* No-change rebuild for libgcc-s1 package name change.
* Rebuild with the new openexr soname
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-*.patch: backport multiple upstream commits.
- CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977,
CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13137,
CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301,
CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307,
CVE-2019-13308, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311,
CVE-2019-13391, CVE-2019-13454, CVE-2019-14981, CVE-2019-15139,
CVE-2019-15140, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710,
CVE-2019-16711, CVE-2019-16713
* debian/patches/200-disable-ghostscript-formats.patch: also disable
PS2 and PS3 content per VU#332928 recommendations.
* Build without libheif, to untangle the perl transition.
* No-change rebuild for the perl update.
* Revert last upload, now the transitions have ended, and security team
thinks we have to fix packages failing to build, instead of reverting a
security fix (see: LP bug: 1839596)
* Revert the 8:6.9.10.23+dfsg-2.1ubuntu3, disabling pdf generation breaks
tools like: mlpost, kannel and others. LP: #1839596
* Re-add build-dependency on libheif-dev, which after closer analysis
appears to be tractable for an MIR.
* SECURITY UPDATE: code execution vulnerabilities in ghostscript as
invoked by imagemagick
- debian/patches/200-disable-ghostscript-formats.patch: disable
ghostscript handled types by default in policy.xml
- debian/tests/rose-*: remove pdf tests.
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2019-*.patch: backport multiple upstream commits.
- CVE-2019-7175, CVE-2019-7395, CVE-2019-7396, CVE-2019-7397,
CVE-2019-7398, CVE-2019-10649, CVE-2019-11470, CVE-2019-11472,
CVE-2019-11597, CVE-2019-11598
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
- Drop build-dependency on libheif-dev.
* Non-maintainer upload.
* Stack-based buffer overflow in function PopHexPixel in coders/ps.c
(CVE-2019-9956) (Closes: #925395)
* Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650)
(Closes: #926091)
* Drop build-dependency on libheif-dev, which pulls an extensive tree
of dependencies into main that we don't want to MIR. LP: #1827442.
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main. See bug 711061
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Dropped changes, included in Debian:
- Revert hidden ABI break by changing MagickFloatType's size on i386
* Bug fix: "identify 6.9.10-23 does not convert units (pixels per
cm/in)", thanks to Cédric Boutillier (Closes: #918642).
* Bug fix: "Silent ABI break in 6.9.10-11 on i386", thanks to Balint
Reczey (Closes: #916839).
* Fix CVE-2018-20467: infinite loop for malformed BMP file
(Closes: #917326).
* Enable HEIF/HEIC image format support (Closes: #914120).
* Enable WEBP image format (Closes: #806425, #912777)
* Revert hidden ABI break by changing MagickFloatType's size on i386
* Sync with Debian. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main. See bug 711061
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Dropped changes:
- Stop installing the Debian-specific .desktop for the display program.
+ 'imagemagick' is no longer installed by default for default Ubuntu
so let's try dropping this change for now.
- CVE-2017-15033.patch: patch applied in new release
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
* Bug fix: "libmagickcore-6.q16-dev missing Depends:
libmagickcore-6-arch-config", thanks to Helmut Grohne (Closes:
#912679).
* Use jdupes instead of rdfind in order to avoid link to build dir
* Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond
(Closes: #897293).
* Bump policy (no changes)
* Use salsa in control
* Add Pre-depends on dpkg for versioned provides
* Bug fix: "make foreign dependencies on transitional -dev packages
satisfiable", thanks to Helmut Grohne (Closes: #893030).
* Fix FTBFS due to == in control.
* Bug fix: "imagemagick binary-all FTBFS: rdfind: Command not found",
thanks to Adrian Bunk (Closes: #912309).
* Use ${binary:Version} instead of hard coded version for compat dev
packages.
* New upstream version
* Fix new privacy breach
* Fix duplicate files in documentation
* Fix security bugs:
+ CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of
coders/msl.c
+ CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the
coders/bmp.c file can cause a DOS via a crafted bmp file.
+ CVE-2018-18023: A heap-based buffer over-read in the SVGStripString
function of coders/svg.c, which allows attackers to cause a denial
of service via a crafted SVG image file.
+ CVE-2018-16645: Fix an excessive memory allocation issue in the functions
ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c,
which allows remote attackers to cause a denial of service via
a crafted image file.
(Closes: #910889)
+ CVE-2018-16644: Fix a missing check for length in the functions
ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c,
which allows remote attackers to cause a denial of service via
a crafted image.
(Closes: #910888)
+ CVE-2018-16413: Fix a heap-based buffer over-read in the
MagickCore/quantum-private.h PushShortPixel function when called
from the coders/psd.c ParseImageResourceBlocks function.
(Closes: #910887)
+ CVE-2018-16323: Fix an information disclosure vulnerability that existed
in ImageMagick when processing XBM images. An attacker could use this
to expose sensitive information.
(Closes: #907776)
+ CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c
ParseImageResourceBlocks function.
+ CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage
in coders/sgi.c.
+ CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage
in coders/pdb.c.
+ CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage
in coders/bgr.c.
+ CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage
in coders/pcx.c.
* No-change rebuild for the perl 5.28 transition.
* Stop installing the Debian-specific .desktop for the display program.
(LP: #1740741, LP: #1740743, LP: #1717951, LP: #1615435,
Closes: #675617, #677318)
* Merge from Debian unstable. Remaining changes:
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
- CVE-2017-15033.patch: cherry-pick CVE patch from upstream
* New upstream version
* Fix security bugs:
+ CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c
uses an uninitialized variable, leading to memory corruption.
(Closes: #904713)
+ CVE-2018-9135: A heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-14437: Memory leak in parse8BIM in coders/meta.c.
+ CVE-2018-14436: Memory leak in ReadMIFFImage in coders/miff.c.
+ CVE-2018-14435: Memory leak in DecodeImage in coders/pcd.c.
+ CVE-2018-14434: Memory leak for a colormap in WriteMPCImage
in coders/mpc.c.
+ CVE-2018-13153: Memory leak in the XMagickCommand function
in MagickCore/animate.c.
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
- SECURITY UPDATE: memory leak in XMagickCommand
- debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
- CVE-2018-13153
- SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-201[78]*.patch: backport large number of upstream
security patches. (Note: All patches except CVE-2017-15033 have landed
upstream in 6.9.10.2).
- CVE-2017-15033
* Fix perlmagick (Closes: #903404)
* Upload to unstable
* Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap
2", thanks to Sven Joachim (Closes: #893953).
* Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut
Grohne (Closes: #893925).
* Move to git dpm
* Move to salsa
* SO dump
* Fix security bugs:
+ CVE-2018-9133: Excessive iteration in the DecodeLabImage
and EncodeLabImage functions (coders/tiff.c), which results
in a hang (tens of minutes) with a tiny PoC file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted tiff file.
(Closes: #894848)
+ CVE-2018-9133: SetGrayscaleImage in the quantize.c file
allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-11624: the ReadMATImage function in coders/mat.c
allows attackers to cause a use after free via a crafted file.
+ CVE-2018-11625: the SetGrayscaleImage in the quantize.c
file allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-10177: An infinite loop is present in the
ReadOneMNGImage function of the coders/png.c file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted mng file.
+ CVE-2017-14528: Tested (with and without valgrind) and found immune.
The TIFFSetProfiles function in coders/tiff.c has incorrect
expectations about whether LibTIFF TIFFGetField return values
imply that data validation has occurred, which allows remote attackers
to cause a denial of service (use-after-free after an invalid call
to TIFFSetField, and application crash) via a crafted file.
+ CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c.
(Closes: #898218).
+ CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c.
(Closes: #898217)
+ CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions
in coders/bmp.c allow attackers to cause an out of bounds write
via a crafted file.
+ CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c
allow attackers to cause an out of bounds write via a crafted file.
* Fix security bugs (Closes: #890805):
+ Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
does not properly validate the amount of image data in a file,
which allows remote attackers to cause a denial of service
(memory allocation failure in the AcquireMagickMemory function
in MagickCore/memory.c). (Closes: #891291)
+ Fix CVE-2018-7470: The IsWEBPImageLossless function in
coders/webp.c allows attackers to cause a denial of service
(segmentation violation) via a crafted file.(Closes: #891420)
+ Fix CVE-2017-17880: there is a stack-based buffer over-read in
WriteWEBPImage in coders/webp.c, related to a
WEBP_DECODER_ABI_VERSION check.
* Provide transitional packages from arch:any packages.
(Closes: #893030)
* Upload to unstable (urgency high due to security issues).
* Fix FTBFS for s390x where float_t is double
* New upstream version
* Packaging fix:
+ Fix privacy breach.
+ Bump compat level to 11.
+ Bump policy no changes
+ Fix lintian warnings
+ Fix "unnecessary libgraphviz-dev dependency (and graphviz
suggests?)", thanks to Matthias Klose (Closes: #884444).
+ Remove Vincent Fourmond <fourmond@debian.org> as uploader, thanks
to him. (Closes: #878679).
+ Aknowledge NMU (Closes: #856601)
* Fix a few security issues
+ Fix CVE-2017-1000445: NULL pointer dereference in
the MagickCore component and might lead to denial of service.
(Closes: #886281)
+ Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
the function ReadDDSInfo in coders/dds.c, which allows attackers
to cause a denial of service.
+ Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
has an integer signedness error leading to excessive memory
consumption via a crafted DCM file.
(Closes: #873059)
+ Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service
(Closes: #872609)
+ Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted file.
(Closes: #875338)
+ Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
in ImageMagick allows remote attackers to cause a
denial of service (memory consumption) via a crafted VIFF file.
(Closes: #875339)
+ Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted BMP
(Closes: #875341)
+ Fix CVE-2017-12875: The WritePixelCachePixels function
allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file.
(Closes: #873871)
+ Fix CVE-2017-12877: Use-after-free vulnerability in
the DestroyImage function in image.c in ImageMagick allows
remote attackers to cause a denial of service via a crafted file.
(Closes: #872373)
+ Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
attackers to cause a denial of service (application crash)
or possibly have unspecified other impact via a crafted file.
(Closes: #873134)
+ Fix CVE-2017-13061: A length-validation vulnerability was found
in the function ReadPSDLayersInternal in coders/psd.c,
which allows attackers to cause a denial of service
(ReadPSDImage memory exhaustion) via a crafted file
(Closes: #873131)
+ Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
offset validation, which allows attackers to cause a denial of service
(load_tile memory exhaustion) via a crafted file.
(Closes: #873100)
+ Fix CVE-2017-13134: a heap-based buffer over-read was found in the
function SFWScan in coders/sfw.c, which allows attackers
to cause a denial of service via a crafted file.
(Closes: #873099)
+ Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
function in MagickCore/draw.c.
(Closes: #878508)
+ Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
function in MagickCore/identify.c in ImageMagick allows an attacker
to perform denial of service by sending a crafted image file.
(Closes: #875352)
+ Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
coders/thumbnail.c allows an attacker to cause a denial of service
(buffer over-read) by sending a crafted JPEG file.
(Closes: #878507)
+ Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
ReadCUTImage function in coders/cut.c that could allow an attacker
to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
function within the MagickCore/cache.c file) by submitting
a malformed image file.
(Closes: #878506)
+ Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
due to lack of an EOF (End of File) check cause high CPU consumption.
When a crafted PSD file, which claims a large "extent" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875506)
+ Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
an integer overflow might occur for the addition operation
"GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
value than expected. As a result, an infinite loop would occur
for a crafted TXT file that claims a very large "max_value" value.
(Closes: #875504)
+ Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted PSD file, which claims a large "length" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875503)
+ Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted XBM file, which claims large rows and columns fields
in the header but does not contain sufficient backing data,
is provided, the loop over the rows would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875502)
+ Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
in coders/pcx.c allows remote attackers to cause a denial
of service or code execution via a crafted file.
(Closes: #876097)
+ Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
ReadMPCImage in coders/mpc.c, leading to division by zero
in GetPixelCacheTileSize in MagickCore/cache.c,
allowing remote attackers to cause a denial of service
via a crafted file.
(Closes: #876099)
+ Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
in coders/wpg.c, causing CPU exhaustion via a crafted
wpg image file.
(Closes: #876105)
+ Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
mishandles the pixel cache nexus, which allows remote attackers
to cause a denial of service (NULL pointer dereference
in the function GetVirtualPixels in MagickCore/cache.c)
via a crafted file.
(Closes: #878546)
+ Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
mishandles certain NULL arrays, which allows attackers to perform
Denial of Service (NULL pointer dereference and application crash in
AcquireQuantumMemory within MagickCore/memory.c) by providing a
crafted Image File as input.
(Closes: #878545)
+ Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
in coders/tiff.c.
(Closes: #878541)
+ Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
has been reported in coders/tiff.c. An attacker could possibly
exploit this flaw to disclose potentially sensitive memory
or cause an application crash.
(Closes: #878527)
+ Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
in the function PostscriptDelegateMessage in coders/ps.c.
(Closes: #877354)
+ Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
in the function sixel_output_create in coders/sixel.c.
(Closes: #877355)
+ Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
in the function sixel_decode in coders/sixel.c.
(Closes: #878524)
+ Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash)
or possibly have unspecified other impact via a
crafted SVG document, a different vulnerability
than CVE-2017-10928.
(Closes: #876488)
+ Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
function in magick/resample-private.h in ImageMagick
mishandles failed memory allocation, which allows
remote attackers to cause a denial of service
(NULL Pointer Dereference in DistortImage in
MagickCore/distort.c, and application crash)
via unspecified vectors.
(Closes: #878547)
+ Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
allows remote attackers to cause a denial of service
(infinite loop) via a crafted font file.
(Closes: #878548)
+ Fix CVE-2017-14989: A use-after-free in RenderFreetype
in MagickCore/annotate.c allows attackers to crash the application
via a crafted font file, because the FT_Done_Glyph function
(from FreeType 2) is called at an incorrect place in the ImageMagick code.
(Closes: #878562)
+ Fix CVE-2017-15015: NULL pointer dereference vulnerability in
PDFDelegateMessage in coders/pdf.c.
(Closes: #878555)
+ Fix CVE-2017-15017: NULL pointer dereference vulnerability
in ReadOneMNGImage in coders/png.c.
(Closes: #878554)
+ Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
the palette uninitialized when processing a GIF file that has
neither a global nor local palette. If the affected product is
used as a library loaded into a process that operates on
interesting data, this data sometimes can be leaked
via the uninitialized palette.
(Closes: #878578)
+ Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact
via a crafted file, related to "Conditional jump or move
depends on uninitialised value(s).
(Closes: #878579).
+ Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
does not properly validate the colormap index in a WPG palette,
which allows remote attackers to cause a denial of service
(use of uninitialized data or invalid memory allocation)
or possibly have unspecified other impact via a malformed WPG file.
(Closes: #881392)
+ Fix CVE-2017-17499: use-after-free in Magick::Image::read
in Magick++/lib/Image.cpp.
(Closes: #885339)
+ Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
heap-based buffer over-read via a crafted file, related to
ReadOneMNGImage.
(Closes: #885340)
+ Fix CVE-2017-17681: an infinite loop vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c, which
allows attackers to cause a denial of service (CPU exhaustion)
via a crafted psd image file.
(Closes: #885941)
+ Fix CVE-2017-17682: large loop vulnerability was found in the
function ExtractPostscript in coders/wpg.c, which allows attackers
to cause a denial of service (CPU exhaustion) via a crafted wpg
image file that triggers a ReadWPGImage call.
(Closes: #885942)
+ Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
in coders/png.c, related to length calculation and caused by an
off-by-one error.
(Closes: #885125)
+ Fix CVE-2017-17914: a vulnerability was found in the function
ReadOnePNGImage in coders/png.c, which allows attackers to cause
a denial of service (ReadOneMNGImage large loop) via a crafted mng
image file.
(Closes: #886584)
+ Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
in the ReadSIXELImage function, related to the sixel_decode function.
