Bug#811024: jessie-pu: package imagemagick/8:6.8.9.9-5

On Thu, Jan 14, 2016 at 10:49 PM, Vincent Fourmond <fourmond@debian.org> wrote:

On Thu, Jan 14, 2016 at 10:44 PM, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
Control: tags -1 + moreinfo

On Thu, 2016-01-14 at 22:33 +0100, Vincent Fourmond wrote:
> The imagemagick maintainers (mostly Bastien) have prepared a new
> version of imagemagick for stable that fixes a series of minor
> security issues that the security team did not deem worthy of an
> upload to stable-security. Can we upload the following package ? Here
> is the changelog:

While I've not checked each fix individually (mostly due to the lack of
Debian bugs referenced), at least these changes:

> - Fix an integer overflow that can lead to a buffer overrun
> in the icon parsing code (LP: #1459747, closes: #806441)
> - Fix an integer overflow that can lead to a double free in
> pict parsing (LP: #1448803, closes: #806441).

claim not to be fixed in unstable according to the BTS metadata, which
is a pre-requisite for fixing them in stable. Please could you clarify
the status of those and the other fixes.

You are unfortunately correct. We have uploaded a fix to experimental, but it may not make its way before a while to unstable, so probably the wisest course is to backport the changes to unstable, and then, I'll get back to you.

I have uploaded a -7 version to unstable that fixes the security problems mentioned above (some of those had been fixed before). I also have updated the changelog to make the changes more easy to track. Essentially, the upload I'm proposing (debdiff to stable attached) makes stable and unstable identical, since there were only security fixes involved (the bulk of the work is happening in experimental, but there are transitions involved, so it's not very fast...). Is that OK for an upload to jpu ?

Regards,

Vincent

diff -Nru imagemagick-6.8.9.9/debian/changelog imagemagick-6.8.9.9/debian/changelog --- imagemagick-6.8.9.9/debian/changelog 2014-12-29 11:53:11.000000000 +0100 +++ imagemagick-6.8.9.9/debian/changelog 2016-01-17 22:24:09.000000000 +0100 @@ -1,3 +1,35 @@ +imagemagick (8:6.8.9.9-5+deb8u1) stable; urgency=medium + + * Fix build on mips by printing progress (Closes: #770009). + * Fix a few security bugs: + - A DOS on specially crafted MIFF file. + - A DOS on specially crafted Vicar file. + - A DOS on specially crafted HDR file. + - A DOs on specially crafted PDB file. + - Fix a Null dereference in coders/png.c (LP: #1492881). + - Fix a double free in coders/tga.c (LP: #1490362). + - Avoid a DOS for RLE file. + - Avoid a bufer overflow by using field limit in sprintf. + - Avoid a stack overflow in fx handling. + - Fixed size of memory allocation in RLE coder + to avoid segfault (LP: #1496649). + - Add extra checks to avoid out of bounds error + when parsing the 8bim profile. (LP: #1496645). + - Fixed memory leak when reading incorrect PSD files (closes: #811308) + http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791 + - Fix PixelColor off by one on i386.(closes: #811308) + https://github.com/ImageMagick/ImageMagick/issues/54 + - Fix out of bounds error in -splice operator. + - Prevent null pointer access in magick/constitute.c (closes: #811308) + https://github.com/ImageMagick/ImageMagick/pull/34 + - Fix another memory leak in string handling. + - Fix an integer overflow that can lead to a buffer overrun + in the icon parsing code (LP: #1459747, closes: #806441) + - Fix an integer overflow that can lead to a double free in + pict parsing (LP: #1448803, closes: #806441). + + -- Bastien Roucariès <roucaries.bastien+debian@gmail.com> Sat, 09 Jan 2016 23:05:59 +0100 + imagemagick (8:6.8.9.9-5) unstable; urgency=high * Fix incorrect fix for xpm security problem. diff -Nru imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch --- imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch 2014-12-29 11:55:33.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0001-Use-svg-instead-of-png-for-generating-class-diagram.patch 2016-01-18 21:33:34.000000000 +0100 @@ -81,6 +81,3 @@ # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch --- imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch 2014-12-29 11:55:33.