head 1.7; access; symbols pkgsrc-2013Q2:1.7.0.36 pkgsrc-2013Q2-base:1.7 pkgsrc-2012Q4:1.7.0.34 pkgsrc-2012Q4-base:1.7 pkgsrc-2011Q4:1.7.0.32 pkgsrc-2011Q4-base:1.7 pkgsrc-2011Q2:1.7.0.30 pkgsrc-2011Q2-base:1.7 pkgsrc-2009Q4:1.7.0.28 pkgsrc-2009Q4-base:1.7 pkgsrc-2008Q4:1.7.0.26 pkgsrc-2008Q4-base:1.7 pkgsrc-2008Q3:1.7.0.24 pkgsrc-2008Q3-base:1.7 cube-native-xorg:1.7.0.22 cube-native-xorg-base:1.7 pkgsrc-2008Q2:1.7.0.20 pkgsrc-2008Q2-base:1.7 pkgsrc-2008Q1:1.7.0.18 pkgsrc-2008Q1-base:1.7 pkgsrc-2007Q4:1.7.0.16 pkgsrc-2007Q4-base:1.7 pkgsrc-2007Q3:1.7.0.14 pkgsrc-2007Q3-base:1.7 pkgsrc-2007Q2:1.7.0.12 pkgsrc-2007Q2-base:1.7 pkgsrc-2007Q1:1.7.0.10 pkgsrc-2007Q1-base:1.7 pkgsrc-2006Q4:1.7.0.8 pkgsrc-2006Q4-base:1.7 pkgsrc-2006Q3:1.7.0.6 pkgsrc-2006Q3-base:1.7 pkgsrc-2006Q2:1.7.0.4 pkgsrc-2006Q2-base:1.7 pkgsrc-2006Q1:1.7.0.2 pkgsrc-2006Q1-base:1.7 pkgsrc-2005Q4:1.5.0.18 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.5.0.16 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.5.0.14 pkgsrc-2005Q2-base:1.5 pkgsrc-2005Q1:1.5.0.12 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.5.0.10 pkgsrc-2004Q4-base:1.5 pkgsrc-2004Q3:1.5.0.8 pkgsrc-2004Q3-base:1.5 pkgsrc-2004Q2:1.5.0.6 pkgsrc-2004Q2-base:1.5 pkgsrc-2004Q1:1.5.0.4 pkgsrc-2004Q1-base:1.5 pkgsrc-2003Q4:1.5.0.2 pkgsrc-2003Q4-base:1.5 netbsd-1-6:1.2.0.8 netbsd-1-6-RELEASE-base:1.2 pkgviews:1.2.0.4 pkgviews-base:1.2 buildlink2:1.2.0.2 buildlink2-base:1.3 netbsd-1-5-PATCH003:1.2; locks; strict; comment @# @; 1.7 date 2006.03.05.21.25.49; author adam; state dead; branches; next 1.6; 1.6 date 2006.01.28.02.36.55; author salo; state Exp; branches; next 1.5; 1.5 date 2002.11.13.19.17.21; author wiz; state dead; branches 1.5.18.1; next 1.4; 1.4 date 2002.11.13.13.44.44; author wiz; state Exp; branches; next 1.3; 1.3 date 2002.08.22.08.06.14; author tron; state dead; branches; next 1.2; 1.2 date 2002.02.10.12.51.00; author abs; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2001.07.02.16.48.32; author jlam; state Exp; branches; next ; 1.5.18.1 date 2006.01.28.23.39.05; author seb; state Exp; branches; next ; 1.2.2.1 date 2002.08.22.11.11.18; author jlam; state dead; branches; next ; desc @@ 1.7 log @Changes 6.2.6.3: * The command line utilities properly returns a non-zero status when an exception is thrown. Changes 6.2.6.2 * Fix a memory leak in each of CompositeImageCommand() and CompositeImage() * Add new options -layers compare-any, -layers compare-clear, -layers compare-overlay, and -layers optimize. * Draw last dash in a dashed polyline. * Add %D to -format to return the image disposal method. * ncorrect handling of file:// URIs causes data loss (patch from Daniel Kobras). * Set default BMP resolution units to PixelsPerCentimeter (problem report from digipete@@shaw...). @ text @$NetBSD: patch-ae,v 1.6 2006/01/28 02:36:55 salo Exp $ Security fix for CVE-2006-0082, from Debian. --- magick/image.c.orig 2006-01-17 17:20:54.000000000 +0100 +++ magick/image.c 2006-01-28 02:42:54.000000000 +0100 @@@@ -2780,25 +2780,8 @@@@ /* Rectify multi-image file support. */ - (void) CopyMagickString(filename,image_info->filename,MaxTextExtent); - for (p=strchr(filename,'%'); p != (char *) NULL; p=strchr(p+1,'%')) - { - char - *q; - - q=(char *) p+1; - if (*q == '0') - (void) strtol(q,&q,10); - if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x')) - { - char - format[MaxTextExtent]; - - (void) CopyMagickString(format,p,MaxTextExtent); - (void) FormatMagickString(p,MaxTextExtent,format,image_info->scene); - break; - } - } + (void) FormatMagickStringNumeric(filename,MaxTextExtent, + image_info->filename,image_info->scene); if ((LocaleCompare(filename,image_info->filename) != 0) && (strchr(filename,'%') == (char *) NULL)) image_info->adjoin=MagickFalse; @ 1.6 log @Security fixes for CVE-2006-0082 and Debian bug #345595: "Format string vulnerabilities in ImageMagick allow user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program." Patches from Debian. