imagemagick (8:6.9.12.98+dfsg1-5.1~exp1) experimental; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. -- Steve Langasek Sat, 17 Feb 2024 17:03:12 +0000 imagemagick (8:6.9.12.98+dfsg1-5) unstable; urgency=medium * Bug fix: "please update Suggests: imagemagick-doc; to imagemagick-6-doc", thanks to Vincent Lefevre (Closes: #1059314). * Bug fix: "missing Breaks+Replaces against the dropped imagemagick-doc package, in order to force its removal", thanks to Vincent Lefevre (Closes: #1059193). -- Bastien Roucariès Wed, 27 Dec 2023 10:29:58 +0000 imagemagick (8:6.9.12.98+dfsg1-4) unstable; urgency=medium * Replace ufraw-batch suggest by libraw-bin (Closes: #1038637) * Update changelog entry for CVE fixed. * Move from gsfonts to fonts-urw-base35. Thanks to Vincent Lefevre (Closes: #1020358, #1020355, #1020363, #1020370) * Recommends fonts-tuffy (Closes: #1054580) * Fix a typo in debian patch (Closes: #1054506) -- Bastien Roucariès Mon, 30 Oct 2023 09:26:06 +0000 imagemagick (8:6.9.12.98+dfsg1-3) unstable; urgency=medium * Bug fix: "imagemagick no longer sets "PACKAGE_RELEASE_DATE", thanks to Håvard F. Aasen (Closes: #1054462). * Bug fix: "reproducible builds: Embeds different paths on usrmerge system", thanks to Vagrant Cascadian (Closes: #983303). -- Bastien Roucariès Wed, 25 Oct 2023 23:30:18 +0000 imagemagick (8:6.9.12.98+dfsg1-2) unstable; urgency=medium * Upload to unstable -- Bastien Roucariès Sun, 22 Oct 2023 15:35:30 +0000 imagemagick (8:6.9.12.98+dfsg1-1) experimental; urgency=medium * New upstream version * Drop package imagemagick-doc and imagemagick-common * Fix CVE-2023-3428: A heap-based buffer overflow vulnerability was found in coders/tiff.c. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. * CVE-2023-3745: A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. * Import patch for upstream that avoid a FTBFS due to SOURCE_DATE_EPOCH set * Use a debian policy. Install other policies as user convenience. * Recompile means no depends on old libwmf (Closes: #1005229) -- Bastien Roucariès Sat, 21 Oct 2023 14:40:53 +0000 imagemagick (8:6.9.12.90+dfsg1-1) UNRELEASED; urgency=medium [ Luciano Bello ] * removing Luciano as uploader, as he is retiring [ Pino Toscano ] * Drop the XPM icon for display-im, as the Debian menu file that needed it was removed in 8:6.9.2.10+dfsg-1. * Tweak the sizes for which we generate PNG versions of the display-im application icon: - drop 8x8, and 42x42: they are not specified in hicolor, and thus cannot be reliably used; also they are very niche sizes, and they can be downscaled if needed - add 512x512 [ Bastien Roucariès ] * New upstream version * Aknowledge NMU * Fix CVE-2021-3610: A heap-based buffer overflow vulnerability was found in ImageMagick in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. (Closes: #1037090). * Fix CVE-2022-1115: A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. (Closes: #1013282) * Fix CVE-2022-3213: A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. (Closes: #1021141). * Fix CVE-2023-1289: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp", resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. (Closes: #1033254). * Fix CVE-2023-1906: A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. (Closes: #1034373). * Fix CVE-2023-2157: A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. (Closes: #1036476). * Fix CVE-2023-3195: A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. * Fix CVE-2023-34151: A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders. (Closes: #1036999) * Use libfreetype-dev instead of libfreetype6-dev -- Bastien Roucariès Sat, 29 Jul 2023 14:52:58 +0000 imagemagick (8:6.9.12.20+dfsg1-1.2) experimental; urgency=medium * Non-maintainer upload. * Build with --with-fftw because fftw is disabled by default since 6.9.12.5 (Closes: #995290) -- Johannes Schauer Marin Rodrigues Tue, 05 Oct 2021 15:08:20 +0200 imagemagick (8:6.9.12.20+dfsg1-1.1) experimental; urgency=medium * Non-maintainer upload. * Fix FTBFS when doing arch:any-only builds by creating font symlinks for configure-indep as well as configure-arch targets -- Johannes Schauer Marin Rodrigues Sat, 04 Sep 2021 19:37:54 +0200 imagemagick (8:6.9.12.20+dfsg1-1) experimental; urgency=medium * debian/copyright: use spaces rather than tabs to start continuation lines. * Set field Upstream-Contact in debian/copyright. * Remove obsolete field Contact from debian/upstream/metadata (already present in machine-readable debian/copyright). * Avoid explicitly specifying -Wl,--as-needed linker flag. * Fix field name case in debian/control (Built-using => Built-Using). * Bump debhelper from old 11 to 13. * Set debhelper-compat version in Build-Depends. * Update standards version to 4.5.1, no changes needed. * Acknowledge NMU. Thanks Salvatore Bonaccorso * New upstream version * SO Bump from upstream due to structure incompatibility * Clean up maintainer scripts * Use fonts from fonts-tuffy * Fix mime type. Do not quote %s (Closes: #987691) and fix extra dot (Closes: #986471) * Drop old config script. Use pkgconfig please. * Depends on libraw-dev (Closes: #990028). * Fix invalid policy.xml (Closes: #991289, #990757). * Relax a little bit policy.xml (Closes: #860763, #941724). * Update Repository in debian/upstream/metadata (Closes: #991288) * Fix reproducible builds: Embeds date dependent on timezone (Closes: #983302) -- Bastien Roucariès Fri, 27 Aug 2021 08:19:42 +0000 imagemagick (8:6.9.11.60+dfsg-1.6) unstable; urgency=high * Non-maintainer upload [ Moritz Mühlenhoff ] * Fix CVE-2022-44267 / CVE-2022-44268 (Closes: #1030767) (LP: #2004580) -- Jeremy Bicha Thu, 16 Feb 2023 16:06:07 -0500 imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high * Non-maintainer upload [ Nishit Majithia ] * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a remote attacker to cause a denial of service via a crafted image file - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal() to fix division by zeros in coders/jp2.c - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal() to fix division by zeros in magick/resize.c - debian/patches/CVE-2021-20244.patch: Avoid division by zero in magick/fx.c - debian/patches/CVE-2021-20245.patch: Avoid division by zero in oders/webp.c - debian/patches/CVE-2021-20246.patch: Avoid division by zero in magick/resample.c - debian/patches/CVE-2021-20309.patch: Avoid division by zero in magick/fx.c - CVE-2021-20241 - CVE-2021-20243 - CVE-2021-20244 - CVE-2021-20245 - CVE-2021-20246 - CVE-2021-20309 * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in imagemagick allow a remote attacker to cause a denial of service or possible leak of cryptographic information via a crafted image file - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in coders/thumbnail.c, division by zero in magick/colorspace.c and a potential cipher leak in magick/memory.c - CVE-2021-20312 - CVE-2021-20313 * SECURITY UPDATE: memory leaks when executing convert command - debian/patches/CVE-2021-3574.patch: fix memory leaks - CVE-2021-3574 * SECURITY UPDATE: Security Issue when Configuring the ImageMagick Security Policy - debian/patches/CVE-2021-39212.patch: Added missing policy checks in RegisterStaticModules - CVE-2021-39212 (Closes: #996588) * SECURITY UPDATE: DoS while processing crafted SVG files - debian/patches/CVE-2021-4219.patch: fix denial of service - CVE-2021-4219 * SECURITY UPDATE: use-after-free in magick - debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at dcm.c - CVE-2022-1114 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2022-28463.patch: fix buffer overflow - CVE-2022-28463 (Closes: #1013282) * SECURITY UPDATE: out-of-range value - debian/patches/CVE-2022-32545.patch: addresses the possibility for the use of a value that falls outside the range of an unsigned char in coders/psd.c. - debian/patches/CVE-2022-32546.patch: addresses the possibility for the use of a value that falls outside the range of an unsigned long in coders/pcl.c. - CVE-2022-32545 - CVE-2022-32546 * SECURITY UPDATE: load of misaligned address - debian/patches/CVE-2022-32547.patch: addresses the potential for the loading of misaligned addresses in magick/property.c. - CVE-2022-32547 (Closes: #1016442) -- Jeremy Bicha Sat, 04 Feb 2023 21:50:44 -0500 imagemagick (8:6.9.11.60+dfsg-1.4) unstable; urgency=medium * Non-maintainer upload. [ Vagrant Cascadian ] * debian/rules: Pass MVDelegate and RMDelegate to configure. (Closes: #983303) -- Paul Gevers Sat, 31 Dec 2022 22:36:57 +0100 imagemagick (8:6.9.11.60+dfsg-1.3) unstable; urgency=medium * Non-maintainer upload. * autopkgtest: Drop PDF related tests which will fail after disabling ghostscript handled formats by default (Closes: #987247) -- Salvatore Bonaccorso Tue, 20 Apr 2021 16:37:59 +0200 imagemagick (8:6.9.11.60+dfsg-1.2) unstable; urgency=medium * Non-maintainer upload. * Disable ghostscript handled formats based on -SAFER insecurity -- Salvatore Bonaccorso Mon, 19 Apr 2021 20:16:51 +0200 imagemagick (8:6.9.11.60+dfsg-1.1) unstable; urgency=medium * Non-maintainer upload. * Import upstream patch to fix font size (Closes: #980202). -- Jochen Sprickerhof Tue, 13 Apr 2021 20:58:45 +0200 imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high * New upstream version - Bug fix: "gscan2pdf tests fail", thanks to Sergio Durigan Junior (Closes: #980202). -- Bastien Roucariès Mon, 01 Feb 2021 16:22:02 +0000 imagemagick (8:6.9.11.58+dfsg-1) unstable; urgency=medium * New upstream version: - Fix error on i386 with php * Bug fix (workarround): "Many doubled www/www; broken links on index.html", thanks to 積丹尼 Dan Jacobson (Closes: #978138). -- Bastien Roucariès Fri, 22 Jan 2021 21:59:16 +0000 imagemagick (8:6.9.11.57+dfsg-1) unstable; urgency=medium * New upstream version: - Bug fix: "CVE-2020-29599", imagemagick mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. Thanks to Salvatore Bonaccorso (Closes: #977205). - Bug fix: "CVE-2020-27560: Division by Zero in function OptimizeLayerFrames", thanks to Salvatore Bonaccorso (Closes: #972797). * Fix dh_doxygen FTBFS (Closes: #971216) -- Bastien Roucariès Mon, 11 Jan 2021 22:14:26 +0000 imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium * Acknowledge NMU * New upstream version: - Fix CVE-2019-11470: Cineon image parsing DOS (Closes: #927830). - Fix CVE-2019-11472: XWD image parsing DOS (Closes: #927828). - Fix CVE-2020-13902: Heap based overflow in TIFF image decoding. (Closes: #928207). - Fix CVE-2019-11598: Heap-based buffer over-read in PNM image decoding (Closes: #928206). - Fix CVE-2019-12974: NULL pointer dereference in pango coder. (Closes: #931196). - Fix CVE-2019-12977: use of uninitialized value" vulnerability in the WriteJP2Image of jp2 coder (Closes: #931191). - Fix CVE-2019-12978: use of uninitialized value" vulnerability in the pango coder. (Closes: #931190). - Fix CVE-2019-12979: use of uninitialized value" vulnerability in MagickCore/image.c (Closes: #931189). - Fix CVE-2019-13135: use of uninitialized value" vulnerability in the cut coder (Closes: #932079). - Fix CVE-2019-13295: Heap-based buffer over-read in MagickCore/threshold.c (Closes: #931457). - Fix CVE-2019-13297: Heap-based buffer over-read in MagickCore/threshold.c (Closes: #931455). - Fix CVE-2019-13300: heap-based buffer overflow in MagickCore/statistic.c (Closes: #931454). - Fix CVE-2019-13304: stack-based buffer overflow for PNM image (Closes: #931453). - Fix CVE-2019-13305: stack-based buffer overflow for PNM image (Closes: #931452). - Fix CVE-2019-13306: stack-based buffer overflow for PNM image (Closes: #931449). - Fix CVE-2019-13307: heap-based buffer overflow in MagickCore/statistic.c (Closes: #931448). - Fix CVE-2019-13308: heap-based buffer overflow in MagickCore/fourier.c (Closes: #931447). - Fix CVE-2019-13391: heap-based buffer over-read (Closes: #931633). - Fix CVE-2019-13454: Division by Zero in MagickCore/layer.c (Closes: #931740). - Fix CVE-2019-14981: divide-by-zero in MeanShiftImage (Closes: #955025). - Fix CVE-2019-15139: DOS for XWD images (Closes: #941670). - Fix CVE-2019-15140: DOS for mat images (Closes: #941671). - Fix CVE-2019-19948: Heap-based buffer overflow in SGI coder (Closes: #947308). - Fix CVE-2019-19949: Heap buffer over-read in PNG coder (Closes: #947309). - Fix CVE-2020-10251: out-of-bounds read vulnerability for HEIC coder (Closes: #953741). - Fix CVE-2020-13902: heap-based buffer over-read for TIFF coder. * Bug fix: "Updating the imagemagick Uploaders list", thanks to Tobias Frost (Closes: #962110). Thanks Nelson A. de Oliveira * Add link in api doc dir to assets javascript library * Fix a typo in convert man page (Closes: #953279,#947983,#921594). * Fix a pkgconfig error that pull q16 instead of q16hdri (Closes: #950282). -- Bastien Roucariès Mon, 27 Jul 2020 03:13:36 +0200 imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium * Non-maintainer upload. * Stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956) (Closes: #925395) * Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650) (Closes: #926091) -- Salvatore Bonaccorso Fri, 03 May 2019 16:34:26 +0200 imagemagick (8:6.9.10.23+dfsg-2) unstable; urgency=medium * Bug fix: "identify 6.9.10-23 does not convert units (pixels per cm/in)", thanks to Cédric Boutillier (Closes: #918642). -- Bastien Roucariès Tue, 08 Jan 2019 15:08:25 +0100 imagemagick (8:6.9.10.23+dfsg-1) unstable; urgency=high * Bug fix: "Silent ABI break in 6.9.10-11 on i386", thanks to Balint Reczey (Closes: #916839). * Fix CVE-2018-20467: infinite loop for malformed BMP file (Closes: #917326). * Enable HEIF/HEIC image format support (Closes: #914120). * Enable WEBP image format (Closes: #806425, #912777) -- Bastien Roucariès Sun, 06 Jan 2019 21:11:34 +0100 imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium * Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev, libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne (Closes: #912833). -- Bastien Roucariès Sun, 04 Nov 2018 21:09:08 +0100 imagemagick (8:6.9.10.14+dfsg-6) unstable; urgency=high * Bug fix: "libmagickcore-6.q16-dev missing Depends: libmagickcore-6-arch-config", thanks to Helmut Grohne (Closes: #912679). -- Bastien Roucariès Sun, 04 Nov 2018 14:52:27 +0100 imagemagick (8:6.9.10.14+dfsg-5) unstable; urgency=high * Use jdupes instead of rdfind in order to avoid link to build dir * Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond (Closes: #897293). * Bump policy (no changes) -- Bastien Roucariès Thu, 01 Nov 2018 22:07:12 +0100 imagemagick (8:6.9.10.14+dfsg-4) unstable; urgency=medium * Use salsa in control * Add Pre-depends on dpkg for versioned provides * Bug fix: "make foreign dependencies on transitional -dev packages satisfiable", thanks to Helmut Grohne (Closes: #893030). -- Bastien Roucariès Wed, 31 Oct 2018 07:27:50 +0100 imagemagick (8:6.9.10.14+dfsg-3) unstable; urgency=medium * Fix FTBFS due to == in control. -- Bastien Roucariès Tue, 30 Oct 2018 14:56:27 +0100 imagemagick (8:6.9.10.14+dfsg-2) unstable; urgency=medium * Bug fix: "imagemagick binary-all FTBFS: rdfind: Command not found", thanks to Adrian Bunk (Closes: #912309). * Use ${binary:Version} instead of hard coded version for compat dev packages. -- Bastien Roucariès Tue, 30 Oct 2018 10:00:51 +0100 imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium * New upstream version * Fix new privacy breach * Fix duplicate files in documentation * Fix security bugs: + CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of coders/msl.c + CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the coders/bmp.c file can cause a DOS via a crafted bmp file. + CVE-2018-18023: A heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. + CVE-2018-16645: Fix an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c, which allows remote attackers to cause a denial of service via a crafted image file. (Closes: #910889) + CVE-2018-16644: Fix a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c, which allows remote attackers to cause a denial of service via a crafted image. (Closes: #910888) + CVE-2018-16413: Fix a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. (Closes: #910887) + CVE-2018-16323: Fix an information disclosure vulnerability that existed in ImageMagick when processing XBM images. An attacker could use this to expose sensitive information. (Closes: #907776) + CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. + CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage in coders/sgi.c. + CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage in coders/pdb.c. + CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage in coders/bgr.c. + CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage in coders/pcx.c. + CVE-2023-5341: Fix a corrupt image check in coders/bmp.c -- Bastien Roucariès Mon, 29 Oct 2018 13:13:38 +0100 imagemagick (8:6.9.10.8+dfsg-1) unstable; urgency=high * New upstream version * Fix security bugs: + CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c uses an uninitialized variable, leading to memory corruption. (Closes: #904713) + CVE-2018-9135: A heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. + CVE-2018-14437: Memory leak in parse8BIM in coders/meta.c. + CVE-2018-14436: Memory leak in ReadMIFFImage in coders/miff.c. + CVE-2018-14435: Memory leak in DecodeImage in coders/pcd.c. + CVE-2018-14434: Memory leak for a colormap in WriteMPCImage in coders/mpc.c. + CVE-2018-13153: Memory leak in the XMagickCommand function in MagickCore/animate.c. -- Bastien Roucariès Mon, 30 Jul 2018 15:14:16 +0200 imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high * Fix perlmagick (Closes: #903404) -- Bastien Roucariès Tue, 10 Jul 2018 00:32:34 +0200 imagemagick (8:6.9.10.2+dfsg-2) unstable; urgency=medium * Upload to unstable -- Bastien Roucariès Sun, 08 Jul 2018 18:49:44 +0200 imagemagick (8:6.9.10.2+dfsg-1) experimental; urgency=medium * Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap 2", thanks to Sven Joachim (Closes: #893953). * Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut Grohne (Closes: #893925). * Move to git dpm * Move to salsa * SO dump * Fix security bugs: + CVE-2018-9133: Excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (Closes: #894848) + CVE-2018-9133: SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. + CVE-2018-11624: the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. + CVE-2018-11625: the SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. + CVE-2018-10177: An infinite loop is present in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. + CVE-2017-14528: Tested (with and without valgrind) and found immune. The TIFFSetProfiles function in coders/tiff.c has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. + CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. + CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c. (Closes: #898218). + CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c. (Closes: #898217) + CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. + CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. -- Bastien Roucariès Mon, 25 Jun 2018 14:29:02 +0200 imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium * Fix security bugs (Closes: #890805): + Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). (Closes: #891291) + Fix CVE-2018-7470: The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.(Closes: #891420) + Fix CVE-2017-17880: there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. * Provide transitional packages from arch:any packages. (Closes: #893030) -- Bastien Roucariès Mon, 19 Mar 2018 17:03:39 +0100 imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high * Upload to unstable (urgency high due to security issues). -- Bastien Roucariès Sun, 18 Feb 2018 00:12:41 +0100 imagemagick (8:6.9.9.34+dfsg-2) experimental; urgency=high * Fix FTBFS for s390x where float_t is double -- Bastien Roucariès Mon, 12 Feb 2018 22:29:24 +0100 imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high * New upstream version * Packaging fix: + Fix privacy breach. + Bump compat level to 11. + Bump policy no changes + Fix lintian warnings + Fix "unnecessary libgraphviz-dev dependency (and graphviz suggests?)", thanks to Matthias Klose (Closes: #884444). + Remove Vincent Fourmond as uploader, thanks to him. (Closes: #878679). + Aknowledge NMU (Closes: #856601) * Fix a few security issues + Fix CVE-2017-1000445: NULL pointer dereference in the MagickCore component and might lead to denial of service. (Closes: #886281) + Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. + Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer signedness error leading to excessive memory consumption via a crafted DCM file. (Closes: #873059) + Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service (Closes: #872609) + Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (Closes: #875338) + Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. (Closes: #875339) + Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP (Closes: #875341) + Fix CVE-2017-12875: The WritePixelCachePixels function allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. (Closes: #873871) + Fix CVE-2017-12877: Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick allows remote attackers to cause a denial of service via a crafted file. (Closes: #872373) + Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. (Closes: #873134) + Fix CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (Closes: #873131) + Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. (Closes: #873100) + Fix CVE-2017-13134: a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. (Closes: #873099) + Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. (Closes: #878508) + Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick allows an attacker to perform denial of service by sending a crafted image file. (Closes: #875352) + Fix CVE-2017-13769: The WriteTHUMBNAILImage function in coders/thumbnail.c allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. (Closes: #878507) + Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. (Closes: #878506) + Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage() due to lack of an EOF (End of File) check cause high CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. (Closes: #875506) + Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. (Closes: #875504) + Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal() a lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. (Closes: #875503) + Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage() a lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. (Closes: #875502) + Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c allows remote attackers to cause a denial of service or code execution via a crafted file. (Closes: #876097) + Fix CVE-2017-14249: Imagemagick mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. (Closes: #876099) + Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. (Closes: #876105) + Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. (Closes: #878546) + Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. (Closes: #878545) + Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. (Closes: #878541) + Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (Closes: #878527) + Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. (Closes: #877354) + Fix CVE-2017-14625: NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. (Closes: #877355) + Fix CVE-2017-14626: NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. (Closes: #878524) + Fix CVE-2017-14682: GetNextToken in MagickCore/token.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. (Closes: #876488) + Fix CVE-2017-14739: The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. (Closes: #878547) + Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. (Closes: #878548) + Fix CVE-2017-14989: A use-after-free in RenderFreetype in MagickCore/annotate.c allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. (Closes: #878562) + Fix CVE-2017-15015: NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. (Closes: #878555) + Fix CVE-2017-15017: NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. (Closes: #878554) + Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. (Closes: #878578) + Fix CVE-2017-15281: ReadPSDImage in coders/psd.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s). (Closes: #878579). + Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. (Closes: #881392) + Fix CVE-2017-17499: use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. (Closes: #885339) + Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. (Closes: #885340) + Fix CVE-2017-17681: an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. (Closes: #885941) + Fix CVE-2017-17682: large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. (Closes: #885942) + Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. (Closes: #885125) + Fix CVE-2017-17914: a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. (Closes: #886584) + Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. (Closes: #886588) * Fix a few unimportant security bugs: + Fix CVE-2017-12644 memory leak vulnerability in ReadDCMImage in coders\dcm.c + Fix CVE-2017-13058 memory leak in WritePCXImage + Fix CVE-2017-13059 memory leak in WriteJNGImage + Fix CVE-2017-13060 memory leak in ReadMATImage + Fix CVE-2017-13062 memory leak vulnerability found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. + Fix CVE-2017-13131 a memory leak vulnerability found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. + Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue where memory allocation is excessive, because it depends only on a length field in a header. + Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases. + Fix CVE-2017-14139: memory leak vulnerability in WriteMSLImage in coders/msl.c. + Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c) + Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c) + Fix CVE-2017-14326: memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. + Fix CVE-2017-14342: memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. + Fix CVE-2017-14343: memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. + Fix CVE-2017-14531: memory exhaustion issue in ReadSUNImage in coders/sun.c. + Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c. + Fix CVE-2017-14684: mory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. (Closes: #876487) + Fix CVE-2017-15016: a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. (source fix not compiled under Debian). + Fix CVE-2017-15032: memory leak in ReadYCBCRImage in coders/ycbcr.c. + Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c. + Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c. + Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c. + Fix CVE-2017-17680: a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. + Fix CVE-2017-17881: a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. + Fix CVE-2017-17882: a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. + Fix CVE-2017-17883: a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. + Fix CVE-2017-17884: a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. + Fix CVE-2017-17885: a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. + Fix CVE-2017-17886: a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. + Fix CVE-2017-17887: a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. + Fix CVE-2017-17934: a memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. + Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c. + Fix CVE-2017-18022: memory leaks in MontageImageCommand in MagickWand/montage.c. + Fix CVE-2017-18027: a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. + Fix CVE-2017-18028: a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. + Fix CVE-2017-18029: a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. + Fix CVE-2017-6502: a specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS) + Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage in coders/pattern.c. + Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c. + Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function in coders/dcm.c. + Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. * Backport fix: + Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. (from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0) -- Bastien Roucariès Thu, 08 Feb 2018 13:38:05 +0100 imagemagick (8:6.9.9.6+dfsg-1) experimental; urgency=medium * Bump so due to ABI problem and g++7 (Closes: #871300). * New upstream version. + Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883). + Fix CVE-2017-11751, CVE-2017-11754 and CVE-2017-11755: The WritePICONImage function in coders/xpm.c allows remote attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #870480). + CVE-2017-12674: a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. + CVE-2017-12429: a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. + CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer signedness error leading to excessive memory consumption via a crafted DCM file. + CVE-2017-12433: A memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. (Closes: #872481) + CVE-2017-12418: A memory leaks was found in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (Closes: #872498) + CVE-2017-12644: a memory leak vulnerability was found in ReadDCMImage in coders\dcm.c. * Update copyright file. * Ship ImageMagick man file (Closes: #856997). * Remove configuration files installed by mistake in an experimental version (Closes: #851627). * Bug fix: "Typo in debian/changelog for CVE identifier", thanks to Salvatore Bonaccorso (Closes: #864151). -- Bastien Roucariès Fri, 11 Aug 2017 17:09:53 +0200 imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium * Non-maintainer upload. * Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev and libmagick++-dev. (Closes: #856601) -- Helmut Grohne Sun, 28 Jan 2018 15:12:24 +0100 imagemagick (8:6.9.7.4+dfsg-16) unstable; urgency=high * Security fix release * Fix a memory exhaustion in ReadPSDImage (Closes: #870530). Fix CVE-2017-12563. * Fix a memory-Leak in ReadPWPImage() (Closes: #870527) * Avoid unbounded loop in pwp coder (Closes: #870526). Fix CVE-2017-12587. * Fix a memory leaks in WriteMSLImage (Closes: #870525). Fix CVE-2017-12427. * Fix another memory leak in WriteMSLImage (Closes: #870524) * Fix a memory exhaustion bug in ReadSUNImage (Closes: #870504). Fix CVE-2017-12435. * Fix a memory leak in ReadSVGImage (Closes: #870503). Fix CVE-2017-12566. * Fix a memory leak in WriteMAPImage (Closes: #870483). Fix CVE-2017-12663. * Fix a memory leak in ReadPICTImage (Closes: #870502) * Fix a memory leak in WritePICTImage (Closes: #870501). Fix CVE-2017-12665. * Fix a memory leak in pdf coder (Closes: #870492). Fix CVE-2017-12662. * Fix a memory leak in PCX coder (Closes: #870489). Fix CVE-2017-12668. * Memory exhaustion in PCX coder (Closes: #870491). Fix CVE-2017-12432. * Memory leak in WriteINLINEImage (Closes: #870482). Fix CVE-2017-12666. * CVE-2017-11752 The ReadMAGICKImage function in coders/magick.c allows remote attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #870481) * CVE-2017-11751 The WritePICONImage function in coders/xpm.c allows remote attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #870481) * CVE-2017-11750 Fix improper use of NULL in the JNG decoder (Closes: #870478) * memory leak in WriteCALSImage (Closes: #870475). Fix CVE-2017-12669. -- Bastien Roucariès Wed, 02 Aug 2017 22:38:50 +0200 imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high * Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3", thanks to Adrian Bunk and Gianfranco Costamagna (Closes: #870047). * Security fixes: + CVE-2017-11639 When ImageMagick processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. (Closes: #870065). + CVE-2017-11640 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function (Closes: #870067) + Validate png file. Detect corrupted png early and avoid a crash (Closes: #870105) + Heap buffer overflow in ReadOneMNGImage A crafted file will cause x_off[i] out-of-bound operation vulnerability. (Closes: #870106). Fix CVE-2017-12640. + memory exhaustion in ReadOneJNGImage in png.c When identify JNG file that contains chunk data, imagemagick will allocate memory to store the chunk data in function ReadOneJNGImage Due to a lack of valition, memory is not limited for corrupted files. (Closes: #870107). Fix CVE-2017-12643. + memory leak in ReadOneJNGImage #550 A crafted file could trigger a memory leak (Closes: #870108). Fix CVE-2017-12641. + out-of-bounds read with the MNG CLIP chunk. (Closes: #870109) + coders/png.c: Memory leak Fixed Issue 600 (Closes: #870116) + memory leak in ReadOneJNGImage (upstream 602) Fix a leak triggered by a corrupted file (Closes: #870115). Fix CVE-2017-12565. + Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT Some version of libpng need serialization for error recovery of hard lock. Could be triggered by a corrupted file (Closes: #870111) + memory leak in ReadOneMNGImage #619 A memory leak vulnerability was found in function ReadOneMNGImage, which allow attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #870117). Fix CVE-2017-12673. + memory leak in ReadOneJNGImage #618 Triggered by a corrupted file (Closes: #870118). Fix CVE-2017-12676. + bad free in RelinquishMagickMemory (Closes: #870119). Fix CVE-2017-12671. + CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage (Closes: #870120) + CVE-2017-12428: memory leak in CloneDrawInfo (Closes: #869713) -- Bastien Roucariès Sat, 29 Jul 2017 17:14:38 +0200 imagemagick (8:6.9.7.4+dfsg-14) unstable; urgency=high * Security bugs: + assertion failed in DestroyImageInfo A assertion failed in DestroyImageInfo, leading to DOS (Closes: 870014). Fix CVE-2017-12434. + CVE-2017-11523: endless loop in ReadTXTImage If text image file only contains "MagickID..." line, it will cause ReadTXTImage to infinite loop. (Closes: #869210). + Memory leak in mat coder Fix a memory leak in mat coder triggered by a special crafted file (Closes: #870013). + Use of uninitialized data in ImageMagick/coders/mat.c The coder accesses uninitialized data which might pose a security issue or at least a bug. The first undefined access happens within coders/mat.c:1196 in a call to calcMinMax(). The back part of the buffer bImgBuff is now large enough but does seemingly not contain any sensible data. (Closes: #870012) + CVE-2017-11644 A special crafted file create a memory leak in MAT file coder. The code need to free two buffer in some exceptionnal circonstances, instead than just one is freed (Closes: #870016) + Memory leak in mat coder A special crafted file create a memory leak in MAT coder (Closes: #870015). Fix CVE-2017-12667. + Memory leak in mat coder In case of corrupted file, cloned image (temporarly image) should be freed (Closes: #870017). Fix CVE-2017-12564. + assertion failed in DestroyImageInfo due to mat coder (Closes: #870019) + assertion failed in DestroyImage due to mat coder (Closes: #870020). Fix CVE-2017-12670. + Memory leak in mat coder (upstream 617) (Closes: #870021). Fix CVE-2017-12672. + Memory leak in mat coder (upstream 616) (Closes: #870022). Fix CVE-2017-12675. + Memory leak in mat coder (upstream 624) (Closes: #870023). CVE-2017-11724 -- Bastien Roucariès Sat, 29 Jul 2017 00:51:39 +0200 imagemagick (8:6.9.7.4+dfsg-13) unstable; urgency=high * Fix a typo in changelog about CVE numbers * Security fixes: + Really Fix CVE-2017-9500 (Closes: #867778) An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. + Fix CVE-2017-11446 (Closes: #868950) The ReadPESImage function in coders\pes.c has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. + CVE-2017-11523: endless loop in ReadTXTImage If text image file only contains "MagickID..." line, it will cause ReadTXTImage to infinite loop. (Closes: #869210). + Use after free in ReadWMFImage When identify WMF file, a crafted file revealed a use-after-free vulnerability. (Closes: #869715). Fix CVE-2017-12431. + CVE-2017-11534: Memory-Leak in lite_font_map() In coders/wmf.c a memory leak is triggered by a crafted file. (Closes: #869711). + CVE-2017-11537: palm coder FPE When ImageMagick processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (Closes: #869712) + Memory leak in WritePALMImage Fix memory leak due to crafted file in palm coder. (Closes: #869721). Fix CVE-2017-12664. + Fix another memory leak in quantize.c (Closes: #869722). Fix CVE-2017-12664. + CVE-2017-11531 Memory-Leak in WriteHISTOGRAMImage() A crafted file could trigger a Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c (Closes: #869725) + Avoid a crash in mpc coder A crafted file could trigger a crash in the mpc coder. (Closes: #869728). + Fix a memory leak in enhance.c Fix a potential memory leak if memory could not be allocated for one of histogram or stretch_map. If both cannot be allocated, there is no memory leak. If only one is allocated and the other fails, there is a memory leak of the one that could not be allocated. There is very little chance the allocations would fail. (Closes: #869769). + Fix a memory leak in jpeg and mpc coder A leak due to exception handling exist in MPC and JPEG coder. This could be triggerd by a crafted file. (Closes: #869791). + Fix memory exhaustion in mpc coder When identify MPC file , imagemagick will allocate memory to store the data. The function StringToUnsignedLong convert string to unsigned long type, but the return value was not checked. Here is my policy.xml to limit memory usage,but 256MB limit can be bypassed. (Closes: #869727). Fix CVE-2017-12430. + Fix a leak in mpc file due to corrupted profiles (Closes: #869796). Fix CVE-2017-12642. + CVE-2017-11532: memory leak When Imagemagick processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (Closes: #869726) + CVE-2017-11535: heap based overflow in ps.c When ImageMagick processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. (Closes: #869827) + CVE-2017-11536 memory leak in jp2 coder When ImageMagick processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. (Closes: #869831) + Fix a crash in jp2 codec Lack of validation of jp2 could lead to a crash (Closes: #869830) + CVE-2017-11533: heap buffer overflow in uil coder When ImageMagick processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. (Closes: #869834) -- Bastien Roucariès Tue, 25 Jul 2017 22:13:44 +0200 imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium * Fix security bugs: + Previous CVE-2017-9144 fix was incomplete. A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c (Closes: #863126, #868469). Fix CVE-2017-11352. + CVE-2017-10928: A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Closes: #867367). + CVE-2017-9500: An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (Closes: #867778). + CVE-2017-9501: An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (Closes: #867721). + CVE-2017-9440: A memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (Closes: 864273). + CVE-2017-9439: A memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (Closes: #864274). + CVE-2017-11188: CPU exhaustion in ReadDPXImage Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295. This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small. (Closes: #867806) + CVE-2017-11141: memory exhaustion in ReadMATImage When identify MAT file, imagemagick will allocate memory to store data in function ReadMATImage. Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate a anysize amount of memory, this may cause a memory exhaustion (Closes: #868264) + CVE-2017-11170: memory exhaustion in ReadTGAImage When identify VST file, imagemagick will allocate memory to store data in function ReadTGAImage in coders/tga.c using tga_info.bits_per_pixel field diretly from VST file without checking in tga.c By review the founction code, tga_info.bits_per_pixel max valid value is 32. On 32bit os, size_t one will be 32bit, so image->colors can be overflow to 0. On 64bit os, size_t one will be 64bit, so image->colors can be large as 0x100000000(64GB). (Closes: #868184) + Memory exhaustion in ReadCINImage (CVE-2017-11525) When identify CIN file that contains User defined data, imagemagick will allocate memory to store the data in function ReadCINImage in coders\inc.c There is a security checking in the function SetImageExtent, but it after memory allocation, so IM can not control the memory usage (Closes: #867810) + CPU exhaustion in ReadRLEImage A corrupted rle file could trigger a DOS (Closes: #867808). Fix CVE-2017-11360. + Memory leak in ReadDIBImage in dib.c (CVE-2017-11528) The ReadDIBImage function in dib.c allows attackers to cause a denial of service (memory leak) via a small crafted dib file. (Closes: #867811) + Memory exhaustion in ReadDPXImage in dpx.c (CVE-2017-11527) When identify DPX file that contains user header data, imagemagick will allocate memory to store the data in function ReadDPXImage in coders\dpx.c There is a security checking in the function SetImageExtent, but it is too late, so IM can not control the memory usage. (Closes: #867812) + Enable heap overflow check for stdin for mpc files Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. (Closes: #867896). Fix CVE-2017-11449. + Assertion failure in WriteBlob (CVE-2017-11524) A crafted file revealed an assertion failure in blob.c. (Closes: #867798) + Memory exhaustion in ReadEPTImage in ept.c (CVE-2017-11530) When identify EPT file , imagemagick will allocate memory to store the data. There is a security checking in the function SetImageExtent, but it is not used in the allocation function, so IM can not control the memory usage. (Closes: #867821) + CPU exhaustion in ReadOneJNGImage (CVE-2017-11505/CVE-2017-11526) Due to lack of validation of PNG format, imagemagick could loop 2^32 in a CPU intensive loop. (Closes: #867824, #867825). + CPU exhaustion in ReadOneDJVUImag (CVE-2017-11478) Due to lack of format validation, a crafted file will cause a loop to run endless. (Closes: #867826). + Zero pixel buffer Avoid a data leak in case of incorrect file by clearing a buffer (Closes: #867893). Fix CVE-2017-11448. + memory leak in ReadMATImage in mat.c (CVE-2017-11529) The ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a small crafted mat file. (Closes: #867823). + Avoid heap based overflow for jpeg A corrupted jpeg file could trigger an heap overflow (Closes: #867894). Fix CVE-2017-11450. + Fix a memory leak in screenshot coder. Fix CVE-2017-11447. (Closes: #867897) -- Bastien Roucariès Fri, 14 Jul 2017 15:35:15 +0200 imagemagick (8:6.9.7.4+dfsg-11) unstable; urgency=high * Fix minor security bugs: + CVE-2017-9405: Memory leak in the icon file coder. (Closes: #864087) + CVE-2017-9407: the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #864089). + CVE-2017-9409: the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #864090). -- Bastien Roucariès Sun, 04 Jun 2017 12:02:50 +0200 imagemagick (8:6.9.7.4+dfsg-10) unstable; urgency=medium * Fix minor security bugs: + CVE-2017-9262: Memory leak in the ReadJNGImage function (Closes: #863834). + CVE-2017-9261: Memory leak in the ReadMNGImage function (Closes: #863833). -- Bastien Roucariès Thu, 01 Jun 2017 11:57:38 +0200 imagemagick (8:6.9.7.4+dfsg-9) unstable; urgency=high * Security fixes assertion failure and memory leaks: + Check for EOF conditions for RLE image format. (Closes: #863126). Fix CVE-2017-9144. + A crafted file revealed an assertion failure in blob.c. (Closes: #863125). Fix CVE-2017-9142. + A crafted file revealed an assertion failure in profile.c. (Closes: #863124). Fix CVE-2017-9141. + Specially crafted arts file could lead to memory leak. (Closes: #863123). Fix CVE-2017-9143. * Fix an information leak due to the use of uninitialized memory in RLE decoder. (Closes: #862967). Fix CVE-2017-9098. -- Bastien Roucariès Sat, 27 May 2017 15:54:06 +0200 imagemagick (8:6.9.7.4+dfsg-8) unstable; urgency=high * Bug fix: "Built-Using field with binary version", thanks to Aurelien Jarno (Closes: #862690). -- Bastien Roucariès Mon, 15 May 2017 23:35:30 +0200 imagemagick (8:6.9.7.4+dfsg-7) unstable; urgency=medium * Fix a few securities bug: + Fix CVE-2017-8343: The ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #862572). + Fix CVE-2017-8344: Fix DOS in PCX file coders. (Closes: #862574). + Fix CVE-2017-8345: The ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #862573) + Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #862575). + Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577). + Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578). + Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579). + Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587). + Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589). -- Bastien Roucariès Sun, 14 May 2017 23:17:06 +0200 imagemagick (8:6.9.7.4+dfsg-6) unstable; urgency=high * Fix three securities bug: + CVE-2017-7941 memory leak in sgi (Closes: #860734). + CVE-2017-7942 memory leak in avs (Closes: #860735). + CVE-2017-7943 Memory leak in svg (Closes: #860736). -- Bastien Roucariès Wed, 19 Apr 2017 22:23:18 +0200 imagemagick (8:6.9.7.4+dfsg-5) unstable; urgency=medium * Bug fix: "imagemagick-doc upgrade failure: dpkg-maintscript-helper: error: missing arguments after --", thanks to Adrian Bunk (Closes: #860280). -- Bastien Roucariès Fri, 14 Apr 2017 12:19:36 +0200 imagemagick (8:6.9.7.4+dfsg-4) unstable; urgency=high * Security fixes: + CVE-2017-7606: Undefined behavior in rle (Closes: #859771). + CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769). * Bug fix: "fails to upgrade wheezy jessie stretch", thanks to Andreas Beckmann (Closes: #847282). -- Bastien Roucariès Wed, 12 Apr 2017 23:20:43 +0200 imagemagick (8:6.9.7.4+dfsg-3) unstable; urgency=medium * Bug fix: "fails to upgrade wheezy jessie stretch", thanks to Andreas Beckmann (Closes: #847282). * Fix man pages typo due to bad pattern in debian/rules (Closes: #859495). * Add my debian address. -- Bastien Roucariès Tue, 04 Apr 2017 15:05:41 +0200 imagemagick (8:6.9.7.4+dfsg-2) unstable; urgency=high * Fix a few security bugs: + Assertion failure in TGA coder (Closes: #856878). Fix CVE-2017-6498. + Out of bound in sun file coder (Closes: #856879). Fix CVE-2017-6500. + Memory leak in libmagick++ library (Closes: #856880). Fix CVE-2017-6499. + Missing null pointer check in xcf coder (Closes: #856881) and psd coder (Closes: #856882). Fix CVE-2017-6501 and CVE-2017-6497. -- Bastien Roucariès Sun, 05 Mar 2017 23:21:36 +0100 imagemagick (8:6.9.7.4+dfsg-1) unstable; urgency=high * New upstream version: + Fix display -loop option not working/missing (Closes: #793629). + Honor $TMPDIR (Closes: #791460). + Fix inverted colors for monochrome images (Closes: #849507). + Fix imagemagick not run from menu in Mate (Closes: #773426). * Fix a few security bugs: + off-by-one string copy in wpg file handling (Closes: #851483). Fix CVE-2016-7533. + check return of memory allocation in ipl file handling (Closes: #851485). Fix CVE-2016-10144. + Fix a heap overflow in psb file handling (Closes: #851374). Fix CVE-2017-5511. + Fix Crash - PushQuantumPixel - Heap-Buffer-Overflow in tiff file handling (Closes: #851381). Fix CVE-2017-5508. + Fix a memory corruption in psb file (Closes: #851376). Fix CVE-2017-5510. + Fix an out of bound in psd file handling (Closes: #851377). CVE-2017-5509. + Check fwrite by using ferror (Closes: #849439). Fix CVE-2016-10062. + Avoid double free in profile.c (Closes: #851383). Fix CVE-2017-5506. + Fix memory leak in MPC image format. (Closes: #851382). Fix CVE-2017-5507. * update copyright years in debian/copyright. * Relax ${source:Version} depends for imagemagick-6-common. * Add more security POC -- Bastien Roucariès Sun, 15 Jan 2017 16:38:03 +0100 imagemagick (8:6.9.7.0+dfsg-2) unstable; urgency=medium * Generate symbols file from generic version for core and wand. * Bug fix: "also clean up quantum control file fragments during update_pkg", thanks to Nishanth Aravamudan (Closes: #846261). * Use %F instead of %f in .desktop file. * Upload to unstable. -- Bastien Roucariès Fri, 30 Dec 2016 09:47:13 +0100 imagemagick (8:6.9.7.0+dfsg-1) experimental; urgency=high * Bump so version due to structure change thanks to Nishanth Aravamudan (Closes: #846385). * Fix CVE-2016-8707 ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability (Closes: #848139) * Bug fix: "fails to upgrade wheezy -> jessie -> stretch", thanks to Andreas Beckmann (Closes: #847282). -- Bastien Roucariès Mon, 19 Dec 2016 11:13:39 +0100 imagemagick (8:6.9.6.6+dfsg-1) unstable; urgency=high * New upstream release. * Fix CVE-2016-8862: memory allocation failure in AcquireMagickMemory (memory.c). (Closes: #845634). * Drop a few debians patches used by upstream. -- Bastien Roucariès Fri, 25 Nov 2016 23:17:24 +0100 imagemagick (8:6.9.6.5+dfsg-1) unstable; urgency=high * Upload to unstable * Fix CVE-2016-9298: heap overflow in WaveletDenoiseImage(). (Closes: #844211). * Fixed memory leak in psd file handling. (Closes: #845239). Fix CVE-2016-10058. * Fix security bug; "Prevent fault in MSL interpreter" (Closes: #845241). Fix CVE-2016-10068. * Fix null pointer dereference in TIFF file handling (Closes: #845243). Fix CVE-2016-9559. * Prevent heap buffer overflow in heap-buffer-overflow in IsPixelGray. Backport fixes from upstream. (Closes: #845242). Fix CVE-2016-9556. * Supports XPM with > 8464 colours. (Closes: #842632). * Use safer policy.xml file. * Improve postinst file by checking version. * Improve rules by using set -e -- Bastien Roucariès Wed, 23 Nov 2016 13:59:54 +0100 imagemagick (8:6.9.6.2+dfsg-3) experimental; urgency=medium * Simplify rules. * Control could be now generated from rules by maintainer. * Improve main program postinst/prerm scripts. * Switch to compat 10. * Improve test suite by including perl test. * Create packages for HDRI (Closes: #476357). Will allow smooth transition to imagemagick 7. * Thus closing "imagemagick; imagemagick-6.q16 packages have the same binary", thanks to Ross Gammon (Closes: #817842). Now we have imagemagick-6.q16hdri.* * Move files from libmagickcore to imagemagick-6-common. -- Bastien Roucariès Sun, 06 Nov 2016 13:51:44 +0100 imagemagick (8:6.9.6.2+dfsg-2) unstable; urgency=medium * Upload to unstable. -- Bastien Roucariès Thu, 13 Oct 2016 12:32:02 +0200 imagemagick (8:6.9.6.2+dfsg-1) experimental; urgency=high * New upstream release. * Fix CVE-2016-7906 mogrify use after free (Closes: #840435). * Fix CVE-2016-7799 mogrify global buffer overflow (Closes: #840437). -- Bastien Roucariès Tue, 11 Oct 2016 12:18:59 +0200 imagemagick (8:6.9.5.9+dfsg-1) experimental; urgency=medium * Security bug fix: "Prevent runtime error: divide by zero" (Closes: #836174). * Improve privacy rules. * Acknowledge NMUs from Emilio Pozuelo Monfort, and from Mattia Rizzolo. * Fix git header thanks to Mattia Rizzolo. -- Bastien Roucariès Sat, 17 Sep 2016 21:26:12 +0200 imagemagick (8:6.9.5.8+dfsg-1) UNRELEASED; urgency=medium * Prepare HDRI version by generating a few install file. * Bug fix: "Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report from Donghai Zhu)", thanks to Bastien ROUCARIES (Closes: #836172). Fix CVE-2016-10054, CVE-2016-10055, CVE-2016-10056, and CVE-2016-10057. * Bug fix: "TIFF divide by zero", thanks to Bastien ROUCARIES (Closes: #836171). Fix CVE-2016-10053. * Avoid buffer overflow in SGI file handling (Closes: #836776). Fix CVE-2016-7101. * Use autopkgtest. * So bump for gcc6. -- Bastien Roucariès Mon, 05 Sep 2016 15:34:53 +0200 imagemagick (8:6.9.5.7+dfsg-1) UNRELEASED; urgency=medium * New upstream version. Fix a few security problems (Closes: #823750): - Fix a off-by-one error leading to segfault (Closes: #832455). Fix CVE-2016-7513. - Fix an out-of-bounds read in coders/psd.c (Closes: #832457, LP: #1533442). Fix CVE-2016-7514. - Fix rle file handling for corrupted file (Closes: #832461, LP: #1533445). Fix CVE-2016-7515. - Fix a buffer overflow in sun file handling (Closes: #832464). Fix CVE-2015-8957. - Fix a potential DOS in sun file handling due to malformed files (Closes: #832465). Fix CVE-2015-8958. - Fix multiple out of bound problem in rle, pict, viff and sun files (Closes: #832467, LP: #1533452, LP: #1533449, LP: #1533447, LP: #1533445). Fix CVE-2016-7519, CVE-2016-7518, CVE-2016-7517 and CVE-2016-7516. - Fix a heap overflow in hdr file handling (Closes: #832469, LP: #1537213). Fix CVE-2016-7520. - Fix a heap buffer overflow in psd file handling (Closes: #832474, LP: #1537418). Fix CVE-2016-7521. - Fix an out of bound access for malformed psd file (Closes: #832475, LP: #1537419). Fix CVE-2016-7522. - Fix a meta file out of bound access (Closes: #832478, LP: #1537420). Fix CVE-2016-7524 and CVE-2016-7523. - Fix heap buffer overflow in psd file coder (Closes: #832480, LP: #1537424). Fix CVE-2016-7525. - Fix an out of bound access in wpg file coder (Closes: #832482, LP: #1539050, LP: #1542115). Fix CVE-2016-7527 and CVE-2016-7526. - Fix out of bound access for viff file coder (Closes: #832483, LP: #1537425). Fix CVE-2016-7528. - Fix an out of bound access in xcf file coder (Closes: #832504, LP: #1539051, LP: #1539052). Fix CVE-2016-6823 and CVE-2016-7529. - Fix out of bound in quantum handling (Closes: #832506, LP: #1539067, LP: #1539053). Fix CVE-2016-7530. - Fix a pbd file out of bound access (Closes: #832633, LP: #1539061, LP: #1542112). Fix CVE-2016-7531. - Fix handling of corrupted psd file (Closes: #832776, LP: #1539066). Fix CVE-2016-7101 and CVE-2016-7532. - Fix a wpg file out of bound for corrupted file (Closes: #832780, LP: #1542114). Fix CVE-2016-7533. - Fix an out of bound access in generic decoder (Closes: #832785, LP: #1542785). Fix CVE-2016-7534. - Fix an out of bound access for corrupted psd file (Closes: #832787, LP: #1545180). Fix CVE-2016-7535. - Fix a SEGV reported in corrupted profile handling (Closes: #832789, LP: #1545367). Fix CVE-2016-7536. - Fix an out of bound access for corrupted pdb file (Closes: #832791, LP: #1553366). Fix CVE-2016-7537. - Fix a SIGABRT for corrupted pdb file (Closes: #832793, LP: #1556273). Fix CVE-2016-7538 - Fix an out of bound in generic decoder. (Closes: #832783, LP: #1542785). - Prevent buffer overflow in magick/draw.c. Fix CVE-2016-4562, CVE-2016-4563, CVE-2016-4564. (Closes: #832885, #832887, #832888). - Fix DOS due to corrupted DDS files (Closes: #832942, #832944). Fix CVE-2015-8959 and CVE-2014-9907. - Fix out of bounds memory read for DDS files. This fix CVE-2016-5687. (Closes: #832890). - Prevent possible buffer overflow when reading TIFF images. This fix CVE-2016-5010. (Closes: #832968). - Fix out of bound access for corrupted WPG file. This fix CVE-2016-5688. (Closes: #833003). - Add additional checks to DCM reader to prevent data-driven faults. This fix CVE-2016-5689, CVE-2016-5690, CVE-2016-5691. (Closes: #833044, #833043, #833042). - Improve checking of EXIF profile to prevent integer overflow. This fix CVE-2016-5841 and CVE-2016-5842. (Closes: #831034). - Prevent buffer overflow in properties reading. This fix CVE-2016-6491. (Closes: #833099). - Fix potential DOS by not releasing memory. (Closes: #833101). Fix CVE-2016-7539. - Fix abort when writing to rgf format. (Closes: #827643, LP: #1594060). Fix CVE-2016-7540. - Fix buffer overflow in draw.c (Closes: #833730). Fix CVE-2016-10046. - Fix memory leak in xml file parsing. (Closes: #833730). Fix CVE-2016-10046. - Do not load abitrary user modules. (Closes: #833732). - Fix segfault in ReadRLEImage. (Closes: #833743). - Fix RLE check for pixel offset less than 0. (Closes: #833744). Fix CVE-2016-10050. - Prevent possible stack overflow (Closes: #833812). * Remove Daniel Kobras for uploaders. Thanks Daniel. (Closes: #832378). * Add JPEG support based on openjpeg. (Closes: #818203, #813343). * Add indication about imagemagick-doc in man pages. (Closes: #822850). * Fix privacy rules and fixes some deadlink using XLST. * Improve linking of modules by adding if needed libz and libm. * Avoid a double free. (Closes: #834183). Fix CVE-2016-10051 * Avoid an out of bound access for malformed exif data. (Closes: #834501). Fix CVE-2016-10052 * Avoid a DOS due to improper locking in magick++ lib. (Closes: #834163). * Add upstream patch in order to avoid a buffer overflow in bmp file reader. (Closes: #834504). Fix CVE-2016-6823. * Bump standard version. No change. -- Bastien Roucariès Tue, 16 Aug 2016 22:32:02 +0200 imagemagick (8:6.9.2.10+dfsg-3) UNRELEASED; urgency=low * Remove previous -im6 alternatives to avoid unnecessary but harmless messages at upgrade time (closes: #813426) * Build upon patch by Diederik de Haas to clarify what you need to install the -extra package for (closes: #813566) * Bug fix: "cannot upgrade: /usr/share/doc/imagemagick contains files not owned by package imagemagick:all", thanks to Vincent Lefevre (Closes: #814480, #813426). imagemagick is now a arch:any package working arround a dpkg bug. -- Vincent Fourmond Thu, 04 Feb 2016 22:24:07 +0100 imagemagick (8:6.9.2.10+dfsg-2) experimental; urgency=medium * Drop imagemagick binary package. Paving the way to multiple channel depth binaries and HDRI. Fix also multi-arch problems (Closes: #761836, #810591, #772603). * Fix desktop file (Closes: #812481). * Simplify debian/rules * Fix a mistake for installing config files. -- Bastien Roucariès Sat, 30 Jan 2016 18:50:09 +0100 imagemagick (8:6.9.2.10+dfsg-1) experimental; urgency=medium * New upstream version. * Repack in order to avoid non free test images from upstream. * Security bug fixes (Closes: #799524, #799891) - Fix a Null dereference in coders/png.c (LP: #1492881). - Fix a double free in coders/tga.c (LP: #1490362). - Avoid a null pointer dereference in JNG decoder. - Avoid a DOS for RLE file.. - Avoid a bufer overflow by using field limit in sprintf. - Avoid a stack overflow in fx handling. - Fixed size of memory allocation in RLE coder to avoid segfault (LP: #1496649). - Add extra checks to avoid out of bounds error when parsing the 8bim profile. (LP: #1496645). - Fixed memory leak when reading incorrect PSD files - Fix PixelColor off by one on i386. - Fix out of bounds error in -splice operator. - Prevent null pointer access in magick/constitute.c - Fix another memory leak in string handling. * Fix density of JPEG working around TeX bug (Closes: #763799). * Recompile with g++-5 (Closes: #798597). * Replace quantum depth by channel depth (Closes: #762004). * Prepare imagemagick 7 by renaming imagemagick-common package to imagemagick-6-common and imagemagick-doc to imagemagick-6-doc. * Symlink doc dir of arch:all package to imagemagick-6-common. -- Bastien Roucariès Sun, 27 Dec 2015 22:36:38 +0100 imagemagick (8:6.9.1.2-1) experimental; urgency=low * New upstream version: - Fix MagickSetImageBias() has no effect for MagickConvolveImage() (Closes: #779939) - Fix segmentation fault using corrupted file (LP: #144963, #1448801, #1448795, #1448767). - Fix a denial of service flaw in MIFF file processing. Fix CVE-2015-8901. - Fix a denial of service flaw in VICAR file processing. Fix CVE-2015-8903. - Fix a denial of service flaw in HDR file processing. Fix CVE-2015-8900. - Fix a denial of service flaw in PDB file processing. Fix CVE-2015-8902. * Fix build on mips by printing progress (Closes: #770009). * Drop previous security patches, merged upstream. * Use http instead of ftp for uscan. * Fix regression: "missing JPEG-2000 support", thanks to Yuriy Yevtukhov (Closes: #773530). * libmagickcore-6.q16-2-extra recommends libjxr-tools, thanks to Mathieu Malaterre (Closes: #771312). * Bug fix: "desktop