SF.net SVN: gar:[25690] csw/mgar/pkg/ImageMagick/trunk

lblume at users.sourceforge.net lblume at users.sourceforge.net
Wed May 4 15:31:59 CEST 2016 

Revision: 25690
          http://sourceforge.net/p/gar/code/25690
Author:   lblume
Date:     2016-05-04 13:31:59 +0000 (Wed, 04 May 2016)
Log Message:
-----------
ImageMagick/trunk: Bump to 7.0.1-0, change compiler to GCC5, add mitigation for CVE-2016-3714

Modified Paths:
--------------
    csw/mgar/pkg/ImageMagick/trunk/Makefile
    csw/mgar/pkg/ImageMagick/trunk/checksums

Added Paths:
-----------
    csw/mgar/pkg/ImageMagick/trunk/files/0003-CVE-2016-3714.patch

Modified: csw/mgar/pkg/ImageMagick/trunk/Makefile
===================================================================
--- csw/mgar/pkg/ImageMagick/trunk/Makefile	2016-05-03 14:41:57 UTC (rev 25689)
+++ csw/mgar/pkg/ImageMagick/trunk/Makefile	2016-05-04 13:31:59 UTC (rev 25690)
@@ -1,6 +1,6 @@
 NAME      = imagemagick
-VERSION   = 6.9.2
-GARSUBREV = 3
+VERSION   = 7.0.1
+GARSUBREV = 0
 #BETAREV   = beta20140518
 GARTYPE   = v2
 
@@ -24,13 +24,14 @@
 
 PACKAGING_PLATFORMS = solaris10-sparc solaris10-i386
 
-GARCOMPILER = GCC4
+GARCOMPILER = GCC5
 
 VENDOR_URL = http://www.imagemagick.org
 
 LICENSE = LICENSE
 
 PATCHFILES += 0002_warn_all_does_not_work.patch 
+PATCHFILES += 0003-CVE-2016-3714.patch
 
 BUILD_DEP_PKGS += CSWliblcms-dev
 BUILD_DEP_PKGS += CSWlibcairo-dev

Modified: csw/mgar/pkg/ImageMagick/trunk/checksums
===================================================================
--- csw/mgar/pkg/ImageMagick/trunk/checksums	2016-05-03 14:41:57 UTC (rev 25689)
+++ csw/mgar/pkg/ImageMagick/trunk/checksums	2016-05-04 13:31:59 UTC (rev 25690)
@@ -1 +1 @@
-5007e8f213f47e89e70270ed57791d07  ImageMagick-6.9.2-3.tar.xz
+ccb51fa88c0605850386c8959f82fc42  ImageMagick-7.0.1-0.tar.xz

Added: csw/mgar/pkg/ImageMagick/trunk/files/0003-CVE-2016-3714.patch
===================================================================
--- csw/mgar/pkg/ImageMagick/trunk/files/0003-CVE-2016-3714.patch	                        (rev 0)
+++ csw/mgar/pkg/ImageMagick/trunk/files/0003-CVE-2016-3714.patch	2016-05-04 13:31:59 UTC (rev 25690)
@@ -0,0 +1,17 @@
+diff --git a/config/policy.xml b/config/policy.xml
+index b4ee2d2..aaf0e52 100644
+--- a/config/policy.xml
++++ b/config/policy.xml
+@@ -58,4 +58,12 @@
+   <!-- <policy domain="resource" name="time" value="3600"/> -->
+   <!-- <policy domain="system" name="precision" value="6"/> -->
+   <policy domain="cache" name="shared-secret" value="passphrase"/>
++
++  <!-- Mitigation for CVE-2016–3714 -->
++  <!-- https://imagetragick.com/ -->
++  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
++  <policy domain="coder" rights="none" pattern="URL" />
++  <policy domain="coder" rights="none" pattern="HTTPS" />
++  <policy domain="coder" rights="none" pattern="MVG" />
++  <policy domain="coder" rights="none" pattern="MSL" />
+ </policymap>

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the devel mailing list