(Closes: #886588)
* Fix a few unimportant security bugs:
+ Fix CVE-2017-12644 memory leak vulnerability
in ReadDCMImage in coders\dcm.c
+ Fix CVE-2017-13058 memory leak in WritePCXImage
+ Fix CVE-2017-13059 memory leak in WriteJNGImage
+ Fix CVE-2017-13060 memory leak in ReadMATImage
+ Fix CVE-2017-13062 memory leak vulnerability
found in the function formatIPTC in coders/meta.c,
which allows attackers to cause a denial of service
(WriteMETAImage memory consumption) via a crafted file.
+ Fix CVE-2017-13131 a memory leak vulnerability
found in the function ReadMIFFImage in coders/miff.c,
which allows attackers to cause a denial of service
(memory consumption in NewLinkedList in MagickCore/linked-list.c)
via a crafted file.
+ Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
where memory allocation is excessive,
because it depends only on a length field in a header.
+ Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
because memory is not freed in certain error cases.
+ Fix CVE-2017-14139: memory leak vulnerability
in WriteMSLImage in coders/msl.c.
+ Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14326: memory leak vulnerability in the function
ReadMATImage in coders/mat.c, which allows attackers
to cause a denial of service via a crafted file.
+ Fix CVE-2017-14342: memory exhaustion vulnerability in
ReadWPGImage in coders/wpg.c via a crafted wpg image file.
+ Fix CVE-2017-14343: memory leak vulnerability in
ReadXCFImage in coders/xcf.c via a crafted xcf image file.
+ Fix CVE-2017-14531: memory exhaustion issue in
ReadSUNImage in coders/sun.c.
+ Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
+ Fix CVE-2017-14684: mory leak vulnerability was found in the
function ReadVIPSImage in coders/vips.c, which allows
attackers to cause a denial of service (memory consumption
in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
(Closes: #876487)
+ Fix CVE-2017-15016: a NULL pointer dereference vulnerability
in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
under Debian).
+ Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
coders/ycbcr.c.
+ Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
+ Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
+ Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
+ Fix CVE-2017-17680: a memory leak vulnerability was found in
the function ReadXPMImage in coders/xpm.c, which allows
attackers to cause a denial of service via a crafted xpm image file.
+ Fix CVE-2017-17881: a memory leak vulnerability was found in
the function ReadMATImage in coders/mat.c, which allows
attackers to cause a denial of service via a crafted MAT image file.
+ Fix CVE-2017-17882: a memory leak vulnerability was found in the
function ReadXPMImage in coders/xpm.c, which allows attackers
to cause a denial of service via a crafted XPM image file.
+ Fix CVE-2017-17883: a memory leak vulnerability was found in the
function ReadPGXImage in coders/pgx.c, which allows attackers
to cause a denial of service via a crafted PGX image file.
+ Fix CVE-2017-17884: a memory leak vulnerability was found in the
function WriteOnePNGImage in coders/png.c,
which allows attackers to cause a denial of service via
a crafted PNG image file.
+ Fix CVE-2017-17885: a memory leak vulnerability was found
in the function ReadPICTImage in coders/pict.c, which
allows attackers to cause a denial of service via a crafted
PICT image file.
+ Fix CVE-2017-17886: a memory leak vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c,
which allows attackers to cause a denial of service
via a crafted psd image file.
+ Fix CVE-2017-17887: a memory leak vulnerability
was found in the function GetImagePixelCache in magick/cache.c,
which allows attackers to cause a denial of service via a crafted
MNG image file that is processed by ReadOneMNGImage.
+ Fix CVE-2017-17934: a memory leaks in coders/msl.c,
related to MSLPopImage and ProcessMSLScript,
and associated with mishandling of MSLPushImage calls.
+ Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c.
+ Fix CVE-2017-18022: memory leaks in MontageImageCommand
in MagickWand/montage.c.
+ Fix CVE-2017-18027: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18028: a memory exhaustion vulnerability
was found in the function ReadTIFFImage in coders/tiff.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18029: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial of
service via a crafted file.
+ Fix CVE-2017-6502: a specially crafted webp file
could lead to a file-descriptor leak in libmagickcore
(thus, a DoS)
+ Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
in coders/pattern.c.
+ Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
+ Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
in coders/dcm.c.
+ Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
function in coders/json.c, as demonstrated by the
ReadPSDLayersInternal function in coders/psd.c.
* Backport fix:
+ Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
variable can be overwritten by a new pointer.
The previous pointer is lost, which leads to a memory leak.
This allows remote attackers to cause a denial of service.
(from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
* Bump so due to ABI problem and g++7 (Closes: #871300).
* New upstream version.
+ Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883).
+ Fix CVE-2017-11751, CVE-2017-11754 and CVE-2017-11755:
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of service (memory leak) via
a crafted file. (Closes: #870480).
+ CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12429: a memory exhaustion vulnerability was found in the
function ReadMIFFImage in coders/miff.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer
signedness error leading to excessive memory consumption
via a crafted DCM file.
+ CVE-2017-12433: A memory leak vulnerability was found in
the function ReadPESImage in coders/pes.c, which allows attackers
to cause a denial of service, related to ResizeMagickMemory in memory.c.
(Closes: #872481)
+ CVE-2017-12418: A memory leaks was found in
the parse8BIMW and format8BIM functions in coders/meta.c,
related to the WriteImage function in MagickCore/constitute.c.
(Closes: #872498)
+ CVE-2017-12644: a memory leak vulnerability was found
in ReadDCMImage in coders\dcm.c.
* Update copyright file.
* Ship ImageMagick man file (Closes: #856997).
* Remove configuration files installed by mistake in an
experimental version (Closes: #851627).
* Bug fix: "Typo in debian/changelog for CVE identifier", thanks to
Salvatore Bonaccorso (Closes: #864151).
* Non-maintainer upload.
* Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
and libmagick++-dev. (Closes: #856601)
* SECURITY UPDATE: out-of-bounds write in ReadBMPImage and WriteBMPImage
- debian/patches/CVE-2018-12599.patch: use proper lengths in
coders/bmp.c.
- CVE-2018-12599
* SECURITY UPDATE: out-of-bounds write in ReadDIBImage and WriteDIBImage
- debian/patches/CVE-2018-12600.patch: use proper lengths in
coders/dib.c.
- CVE-2018-12600
* SECURITY UPDATE: memory leak in XMagickCommand
- debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
- CVE-2018-13153
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-201[78]*.patch: backport large number of upstream
security patches.
- CVE-2017-12140, CVE-2017-12418, CVE-2017-12433, CVE-2017-12644,
CVE-2017-12674, CVE-2017-12691, CVE-2017-12692, CVE-2017-12693,
CVE-2017-12875, CVE-2017-12877, CVE-2017-12983, CVE-2017-13058,
CVE-2017-13059, CVE-2017-13060, CVE-2017-13061, CVE-2017-13062,
CVE-2017-13131, CVE-2017-13134, CVE-2017-13758, CVE-2017-13768,
CVE-2017-13769, CVE-2017-14060, CVE-2017-14172, CVE-2017-14173,
CVE-2017-14174, CVE-2017-14175, CVE-2017-14224, CVE-2017-14249,
CVE-2017-14325, CVE-2017-14326, CVE-2017-14341, CVE-2017-14342,
CVE-2017-14343, CVE-2017-14400, CVE-2017-14505, CVE-2017-14531,
CVE-2017-14532, CVE-2017-14533, CVE-2017-14607, CVE-2017-14624,
CVE-2017-14625, CVE-2017-14626, CVE-2017-14682, CVE-2017-14684,
CVE-2017-14739, CVE-2017-14741, CVE-2017-14989, CVE-2017-15015,
CVE-2017-15016, CVE-2017-15017, CVE-2017-15032, CVE-2017-15033,
CVE-2017-15217, CVE-2017-15218, CVE-2017-15277, CVE-2017-15281,
CVE-2017-16546, CVE-2017-17499, CVE-2017-17504, CVE-2017-17680,
CVE-2017-17681, CVE-2017-17682, CVE-2017-17879, CVE-2017-17881,
CVE-2017-17882, CVE-2017-17884, CVE-2017-17885, CVE-2017-17886,
CVE-2017-17887, CVE-2017-17914, CVE-2017-17934, CVE-2017-18008,
CVE-2017-18022, CVE-2017-18027, CVE-2017-18028, CVE-2017-18029,
CVE-2017-18209, CVE-2017-18211, CVE-2017-18251, CVE-2017-18252,
CVE-2017-18254, CVE-2017-18271, CVE-2017-18273, CVE-2017-1000445,
CVE-2017-1000476, CVE-2018-5246, CVE-2018-5247, CVE-2018-5248,
CVE-2018-5357, CVE-2018-5358, CVE-2018-6405, CVE-2018-7443,
CVE-2018-8804, CVE-2018-8960, CVE-2018-9133, CVE-2018-10177,
CVE-2018-10804, CVE-2018-10805, CVE-2018-11251, CVE-2018-11625,
CVE-2018-11655, CVE-2018-11656
* No-change rebuild against latest openexr
* Stop installing the Debian-specific .desktop for the display program.
(LP: #1740741, LP: #1740743, LP: #1717951, LP: #1615435,
Closes: #675617, #677318)
* libmagickcore-6.q16-dev, libmagickcore-6.q16hdri-dev: Remove dependency on
libgraphviz-dev, was already removed as a build dependency.
* No-change rebuild against perlapi-5.26.1
* No-change rebuild for GCC 7 abi mangling change.
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Security fix release
* Fix a memory exhaustion in ReadPSDImage
(Closes: #870530). Fix CVE-2017-12563.
* Fix a memory-Leak in ReadPWPImage()
(Closes: #870527)
* Avoid unbounded loop in pwp coder
(Closes: #870526). Fix CVE-2017-12587.
* Fix a memory leaks in WriteMSLImage
(Closes: #870525). Fix CVE-2017-12427.
* Fix another memory leak in WriteMSLImage
(Closes: #870524)
* Fix a memory exhaustion bug in ReadSUNImage
(Closes: #870504). Fix CVE-2017-12435.
* Fix a memory leak in ReadSVGImage
(Closes: #870503). Fix CVE-2017-12566.
* Fix a memory leak in WriteMAPImage
(Closes: #870483). Fix CVE-2017-12663.
* Fix a memory leak in ReadPICTImage
(Closes: #870502)
* Fix a memory leak in WritePICTImage
(Closes: #870501). Fix CVE-2017-12665.
* Fix a memory leak in pdf coder
(Closes: #870492). Fix CVE-2017-12662.
* Fix a memory leak in PCX coder
(Closes: #870489). Fix CVE-2017-12668.
* Memory exhaustion in PCX coder
(Closes: #870491). Fix CVE-2017-12432.
* Memory leak in WriteINLINEImage
(Closes: #870482). Fix CVE-2017-12666.
* CVE-2017-11752
The ReadMAGICKImage function in coders/magick.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11751
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11750
Fix improper use of NULL in the JNG decoder
(Closes: #870478)
* memory leak in WriteCALSImage
(Closes: #870475). Fix CVE-2017-12669.
* Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
thanks to Adrian Bunk and Gianfranco Costamagna
(Closes: #870047).
* Security fixes:
+ CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function
in MagickCore/pixel-accessor.h.
(Closes: #870065).
+ CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
(Closes: #870067)
+ Validate png file.
Detect corrupted png early and avoid a crash
(Closes: #870105)
+ Heap buffer overflow in ReadOneMNGImage
A crafted file will cause x_off[i] out-of-bound operation vulnerability.
(Closes: #870106). Fix CVE-2017-12640.
+ memory exhaustion in ReadOneJNGImage in png.c
When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage
Due to a lack of valition, memory is not limited for corrupted files.
(Closes: #870107). Fix CVE-2017-12643.
+ memory leak in ReadOneJNGImage #550
A crafted file could trigger a memory leak
(Closes: #870108). Fix CVE-2017-12641.
+ out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
+ coders/png.c: Memory leak Fixed Issue 600
(Closes: #870116)
+ memory leak in ReadOneJNGImage (upstream 602)
Fix a leak triggered by a corrupted file
(Closes: #870115). Fix CVE-2017-12565.
+ Stuck in LockSemaphoreInfo after reading a png with
width==MAGICK_WIDTH_LIMIT
Some version of libpng need serialization for error recovery
of hard lock. Could be triggered by a corrupted file
(Closes: #870111)
+ memory leak in ReadOneMNGImage #619
A memory leak vulnerability was found in function ReadOneMNGImage,
which allow attackers to cause a denial of service (memory leak) via
a crafted file.
(Closes: #870117). Fix CVE-2017-12673.
+ memory leak in ReadOneJNGImage #618
Triggered by a corrupted file
(Closes: #870118). Fix CVE-2017-12676.
+ bad free in RelinquishMagickMemory
(Closes: #870119). Fix CVE-2017-12671.
+ CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent
memory leakage
(Closes: #870120)
+ CVE-2017-12428: memory leak in CloneDrawInfo
(Closes: #869713)
* Security bugs:
+ assertion failed in DestroyImageInfo
A assertion failed in DestroyImageInfo, leading to DOS
(Closes: 870014). Fix CVE-2017-12434.
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Memory leak in mat coder
Fix a memory leak in mat coder triggered by a special crafted file
(Closes: #870013).
+ Use of uninitialized data in ImageMagick/coders/mat.c
The coder accesses uninitialized data
which might pose a security issue or at least a bug. The first
undefined access happens within coders/mat.c:1196 in a call to
calcMinMax(). The back part of the buffer bImgBuff is now large enough
but does seemingly not contain any sensible data.
(Closes: #870012)
+ CVE-2017-11644
A special crafted file create a memory leak in MAT file coder.
The code need to free two buffer in some exceptionnal
circonstances, instead than just one is freed
(Closes: #870016)
+ Memory leak in mat coder
A special crafted file create a memory leak in MAT coder
(Closes: #870015). Fix CVE-2017-12667.
+ Memory leak in mat coder
In case of corrupted file, cloned image (temporarly image) should be freed
(Closes: #870017). Fix CVE-2017-12564.
+ assertion failed in DestroyImageInfo due to mat coder
(Closes: #870019)
+ assertion failed in DestroyImage due to mat coder
(Closes: #870020). Fix CVE-2017-12670.
+ Memory leak in mat coder (upstream 617)
(Closes: #870021). Fix CVE-2017-12672.
+ Memory leak in mat coder (upstream 616)
(Closes: #870022). Fix CVE-2017-12675.
+ Memory leak in mat coder (upstream 624)
(Closes: #870023). CVE-2017-11724
* Fix a typo in changelog about CVE numbers
* Security fixes:
+ Really Fix CVE-2017-9500 (Closes: #867778)
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-11446 (Closes: #868950)
The ReadPESImage function in coders\pes.c has an infinite
loop vulnerability that can cause CPU exhaustion via a crafted
PES file.
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Use after free in ReadWMFImage
When identify WMF file, a crafted file revealed a use-after-free
vulnerability. (Closes: #869715). Fix CVE-2017-12431.
+ CVE-2017-11534: Memory-Leak in lite_font_map()
In coders/wmf.c a memory leak is triggered by a crafted file.
(Closes: #869711).
+ CVE-2017-11537: palm coder FPE
When ImageMagick processes a crafted file in convert, it can
lead to a Floating Point Exception (FPE) in the WritePALMImage()
function in coders/palm.c, related to an incorrect bits-per-pixel
calculation.
(Closes: #869712)
+ Memory leak in WritePALMImage
Fix memory leak due to crafted file in palm coder.
(Closes: #869721). Fix CVE-2017-12664.
+ Fix another memory leak in quantize.c
(Closes: #869722). Fix CVE-2017-12664.
+ CVE-2017-11531 Memory-Leak in WriteHISTOGRAMImage()
A crafted file could trigger a
Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c
(Closes: #869725)
+ Avoid a crash in mpc coder
A crafted file could trigger a crash in the mpc coder.
(Closes: #869728).
+ Fix a memory leak in enhance.c
Fix a potential memory leak if memory could not be allocated for one
of histogram or stretch_map.