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0002-Fix-html-documents.patch 2016-01-18 21:33:34.000000000 +0100 @@ -5151,6 +5151,3 @@ \ No newline at end of file + + --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch --- imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch 2014-12-29 11:55:35.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0003-Fix-meta-tag-damage-in-html-documentation.patch 2016-01-18 21:33:34.000000000 +0100 @@ -2289,6 +2289,3 @@ - \ No newline at end of file + --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch --- imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch 2014-12-29 11:55:35.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0004-Fix-remaining-html-error.patch 2016-01-18 21:33:34.000000000 +0100 @@ -161,6 +161,3 @@ </div> </div> --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch --- imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch 2014-12-29 11:55:35.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0005-Avoid-crash-and-DOS-with-special-crafted-jpeg-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -28,6 +28,3 @@ if ((ssize_t) (offset+number_bytes) < offset) continue; /* prevent overflow */ if ((size_t) (offset+number_bytes) > length) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0006-Avoid-an-infinite-loop.patch imagemagick-6.8.9.9/debian/patches/0006-Avoid-an-infinite-loop.patch --- imagemagick-6.8.9.9/debian/patches/0006-Avoid-an-infinite-loop.patch 2014-12-29 11:55:35.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0006-Avoid-an-infinite-loop.patch 2016-01-18 21:33:34.000000000 +0100 @@ -59,6 +59,3 @@ artifact=GetImageArtifact(image,"connected-components:verbose"); if (IsMagickTrue(artifact)) status=ConnectedComponentsStatistics(component_image,(size_t) n,exception); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0007-Quit-earlier-in-case-of-corrupted-pnm-image.patch imagemagick-6.8.9.9/debian/patches/0007-Quit-earlier-in-case-of-corrupted-pnm-image.patch --- imagemagick-6.8.9.9/debian/patches/0007-Quit-earlier-in-case-of-corrupted-pnm-image.patch 2014-12-29 11:55:35.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0007-Quit-earlier-in-case-of-corrupted-pnm-image.patch 2016-01-18 21:33:34.000000000 +0100 @@ -26,6 +26,3 @@ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); for (depth=1; GetQuantumRange(depth) < max_value; depth++) ; image->depth=depth; --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0008-Added-missing-calls-to-RelinquishUniqueFileResource.patch imagemagick-6.8.9.9/debian/patches/0008-Added-missing-calls-to-RelinquishUniqueFileResource.patch --- imagemagick-6.8.9.9/debian/patches/0008-Added-missing-calls-to-RelinquishUniqueFileResource.patch 2014-12-29 11:55:35.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0008-Added-missing-calls-to-RelinquishUniqueFileResource.patch 2016-01-18 21:33:34.000000000 +0100 @@ -170,6 +170,3 @@ ThrowFileException(exception,FileOpenError,"UnableToWriteFile", image->filename); image=DestroyImageList(image); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0009-Fix-a-double-free-in-pdb-coder.patch imagemagick-6.8.9.9/debian/patches/0009-Fix-a-double-free-in-pdb-coder.patch --- imagemagick-6.8.9.9/debian/patches/0009-Fix-a-double-free-in-pdb-coder.patch 2014-12-29 11:55:35.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0009-Fix-a-double-free-in-pdb-coder.patch 2016-01-18 21:33:34.000000000 +0100 @@ -178,6 +178,3 @@ (void) WriteBlobByte(image,0x40); (void) WriteBlobByte(image,0x6f); (void) WriteBlobByte(image,0x80); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0010-Fix-handling-of-corrupted-dpc-and-xwd-image.patch imagemagick-6.8.9.9/debian/patches/0010-Fix-handling-of-corrupted-dpc-and-xwd-image.patch --- imagemagick-6.8.9.9/debian/patches/0010-Fix-handling-of-corrupted-dpc-and-xwd-image.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0010-Fix-handling-of-corrupted-dpc-and-xwd-image.patch 2016-01-18 21:33:34.000000000 +0100 @@ -77,6 +77,3 @@ q++; } if (SyncAuthenticPixels(image,exception) == MagickFalse) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0011-Bail-out-early-in-case-of-malformed-dpx-file.patch imagemagick-6.8.9.9/debian/patches/0011-Bail-out-early-in-case-of-malformed-dpx-file.patch --- imagemagick-6.8.9.9/debian/patches/0011-Bail-out-early-in-case-of-malformed-dpx-file.