Update to 6.9.9-3. Fixes bug #1299275

Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485
Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470
Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463
Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845
Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391
Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847
Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824
Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801
Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798
Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796
Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774
Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757
Fix CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function - bug #1473717
Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835
Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121
Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669
Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253
Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584
Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898
Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444
Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446
Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445
Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510
Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442
Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478
Fix CVE-2016-10071 ImageMagick: Out-of-bounds read in mat.c - bug #1410513
Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469
Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466
Fix CVE-2016-10052 ImageMagick: Out-of-bounds write in exif (jpeg) reader - bug #1410459
Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454
Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452
Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448
Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698
Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141
Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138
ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428
Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,1378739,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,1378756,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,1378767,1378768,1378772,1378773,1378775,1378776,1378777,1378790
Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file  - bug #1354500,1361578

.gitignore

@@ -22,3 +22,4 @@ ImageMagick-6.4.0-multilib.patch
 /ImageMagick-6.9.1-3.tar.bz2
 /ImageMagick-6.9.2-7.tar.xz
 /ImageMagick-6.9.3-0.tar.xz
+/ImageMagick-6.9.9-3.tar.xz

ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch

@@ -1,28 +0,0 @@
-diff -NurEbBH ImageMagick-6.9.2-7.orig/wand/MagickWand-config.in ImageMagick-6.9.2-7/wand/MagickWand-config.in
---- ImageMagick-6.9.2-7.orig/wand/MagickWand-config.in	2015-11-26 17:14:07.000000000 +0300
-+++ ImageMagick-6.9.2-7/wand/MagickWand-config.in	2015-12-05 21:53:37.350660894 +0300
-@@ -38,19 +38,19 @@
-       echo '@PACKAGE_VERSION@ Q@QUANTUM_DEPTH@ @MAGICK_HDRI@'
-       ;;
-     --cflags)
--      PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand
-+      pkg-config --cflags MagickWand
-       ;;
-     --cxxflags)
--      PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand
-+      pkg-config --cflags MagickWand
-       ;;
-     --cppflags)
--      PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand
-+      pkg-config --cflags MagickWand
-       ;;
-     --ldflags)
--      PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --libs MagickWand
-+      pkg-config --libs MagickWand
-       ;;
-     --libs)
--      PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --libs MagickWand
-+      pkg-config --libs MagickWand
-       ;;
-     *)
-       echo "${usage}" 1>&2

ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch

@@ -0,0 +1,28 @@
+diff -Nur ImageMagick-6.9.9-3.orig/wand/MagickWand-config.in ImageMagick-6.9.9-3/wand/MagickWand-config.in
+--- ImageMagick-6.9.9-3.orig/wand/MagickWand-config.in	2017-07-24 06:37:55.000000000 -0700
++++ ImageMagick-6.9.9-3/wand/MagickWand-config.in	2017-07-27 15:17:55.343675457 -0700
+@@ -38,19 +38,19 @@
+       echo '@PACKAGE_VERSION@ Q@QUANTUM_DEPTH@ @MAGICK_HDRI@'
+       ;;
+     --cflags)
+-      @PKG_CONFIG@ --cflags MagickWand
++      pkg-config --cflags MagickWand
+       ;;
+     --cxxflags)
+-      @PKG_CONFIG@ --cflags MagickWand
++      pkg-config --cflags MagickWand
+       ;;
+     --cppflags)
+-      @PKG_CONFIG@ --cflags MagickWand
++      pkg-config --cflags MagickWand
+       ;;
+     --ldflags)
+-      @PKG_CONFIG@ --libs MagickWand
++      pkg-config --libs MagickWand
+       ;;
+     --libs)
+-      @PKG_CONFIG@ --libs MagickWand
++      pkg-config --libs MagickWand
+       ;;
+     *)
+       echo "${usage}" 1>&2

ImageMagick.spec

@@ -1,18 +1,17 @@
-%global VER 6.9.3
-%global Patchlevel 0
+%global VER 6.9.9
+%global Patchlevel 3
 