file icon is still not displayed", thanks to Markus Koschany (Closes: #767973,#780490). * Bug fix: "please make the build reproducible", thanks to Reiner Herrmann (Closes: #783933). * Upstream break c++ ABI: - Bump c++ soname. - Add new symbols to symbols file. * Fix perlmagick: "Text functions segfault on i386", thanks to Matthias Großmann (Closes: #777158). * Bug fix: "wrong path to documentation in convert man page", thanks to Yvan Masson (Closes: #778541). * Suggest to install imagemagick doc in man page, thanks to Gregor Herrmann (Closes: #727739). -- Bastien Roucariès Sat, 16 May 2015 19:23:39 +0200 imagemagick (8:6.8.9.9-7.2) unstable; urgency=medium * Non-maintainer upload. * Remove libjasper-dev dependencies. Closes: #818203 -- Mattia Rizzolo Mon, 27 Jun 2016 12:55:02 +0000 imagemagick (8:6.8.9.9-7.1) unstable; urgency=medium * Non-maintainer upload. * 0082-Fix-CVE-2016-5118-disable-filename-pipes.patch: + Fix CVE-2016-5118: disable pipes in filenames to avoid arbitrary command execution. Closes: #825799. -- Emilio Pozuelo Monfort Wed, 01 Jun 2016 21:48:10 +0200 imagemagick (8:6.8.9.9-7) unstable; urgency=low * Fix various minor security issues - Fix an integer overflow that can lead to a buffer overrun in the icon parsing code (LP: #1459747, closes: #806441) Fix CVE-2015-8895. - Fix an integer overflow that can lead to a double free in pict parsing (LP: #1448803, closes: #806441). Fix CVE-2015-8896. - Memory Leak while handle psd file (closes: #811308) http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791 - IM 6.9.2 crash with some PNG (closes: #811308, LP: #1492881) http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 - Null pointer access in magick/constitute.c (closes: #811308) https://github.com/ImageMagick/ImageMagick/pull/34 - PixelColor off by one on i386 (closes: #811308) https://github.com/ImageMagick/ImageMagick/issues/54 - Fixed other memory leaks (closes: #811308) -- Vincent Fourmond Sun, 17 Jan 2016 21:18:19 +0100 imagemagick (8:6.8.9.9-6) unstable; urgency=high * Fix build on mips by printing progress (Closes: #770009). * Fix a few security bugs: (closes: #799524) - A DOS on specially crafted MIFF file (CVE-2015-8901). - A DOS on specially crafted Vicar file (CVE-2015-8903). - A DOS on specially crafted HDR file (CVE-2015-8900). - A DOS on specially crafted PDB file (CVE-2015-8902). - Avoid a null pointer dereference in JNG decoder. - Avoid a DOS for RLE file. - Avoid double free on TGA file. (CVE-2015-8894) - Avoid a bufer overflow by using field limit in sprintf. - Avoid a stack overflow in fx handling. * Replace density of 1 for JPEG by unknown working around a TeX bug (Closes: #763799). -- Bastien Roucariès Sat, 12 Sep 2015 23:06:08 +0200 imagemagick (8:6.8.9.9-5.1) unstable; urgency=medium * Non-maintainer upload. [ Matthias Klose ] * Renamed library for gcc5 transition libmagick++-6.q16-5 -> libmagick++-6.q16-5v5 [ Simon McVittie ] * Don't add a lintian override for the libmagick++-6.q16-5v5 name, current lintian accepts this name * Don't clear the symbols files for the C ABIs, only the C++ ABI -- Simon McVittie Wed, 12 Aug 2015 07:50:55 +0100 imagemagick (8:6.8.9.9-5) unstable; urgency=high * Fix incorrect fix for xpm security problem. This patch fixed the buffer overflow but xpm coder output garbage, thanks to Adam Sjøgren (Closes: #773980). * Workarround "Imagemagick FTBFS on mips on mips-aql-* not on ball". Do not execute testsuite if FPU is not present. Security team want this bug fixed in order to ease it work, thanks to Ivo De Decker (Closes: #770009). -- Bastien Roucariès Mon, 29 Dec 2014 11:51:58 +0100 imagemagick (8:6.8.9.9-4) unstable; urgency=high * Fix a few security bugs (Closes: #773834): - Avoid a DOS in vision.c due to an infinite loop. (CVE-2014-9804) - Avoid a SEGV due to a corrupted pnm file. (CVE-2014-9805) - Do not leak fd due to corrupted file. (CVE-2014-9806) - Fix a double free in pdb coder. (CVE-2014-9807) - Fix a SEGV due to corrupted dpc and xwd images. (CVE-2014-9808) - Fix a SEGV in dpx file handler. (CVE-2014-9810) - Fix a SEGV in malformed xwd file handler. (CVE-2014-9809) - Avoid a NULL pointer dereference in ps file handling. (CVE-2014-9812) - Fix a crash with corrupted viff file. (CVE-2014-9813) - Fix a NULL pointer dereference in wpg file handling. (CVE-2014-9814) - Do not continue on corrupted wpg file. (CVE-2014-9815) - Avoid an out of bound access in viff image. (CVE-2014-9816) - Avoid a heap buffer overflow in pdb file handling. (CVE-2014-9817) - Avoid an out of bound acess on malformed sun file. (CVE-2014-9818) - Avoid heap overflow in palm, pnm and xpm files. (CVE-2014-9819, CVE-2014-9820, CVE-2014-9821) - Fix heap overflow in quantum, palm and psd file. (CVE-2014-9822, CVE-2014-9823, CVE-2014-9824) - Fix handling of corrupted of psd, sun and xpm file. (CVE-2014-9825, CVE-2014-9826, CVE-2014-9827) - Fix corrupted (too many colors) psd file. (CVE-2014-9828) - Fix an out of bound acess in sun file. (CVE-2014-9829) - Fix handling of corrupted sun and wpg file. (CVE-2014-9830, CVE-2014-9831) - Fix heap overflow in pcx file, psd, pict and wpf files and DOS in xpm files. (CVE-2014-9832, CVE-2014-9833, CVE-2014-9834, CVE-2014-9835, CVE-2014-9836) - Add additional PNM sanity checks. (CVE-2014-9837) - Avoid a crash to out of memory in magick/cache.c (CVE-2014-9838) - Fix a theorical out of bound access in magick/colormap-private.h (CVE-2014-9839) - Fix an out of bound access in palm file. (CVE-2014-9840) - Fixed throwing of exceptions in psd handling and fix a memory leak. (CVE-2014-9842) - Fixed boundary checks in DecodePSDPixels. (CVE-2014-9843) - Fix another out of bound problem in rle file. (CVE-2014-9844) - Fix crash due to corrupted dib file. (CVE-2014-9845) - Added checks to prevent overflow in rle file. (CVE-2014-9846) - Impose a limit of 10 million columns or rows in an input PNG - Don't try to handle a "previous" image in the JNG decoder. (CVE-2014-9847) - Avoid a memory leak in quantum management. (CVE-2014-9848) - Avoid a crash in png coder. (CVE-2014-9849) - Thread limit should be at least 1 in order to be efficient. (CVE-2014-9850) - In psd file handling fixed parsing resource block and avoid a crash. (CVE-2014-9851) - In cache fix usage of object after it has been destroyed. - Avoid a memory leak in rle file handling. (CVE-2014-9852) - During identification of image do not fill memory. (CVE-2014-9854) -- Bastien Roucariès Tue, 23 Dec 2014 22:02:08 +0100 imagemagick (8:6.8.9.9-3) unstable; urgency=high * Fix a security bug (DOS). Some special crafted JPEG files could create a dos due to missing check in embeded EXIF properties (EXIF directory offsets must be greater than 0). Fix CVE-2014-8716 (Closes: #768494). -- Bastien Roucariès Fri, 07 Nov 2014 21:16:20 +0100 imagemagick (8:6.8.9.9-2) unstable; urgency=high * Remove build-dep loop. Remove inkscape. -- Bastien Roucariès Tue, 28 Oct 2014 18:48:01 +0100 imagemagick (8:6.8.9.9-1) unstable; urgency=high * New upstream version, fixing four security problems: - Remotely DOS: "convert +profile regression enters infinite loop exhausting memory", thanks to Yuri D'Elia (Closes: #764872). Fix CVE-2014-8561. - Fixed buffer overflow in PCX and DCM coder. Fix CVE-2014-8562 and CVE-2014-8355. - Don't clone a 0x0 image breaking some assumption in client code. Fix CVE-2014-8354. - Off-by-one count when parsing an 8BIM profile. * Fix identify -quiet has non zero exit code on warnings (Closes: #763686). * Fix "convert -crop" doesn't just crop, but makes the output darker than the input (Closes: #731157). * Fix identify warning is now an error (Closes: #761918). * Fix unrecognized color in xpm image (Closes: #754107). * Fix display exits with non-zero return code (Closes: #763794). * Fix imagemagick changes contrast of b/w images. (Closes: #712493). * Fix desktop file icons are not displayed due to wrong icon names. (Closes: #765416, #758276). * Tighten up the depends between imagemagick-common and other components. (Closes: #753770). * Add obsolete config scripts (not multiarch safe) to /usr/lib/$DEB_HOST_MULTIARCH/ImageMagick-6/bin-$QUANTUMDEPTH/ where $DEB_HOST_MULTIARCH is the multiarch triplet and $QUANTUMDEPTH is the current quantum depth. (Closes: #764899). Document it under NEWS (Closes: #761927). * Bump policy version. No changes. -- Bastien Roucariès Mon, 27 Oct 2014 13:24:54 +0100 imagemagick (8:6.8.9.6-4) unstable; urgency=medium * Upload to unstable -- Bastien Roucariès Fri, 05 Sep 2014 21:58:20 +0200 imagemagick (8:6.8.9.6-3) experimental; urgency=high * Bug fix: "error: original symlink target is not an absolute path", thanks to 積丹尼 Dan Jacobson (Closes: #758760). -- Bastien Roucariès Thu, 21 Aug 2014 13:34:12 +0200 imagemagick (8:6.8.9.6-2) experimental; urgency=high * Do not tune the architecture for compiling. Fix "Illegal instruction", thanks to 積丹尼 Dan Jacobson (Closes: #757996). -- Bastien Roucariès Wed, 13 Aug 2014 11:52:13 +0200 imagemagick (8:6.8.9.6-1) experimental; urgency=medium * Prepare perl transition (/usr/lib/perl5 move to /usr/lib/$ARCH_TRIPLET/perl5/) and avoid FTBFS (closes: #750095). * Fix dependency problem: libmagick++ need to depends on header packages. * New upstream version: - sodump of magick++ needed because of a small class layout change. -- Bastien Roucariès Mon, 11 Aug 2014 15:20:07 +0200 imagemagick (8:6.8.8.9-3) experimental; urgency=low * Tighten up the depends between imagemagick and imagemagick-6.q16 to avoid missing (version-dependent) symlinks when imagemagick is updated while imagemagick-6.q16 isn't (closes: #743042) -- Vincent Fourmond Sat, 05 Apr 2014 22:11:06 +0200 imagemagick (8:6.8.8.9-2) experimental; urgency=low * Update symbol files -- Vincent Fourmond Sat, 29 Mar 2014 23:09:40 +0100 imagemagick (8:6.8.8.9-1) experimental; urgency=medium * New upstream version: - Fix symbols files by adding new symbols. * Fix html breakage in upstream documentation. -- Bastien Roucariès Sat, 22 Mar 2014 12:32:58 +0100 imagemagick (8:6.8.8.8-1) UNRELEASED; urgency=medium * Add missing symbols from 32 bits due to s?size_t and optionnal template from sparc. * Fix three security bugs (Closes: #740250): - Fix CVE-2014-1958 and CVE-2014-2030, two buffer overflow in psd file handling. - Fix CVE-2014-1947 a buffer overflow in log handling. -- Bastien Roucariès Sat, 22 Mar 2014 11:53:06 +0100 imagemagick (8:6.8.8.2-1) experimental; urgency=low * New upstream version: - add new symbols to magickcore symbols file. - so bump of libmagickwand and libmagickcore needed because of a small API change. - Remove a few non free files (closes: #734800) * Packaging improvements: - Really display log in case of test failure. - check validity (in the xml or xhtml sense) of upstream documentation using xmllint. - check gpg signature see uscan(1). - upgrade debian/copyright (new review). - update to Debian Policy 3.9.5 * Upstream break c++ ABI: - Bump c++ soname. - Add new symbols to symbols file. * Bug fix: - "fails to upgrade from sid - trying to overwrite /usr/lib/perl5/auto/Image/Magick/Magick.so", thanks to Andreas Beckmann (Closes: #717981). - "advertising / spying beacon in locally installed docs", thanks to Adam Borowski (Closes: #700784). - "unhandled symlink to directory conversion" thanks to Andreas Beckmann (Closes: #720145). -- Bastien Roucariès Mon, 27 Jan 2014 21:49:09 +0100 imagemagick (8:6.8.5.6-3) experimental; urgency=low * Fix symbols files. * Move some depends to build-depends-indep. * Use silent rules * Bug fix: "version in experimental causes FTBFS for packages using libmagick*", thanks to Roderich Schupp (Closes: #710668). * Display log in case of tests failure. -- Bastien Roucariès Sat, 15 Jun 2013 16:38:51 +0200 imagemagick (8:6.8.5.6-2) experimental; urgency=low [ Bastien Roucariès ] * Switch debian patches to .xz * Build with V=1 in order to see flags passed to compiler. * Pass --as-needed to LD_FLAGS. * Rebuild doxygen documentation using svg. * Bug fix: "fails to install: update-alternatives: error: alternative path /usr/bin/compare-im6 doesn't exist", thanks to Andreas Beckmann (Closes: #709856, #709845). [ Vincent Fourmond ] * Fix small typo in debian/rules that makes nice FTBSes -- Vincent Fourmond Wed, 29 May 2013 23:10:54 +0200 imagemagick (8:6.8.5.6-1) experimental; urgency=low [ Bastien Roucariès ] * New upstream version: - Bug fix: "Drawing issues with rectangle stroke", thanks to Robert Sohn (Closes: #689560). - Bug fix: "NULL deference during creation of temporary files" (Closes: #704901). * .so bump due to: - encoding quantum depth in the library name. This will allow to compile hdri and other quantum depth. - lib versionning. * Debian packaging bug fixes: - "Depend on liblcms2-dev, not liblcms-dev", thanks to Michael Terry (Closes: #701655). - "package name does not adhere to naming policy for Perl modules", thanks to ansgar@debian.org (Closes: #575932). * Debian packaging improvement: - Bump standard version to 3.9.4 - Minimal linking of .so (ld --as-needed). - Use dh. - Update debian/copyright (new review). - new symbols files. - switch to xz for both source and debian files. [ Vincent Fourmond ] * Handle upstream rename of configuration directory: /etc/ImageMagick -> /etc/ImageMagick-6 -- Bastien Roucariès Wed, 15 May 2013 21:36:44 +0200 imagemagick (8:6.7.9.3-2) experimental; urgency=low * Fix symbols files. -- Bastien Roucariès Mon, 10 Sep 2012 14:23:32 +0200 imagemagick (8:6.7.9.3-1) experimental; urgency=low * New upstream version. * Improve download and commit script. * Depend on libfftw3. * Suggest: graphviz, ufraw-batch. * New upstream version use inkscape delegate for svg. Suggest it. Rsvg one is still used as fallback. * Drop build depend on graphicsmagick's convert. Use builded imagemagick one. * Use internal svg engine instead of rsvg one. * Improve icons aspect particularly for small size. * Add guidance for bug submitting (thanks to Jonathan Nieder and Justin B Rye). * Suggests some debugging package for imagemagick-dbg. * Add symbols file (except for libmagickcore5). * Do not mess up MAKEFLAGS. * Fail to build in case of testcase failure. * autoreconf package in order to avoid linking with depends lib (use debian patched libtool). Patch magick++ demo by adding required libs. -- Bastien Roucariès Mon, 03 Sep 2012 11:59:37 +0200 imagemagick (8:6.7.7.10-4) unstable; urgency=high * Security Bug fix: "Fails an assertion due to OpenMP related problem", thanks to Willi Mann (Closes: #685903). -- Bastien Roucariès Mon, 27 Aug 2012 11:50:22 +0200 imagemagick (8:6.7.7.10-3) unstable; urgency=high * Bug fix: "CVE-2012-3437", ImageMagick: Magick_png_malloc() size argument thanks to Moritz Muehlenhoff (Closes: #683285). -- Bastien Roucariès Mon, 30 Jul 2012 22:47:47 +0200 imagemagick (8:6.7.7.10-2) unstable; urgency=low * Really solve the upgrade problem (Closes: #679188, #679063). * Build-depend on debhelper >= 9~ -- Vincent Fourmond Fri, 29 Jun 2012 23:18:39 +0200 imagemagick (8:6.7.7.10-1) unstable; urgency=low * Bug fix: "fails to upgrade from wheezy - trying to overwrite /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/pango.so", thanks to Andreas Beckmann (Closes: #679188 and Closes: #679063). * New upstream version: - Fix FTBS on arm (closes: #679430). - drop previous patch queue (merged upstream). - Fix pointer size missmatch. - Document feature: "SVG displayed in wrong size", thanks to Marc-Jano Knopp (Closes: #632526). -- Bastien Roucariès Thu, 28 Jun 2012 17:44:21 +0200 imagemagick (8:6.7.7.9-1) unstable; urgency=low [ Bastien Roucariès ] * New upstream version * Bug fix: "Menu entry of imagemagick does not launch it", thanks to Michael Biebl (Closes: #675453). * Bug fix: "Please include large 256x256px icon", thanks to Ralph Aichinger (Closes: #675484). Add scalable icons, 16x16, 32x32, 48x48 * Copyright review: - move to dep5 format. - Remove dot support due to incompatibility between EPL and GPL (Closes: #677413). - Remove non modifiable sRGB.icc (Closes: #677414). * Add automation script for source download and git machinery * Use manual delegate to rsvg for icons creation * Documentation bugfixes: - Bug fix: "identify man page lists writing options even though command is readonly", thanks to jidanni; (Closes: #636932). - Bug fix: "SYNOPSIS should drive home more than one input-file point", thanks to jidanni; (Closes: #662579). - Bug fix: "document that they are no way to make real white and black jpg", thanks to jidanni. format.html under upstream documentation say now: "Note, JPEG is a lossy compression. In addition, you cannot create black and white images with JPEG nor can you save transparency." (Closes: #603097). - Bug fix: "convert -- [man] input-options and output-options not referenced", thanks to Jari Aalto (Closes: #602474). Now man page read: "Use any setting or operator as an output-option. Only a limited number of setting are input-option, they include: [...]" [ Vincent Fourmond ] * Enable pango support (closes: #678390), placed in libmagickcore5-extra * Use graphicsmagick's convert for building the XPM files, in order to avoid circular dependencies * Add a reference to the GPL and Artistic license in debian/copyright * Word-wrap changelog -- Vincent Fourmond Mon, 25 Jun 2012 22:55:44 +0200 imagemagick (8:6.7.7.2-1) unstable; urgency=low [ Bastien Roucariès ] * New upstream version: - Drop previous patches: merged upstream. - Bug fix: "identify -verbose reports incorrect Class (correct w/o -verbose)", thanks to Jason Woofenden (Closes: #656942). - Bug fix: "conversion to postscript is missing grestore in DisplayImage definition", thanks to Daniel Kahn Gillmor (Closes: #655762). * Bug fix: "mailcap still broken (as #589887)", thanks to Felix Salfelder (Closes: #619667): - revert bug fix #562959. - replace display by display.im6 * Bug fix: "Please add imagemagick.desktop", thanks to Sérgio Cipolla (Closes: #621799). * Add xz support. * Bug fix: "Obsolete conffile /etc/ImageMagick/sRGB.icm not cleaned up on upgrade", thanks to Josh Triplett (Closes: #669964). [ Vincent Fourmond ] * Improve the new hook scripts * Fix (very) minor typo in package description (closes: #675011) -- Bastien Roucariès Tue, 29 May 2012 11:23:50 +0200 imagemagick (8:6.7.4.0-5) unstable; urgency=high * Bug fix when converting from pdf to png, thanks to Thomas Preud'homme (Closes: #668214). * Provides: libmagickcore-extra in order to avoid broken depends. Thanks to Julien Cristau (closes: #667826). Urgency high to make sure the FTBS-inducing bug is closed fast... -- Bastien Roucariès Mon, 16 Apr 2012 11:18:10 +0200 imagemagick (8:6.7.4.0-4) unstable; urgency=high * Fix CVE-2012-0259 / CVE-2012-0260 / CVE-2012-1798 / CVE-2012-1610 (Closes: #667635) - Vulnerability CVE-2012-0259 can cause a DoS in a system via handing JPEG files with invalid EXIF XResolution tag. - Vulnerability CVE-2012-0260 can lead to excessive use of memory in target system, when processing a malicious JPEG file. Excessive use of memory can lead to denial of service. - Vulnerability CVE-2012-1798 can cause program to crash when reading invalid memory, while parsing EXIF IFD in a TIFF file. - Vulnerability CVE-2012-1610 Fix a Potential EXIF Integer Overflow * Fix menu file to run display.im6 instead of display (fix lintian warning) -- Bastien Roucariès Tue, 10 Apr 2012 17:24:02 +0200 imagemagick (8:6.7.4.0-3) unstable; urgency=low [ Bastien Roucariès ] * Fix "Invalid validation DoS CVE-2012-1185 / CVE-2012-1186" (Closes: #665007) [ Vincent Fourmond ] * Uploading to unstable, opening the way for the transition (see bug #652650) * Hurray, it seems the package conforms to standards 3.9.3 ! -- Vincent Fourmond Sun, 01 Apr 2012 20:51:53 +0200 imagemagick (8:6.7.4.0-2) experimental; urgency=low [ Bastien Roucariès ] * Bug fix: "Please enable hardened build flags", thanks to Moritz Muehlenhoff (Closes: #657833). * Bug fix: "Invalid validation DoS CVE-2012-0247/CVE-2012-02478", thanks to Henri Salo (Closes: #659339). * Bug Fix: Convert delegate from removed /usr/bin/rsvg to /usr/bin/rsvg-convert, thanks to Scott Howard (Closes: #659259) [ Vincent Fourmond ] * Pull in patch from revision 6606 to fix FTBS with newer zlib -- Vincent Fourmond Wed, 22 Feb 2012 23:28:04 +0100 imagemagick (8:6.7.4.0-1) experimental; urgency=low [ Bastien Roucariès ] * Drop previous quilt patches: merged upstream * New upstream version: - Fix incorrect readding of PGM header (LP: #346474) - Defend against corrupt PSD resource block (LP: #302454) - Bug fix: "-depth busted", thanks to jidanni (Closes: #618435). - Bug fix: "delegate ffmpeg fails", thanks to Francisco Munoz (Closes: #644170). * Upstream break ABI keeping API. Bump soname * Multiarch aware , thanks to Riku Voipio (Closes: #640680). * Fix perlmagick fails at runtime with symbol lookup error, thanks to Michael Terry (Closes: #650417). * Prepare new major version transition: build version suffixed binaries. * Switch to lcms v2.X support * Add libfftw support (Closes: #598693). [ Vincent Fourmond ] * Also add a suffix to manual pages * Provide the unsuffixed binaries through alternatives -- Vincent Fourmond Sat, 17 Dec 2011 21:21:46 +0100 imagemagick (8:6.6.9.7-5) unstable; urgency=low * Replace a overlapped memcopy by a memmove * Fix a PNG reduction bug "Corrupted (?) icons", thanks to Torbjörn Andersson (Closes: #630619). * Fix parallel build issue. Make debian/rules install target depend on check. Thanks Colin Watson (Closes: #593041). -- Bastien Roucariès Thu, 16 Jun 2011 00:18:36 +0200 imagemagick (8:6.6.9.7-4) unstable; urgency=low [ Bastien Roucariès ] * Acknowledge NMUs. Thanks Vincent Fourmond. * Add Vincent Fourmond as comaintainer. * Fixed one-off bug in option parser (Closes: #609177). * Move configuration files to a common package: Fix bug "non-versioned files in a shared library packages is *wrong*", thanks to Julien Cristau (Closes: #629945). [ Vincent Fourmond ] * Do not forget to depend on that package... * And add a Replaces: libmagickcore4 (= 8:6.6.9.7-3.1) stanza on imagemagick-common to allow a neat upgrade path. -- Vincent Fourmond Sat, 11 Jun 2011 21:31:54 +0200 imagemagick (8:6.6.9.7-3.1) unstable; urgency=low * Non-maintainer upload, with permission of Bastien Roucariès * Move configuration file to the libmagickcore4 package where they belong. -- Vincent Fourmond Fri, 03 Jun 2011 00:17:27 +0200 imagemagick (8:6.6.9.7-3) unstable; urgency=low * Install config files to /etc really (Closes: #627981). * Fix a FTBFS on hurd-i386. Thanks to Pino Toscano (Closes: #628020). * Better wording for NEWS file. (Closes: #628007). -- Bastien Roucariès Mon, 30 May 2011 11:27:46 +0200 imagemagick (8:6.6.9.7-2) unstable; urgency=low * Upload to unstable -- Bastien Roucariès Fri, 06 May 2011 19:26:53 +0200 imagemagick (8:6.6.9.7-1) experimental; urgency=low [ Bastien Roucariès ] * Switch build architecture: - to git over svn. - Modify rules in order to use git. - Add README.Source file. * New upstream release (Closes: #612811): - Drop patch for reading config files from current directory, corrected upstream (Closes: #601824). - Upstream updated SONAME (Closes: #587227). - Fixes -strip adds additional tags to the image (Closes: #594693). - Add example files (Closes: #611125). - Move configuration file to /etc. - Fix caption error with non break space (Closes: #614117) * Fix a build failure: do not try to remove empty directories if list is nil. * Perlmagick: - Fix a build failure, always run make install. - Perlmagick: Update build to conform with perl policy * Acknowledge NMUs (Closes: #579775) * Bump standard version to 3.9.1.0 * Use DEB_UPSTREAM_VERSION from cdbs -- Bastien Roucariès Sun, 01 May 2011 13:41:34 +0200 imagemagick (8:6.6.0.4-3) unstable; urgency=medium * Apply fix for reading config files from current directory, found by Jakub Wilk (Closes: #601824). Thanks to Andreas Metzler for the nicely formatted patch. -- Nelson A. de Oliveira Tue, 16 Nov 2010 10:53:04 -0200 imagemagick (8:6.6.0.4-2.2) unstable; urgency=low * Non-maintainer upload. * Change Recommends on ufraw to ufraw-batch (closes: #579775). -- Julien Cristau Tue, 10 Aug 2010 18:21:24 -0400 imagemagick (8:6.6.0.4-2.1) unstable; urgency=low * Non-maintainer upload. * Re-upload 6.6.0.4 with bumped epoch to revert ABI breakage (closes: #587227). -- Julien Cristau Thu, 05 Aug 2010 13:19:32 -0400 imagemagick (7:6.6.0.4-2) unstable; urgency=low * Revert debian/patches/type.xml.patch for now, while we address this issue with upstream (Closes: #573983). * debian/control: make libmagickcore3-extra provides libmagickcore-extra (Closes: #574058). Thanks, Stuart Prescott! -- Nelson A. de Oliveira Wed, 17 Mar 2010 10:18:13 -0300 imagemagick (7:6.6.0.4-1) unstable; urgency=low * New upstream release. * Upload to unstable. -- Nelson A. de Oliveira Fri, 12 Mar 2010 15:13:35 -0300 imagemagick (7:6.5.9.8-1) experimental; urgency=low * New upstream release; * Upstream updated SONAME version (Closes: #564123): - debian/control: bump libmagickcore2, libmagickwand2 and libmagick++2 to libmagickcore3, libmagickwand3 and libmagick++3; * Removed reference to type-ghostscript.xml in type.xml, thus enabling ImageMagick to use the system fonts (Closes: #396420): - Added new patch debian/patches/type.xml.patch. * Fix mime handling of filenames with spaces (Closes: #562959). Thanks, Drew Parsons! * Updated Standards-Version to 3.8.4; * Remove unneeded debian/README.source. -- Nelson A. de Oliveira Sat, 20 Feb 2010 02:39:52 -0200 imagemagick (7:6.5.8.3-1) unstable; urgency=low * New upstream release: - Fix the display of consecutive images with 'display' (Closes: #558046). * Convert package to the new format 3.0 (quilt); * Add some packages to Recommends, as they are necessary to convert to/from some formats (Closes: #557734): - ghostscript, netpbm, ufraw. * Like above, also add some packages to Suggests: - autotrace, cups-bsd | lpr | lprng, curl, enscript, ffmpeg, gimp, gnuplot, grads, groff-base, hp2xx, html2ps, libwmf-bin, mplayer, povray, radiance, sane-utils, texlive-base-bin, transfig, ufraw, xdg-utils. -- Nelson A. de Oliveira Sun, 06 Dec 2009 10:28:52 -0200 imagemagick (7:6.5.7.8-1) unstable; urgency=low * New upstream release; * Fix recommends on libmagickcore2-extra (Closes: #556360); * Fix versioned dependency on libmagick* libs (Closes: #556740). -- Nelson A. de Oliveira Tue, 17 Nov 2009 16:46:29 -0200 imagemagick (7:6.5.7.7-1) unstable; urgency=low * New upstream release; - Fixes "perferred" typos (Closes: #550503). Thanks A. Costa! - Patch to fix FTBFS on hurd-i386 has been merged upstream (Closes: #551017). Thanks Pino Toscano! * Upload to unstable. -- Nelson A. de Oliveira Sat, 14 Nov 2009 15:07:22 -0200 imagemagick (7:6.5.5.3-1exp1) experimental; urgency=low * Split SVG, WMF, OpenEXR, DjVu and Graphviz coders into a new libmagickcore2-extra package: - Removed libmagickcore2 circular Depends on libmagickwand2 (Closes: #524613); - Removed dependency on gtk libs (Closes: #478538). A big thank you to Nick Wellnhofer ! * Sorted Build-Depends and Depends in debian/control. -- Nelson A. de Oliveira Mon, 28 Sep 2009 20:00:55 -0300 imagemagick (7:6.5.5.3-1) unstable; urgency=low * New upstream release; * Removed SA35216.diff as it was fixed upstream; * The imagemagick package now suggests imagemagick-doc (Closes: #523401); * "identify -verbose" now displays EXIF thumbnail info (Closes: #527918); * Fix image placing when displaying to the X server root (Closes: #523608); * Fix wrong exit code in display (Closes: #524058); * Fix loading of MS Windows icons with compressed PNG elements (Closes: #534159); * Fix requirement of an X server for running display (Closes: #533494); * Fix title misplacing with montage (Closes: #528569); * Fix filetype detection with mogrify (Closes: #531350); * Fix image loop with "display -delay" (Closes: #529702); * Fix crashing on non-image XML files with identify (Closes: #533704); * Add debian/README.source; * debian/control: updated libltdl-dev dependency; * debian/rules: - updated build process for PerlMagick; - empties dependency_libs from *.la files. * Updated Standards-Version: - disable tests when nocheck is present. -- Nelson A. de Oliveira Thu, 27 Aug 2009 00:15:35 -0300 imagemagick (7:6.5.1.0-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Apply upstream patch to fix integer overflow in XMakeImage() (SA35216.diff; Closes: #530838). -- Nico Golde Fri, 29 May 2009 12:46:08 +0200 imagemagick (7:6.5.1.0-1) unstable; urgency=low * New upstream release; * Upload to unstable; * Add libmagickcore-dev dependency on liblqr-1-0-dev (Closes: #521871); * Fixes segfault while converting to Braille format (Closes: #521395); * Fixes conversion from SVG to PNG (Closes: #520412); * Change imagemagick-dbg section to "debug". -- Nelson A. de Oliveira Thu, 09 Apr 2009 14:02:38 -0300 imagemagick (7:6.5.0.0-2) experimental; urgency=low * Add libperl-dev to Build-Depends (Closes: #519886). -- Nelson A. de Oliveira Sun, 15 Mar 2009 20:58:09 -0300 imagemagick (7:6.5.0.0-1) experimental; urgency=low * New upstream release; * Fix handling of large values in FITS file (Closes: #268241); * Fix reading FITS files (Closes: #509615); * Include info in identify man page about counting colors number (Closes: #508684); * New display.xpm icon (with the ImageMagick logo); * debian/rules: replace dh_clean -k in favour of dh_prep; * debian/control: bump libmagickcore1, libmagickwand1 and libmagick++1 to libmagickcore2, libmagickwand2 and libmagick++2; * Remove the symbols files for now, while it's being worked by upstream (Closes: #509892); * PerlMagick/t/ttf/input.ttf and PerlMagick/demo/Generic.ttf were replaced by public domain Tuffy.ttf font (Closes: #510751); * Fix 'grab' function in display (Closes: #364102); * Fix description of point primitive for draw command (Closes: #322537); * Fix bugs in SetPixel from perlmagick (Closes: #477462); * Enable mouse wheel and arrow keys when using display (Closes: #179267); * Fix crash during 'grab' (Closes: #431937); * Enable Liquid Rescale support (Closes: 516298); * Add Bastien Roucariès to Uploaders. Big thanks to him for helping and joining us! -- Nelson A. de Oliveira Tue, 10 Mar 2009 21:30:39 -0300 imagemagick (7:6.4.8.0-1) experimental; urgency=low * New upstream release; * Fix broken link in /usr/share/doc/imagemagick/index.html (Closes: #475577); * Include symbols files for libmagickcore1, libmagickwand1 and libmagick++1; * debian/control: libmagickwand-dev provides libmagick9-dev and libmagick++-dev provides libmagick++9-dev (Closes: #507269); * Remove debian/patches/readme-utf8.patch; * The ImageMagick logo has the same license as the ImageMagick distribution (thus we don't need to repackage and remove its logo from the tarball); * Remove debian/patches/add_dfsg_free_logo.patch; * Remove debian/patches/manpages.patch (applied upstream); * ImageMagick does not include a font object unless a label is specified on the command line (Closes: #484059); * Fix error message when trying to create a SVG file (Closes: #350410); * Fix negative offset in -geometry (Closes: #462759). -- Nelson A. de Oliveira Tue, 23 Dec 2008 11:39:06 -0200 imagemagick (7:6.3.7.9.dfsg1-3~lenny1) testing-proposed-updates; urgency=low * Upload to testing-proposed-updates. -- Nelson A. de Oliveira Wed, 10 Dec 2008 20:30:02 -0200 imagemagick (7:6.3.7.9.dfsg1-3) unstable; urgency=low * Include missing config files (LP: #303477). -- Nelson A. de Oliveira Wed, 10 Dec 2008 08:12:08 -0200 imagemagick (7:6.3.7.9.dfsg1-2.1+lenny1) testing-proposed-updates; urgency=high * Reupload to tpu -- Moritz Muehlenhoff Wed, 12 Nov 2008 00:07:36 +0100 imagemagick (7:6.4.5.4.dfsg1-1) experimental; urgency=low * New upstream release (Closes: #503889). -- Nelson A. de Oliveira Fri, 07 Nov 2008 11:44:30 -0200 imagemagick (7:6.3.7.9.dfsg1-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team: * Fix CVE-2008-1096 (patch taken from Red Hat) -- Moritz Muehlenhoff Sat, 11 Oct 2008 00:17:21 +0200 imagemagick (7:6.4.3.4.dfsg1-1) experimental; urgency=low * New upstream release; * Fix parallel building support in debian/rules (Closes: #496212). -- Nelson A. de Oliveira Wed, 27 Aug 2008 16:16:54 -0300 imagemagick (7:6.4.3.2.dfsg1-1) experimental; urgency=low * New upstream release; * Enabled parallel building support in debian/rules; * Updated Standards-Version to 3.8.0. -- Nelson A. de Oliveira Fri, 22 Aug 2008 10:38:15 -0300 imagemagick (7:6.4.1.7.dfsg1-1) experimental; urgency=low * New upstream release; * Install ImageMagick's config files in the proper package (Closes: #484005). -- Nelson A. de Oliveira Thu, 12 Jun 2008 20:47:45 -0300 imagemagick (7:6.4.1.3.dfsg1-1) experimental; urgency=low * New upstream release; * Includes upstream changelog; * Fix -depth option behavior (Closes: #481831); * Fix linker flags of MagickCore-config. -- Nelson A. de Oliveira Mon, 19 May 2008 23:13:11 -0300 imagemagick (7:6.4.0.9.dfsg1-1) experimental; urgency=low * New upstream release; * Fix libmagick++-dev dependency on libmagickwand-dev; * Fix EXIF regression when using identify (Closes: #473529); * Fix -fx image operator (Closes: #425782); * Fix broken links in documentation (Closes: #475577); * Fix perlmagick segfaults when drawing text on individual images (Closes: #351604); * Fix crop and resize when using display (Closes: #266304). -- Nelson A. de Oliveira Tue, 22 Apr 2008 00:31:50 -0300 imagemagick (7:6.4.0.1.dfsg1-1) experimental; urgency=low * New upstream release (Closes: #469819); * Fix ImageMagick's README.txt encoding (Closes: #465717); * debian/control: - replace build-depends libz-dev -> zlib1g-dev; - remove versioned build-depends on libpng12-dev. * Bumped compat level to 6; * Add debug package (Closes: #471715); * Change maintainer to ImageMagick Packaging Team ; * Split imagemagick into imagemagick and imagemagick-doc (Closes: #233376); * Doesn't ship static libraries into imagemagick (Closes: #465595); * Include previously missing config files (Closes: #470777); * Image::Magick's manpage also makes reference to local documentation (Closes: #205017); * Update doc-base section; * Include menu icon (Closes: #192644); * Add transfig to suggests (Closes: #441155); * Fix typo in manpages (Closes: #426552); * Fix typo in composite.html (Closes: #436789); * Fix documentation URLs in manpages (Closes: #470922); * Fix incorrectly rendering of grayscale PNGs (Closes: #383531, #350350); * Fix segmentation fault when cropping in display (Closes: #374631); * Fix wrong output when using "convert -draw" (Closes: #337837); * Lower display's mime priority (Closes: #470591); * Fix update of the EXIF profile (Closes: #468692); * Fix HTML image map creation when using montage (Closes: #364128). -- Nelson A. de Oliveira Fri, 28 Mar 2008 16:52:44 -0300 imagemagick (7:6.3.7.9.dfsg1-2) unstable; urgency=low * Upload to unstable; * Disable HDRI (Closes: #465526). Thanks to Lucas Nussbaum! -- Nelson A. de Oliveira Tue, 12 Feb 2008 23:41:11 -0200 imagemagick (7:6.3.7.9.dfsg1-1) experimental; urgency=low * New upstream release (Closes: #339776, #420672, #454809) - fixed wrong image size when using montage (Closes: #357013); - fixed support for "fixed" font (Closes: #370309); - convert doesn't output grayscale images when using -colors switch (Closes: #325828); - using a percent sign on a montage label doesn't create a wrong label anymore (Closes: #330115); - fixed "identify -list format" (Closes: #337192); - fixed composite (Closes: #338109); - deffered LZW GIFs are handled correctly (Closes: #340553); - display doesn't ignore alpha channel on PNG files anymore (Closes: #352748); - aspect ratio is preserved when using convert (Closes: #396956); - fixed PS to PDF conversion (Closes: #419410); - fixed SVG conversion (Closes: #435903); - using -trim and -resize together doesn't produce incorrect images anymore (Closes: #444058); - "convert -list" doesn't result in glibc malloc failure (Closes: #326566); - mogrify doesn't end silently with read only files (Closes: #292520); - identify correctly displays the bit depth of an image (Closes: #391983); - identify correctly reads files with a colon (Closes: #188834); - fixed typo in composite manpage (Closes: #366499); - doesn't fail when converting texts (Closes: #361141); - fixed conversion of a PNG with transparency to a JPG, using -background and -flatten (Closes: #358676); - doesn't FTBFS with GCC/G++ 4.3 (Closes: #441538); * Enabled DjVu support * Acknowledge NMUs (Closes: #394923, #400939, #348576, #245960) [ Luciano Bello ] * The 'lets start again' release. * Quilt implemented. - manpages.patch: Replaced 'SEE-ALSO' for 'SEE ALSO' in the manpages. Registered input character replaced. [ Nelson A. de Oliveira ] * Added watch file * debian/rules: Fixed "debian rules ignores make clean error" * debian/control: - replaced deprecated ${Source-Version} by ${binary:Version} - added Homepage field - added Vcs-Svn and Vcs-Browser * debian/compat: updated to debhelper compatibility level 5 * Updated menu file * Updated Standards Version to 3.7.3 * Included myself to Uploaders field [ Daniel Kobras ] * debian/*.