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0011-Bail-out-early-in-case-of-malformed-dpx-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -54,6 +54,3 @@ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); offset+=2; dpx.image.pixels_per_line=ReadBlobLong(image); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0012-Avoid-SEGV-in-malformed-xwd-file.patch imagemagick-6.8.9.9/debian/patches/0012-Avoid-SEGV-in-malformed-xwd-file.patch --- imagemagick-6.8.9.9/debian/patches/0012-Avoid-SEGV-in-malformed-xwd-file.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0012-Avoid-SEGV-in-malformed-xwd-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -191,6 +191,3 @@ colors[i].red=ScaleQuantumToShort(image->colormap[i].red); colors[i].green=ScaleQuantumToShort(image->colormap[i].green); colors[i].blue=ScaleQuantumToShort(image->colormap[i].blue); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0013-Avoid-a-NULL-dereference-in-ps-handling.patch imagemagick-6.8.9.9/debian/patches/0013-Avoid-a-NULL-dereference-in-ps-handling.patch --- imagemagick-6.8.9.9/debian/patches/0013-Avoid-a-NULL-dereference-in-ps-handling.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0013-Avoid-a-NULL-dereference-in-ps-handling.patch 2016-01-18 21:33:34.000000000 +0100 @@ -35,6 +35,3 @@ continue; } if (LocaleNCompare(BeginXMPPacket,command,strlen(BeginXMPPacket)) == 0) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0014-Avoid-out-of-bound-access-in-xwd-file-handling.patch imagemagick-6.8.9.9/debian/patches/0014-Avoid-out-of-bound-access-in-xwd-file-handling.patch --- imagemagick-6.8.9.9/debian/patches/0014-Avoid-out-of-bound-access-in-xwd-file-handling.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0014-Avoid-out-of-bound-access-in-xwd-file-handling.patch 2016-01-18 21:33:34.000000000 +0100 @@ -34,6 +34,3 @@ q++; } if (SyncAuthenticPixels(image,exception) == MagickFalse) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0015-Fix-a-SEGV-with-corrupted-viff-image.patch imagemagick-6.8.9.9/debian/patches/0015-Fix-a-SEGV-with-corrupted-viff-image.patch --- imagemagick-6.8.9.9/debian/patches/0015-Fix-a-SEGV-with-corrupted-viff-image.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0015-Fix-a-SEGV-with-corrupted-viff-image.patch 2016-01-18 21:33:34.000000000 +0100 @@ -191,6 +191,3 @@ (void) WriteBlobMSBLong(image,(unsigned int) viff_info.y_bits_per_pixel); (void) WriteBlobMSBLong(image,viff_info.location_type); (void) WriteBlobMSBLong(image,viff_info.location_dimension); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0016-Fix-a-null-pointer-dereference-in-wpg-file-handling.patch imagemagick-6.8.9.9/debian/patches/0016-Fix-a-null-pointer-dereference-in-wpg-file-handling.patch --- imagemagick-6.8.9.9/debian/patches/0016-Fix-a-null-pointer-dereference-in-wpg-file-handling.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0016-Fix-a-null-pointer-dereference-in-wpg-file-handling.patch 2016-01-18 21:33:34.000000000 +0100 @@ -141,6 +141,3 @@ /* Allocate next image structure. */ --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0017-Do-not-continue-on-corrupted-wpg-file.patch imagemagick-6.8.9.9/debian/patches/0017-Do-not-continue-on-corrupted-wpg-file.patch --- imagemagick-6.8.9.9/debian/patches/0017-Do-not-continue-on-corrupted-wpg-file.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0017-Do-not-continue-on-corrupted-wpg-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -140,6 +140,3 @@ DuplicateBlob(flip_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flip_image); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0018-Avoid-a-out-of-bound-acess-in-viff-image.patch imagemagick-6.8.9.9/debian/patches/0018-Avoid-a-out-of-bound-acess-in-viff-image.patch --- imagemagick-6.8.9.9/debian/patches/0018-Avoid-a-out-of-bound-acess-in-viff-image.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0018-Avoid-a-out-of-bound-acess-in-viff-image.patch 2016-01-18 21:33:34.000000000 +0100 @@ -77,6 +77,3 @@ p++; q++; } --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0019-Avoid-a-heap-buffer-overflow-in-pdb-file-handling.patch imagemagick-6.8.9.9/debian/patches/0019-Avoid-a-heap-buffer-overflow-in-pdb-file-handling.patch --- imagemagick-6.8.9.9/debian/patches/0019-Avoid-a-heap-buffer-overflow-in-pdb-file-handling.