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595 @ text @d1 1 a1 1 $NetBSD$ @ 1.5 log @According to the ImageMagick developers, it is uncommon for any two libMagick.so libraries to be API compatible, and they don't want to handle proper ELF versioning, but have the "real" version number in the library. To spare us the pkgsrc maintenance nightmare, follow their example. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.4 2002/11/13 13:44:44 wiz Exp $ d3 32 a34 11 --- magick/Makefile.am.orig Sat Oct 12 22:56:34 2002 +++ magick/Makefile.am @@@@ -44,7 +44,7 @@@@ INCLUDES = -I$(top_srcdir) $(INCLTDL) ALLMANPAGES = Magick-config.1 libMagick_la_LDFLAGS = -no-undefined \ - -release $(MAJOR_VERSION).$(MINOR_VERSION).$(MICRO_VERSION) + -version-info $(MAJOR_VERSION):$(MINOR_VERSION):$(MICRO_VERSION) #AM_CFLAGS = @@LIBRARY_EXTRA_CPPFLAGS@@ AM_CPPFLAGS = @@LIBRARY_EXTRA_CPPFLAGS@@ @ 1.5.18.1 log @Pullup ticket 1070 - requested by Lubomir Sedlacik sync graphics/ImageMagick with HEAD including security fixes Revisions pulled up: - pkgsrc/graphics/ImageMagick/Makefile 1.137 - pkgsrc/graphics/ImageMagick/Makefile.common 1.46 - pkgsrc/graphics/ImageMagick/PLIST 1.44 - pkgsrc/graphics/ImageMagick/buildlink3.mk 1.11 - pkgsrc/graphics/ImageMagick/distinfo 1.57, 1.58 - pkgsrc/graphics/ImageMagick/options.mk 1.4 - pkgsrc/graphics/ImageMagick/patches/patch-aa 1.33 - pkgsrc/graphics/ImageMagick/patches/patch-ab 1.16 - pkgsrc/graphics/ImageMagick/patches/patch-ac 1.12 - pkgsrc/graphics/ImageMagick/patches/patch-ad 1.9 - pkgsrc/graphics/ImageMagick/patches/patch-ae 1.6 - pkgsrc/graphics/ImageMagick/patches/patch-af 1.6 - pkgsrc/graphics/ImageMagick/patches/patch-ag 1.4 - pkgsrc/graphics/ImageMagick/patches/patch-ah 1.3 Module Name: pkgsrc Committed By: adam Date: Thu Jan 26 20:38:19 UTC 2006 Modified Files: pkgsrc/graphics/ImageMagick: Makefile Makefile.common PLIST buildlink3.mk distinfo options.mk pkgsrc/graphics/ImageMagick/patches: patch-aa Log Message: Changes 6.2.6.0: * Bug fixes --- Module Name: pkgsrc Committed By: salo Date: Sat Jan 28 02:36:55 UTC 2006 Modified Files: pkgsrc/graphics/ImageMagick: Makefile distinfo Added Files: pkgsrc/graphics/ImageMagick/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah Log Message: Security fixes for CVE-2006-0082 and Debian bug #345595: "Format string vulnerabilities in ImageMagick allow user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program." Patches from Debian. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595 @ text @d1 1 a1 1 $NetBSD$ d3 11 a13 32 Security fix for CVE-2006-0082, from Debian. --- magick/image.c.orig 2006-01-17 17:20:54.000000000 +0100 +++ magick/image.c 2006-01-28 02:42:54.000000000 +0100 @@@@ -2780,25 +2780,8 @@@@ /* Rectify multi-image file support. */ - (void) CopyMagickString(filename,image_info->filename,MaxTextExtent); - for (p=strchr(filename,'%'); p != (char *) NULL; p=strchr(p+1,'%')) - { - char - *q; - - q=(char *) p+1; - if (*q == '0') - (void) strtol(q,&q,10); - if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x')) - { - char - format[MaxTextExtent]; - - (void) CopyMagickString(format,p,MaxTextExtent); - (void) FormatMagickString(p,MaxTextExtent,format,image_info->scene); - break; - } - } + (void) FormatMagickStringNumeric(filename,MaxTextExtent, + image_info->filename,image_info->scene); if ((LocaleCompare(filename,image_info->filename) != 0) && (strchr(filename,'%') == (char *) NULL)) image_info->adjoin=MagickFalse; @ 1.4 log @Update to 5.5.1-6. Changes: * Verify sanity of sysconf(_SC_PAGE_SIZE) and