{preinst,postinst,prerm}: Removed. Dedicated checks are obsolete by now, rest is handled automatically via debhelper these days. * debian/control: Prune all references to packages that predate oldstable. * debian/control: Move Suggests for delegate packages from imagemagick to libmagick10. * debian/control: Follow renaming of package gs to ghostscript, promote from Suggests to Recommends, and also recommend gsfonts. * debian/control: Update graphviz (build-)dependency to libgraphviz-dev. * debian/copyright: Update with recent minor changes of upstream license. * debian/imagemagick.menu: Add hack to make 'display' work without a controlling tty. * debian/rules: Consistently use $(CURDIR) rather than `pwd` to keep all buildds equally happy. * debian/upgrade-checklist.txt: Do not rename -dev packages, but provide a list of C API changes between successive Debian releases. * debian/patches/add_dfsg_free_logo.patch: Add dummy logo in place of original logo that does not meet the DFSG, and therefore gets removed from upstream tarball. Patch converted to quilt format from previous diff.gz. -- Daniel Kobras Sun, 03 Feb 2008 15:35:15 +0100 imagemagick (7:6.2.4.5.dfsg1-2) unstable; urgency=high * Fix multiple vulnerabilities in imagemagick. Closes: #444267 + magick/memory.c,magick/memory_.h,magick/methods.h: Add new allocator wrapper AcquireQuantumMemory() to prevent potential integer overflows. Backport from upstream version 6.3.5.9. + magick/image.c: Backport new implementation of SetImageExtent() from upstream version 6.3.5.9. + coders/dcm.c,coders/xcf.c: Fix integer overflow in DCM and XCF coders. (CVE-2007-4985) Backport of upstream patch from version 6.3.5.9. + coders/dcm.c,coders/dib.c,coders/xbm.c,coders/xcf.c,coders/xwd.c: Fix multiple integer overflows in DCM, DIB, XBM, XCF, and XWD coders. (CVE-2007-4986 and CVE-2007-4988) Based on upstream patch from version 6.3.5.9. + magick/blob.c: Fix fencepost error in ReadBlobString() (CVE-2007-4987) Backport of upstream patch from version 6.3.5.9. + coders/dib.c: Ensure positive value for image rows and columns. Based on upstream patch from version 6.3.5.9. + All of the above patches have been derived from backports supplied by Jonathan Smith. -- Daniel Kobras Sat, 29 Sep 2007 21:31:51 +0200 imagemagick (7:6.2.4.5.dfsg1-1) unstable; urgency=high * New maintainers. * debian/compat: Splice debhelper version out of debian/rules into separate file (but don't bump version). * debian/control: Adjust jasper dependencies to current package names. Closes: #419274, #420353 * Documentation minors improvements: - Manpages says SEE ALSO, not SEE-ALSO. Closes: #333616 - Escaped specials chars in manpages. Closes: #381831 - External reference in convert(1). Closes: #398183 - "isplay", "perferred", "similiar" and "morify.html" typos fixed. Closes: #386964, #351498, #395830 - ImageMagick(1) indentation. Closes: #335111 - "convert -help" duplicated line fixes. Closes: #339548 - Typo in description of --resize command fixed. Closes: #364826 * Magick++/lib/Image.cpp: Include cstdlib header to fix build failure with gcc 4.3. Patch thanks to Martin Michlmayr. Closes: #417237 * coders/dcm.c: Fix integer overflow in DCM coder. (CVE-2007-1797) Closes: #418057 * coders/icon.c: Fix segfault in ICON coder. * coders/pcx.c: Fix heap overflow in PCX coder. * coders/pict.c: Fix multiple segfaults in PICT coder. * coders/png.c: Fix segfault in PNG coder. * coders/pnm.c: Fix segfault in PNM coder. * coders/sgi.c: Fix segfault in SGI coder. * coders/sun.c: Fix segfault during conversion in SUN coder. * coders/viff.c: Prevent heap corruption in VIFF coder. * coders/xwd.c: Fix segfault during conversion in XWD coder. * coders/xwd.c: Fix multiple integer overflows in XWD coder. (CVE-2007-1667, CVE-2007-1797) * The above fixes collectively address the following bug report: Closes: #412945 * config/delegates.xml.in: Lose obsolete option -3 to dcraw delegate to unbreak support for raw digital images. Closes: #404477 -- Daniel Kobras Sat, 28 Apr 2007 18:00:10 +0200 imagemagick (7:6.2.4.5.dfsg1-0.14) unstable; urgency=high * Non-maintainer upload. * coders/palm.c: Fix regression introduced in patch for CVE-2006-5456. Avoid bogus second read in macro call. Patch thanks to Vladimir Nadvornik. (CVE-2007-0770) Closes: #410435 -- Daniel Kobras Sat, 10 Feb 2007 19:25:25 +0100 imagemagick (7:6.2.4.5.dfsg1-0.13) unstable; urgency=high * Non-maintainer upload. * coders/png.c: Fix amd64 build failure with recent libpng versions. Closes: #401047 * debian/control: Tighten libpng12-dev build-dependency to exclude versions that are known to fail to link even with the above fix in place. -- Daniel Kobras Wed, 13 Dec 2006 11:33:25 +0100 imagemagick (7:6.2.4.5.dfsg1-0.12) unstable; urgency=high * Non-maintainer upload. * debian/control: Add build dependency on libxt-dev and pkg-config to make dependency list deterministic. * debian/control: libmagick9-dev depends on libxt-dev. -- Daniel Kobras Wed, 29 Nov 2006 17:19:02 +0100 imagemagick (7:6.2.4.5.dfsg1-0.11) unstable; urgency=high * Non-maintainer upload. * coders/dcm.c, coders/palm.c: Fix buffer overflows in DCM and Palm coders. Patches thanks to M Joonas Pihlaja. Closes: #393025 * coders/sgi.c: Put back missing initialisation of loop variable that was erroneously removed in fix for CVE-2006-4144. Spotted by Martin Pitt. Closes: #383314 * coders/sgi.c: Fix off-by-one error in boundary check causing slightly garbled image output. Also introduced in fix for CVE-2006-4144. * coders/xpm.c: Do not gratuitously limit the allowed number of bytes per pixel. Patch thanks to Jens Seidel. Closes: #358148 * magick/display.c: Fix NULL pointer dereference in display's "Visual Directory". Patch thanks to Frédéric Bothamy. Closes: #360400 * utilities/ImageMagick.1.in: Replace UTF-8 encoded characters with latin1 equivalents to placate lintian. * debian/control: perlmagick provides libimage-magick-perl to comply with Perl policy. Closes: #317083 * debian/control: Add gs-gpl build dependency, used in testsuite. * debian/control: Tries hard to comply with version 3.7.2 of Debian policy. * debian/rules: Eliminate -l entries that slipped into --ldflags output. They're already present in --libs anyway. Closes: #340401 * debian/rules: Run the testsuite, but don't treat failures as fatal errors for now. * debian/rules: At configure time, change X11 search paths to X11R7 locations. * debian/rules: Remove duplicate of license file from imagemagick package. -- Daniel Kobras Mon, 23 Oct 2006 20:52:25 +0200 imagemagick (7:6.2.4.5.dfsg1-0.10) unstable; urgency=high * Non-Maintainer Upload * Fix buffer overflow in SGI parser [CVE-2006-4144] (closes: #383314) Thanks to Daniel Kobras * Fix double free in ICC profile in PerlMagick (closes: #349264) * Fix incomaptibility with graphviz >= 2.8 and build-depend on an appropriate version (closes: #360362) * Fix XCF and Sun Raster File buffer overflows [CVE-2006-3743/-3744] (closes: #385062) -- Don Armstrong Sun, 10 Sep 2006 20:15:57 -0700 imagemagick (7:6.2.4.5.dfsg1-0.9) unstable; urgency=low * Non-Maintainer Upload * Remove all instances of the imagemagick logo from the original sourcefile and repack. (closes: #214623) * Add back the free logo patch * Add clean-tarball rule to accomplish this * Change the copyright file to indicate that the logo is no longer included, and indiciate that the included logo is actually text saying "imagemagick" with the Debian open use logo. -- Don Armstrong Mon, 12 Jun 2006 02:15:10 -0700 imagemagick (7:6.2.4.5-0.8) unstable; urgency=low * Non-maintainer upload. * Back to 6.2.4.5 as requested by the release team to maintain binary compatibility. Bumped epoch once more. -- Daniel Kobras Thu, 30 Mar 2006 12:32:13 +0200 imagemagick (6:6.2.6.7-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Thu, 30 Mar 2006 16:59:33 +0900 imagemagick (6:6.2.4.5-0.7) unstable; urgency=high * Non-maintainer upload. * coders/url.c: Do not treat local file:// URIs as temporary files that are removed after reading. Closes: #352575 -- Daniel Kobras Mon, 13 Feb 2006 14:49:49 +0100 imagemagick (6:6.2.4.5-0.6) unstable; urgency=high * Non-maintainer upload. * magick/display.c: In DisplayImageCommand(), expand command line before allocating ressources based on argc. Patch and analysis thanks to Eero Häkkinen. Closes: #345595 * magick/{animate.c,blob.c,display.c,image.c,log.c,montage.c,string.c, string_.h}: Implement new utility function FormatMagickStringNumeric() to securely expand a user-supplied format string with a single numeric argument. Adjust code to use this function where appropriate. (CVE-2006-0082) Closes: #345876 * coders/pdf.c,coders/ps.c,magick/delegate.c,magick/delegate.h, magick/methods.h: Do not call external delegates with user-supplied filename, but with securely named symlinks only to prevent shell command injection (CVE-2005-4601). Closes: #345238 * debian/rules: Make sure to include trailing spaces in multi-line commands to keep recent make happy. Cures problems with ghostscript font path. Fix thanks to Jeff Lessem. Closes: #347486 * debian/imagemagick.mime: Rather than autodetect the type of an image, derive it from the mime type. As a side effect, this change allows to use arbitrary filenames with the 'see' command, even if they have special meaning to imagemagick internally. Also clean up some typos and superfluous entries once we're at it. Closes: #344997 -- Daniel Kobras Tue, 17 Jan 2006 18:33:58 +0100 imagemagick (6:6.2.4.5-0.5) unstable; urgency=low * Another NMU to complete the installability fixes from 6:6.2.4.5-0.4. * Adjust libmagick9-dev dependencies to account for the removal of xlibs-dev from unstable, and bring them in line with build-deps. -- Adam Conrad Sat, 7 Jan 2006 20:09:39 +1100 imagemagick (6:6.2.4.5-0.4) unstable; urgency=low * Non-maintainer upload to resolve buildability/installability. * debian/{control,rules}: Disable DPS support, which is no longer shipped in Xorg 6.9/7.0 (and was making us both FTBFS and uninstallable in sid) * debian/control: explicitely build-depend on libxext-dev, since we both test for and use it directly, rather than indirectly. -- Adam Conrad Fri, 6 Jan 2006 19:06:47 +1100 imagemagick (6:6.2.4.5-0.3) unstable; urgency=low * Non-maintainer upload. * debian/control: Rename libmagick++9 to libmagick++9c2a, following a C++ ABI transition. Conflicts with and Replaces old version. * debian/*: Rename various debhelper support files due to above name change. -- Daniel Kobras Thu, 17 Nov 2005 23:12:06 +0100 imagemagick (6:6.2.4.5-0.2) unstable; urgency=medium * Non-maintainer upload. * debian/control: libmagick9-dev Conflicts/Replaces libmagick6-dev. Likewise for libmagick++9-dev. Closes: #330666 * debian/control: Provide unversioned libmagick-dev and libmagick++-dev and conflict/replace them for future-proof handling of soname bumps. -- Daniel Kobras Thu, 6 Oct 2005 13:20:52 +0200 imagemagick (6:6.2.4.5-0.1) unstable; urgency=low * Non-maintainer upload. * New upstream version. + Yet another bump of the soname version, this time going from 7 to 9. * debian/*: Cater for soname change and corresponding change of library packages names in multiple places. -- Daniel Kobras Sat, 17 Sep 2005 01:00:09 +0200 imagemagick (6:6.2.4.4-0.1) experimental; urgency=low * Non-maintainer upload. * New upstream version. + Version in library soname was increased from 6 to 7 due to changes in binary interface starting with 6.0.7. (Yes, this should have happened earlier.) Closes: #318176, #325651, #325720 * debian/*: Rename packages from libmagick6 to libmagick7, and similar. Adjust version in various places accordingly. Drop c2 suffix from C++ library package. * debian/control: Use shlibs information to generate Depends line for imagemagick binary package. * debian/control: Remove Pre-Depends on prehistoric version of dpkg. * debian/control: Package complies with policy version 3.6.2. Bump Standards-Version accordingly. * Patches to upstream sources: + [bin/Magick++-config.1.debdiff] Stray file that seems to have slipped into the previous Debian diffs by mistake. Removed now. + [magick/blob.c] Originally a patch from upstream, now mostly merged. Retaining a single hunk that upstream reverted later on, though it still looks correct. + [configure.ac, configure] Override location of documentation files to Debian's default /usr/share/doc/imagemagick. Patch to configure was present before. This release promotes it back to configure.ac as well. (No ill effects because AM_MAINTAINER_MODE is used.) + [coders/magick.c] Drop patch that exchanges upstream's logo for a DFSG-free version. This attempt to address #214623 (distribution of non-free logo) missed several other instances of the logo, must be applied to the orig.tar.gz rather than the Debian diff, and should have some input from upstream, so no point in carrying it around still. -- Daniel Kobras Fri, 9 Sep 2005 18:09:55 +0200 imagemagick (6:6.2.3.6-3) unstable; urgency=low * Fix missing "g" in imagema"g"ick in man pages. closes: #318255 -- Ryuichi Arafune Mon, 8 Aug 2005 10:38:12 +0900 imagemagick (6:6.2.3.6-2) unstable; urgency=low * Add comment on README for perlmagick. closes: #272545 * upstream fix: perlmagick: broken link in manpage. closes: #305057 -- Ryuichi Arafune Thu, 4 Aug 2005 17:58:22 +0900 imagemagick (6:6.2.3.6-1) unstable; urgency=low * New upstream release * upstream fixes: - fix typo in mogrify manpage: closes: #317628, #321208 - update config.sub/config.guess closes: #317299 - fix " configure.ac takes wrong assumptions" closes: #303765 * point to the correct URL in manpages. closes: #318255, #315629 * man pages are rerwrited. closes: #264033, #316475 * closing bugs fixed by NMs. closes: #310690, #310812, #268357, #269085, #278401, #291033, #291118, #297990, #302093, #265540, #296084, #277775, #306424, #266146, #270882, #282173, #277795, -- Ryuichi Arafune Thu, 4 Aug 2005 12:39:54 +0900 imagemagick (6:6.2.3.5-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Mon, 25 Jul 2005 10:52:26 +0900 imagemagick (6:6.2.3.4-1) unstable; urgency=low * New upstream release * Add .ico rule to mime/package/imagemagick. closes: #272121 * Upstream fixes: - -ping not documented well. - cropped PNGs have a wrong offset - cine-DICOM does not work due to JPEG processing problem - display does not interpret the options correctly any more - imagemagick: unexpected faillure from PDF to EPS - -trim -monochrome used together made empty image closes: #296753, #263475, #296753, #282999, #254566, #316473 -- Ryuichi Arafune Tue, 19 Jul 2005 11:57:14 +0900 imagemagick (6:6.2.3.3-1) unstable; urgency=low * New upstream release. upstream fix: header file exception.h needs to include stdarg.h. closes: #316725 * rules scripts does not stop building. closes: #314758 * libmagick++6 -> libmagick++6c2 (ABI transition). * -- Ryuichi Arafune Wed, 6 Jul 2005 17:00:46 +0900 imagemagick (6:6.2.3.1-1) unstable; urgency=low * New upstream release * Add libltdl3-dev to Build-Depends. I believe that a reported bug on powerpc system , "missing libltdl3 dependency", should be fixed in the next upload. closes: #313467 -- Ryuichi Arafune Thu, 16 Jun 2005 13:36:00 +0900 imagemagick (6:6.2.3.0-2) unstable; urgency=low * Add libwmf-bin to Suggests for libmagcik6. closes: #278890 * Upstream fixes the bugs. - PerlMagick's Profile() method produces an assertion error when the profile parameter is set to undef. closes:#292094 - perlmagick: segmentation fault while converting .tif to .pdf. closes: #299958 - 8bpp images are not supported. closes: #270381 - convert to postscript is still broken (geometry/resolution) closes: #270215 - imagemagick produces useless (and wrong!) error output when a tiff has a bad magic number. closes: #272794 - /usr/bin/identify: png bit depth count wrong? closes: #275745 - convert makes garbled eps-->ppm conversion (at least, it works well on my system.) closes: #261768 - -page option does not work correctly. closes: #268681 - -depth option has no effect. closes: #278939 - libmagick++6-dev: MaxRGB macro does not work if not ``using namespace Magick;'' closes: #292244 - Image::Magic (sometimes) dies on errors (instead of providing an error string) closes: #304472 - imagemagick: convert ignores flags to turn off antialiasing. closes: #310664 -- Ryuichi Arafune Wed, 8 Jun 2005 12:52:16 +0900 imagemagick (6:6.2.3.0-1) unstable; urgency=low * New upstream release closes: #298244 * Because of API chage of ImageMagick libraries, switching a new version may cause trouble. (e.g. not using some packages.) I feel that some of the trouble pacakges are usable by only simply rebuilding on the new library, but the others may need more complicated solution. * If you met the trouble about the package that depends on the libmagick, I hope, you try to rebuld the package. And let me know the results to me or the package maintainer. * Upsteram fixes the bugs. - tga support seems to be broken. closes: #311179 - Option -geometry is completely broken for JPEG images. closes: #277553 - fails to load 16 colors RLE encoded BMP files. closes: #310396 - display with options -crop, -geometry and "-window root" is broken. closes: #266304 * Fix typo in package description. closes: #299996 -- Ryuichi Arafune Tue, 7 Jun 2005 14:59:58 +0900 imagemagick (6:6.0.6.2-2.4) unstable; urgency=low * NMU * coders/xwd.c: Avoid infinite loop if bogus XWD red/green/blue masks are 0. Patch from upstream svn by way of Ubuntu. Closes: #310812 (CAN-2005-1739) -- Joey Hess Thu, 26 May 2005 11:44:46 -0400 imagemagick (6:6.0.6.2-2.3) unstable; urgency=high * NMU * coders/pnm.c: check image->colors for overflow to avoid a heap overflow that could be used as a DOS or possibly to execute code. Closes: #306424 (CAN-2005-1275) -- Joey Hess Tue, 3 May 2005 20:12:33 -0400 imagemagick (6:6.0.6.2-2.2) unstable; urgency=HIGH * NMU * magick/image.c: FormatMagickString() was called with the file name as format string, rather than through "%s". Fix with patch from Ubuntu. Closes: #297990 (CAN-2005-0397) -- Joey Hess Thu, 3 Mar 2005 15:49:06 -0500 imagemagick (6:6.0.6.2-2.1) unstable; urgency=high * Non-maintainer upload. * coders/psd.c: Apply further boundary check to completely plug buffer overflow when reading Photoshop images (CAN-2005-0005). Closes: #291033 -- Daniel Kobras Tue, 18 Jan 2005 18:20:05 +0100 imagemagick (6:6.0.6.2-2) unstable; urgency=high * Fixes a buffer overflow in the PSD image-decoding. Hardcode the upper limit for channels to 24 to fix buffer overflow [coders/psd.c, CAN-2005-0005] -- Ryuichi Arafune Tue, 18 Jan 2005 10:38:03 +0900 imagemagick (6:6.0.6.2-1.6) unstable; urgency=low * NMU, with permission of maintainer * Fix Kodack PCD problem according to http://studio.imagemagick.org/magick/viewtopic.php?t=2997 Closes: #277775 -- Andreas Tille Sun, 28 Nov 2004 19:11:17 +0100 imagemagick (6:6.0.6.2-1.5) unstable; urgency=high * Non-maintainer upload. * magick/attribute.c: Fix buffer overflow in EXIF parser (CAN-2004-0981). Closes: #278401 * debian/copyright: Fix imagemagick download location. Closes: #277795 -- Daniel Kobras Tue, 26 Oct 2004 20:14:29 +0200 imagemagick (6:6.0.6.2-1.4) unstable; urgency=high * Non-maintainer upload. * debian/rules: Call configure with the X11 search path set explicitly in order to fix the DPS check. Unbreaks perlmagick. Closes: #265734 * debian/control: Use shlibs dependencies for perlmagick. This relaxes the previously hard-coded, strictly versioned dependency on libmagick6. In a world without accidential ABI breakage, it doesn't matter... -- Daniel Kobras Mon, 27 Sep 2004 00:10:09 +0200 imagemagick (6:6.0.6.2-1.3) unstable; urgency=high * Non-maintainer upload. * Raise epoch and revert back to 6.0.6.2 because the progress_meter changes in 6.0.7.1 broke binary compatibility by mistake. Closes: #271673 * Retain maintainer changes from 6.0.7.1-1 upload. * Retain select bugfixes from 6.0.7.1 version: + PerlMagick/Magick.xs: Fix crashes in Profile if name option is unset. + utilities/miff.4: Fix header information in man page. + magick/annotate.c: Proper exception handling. + magick/blob.c: Do not crash when syncing a bogus file. + magick/error.h: Remove bogus format attribute from ExceptionType to silence compiler warnings. + magick/locale.c: Handle NULL locale data. * debian/README.Debian: Remove obsolete comment about lzw availability. -- Daniel Kobras Wed, 15 Sep 2004 18:25:50 +0200 imagemagick (5:6.0.7.1-1) unstable; urgency=low * New upstream release Upstream authors applied the patch, by Daniel Kobras, which fixes BMP vulnerabilities assigned CAN-2004-0827 (http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html). * Upstream fix: closes: #269832 (subject: segfault in mogrify -colors) * Upstream fix: closes: #248057 (subject: Wand-config.1 is not a manual page) * libmagick6 : control : Remove sentenses about LZW compression. This binary package contains lzw code. -- Ryuichi Arafune Mon, 6 Sep 2004 09:57:11 +0900 imagemagick (5:6.0.6.2-1.2) unstable; urgency=low * Non-maintainer upload * debian/rules: Override LD_RUN_PATH to get rid of RPATH setting in perl module. * debian/rules: Use shlibs information of the libmagick6 just built to determine library dependencies. -- Daniel Kobras Mon, 30 Aug 2004 23:39:02 +0200 imagemagick (5:6.0.6.2-1.1) unstable; urgency=high * Non-maintainer upload. * magick/{deprecate,error,log,utility}.h: Remove bogus __attribute__ override that shadowed any wanted attribute settings (like vital alignment restrictions). Cures convert bus errors on IA64. Closes: #269085 * coders/{avi,bmp,dib}.c: Fix use of Min() macro to handle large (>2 GB) image files as well. * High urgency because the convert bus errors break builds on IA64. -- Daniel Kobras Mon, 30 Aug 2004 20:59:24 +0200 imagemagick (5:6.0.6.2-1) unstable; urgency=low * New upstream release * Fixed by the upstream : closes: #267663 -- Ryuichi Arafune Fri, 27 Aug 2004 16:10:33 +0900 imagemagick (5:6.0.5.2-1) unstable; urgency=low * New upstream release * Fixed by the upstream : closes:#265540, #261768, #260702 -- Ryuichi Arafune Tue, 17 Aug 2004 14:38:53 +0900 imagemagick (5:6.0.5.1-1) unstable; urgency=low * New upstream release closes: #264361 * Build with LZW: closes: #265580 -- Ryuichi Arafune Mon, 16 Aug 2004 13:09:55 +0900 imagemagick (5:6.0.4.1-1) unstable; urgency=low * New upstream release * Fixed by the upstream: closes: #260702 -- Ryuichi Arafune Fri, 30 Jul 2004 17:35:05 +0900 imagemagick (5:6.0.3.5-2) unstable; urgency=low * libtiff4 transition. -- Ryuichi