lp:ubuntu/intrepid/graphicsmagick
- Get this branch:
- bzr branch lp:ubuntu/intrepid/graphicsmagick
Branch information
Recent revisions
- 10. By Daniel Kobras <email address hidden>
-
debian/control, debian/rules: Some of the PS-related testsuites still
fail if gs is not present. Revert build-conflicts hack and temporarily
ignore all testsuite failures on hppa and sparc, instead. - 9. By Daniel Kobras <email address hidden>
-
* New upstream version, containing multiple security fixes. Closes: #444266
+ Fixes denial-of-service via malicious DCM and XCF files. (CVE-2007-4985)
+ Fixes integer overflows in multiple coders. (CVE-2007-4986)
+ Fixes sign extension error when reading DIB images. (CVE-2007-4988)
+ For reference, GraphicsMagick was not affected by an off-by-one error
in ImageMagick's ReadBlobString() function. (CVE-2007-4987)
* Magick++/lib/Geometry. cpp: Add missing cstring include to fix build with
gcc 4.3. Closes: #462113
* utilities/gm.1: Fix formatting errors in man page gm(1).
* debian/control: Packages comply with version 3.7.3 of Debian policy.
* debian/graphicsmagick. menu: Move section of gm utility from obsolete
section 'Apps' to current 'Applications'. - 7. By Daniel Kobras <email address hidden>
-
* New upstream version.
Merges or supersedes all previously applied patches outside debian/,
except for changes to ttf testsuite.
* PerlMagick/t/{ttf, wmf}/read. t: Rendered quality changes depending on
improvements in external libs in these testcases, so run them to
gather information, but don't expect them to succeed. Closes: #434343
* debian/control: Replace ${Source-Version} substitutions with new
syntax ${binary:Version}.
* debian/rules: Don't ignore any error from 'make distclean' to keep
lintian happy.
* debian/rules: Include generic code snippet to update binary reference
images for testsuite. Clean up after build. Closes: #424370
* debian/reference- new/PerlMagick/ t/reference/ *: Move updated WMF reference
image to new location, and include updated TTF reference images due to
changes in rendering with recent freetype. - 6. By Daniel Kobras <email address hidden>
-
* coders/dcm.c: Fix integer overflow in DCM coder. (CVE-2007-1797)
* coders/xwd.c: Fix integer overflows in XWD coder. (CVE-2007-1797)
* debian/changelog: Document recently assigned CVE id for xwd overflow
in previous entry to avoid confusion with the new fixes above.
* debian/control: Remove dependencies on obsolete version of libjasper-dev.
Closes: #422379
* Magick++/lib/Image. cpp: Include missing header file to fix build
failure with gcc 4.3. Patch thanks to Martin Michlmayr.
Closes: #417218 - 5. By Daniel Kobras <email address hidden>
-
* magick/image.c: Fix heap overflow in GrayscalePseudo
ClassImage( ) on
64bit architectures. (Turned up by Sami Liedes' segv2.viff test case.)
Closes: #418052, #416096
* magick/utility.h: Avoid double free() when calling MagickReallocMemory()
with zero size argument. (Triggered by Sami Liedes' segv2.viff test case.)
Closes: #418053
* coders/tiff.c: Fix segfault with certain TIFF images on amd64 due to
va_list reusal in bogus duplicate vsprintf() call. Thanks to Kurt
Roeckx for the fix. Closes: #415467
* coders/viff.c: Add sanity check to prevent heap overflow reading corrupt
viff images. (Triggered by Sami Liedes' segv.viff test case.)
Closes: #418054
* coders/xwd.c: Fix integer overflow in XWD coders. (Triggered by Sami
Liedes' broken.xwd test case.) Original patch thanks to Larry
Doolittle. Closes: #417862 - 4. By Daniel Kobras <email address hidden>
-
* The following problems were found thanks to numerous testcases provided
by Sami Liedes:
+ coders/pcx.c: Fix heap overflow vulnerability of scanline array
with user-supplied input. Closes: #413034
Also adds error checks and caps maximum number of colours to prevent
segfaults with further testcases. Closes: #414058
+ coders/pict.c: Fix integer overflow to prevent overflowing a
heap buffer with user-supplied input. Closes: #413036
Validate header information to prevent segfaults with further
testcases. Closes: #414059
+ coders/xwd.c: Check image data more strictly before passing it on to
XGetPixel() to circumvent buffer overflow in libX11. Closes: #413040
+ Fix various segfaults with corrupt image data due to insufficient
validation of return values from SeekBlob(). None of these are
currently known to allow code injection.
- coders/bmp.c: Add error checks to SeekBlob() calls. Closes: #413031
- coders/cineon.c: Likewise. Closes: #413038
- coders/icon.c: Likewise. Closes: #413032
Extend validation checks to prevent segfaults with
further testcases. Closes: #414057
- magick/blob.c: Increase robustness of function ReadBlobStream() to
mitigate the impact of missing error checks on SeekBlob() calls.
+ coders/png.c: Fix NULL pointer dereference due to insufficient
validation of image data. Closes: #413035
+ coders/pnm.c: Fix segfault on out-of-bounds read access due to
insufficient validation of image data. Closes: #413037
+ coders/sun.c: Fix segfaults on out-of-bounds read access due to
insufficient validation of image data. Closes: #413039
* utilities/miff.4: Trim name section of man page, and move overlong
line to description. Closes: #390501
* debian/graphicsmagick. menu: Show logo on startup from menu, rather
than quitting immediately. Thanks Justin B. Rye. Closes: #407464 - 3. By Daniel Kobras <email address hidden>
-
* coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
* It seems I've fixed the vulnerabilities described in CVE-2006-3744
(coders/sgi.c) independently in the previous upload already while
the original report had been embargoed. - 2. By Daniel Kobras <email address hidden>
-
* coders/wpg.c: Fix segfault in WPG decoder. Closes: #366191
* debian/control: Fix typo 'thumnails' in package description.
Closes: #363623
* debian/control: Prefer real package zlib1g-dev over virtual libz-dev
in (build-)dependencies.
* debian/control: Add (build-)dependency on libjasper-1.701-dev to
support JPEG2000 images.
* debian/rules: Change X11 directories from /usr/X11R6/{include, lib} to
/usr/{include, lib}/X11.
* debian/control: X11 change makes package comply with policy 3.7.2.
Bump Standards-Version accordingly.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/graphicsmagick