Hello community, here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2016-06-03 16:36:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old) and /work/SRC/openSUSE:Factory/.ImageMagick.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick" Changes: -------- --- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2016-05-24 09:33:46.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick.changes 2016-06-03 16:36:48.000000000 +0200 @@ -1,0 +2,29 @@ +Tue May 31 08:32:29 UTC 2016 - pgaj...@suse.com + +- updated to 6.9.4-5: + * Most OpenCL operations are now executed asynchronous. + * Security improvements to TEXT coder broke it (reference + https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29754). + * Fix stroke offset problem for -annotate (reference + https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29626). + * Add additional checks to DCM reader to prevent data-driven faults (bug + report from Hanno Böck). + * Fixed proper placement of text annotation for east / west gravity. +2016-05-15 6.9.4-3 Cristy <quetzlzacatenango@image...> + * Fix pixel cache on disk regression (reference + https://github.com/ImageMagick/ImageMagick/issues/202). + * Quote passwords when passed to a delegate program. + * Can read geo-related EXIF metdata once-again (reference + https://github.com/ImageMagick/ImageMagick/issues/198). + * Sanitize all delegate emedded formatting characters. + * Don't sync pixel cache in AcquireAuthenticCacheView() (bug report from + Hanno Böck). + +------------------------------------------------------------------- +Tue May 31 07:23:22 UTC 2016 - pgaj...@suse.com + +- security update: + * CVE-2016-5118 [bsc#982178] + + ImageMagick-CVE-2016-5118.patch + +------------------------------------------------------------------- Old: ---- ImageMagick-6.9.4-1.tar.xz ImageMagick-6.9.4-1.tar.xz.asc New: ---- ImageMagick-6.9.4-5.tar.xz ImageMagick-6.9.4-5.tar.xz.asc ImageMagick-CVE-2016-5118.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.KJYFE7/_old 2016-06-03 16:36:50.000000000 +0200 +++ /var/tmp/diff_new_pack.KJYFE7/_new 2016-06-03 16:36:50.000000000 +0200 @@ -63,7 +63,7 @@ %define maj 6 %define mfr_version %{maj}.9.4 -%define mfr_revision 1 +%define mfr_revision 5 %define quantum_depth 16 %define source_version %{mfr_version}-%{mfr_revision} %define clibver 2 @@ -93,6 +93,7 @@ # will ask upstream if needed, or if other solution exists Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch Patch20: ImageMagick-6.8.8-1-disable-insecure-coders.patch +Patch21: ImageMagick-CVE-2016-5118.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %package -n perl-PerlMagick @@ -253,6 +254,7 @@ %patch4 %patch11 %patch20 -p1 +%patch21 -p1 # remove executeable bits from per demos chmod -x PerlMagick/demo/*.pl ++++++ ImageMagick-6.8.8-1-disable-insecure-coders.patch ++++++ --- /var/tmp/diff_new_pack.KJYFE7/_old 2016-06-03 16:36:50.000000000 +0200 +++ /var/tmp/diff_new_pack.KJYFE7/_new 2016-06-03 16:36:50.000000000 +0200 @@ -1,11 +1,11 @@ -Index: ImageMagick-6.9.4-1/config/policy.xml +Index: ImageMagick-6.9.4-5/config/policy.xml =================================================================== ---- ImageMagick-6.9.4-1.orig/config/policy.xml 2016-05-09 19:28:58.000000000 +0200 -+++ ImageMagick-6.9.4-1/config/policy.xml 2016-05-17 11:09:37.470928022 +0200 -@@ -64,4 +64,15 @@ - <!-- <policy domain="coder" rights="none" pattern="HTTPS" /> --> - <!-- <policy domain="path" rights="none" pattern="@*" /> --> - <policy domain="cache" name="shared-secret" value="passphrase"/> +--- ImageMagick-6.9.4-5.orig/config/policy.xml 2016-05-31 10:30:53.221396378 +0200 ++++ ImageMagick-6.9.4-5/config/policy.xml 2016-05-31 10:31:24.605900830 +0200 +@@ -66,4 +66,15 @@ + <!-- <policy domain="path" rights="none" pattern="@*" /> --> + <!-- <policy domain="path" rights="none" pattern="|*" /> --> + <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> + <!-- Disable insecure coders by default --> + <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 --> + <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++++++ ImageMagick-6.9.4-1.tar.xz -> ImageMagick-6.9.4-5.tar.xz ++++++ /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-6.9.4-1.tar.xz /work/SRC/openSUSE:Factory/.ImageMagick.new/ImageMagick-6.9.4-5.tar.xz differ: char 26, line 1 ++++++ ImageMagick-CVE-2016-5118.patch ++++++ Index: ImageMagick-6.9.4-1/magick/blob.c =================================================================== --- ImageMagick-6.9.4-1.orig/magick/blob.c 2016-05-09 19:28:58.000000000 +0200 +++ ImageMagick-6.9.4-1/magick/blob.c 2016-05-30 17:33:03.569022390 +0200 @@ -80,6 +80,9 @@ Define declarations. */ #define MagickMaxBlobExtent 65541 + +#undef MAGICKCORE_HAVE_POPEN + #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON) # define MAP_ANONYMOUS MAP_ANON #endif