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0019-Avoid-a-heap-buffer-overflow-in-pdb-file-handling.patch 2016-01-18 21:33:34.000000000 +0100 @@ -44,6 +44,3 @@ runlength=(unsigned char *) AcquireQuantumMemory(2UL*packets, sizeof(*runlength)); if (runlength == (unsigned char *) NULL) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0020-Avoid-an-out-of-bound-acess-on-malformed-sun-file.patch imagemagick-6.8.9.9/debian/patches/0020-Avoid-an-out-of-bound-acess-on-malformed-sun-file.patch --- imagemagick-6.8.9.9/debian/patches/0020-Avoid-an-out-of-bound-acess-on-malformed-sun-file.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0020-Avoid-an-out-of-bound-acess-on-malformed-sun-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -107,6 +107,3 @@ p++; } if ((((image->columns/8)+(image->columns % 8 ? 1 : 0)) % 2) != 0) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0021-Avoid-heap-overflow-in-palm-pnm-and-xpm-files.patch imagemagick-6.8.9.9/debian/patches/0021-Avoid-heap-overflow-in-palm-pnm-and-xpm-files.patch --- imagemagick-6.8.9.9/debian/patches/0021-Avoid-heap-overflow-in-palm-pnm-and-xpm-files.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0021-Avoid-heap-overflow-in-palm-pnm-and-xpm-files.patch 2016-01-18 21:33:34.000000000 +0100 @@ -258,6 +258,3 @@ } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0022-Fix-heap-overflow-in-quantum.c-palm-image-handling-a.patch imagemagick-6.8.9.9/debian/patches/0022-Fix-heap-overflow-in-quantum.c-palm-image-handling-a.patch --- imagemagick-6.8.9.9/debian/patches/0022-Fix-heap-overflow-in-quantum.c-palm-image-handling-a.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0022-Fix-heap-overflow-in-quantum.c-palm-image-handling-a.patch 2016-01-18 21:33:34.000000000 +0100 @@ -69,6 +69,3 @@ } /* --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0023-Fix-compile-problem-due-to-previous-patch.patch imagemagick-6.8.9.9/debian/patches/0023-Fix-compile-problem-due-to-previous-patch.patch --- imagemagick-6.8.9.9/debian/patches/0023-Fix-compile-problem-due-to-previous-patch.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0023-Fix-compile-problem-due-to-previous-patch.patch 2016-01-18 21:33:34.000000000 +0100 @@ -22,6 +22,3 @@ *p; p=source; --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0024-Do-not-try-to-read-corrupted-sun-image.patch imagemagick-6.8.9.9/debian/patches/0024-Do-not-try-to-read-corrupted-sun-image.patch --- imagemagick-6.8.9.9/debian/patches/0024-Do-not-try-to-read-corrupted-sun-image.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0024-Do-not-try-to-read-corrupted-sun-image.patch 2016-01-18 21:33:34.000000000 +0100 @@ -64,6 +64,3 @@ for (y=0; y < (ssize_t) image->rows; y++) { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0025-Fix-handling-of-corrupted-of-psd-sun-and-xpm-file.patch imagemagick-6.8.9.9/debian/patches/0025-Fix-handling-of-corrupted-of-psd-sun-and-xpm-file.patch --- imagemagick-6.8.9.9/debian/patches/0025-Fix-handling-of-corrupted-of-psd-sun-and-xpm-file.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0025-Fix-handling-of-corrupted-of-psd-sun-and-xpm-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -165,6 +165,3 @@ <message name="InsufficientImageDataInFile"> Pas assez de données d'image dans le fichier </message> --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0026-Fix-corrupted-too-many-colors-psd-file.patch imagemagick-6.8.9.9/debian/patches/0026-Fix-corrupted-too-many-colors-psd-file.patch --- imagemagick-6.8.9.9/debian/patches/0026-Fix-corrupted-too-many-colors-psd-file.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0026-Fix-corrupted-too-many-colors-psd-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -31,6 +31,3 @@ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); for (i=0; i < (ssize_t) image->colors; i++) image->colormap[i].red=ScaleCharToQuantum((unsigned char) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0027-Fix-out-of-bound-access-in-sun-image-handling.patch imagemagick-6.8.9.9/debian/patches/0027-Fix-out-of-bound-access-in-sun-image-handling.patch --- imagemagick-6.8.9.9/debian/patches/0027-Fix-out-of-bound-access-in-sun-image-handling.