If both cannot be allocated, there is no memory leak. If only one is
allocated and the other fails,
there is a memory leak of the one that could not be allocated. There
is very little chance the allocations would fail.
(Closes: #869769).
+ Fix a memory leak in jpeg and mpc coder
A leak due to exception handling exist in MPC and JPEG coder.
This could be triggerd by a crafted file.
(Closes: #869791).
+ Fix memory exhaustion in mpc coder
When identify MPC file , imagemagick will allocate memory to store the
data.
The function StringToUnsignedLong convert string to unsigned long
type, but the return value was not checked.
Here is my policy.xml to limit memory usage,but 256MB limit
can be bypassed.
(Closes: #869727). Fix CVE-2017-12430.
+ Fix a leak in mpc file due to corrupted profiles
(Closes: #869796). Fix CVE-2017-12642.
+ CVE-2017-11532: memory leak
When Imagemagick processes a crafted file in convert,
it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
(Closes: #869726)
+ CVE-2017-11535: heap based overflow in ps.c
When ImageMagick processes a crafted file in
convert, it can lead to a heap-based buffer over-read in the
WritePSImage() function in coders/ps.c.
(Closes: #869827)
+ CVE-2017-11536 memory leak in jp2 coder
When ImageMagick processes a crafted file in convert, it
can lead to a Memory Leak in the WriteJP2Image() function in
coders/jp2.c.
(Closes: #869831)
+ Fix a crash in jp2 codec
Lack of validation of jp2 could lead to a crash
(Closes: #869830)
+ CVE-2017-11533: heap buffer overflow in uil coder
When ImageMagick processes a crafted file in convert, it can
lead to a heap-based buffer over-read in the WriteUILImage() function
in coders/uil.c.
(Closes: #869834)
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126, #868469). Fix CVE-2017-11352.
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage (CVE-2017-11525)
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808). Fix CVE-2017-11360.
+ Memory leak in ReadDIBImage in dib.c (CVE-2017-11528)
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c (CVE-2017-11527)
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896). Fix CVE-2017-11449.
+ Assertion failure in WriteBlob (CVE-2017-11524)
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c (CVE-2017-11530)
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage (CVE-2017-11505/CVE-2017-11526)
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag (CVE-2017-11478)
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893). Fix CVE-2017-11448.
+ memory leak in ReadMATImage in mat.c (CVE-2017-11529)
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894). Fix CVE-2017-11450.
+ Fix a memory leak in screenshot coder. Fix CVE-2017-11447.
(Closes: #867897)
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Fix minor security bugs:
+ CVE-2017-9405: Memory leak in the icon file coder.
(Closes: #864087)
+ CVE-2017-9407: the ReadPALMImage function in palm.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864089).
+ CVE-2017-9409: the ReadMPCImage function in mpc.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864090).
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Fix minor security bugs:
+ CVE-2017-9262: Memory leak in the ReadJNGImage function
(Closes: #863834).
+ CVE-2017-9261: Memory leak in the ReadMNGImage function
(Closes: #863833).
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Security fixes assertion failure and memory leaks:
+ Check for EOF conditions for RLE image format. (Closes: #863126).
Fix CVE-2017-9144.
+ A crafted file revealed an assertion failure in blob.c.
(Closes: #863125).
Fix CVE-2017-9142.
+ A crafted file revealed an assertion failure in profile.c.
(Closes: #863124). Fix CVE-2017-9141.
+ Specially crafted arts file could lead to memory leak.
(Closes: #863123). Fix CVE-2017-9143.
* Fix an information leak due to the use of uninitialized memory
in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
* Bug fix: "Built-Using field with binary version", thanks to Aurelien
Jarno (Closes: #862690).
* Fix a few securities bug:
+ Fix CVE-2017-8343: The ReadAAIImage function in
aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (Closes: #862572).
+ Fix CVE-2017-8344: Fix DOS in PCX file coders.
(Closes: #862574).
+ Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #862573)
+ Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file. (Closes: #862575).
+ Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
+ Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
+ Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
+ Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
+ Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
* Re-demote libjxr-tools Recommends to Suggests; dropped in merge.
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP: #711061).
+ Regenerate d/control file with `debian/rules update_pkg`
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Fix three securities bug:
+ CVE-2017-7941 memory leak in sgi (Closes: #860734).
+ CVE-2017-7942 memory leak in avs (Closes: #860735).
+ CVE-2017-7943 Memory leak in svg (Closes: #860736).
* Bug fix: "imagemagick-doc upgrade failure: dpkg-maintscript-helper:
error: missing arguments after --", thanks to Adrian Bunk (Closes:
#860280).
* Security fixes:
+ CVE-2017-7606: Undefined behavior in rle (Closes: #859771).
+ CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769).
* Bug fix: "fails to upgrade wheezy jessie stretch", thanks
to Andreas Beckmann (Closes: #847282).
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP: #711061).
+ Regenerate d/control file with `debian/rules update_pkg`
- demote libmagickcore-6.q16hdri-3-extra and libmagickcore-6.q16-3-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
* Bug fix: "fails to upgrade wheezy jessie stretch", thanks
to Andreas Beckmann (Closes: #847282).
* Fix man pages typo due to bad pattern in debian/rules
(Closes: #859495).
* Add my debian address.
* d/control: demote libmagickcore-6.q16hdri-3-extra Recommends on
libjxr-tools to Suggests, as it is in universe.
* d/control: demote libmagickcore-6.q16-3-extra Recommends on
libjxr-tools to Suggests, as it is in universe.
* Merge with Debian unstable (LP: #1671905). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP: #711061).
+ Regenerate d/control file with `debian/rules update_pkg`
* Fix a few security bugs:
+ Assertion failure in TGA coder (Closes: #856878).
Fix CVE-2017-6498.
+ Out of bound in sun file coder (Closes: #856879).
Fix CVE-2017-6500.
+ Memory leak in libmagick++ library (Closes: #856880).
Fix CVE-2017-6499.
+ Missing null pointer check in xcf coder (Closes: #856881)
and psd coder (Closes: #856882).
Fix CVE-2017-6501 and CVE-2017-6497.
* New upstream version:
+ Fix display -loop option not working/missing (Closes: #793629).
+ Honor $TMPDIR (Closes: #791460).
+ Fix inverted colors for monochrome images (Closes: #849507).
+ Fix imagemagick not run from menu in Mate (Closes: #773426).
* Fix a few security bugs:
+ off-by-one string copy in wpg file handling (Closes: #851483).
Fix CVE-2016-7533.
+ check return of memory allocation in ipl file handling
(Closes: #851485).
Fix CVE-2016-10144.
+ Fix a heap overflow in psb file handling (Closes: #851374).
Fix CVE-2017-5511.
+ Fix Crash - PushQuantumPixel - Heap-Buffer-Overflow in tiff file
handling (Closes: #851381).
Fix CVE-2017-5508.
+ Fix a memory corruption in psb file (Closes: #851376).
Fix CVE-2017-5510.
+ Fix an out of bound in psd file handling (Closes: #851377).
CVE-2017-5509.
+ Check fwrite by using ferror (Closes: #849439).
Fix CVE-2016-10062.
+ Avoid double free in profile.c (Closes: #851383).
Fix CVE-2017-5506.
+ Fix memory leak in MPC image format. (Closes: #851382).
Fix CVE-2017-5507.
* update copyright years in debian/copyright.
* Relax ${source:Version} depends for imagemagick-6-common.
* Add more security POC
* Merge with Debian unstable (LP: #). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
+ Regenerate d/control file with `debian/rules update_pkg`
* Drop:
- Properly clean-up quantum control file fragments from `debian/rules
update_pkg`
[ Fixed in Debian 8:6.9.7.0+dfsg-2 ]
- debian/patches/0020-Revert-GradientImage-change.patch: Revert patch
per https://github.com/ImageMagick/ImageMagick/issues/316. Thanks
to Cristy <urban-warrior@imagemagick.org>. Closes LP #1645406.
[ Fixed upstream ]
* Generate symbols file from generic version for core
and wand.
* Bug fix: "also clean up quantum control file fragments during
update_pkg", thanks to Nishanth Aravamudan (Closes: #846261).
* Use %F instead of %f in .desktop file.
* Upload to unstable.
* Bump so version due to structure change
thanks to Nishanth Aravamudan (Closes: #846385).
* Fix CVE-2016-8707 ImageMagick Convert Tiff Adobe Deflate
Code Execution Vulnerability (Closes: #848139)
* Bug fix: "fails to upgrade wheezy -> jessie -> stretch", thanks
to Andreas Beckmann (Closes: #847282).
* debian/patches/0020-Revert-GradientImage-change.patch: Revert patch
per https://github.com/ImageMagick/ImageMagick/issues/316. Thanks
to Cristy <urban-warrior@imagemagick.org>. Closes LP: #1645406.
* Properly drop dependency on libopenjp2-7-dev by updating
d/control.d/*.in files.
- Regenerate d/control file with `debian/rules update_pkg`
* Properly clean-up quantum control file fragments from `debian/rules
update_pkg`
* Merge with Debian unstable (LP: #1645406). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
* New upstream release.
* Fix CVE-2016-8862: memory allocation failure in
AcquireMagickMemory (memory.c).
(Closes: #845634).
* Drop a few debians patches used by upstream.
* Upload to unstable
* Fix CVE-2016-9298: heap overflow in WaveletDenoiseImage().
(Closes: #844211).
* Fixed memory leak in psd file handling.
(Closes: #845239). Fix CVE-2016-10058.
* Fix security bug; "Prevent fault in MSL interpreter"
(Closes: #845241). Fix CVE-2016-10068.
* Fix null pointer dereference in TIFF file handling
(Closes: #845243). Fix CVE-2016-9559.
* Prevent heap buffer overflow in heap-buffer-overflow
in IsPixelGray. Backport fixes from upstream.
(Closes: #845242). Fix CVE-2016-9556.
* Supports XPM with > 8464 colours. (Closes: #842632).
* Use safer policy.xml file.
* Improve postinst file by checking version.
* Improve rules by using set -e
* Simplify rules.
* Control could be now generated from rules by maintainer.
* Improve main program postinst/prerm scripts.
* Switch to compat 10.
* Improve test suite by including perl test.
* Create packages for HDRI (Closes: #476357). Will allow smooth
transition to imagemagick 7.
* Thus closing "imagemagick; imagemagick-6.q16 packages have the same
binary", thanks to Ross Gammon (Closes: #817842). Now we have
imagemagick-6.q16hdri.*
* Move files from libmagickcore to imagemagick-6-common.
* Merge with Debian unstable (LP: #1645406). Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main (LP #711061).
[ Previously undocumented ]
* Drop:
- Add backports of d6054824, 95c8394e and 68c6a7d to
0070-Fix-PixelColor-off-by-one-on-i386.patch (LP #1549942)
which were missed in "PixelColor off by one on i386
(closes #811308)
https://github.com/ImageMagick/ImageMagick/issues/54";.
+ Add backport of 54b752c3 to fix color behavior (LP #1549942).
+ Fix backport of d6054824 to include dropped parentheses
(LP #1549942).
+ Drop of backported fixes to d/p/0070-Fix-PixelColor-off-by-one-on-i386.patch
[ Previously undocumented ]
[ Fixed upstream ]
- debian/rules: Use LCQUANTUMDEPTH when generating display-im6.desktop too.
Fixes broken icon in .desktop file. (LP #1558409)
[ Fixed in Debian ]
- SECURITY UPDATE: popen() shell vulnerability
+ d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
+ CVE-2016-5118
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers@ubuntu.com> for verification. ]
- SECURITY UPDATE: ImageTragick remote code execution
+ d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
+ d/p/0077-Remove-PLT-Gnuplot-decoder.patch
+ d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
+ d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
+ d/p/0080-Prevent-indirect-reads-with-label-at.patch
+ d/p/0081-Less-secure-coders-require-explicit-reference.patch
+ debian/rules: build with --with-rsvg.
+ CVE-2016-3714
+ CVE-2016-3716
+ CVE-2016-3718
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers@ubuntu.com> for verification. ]
- debian/README.Debian: explain use of --with-rsvg option.
[ Previously undocumented, dropped ]
- SECURITY UPDATE: multiple security issues
+ debian/patches/*: synchronize large quantity of security fixes with
Debian's 8:6.8.9.9-5+deb8u5 release. Thanks to Bastien Roucariès for
the excellent work this update is based on!
+ CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010,
CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690,
CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491,
CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514,
CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518,
CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522,
CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526,
CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530,
CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534,
CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538,
CVE-2016-7539, CVE-2016-7540
[ Fixed upstream, thanks to Marc Deslauriers
<marc.deslauriers@ubuntu.com> for verification. ]
- Add backport of a54fe0e8 to fix segmentation faults during
php-imagick tests (LP #1549942).
+ Delete d/p/0076-Fix-segmentation-fault-with-php-imagick.patch
[ previously undocumented ]
[ Fixed upstream ]
* Upload to unstable.
* New upstream release.
* Fix CVE-2016-7906 mogrify use after free (Closes: #840435).
* Fix CVE-2016-7799 mogrify global buffer overflow (Closes: #840437).
* Security bug fix: "Prevent runtime error: divide by zero" (Closes: #836174).
* Improve privacy rules.
* Acknowledge NMUs from Emilio Pozuelo Monfort, and
from Mattia Rizzolo.
* Fix git header thanks to Mattia Rizzolo.
* Prepare HDRI version by generating a few install file.
* Bug fix: "Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders
(bug report from Donghai Zhu)", thanks to Bastien ROUCARIES (Closes:
#836172). Fix CVE-2016-10054, CVE-2016-10055, CVE-2016-10056,
and CVE-2016-10057.
* Bug fix: "TIFF divide by zero", thanks to Bastien ROUCARIES (Closes:
#836171). Fix CVE-2016-10053.
* Avoid buffer overflow in SGI file handling (Closes: #836776).
Fix CVE-2016-7101.
* Use autopkgtest.
* So bump for gcc6.
* New upstream version. Fix a few security problems (Closes: #823750):
- Fix a off-by-one error leading to segfault (Closes: #832455).
Fix CVE-2016-7513.
- Fix an out-of-bounds read in coders/psd.c (Closes: #832457,
LP: #1533442). Fix CVE-2016-7514.
- Fix rle file handling for corrupted file (Closes: #832461,
LP: #1533445). Fix CVE-2016-7515.
- Fix a buffer overflow in sun file handling (Closes: #832464).
Fix CVE-2015-8957.
- Fix a potential DOS in sun file handling due to
malformed files (Closes: #832465). Fix CVE-2015-8958.
- Fix multiple out of bound problem in rle, pict, viff and
sun files (Closes: #832467, LP: #1533452, LP: #1533449,
LP: #1533447, LP: #1533445). Fix CVE-2016-7519,
CVE-2016-7518, CVE-2016-7517 and CVE-2016-7516.
- Fix a heap overflow in hdr file handling (Closes: #832469,
LP: #1537213). Fix CVE-2016-7520.
- Fix a heap buffer overflow in psd file handling
(Closes: #832474, LP: #1537418). Fix CVE-2016-7521.
- Fix an out of bound access for malformed psd file
(Closes: #832475, LP: #1537419). Fix CVE-2016-7522.
- Fix a meta file out of bound access (Closes: #832478,
LP: #1537420). Fix CVE-2016-7524 and CVE-2016-7523.
- Fix heap buffer overflow in psd file coder
(Closes: #832480, LP: #1537424). Fix CVE-2016-7525.
- Fix an out of bound access in wpg file coder (Closes: #832482,
LP: #1539050, LP: #1542115). Fix CVE-2016-7527 and
CVE-2016-7526.
- Fix out of bound access for viff file coder (Closes: #832483,
LP: #1537425). Fix CVE-2016-7528.
- Fix an out of bound access in xcf file coder (Closes: #832504,
LP: #1539051, LP: #1539052). Fix CVE-2016-6823 and
CVE-2016-7529.
- Fix out of bound in quantum handling (Closes: #832506,
LP: #1539067, LP: #1539053). Fix CVE-2016-7530.
