Hello community, here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2016-05-10 09:26:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old) and /work/SRC/openSUSE:Factory/.ImageMagick.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick" Changes: -------- --- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2016-04-30 23:24:32.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick.changes 2016-05-10 09:26:03.000000000 +0200 @@ -1,0 +2,16 @@ +Thu May 5 13:31:42 UTC 2016 - vci...@suse.com + +- Disable insecure coders [bnc#978061] + * ImageMagick-6.8.8-1-disable-insecure-coders.patch + * CVE-2016-3714 + * CVE-2016-3715 + * CVE-2016-3716 + * CVE-2016-3717 + * CVE-2016-3718 + +------------------------------------------------------------------- +Thu May 5 09:02:32 UTC 2016 - pgaj...@suse.com + +- Update to 6.9.3-10: fix imagetragick + +------------------------------------------------------------------- Old: ---- ImageMagick-6.9.3-8.tar.xz ImageMagick-6.9.3-8.tar.xz.asc New: ---- ImageMagick-6.8.8-1-disable-insecure-coders.patch ImageMagick-6.9.3-10.tar.xz ImageMagick-6.9.3-10.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.WtAFgw/_old 2016-05-10 09:26:04.000000000 +0200 +++ /var/tmp/diff_new_pack.WtAFgw/_new 2016-05-10 09:26:04.000000000 +0200 @@ -63,7 +63,7 @@ %define maj 6 %define mfr_version %{maj}.9.3 -%define mfr_revision 8 +%define mfr_revision 10 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 2 @@ -92,6 +92,7 @@ # bugs # will ask upstream if needed, or if other solution exists Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch +Patch20: ImageMagick-6.8.8-1-disable-insecure-coders.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %package -n perl-PerlMagick @@ -251,6 +252,7 @@ %patch3 -p1 %patch4 -p1 %patch11 -p1 +%patch20 -p1 # remove executeable bits from per demos chmod -x PerlMagick/demo/*.pl ++++++ ImageMagick-6.8.8-1-disable-insecure-coders.patch ++++++ Index: ImageMagick-6.8.8-1/config/policy.xml Disable insecure loaders by default bsc#978061 sfl...@suse.de =================================================================== --- ImageMagick-6.8.8-1.orig/config/policy.xml +++ ImageMagick-6.8.8-1/config/policy.xml @@ -56,4 +56,11 @@ <!-- <policy domain="resource" name="time" value="3600"/> --> <!-- <policy domain="system" name="precision" value="6"/> --> <policy domain="cache" name="shared-secret" value="passphrase"/> + <!-- Disable insecure coders by default --> + <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 --> + <policy domain="coder" rights="none" pattern="EPHEMERAL" /> + <policy domain="coder" rights="none" pattern="URL" /> + <policy domain="coder" rights="none" pattern="HTTPS" /> + <policy domain="coder" rights="none" pattern="MVG" /> + <policy domain="coder" rights="none" pattern="MSL" /> </policymap> ++++++ ImageMagick-6.9.3-8.tar.xz -> ImageMagick-6.9.3-10.tar.xz ++++++ /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-6.9.3-8.tar.xz /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick-6.9.3-10.tar.xz differ: char 26, line 1