Advisory ======== This is a security and bugfix update. References ========== http://www.graphicsmagick.org/NEWS.html#july-20-2019 Files ===== Uploaded to core/updates_testing graphicsmagick-1.3.33-1.mga7 lib64graphicsmagick3-1.3.33-1.mga7 lib64graphicsmagick++12-1.3.33-1.mga7 lib64graphicsmagickwand2-1.3.33-1.mga7 lib64graphicsmagick-devel-1.3.33-1.mga7 perl-Graphics-Magick-1.3.33-1.mga7 graphicsmagick-doc-1.3.33-1.mga7 from graphicsmagick-1.3.33-1.mga7.src.rpm
Assignee: smelror => qa-bugs
*** Bug 25257 has been marked as a duplicate of this bug. ***
Advisory ======== This is a security and bugfix update. References ========== http://www.graphicsmagick.org/NEWS.html#july-20-2019 Files ===== Uploaded to core/updates_testing graphicsmagick-1.3.33-1.mga6 lib64graphicsmagick3-1.3.33-1.mga6 lib64graphicsmagick++12-1.3.33-1.mga6 lib64graphicsmagickwand2-1.3.33-1.mga6 lib64graphicsmagick-devel-1.3.33-1.mga6 perl-Graphics-Magick-1.3.33-1.mga6 graphicsmagick-doc-1.3.33-1.mga6 from graphicsmagick-1.3.33-1.mga6.src.rpm
Whiteboard: (none) => MGA6TOO
Summary: Update Candidate mga7: GraphicsMagic 1.3.33 => graphicsmagick 1.3.33 fixes security issuesComponent: RPM Packages => SecurityQA Contact: (none) => security
mga7, x86_64 Shall test this later, mga6 too. Spending some time chasing up the clusterfuzz security issues (6 listed between 2018-08-28 and 2019-04-28).
CC: (none) => tarazed25
Hmm. It looks like there are no straightforward Proofs of Concept for these issues. The test cases are designed to be run within the clusterfuzz framework which involves a local build with ASAN run in a docker container by the look of it. Certainly not worth our following up. So all QA can do is exercise the GM utilities, as per usual. Later.
mga7, x86_64 Installed the packages. $ gm version GraphicsMagick 1.3.33 2019-07-20 Q8 http://www.GraphicsMagick.org/ Copyright (C) 2002-2019 GraphicsMagick Group. [...] Feature Support: Native Thread Safe yes Large Files (> 32 bit) yes Large Memory (> 32 bit) yes BZIP yes [...] $ gm import screenshot.png $ eom screenshot.png Perfect copy. $ gm convert -rotate 90 harbour.tif harbour90.jpg $ gm display harbour90.jpg Picture rotated 90° clockwise. Create an image stack. $ ./gmtest.pl $ ll frames.gif -rw-r--r-- 1 lcl lcl 10120013 Aug 13 11:09 frames.gif $ gm animate frames.gif Displays four images in quick succession. $ gm animate -delay 100 frames.gif Continuous loop, 1 frame per second. $ cat gmtest.pl #!/bin/env perl # http://www.graphicsmagick.org/perl.html#example-script use Graphics::Magick; my($image, $status); $image = Graphics::Magick->new; $status = $image->Read('frame1.png', 'frame2.png', 'frame3.png', 'frame4.png'); warn "$status" if "$status"; $status = $image->Write('frames.gif'); warn "$status" if "$status"; $ gm montage frame*.png frames.jpg $ gm display frames.jpg Shows a mosaic of 12 thumbnail images. $ gm montage frame*.gif frames.gif $ gm display frames.gif Mosaic of 13 GIFs in a 6x3 arrangement. Shrink an image, overwriting the original. $ gm identify MartianCrater.tif MartianCrater.tif TIFF 1638x1410+0+0 DirectClass 8-bit 1.9Mi 0.000u 0m:0.000005s $ gm mogrify -resize 50% MartianCrater.tif gm mogrify: MartianCrater.tif: Invalid tag "BadFaxLines" (not supported by codec). (_TIFFVGetField). $ gm identify MartianCrater.tif MartianCrater.tif TIFF 819x705+0+0 DirectClass 8-bit 585.0Ki 0.000u 0m:0.000005s The BadFaxLines issue has been part of the TIFF processing functions forever. It is not a regression and does not seem to affect the quality of the images. More perl code. $ cat graffiti.pl #!/bin/env perl use Graphics::Magick; my($image, $p, $q); $image = Graphics::Magick->new; $image->Set(size=>'100x100'); $image->ReadImage('xc:white'); #$image->Set('pixel[49,49]'=>'red'); $image->Draw(stroke=>'red', primitive=>'rectangle', points=>'20,20 80,80'); $image->Write('x.ppm'); undef $image; $p = Graphics::Magick->new; $p->Read('J*.ppm'); $p->Draw(stroke=>'red', primitive=>'rectangle', points=>'20,20 120,120'); $p->Draw(stroke=>'red', primitive=>'rectangle', points=>'21,21 119,119'); $p->Draw(stroke=>'red', primitive=>'rectangle', points=>'22,22 118,118'); $p->Draw(stroke=>'red', primitive=>'rectangle', points=>'23,23 117,117'); $p->Write('xyz.ppm'); undef $p; $ perl graffiti.pl $ gm display x.ppm Generates an image of a white square with a superimposed red square. $ gm display xyz.ppm Resulting image is the original with a red square in one corner. Good enough for 64-bits.
Whiteboard: MGA6TOO => MGA6TOO MGA7-64-OK
mga6, x86_64 Updated the packages and ran a batch of tests similar to or the same as those detailed in comment 5, with similar results. This is good for 64-bits.
Whiteboard: MGA6TOO MGA7-64-OK => MGA6-64-OK MGA7-64-OK
CC: (none) => tmbWhiteboard: MGA6-64-OK MGA7-64-OK => MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0228.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED