}/man5/*gz +%{_mandir}/man1/gm.1%{ext_man} +%{_mandir}/man4/*%{ext_man} +%{_mandir}/man5/*%{ext_man} %files -n libGraphicsMagick-Q%{quant}-%{so_ver} -%defattr(644, root, root, 755) %{_libdir}/lib%{name}-Q%{quant}.so.* %dir %{_libdir}/%{name}-%{version} %dir %{_libdir}/%{name}-%{version}/modules-Q%{quant} @@ -314,18 +298,15 @@ %{_libdir}/%{name}-%{version}/modules-Q%{quant}/*/*.la %files -n libGraphicsMagick%{so_ver}-config -%defattr(-,root,root) %dir %{_libdir}/%{name}-%{version}/config %{_libdir}/%{name}-%{version}/config/*.mgk %dir %{_datadir}/%{name}-%{version} %{_datadir}/%{name}-%{version}/config %files -n libGraphicsMagickWand-Q%{quant}-%{wand_so_ver} -%defattr(644, root, root, 755) %{_libdir}/lib%{name}Wand-Q%{quant}.so.* %files devel -%defattr(644, root, root, 755) %dir %{_includedir}/%{name} %dir %{_includedir}/%{name}/wand %{_includedir}/%{name}/wand/* @@ -338,24 +319,21 @@ %{_libdir}/pkgconfig/%{name}Wand.pc %attr(755, root, root) %{_bindir}/%{name}-config %attr(755, root, root) %{_bindir}/%{name}Wand-config -%doc %{_mandir}/man1/%{name}-config.1.gz -%doc %{_mandir}/man1/%{name}Wand-config.1.gz +%{_mandir}/man1/%{name}-config.1%{ext_man} +%{_mandir}/man1/%{name}Wand-config.1%{ext_man} %files -n perl-GraphicsMagick -%defattr(644, root, root, 755) %dir %{perl_vendorarch}/Graphics %dir %{perl_vendorarch}/auto/Graphics %dir %{perl_vendorarch}/auto/Graphics/Magick %{perl_vendorarch}/Graphics/Magick.pm %{perl_vendorarch}/auto/Graphics/Magick/* -%doc %{_mandir}/man3/*gz +%{_mandir}/man3/*%{ext_man} %files -n libGraphicsMagick++-Q%{quant}-%{pp_so_ver} -%defattr(644, root, root, 755) %{_libdir}/lib%{name}++-Q%{quant}.so.* %files -n libGraphicsMagick++-devel -%defattr(644, root, root, 755) %dir %{_includedir}/%{name} %dir %{_includedir}/%{name}/Magick++ %{_includedir}/%{name}/Magick++.h @@ -363,6 +341,6 @@ %{_libdir}/lib%{name}++.so %{_libdir}/pkgconfig/%{name}++.pc %attr(755, root, root) %{_bindir}/%{name}++-config -%doc %{_mandir}/man1/%{name}++-config.1.gz +%{_mandir}/man1/%{name}++-config.1%{ext_man} %changelog ++++++ GraphicsMagick-1.3.25.tar.bz2 -> GraphicsMagick-1.3.26.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick-1.3.25.tar.bz2 /work/SRC/openSUSE:Factory/.GraphicsMagick.new/GraphicsMagick-1.3.26.tar.bz2 differ: char 11, line 1