sysconf(_SC_PHYS_PAGES) before using their values. * Corrected bug in image geometry height calculation. * PingBlob() improperly set the length memory of BlobInfo to zero. * Fixed Ping() memory leak in PerlMagick. * Fixed -map problem in convert/mogrify utilities. * -border with a single value now produces correct results (e.g. -border 10). * Set locale type LC_NUMERIC to "C". * Bug fix for PS2 encoder. * Added PS-Adobe preamble to PS3 encoder. * Use ImageMagick release number to allow multiple ImageMagick releases to co-exist without interference on the same machine. * Decided that DrawGet functions should return by value. * Added detailed logging to BMP, PNG, and JPEG codecs, including JPEG quality estimate. * Added draw.h "DrawGet" equivalents to most of the "DrawSet" functions. * Added an array size argument to DrawSetDashPattern and got rid of the zero-termination garbage. o Remove 'Set' from the names of draw.h functions which update the current affine transformation array (e.g. DrawSetRotate becomes DrawRotate). * Under Windows, a DllMain function which automatically initializes ImageMagick (when ImageMagick is built using DLLs) may be added by defining ProvideDllMain in magick_config.h * Added resource consumption methods, see magick/resource.c. * Replaced underscores in commandline options with hyphens. For backward compatibility, underscores will continue to be recognized. * Added -blue-primary, -green-primary, -red-primary, -white-point options. * Added BMP2 and BMP3 output formats. * Changed chromaticity primary.z from 1.0 to 1.0-(primary.x+primary.y) in the PNG and PCD codecs. * Added 'exception' parameter to the ImageMagick progress monitor API. * Added enumerated types for the dispose member of the Image structure. * Added -version option to commandline utilities. * The xcf decoder would sometimes create artifacts when reading RLE-encoded grayscale images, due to the green and blue samples not being defined. * Added logging capabilities to the CORE API. This facility is useful for debugging. Added "events" parameter to the -debug commandline option. * AcquireImagePixels() did not always return the same pixel values for virtual pixels when the cache was stored on disk (very rare). * new -virtual-pixel command line option. * new PerlMagick virtual-pixel image attribute. @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update "ImageMagick" and "p5-PerlMagick" packages to version 5.4.8.2. Many bugs were fixed since the release of version 5.3.9 and lots of new features like 32-Bit QuantumDepth support added. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.2 2002/02/10 12:51:00 abs Exp $ d3 11 a13 10 --- magick/magick.c.orig Sun Sep 16 23:36:12 2001 +++ magick/magick.c @@@@ -421,6 +421,7 @@@@ #endif SetClientName(filename); (void) setlocale(LC_ALL,""); + (void) setlocale(LC_CTYPE,"C"); (void) setlocale(LC_NUMERIC,"C"); } @ 1.2 log @Switch a 'long' to int32_t to work correctly on BE-LP64 platforms. Mark NOT_FOR_PLATFORM = NetBSD-*-sparc64 as c++ still broken @ text @d1 1 a1 1 $NetBSD$ @ 1.2.2.1 log @Merge changes from pkgsrc-current into the buildlink2 branch for the packages that have buildlink2.mk files. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.2 2002/02/10 12:51:00 abs Exp $ @ 1.1 log @Move inclusion of buildlink.mk files to end of Makefile. Also patch configure script to not add -L${PREFIX}/lib, -I${PREFIX}/include to LDFLAGS, CFLAGS to encapsulate build. @ text @d3 10 a12 12 --- configure.in.orig Sat Jan 27 12:09:13 2001 +++ configure.in @@@@ -408,9 +408,6 @@@@ eval "eval MAN_DIR=$mandir" -LDFLAGS="$LDFLAGS -L$LIB_DIR" -CPPFLAGS="$CPPFLAGS -I$INCLUDE_DIR" - # Extend includedir to include magick subdirectory offset includedir="$includedir/magick" @