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0027-Fix-out-of-bound-access-in-sun-image-handling.patch 2016-01-18 21:33:34.000000000 +0100 @@ -24,6 +24,3 @@ if (((sun_info.type == RT_ENCODED) && (length > (bytes_per_line*image->rows))) || ((sun_info.type != RT_ENCODED) && (length > sun_info.length))) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0028-Fix-ImageMagick-crashes-while-read-EXIF-from-TIFF.patch imagemagick-6.8.9.9/debian/patches/0028-Fix-ImageMagick-crashes-while-read-EXIF-from-TIFF.patch --- imagemagick-6.8.9.9/debian/patches/0028-Fix-ImageMagick-crashes-while-read-EXIF-from-TIFF.patch 2014-12-29 11:55:36.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0028-Fix-ImageMagick-crashes-while-read-EXIF-from-TIFF.patch 2016-01-18 21:33:34.000000000 +0100 @@ -57,6 +57,3 @@ } break; } --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0029-Fix-handling-of-corrupted-sun-and-wpg-file.patch imagemagick-6.8.9.9/debian/patches/0029-Fix-handling-of-corrupted-sun-and-wpg-file.patch --- imagemagick-6.8.9.9/debian/patches/0029-Fix-handling-of-corrupted-sun-and-wpg-file.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0029-Fix-handling-of-corrupted-sun-and-wpg-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -86,6 +86,3 @@ <message name="InsufficientImageDataInFile"> Pas assez de données d'image dans le fichier </message> --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0030-Fix-heap-overflow-in-pcx-file-psd-pict-and-wpf-files.patch imagemagick-6.8.9.9/debian/patches/0030-Fix-heap-overflow-in-pcx-file-psd-pict-and-wpf-files.patch --- imagemagick-6.8.9.9/debian/patches/0030-Fix-heap-overflow-in-pcx-file-psd-pict-and-wpf-files.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0030-Fix-heap-overflow-in-pcx-file-psd-pict-and-wpf-files.patch 2016-01-18 21:33:34.000000000 +0100 @@ -127,6 +127,3 @@ if (next != (char *) NULL) (void) CopyXPMColor(target,q,MagickMin((size_t) (next-q), MaxTextExtent)); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0031-Fix-compile-error-in-previous-fix-of-sun-file.patch imagemagick-6.8.9.9/debian/patches/0031-Fix-compile-error-in-previous-fix-of-sun-file.patch --- imagemagick-6.8.9.9/debian/patches/0031-Fix-compile-error-in-previous-fix-of-sun-file.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0031-Fix-compile-error-in-previous-fix-of-sun-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -29,6 +29,3 @@ if ((sun_info.height != 0) && (sun_info.width != extent/sun_info.height)) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); if ((sun_info.type != RT_STANDARD) && (sun_info.type != RT_ENCODED) && --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0032-Additional-PNM-sanity-checks.patch imagemagick-6.8.9.9/debian/patches/0032-Additional-PNM-sanity-checks.patch --- imagemagick-6.8.9.9/debian/patches/0032-Additional-PNM-sanity-checks.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0032-Additional-PNM-sanity-checks.patch 2016-01-18 21:33:34.000000000 +0100 @@ -49,6 +49,3 @@ value+=c-(int) '0'; c=ReadBlobByte(image); if (c == EOF) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0033-Robustify-xmp-and-pnm-reader.patch imagemagick-6.8.9.9/debian/patches/0033-Robustify-xmp-and-pnm-reader.patch --- imagemagick-6.8.9.9/debian/patches/0033-Robustify-xmp-and-pnm-reader.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0033-Robustify-xmp-and-pnm-reader.patch 2016-01-18 21:33:34.000000000 +0100 @@ -168,6 +168,3 @@ *p++=(unsigned char) value; } /* --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0034-Detect-allocation-error-earlier.patch imagemagick-6.8.9.9/debian/patches/0034-Detect-allocation-error-earlier.patch --- imagemagick-6.8.9.9/debian/patches/0034-Detect-allocation-error-earlier.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0034-Detect-allocation-error-earlier.patch 2016-01-18 21:33:34.000000000 +0100 @@ -25,6 +25,3 @@ ThrowBinaryException(ResourceLimitError,"PixelCacheAllocationFailed", image->filename); cache_info->length=length; --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0035-Avoid-a-crash-in-coders-rle.c.patch imagemagick-6.8.9.9/debian/patches/0035-Avoid-a-crash-in-coders-rle.c.patch --- imagemagick-6.8.9.9/debian/patches/0035-Avoid-a-crash-in-coders-rle.c.