 Name:		ImageMagick
 Version:		%{VER}.%{Patchlevel}
-Release:		8%{?dist}
+Release:		1%{?dist}
 Summary:		An X application for displaying and manipulating images
 Group:		Applications/Multimedia
 License:		ImageMagick
 Url:			http://www.imagemagick.org/
-Source0:		ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar.xz
+Source0:                https://www.imagemagick.org/download/%{name}-%{VER}-%{Patchlevel}.tar.xz
 
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
 
-BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
 BuildRequires:	libtiff-devel, giflib-devel, zlib-devel, perl-devel >= 5.8.1
 BuildRequires:	perl-generators
@@ -24,7 +23,7 @@ BuildRequires:	fftw-devel, OpenEXR-devel, libwebp-devel
 BuildRequires:	jbigkit-devel
 BuildRequires:	openjpeg2-devel >= 2.1.0
 
-Patch0:		ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch
+Patch0:		ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch
 
 %description
 ImageMagick is an image display and manipulation tool for the X
@@ -175,9 +174,6 @@ cp -a www/source %{buildroot}%{_datadir}/doc/%{name}-%{VER}
 # Delete *ONLY* _libdir/*.la files! .la files used internally to handle plugins - BUG#185237!!!
 rm %{buildroot}%{_libdir}/*.la
 
-# fix weird perl Magick.so permissions
-chmod 755 %{buildroot}%{perl_vendorarch}/auto/Image/Magick/Magick.so
-
 # perlmagick: fix perl path of demo files
 %{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl
 
@@ -249,8 +245,8 @@ make %{?_smp_mflags} check
 
 %files libs
 %doc LICENSE NOTICE AUTHORS.txt QuickStart.txt
-%{_libdir}/libMagickCore-6.Q16.so.2*
-%{_libdir}/libMagickWand-6.Q16.so.2*
+%{_libdir}/libMagickCore-6.Q16.so.5*
+%{_libdir}/libMagickWand-6.Q16.so.5*
 %{_libdir}/%{name}-%{VER}
 %{_datadir}/%{name}-6
 %exclude %{_libdir}/%{name}-%{VER}/modules-Q16/coders/djvu.*
@@ -291,7 +287,7 @@ make %{?_smp_mflags} check
 %files c++
 %doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README
 %doc www/Magick++/COPYING
-%{_libdir}/libMagick++-6.Q16.so.6*
+%{_libdir}/libMagick++-6.Q16.so.8*
 
 %files c++-devel
 %doc Magick++/examples
@@ -310,6 +306,47 @@ make %{?_smp_mflags} check
 %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
 
 %changelog
+* Thu Jul 27 2017 Kevin Fenzi <kevin@scrye.com> - 6.9.9.3-1
+- Update to 6.9.9-3. Fixes bug #1299275
+- Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485
+- Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470
+- Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463
+- Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845
+- Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391
+- Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847
+- Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824
+- Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801
+- Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798
+- Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796
+- Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774
+- Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757
+- Fix CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function - bug #1473717
+- Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835
+- Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121
+- Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669
+- Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253
+- Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584
+- Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898
+- Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444
+- Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446
+- Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445
+- Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510
+- Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442
+- Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478
+- Fix CVE-2016-10071 ImageMagick: Out-of-bounds read in mat.c - bug #1410513
+- Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469
+- Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466
+- Fix CVE-2016-10052 ImageMagick: Out-of-bounds write in exif (jpeg) reader - bug #1410459
+- Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454
+- Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452
+- Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448
+- Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698
+- Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141
+- Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138
+- ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428
+- Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,1378739,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,1378756,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,1378767,1378768,1378772,1378773,1378775,1378776,1378777,1378790
+- Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file  - bug #1354500,1361578
+
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.9.3.0-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 

sources

@@ -1 +1 @@
-87939f4f82d6f24a28d3106a58d523d8  ImageMagick-6.9.3-0.tar.xz
+SHA512 (ImageMagick-6.9.9-3.tar.xz) = df1cad5cd087d18dea233eec52a7b1119d766a551b26b606e3e9b03547db5a3c132980608eccad16dd8415158e449c63bc0baf725995ccc3ddfe254d5008f676