head 1.10; access; symbols pkgsrc-2013Q2:1.10.0.36 pkgsrc-2013Q2-base:1.10 pkgsrc-2012Q4:1.10.0.34 pkgsrc-2012Q4-base:1.10 pkgsrc-2011Q4:1.10.0.32 pkgsrc-2011Q4-base:1.10 pkgsrc-2011Q2:1.10.0.30 pkgsrc-2011Q2-base:1.10 pkgsrc-2009Q4:1.10.0.28 pkgsrc-2009Q4-base:1.10 pkgsrc-2008Q4:1.10.0.26 pkgsrc-2008Q4-base:1.10 pkgsrc-2008Q3:1.10.0.24 pkgsrc-2008Q3-base:1.10 cube-native-xorg:1.10.0.22 cube-native-xorg-base:1.10 pkgsrc-2008Q2:1.10.0.20 pkgsrc-2008Q2-base:1.10 pkgsrc-2008Q1:1.10.0.18 pkgsrc-2008Q1-base:1.10 pkgsrc-2007Q4:1.10.0.16 pkgsrc-2007Q4-base:1.10 pkgsrc-2007Q3:1.10.0.14 pkgsrc-2007Q3-base:1.10 pkgsrc-2007Q2:1.10.0.12 pkgsrc-2007Q2-base:1.10 pkgsrc-2007Q1:1.10.0.10 pkgsrc-2007Q1-base:1.10 pkgsrc-2006Q4:1.10.0.8 pkgsrc-2006Q4-base:1.10 pkgsrc-2006Q3:1.10.0.6 pkgsrc-2006Q3-base:1.10 pkgsrc-2006Q2:1.10.0.4 pkgsrc-2006Q2-base:1.10 pkgsrc-2006Q1:1.10.0.2 pkgsrc-2006Q1-base:1.10 pkgsrc-2005Q4:1.8.0.18 pkgsrc-2005Q4-base:1.8 pkgsrc-2005Q3:1.8.0.16 pkgsrc-2005Q3-base:1.8 pkgsrc-2005Q2:1.8.0.14 pkgsrc-2005Q2-base:1.8 pkgsrc-2005Q1:1.8.0.12 pkgsrc-2005Q1-base:1.8 pkgsrc-2004Q4:1.8.0.10 pkgsrc-2004Q4-base:1.8 pkgsrc-2004Q3:1.8.0.8 pkgsrc-2004Q3-base:1.8 pkgsrc-2004Q2:1.8.0.6 pkgsrc-2004Q2-base:1.8 pkgsrc-2004Q1:1.8.0.4 pkgsrc-2004Q1-base:1.8 pkgsrc-2003Q4:1.8.0.2 pkgsrc-2003Q4-base:1.8 netbsd-1-6:1.5.0.8 netbsd-1-6-RELEASE-base:1.5 pkgviews:1.5.0.4 pkgviews-base:1.5 buildlink2:1.5.0.2 buildlink2-base:1.6 netbsd-1-5-PATCH003:1.5; locks; strict; comment @# @; 1.10 date 2006.03.05.21.25.49; author adam; state dead; branches; next 1.9; 1.9 date 2006.01.28.02.36.55; author salo; state Exp; branches; next 1.8; 1.8 date 2003.01.03.23.04.38; author wiz; state dead; branches 1.8.18.1; next 1.7; 1.7 date 2002.11.13.13.44.44; author wiz; state Exp; branches; next 1.6; 1.6 date 2002.08.22.08.06.14; author tron; state dead; branches; next 1.5; 1.5 date 2002.02.10.12.51.00; author abs; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2001.07.02.16.48.32; author jlam; state Exp; branches; next 1.3; 1.3 date 98.03.19.09.23.08; author tron; state dead; branches; next 1.2; 1.2 date 98.02.09.22.21.26; author tron; state Exp; branches; next 1.1; 1.1 date 98.02.05.22.19.21; author tron; state Exp; branches; next ; 1.8.18.1 date 2006.01.28.23.39.05; author seb; state Exp; branches; next ; 1.5.2.1 date 2002.08.22.11.11.18; author jlam; state dead; branches; next ; desc @@ 1.10 log @Changes 6.2.6.3: * The command line utilities properly returns a non-zero status when an exception is thrown. Changes 6.2.6.2 * Fix a memory leak in each of CompositeImageCommand() and CompositeImage() * Add new options -layers compare-any, -layers compare-clear, -layers compare-overlay, and -layers optimize. * Draw last dash in a dashed polyline. * Add %D to -format to return the image disposal method. * ncorrect handling of file:// URIs causes data loss (patch from Daniel Kobras). * Set default BMP resolution units to PixelsPerCentimeter (problem report from digipete@@shaw...). @ text @$NetBSD: patch-ad,v 1.9 2006/01/28 02:36:55 salo Exp $ Security fixes for CVE-2006-0082 and #345595, from Debian. --- wand/display.c.orig 2006-01-13 05:49:46.000000000 +0100 +++ wand/display.c 2006-01-28 02:35:54.000000000 +0100 @@@@ -315,10 +315,7 @@@@ image_number=0; last_image=0; last_scene=0; - image_marker=(unsigned long *) - AcquireMagickMemory((argc+1)*sizeof(*image_marker)); - for (i=0; i <= argc; i++) - image_marker[i]=(unsigned long) argc; + image_marker=(unsigned long *) NULL; option=(char *) NULL; pend=MagickFalse; resource_database=(XrmDatabase) NULL; @@@@ -326,9 +323,6 @@@@ server_name=(char *) NULL; state=0; status=MagickTrue; - if (image_marker == (unsigned long *) NULL) - ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed", - strerror(errno)); /* Check for server name specified on the command line. */ @@@@ -337,6 +331,13 @@@@ if (status == MagickFalse) ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed", strerror(errno)); + image_marker=(unsigned long *) + AcquireMagickMemory((argc+1)*sizeof(*image_marker)); + for (i=0; i <= argc; i++) + image_marker[i]=(unsigned long) argc; + if (image_marker == (unsigned long *) NULL) + ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed", + strerror(errno)); for (i=1; i < (long) argc; i++) { /* @@@@ -461,7 +462,7 @@@@ /* Form filename for multi-part images. */ - (void) FormatMagickString(filename,MaxTextExtent, + (void) FormatMagickStringNumeric(filename,MaxTextExtent, image_info->filename,scene); if (LocaleCompare(filename,image_info->filename) == 0) (void) FormatMagickString(filename,MaxTextExtent,"%s.%lu", @ 1.9 log @Security fixes for CVE-2006-0082 and Debian bug #345595: "Format string vulnerabilities in ImageMagick allow user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program." Patches from Debian. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595 @ text @d1 1 a1 1 $NetBSD$ @ 1.8 log @Update to 5.5.3.2. Changes include lots of bugfixes and some enhancements, in particular JNG support. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.7 2002/11/13 13:44:44 wiz Exp $ d3 23 a25 10 --- coders/jp2.c.orig Sun Nov 10 15:33:57 2002 +++ coders/jp2.c @@@@ -604,7 +604,7 @@@@ static unsigned int WriteJP2Image(const component_info[i].prec=(unsigned int) image->depth <= 8 ? 8 : 16; } jp2_image=jas_image_create((short) number_components,component_info, - number_components == 1 ? JAS_IMAGE_CM_GRAY : JAS_IMAGE_CM_RGB); + number_components == 1 ? JAS_IMAGE_CS_GRAY : JAS_IMAGE_CS_RGB); if (jp2_image == (jas_image_t *) NULL) ThrowWriterException(FileOpenError,"Unable to create image",image); d27 25 @ 1.8.18.1 log @Pullup ticket 1070 - requested by Lubomir Sedlacik sync graphics/ImageMagick with HEAD including security fixes Revisions pulled up: - pkgsrc/graphics/ImageMagick/Makefile 1.137 - pkgsrc/graphics/ImageMagick/Makefile.common 1.46 - pkgsrc/graphics/ImageMagick/PLIST 1.44 - pkgsrc/graphics/ImageMagick/buildlink3.mk 1.11 - pkgsrc/graphics/ImageMagick/distinfo 1.57, 1.58 - pkgsrc/graphics/ImageMagick/options.mk 1.4 - pkgsrc/graphics/ImageMagick/patches/patch-aa 1.33 - pkgsrc/graphics/ImageMagick/patches/patch-ab 1.16 - pkgsrc/graphics/ImageMagick/patches/patch-ac 1.12 - pkgsrc/graphics/ImageMagick/patches/patch-ad 1.9 - pkgsrc/graphics/ImageMagick/patches/patch-ae 1.6 - pkgsrc/graphics/ImageMagick/patches/patch-af 1.6 - pkgsrc/graphics/ImageMagick/patches/patch-ag 1.4 - pkgsrc/graphics/ImageMagick/patches/patch-ah 1.3 Module Name: pkgsrc Committed By: adam Date: Thu Jan 26 20:38:19 UTC 2006 Modified Files: pkgsrc/graphics/ImageMagick: Makefile Makefile.common PLIST buildlink3.mk distinfo options.mk pkgsrc/graphics/ImageMagick/patches: patch-aa Log Message: Changes 6.2.6.0: * Bug fixes --- Module Name: pkgsrc Committed By: salo Date: Sat Jan 28 02:36:55 UTC 2006 Modified Files: pkgsrc/graphics/ImageMagick: Makefile distinfo Added Files: pkgsrc/graphics/ImageMagick/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah Log Message: Security fixes for CVE-2006-0082 and Debian bug #345595: "Format string vulnerabilities in ImageMagick allow user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program." Patches from Debian. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595 @ text @d1 1 a1 1 $NetBSD$ d3 10 a12 23 Security fixes for CVE-2006-0082 and #345595, from Debian. --- wand/display.c.orig 2006-01-13 05:49:46.000000000 +0100 +++ wand/display.c 2006-01-28 02:35:54.000000000 +0100 @@@@ -315,10 +315,7 @@@@ image_number=0; last_image=0; last_scene=0; - image_marker=(unsigned long *) - AcquireMagickMemory((argc+1)*sizeof(*image_marker)); - for (i=0; i <= argc; i++) - image_marker[i]=(unsigned long) argc; + image_marker=(unsigned long *) NULL; option=(char *) NULL; pend=MagickFalse; resource_database=(XrmDatabase) NULL; @@@@ -326,9 +323,6 @@@@ server_name=(char *) NULL; state=0; status=MagickTrue; - if (image_marker == (unsigned long *) NULL) - ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed", - strerror(errno)); a13 25 Check for server name specified on the command line. */ @@@@ -337,6 +331,13 @@@@ if (status == MagickFalse) ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed", strerror(errno)); + image_marker=(unsigned long *) + AcquireMagickMemory((argc+1)*sizeof(*image_marker)); + for (i=0; i <= argc; i++) + image_marker[i]=(unsigned long) argc; + if (image_marker == (unsigned long *) NULL) + ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed", + strerror(errno)); for (i=1; i < (long) argc; i++) { /* @@@@ -461,7 +462,7 @@@@ /* Form filename for multi-part images. */ - (void) FormatMagickString(filename,MaxTextExtent, + (void) FormatMagickStringNumeric(filename,MaxTextExtent, image_info->filename,scene); if (LocaleCompare(filename,image_info->filename) == 0) (void) FormatMagickString(filename,MaxTextExtent,"%s.%lu", @ 1.7 log @Update to 5.5.1-6. Changes: * Verify sanity of sysconf(_SC_PAGE_SIZE) and sysconf(_SC_PHYS_PAGES) before using their values. * Corrected bug in image geometry height calculation. * PingBlob() improperly set the length memory of BlobInfo to zero. * Fixed Ping() memory leak in PerlMagick. * Fixed -map problem in convert/mogrify utilities. * -border with a single value now produces correct results (e.g. -border 10). * Set locale type LC_NUMERIC to "C". * Bug fix for PS2 encoder. * Added PS-Adobe preamble to PS3 encoder. * Use ImageMagick release number to allow multiple ImageMagick releases to co-exist without interference on the same machine. * Decided that DrawGet functions should return by value. * Added detailed logging to BMP, PNG, and JPEG codecs, including JPEG quality estimate. * Added draw.h "DrawGet" equivalents to most of the "DrawSet" functions. * Added an array size argument to DrawSetDashPattern and got rid of the zero-termination garbage. o Remove 'Set' from the names of draw.h functions which update the current affine transformation array (e.g. DrawSetRotate becomes DrawRotate). * Under Windows, a DllMain function which automatically initializes ImageMagick (when ImageMagick is built using DLLs) may be added by defining ProvideDllMain in magick_config.h * Added resource consumption methods, see magick/resource.c. * Replaced underscores in commandline options with hyphens. For backward compatibility, underscores will continue to be recognized. * Added -blue-primary, -green-primary, -red-primary, -white-point options. * Added BMP2 and BMP3 output formats. * Changed chromaticity primary.z from 1.0 to 1.0-(primary.x+primary.y) in the PNG and PCD codecs. * Added 'exception' parameter to the ImageMagick progress monitor API. * Added enumerated types for the dispose member of the Image structure. * Added -version option to commandline utilities. * The xcf decoder would sometimes create artifacts when reading RLE-encoded grayscale images, due to the green and blue samples not being defined. * Added logging capabilities to the CORE API. This facility is useful for debugging. Added "events" parameter to the -debug commandline option. * AcquireImagePixels() did not always return the same pixel values for virtual pixels when the cache was stored on disk (very rare). * new -virtual-pixel command line option. * new PerlMagick virtual-pixel image attribute. @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @Update "ImageMagick" and "p5-PerlMagick" packages to version 5.4.8.2. Many bugs were fixed since the release of version 5.3.9 and lots of new features like 32-Bit QuantumDepth support added. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.5 2002/02/10 12:51:00 abs Exp $ d3 11 a13 10 --- magick/delegate.c.orig Fri Aug 24 21:26:43 2001 +++ magick/delegate.c @@@@ -267,7 +267,6 @@@@ assert(image_info->signature == MagickSignature); assert(image != (Image *) NULL); assert(image->signature == MagickSignature); - assert(decode!= (char *) NULL); delegate_info=GetDelegateInfo(decode,encode,&image->exception); if (delegate_info == (DelegateInfo *) NULL) { @ 1.5 log @Switch a 'long' to int32_t to work correctly on BE-LP64 platforms. Mark NOT_FOR_PLATFORM = NetBSD-*-sparc64 as c++ still broken @ text @d1 1 a1 1 $NetBSD$ @ 1.5.2.1 log @Merge changes from pkgsrc-current into the buildlink2 branch for the packages that have buildlink2.mk files. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.5 2002/02/10 12:51:00 abs Exp $ @ 1.4 log @Move inclusion of buildlink.mk files to end of Makefile. Also patch configure script to not add -L${PREFIX}/lib, -I${PREFIX}/include to LDFLAGS, CFLAGS to encapsulate build. @ text @d3 10 a12 12 --- configure.orig Sat Jan 27 12:09:13 2001 +++ configure @@@@ -4079,9 +4079,6 @@@@ eval "eval INFO_DIR=$infodir" eval "eval MAN_DIR=$mandir" -LDFLAGS="$LDFLAGS -L$LIB_DIR" -CPPFLAGS="$CPPFLAGS -I$INCLUDE_DIR" - # Extend includedir to include magick subdirectory offset includedir="$includedir/magick" @ 1.3 log @Update to ImageMagick 4.0.3. @ text @d1 13 a13 5 --- magick/magick.h.orig Mon Feb 9 01:56:04 1998 +++ magick/magick.h Mon Feb 9 22:56:49 1998 @@@@ -4,6 +4,8 @@@@ #ifndef _MAGICK_H #define _MAGICK_H a14 14 +#include + #if defined(__cplusplus) || defined(c_plusplus) extern "C" { #endif @@@@ -145,7 +147,7 @@@@ #endif #define ShowImageCommand \ "display %s -immutable -window_group 0x%lx -title \"%s of %s\" tmp:%s &" -#define TemporaryDirectory "/usr/tmp" +#define TemporaryDirectory _PATH_VARTMP #else #if defined(vms) #define ApplicationDefaults "decw$system_defaults:" @ 1.2 log @Update to ImageMagick 4.0.1 because the required 4.0 distribution file is not available any more and the one on "ftp.netbsd.org" is outdated. Problem pointed out by Mario Kemper. @ text @@ 1.1 log @Use "/var/tmp" and not "/usr/tmp" as default temporary directory. Problem pointed out by Mario Kemper. @ text @d1 5 a5 3 --- magick/magick.h.orig Wed Feb 4 19:18:20 1998 +++ magick/magick.h Thu Feb 5 23:02:25 1998 @@@@ -14,6 +14,7 @@@@ a6 2 #include #include d8 10 a17 2 #if defined(_VISUALC_) #include d19 2 a20 9 @@@@ -119,7 +120,7 @@@@ #define PICTCommand "|picttoppm %s" #define PostscriptMonoDevice "pbmraw" #define ReadBinaryType "rb" -#define TemporaryDirectory "/usr/tmp" +#define TemporaryDirectory _PATH_VARTMP #define UncompressCommand "|uncompress -c %s" #define UndoCache "16" #define WriteBinaryType "wb" @