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0035-Avoid-a-crash-in-coders-rle.c.patch 2016-01-18 21:33:34.000000000 +0100 @@ -76,6 +76,3 @@ SetPixelAlpha(q,ScaleCharToQuantum(*p++)); q++; } --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0036-Avoid-an-overflow-in-ConstrainColormapIndex.patch imagemagick-6.8.9.9/debian/patches/0036-Avoid-an-overflow-in-ConstrainColormapIndex.patch --- imagemagick-6.8.9.9/debian/patches/0036-Avoid-an-overflow-in-ConstrainColormapIndex.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0036-Avoid-an-overflow-in-ConstrainColormapIndex.patch 2016-01-18 21:33:34.000000000 +0100 @@ -23,6 +23,3 @@ return((IndexPacket) index); (void) ThrowMagickException(&image->exception,GetMagickModule(), CorruptImageError,"InvalidColormapIndex","`%s'",image->filename); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0037-Avoid-an-out-of-bound-access-in-palm-file.patch imagemagick-6.8.9.9/debian/patches/0037-Avoid-an-out-of-bound-access-in-palm-file.patch --- imagemagick-6.8.9.9/debian/patches/0037-Avoid-an-out-of-bound-access-in-palm-file.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0037-Avoid-an-out-of-bound-access-in-palm-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -24,6 +24,3 @@ (const IndexPacket *) NULL,&transpix); (void) TransparentPaintImage(image,&transpix,(Quantum) TransparentOpacity,MagickFalse); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0038-Fix-another-crash-in-pnm-and-xpm-parser.patch imagemagick-6.8.9.9/debian/patches/0038-Fix-another-crash-in-pnm-and-xpm-parser.patch --- imagemagick-6.8.9.9/debian/patches/0038-Fix-another-crash-in-pnm-and-xpm-parser.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0038-Fix-another-crash-in-pnm-and-xpm-parser.patch 2016-01-18 21:33:34.000000000 +0100 @@ -37,6 +37,3 @@ *destination++=(*p++); *destination='\0'; return((size_t) (p-source)); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0039-Fixed-throwing-of-exceptions-in-psd-handling-and-fix.patch imagemagick-6.8.9.9/debian/patches/0039-Fixed-throwing-of-exceptions-in-psd-handling-and-fix.patch --- imagemagick-6.8.9.9/debian/patches/0039-Fixed-throwing-of-exceptions-in-psd-handling-and-fix.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0039-Fixed-throwing-of-exceptions-in-psd-handling-and-fix.patch 2016-01-18 21:33:34.000000000 +0100 @@ -80,6 +80,3 @@ return(image); } /* --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0040-Fixed-boundary-checks-in-DecodePSDPixels.patch imagemagick-6.8.9.9/debian/patches/0040-Fixed-boundary-checks-in-DecodePSDPixels.patch --- imagemagick-6.8.9.9/debian/patches/0040-Fixed-boundary-checks-in-DecodePSDPixels.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0040-Fixed-boundary-checks-in-DecodePSDPixels.patch 2016-01-18 21:33:34.000000000 +0100 @@ -189,6 +189,3 @@ if (compact_pixels == (unsigned char *) NULL) { pixels=(unsigned char *) RelinquishMagickMemory(pixels); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0041-Fix-another-out-of-bound-problem-in-rle-file.patch imagemagick-6.8.9.9/debian/patches/0041-Fix-another-out-of-bound-problem-in-rle-file.patch --- imagemagick-6.8.9.9/debian/patches/0041-Fix-another-out-of-bound-problem-in-rle-file.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0041-Fix-another-out-of-bound-problem-in-rle-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -43,6 +43,3 @@ p++; } } --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0042-Fix-crash-due-to-corrupted-dib-file.patch imagemagick-6.8.9.9/debian/patches/0042-Fix-crash-due-to-corrupted-dib-file.patch --- imagemagick-6.8.9.9/debian/patches/0042-Fix-crash-due-to-corrupted-dib-file.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0042-Fix-crash-due-to-corrupted-dib-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -68,6 +68,3 @@ image->depth=8; if ((dib_info.number_colors != 0) || (dib_info.bits_per_pixel < 16)) { --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0043-Added-checks-to-prevent-overflow-in-rle-file.patch imagemagick-6.8.9.9/debian/patches/0043-Added-checks-to-prevent-overflow-in-rle-file.patch --- imagemagick-6.8.9.9/debian/patches/0043-Added-checks-to-prevent-overflow-in-rle-file.patch 2014-12-29 11:55:37.