- Fix a pbd file out of bound access (Closes: #832633,
LP: #1539061, LP: #1542112). Fix CVE-2016-7531.
- Fix handling of corrupted psd file (Closes: #832776,
LP: #1539066). Fix CVE-2016-7101 and CVE-2016-7532.
- Fix a wpg file out of bound for corrupted file
(Closes: #832780, LP: #1542114). Fix CVE-2016-7533.
- Fix an out of bound access in generic decoder (Closes: #832785,
LP: #1542785). Fix CVE-2016-7534.
- Fix an out of bound access for corrupted psd file
(Closes: #832787, LP: #1545180). Fix CVE-2016-7535.
- Fix a SEGV reported in corrupted profile handling
(Closes: #832789, LP: #1545367). Fix CVE-2016-7536.
- Fix an out of bound access for corrupted pdb file
(Closes: #832791, LP: #1553366). Fix CVE-2016-7537.
- Fix a SIGABRT for corrupted pdb file
(Closes: #832793, LP: #1556273). Fix CVE-2016-7538
- Fix an out of bound in generic decoder.
(Closes: #832783, LP: #1542785).
- Prevent buffer overflow in magick/draw.c. Fix
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564.
(Closes: #832885, #832887, #832888).
- Fix DOS due to corrupted DDS files
(Closes: #832942, #832944). Fix CVE-2015-8959 and CVE-2014-9907.
- Fix out of bounds memory read for DDS files. This fix
CVE-2016-5687. (Closes: #832890).
- Prevent possible buffer overflow when reading TIFF images.
This fix CVE-2016-5010. (Closes: #832968).
- Fix out of bound access for corrupted WPG file. This fix
CVE-2016-5688. (Closes: #833003).
- Add additional checks to DCM reader to prevent data-driven faults.
This fix CVE-2016-5689, CVE-2016-5690, CVE-2016-5691.
(Closes: #833044, #833043, #833042).
- Improve checking of EXIF profile to prevent integer overflow.
This fix CVE-2016-5841 and CVE-2016-5842.
(Closes: #831034).
- Prevent buffer overflow in properties reading.
This fix CVE-2016-6491. (Closes: #833099).
- Fix potential DOS by not releasing memory.
(Closes: #833101). Fix CVE-2016-7539.
- Fix abort when writing to rgf format.
(Closes: #827643, LP: #1594060). Fix CVE-2016-7540.
- Fix buffer overflow in draw.c
(Closes: #833730). Fix CVE-2016-10046.
- Fix memory leak in xml file parsing. (Closes: #833730).
Fix CVE-2016-10046.
- Do not load abitrary user modules. (Closes: #833732).
- Fix segfault in ReadRLEImage. (Closes: #833743).
- Fix RLE check for pixel offset less than 0. (Closes: #833744).
Fix CVE-2016-10050.
- Prevent possible stack overflow (Closes: #833812).
* Remove Daniel Kobras for uploaders. Thanks Daniel.
(Closes: #832378).
* Add JPEG support based on openjpeg. (Closes: #818203, #813343).
* Add indication about imagemagick-doc in man pages.
(Closes: #822850).
* Fix privacy rules and fixes some deadlink using XLST.
* Improve linking of modules by adding if needed libz and
libm.
* Avoid a double free.
(Closes: #834183). Fix CVE-2016-10051
* Avoid an out of bound access for malformed exif data.
(Closes: #834501). Fix CVE-2016-10052
* Avoid a DOS due to improper locking in magick++ lib.
(Closes: #834163).
* Add upstream patch in order to avoid a buffer overflow
in bmp file reader. (Closes: #834504).
Fix CVE-2016-6823.
* Bump standard version. No change.
* Remove previous -im6 alternatives to avoid unnecessary but harmless
messages at upgrade time (closes: #813426)
* Build upon patch by Diederik de Haas <didi.debian@cknow.org> to
clarify what you need to install the -extra package for (closes: #813566)
* Bug fix: "cannot upgrade: /usr/share/doc/imagemagick contains files
not owned by package imagemagick:all", thanks to Vincent Lefevre
(Closes: #814480, #813426). imagemagick is now a arch:any
package working arround a dpkg bug.
* Drop imagemagick binary package. Paving the way to multiple
channel depth binaries and HDRI. Fix also multi-arch problems
(Closes: #761836, #810591, #772603).
* Fix desktop file (Closes: #812481).
* Simplify debian/rules
* Fix a mistake for installing config files.
* New upstream version.
* Repack in order to avoid non free test images from upstream.
* Security bug fixes (Closes: #799524, #799891)
- Fix a Null dereference in coders/png.c (LP: #1492881).
- Fix a double free in coders/tga.c (LP: #1490362).
- Avoid a null pointer dereference in JNG decoder.
- Avoid a DOS for RLE file..
- Avoid a bufer overflow by using field limit in sprintf.
- Avoid a stack overflow in fx handling.
- Fixed size of memory allocation in RLE coder
to avoid segfault (LP: #1496649).
- Add extra checks to avoid out of bounds error
when parsing the 8bim profile. (LP: #1496645).
- Fixed memory leak when reading incorrect PSD files
- Fix PixelColor off by one on i386.
- Fix out of bounds error in -splice operator.
- Prevent null pointer access in magick/constitute.c
- Fix another memory leak in string handling.
* Fix density of JPEG working around TeX bug
(Closes: #763799).
* Recompile with g++-5 (Closes: #798597).
* Replace quantum depth by channel depth (Closes: #762004).
* Prepare imagemagick 7 by renaming imagemagick-common package
to imagemagick-6-common and imagemagick-doc to
imagemagick-6-doc.
* Symlink doc dir of arch:all package to imagemagick-6-common.
* New upstream version:
- Fix MagickSetImageBias() has no effect for MagickConvolveImage()
(Closes: #779939)
- Fix segmentation fault using corrupted file
(LP: #144963, #1448801, #1448795, #1448767).
- Fix a denial of service flaw in MIFF file processing.
Fix CVE-2015-8901.
- Fix a denial of service flaw in VICAR file processing.
Fix CVE-2015-8903.
- Fix a denial of service flaw in HDR file processing.
Fix CVE-2015-8900.
- Fix a denial of service flaw in PDB file processing.
Fix CVE-2015-8902.
* Fix build on mips by printing progress (Closes: #770009).
* Drop previous security patches, merged upstream.
* Use http instead of ftp for uscan.
* Fix regression: "missing JPEG-2000 support", thanks to Yuriy Yevtukhov
(Closes: #773530).
* libmagickcore-6.q16-2-extra recommends libjxr-tools,
thanks to Mathieu Malaterre (Closes: #771312).
* Bug fix: "desktop file icon is still not displayed", thanks to Markus
Koschany (Closes: #767973,#780490).
* Bug fix: "please make the build reproducible", thanks to Reiner
Herrmann (Closes: #783933).
* Upstream break c++ ABI:
- Bump c++ soname.
- Add new symbols to symbols file.
* Fix perlmagick: "Text functions segfault on i386", thanks to Matthias
Großmann (Closes: #777158).
* Bug fix: "wrong path to documentation in convert man page", thanks to
Yvan Masson (Closes: #778541).
* Suggest to install imagemagick doc in man page, thanks to Gregor
Herrmann (Closes: #727739).
* Non-maintainer upload.
* Remove libjasper-dev dependencies. Closes: #818203
* Non-maintainer upload.
* 0082-Fix-CVE-2016-5118-disable-filename-pipes.patch:
+ Fix CVE-2016-5118: disable pipes in filenames to avoid arbitrary
command execution. Closes: #825799.
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize large quantity of security fixes with
Debian's 8:6.8.9.9-5+deb8u5 release. Thanks to Bastien Roucariès for
the excellent work this update is based on!
- CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,
CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010,
CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690,
CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491,
CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514,
CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518,
CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522,
CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526,
CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530,
CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534,
CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538,
CVE-2016-7539, CVE-2016-7540
* No-change rebuild for perl 5.24 transition
* Drop useless dependency on jasper. Closes # 818203. (LP: #1612822)
* SECURITY UPDATE: ImageTragick remote code execution
- d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
- d/p/0077-Remove-PLT-Gnuplot-decoder.patch
- d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
- d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
- d/p/0080-Prevent-indirect-reads-with-label-at.patch
- d/p/0081-Less-secure-coders-require-explicit-reference.patch
- debian/rules: build with --with-rsvg.
- CVE-2016-3714
- CVE-2016-3715
- CVE-2016-3716
- CVE-2016-3717
- CVE-2016-3718
* SECURITY UPDATE: popen() shell vulnerability
- d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
- CVE-2016-5118
* No-change rebuild for libpng soname change.
* debian/rules: Use LCQUANTUMDEPTH when generating display-im6.desktop too.
Fixes broken icon in .desktop file. (LP: #1558409)
* Fix backport of d6054824 to include dropped parentheses
(LP: #1549942).
* Add backport of 54b752c3 to fix color behavior (LP: #1549942).
* Add backport of a54fe0e8 to fix segmentation faults during
php-imagick tests (LP: #1549942).
* Add backports of d6054824, 95c8394e and 68c6a7d to
0070-Fix-PixelColor-off-by-one-on-i386.patch (LP: #1549942)
which were missed in "PixelColor off by one on i386
(closes: #811308)
https://github.com/ImageMagick/ImageMagick/issues/54";.
* Fix various minor security issues
- Fix an integer overflow that can lead to a buffer overrun
in the icon parsing code (LP: #1459747, closes: #806441)
Fix CVE-2015-8895.
- Fix an integer overflow that can lead to a double free in
pict parsing (LP: #1448803, closes: #806441).
Fix CVE-2015-8896.
- Memory Leak while handle psd file (closes: #811308)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
- IM 6.9.2 crash with some PNG (closes: #811308, LP: #1492881)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
- Null pointer access in magick/constitute.c (closes: #811308)
https://github.com/ImageMagick/ImageMagick/pull/34
- PixelColor off by one on i386 (closes: #811308)
https://github.com/ImageMagick/ImageMagick/issues/54
- Fixed other memory leaks (closes: #811308)
* Fix build on mips by printing progress (Closes: #770009).
* Fix a few security bugs: (closes: #799524)
- A DOS on specially crafted MIFF file (CVE-2015-8901).
- A DOS on specially crafted Vicar file (CVE-2015-8903).
- A DOS on specially crafted HDR file (CVE-2015-8900).
- A DOS on specially crafted PDB file (CVE-2015-8902).
- Avoid a null pointer dereference in JNG decoder.
- Avoid a DOS for RLE file.
- Avoid double free on TGA file. (CVE-2015-8894)
- Avoid a bufer overflow by using field limit in sprintf.
- Avoid a stack overflow in fx handling.
* Replace density of 1 for JPEG by unknown working around
a TeX bug (Closes: #763799).
* Non-maintainer upload.
[ Matthias Klose ]
* Renamed library for gcc5 transition libmagick++-6.q16-5 ->
libmagick++-6.q16-5v5
[ Simon McVittie ]
* Don't add a lintian override for the libmagick++-6.q16-5v5 name,
current lintian accepts this name
* Don't clear the symbols files for the C ABIs, only the C++ ABI
* Fix incorrect fix for xpm security problem.
This patch fixed the buffer overflow but
xpm coder output garbage, thanks to Adam Sjøgren
(Closes: #773980).
* Workarround "Imagemagick FTBFS on mips on mips-aql-* not on ball".
Do not execute testsuite if FPU is not present. Security team
want this bug fixed in order to ease it work, thanks
to Ivo De Decker (Closes: #770009).
* Fix a few security bugs (Closes: #773834):
- Avoid a DOS in vision.c due to an infinite loop. (CVE-2014-9804)
- Avoid a SEGV due to a corrupted pnm file. (CVE-2014-9805)
- Do not leak fd due to corrupted file. (CVE-2014-9806)
- Fix a double free in pdb coder. (CVE-2014-9807)
- Fix a SEGV due to corrupted dpc and xwd images. (CVE-2014-9808)
- Fix a SEGV in dpx file handler. (CVE-2014-9810)
- Fix a SEGV in malformed xwd file handler. (CVE-2014-9809)
- Avoid a NULL pointer dereference in ps file handling. (CVE-2014-9812)
- Fix a crash with corrupted viff file. (CVE-2014-9813)
- Fix a NULL pointer dereference in wpg file handling. (CVE-2014-9814)
- Do not continue on corrupted wpg file. (CVE-2014-9815)
- Avoid an out of bound access in viff image. (CVE-2014-9816)
- Avoid a heap buffer overflow in pdb file handling. (CVE-2014-9817)
- Avoid an out of bound acess on malformed sun file. (CVE-2014-9818)
- Avoid heap overflow in palm, pnm and xpm files.
(CVE-2014-9819, CVE-2014-9820, CVE-2014-9821)
- Fix heap overflow in quantum, palm and psd file.
(CVE-2014-9822, CVE-2014-9823, CVE-2014-9824)
- Fix handling of corrupted of psd, sun and xpm file.
(CVE-2014-9825, CVE-2014-9826, CVE-2014-9827)
- Fix corrupted (too many colors) psd file. (CVE-2014-9828)
- Fix an out of bound acess in sun file. (CVE-2014-9829)
- Fix handling of corrupted sun and wpg file.
(CVE-2014-9830, CVE-2014-9831)
- Fix heap overflow in pcx file, psd, pict and wpf files
and DOS in xpm files.
(CVE-2014-9832, CVE-2014-9833, CVE-2014-9834, CVE-2014-9835,
CVE-2014-9836)
- Add additional PNM sanity checks. (CVE-2014-9837)
- Avoid a crash to out of memory in magick/cache.c (CVE-2014-9838)
- Fix a theorical out of bound access in magick/colormap-private.h
(CVE-2014-9839)
- Fix an out of bound access in palm file.
(CVE-2014-9840)
- Fixed throwing of exceptions in psd handling and fix a memory leak.
(CVE-2014-9842)
- Fixed boundary checks in DecodePSDPixels.
(CVE-2014-9843)
- Fix another out of bound problem in rle file.
(CVE-2014-9844)
- Fix crash due to corrupted dib file.
(CVE-2014-9845)
- Added checks to prevent overflow in rle file.
(CVE-2014-9846)
- Impose a limit of 10 million columns or rows in an input PNG
- Don't try to handle a "previous" image in the JNG decoder.
(CVE-2014-9847)
- Avoid a memory leak in quantum management. (CVE-2014-9848)
- Avoid a crash in png coder. (CVE-2014-9849)
- Thread limit should be at least 1 in order to be efficient.
(CVE-2014-9850)
- In psd file handling fixed parsing resource block and
avoid a crash. (CVE-2014-9851)
- In cache fix usage of object after it has been destroyed.
- Avoid a memory leak in rle file handling. (CVE-2014-9852)
- During identification of image do not fill memory.
(CVE-2014-9854)
* Fix a security bug (DOS). Some special crafted JPEG
files could create a dos due to missing check in
embeded EXIF properties (EXIF directory offsets
must be greater than 0). Fix CVE-2014-8716
(Closes: #768494).
* Remove build-dep loop. Remove inkscape.
* New upstream version, fixing four security problems:
- Remotely DOS: "convert +profile regression enters
infinite loop exhausting memory", thanks to
Yuri D'Elia (Closes: #764872). Fix CVE-2014-8561.
- Fixed buffer overflow in PCX and DCM coder. Fix
CVE-2014-8562 and CVE-2014-8355.
- Don't clone a 0x0 image breaking some assumption
in client code. Fix CVE-2014-8354.
- Off-by-one count when parsing an 8BIM profile.
* Fix identify -quiet has non zero exit code on warnings
(Closes: #763686).
* Fix "convert -crop" doesn't just crop,
but makes the output darker than the input (Closes: #731157).
* Fix identify warning is now an error (Closes: #761918).
* Fix unrecognized color in xpm image (Closes: #754107).
