lp:ubuntu/maverick/graphicsmagick
- Get this branch:
- bzr branch lp:ubuntu/maverick/graphicsmagick
Branch information
Recent revisions
- 11. By Daniel Kobras <email address hidden>
-
* New upstream version 1.3.12.
+ Fixes writing to standard output. Closes: #571719
* magick/effect.c: Disable OpenMP threading on Sparc for MedianFilterImage()
and ReduceNoiseImage() as it seems to cause eccessively long runtimes.
Should prevent build failures due to the testsuite timing out on the
Sparc buildds. Advice from upstream. - 10. By Daniel Kobras <email address hidden>
-
* New upstream version 1.3.8.
* magick/image.c, magick/studio.h: Revert an upstream change that defined
four global string constants as macros, causing an involuntary ABI
change.
* magick/static.c: Add stub definitions for registration functions of
DPS module to ensure a stable ABI.
* magick/xwindow.c: Debian-specific patch for CVE-2009-1882 superseded
with upstream change.
* debian/control: Complies with version 3.8.3 of Debian policy.
* debian/control: Build-depend on package hardening-includes.
* debian/libgraphicsmagi ck3.symbols: Add 65 new symbols in 1.3.8.
* debian/rules: Replace homebrew hardening flags with generic version
imported from hardening-includes.
* debian/rules: Perl binding is no longer built by default. Adjust make
calls. - 9. By Daniel Kobras <email address hidden>
-
* debian/control: Build-depend on libltdl-dev to link with system-wide
library. Avoid security bug in included convenience copy. (CVE-2009-3736)
Closes: #559811
* debian/control: Include libltdl-dev as a dependency to
libgraphicsmagick3-dev.
* debian/libgraphicsmagi ck3.symbols: Remove ltdl symbols that now get
pulled in via a library dependency. Closes: #533410 - 8. By Michael Banck
-
* Non-maintainer upload.
* Applied patch to fix FTBFS on hurd-i386, by Barry deFreese and Samuel
Thibauilt. Closes: #533513. - 7. By Giuseppe Iuculano
-
* Non-maintainer upload.
* Fixed integer overflow in XMakeImage function in xwindow.c
(Closes: #530946) (CVE-2009-1882) - 6. By Daniel Kobras <email address hidden>
-
* debian/control: Update Conflicts/Replaces of -dev-compat package to
follow libmagick-dev package split. Closes: #526482
* magick/GraphicsMagick- config. {in,1}: Do not expose compiler options
used to build the library itself via GraphicsMagick-config. Only
provide options that are actually useful to depending applications.
Adjust documentation accordingly. Closes: #523596 - 5. By Moritz Muehlenhoff <email address hidden>
-
* Non-maintainer upload by the Security Team:
* Fix CVE-2008-1096 (patch taken from Red Hat) - 4. By Daniel Kobras <email address hidden>
-
* The following problems were found thanks to numerous testcases provided
by Sami Liedes:
+ coders/pcx.c: Fix heap overflow vulnerability of scanline array
with user-supplied input. Closes: #413034
Also adds error checks and caps maximum number of colours to prevent
segfaults with further testcases. Closes: #414058
+ coders/pict.c: Fix integer overflow to prevent overflowing a
heap buffer with user-supplied input. Closes: #413036
Validate header information to prevent segfaults with further
testcases. Closes: #414059
+ coders/xwd.c: Check image data more strictly before passing it on to
XGetPixel() to circumvent buffer overflow in libX11. Closes: #413040
+ Fix various segfaults with corrupt image data due to insufficient
validation of return values from SeekBlob(). None of these are
currently known to allow code injection.
- coders/bmp.c: Add error checks to SeekBlob() calls. Closes: #413031
- coders/cineon.c: Likewise. Closes: #413038
- coders/icon.c: Likewise. Closes: #413032
Extend validation checks to prevent segfaults with
further testcases. Closes: #414057
- magick/blob.c: Increase robustness of function ReadBlobStream() to
mitigate the impact of missing error checks on SeekBlob() calls.
+ coders/png.c: Fix NULL pointer dereference due to insufficient
validation of image data. Closes: #413035
+ coders/pnm.c: Fix segfault on out-of-bounds read access due to
insufficient validation of image data. Closes: #413037
+ coders/sun.c: Fix segfaults on out-of-bounds read access due to
insufficient validation of image data. Closes: #413039
* utilities/miff.4: Trim name section of man page, and move overlong
line to description. Closes: #390501
* debian/graphicsmagick. menu: Show logo on startup from menu, rather
than quitting immediately. Thanks Justin B. Rye. Closes: #407464 - 3. By Daniel Kobras <email address hidden>
-
* coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
* It seems I've fixed the vulnerabilities described in CVE-2006-3744
(coders/sgi.c) independently in the previous upload already while
the original report had been embargoed. - 2. By Daniel Kobras <email address hidden>
-
* coders/wpg.c: Fix segfault in WPG decoder. Closes: #366191
* debian/control: Fix typo 'thumnails' in package description.
Closes: #363623
* debian/control: Prefer real package zlib1g-dev over virtual libz-dev
in (build-)dependencies.
* debian/control: Add (build-)dependency on libjasper-1.701-dev to
support JPEG2000 images.
* debian/rules: Change X11 directories from /usr/X11R6/{include, lib} to
/usr/{include, lib}/X11.
* debian/control: X11 change makes package comply with policy 3.7.2.
Bump Standards-Version accordingly.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/graphicsmagick