Arafune Thu, 29 Jul 2004 18:04:54 +0900 imagemagick (5:6.0.3.5-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Mon, 26 Jul 2004 09:55:12 +0900 imagemagick (5:6.0.3.1-3) unstable; urgency=low * Fix dependency problem. closes: #258164 -- Ryuichi Arafune Thu, 8 Jul 2004 14:18:57 +0900 imagemagick (5:6.0.3.1-2) unstable; urgency=low * JPEG-2000 Support. closes: #256814 -- Ryuichi Arafune Tue, 6 Jul 2004 11:51:13 +0900 imagemagick (5:6.0.3.1-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Mon, 5 Jul 2004 12:45:10 +0900 imagemagick (5:6.0.2.7-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Wed, 16 Jun 2004 22:56:25 +0900 imagemagick (5:6.0.2.6-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Tue, 15 Jun 2004 11:39:54 +0900 imagemagick (5:6.0.2.5-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Fri, 11 Jun 2004 11:37:40 +0900 imagemagick (5:6.0.2.3-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Wed, 9 Jun 2004 10:52:10 +0900 imagemagick (5:6.0.2.2-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Tue, 8 Jun 2004 12:35:58 +0900 imagemagick (5:6.0.2.1-1) unstable; urgency=low * New upstream release -- Ryuichi Arafune Mon, 7 Jun 2004 11:57:18 +0900 imagemagick (5:6.0.1.3-1) unstable; urgency=low * New upstream release * Move files in pkgconfig to -dev packages. closes:#249856 * Move files in /usr/share/ImageMaigck-6.0.2/config to libmagick6 package. closes: #249855 -- Ryuichi Arafune Thu, 20 May 2004 19:36:50 +0900 imagemagick (5:6.0.1.2-1) unstable; urgency=low * New upstream release * Fixed by the upstream. (and I have checked.): closes: #247893,#212886 * Cannot reproduece. I believe this is no a bug. closes: #247915 -- Ryuichi Arafune Thu, 13 May 2004 17:19:11 +0900 imagemagick (5:6.0.1-1) unstable; urgency=low * New upstream release * edit EXIF data: Alreasdy activated. closes: #189025 * convert openintro_debian.xcf openintro_debian.bmp does nothing....: fixed by the upstream. closes: #212886 * convert broken with eps (and others?): fixed by the upstream. closes: #247319 -- Ryuichi Arafune Thu, 6 May 2004 13:32:16 +0900 imagemagick (5:6.0.0.7-2) unstable; urgency=low * Remove ImageMagick logo image from magick.c. * Remove ImageMagick logo files. closes: #214623 -- Ryuichi Arafune Fri, 30 Apr 2004 20:16:26 +0900 imagemagick (5:6.0.0.7-1) unstable; urgency=low * New upstream release * imagemagick: --page A4+0+0 doesn't work as mentioned in manpage: fixed by the upstream. closes: #245782 -- Ryuichi Arafune Fri, 30 Apr 2004 10:55:28 +0900 imagemagick (5:6.0.0.6-1) unstable; urgency=low * New upstream release * rewrite the description about magnify in display.1 (by the upstream.) closes: #222323, #243353 * -crop offsets produce broken GIFs: Fixed by the upstream. closes:#218381 * convert -geometry does not resize: Fixed by the upstream. closes:#221951 * convert: ignores -colorspace and -compress options:Fixed by the upstream. closes:#241629 * API changed: no 'font' attribute with QueryFontMetrics: I cannot reproduce. closes: #245320 * convert: eps driver munges resolution: I believe this is not a bug. please read man page for convert to find suitable options. closes:#170649 * imagemagick: doc says Lanczos is default filter, but it's not.: The upstream said "Lanczos is the default filter for reducing an image size, otherwise its Mitchell ".closes: #229017 * closes the bug fixed in NMU. closes: #186611 -- Ryuichi Arafune Wed, 28 Apr 2004 19:18:45 +0900 imagemagick (5:6.0.0.4-1) unstable; urgency=low * New upstream release * Fix 'Essentially empty' in libmagick++6-dev. closes: #245856 * Fixed the problem of 'does not release shared memory segments when killed' by the upstream. closes: #207479 -- Ryuichi Arafune Mon, 26 Apr 2004 10:32:17 +0900 imagemagick (5:6.0.0.2-2) unstable; urgency=low * Follow standard naming scheme. closes: #245060 * Fixed by the upstream. closes: #170976, #212802, #228649 * These bugs are closed by the maintainer. closes: #207016, #224363, #224598, #224889, #237663, #224587 -- Ryuichi Arafune Wed, 21 Apr 2004 18:48:44 +0900 imagemagick (5:6.0.0.2-1) unstable; urgency=low * New upstream release * Following the xlibs split. closes: #241282 * PerlMagick: add -pthread. closes: #225354 * Upstream fix: + Magick++-config screwed up : closes: #200746 + Convert xcf file : closes: #212886 + convert -verbose doesn't : closes: #233761 + wrong title in vid:* : closes: #193783 + perlmagick: examples now use /usr/bin/perl : closes: #198797 * fix already. closes: #195392, #211004, #222383 * fix menu problem. : closes: #195363, #234973 * I cannot reproduce this problem. I think they are fixed in upstream. + segmentation fault after conversion closes: #225330 + convert: hangs on GIF animations closes: #225322 -- Ryuichi Arafune Thu, 15 Apr 2004 18:38:52 +0900 imagemagick (5:6.0.0-2) unstable; urgency=low * Fix Build-depends problem. -- Ryuichi Arafune Mon, 12 Apr 2004 18:40:49 +0900 imagemagick (5:6.0.0-1) unstable; urgency=low * New upstream version * Following the xlibs split. closes: #241282 * Upstream fix: + Magick++-config screwed up : closes: #200746 + Convert xcf file : closes: #212886 + convert -verbose doesn't : closes: #233761 * fix already. closes: #195392, #211004, #222383 * fix menu problem. : closes: #195363, #234973 * I cannot reploduce this problem. I think they are fixed in upstream. + segmentation fault after conversion closes: #225330 + convert: hangs on GIF animations closes: #225322 -- Ryuichi Arafune Mon, 12 Apr 2004 11:04:13 +0900 imagemagick (5:5.5.7.9-1.1) unstable; urgency=high * Non-maintainer upload. * Raise epoch and revert back to version 5.5.7.9 to stop silent breakage of each package depending on one of the library packages. Rationale: Upstream changed the SONAME between 5.5.7.9 and 5.5.7.15, so we may only re-introduce 5.5.7.15 with changed package names. This upload un-breaks all apps that were built with 5.5.7.9. Those uploaded in the last week, however, have to be recompiled (again). Closes: #224363 * configure,magick/annotate.c: Hack in includes for ft2build.h to fix freetype support. Although never mentioned in the changelog, the hack must have appeared somewhere in the 5.5.7.15 packages. This is simply a rediff for 5.5.7.9 (and a typo fixed). -- Daniel Kobras Tue, 23 Dec 2003 13:30:51 +0100 imagemagick (4:5.5.7.15-2.1) unstable; urgency=high * NMU * [debian/rules] Explicitly configure --without-exif to ensure an exif dependency isn't introduced accidentally as was the case with -2 on i386. (Closes: #224587) -- J.H.M. Dassen (Ray) Sat, 20 Dec 2003 14:50:22 +0100 imagemagick (4:5.5.7.15-2) unstable; urgency=low * Rebuild to fix perlMagick problem. (closes: #224311) -- Ryuichi Arafune Thu, 18 Dec 2003 11:33:59 +0900 imagemagick (4:5.5.7.15-1) unstable; urgency=low * New upstream version. * libmagick++-dev : conflict with libmagick++5. (closes: #200986) -- Ryuichi Arafune Tue, 16 Dec 2003 12:25:56 +0900 imagemagick (4:5.5.7.9-2) unstable; urgency=low * libmagick++-dev: conflict with libmagck++5. closes: #200986 -- Ryuichi Arafune Tue, 19 Aug 2003 20:51:22 +0900 imagemagick (4:5.5.7.9-1) unstable; urgency=low * New upstream version. * fix unlink Changelog.html problem. closes: #196107 * Use libpng12-dev instead of libpng3-dev. closes:# 196746 -- Ryuichi Arafune Mon, 9 Jun 2003 10:44:54 +0900 imagemagick (4:5.5.7.6-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Sat, 31 May 2003 15:33:33 +0900 imagemagick (4:5.5.7.5-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Fri, 30 May 2003 20:27:28 +0900 imagemagick (4:5.5.7.4-2) unstable; urgency=low * Remove debhelper from libmagick-dev dependency: closes: #195106 -- Ryuichi Arafune Thu, 29 May 2003 10:15:51 +0900 imagemagick (4:5.5.7.4-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Mon, 26 May 2003 09:51:32 +0900 imagemagick (4:5.5.7.3-1) unstable; urgency=low * New upstream version. * Upstream fix: closes: #194306, #129990, #161422, #186610 * This is not ImageMagick bug. : closes: #190302 -- Ryuichi Arafune Fri, 23 May 2003 20:44:23 +0900 imagemagick (4:5.5.7.2-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Mon, 19 May 2003 16:35:31 +0900 imagemagick (4:5.5.7.1-2) unstable; urgency=low * change section of libmagick-dev, libmagick++-dev, and perlmagick. * Upstream fix closes: #161345, #172657 * Can save net image files in /tmp of your local: closes: #183469 -- Ryuichi Arafune Fri, 16 May 2003 15:11:16 +0900 imagemagick (4:5.5.7.1-1) unstable; urgency=low * New upstream version. * Upstream fix : closes: #182787 * remove dps dependencies. closes: #193230 -- Ryuichi Arafune Fri, 16 May 2003 09:57:10 +0900 imagemagick (4:5.5.7-1) unstable; urgency=low * New upstream version. closes: #185565 * Upstream fixes the 'Unsafe tmpfile handling'. closes: #186611 * Upstream fixes the followins: closes: #172787,#188378 * This is not ImageMagick application. closes: #185583 * Stop using libdps files. closes: #188623 * Wont fix. closes: #190579 -- Ryuichi Arafune Mon, 12 May 2003 10:12:36 +0900 imagemagick (4:5.5.5.3-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Mon, 3 Mar 2003 11:40:59 +0900 imagemagick (4:5.5.5.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Fri, 28 Feb 2003 21:52:37 +0900 imagemagick (4:5.5.5-2) unstable; urgency=low * Rebuuild to fix dependency problem. -- Ryuichi Arafune Wed, 26 Feb 2003 11:55:53 +0900 imagemagick (4:5.5.5-1) unstable; urgency=low * New upstream version. closes: #181678 * Remove 'c102' suffix from libmagick++. closes: #179706 -- Ryuichi Arafune Tue, 25 Feb 2003 09:54:07 +0900 imagemagick (4:5.5.4.4-1) unstable; urgency=low * New upstream version * Fix by the upstream. closes: #175194, #180116 -- Ryuichi Arafune Mon, 10 Feb 2003 12:55:46 +0900 imagemagick (4:5.5.4.3-4) unstable; urgency=low * Sorry for confusing. I believe this version can be really fixed. -- Ryuichi Arafune Tue, 4 Feb 2003 20:46:19 +0900 imagemagick (4:5.5.4.3-3) unstable; urgency=low * Really fix magick.mgk location problem. -- Ryuichi Arafune Tue, 4 Feb 2003 15:59:27 +0900 imagemagick (4:5.5.4.3-2) unstable; urgency=low * Fix magic.mgk location problem. -- Ryuichi Arafune Tue, 4 Feb 2003 11:04:48 +0900 imagemagick (4:5.5.4.3-1) unstable; urgency=low * New upstream version. * alread fixed: closes: #179257, #171816 * It's not a bug but a spec. montage use miff format internally. closes: #171100 -- Ryuichi Arafune Mon, 3 Feb 2003 17:30:15 +0900 imagemagick (4:5.5.3.2-2) unstable; urgency=low * confirm the following bugs are fixed: closes: #175998, #167832, #149730 * Add comment about non-X11 version. closes: #172785, #167806 * The upstream authors have their own BTS in sourceforge. And I have submitted magick-bugs. closes: #162876 * Some minor fix. (fix some minor lintian warning.) * libmagick++5.5.3c102 : Remove Provides: libmagick++5. closes: #174958 -- Ryuichi Arafune Wed, 22 Jan 2003 16:55:07 +0900 imagemagick (4:5.5.3.2-1) unstable; urgency=low * New upstream version. closes: #174912, #175603, #176457 * GCC 3.2 transition. closes: 176707 * change package name: libmagick++5.5.3 -> libmagick++5.5.3c102 * libmagick5.5.3 provides libmagick5, and libmagick++5.5.3c102 provides libmagick++5. closes: #174958 -- Ryuichi Arafune Wed, 22 Jan 2003 14:11:53 +0900 imagemagick (4:5.5.3-1) unstable; urgency=low * New upstream version. * libmagick-dev: conflicts with libmagick5. closes: #173095 -- Ryuichi Arafune Tue, 24 Dec 2002 18:28:29 +0900 imagemagick (4:5.5.2.5-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Tue, 10 Dec 2002 16:15:29 +0900 imagemagick (4:5.5.2.2-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Fri, 6 Dec 2002 12:29:33 +0900 imagemagick (4:5.5.2.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Thu, 5 Dec 2002 14:42:19 +0900 imagemagick (4:5.5.2-2) unstable; urgency=low * Fix dependence problem. -- Ryuichi Arafune Wed, 4 Dec 2002 09:55:29 +0900 imagemagick (4:5.5.2-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Mon, 2 Dec 2002 09:34:04 +0900 imagemagick (4:5.5.1.6-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Wed, 13 Nov 2002 10:00:48 +0900 imagemagick (4:5.5.1.4-5) unstable; urgency=low * Remove /usr/share/ImageMagick directory. closes: #167498 -- Ryuichi Arafune Tue, 5 Nov 2002 18:01:07 +0900 imagemagick (4:5.5.1.4-4) unstable; urgency=low * Fix conflict problem of libmagick5.5.1 and libmagick++5.5.1. * closes: #167396 -- Ryuichi Arafune Sat, 2 Nov 2002 11:13:40 +0900 imagemagick (4:5.5.1.4-3) unstable; urgency=low * Move libMagick.so to libmagick-dev. * closes: #167145 -- Ryuichi Arafune Fri, 1 Nov 2002 10:09:58 +0900 imagemagick (4:5.5.1.4-2) unstable; urgency=low * Build static library. -- Ryuichi Arafune Tue, 29 Oct 2002 22:04:35 +0900 imagemagick (4:5.5.1.4-1) unstable; urgency=low * New upstream version. * Fixed shlibs problems. closes: #165818, #166302 * Re-apply the patch for ltmain.sh. closes: #166334 -- Ryuichi Arafune Tue, 29 Oct 2002 10:10:06 +0900 imagemagick (4:5.5.1.3-2) unstable; urgency=low * Fix empty libmagick-dev problem. closes: #166302 -- Ryuichi Arafune Fri, 25 Oct 2002 19:02:37 +0900 imagemagick (4:5.5.1.3-1) unstable; urgency=low * New upstream version * closes: #161347 (by the upstream) * Rename the library packages name. closes: #165288, #165188 -- Ryuichi Arafune Wed, 23 Oct 2002 17:44:53 +0900 imagemagick (4:5.5.1.1-2) unstable; urgency=low * closes: #161925, #161349, #161348, #78431, #161896, #156234 * closes: #161346 (Use -resize !) * Add a comment about the upstream BTS in README.Debian. closes: #162876 -- Ryuichi Arafune Wed, 16 Oct 2002 16:55:17 +0900 imagemagick (4:5.5.1.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Wed, 16 Oct 2002 11:04:09 +0900 imagemagick (4:5.5.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Tue, 15 Oct 2002 11:03:21 +0900 imagemagick (4:5.4.9.1-1) unstable; urgency=low * New upstream version. * closes: #160817, #137894, #149122, #150985 * Please read man. I believe it's not a bug. ( anyway if you feel this is a bug, please send a bug report to the upstream). closes: #158959 -- Ryuichi Arafune Tue, 17 Sep 2002 17:49:19 +0900 imagemagick (4:5.4.9-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Tue, 10 Sep 2002 10:08:54 +0900 imagemagick (4:5.4.8.3-1) unstable; urgency=low * New upstream version. * closes: #159492 Bob's comment: While back in the ImageMagick 4.X.X days, was the header to include in order to use the ImageMagick API, this was changed several years ago to be . The magick.h header is now an internal implementation header which should not be seperately included. . Dependent programs should include ImageMagick like: . #include #include #include #include * Build against new libwmf-dev. closes: #160152 -- Ryuichi Arafune Sat, 7 Sep 2002 16:01:13 +0900 imagemagick (4:5.4.8.2-1.3) unstable; urgency=low * NMU for perl 5.8. Set perl build dependency to version 5.8. Use of a higher NMU version number, just in case. -- Josselin Mouette Sat, 24 Aug 2002 01:32:24 +0200 imagemagick (4:5.4.8.2-1) unstable; urgency=low * New upstream version. closes: #156234 * Build against libpng3-dev. closes: #156838, #156759 * This is not a bug, I believe. Read man. closes: #156135 -- Ryuichi Arafune Fri, 23 Aug 2002 09:36:24 +0900 imagemagick (4:5.4.8-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Mon, 19 Aug 2002 12:05:19 +0900 imagemagick (4:5.4.7.4-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Tue, 16 Jul 2002 09:26:04 +0900 imagemagick (4:5.4.7.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Sat, 6 Jul 2002 11:37:12 +0900 imagemagick (4:5.4.7-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Mon, 1 Jul 2002 21:25:34 +0900 imagemagick (4:5.4.6.3-2) unstable; urgency=low * Apply a patch for ltmain.sh (bug #98342) -- Ryuichi Arafune Fri, 28 Jun 2002 17:55:09 +0900 imagemagick (4:5.4.6.3-1) unstable; urgency=low * New upstream version. * Because of the bug #149223(libtool problem), this version of imagemagick cannot build if you have not installed libmagick5-dev. Don't let me know this problem, I have known about that. If you can find the elegant way to avoid this problem, let me know please. -- Ryuichi Arafune Mon, 24 Jun 2002 10:31:41 +0900 imagemagick (4:5.4.6.2-1) unstable; urgency=low * New upstream version. * closes: #150445 * Because of the bug #149223(libtool problem), this version of imagemagick cannot build if you have not installed libmagick5-dev. Don't let me know this problem, I have known about that. If you can find the elegant way to avoid this problem, let me know please. -- Ryuichi Arafune Fri, 21 Jun 2002 12:36:11 +0900 imagemagick (4:5.4.6.1-1) unstable; urgency=low * New upstream version. * closes: #149279 -- Ryuichi Arafune Tue, 11 Jun 2002 14:06:02 +0900 imagemagick (4:5.4.6-4) unstable; urgency=low * TEST -- Ryuichi Arafune Mon, 10 Jun 2002 23:20:31 +0900 imagemagick (4:5.4.6-3) unstable; urgency=low * Sorry, the previous version does not work correctly. * This version hopefully works, but cannot be built without libmagick5-dev. -- Ryuichi Arafune Mon, 10 Jun 2002 22:21:26 +0900 imagemagick (4:5.4.6-2) unstable; urgency=low * Depends on liblcms1. -- Ryuichi Arafune Mon, 10 Jun 2002 10:27:35 +0900 imagemagick (4:5.4.6-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Wed, 5 Jun 2002 12:27:07 +0900 imagemagick (4:5.4.5.1-1) unstable; urgency=low * New upstream version. * Hopefully, this bug is closed. please check because I don't have Hurd. closes: #144687 -- Ryuichi Arafune Mon, 13 May 2002 10:32:23 +0900 imagemagick (4:5.4.4.5-3) unstable; urgency=low * Rewrite README.Debian closes:#145328 (I thank David B Harris for his help of my poor English.) -- Ryuichi Arafune Wed, 1 May 2002 09:46:49 +0900 imagemagick (4:5.4.4.5-2) unstable; urgency=low * Debian does not have ral-cgm package, ImageMagcik of Debian cannot handle cgm format. ( I add the comment about that in README.Debian.) closes: #143359 * I believe this is not package bug. closes: #142277 -- Ryuichi Arafune Tue, 23 Apr 2002 17:03:29 +0900 imagemagick (4:5.4.4.5-1) unstable; urgency=low * New upstream (minor) version. -- Ryuichi Arafune Fri, 12 Apr 2002 19:29:39 +0900 imagemagick (4:5.4.4.4-1) unstable; urgency=low * New upstream (minor) version. * closes: #141668 -- Ryuichi Arafune Mon, 8 Apr 2002 10:12:41 +0900 imagemagick (4:5.4.4.2-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Wed, 3 Apr 2002 22:55:56 +0900 imagemagick (4:5.4.4.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Wed, 3 Apr 2002 14:14:00 +0900 imagemagick (4:5.4.3.11-2) unstable; urgency=low * fix doc-base problem. closes: #137508 -- Ryuichi Arafune Mon, 11 Mar 2002 11:03:19 +0900 imagemagick (4:5.4.3.11-1) unstable; urgency=low * New upstream version. * This bug is alread fixed in the previous one. closes: #137036 -- Ryuichi Arafune Thu, 7 Mar 2002 11:53:57 +0900 imagemagick (4:5.4.3.10-1) unstable; urgency=low * New upstream version. * add --with-gs-font-dir in configure. closes: #136327 -- Ryuichi Arafune Mon, 4 Mar 2002 19:47:39 +0900 imagemagick (4:5.4.3.6-2) unstable; urgency=low * Move Magick++-config to libmagick++5-dev from imagemagick. closes: #136049, #135951 -- Ryuichi Arafune Wed, 27 Feb 2002 23:13:42 +0900 imagemagick (4:5.4.3.6-1) unstable; urgency=low * New upstream version. * Add libmagick5-dev in Depends field of libmagick5++-dev. Since magick++ use magick/api.h which is in libmagick5-dev. Suggested by Pablo diaz gutierrez, Thanks. -- Ryuichi Arafune Wed, 27 Feb 2002 20:22:33 +0900 imagemagick (4:5.4.3.5-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Mon, 25 Feb 2002 15:19:06 +0900 imagemagick (4:5.4.3.4-1) unstable; urgency=low * New upstream version. closes: #123133, #126968 * Add libwmf-dev and liblcms-dev in Depends field of libmagick5-dev. closes: #134973 -- Ryuichi Arafune Fri, 22 Feb 2002 13:37:11 +0900 imagemagick (4:5.4.3.2-1) unstable; urgency=low * New upstream version. closes: #97459 * Add comment about 16 bit pixel mode in README.Debian. closes: #123874. (Mennucc, If you really serious this problem, you can contact the upstream author as I do. They have own BTS for ImageMagick.) * Move delegate.mgk to libmagick5. closes: #134717 -- Ryuichi Arafune Wed, 20 Feb 2002 12:57:22 +0900 imagemagick (4:5.4.3.1-1) unstable; urgency=low * New upstream version. * closes: #128891, #132688, #128266, #134510, #132707 * use x-ternimal-enulator instead of xterm. closes: #132947 * It is not a bug, and I won't change the location of display in menu system. closes: #120065 -- Ryuichi Arafune Tue, 19 Feb 2002 11:46:17 +0900 imagemagick (4:5.4.2.3-1) unstable; urgency=low * New upstream vesrion. * imagemagick depends libmagick5 which has the same version number. closes: #130268 -- Ryuichi Arafune Thu, 24 Jan 2002 13:45:13 +0900 imagemagick (4:5.4.2.2-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Tue, 8 Jan 2002 18:08:08 +0900 imagemagick (4:5.4.1.2-3) unstable; urgency=low * Fix typo in description. closes: #125230 * Remove empty directories in imagemagick. closes: #125395 -- Ryuichi Arafune Tue, 18 Dec 2001 10:03:09 +0900 imagemagick (4:5.4.1.2-2) unstable; urgency=low * Rebuild with Debian "Official" libwmf. -- Ryuichi Arafune Tue, 11 Dec 2001 18:47:11 +0900 imagemagick (4:5.4.1.2-1) unstable; urgency=low * New upstream version. * Remove the useless /usr/X11R6 directory. closes: #122045 -- Ryuichi Arafune Mon, 10 Dec 2001 15:15:44 +0900 imagemagick (4:5.4.