* Fix display exits with non-zero return code (Closes: #763794).
* Fix imagemagick changes contrast of b/w images.
(Closes: #712493).
* Fix desktop file icons are not displayed due to wrong icon names.
(Closes: #765416, #758276).
* Tighten up the depends between imagemagick-common and other components.
(Closes: #753770).
* Add obsolete config scripts (not multiarch safe) to
/usr/lib/$DEB_HOST_MULTIARCH/ImageMagick-6/bin-$QUANTUMDEPTH/
where $DEB_HOST_MULTIARCH is the multiarch triplet and
$QUANTUMDEPTH is the current quantum depth.
(Closes: #764899). Document it under NEWS (Closes: #761927).
* Bump policy version. No changes.
* Upload to unstable
* Bug fix: "error: original symlink target is not an absolute path",
thanks to 積丹尼 Dan Jacobson (Closes: #758760).
* Do not tune the architecture for compiling.
Fix "Illegal instruction", thanks to 積丹尼 Dan Jacobson (Closes:
#757996).
* Prepare perl transition (/usr/lib/perl5 move to
/usr/lib/$ARCH_TRIPLET/perl5/) and avoid FTBFS (closes: #750095).
* Fix dependency problem: libmagick++ need to depends
on header packages.
* New upstream version:
- sodump of magick++ needed because of
a small class layout change.
* Tighten up the depends between imagemagick and imagemagick-6.q16 to
avoid missing (version-dependent) symlinks when imagemagick is updated
while imagemagick-6.q16 isn't (closes: #743042)
* Update symbol files
* New upstream version:
- Fix symbols files by adding new symbols.
* Fix html breakage in upstream documentation.
* Add missing symbols from 32 bits due to s?size_t
and optionnal template from sparc.
* Fix three security bugs (Closes: #740250):
- Fix CVE-2014-1958 and CVE-2014-2030, two buffer overflow
in psd file handling.
- Fix CVE-2014-1947 a buffer overflow in log handling.
* New upstream version:
- add new symbols to magickcore symbols file.
- so bump of libmagickwand and libmagickcore needed because of
a small API change.
- Remove a few non free files (closes: #734800)
* Packaging improvements:
- Really display log in case of test failure.
- check validity (in the xml or xhtml sense) of
upstream documentation using xmllint.
- check gpg signature see uscan(1).
- upgrade debian/copyright (new review).
- update to Debian Policy 3.9.5
* Upstream break c++ ABI:
- Bump c++ soname.
- Add new symbols to symbols file.
* Bug fix:
- "fails to upgrade from sid - trying to overwrite
/usr/lib/perl5/auto/Image/Magick/Magick.so", thanks to Andreas
Beckmann (Closes: #717981).
- "advertising / spying beacon in locally installed docs",
thanks to Adam Borowski (Closes: #700784).
- "unhandled symlink to directory conversion"
thanks to Andreas Beckmann (Closes: #720145).
* Fix symbols files.
* Move some depends to build-depends-indep.
* Use silent rules
* Bug fix: "version in experimental causes FTBFS for packages using
libmagick*", thanks to Roderich Schupp (Closes: #710668).
* Display log in case of tests failure.
[ Bastien Roucariès ]
* Switch debian patches to .xz
* Build with V=1 in order to see flags passed to compiler.
* Pass --as-needed to LD_FLAGS.
* Rebuild doxygen documentation using svg.
* Bug fix: "fails to install: update-alternatives: error: alternative
path /usr/bin/compare-im6 doesn't exist", thanks to Andreas
Beckmann (Closes: #709856, #709845).
[ Vincent Fourmond ]
* Fix small typo in debian/rules that makes nice FTBSes
[ Bastien Roucariès ]
* New upstream version:
- Bug fix: "Drawing issues with rectangle stroke", thanks to Robert Sohn
(Closes: #689560).
- Bug fix: "NULL deference during creation of temporary files"
(Closes: #704901).
* .so bump due to:
- encoding quantum depth in the library name. This will
allow to compile hdri and other quantum depth.
- lib versionning.
* Debian packaging bug fixes:
- "Depend on liblcms2-dev, not liblcms-dev",
thanks to Michael Terry (Closes: #701655).
- "package name does not adhere to naming policy for Perl
modules", thanks to ansgar@debian.org (Closes: #575932).
* Debian packaging improvement:
- Bump standard version to 3.9.4
- Minimal linking of .so (ld --as-needed).
- Use dh.
- Update debian/copyright (new review).
- new symbols files.
- switch to xz for both source and debian files.
[ Vincent Fourmond ]
* Handle upstream rename of configuration directory:
/etc/ImageMagick -> /etc/ImageMagick-6
* Fix symbols files.
* New upstream version.
* Improve download and commit script.
* Depend on libfftw3.
* Suggest: graphviz, ufraw-batch.
* New upstream version use inkscape delegate for svg. Suggest it.
Rsvg one is still used as fallback.
* Drop build depend on graphicsmagick's convert.
Use builded imagemagick one.
* Use internal svg engine instead of rsvg one.
* Improve icons aspect particularly for small size.
* Add guidance for bug submitting (thanks to Jonathan Nieder and
Justin B Rye).
* Suggests some debugging package for imagemagick-dbg.
* Add symbols file (except for libmagickcore5).
* Do not mess up MAKEFLAGS.
* Fail to build in case of testcase failure.
* autoreconf package in order to avoid linking with depends lib
(use debian patched libtool). Patch magick++ demo by adding
required libs.
* Security Bug fix: "Fails an assertion due to OpenMP related problem",
thanks to Willi Mann (Closes: #685903).
* Bug fix: "CVE-2012-3437", ImageMagick: Magick_png_malloc() size
argument thanks to Moritz Muehlenhoff (Closes: #683285).
* Really solve the upgrade problem (Closes: #679188, #679063).
* Build-depend on debhelper >= 9~
* Bug fix: "fails to upgrade from wheezy - trying to overwrite
/usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/pango.so",
thanks to Andreas Beckmann (Closes: #679188 and Closes: #679063).
* New upstream version:
- Fix FTBS on arm (closes: #679430).
- drop previous patch queue (merged upstream).
- Fix pointer size missmatch.
- Document feature: "SVG displayed in wrong size", thanks to Marc-Jano Knopp
(Closes: #632526).
[ Bastien Roucariès ]
* New upstream version
* Bug fix: "Menu entry of imagemagick does not launch it", thanks to
Michael Biebl (Closes: #675453).
* Bug fix: "Please include large 256x256px icon", thanks to Ralph
Aichinger (Closes: #675484). Add scalable icons, 16x16, 32x32, 48x48
* Copyright review:
- move to dep5 format.
- Remove dot support due to incompatibility between EPL and GPL
(Closes: #677413).
- Remove non modifiable sRGB.icc (Closes: #677414).
* Add automation script for source download and git machinery
* Use manual delegate to rsvg for icons creation
* Documentation bugfixes:
- Bug fix: "identify man page lists writing options even though command
is readonly", thanks to jidanni; (Closes: #636932).
- Bug fix: "SYNOPSIS should drive home more than one input-file point",
thanks to jidanni; (Closes: #662579).
- Bug fix: "document that they are no way to make real white
and black jpg", thanks to jidanni. format.html under upstream
documentation say now: "Note, JPEG is a lossy compression.
In addition, you cannot create black and white images with JPEG
nor can you save transparency." (Closes: #603097).
- Bug fix: "convert -- [man] input-options and output-options not
referenced", thanks to Jari Aalto (Closes: #602474). Now man
page read: "Use any setting or operator as an output-option.
Only a limited number of setting are input-option,
they include: [...]"
[ Vincent Fourmond ]
* Enable pango support (closes: #678390), placed in libmagickcore5-extra
* Use graphicsmagick's convert for building the XPM files, in order to
avoid circular dependencies
* Add a reference to the GPL and Artistic license in debian/copyright
* Word-wrap changelog
[ Bastien Roucariès ]
* New upstream version:
- Drop previous patches: merged upstream.
- Bug fix: "identify -verbose reports incorrect Class (correct w/o
-verbose)", thanks to Jason Woofenden (Closes: #656942).
- Bug fix: "conversion to postscript is missing grestore in DisplayImage
definition", thanks to Daniel Kahn Gillmor (Closes: #655762).
* Bug fix: "mailcap still broken (as #589887)", thanks to Felix
Salfelder (Closes: #619667):
- revert bug fix #562959.
- replace display by display.im6
* Bug fix: "Please add imagemagick.desktop", thanks to Sérgio Cipolla
(Closes: #621799).
* Add xz support.
* Bug fix: "Obsolete conffile /etc/ImageMagick/sRGB.icm not cleaned up
on upgrade", thanks to Josh Triplett (Closes: #669964).
[ Vincent Fourmond ]
* Improve the new hook scripts
* Fix (very) minor typo in package description (closes: #675011)
* Bug fix when converting from pdf to png, thanks to Thomas
Preud'homme (Closes: #668214).
* Provides: libmagickcore-extra in order to avoid broken depends. Thanks
to Julien Cristau (closes: #667826). Urgency high to make sure the
FTBS-inducing bug is closed fast...
* Fix CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 /
CVE-2012-1610 (Closes: #667635)
- Vulnerability CVE-2012-0259 can cause a DoS in a system
via handing JPEG files with invalid EXIF XResolution tag.
- Vulnerability CVE-2012-0260 can lead to excessive use of
memory in target system, when processing a malicious JPEG file.
Excessive use of memory can lead to denial of service.
- Vulnerability CVE-2012-1798 can cause program to crash when
reading invalid memory, while parsing EXIF IFD in a TIFF file.
- Vulnerability CVE-2012-1610 Fix a Potential EXIF Integer Overflow
* Fix menu file to run display.im6 instead of display (fix lintian warning)
[ Bastien Roucariès ]
* Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186"
(Closes: #665007)
[ Vincent Fourmond ]
* Uploading to unstable, opening the way for the transition (see bug
#652650)
* Hurray, it seems the package conforms to standards 3.9.3 !
[ Bastien Roucariès ]
* Bug fix: "Please enable hardened build flags", thanks to Moritz
Muehlenhoff (Closes: #657833).
* Bug fix: "Invalid validation DoS CVE-2012-0247/CVE-2012-02478",
thanks to Henri Salo (Closes: #659339).
* Bug Fix: Convert delegate from removed /usr/bin/rsvg to
/usr/bin/rsvg-convert, thanks to Scott Howard (Closes: #659259)
[ Vincent Fourmond ]
* Pull in patch from revision 6606 to fix FTBS with newer zlib
[ Bastien Roucariès ]
* Drop previous quilt patches: merged upstream
* New upstream version:
- Fix incorrect readding of PGM header (LP: #346474)
- Defend against corrupt PSD resource block (LP: #302454)
- Bug fix: "-depth busted", thanks to jidanni (Closes: #618435).
- Bug fix: "delegate ffmpeg fails", thanks to Francisco Munoz
(Closes: #644170).
* Upstream break ABI keeping API. Bump soname
* Multiarch aware , thanks to Riku Voipio (Closes: #640680).
* Fix perlmagick fails at runtime with symbol lookup error,
thanks to Michael Terry (Closes: #650417).
* Prepare new major version transition: build version suffixed
binaries.
* Switch to lcms v2.X support
* Add libfftw support (Closes: #598693).
[ Vincent Fourmond ]
* Also add a suffix to manual pages
* Provide the unsuffixed binaries through alternatives
* Replace a overlapped memcopy by a memmove
* Fix a PNG reduction bug "Corrupted (?) icons", thanks to
Torbjörn Andersson <eriknospam@telia.com>
(Closes: #630619).
* Fix parallel build issue. Make debian/rules install target depend
on check. Thanks Colin Watson <cjwatson@ubuntu.com>
(Closes: #593041).
[ Bastien Roucariès ]
* Acknowledge NMUs. Thanks Vincent Fourmond.
* Add Vincent Fourmond as comaintainer.
* Fixed one-off bug in option parser (Closes: #609177).
* Move configuration files to a common package: Fix bug
"non-versioned files in a shared library packages
is wrong", thanks to Julien Cristau (Closes: #629945).
[ Vincent Fourmond ]
* Do not forget to depend on that package...
* And add a Replaces: libmagickcore4 (= 8:6.6.9.7-3.1) stanza on
imagemagick-common to allow a neat upgrade path.
* Non-maintainer upload, with permission of Bastien Roucariès
* Move configuration file to the libmagickcore4 package where they
belong.
* Install config files to /etc really (Closes: #627981).
* Fix a FTBFS on hurd-i386. Thanks to Pino Toscano (Closes: #628020).
* Better wording for NEWS file. (Closes: #628007).
* Upload to unstable
[ Bastien Roucariès ]
* Switch build architecture:
- to git over svn.
- Modify rules in order to use git.
- Add README.Source file.
* New upstream release (Closes: #612811):
- Drop patch for reading config files from current directory,
corrected upstream (Closes: #601824).
- Upstream updated SONAME (Closes: #587227).
- Fixes -strip adds additional tags to the image (Closes: #594693).
- Add example files (Closes: #611125).
- Move configuration file to /etc.
- Fix caption error with non break space (Closes: #614117)
* Fix a build failure: do not try to remove empty directories if list is nil.
* Perlmagick:
- Fix a build failure, always run make install.
- Perlmagick: Update build to conform with perl policy
* Acknowledge NMUs (Closes: #579775)
* Bump standard version to 3.9.1.0
* Use DEB_UPSTREAM_VERSION from cdbs
* Apply fix for reading config files from current directory, found by
Jakub Wilk <jwilk@debian.org> (Closes: #601824).
Thanks to Andreas Metzler <ametzler@downhill.at.eu.org> for the nicely
formatted patch.
* Non-maintainer upload.
* Change Recommends on ufraw to ufraw-batch (closes: #579775).
* Non-maintainer upload.
* Re-upload 6.6.0.4 with bumped epoch to revert ABI breakage (closes:
#587227).
* Revert debian/patches/type.xml.patch for now, while we address this issue
with upstream (Closes: #573983).
* debian/control: make libmagickcore3-extra provides libmagickcore-extra
(Closes: #574058). Thanks, Stuart Prescott!
* New upstream release.
* Upload to unstable.
* New upstream release;
* Upstream updated SONAME version (Closes: #564123):
- debian/control: bump libmagickcore2, libmagickwand2 and libmagick++2 to
libmagickcore3, libmagickwand3 and libmagick++3;
* Removed reference to type-ghostscript.xml in type.xml, thus enabling
ImageMagick to use the system fonts (Closes: #396420):
- Added new patch debian/patches/type.xml.patch.
* Fix mime handling of filenames with spaces (Closes: #562959).
Thanks, Drew Parsons!
* Updated Standards-Version to 3.8.4;
* Remove unneeded debian/README.source.
* New upstream release:
- Fix the display of consecutive images with 'display' (Closes: #558046).
* Convert package to the new format 3.0 (quilt);
* Add some packages to Recommends, as they are necessary to convert to/from
some formats (Closes: #557734):
- ghostscript, netpbm, ufraw.
* Like above, also add some packages to Suggests:
- autotrace, cups-bsd | lpr | lprng, curl, enscript, ffmpeg, gimp, gnuplot,
grads, groff-base, hp2xx, html2ps, libwmf-bin, mplayer, povray, radiance,
sane-utils, texlive-base-bin, transfig, ufraw, xdg-utils.
* New upstream release;
* Fix recommends on libmagickcore2-extra (Closes: #556360);
* Fix versioned dependency on libmagick* libs (Closes: #556740).
* New upstream release;
- Fixes "perferred" typos (Closes: #550503). Thanks A. Costa!
- Patch to fix FTBFS on hurd-i386 has been merged upstream
(Closes: #551017). Thanks Pino Toscano!
* Upload to unstable.
* Split SVG, WMF, OpenEXR, DjVu and Graphviz coders into a new
libmagickcore2-extra package:
- Removed libmagickcore2 circular Depends on libmagickwand2
(Closes: #524613);
- Removed dependency on gtk libs (Closes: #478538).
A big thank you to Nick Wellnhofer <wellnhofer@aevum.de>!
* Sorted Build-Depends and Depends in debian/control.
* New upstream release;
* Removed SA35216.diff as it was fixed upstream;
* The imagemagick package now suggests imagemagick-doc (Closes: #523401);
* "identify -verbose" now displays EXIF thumbnail info (Closes: #527918);
* Fix image placing when displaying to the X server root (Closes: #523608);
* Fix wrong exit code in display (Closes: #524058);
* Fix loading of MS Windows icons with compressed PNG elements
(Closes: #534159);
* Fix requirement of an X server for running display (Closes: #533494);
* Fix title misplacing with montage (Closes: #528569);
* Fix filetype detection with mogrify (Closes: #531350);
* Fix image loop with "display -delay" (Closes: #529702);
* Fix crashing on non-image XML files with identify (Closes: #533704);
* Add debian/README.source;
* debian/control: updated libltdl-dev dependency;
* debian/rules:
- updated build process for PerlMagick;
- empties dependency_libs from *.la files.
* Updated Standards-Version:
- disable tests when nocheck is present.
* Non-maintainer upload by the Security Team.
* Apply upstream patch to fix integer overflow in XMakeImage()
(SA35216.diff; Closes: #530838).
* New upstream release;
* Upload to unstable;
* Add libmagickcore-dev dependency on liblqr-1-0-dev (Closes: #521871);
* Fixes segfault while converting to Braille format (Closes: #521395);
* Fixes conversion from SVG to PNG (Closes: #520412);
* Change imagemagick-dbg section to "debug".
* Add libperl-dev to Build-Depends (Closes: #519886).
* New upstream release;
* Fix handling of large values in FITS file (Closes: #268241);
* Fix reading FITS files (Closes: #509615);
* Include info in identify man page about counting colors number
(Closes: #508684);
* New display.xpm icon (with the ImageMagick logo);
* debian/rules: replace dh_clean -k in favour of dh_prep;
* debian/control: bump libmagickcore1, libmagickwand1 and libmagick++1 to
libmagickcore2, libmagickwand2 and libmagick++2;
* Remove the symbols files for now, while it's being worked by upstream
(Closes: #509892);
* PerlMagick/t/ttf/input.ttf and PerlMagick/demo/Generic.ttf were replaced by
public domain Tuffy.ttf font (Closes: #510751);
* Fix 'grab' function in display (Closes: #364102);
* Fix description of point primitive for draw command (Closes: #322537);
* Fix bugs in SetPixel from perlmagick (Closes: #477462);
* Enable mouse wheel and arrow keys when using display (Closes: #179267);
* Fix crash during 'grab' (Closes: #431937);
* Enable Liquid Rescale support (Closes: 516298);
* Add Bastien Roucariès to Uploaders. Big thanks to him for helping and
joining us!
* New upstream release;
* Fix broken link in /usr/share/doc/imagemagick/index.html (Closes: #475577);
* Include symbols files for libmagickcore1, libmagickwand1 and libmagick++1;
* debian/control: libmagickwand-dev provides libmagick9-dev and
libmagick++-dev provides libmagick++9-dev (Closes: #507269);
* Remove debian/patches/readme-utf8.patch;
* The ImageMagick logo has the same license as the ImageMagick distribution
(thus we don't need to repackage and remove its logo from the tarball);
* Remove debian/patches/add_dfsg_free_logo.patch;
* Remove debian/patches/manpages.patch (applied upstream);
* ImageMagick does not include a font object unless a label is specified on
the command line (Closes: #484059);
* Fix error message when trying to create a SVG file (Closes: #350410);
* Fix negative offset in -geometry (Closes: #462759).
* Upload to testing-proposed-updates.
* Include missing config files (LP: #303477).
* Reupload to tpu
* New upstream release (Closes: #503889).
* Non-maintainer upload by the Security Team:
* Fix CVE-2008-1096 (patch taken from Red Hat)
* New upstream release;
* Fix parallel building support in debian/rules (Closes: #496212).
* New upstream release;
* Enabled parallel building support in debian/rules;
* Updated Standards-Version to 3.8.0.
* New upstream release;
* Install ImageMagick's config files in the proper package
(Closes: #484005).
* New upstream release;
* Includes upstream changelog;
* Fix -depth option behavior (Closes: #481831);
* Fix linker flags of MagickCore-config.
* New upstream release;
* Fix libmagick++-dev dependency on libmagickwand-dev;
* Fix EXIF regression when using identify (Closes: #473529);
* Fix -fx image operator (Closes: #425782);
* Fix broken links in documentation (Closes: #475577);
* Fix perlmagick segfaults when drawing text on individual images
(Closes: #351604);
* Fix crop and resize when using display (Closes: #266304).
* New upstream release (Closes: #469819);
* Fix ImageMagick's README.txt encoding (Closes: #465717);
* debian/control:
- replace build-depends libz-dev -> zlib1g-dev;
- remove versioned build-depends on libpng12-dev.
* Bumped compat level to 6;
* Add debug package (Closes: #471715);
* Change maintainer to ImageMagick Packaging Team
<pkg-gmagick-im-team@lists.alioth.debian.org>;
* Split imagemagick into imagemagick and imagemagick-doc (Closes: #233376);
* Doesn't ship static libraries into imagemagick (Closes: #465595);
* Include previously missing config files (Closes: #470777);
* Image::Magick's manpage also makes reference to local documentation
(Closes: #205017);
* Update doc-base section;
* Include menu icon (Closes: #192644);
* Add transfig to suggests (Closes: #441155);
* Fix typo in manpages (Closes: #426552);
* Fix typo in composite.html (Closes: #436789);
* Fix documentation URLs in manpages (Closes: #470922);
* Fix incorrectly rendering of grayscale PNGs (Closes: #383531, #350350);
* Fix segmentation fault when cropping in display (Closes: #374631);
* Fix wrong output when using "convert -draw" (Closes: #337837);
* Lower display's mime priority (Closes: #470591);
* Fix update of the EXIF profile (Closes: #468692);
* Fix HTML image map creation when using montage (Closes: #364128).
* Upload to unstable;
* Disable HDRI (Closes: #465526). Thanks to Lucas Nussbaum!
* New upstream release (Closes: #339776, #420672, #454809)
- fixed wrong image size when using montage (Closes: #357013);
- fixed support for "fixed" font (Closes: #370309);
- convert doesn't output grayscale images when using -colors switch
(Closes: #325828);
- using a percent sign on a montage label doesn't create a wrong label
anymore (Closes: #330115);
- fixed "identify -list format" (Closes: #337192);
- fixed composite (Closes: #338109);
- deffered LZW GIFs are handled correctly (Closes: #340553);
- display doesn't ignore alpha channel on PNG files anymore
(Closes: #352748);
- aspect ratio is preserved when using convert (Closes: #396956);
- fixed PS to PDF conversion (Closes: #419410);
- fixed SVG conversion (Closes: #435903);
- using -trim and -resize together doesn't produce incorrect images
anymore (Closes: #444058);
- "convert -list" doesn't result in glibc malloc failure (Closes: #326566);
- mogrify doesn't end silently with read only files (Closes: #292520);
- identify correctly displays the bit depth of an image (Closes: #391983);
- identify correctly reads files with a colon (Closes: #188834);
- fixed typo in composite manpage (Closes: #366499);
- doesn't fail when converting texts (Closes: #361141);
- fixed conversion of a PNG with transparency to a JPG, using -background
and -flatten (Closes: #358676);
- doesn't FTBFS with GCC/G++ 4.3 (Closes: #441538);
* Enabled DjVu support
* Acknowledge NMUs (Closes: #394923, #400939, #348576, #245960)
[ Luciano Bello ]
* The 'lets start again' release.
* Quilt implemented.
- manpages.patch: Replaced 'SEE-ALSO' for 'SEE ALSO' in the manpages.
Registered input character replaced.
[ Nelson A. de Oliveira ]
* Added watch file
* debian/rules: Fixed "debian rules ignores make clean error"
* debian/control:
- replaced deprecated ${Source-Version} by ${binary:Version}
- added Homepage field
- added Vcs-Svn and Vcs-Browser
* debian/compat: updated to debhelper compatibility level 5
* Updated menu file
* Updated Standards Version to 3.7.3
* Included myself to Uploaders field
[ Daniel Kobras ]
* debian/*.{preinst,postinst,prerm}: Removed. Dedicated checks are obsolete
by now, rest is handled automatically via debhelper these days.
* debian/control: Prune all references to packages that predate oldstable.
* debian/control: Move Suggests for delegate packages from imagemagick to
libmagick10.
* debian/control: Follow renaming of package gs to ghostscript, promote
from Suggests to Recommends, and also recommend gsfonts.
* debian/control: Update graphviz (build-)dependency to libgraphviz-dev.
* debian/copyright: Update with recent minor changes of upstream license.
* debian/imagemagick.menu: Add hack to make 'display' work without a
controlling tty.
* debian/rules: Consistently use $(CURDIR) rather than `pwd` to keep all
buildds equally happy.
* debian/upgrade-checklist.txt: Do not rename -dev packages, but provide a
list of C API changes between successive Debian releases.
* debian/patches/add_dfsg_free_logo.patch: Add dummy logo in place of
original logo that does not meet the DFSG, and therefore gets removed
from upstream tarball. Patch converted to quilt format from previous
diff.gz.
* Fix multiple vulnerabilities in imagemagick. Closes: #444267
+ magick/memory.c,magick/memory_.h,magick/methods.h: Add new allocator
wrapper AcquireQuantumMemory() to prevent potential integer overflows.
Backport from upstream version 6.3.5.9.
+ magick/image.c: Backport new implementation of SetImageExtent() from
upstream version 6.3.5.9.
+ coders/dcm.c,coders/xcf.c: Fix integer overflow in DCM and XCF coders.
(CVE-2007-4985) Backport of upstream patch from version 6.3.5.9.
+ coders/dcm.c,coders/dib.c,coders/xbm.c,coders/xcf.c,coders/xwd.c:
Fix multiple integer overflows in DCM, DIB, XBM, XCF, and XWD coders.
(CVE-2007-4986 and CVE-2007-4988) Based on upstream patch from
version 6.3.5.9.
+ magick/blob.c: Fix fencepost error in ReadBlobString()
(CVE-2007-4987) Backport of upstream patch from version 6.3.5.9.
+ coders/dib.c: Ensure positive value for image rows and columns.
Based on upstream patch from version 6.3.5.9.
+ All of the above patches have been derived from backports supplied by
Jonathan Smith.
* New maintainers.
* debian/compat: Splice debhelper version out of debian/rules into
separate file (but don't bump version).
* debian/control: Adjust jasper dependencies to current package names.
Closes: #419274, #420353
* Documentation minors improvements:
- Manpages says SEE ALSO, not SEE-ALSO. Closes: #333616
- Escaped specials chars in manpages. Closes: #381831
- External reference in convert(1). Closes: #398183
- "isplay", "perferred", "similiar" and "morify.html" typos fixed.
Closes: #386964, #351498, #395830
- ImageMagick(1) indentation. Closes: #335111
- "convert -help" duplicated line fixes. Closes: #339548
- Typo in description of --resize command fixed. Closes: #364826
* Magick++/lib/Image.cpp: Include cstdlib header to fix build failure
with gcc 4.3. Patch thanks to Martin Michlmayr. Closes: #417237
* coders/dcm.c: Fix integer overflow in DCM coder. (CVE-2007-1797)
Closes: #418057
* coders/icon.c: Fix segfault in ICON coder.
* coders/pcx.c: Fix heap overflow in PCX coder.
* coders/pict.c: Fix multiple segfaults in PICT coder.
* coders/png.c: Fix segfault in PNG coder.
* coders/pnm.c: Fix segfault in PNM coder.
* coders/sgi.c: Fix segfault in SGI coder.
* coders/sun.c: Fix segfault during conversion in SUN coder.
* coders/viff.c: Prevent heap corruption in VIFF coder.
* coders/xwd.c: Fix segfault during conversion in XWD coder.
* coders/xwd.c: Fix multiple integer overflows in XWD coder.
(CVE-2007-1667, CVE-2007-1797)
* The above fixes collectively address the following bug report:
Closes: #412945
* config/delegates.xml.in: Lose obsolete option -3 to dcraw delegate
to unbreak support for raw digital images. Closes: #404477
* Non-maintainer upload.
* coders/palm.c: Fix regression introduced in patch for CVE-2006-5456.
Avoid bogus second read in macro call. Patch thanks to Vladimir
Nadvornik. (CVE-2007-0770) Closes: #410435
* Non-maintainer upload.
* coders/png.c: Fix amd64 build failure with recent libpng versions.
Closes: #401047
* debian/control: Tighten libpng12-dev build-dependency to exclude versions
that are known to fail to link even with the above fix in place.
* Non-maintainer upload.
* debian/control: Add build dependency on libxt-dev and pkg-config to
make dependency list deterministic.
* debian/control: libmagick9-dev depends on libxt-dev.
* Non-maintainer upload.
* coders/dcm.c, coders/palm.c: Fix buffer overflows in DCM and Palm coders.
Patches thanks to M Joonas Pihlaja. Closes: #393025
* coders/sgi.c: Put back missing initialisation of loop variable that
was erroneously removed in fix for CVE-2006-4144. Spotted by
Martin Pitt. Closes: #383314
* coders/sgi.c: Fix off-by-one error in boundary check causing slightly
garbled image output. Also introduced in fix for CVE-2006-4144.
* coders/xpm.c: Do not gratuitously limit the allowed number of
bytes per pixel. Patch thanks to Jens Seidel. Closes: #358148
* magick/display.c: Fix NULL pointer dereference in display's
"Visual Directory". Patch thanks to Frédéric Bothamy. Closes: #360400
* utilities/ImageMagick.1.in: Replace UTF-8 encoded characters with
latin1 equivalents to placate lintian.
* debian/control: perlmagick provides libimage-magick-perl to comply
with Perl policy. Closes: #317083
* debian/control: Add gs-gpl build dependency, used in testsuite.
* debian/control: Tries hard to comply with version 3.7.2 of Debian
policy.
* debian/rules: Eliminate -l entries that slipped into --ldflags output.
They're already present in --libs anyway. Closes: #340401
* debian/rules: Run the testsuite, but don't treat failures as fatal
errors for now.
* debian/rules: At configure time, change X11 search paths to X11R7
locations.
* debian/rules: Remove duplicate of license file from imagemagick
package.
* Non-Maintainer Upload
* Fix buffer overflow in SGI parser [CVE-2006-4144] (closes: #383314)
Thanks to Daniel Kobras
* Fix double free in ICC profile in PerlMagick (closes: #349264)
* Fix incomaptibility with graphviz >= 2.8 and build-depend on an
appropriate version (closes: #360362)
* Fix XCF and Sun Raster File buffer overflows [CVE-2006-3743/-3744]
(closes: #385062)
* Non-Maintainer Upload
* Remove all instances of the imagemagick logo from the original
sourcefile and repack. (closes: #214623)
* Add back the free logo patch
* Add clean-tarball rule to accomplish this
* Change the copyright file to indicate that the logo is no longer
included, and indiciate that the included logo is actually text saying
"imagemagick" with the Debian open use logo.
* Non-maintainer upload.
* Back to 6.2.4.5 as requested by the release team to maintain binary
compatibility. Bumped epoch once more.
* New upstream version.
* Non-maintainer upload.
* coders/url.c: Do not treat local file:// URIs as temporary files that
are removed after reading. Closes: #352575
* Non-maintainer upload.
* magick/display.c: In DisplayImageCommand(), expand command line before
allocating ressources based on argc. Patch and analysis thanks to
Eero Häkkinen. Closes: #345595
* magick/{animate.c,blob.c,display.c,image.c,log.c,montage.c,string.c,
string_.h}: Implement new utility function FormatMagickStringNumeric()
to securely expand a user-supplied format string with a single numeric
argument. Adjust code to use this function where appropriate.