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Tue, 4 Dec 2001 20:38:17 +0900 imagemagick (4:5.4.0.5-2) unstable; urgency=low * Fix dependency problem ( add the epoch number in shlibs.local ) -- Ryuichi Arafune Tue, 13 Nov 2001 19:24:18 +0900 imagemagick (4:5.4.0.5-1) unstable; urgency=low * New upstrem version. -- Ryuichi Arafune Fri, 9 Nov 2001 10:53:35 +0900 imagemagick (4:5.4.0.3-1) unstable; urgency=low * New upstream version. closes: #117052, #113309 * The current imagemagick will use libhdf version5 (not 4). However this feature is not stable, in fact the default is off. closes: #88549 -- Ryuichi Arafune Wed, 7 Nov 2001 17:05:05 +0900 imagemagick (4:5.4.0.2-1) unstable; urgency=low * New upstream version. * closes: #115364, #114767, #115275, #113600 * I think this is not a bug. closes: #66807 -- Ryuichi Arafune Mon, 5 Nov 2001 15:18:07 +0900 imagemagick (4:5.4.0-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Thu, 1 Nov 2001 18:34:13 +0900 imagemagick (4:5.3.9-2) unstable; urgency=low * Remove xlib6g-dev and add xlibs-dev in depends line of libmagick5. * closes: #114654 -- Ryuichi Arafune Mon, 8 Oct 2001 12:18:33 +0900 imagemagick (4:5.3.9-1) unstable; urgency=low * New upstream version. * closes: #113634, #112799, #113286 -- Ryuichi Arafune Wed, 3 Oct 2001 09:21:07 +0900 imagemagick (4:5.3.8.1-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Sat, 8 Sep 2001 16:13:00 +0900 imagemagick (4:5.3.8-2) unstable; urgency=low * Applied some patches from the 'really released version' -- Ryuichi Arafune Wed, 5 Sep 2001 12:36:48 +0900 imagemagick (4:5.3.8-1) unstable; urgency=low * ImageMagick is not a debian native package. * The released version of 5.3.8. -- Ryuichi Arafune Mon, 3 Sep 2001 11:20:44 +0900 imagemagick (3:5.3.8-2) unstable; urgency=low * Remove incorrect /usr/include/config.h file. closes: #108292 -- Ryuichi Arafune Thu, 30 Aug 2001 19:09:38 +0900 imagemagick (3:5.3.8-1) unstable; urgency=low * New upstream version. * following bugs are hopefully fixed. closes: #109924, #109924, #103328, #107291, #103774 -- Ryuichi Arafune Thu, 30 Aug 2001 15:30:16 +0900 imagemagick (3:5.3.7-4) unstable; urgency=low * Remove enpty directories. closes: #108713 * This report is not a bug. It's a policy of imagemagick. closes: #97082 * The current imagemagick does not support libwmf0.2. I believe the feature imagemagick supports it. libwmf0.2-0 doesn't depend on netpbm which depends on c shell. Anyway so I believe the bug report #88977 can be closed. closes: #88977 -- Ryuichi Arafune Wed, 15 Aug 2001 12:39:19 +0900 imagemagick (3:5.3.7-3) unstable; urgency=low * Reupload * Fix collect dependency. closes: #107803 * (doc-base) Change Section: Apps/graphics -> Apps/Graphics closes: #108009 -- Ryuichi Arafune Tue, 14 Aug 2001 12:42:45 +0900 imagemagick (3:5.3.7-2) unstable; urgency=low * Fix collect dependency. closes: #107803 * (doc-base) Change Section: Apps/graphics -> Apps/Graphics closes: #108009 -- Ryuichi Arafune Tue, 14 Aug 2001 12:13:24 +0900 imagemagick (3:5.3.7-1) unstable; urgency=low * New upstream version. * closes: #104136, #101944 -- Ryuichi Arafune Mon, 30 Jul 2001 12:08:08 +0900 imagemagick (3:5.3.5-4) unstable; urgency=low * Applied more patch provided by M. Wilcox. closes: #105268, #105269, #105279, #105328, #105369 -- Ryuichi Arafune Mon, 16 Jul 2001 12:28:42 +0900 imagemagick (3:5.3.5-3) unstable; urgency=low * Applied a patch provided by M. Wilcox. Thanks. closes: #104616, #104767 -- Ryuichi Arafune Sat, 14 Jul 2001 15:00:54 +0900 imagemagick (3:5.3.5-2) unstable; urgency=low * Remove libc6-dev from Build-Depends -- Ryuichi Arafune Tue, 10 Jul 2001 18:44:10 +0900 imagemagick (3:5.3.5-1) unstable; urgency=low * New upstream version. closes: #90504, #97173 * Some minor bugs are fixed. closes: #84856, #99270 * Cannot reproduce these report. closes: #98836, #94601 * Build PerlMagick from the same imagemagick.{version}.orig.tar.gz -- Ryuichi Arafune Fri, 29 Jun 2001 23:45:32 +0900 imagemagick (1:5.3.3-5) unstable; urgency=low * Oops!!!, I have added -enable-lzw in configure in the previous. -- Ryuichi Arafune Mon, 21 May 2001 21:31:07 +0900 imagemagick (1:5.3.3-4) unstable; urgency=low * Set section for each package. (imagemagick->graphics, lib* -> libs, lib*-dev -> devel) -- Ryuichi Arafune Mon, 21 May 2001 20:18:23 +0900 imagemagick (1:5.3.3-3.1) unstable; urgency=low * TEST version. -- Ryuichi Arafune Fri, 18 May 2001 21:57:24 +0900 imagemagick (1:5.3.3-3) unstable; urgency=low * config.guess and config.sub are updated. closes: #96422 -- Ryuichi Arafune Fri, 18 May 2001 21:38:07 +0900 imagemagick (1:5.3.3-2) unstable; urgency=low * Fix dependency problem. closes: #97868, #97807 * Add image/pjpeg to /usr/lib/mime/imagemagick. closes: #97102 * This bug was already fixed. closes: #69933 -- Ryuichi Arafune Fri, 18 May 2001 12:06:21 +0900 imagemagick (1:5.3.3-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Tue, 15 May 2001 13:20:53 +0900 imagemagick (1:5.3.0-4) unstable; urgency=low * Fix uncollect symlink. -- Ryuichi Arafune Wed, 21 Mar 2001 20:30:46 +0900 imagemagick (1:5.3.0-3) unstable; urgency=low * symlink doc/Changelog.html to doc/www/Changelog.html. closes: #88969 -- Ryuichi Arafune Thu, 15 Mar 2001 00:51:25 +0900 imagemagick (1:5.3.0-2) unstable; urgency=low * Apply a patch to fix thereading problem. * This is an updated version of ImageMagick. * closes: #63079 -- Ryuichi Arafune Thu, 8 Mar 2001 10:19:36 +0900 imagemagick (1:5.3.0-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Sat, 3 Mar 2001 15:01:47 +0900 imagemagick (1:5.2.9-2) unstable; urgency=low * Remove freetype6-dev from Build-Depends. closes: #86859 * This is too old bug, and now magick++ does not exist in Debian. closes: #87366 -- Ryuichi Arafune Sat, 3 Mar 2001 13:45:43 +0900 imagemagick (1:5.2.9-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Thu, 15 Feb 2001 14:09:09 +0900 imagemagick (1:5.2.8-1) unstable; urgency=low * New upstream version. -- Ryuichi Arafune Thu, 8 Feb 2001 19:00:41 +0900 imagemagick (1:5.2.7-2) unstable; urgency=medium * Add menu hints. closes: #82333 -- Ryuichi Arafune Mon, 15 Jan 2001 18:45:12 +0900 imagemagick (1:5.2.7-1.1) unstable; urgency=medium * test build -- Ryuichi Arafune Thu, 4 Jan 2001 17:58:54 +0900 imagemagick (1:5.2.7-1) unstable; urgency=medium * New upstream version. closes: #70578 * This bug is already fixed. closes: #81030, #80088 -- Ryuichi Arafune Thu, 4 Jan 2001 13:31:46 +0900 imagemagick (1:5.2.6-3) unstable; urgency=medium *(libmagick5) Conflicts imagemagick (<=5.2.6-1) closes: #79936 -- Ryuichi Arafune Tue, 19 Dec 2000 10:27:58 +0900 imagemagick (1:5.2.6-2) unstable; urgency=medium * move files in share/ImageMagick/ to libmagcik5 closes: #79898 -- Ryuichi Arafune Mon, 18 Dec 2000 22:24:23 +0900 imagemagick (1:5.2.6-1) unstable; urgency=medium * New upstream version. -- Ryuichi Arafune Thu, 14 Dec 2000 18:33:32 +0900 imagemagick (1:5.2.5-3.2) unstable; urgency=medium * Test build --with-modules -- Ryuichi Arafune Sat, 2 Dec 2000 14:05:12 +0900 imagemagick (1:5.2.5-3.1) unstable; urgency=medium * Private Package. For LZW Version. -- Ryuichi Arafune Sat, 25 Nov 2000 19:07:31 +0900 imagemagick (5.2.5-3) unstable; urgency=medium * Build with libdsp1. closes: #77249 * fix the bugs by upstream. closes: #65297, #69333 , #70578 -- Ryuichi Arafune Sat, 25 Nov 2000 18:20:39 +0900 imagemagick (5.2.5-2) unstable; urgency=medium * Build with XFree86-4.0 -- Ryuichi Arafune Mon, 13 Nov 2000 12:16:51 +0900 imagemagick (5.2.5-1) unstable; urgency=medium * New upstream version. * The following bugs are closed. closes: #69279, #72745 -- Ryuichi Arafune Tue, 7 Nov 2000 23:30:07 +0900 imagemagick (5.2.4-1) unstable; urgency=medium * New upstrem version. * Build libmagick++ from the same source. -- Ryuichi Arafune Mon, 16 Oct 2000 22:54:27 +0900 imagemagick (5.2.3-1) unstable; urgency=medium * New upstream version * (debian/rules) : Revised comment to build the LZW version. * libmagick5-dev: (control): Suggests -dev packages which Magick-config use closes: #70106 -- Ryuichi Arafune Thu, 7 Sep 2000 09:55:52 +0900 imagemagick (5.2.2-5) unstable; urgency=medium * TEST PACKAGE -- Ryuichi Arafune Mon, 21 Aug 2000 22:30:06 +0900 imagemagick (5.2.2-4) unstable; urgency=medium * Fix convert problem. closes: #69279 -- Ryuichi Arafune Mon, 21 Aug 2000 22:17:08 +0900 imagemagick (5.2.2-3) unstable; urgency=medium * Compile with libxml2. closes: #66808 -- Ryuichi Arafune Mon, 21 Aug 2000 10:45:35 +0900 imagemagick (5.2.2-2) unstable; urgency=medium * Depends libmagick5(>=5.2.2). closes: #68795 -- Ryuichi Arafune Wed, 9 Aug 2000 13:41:04 +0900 imagemagick (5.2.2-1) unstable; urgency=medium * New upstream version. closes: #67402 -- Ryuichi Arafune Wed, 26 Jul 2000 15:33:22 +0900 imagemagick (5.2.1-1) unstable; urgency=medium * New upstream version. closes: #66033 -- Ryuichi Arafune Thu, 29 Jun 2000 12:48:31 +0900 imagemagick (5.2.0-5) unstable; urgency=medium * (libmagick5-dev) "Replaces: imagemagick (<< 5.2.0-3)" in control data closes: #65593 -- Ryuichi Arafune Wed, 14 Jun 2000 01:15:43 +0900 imagemagick (5.2.0-4) unstable; urgency=medium * (control) add: lprng. * Add the information about printing. closes: #65475 -- Ryuichi Arafune Mon, 12 Jun 2000 14:53:18 +0900 imagemagick (5.2.0-3) unstable; urgency=medium * add debhelper to Build-Depends; closes: #65417 * This bug is already fixed in the current version. closes: #65366 -- Ryuichi Arafune Sat, 10 Jun 2000 10:02:22 +0900 imagemagick (5.2.0-2) unstable; urgency=medium * Move Magick-config to libmagick5. -- Ryuichi Arafune Thu, 8 Jun 2000 22:51:38 +0900 imagemagick (5.2.0-1) unstable; urgency=medium * New upstream version. Many bug fixed. closes: #52266, #60878, #27434 -- Ryuichi Arafune Wed, 31 May 2000 13:47:26 +0900 imagemagick (5.1.1-13) unstable; urgency=medium * The bug #62964 is already fixed in current (>5.1.1-1) version. * (imagemagick.mime) bmp -> x-ms-bmp closes: #63699, #62964 -- Ryuichi Arafune Mon, 8 May 2000 11:50:50 +0900 imagemagick (5.1.1-12) unstable; urgency=medium * Applied backward patches from 5.2(beta) to fix some bugs. Closes: #59603 -- Ryuichi Arafune Wed, 8 Mar 2000 10:45:00 +0900 imagemagick (5.1.1-11) unstable; urgency=medium * Add suggests: html2ps closes: #59066 * This bug is alread fixed in current version. closes: #58406 * libmagick5: Remove conflicts of libmagick4g closes: #58969 -- Ryuichi Arafune Mon, 28 Feb 2000 12:00:37 +0900 imagemagick (5.1.1-10) unstable; urgency=medium * Add Build-Depends field. closes: #58813, #46764, #26076 -- Ryuichi Arafune Thu, 24 Feb 2000 19:02:41 +0900 imagemagick (5.1.1-9) unstable; urgency=medium * Fixed #58813 again. -- Ryuichi Arafune Thu, 24 Feb 2000 18:50:45 +0900 imagemagick (5.1.1-8) unstable; urgency=medium * Fixed missing befor %%EndData bug. Closes: #46764 * Fixed dependency problem. Closes: #58813 * add comment for mpeg2. Closes: #26076 -- Ryuichi Arafune Sat, 19 Feb 2000 14:46:07 +0900 imagemagick (5.1.1-7) unstable; urgency=medium * I separate the libmagick++ and perlmagick from this source to avoid "Important" Bug #58406. I do not know whether this is the most elegant way. But I can resolve in this way. If you know more elegant way, please let me know. -- Ryuichi Arafune Sat, 19 Feb 2000 12:37:50 +0900 imagemagick (5.1.1-6) frozen unstable; urgency=medium * To Fix bug #55616 in frozen. I upload imagemagick package and dgs packages to frozen. -- Ryuichi Arafune Wed, 16 Feb 2000 21:29:40 +0900 imagemagick (5.1.1-5) unstable; urgency=medium * Refix menu bug closes: #35806 * Following bugs have already been closed. closes: #40648, #42855, #55616, #26906, #29829, #30480, #36907, #42796 closes: #44963, #45776, #45902, #50648, #53750 -- Ryuichi Arafune Wed, 16 Feb 2000 11:23:08 +0900 imagemagick (5.1.1-4) unstable; urgency=medium * Fix Dependency problem (the version of dpsclient must be greater than 0.5.9.1) * Some of bugs closing correctry. (due to my typo, they are not cloased) closes: #54750 closes: #50392 -- Ryuichi Arafune Wed, 9 Feb 2000 11:48:56 +0900 imagemagick (5.1.1-3) unstable; urgency=medium * rename packages libmagick5g -> libmagick5 libmagick5g++ -> libmagick++0 -- Ryuichi Arafune Tue, 8 Feb 2000 10:21:24 +0900 imagemagick (5.1.1-2) unstable; urgency=medium * change control/description of libmagick5g * include scripts/xnap in ./example directory * Bug#54750 is already fixed in previous version. clsees: #54750 * Bug#50392 is already fixed in previous version. clsees: #50392 * In my system, convert eps to other file format (Tiff, jpeg ...) Then I close Bug#55616. closes: #55616 If you cannot run that, please reopen it. * closes: #30480 * closes: #29829 * closes: #45776 * closes: #53750 -- Ryuichi Arafune Fri, 4 Feb 2000 12:45:01 +0900 imagemagick (5.1.1-1) unstable; urgency=medium * enable HDF format. (Bug#47309) * New upstream. (Bug#30408) * Not build libimagemagick-lzw (non-free version) * Add Magick-config.1 (Bug#47496) * Add libmagick5g++ and libmagick5++-dev (Bug#43513) * Fix html image location bug. (Bug#42910) * doc-base support (Bug#31196) * Fix mime type bug (Bug#56234) * Fix some imagemagick bugs (Bug#30465), (Bug#27672) * Fix perlmagick bug (Bug#54349) * !!! To Bug Submitters !!! If you find that your reported bug is fixed by upstream upgrade, please let me know by E-mail. -- Ryuichi Arafune Thu, 3 Feb 2000 13:05:15 +0900 imagemagick (4.2.8-5) frozen unstable; urgency=medium * New maintainer * Fixed some bugs (Bug#54192,27124,27672,27735) * I fixed the Grave Bug(Bug#54192) which i submitted, I uploaded this package to frozen. * I dont know Bug#55616 is fixed, If you know the bug is fixed or not. Please let me know. -- Ryuichi Arafune Thu, 3 Feb 2000 10:25:54 +0900 imagemagick (4.2.8-4.1) unstable; urgency=medium * Recompiled because convert depends on the new libbz2 (closes: #49786) -- Richard Braakman Sun, 19 Dec 1999 17:52:05 +0100 imagemagick (4.2.8-4) unstable; urgency=low * Fixed dependancies on libmagick4g (closes: #43424) * Fixed perlmagick (closes: #42855) -- Christian Kurz Thu, 26 Aug 1999 19:55:02 +0200 imagemagick (4.2.8-3) unstable; urgency=low * Fixed perlmagick. -- Christian Kurz Thu, 12 Aug 1999 09:02:12 +0200 imagemagick (4.2.8-2) unstable; urgency=low * Modified prerm (closes: #42739) * Added a dependancy for libmagick4g (closes: #42796) -- Christian Kurz Tue, 10 Aug 1999 21:14:23 +0200 imagemagick (4.2.8-1) unstable; urgency=low * New upstream, non-maintainer release with permission of Scott. * Modified PerlMagick/Makefile.PL.in to build the package (closes: #24877, #40173). * Modified menu-entry for display. (closes: #26634, #35806) * Changed from install-mime to update-mime. (closes: #28209) * Recompiled imagemagick with new libc6. (closes: #38578, #38248, #40307) * Recompiled without libjpeg6a. (closes #40415, #40898) -- Christian Kurz Sat, 7 Aug 1999 15:38:15 +0200 imagemagick (4.2.2-0.1) unstable; urgency=low * NMU for the perl-5.005 upgrade. * Follow the new perl policy. -- Raphael Hertzog Fri, 2 Jul 1999 22:42:14 +0200 imagemagick (4.2.2-0.0) frozen unstable; urgency=low * New upstream, non-maintainer release. Scott said it was ok.. (reupload with source) -- Joey Hess Mon, 12 Apr 1999 15:44:42 -0700 imagemagick (4.0.4-3) frozen unstable; urgency=low * Fixed menu entry (Bug #20523) * Upstream changes are all bugfixes, as are the changes in the package. This can safely go into frozen. -- Scott K. Ellis Wed, 1 Apr 1998 14:20:57 -0500 imagemagick (4.0.4-2) unstable; urgency=low * Altered conflicts for libmagick4-dev to properly conflict with lzw version. -- Scott K. Ellis Mon, 30 Mar 1998 15:14:39 -0500 imagemagick (4.0.4-1) unstable; urgency=low * New upstream version. Perlmagick version changed so we can fall back to the proper debian version numbering scheme. -- Scott K. Ellis Mon, 30 Mar 1998 14:43:53 -0500 imagemagick (4.0.3-8) frozen unstable; urgency=low * Run libtoolize from Debian's libtool to make library dependancies stick. This makes libmagick4g actually have the correct dependancies. * Fix up configure.in with libtool -rpath workaround while we're at it. * This cleans up lintian warnings and is a bugfix. It should go into frozen. -- Scott K. Ellis Wed, 18 Mar 1998 15:23:54 -0500 imagemagick (4.0.3-7) unstable; urgency=low * Install changelog for perlmagick * Modify debian/rules to use dh_movefiles -- Scott K. Ellis Thu, 12 Mar 1998 14:44:16 -0500 imagemagick (4.0.3-6) unstable; urgency=low * New upstream version. Same silly break in debian numbering to accomidate the fact that perlmagick still hasn't changed version numbers. * Compiling with perl5.004.04-5 so that perlmagick should have library dependancies this time. -- Scott K. Ellis Thu, 12 Mar 1998 14:07:40 -0500 imagemagick (4.0.2-5) unstable; urgency=low * Recompile with libjpegg6a 6a-11 so that we don't die on jpeg opening. -- Scott K. Ellis Tue, 10 Mar 1998 10:23:44 -0500 imagemagick (4.0.2-4) unstable; urgency=low * Fix so we use /var/tmp instead of /usr/tmp (Fixed #19117) * The following bugs were fixed in earlier releases, closing now that the uploads have been processed: * Menu uses /usr/X11R6/bin (Fixes #13478) * Copyright includes upstream source information (Fixes #15168) * Package description spelling fixed (Fixes #18935) * Upstream fixes (Fixes #15109, #16117) * Dependancy fixes (Fixes #15242) -- Scott K. Ellis Mon, 9 Mar 1998 09:28:43 -0500 imagemagick (4.0.2-3) unstable; urgency=low * New upstream release. Wierd version sequence since the perlmagick version number didn't change. Only minor changes between this release and 4.0.1 -- Scott K. Ellis Fri, 27 Feb 1998 17:13:30 -0500 imagemagick (4.0.1-2) unstable; urgency=low * Recompile, since a new freetype1 replaced freetype0. -- Scott K. Ellis Tue, 24 Feb 1998 09:16:20 -0500 imagemagick (4.0.1-1) unstable; urgency=low * Building perlmagick from this source as well. Added magic to the rules file to give perlmagick the proper version number (different from the imagemagick version number). * Using autoconf method of building, since it seems to get almost everything right. I hacked the configure.in and a few other files to get freetype and hdf to compile in, (older versions of this package were built with xmkmf) * Rebuilding entire package from scratch for new version. I've only borrowed a little from older versions of the imagemagick package, mostly the mime-type stuff. * New upstream source. * New maintainer. -- Scott K. Ellis Fri, 20 Feb 1998 12:50:05 -0500