(CVE-2006-0082) Closes: #345876
* coders/pdf.c,coders/ps.c,magick/delegate.c,magick/delegate.h,
magick/methods.h: Do not call external delegates with user-supplied
filename, but with securely named symlinks only to prevent shell command
injection (CVE-2005-4601). Closes: #345238
* debian/rules: Make sure to include trailing spaces in multi-line
commands to keep recent make happy. Cures problems with ghostscript
font path. Fix thanks to Jeff Lessem. Closes: #347486
* debian/imagemagick.mime: Rather than autodetect the type of an image,
derive it from the mime type. As a side effect, this change allows to
use arbitrary filenames with the 'see' command, even if they have
special meaning to imagemagick internally. Also clean up some typos
and superfluous entries once we're at it. Closes: #344997
* Another NMU to complete the installability fixes from 6:6.2.4.5-0.4.
* Adjust libmagick9-dev dependencies to account for the removal of
xlibs-dev from unstable, and bring them in line with build-deps.
* Non-maintainer upload to resolve buildability/installability.
* debian/{control,rules}: Disable DPS support, which is no longer shipped
in Xorg 6.9/7.0 (and was making us both FTBFS and uninstallable in sid)
* debian/control: explicitely build-depend on libxext-dev, since we both
test for and use it directly, rather than indirectly.
* Non-maintainer upload.
* debian/control: Rename libmagick++9 to libmagick++9c2a, following a
C++ ABI transition. Conflicts with and Replaces old version.
* debian/*: Rename various debhelper support files due to above name
change.
* Non-maintainer upload.
* debian/control: libmagick9-dev Conflicts/Replaces libmagick6-dev.
Likewise for libmagick++9-dev. Closes: #330666
* debian/control: Provide unversioned libmagick-dev and libmagick++-dev
and conflict/replace them for future-proof handling of soname bumps.
* Non-maintainer upload.
* New upstream version.
+ Yet another bump of the soname version, this time going from
7 to 9.
* debian/*: Cater for soname change and corresponding change of
library packages names in multiple places.
* Non-maintainer upload.
* New upstream version.
+ Version in library soname was increased from 6 to 7 due to
changes in binary interface starting with 6.0.7. (Yes, this
should have happened earlier.) Closes: #318176, #325651, #325720
* debian/*: Rename packages from libmagick6 to libmagick7, and similar.
Adjust version in various places accordingly. Drop c2 suffix from
C++ library package.
* debian/control: Use shlibs information to generate Depends line for
imagemagick binary package.
* debian/control: Remove Pre-Depends on prehistoric version of dpkg.
* debian/control: Package complies with policy version 3.6.2. Bump
Standards-Version accordingly.
* Patches to upstream sources:
+ [bin/Magick++-config.1.debdiff]
Stray file that seems to have slipped into the previous Debian
diffs by mistake. Removed now.
+ [magick/blob.c]
Originally a patch from upstream, now mostly merged. Retaining a
single hunk that upstream reverted later on, though it still looks
correct.
+ [configure.ac, configure]
Override location of documentation files to Debian's default
/usr/share/doc/imagemagick. Patch to configure was present before.
This release promotes it back to configure.ac as well. (No ill
effects because AM_MAINTAINER_MODE is used.)
+ [coders/magick.c]
Drop patch that exchanges upstream's logo for a DFSG-free version.
This attempt to address #214623 (distribution of non-free logo)
missed several other instances of the logo, must be applied to
the orig.tar.gz rather than the Debian diff, and should have
some input from upstream, so no point in carrying it around still.
* Fix missing "g" in imagema"g"ick in man pages. closes: #318255
* Add comment on README for perlmagick. closes: #272545
* upstream fix: perlmagick: broken link in manpage. closes: #305057
* New upstream release
* upstream fixes:
- fix typo in mogrify manpage: closes: #317628, #321208
- update config.sub/config.guess closes: #317299
- fix " configure.ac takes wrong assumptions" closes: #303765
* point to the correct URL in manpages. closes: #318255, #315629
* man pages are rerwrited. closes: #264033, #316475
* closing bugs fixed by NMs. closes: #310690, #310812, #268357, #269085, #278401, #291033, #291118, #297990, #302093, #265540, #296084, #277775, #306424, #266146, #270882, #282173, #277795,
* New upstream release
* New upstream release
* Add .ico rule to mime/package/imagemagick. closes: #272121
* Upstream fixes:
- -ping not documented well.
- cropped PNGs have a wrong offset
- cine-DICOM does not work due to JPEG processing problem
- display does not interpret the options correctly any more
- imagemagick: unexpected faillure from PDF to EPS
- -trim -monochrome used together made empty image
closes: #296753, #263475, #296753, #282999, #254566, #316473
* New upstream release.
upstream fix: header file exception.h needs to include stdarg.h. closes: #316725
* rules scripts does not stop building. closes: #314758
* libmagick++6 -> libmagick++6c2 (ABI transition).
*
* New upstream release
* Add libltdl3-dev to Build-Depends. I believe that a reported bug on powerpc
system , "missing libltdl3 dependency", should be fixed in the next
upload. closes: #313467
* Add libwmf-bin to Suggests for libmagcik6. closes: #278890
* Upstream fixes the bugs.
- PerlMagick's Profile() method produces an assertion error when the
profile parameter is set to undef. closes:#292094
- perlmagick: segmentation fault while converting .tif to .pdf. closes: #299958
- 8bpp images are not supported. closes: #270381
- convert to postscript is still broken (geometry/resolution) closes: #270215
- imagemagick produces useless (and wrong!) error output when a tiff has a
bad magic number. closes: #272794
- /usr/bin/identify: png bit depth count wrong? closes: #275745
- convert makes garbled eps-->ppm conversion (at least, it works well on my
system.) closes: #261768
- -page option does not work correctly. closes: #268681
- -depth option has no effect. closes: #278939
- libmagick++6-dev: MaxRGB macro does not work if not ``using namespace
Magick;'' closes: #292244
- Image::Magic (sometimes) dies on errors (instead of providing an error
string) closes: #304472
- imagemagick: convert ignores flags to turn off antialiasing. closes:
#310664
* New upstream release closes: #298244
* Because of API chage of ImageMagick libraries, switching a new version
may cause trouble. (e.g. not using some packages.) I feel that some of
the trouble pacakges are usable by only simply rebuilding on the new
library, but the others may need more complicated solution.
* If you met the trouble about the package that depends on the libmagick,
I hope, you try to rebuld the package.
And let me know the results to me or the package maintainer.
* Upsteram fixes the bugs.
- tga support seems to be broken. closes: #311179
- Option -geometry is completely broken for JPEG images. closes: #277553
- fails to load 16 colors RLE encoded BMP files. closes: #310396
- display with options -crop, -geometry and "-window root" is broken.
closes: #266304
* Fix typo in package description. closes: #299996
* NMU
* coders/xwd.c: Avoid infinite loop if bogus XWD red/green/blue masks are 0.
Patch from upstream svn by way of Ubuntu. Closes: #310812 (CAN-2005-1739)
* NMU
* coders/pnm.c: check image->colors for overflow to avoid a heap overflow
that could be used as a DOS or possibly to execute code.
Closes: #306424 (CAN-2005-1275)
* NMU
* magick/image.c: FormatMagickString() was called with the file name as
format string, rather than through "%s". Fix with patch from Ubuntu.
Closes: #297990 (CAN-2005-0397)
* Non-maintainer upload.
* coders/psd.c: Apply further boundary check to completely plug
buffer overflow when reading Photoshop images (CAN-2005-0005).
Closes: #291033
* Fixes a buffer overflow in the PSD image-decoding.
Hardcode the upper limit for channels to 24 to fix buffer overflow
[coders/psd.c, CAN-2005-0005]
* NMU, with permission of maintainer
* Fix Kodack PCD problem according to
http://studio.imagemagick.org/magick/viewtopic.php?t=2997
Closes: #277775
* Non-maintainer upload.
* magick/attribute.c: Fix buffer overflow in EXIF parser
(CAN-2004-0981). Closes: #278401
* debian/copyright: Fix imagemagick download location. Closes: #277795
* Non-maintainer upload.
* debian/rules: Call configure with the X11 search path set explicitly
in order to fix the DPS check. Unbreaks perlmagick. Closes: #265734
* debian/control: Use shlibs dependencies for perlmagick. This relaxes
the previously hard-coded, strictly versioned dependency on libmagick6.
In a world without accidential ABI breakage, it doesn't matter...
* Non-maintainer upload.
* Raise epoch and revert back to 6.0.6.2 because the progress_meter
changes in 6.0.7.1 broke binary compatibility by mistake.
Closes: #271673
* Retain maintainer changes from 6.0.7.1-1 upload.
* Retain select bugfixes from 6.0.7.1 version:
+ PerlMagick/Magick.xs: Fix crashes in Profile if name option is unset.
+ utilities/miff.4: Fix header information in man page.
+ magick/annotate.c: Proper exception handling.
+ magick/blob.c: Do not crash when syncing a bogus file.
+ magick/error.h: Remove bogus format attribute from ExceptionType to
silence compiler warnings.
+ magick/locale.c: Handle NULL locale data.
* debian/README.Debian: Remove obsolete comment about lzw availability.
* New upstream release
Upstream authors applied the patch, by Daniel Kobras,
which fixes BMP vulnerabilities assigned CAN-2004-0827
(http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html).
* Upstream fix: closes: #269832 (subject: segfault in mogrify -colors)
* Upstream fix: closes: #248057 (subject: Wand-config.1 is not a manual
page)
* libmagick6 : control : Remove sentenses about LZW compression. This
binary package contains lzw code.
* Non-maintainer upload
* debian/rules: Override LD_RUN_PATH to get rid of RPATH setting in
perl module.
* debian/rules: Use shlibs information of the libmagick6 just built
to determine library dependencies.
* Non-maintainer upload.
* magick/{deprecate,error,log,utility}.h: Remove bogus __attribute__
override that shadowed any wanted attribute settings (like vital
alignment restrictions). Cures convert bus errors on IA64.
Closes: #269085
* coders/{avi,bmp,dib}.c: Fix use of Min() macro to handle large
(>2 GB) image files as well.
* High urgency because the convert bus errors break builds on IA64.
* New upstream release
* Fixed by the upstream : closes: #267663
* New upstream release
* Fixed by the upstream : closes:#265540, #261768, #260702
* New upstream release closes: #264361
* Build with LZW: closes: #265580
* New upstream release
* Fixed by the upstream: closes: #260702
* libtiff4 transition.
* New upstream release
* Fix dependency problem. closes: #258164
* JPEG-2000 Support. closes: #256814
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* Move files in pkgconfig to -dev packages. closes:#249856
* Move files in /usr/share/ImageMaigck-6.0.2/config to libmagick6 package. closes: #249855
* New upstream release
* Fixed by the upstream. (and I have checked.): closes: #247893,#212886
* Cannot reproduece. I believe this is no a bug. closes: #247915
* New upstream release
* edit EXIF data: Alreasdy activated. closes: #189025
* convert openintro_debian.xcf openintro_debian.bmp does nothing....: fixed
by the upstream. closes: #212886
* convert broken with eps (and others?): fixed by the upstream. closes: #247319
* Remove ImageMagick logo image from magick.c.
* Remove ImageMagick logo files. closes: #214623
* New upstream release
* imagemagick: --page A4+0+0 doesn't work as mentioned in manpage: fixed by
the upstream. closes: #245782
* New upstream release
* rewrite the description about magnify in display.1 (by the upstream.)
closes: #222323, #243353
* -crop offsets produce broken GIFs: Fixed by the upstream. closes:#218381
* convert -geometry does not resize: Fixed by the upstream. closes:#221951
* convert: ignores -colorspace and -compress options:Fixed by the upstream.
closes:#241629
* API changed: no 'font' attribute with QueryFontMetrics: I cannot
reproduce. closes: #245320
* convert: eps driver munges resolution: I believe this is not a bug.
please read man page for convert to find suitable options. closes:#170649
* imagemagick: doc says Lanczos is default filter, but it's not.:
The upstream said "Lanczos is the default filter for reducing an image
size, otherwise its Mitchell ".closes: #229017
* closes the bug fixed in NMU. closes: #186611
* New upstream release
* Fix 'Essentially empty' in libmagick++6-dev. closes: #245856
* Fixed the problem of 'does not release shared memory segments when killed' by the upstream. closes: #207479
* Follow standard naming scheme. closes: #245060
* Fixed by the upstream. closes: #170976, #212802, #228649
* These bugs are closed by the maintainer. closes: #207016, #224363, #224598, #224889, #237663, #224587
* New upstream release
* Following the xlibs split. closes: #241282
* PerlMagick: add -pthread. closes: #225354
* Upstream fix:
+ Magick++-config screwed up : closes: #200746
+ Convert xcf file : closes: #212886
+ convert -verbose doesn't : closes: #233761
+ wrong title in vid:* : closes: #193783
+ perlmagick: examples now use /usr/bin/perl : closes: #198797
* fix already. closes: #195392, #211004, #222383
* fix menu problem. : closes: #195363, #234973
* I cannot reproduce this problem. I think they are fixed in upstream.
+ segmentation fault after conversion closes: #225330
+ convert: hangs on GIF animations closes: #225322
* Fix Build-depends problem.
* New upstream version
* Following the xlibs split. closes: #241282
* Upstream fix:
+ Magick++-config screwed up : closes: #200746
+ Convert xcf file : closes: #212886
+ convert -verbose doesn't : closes: #233761
* fix already. closes: #195392, #211004, #222383
* fix menu problem. : closes: #195363, #234973
* I cannot reploduce this problem. I think they are fixed in upstream.
+ segmentation fault after conversion closes: #225330
+ convert: hangs on GIF animations closes: #225322
* Non-maintainer upload.
* Raise epoch and revert back to version 5.5.7.9 to stop silent
breakage of each package depending on one of the library packages.
Rationale: Upstream changed the SONAME between 5.5.7.9 and 5.5.7.15,
so we may only re-introduce 5.5.7.15 with changed package names.
This upload un-breaks all apps that were built with 5.5.7.9. Those
uploaded in the last week, however, have to be recompiled (again).
Closes: #224363
* configure,magick/annotate.c: Hack in includes for ft2build.h to fix
freetype support. Although never mentioned in the changelog, the hack
must have appeared somewhere in the 5.5.7.15 packages. This is
simply a rediff for 5.5.7.9 (and a typo fixed).
* NMU
* [debian/rules] Explicitly configure --without-exif to ensure an exif
dependency isn't introduced accidentally as was the case with -2 on i386.
(Closes: #224587)
* Rebuild to fix perlMagick problem. (closes: #224311)
* New upstream version.
* libmagick++-dev : conflict with libmagick++5.
(closes: #200986)
* libmagick++-dev: conflict with libmagck++5. closes: #200986
* New upstream version.
* fix unlink Changelog.html problem. closes: #196107
* Use libpng12-dev instead of libpng3-dev. closes:# 196746
* New upstream version.
* New upstream version.
* Remove debhelper from libmagick-dev dependency: closes: #195106
* New upstream version.
* New upstream version.
* Upstream fix: closes: #194306, #129990, #161422, #186610
* This is not ImageMagick bug. : closes: #190302
* New upstream version.
* change section of libmagick-dev, libmagick++-dev, and perlmagick.
* Upstream fix closes: #161345, #172657
* Can save net image files in /tmp of your local: closes: #183469
* New upstream version.
* Upstream fix : closes: #182787
* remove dps dependencies. closes: #193230
* New upstream version. closes: #185565
* Upstream fixes the 'Unsafe tmpfile handling'. closes: #186611
* Upstream fixes the followins:
closes: #172787,#188378
* This is not ImageMagick application.
closes: #185583
* Stop using libdps files. closes: #188623
* Wont fix. closes: #190579
* New upstream version.
* New upstream version.
* Rebuuild to fix dependency problem.
* New upstream version. closes: #181678
* Remove 'c102' suffix from libmagick++. closes: #179706
* New upstream version
* Fix by the upstream. closes: #175194, #180116
* Sorry for confusing. I believe this version can be really fixed.
* Really fix magick.mgk location problem.
* Fix magic.mgk location problem.
* New upstream version.
* alread fixed: closes: #179257, #171816
* It's not a bug but a spec. montage use miff format internally. closes: #171100
* confirm the following bugs are fixed: closes: #175998, #167832, #149730
* Add comment about non-X11 version. closes: #172785, #167806
* The upstream authors have their own BTS in sourceforge. And I have
submitted magick-bugs. closes: #162876
* Some minor fix. (fix some minor lintian warning.)
* libmagick++5.5.3c102 : Remove Provides: libmagick++5. closes: #174958
* New upstream version. closes: #174912, #175603, #176457
* GCC 3.2 transition. closes: 176707
* change package name: libmagick++5.5.3 -> libmagick++5.5.3c102
* libmagick5.5.3 provides libmagick5, and libmagick++5.5.3c102 provides
libmagick++5. closes: #174958
* New upstream version.
* libmagick-dev: conflicts with libmagick5. closes: #173095
* New upstream version.
* New upstream version.
* New upstream version.
* Fix dependence problem.
* New upstream version.
* New upstream version.
* Remove /usr/share/ImageMagick directory. closes: #167498
* Fix conflict problem of libmagick5.5.1 and libmagick++5.5.1.
* closes: #167396
* Move libMagick.so to libmagick-dev.
* closes: #167145
* Build static library.
* New upstream version.
* Fixed shlibs problems. closes: #165818, #166302
* Re-apply the patch for ltmain.sh. closes: #166334
* Fix empty libmagick-dev problem. closes: #166302
* New upstream version
* closes: #161347 (by the upstream)
* Rename the library packages name. closes: #165288, #165188
* closes: #161925, #161349, #161348, #78431, #161896, #156234
* closes: #161346 (Use -resize !)
* Add a comment about the upstream BTS in README.Debian. closes: #162876
* New upstream version.
* New upstream version.
* New upstream version.
* closes: #160817, #137894, #149122, #150985
* Please read man. I believe it's not a bug.
( anyway if you feel this is a bug, please send a bug report to the
upstream). closes: #158959
* New upstream version.
* New upstream version.
* closes: #159492
Bob's comment:
While back in the ImageMagick 4.X.X days, <magick/magick.h> was the
header to include in order to use the ImageMagick API, this was
changed several years ago to be <magick/api.h>. The magick.h header
is now an internal implementation header which should not be
seperately included.
.
Dependent programs should include ImageMagick like:
.
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
#include <magick/api.h>
* Build against new libwmf-dev. closes: #160152
* NMU for perl 5.8. Set perl build dependency to version 5.8. Use of a
higher NMU version number, just in case.
* New upstream version. closes: #156234
* Build against libpng3-dev. closes: #156838, #156759
* This is not a bug, I believe. Read man. closes: #156135
* New upstream version.
* New upstream version.
* New upstream version.
* New upstream version.
* Apply a patch for ltmain.sh (bug #98342)
* New upstream version.
* Because of the bug #149223(libtool problem), this version of imagemagick
cannot build if you have not installed libmagick5-dev.
Don't let me know this problem, I have known about that. If you can find
the elegant way to avoid this problem, let me know please.
* New upstream version.
* closes: #150445
* Because of the bug #149223(libtool problem), this version of imagemagick
cannot build if you have not installed libmagick5-dev.
Don't let me know this problem, I have known about that. If you can find
the elegant way to avoid this problem, let me know please.
* New upstream version.
* closes: #149279
* TEST
* Sorry, the previous version does not work correctly.
* This version hopefully works, but cannot be built without libmagick5-dev.
* Depends on liblcms1.
* New upstream version.
* New upstream version.
* Hopefully, this bug is closed. please check because I don't have Hurd.
closes: #144687
* Rewrite README.Debian closes:#145328 (I thank David B Harris for his help
of my poor English.)
* Debian does not have ral-cgm package, ImageMagcik of Debian cannot handle
cgm format. ( I add the comment about that in README.Debian.)
closes: #143359
* I believe this is not package bug. closes: #142277
* New upstream (minor) version.
* New upstream (minor) version.
* closes: #141668
* New upstream version.
* New upstream version.
* fix doc-base problem. closes: #137508
* New upstream version.
* This bug is alread fixed in the previous one. closes: #137036
* New upstream version.
* add --with-gs-font-dir in configure. closes: #136327
* Move Magick++-config to libmagick++5-dev from imagemagick.
closes: #136049, #135951
* New upstream version.
* Add libmagick5-dev in Depends field of libmagick5++-dev. Since magick++
use magick/api.h which is in libmagick5-dev. Suggested by Pablo diaz
gutierrez, Thanks.
* New upstream version.
* New upstream version. closes: #123133, #126968
* Add libwmf-dev and liblcms-dev in Depends field of libmagick5-dev.
closes: #134973
* New upstream version. closes: #97459
* Add comment about 16 bit pixel mode in README.Debian. closes: #123874.
(Mennucc, If you really serious this problem, you can contact the upstream
author as I do. They have own BTS for ImageMagick.)
* Move delegate.mgk to libmagick5. closes: #134717
* New upstream version.
* closes: #128891, #132688, #128266, #134510, #132707
* use x-ternimal-enulator instead of xterm. closes: #132947
* It is not a bug, and I won't change the location of display in menu
system. closes: #120065
* New upstream vesrion.
* imagemagick depends libmagick5 which has the same version number.
closes: #130268
* New upstream version.
* Fix typo in description. closes: #125230
* Remove empty directories in imagemagick. closes: #125395
* Rebuild with Debian "Official" libwmf.
* New upstream version.
* Remove the useless /usr/X11R6 directory. closes: #122045
* New upstream version.
* Fix dependency problem ( add the epoch number in shlibs.local )
* New upstrem version.
* New upstream version. closes: #117052, #113309
* The current imagemagick will use libhdf version5 (not 4). However this
feature is not stable, in fact the default is off. closes: #88549
* New upstream version.
* closes: #115364, #114767, #115275, #113600
* I think this is not a bug. closes: #66807
* New upstream version.
* Remove xlib6g-dev and add xlibs-dev in depends line of libmagick5.
* closes: #114654
* New upstream version.
* closes: #113634, #112799, #113286
* New upstream version.
* Applied some patches from the 'really released version'
* ImageMagick is not a debian native package.
* The released version of 5.3.8.
* Remove incorrect /usr/include/config.h file. closes: #108292
* New upstream version.
* following bugs are hopefully fixed. closes: #109924, #109924, #103328, #107291, #103774
* Remove enpty directories. closes: #108713
* This report is not a bug. It's a policy of imagemagick. closes: #97082
* The current imagemagick does not support libwmf0.2. I believe the
feature imagemagick supports it. libwmf0.2-0 doesn't depend on netpbm
which depends on c shell. Anyway so I believe the bug report #88977 can be
closed. closes: #88977
* Reupload
* Fix collect dependency. closes: #107803
* (doc-base) Change Section: Apps/graphics -> Apps/Graphics closes: #108009
* Fix collect dependency. closes: #107803
* (doc-base) Change Section: Apps/graphics -> Apps/Graphics closes: #108009
* New upstream version.
* closes: #104136, #101944
* Applied more patch provided by M. Wilcox. closes: #105268, #105269, #105279, #105328, #105369
* Applied a patch provided by M. Wilcox. Thanks. closes: #104616, #104767
* Remove libc6-dev from Build-Depends
* New upstream version. closes: #90504, #97173
* Some minor bugs are fixed. closes: #84856, #99270
* Cannot reproduce these report. closes: #98836, #94601
* Build PerlMagick from the same imagemagick.{version}.orig.tar.gz
* Oops!!!, I have added -enable-lzw in configure in the previous.
* Set section for each package. (imagemagick->graphics, lib* -> libs, lib*-dev -> devel)
* TEST version.
* config.guess and config.sub are updated. closes: #96422
* Fix dependency problem. closes: #97868, #97807
* Add image/pjpeg to /usr/lib/mime/imagemagick. closes: #97102
* This bug was already fixed. closes: #69933
* New upstream version.
* Fix uncollect symlink.
* symlink doc/Changelog.html to doc/www/Changelog.html.
closes: #88969
* Apply a patch to fix thereading problem.
* This is an updated version of ImageMagick.
* closes: #63079
* New upstream version.
* Remove freetype6-dev from Build-Depends. closes: #86859
* This is too old bug, and now magick++ does not exist in Debian. closes: #87366
* New upstream version.
* New upstream version.
* Add menu hints. closes: #82333
* test build
* New upstream version. closes: #70578
* This bug is already fixed. closes: #81030, #80088
*(libmagick5) Conflicts imagemagick (<=5.2.6-1)
closes: #79936
* move files in share/ImageMagick/ to libmagcik5
closes: #79898
* New upstream version.
* Test build --with-modules
* Private Package.
For LZW Version.
* Build with libdsp1. closes: #77249
* fix the bugs by upstream.
closes: #65297, #69333 , #70578
* Build with XFree86-4.0
* New upstream version.
* The following bugs are closed.
closes: #69279, #72745
* New upstrem version.
* Build libmagick++ from the same source.
* New upstream version
* (debian/rules) : Revised comment to build the LZW version.
* libmagick5-dev: (control): Suggests -dev packages which Magick-config use
closes: #70106
* TEST PACKAGE
* Fix convert problem. closes: #69279
* Compile with libxml2.
closes: #66808
* Depends libmagick5(>=5.2.2).
closes: #68795
* New upstream version.
closes: #67402
* New upstream version.
closes: #66033
* (libmagick5-dev) "Replaces: imagemagick (<< 5.2.0-3)" in control data
closes: #65593
* (control) add: lprng.
* Add the information about printing. closes: #65475
* add debhelper to Build-Depends; closes: #65417
* This bug is already fixed in the current version. closes: #65366
* Move Magick-config to libmagick5.
* New upstream version.
Many bug fixed.
closes: #52266, #60878, #27434
* The bug #62964 is already fixed in current (>5.1.1-1) version.
* (imagemagick.mime) bmp -> x-ms-bmp
closes: #63699, #62964
* Applied backward patches from 5.2(beta) to fix some bugs.
Closes: #59603
* Add suggests: html2ps closes: #59066
* This bug is alread fixed in current version.
closes: #58406
* libmagick5: Remove conflicts of libmagick4g
closes: #58969
* Add Build-Depends field.
closes: #58813, #46764, #26076
* Fixed #58813 again.
* Fixed missing <cr> befor %%EndData bug.
Closes: #46764
* Fixed dependency problem. Closes: #58813
* add comment for mpeg2. Closes: #26076
* I separate the libmagick++ and perlmagick from this source to avoid
"Important" Bug #58406. I do not know whether this is the most elegant way.
But I can resolve in this way. If you know more elegant way, please let me know.
* To Fix bug #55616 in frozen. I upload imagemagick package
and dgs packages to frozen.
* Refix menu bug closes: #35806
* Following bugs have already been closed.
closes: #40648, #42855, #55616, #26906, #29829, #30480, #36907, #42796
closes: #44963, #45776, #45902, #50648, #53750
* Fix Dependency problem
(the version of dpsclient must be greater than 0.5.9.1)
* Some of bugs closing correctry. (due to my typo, they are not cloased)
closes: #54750
closes: #50392
* rename packages
libmagick5g -> libmagick5
libmagick5g++ -> libmagick++0
* change control/description of libmagick5g
* include scripts/xnap in ./example directory
* Bug#54750 is already fixed in previous version. clsees: #54750
* Bug#50392 is already fixed in previous version. clsees: #50392
* In my system, convert eps to other file format (Tiff, jpeg ...)
Then I close Bug#55616. closes: #55616
If you cannot run that, please reopen it.
* closes: #30480
* closes: #29829
* closes: #45776
* closes: #53750
* enable HDF format. (Bug#47309)
* New upstream. (Bug#30408)
* Not build libimagemagick-lzw (non-free version)
* Add Magick-config.1 (Bug#47496)
* Add libmagick5g++ and libmagick5++-dev (Bug#43513)
* Fix html image location bug. (Bug#42910)
* doc-base support (Bug#31196)
* Fix mime type bug (Bug#56234)
* Fix some imagemagick bugs (Bug#30465), (Bug#27672)
* Fix perlmagick bug (Bug#54349)
* !!! To Bug Submitters !!!
If you find that your reported bug is fixed by upstream upgrade,
please let me know by E-mail.
* New maintainer
* Fixed some bugs (Bug#54192,27124,27672,27735)
* I fixed the Grave Bug(Bug#54192) which i submitted, I uploaded this package to
frozen.
* I dont know Bug#55616 is fixed, If you know the bug is fixed or not.
Please let me know.
* Recompiled because convert depends on the new libbz2 (closes: #49786)
* Fixed dependancies on libmagick4g (closes: #43424)
* Fixed perlmagick (closes: #42855)
* Fixed perlmagick.
* Modified prerm (closes: #42739)
* Added a dependancy for libmagick4g (closes: #42796)
* New upstream, non-maintainer release with permission of Scott.
* Modified PerlMagick/Makefile.PL.in to build the package (closes:
#24877, #40173).
* Modified menu-entry for display. (closes: #26634, #35806)
* Changed from install-mime to update-mime. (closes: #28209)
* Recompiled imagemagick with new libc6. (closes: #38578, #38248,
#40307)
* Recompiled without libjpeg6a. (closes #40415, #40898)
* NMU for the perl-5.005 upgrade.
* Follow the new perl policy.
* New upstream, non-maintainer release. Scott said it was ok.. (reupload
with source)
* Fixed menu entry (Bug #20523)
* Upstream changes are all bugfixes, as are the changes in the package.
This can safely go into frozen.
* Altered conflicts for libmagick4-dev to properly conflict with lzw
version.
* New upstream version. Perlmagick version changed so we can fall back to
the proper debian version numbering scheme.
* Run libtoolize from Debian's libtool to make library dependancies
stick. This makes libmagick4g actually have the correct dependancies.
* Fix up configure.in with libtool -rpath workaround while we're at it.
* This cleans up lintian warnings and is a bugfix. It should go into
frozen.
* Install changelog for perlmagick
* Modify debian/rules to use dh_movefiles
* New upstream version. Same silly break in debian numbering to
accomidate the fact that perlmagick still hasn't changed version
numbers.
* Compiling with perl5.004.04-5 so that perlmagick should have library
dependancies this time.
* Recompile with libjpegg6a 6a-11 so that we don't die on jpeg opening.
* Fix so we use /var/tmp instead of /usr/tmp (Fixed #19117)
* The following bugs were fixed in earlier releases, closing now
that the uploads have been processed:
* Menu uses /usr/X11R6/bin (Fixes #13478)
* Copyright includes upstream source information (Fixes #15168)
* Package description spelling fixed (Fixes #18935)
* Upstream fixes (Fixes #15109, #16117)
* Dependancy fixes (Fixes #15242)
* New upstream release. Wierd version sequence since the perlmagick
version number didn't change. Only minor changes between this
release and 4.0.1
* Recompile, since a new freetype1 replaced freetype0.
* Building perlmagick from this source as well. Added magic to the rules
file to give perlmagick the proper version number (different from the
imagemagick version number).
* Using autoconf method of building, since it seems to get almost
everything right. I hacked the configure.in and a few other files to
get freetype and hdf to compile in, (older versions of this package were
built with xmkmf)
* Rebuilding entire package from scratch for new version. I've only
borrowed a little from older versions of the imagemagick package,
mostly the mime-type stuff.
* New upstream source.
* New maintainer.