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0043-Added-checks-to-prevent-overflow-in-rle-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -74,6 +74,3 @@ for (i=0; i < (ssize_t) operand; i++) { if ((y < (ssize_t) image->rows) && --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0044-Impose-a-limit-of-10-million-columns-or-rows-in-an-i.patch imagemagick-6.8.9.9/debian/patches/0044-Impose-a-limit-of-10-million-columns-or-rows-in-an-i.patch --- imagemagick-6.8.9.9/debian/patches/0044-Impose-a-limit-of-10-million-columns-or-rows-in-an-i.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0044-Impose-a-limit-of-10-million-columns-or-rows-in-an-i.patch 2016-01-18 21:33:34.000000000 +0100 @@ -25,6 +25,3 @@ /* Prepare PNG for reading. */ --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0045-Avoid-heap-overflow-in-rle-file.patch imagemagick-6.8.9.9/debian/patches/0045-Avoid-heap-overflow-in-rle-file.patch --- imagemagick-6.8.9.9/debian/patches/0045-Avoid-heap-overflow-in-rle-file.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0045-Avoid-heap-overflow-in-rle-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -22,6 +22,3 @@ if (colormap == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); p=colormap; --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0046-Don-t-try-to-handle-a-previous-image-in-the-JNG-deco.patch imagemagick-6.8.9.9/debian/patches/0046-Don-t-try-to-handle-a-previous-image-in-the-JNG-deco.patch --- imagemagick-6.8.9.9/debian/patches/0046-Don-t-try-to-handle-a-previous-image-in-the-JNG-deco.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0046-Don-t-try-to-handle-a-previous-image-in-the-JNG-deco.patch 2016-01-18 21:33:34.000000000 +0100 @@ -51,6 +51,3 @@ if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "exit ReadJNGImage() with error"); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0047-Avoid-a-memory-leak-in-quantum-management.patch imagemagick-6.8.9.9/debian/patches/0047-Avoid-a-memory-leak-in-quantum-management.patch --- imagemagick-6.8.9.9/debian/patches/0047-Avoid-a-memory-leak-in-quantum-management.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0047-Avoid-a-memory-leak-in-quantum-management.patch 2016-01-18 21:33:34.000000000 +0100 @@ -55,6 +55,3 @@ (void) ResetMagickMemory(quantum_info->pixels[i],0,(extent+1)* sizeof(**quantum_info->pixels)); quantum_info->pixels[i][extent]=QuantumSignature; --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0048-Avoid-a-crash-in-png-coder.patch imagemagick-6.8.9.9/debian/patches/0048-Avoid-a-crash-in-png-coder.patch --- imagemagick-6.8.9.9/debian/patches/0048-Avoid-a-crash-in-png-coder.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0048-Avoid-a-crash-in-png-coder.patch 2016-01-18 21:33:34.000000000 +0100 @@ -65,6 +65,3 @@ } else /* image->storage_class != DirectClass */ --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0049-Avoid-heap-overflow.patch imagemagick-6.8.9.9/debian/patches/0049-Avoid-heap-overflow.patch --- imagemagick-6.8.9.9/debian/patches/0049-Avoid-heap-overflow.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0049-Avoid-heap-overflow.patch 2016-01-18 21:33:34.000000000 +0100 @@ -101,6 +101,3 @@ status=SetQuantumDepth(image,quantum_info,image->depth); quantum_info->endian=image->endian; if (status == MagickFalse) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0050-Thread-limit-should-be-at-least-1.patch imagemagick-6.8.9.9/debian/patches/0050-Thread-limit-should-be-at-least-1.patch --- imagemagick-6.8.9.9/debian/patches/0050-Thread-limit-should-be-at-least-1.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0050-Thread-limit-should-be-at-least-1.patch 2016-01-18 21:33:34.000000000 +0100 @@ -24,6 +24,3 @@ break; } case TimeResource: --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0051-Fixed-parsing-resource-block.patch imagemagick-6.8.9.9/debian/patches/0051-Fixed-parsing-resource-block.patch --- imagemagick-6.8.9.9/debian/patches/0051-Fixed-parsing-resource-block.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0051-Fixed-parsing-resource-block.patch 2016-01-18 21:33:34.000000000 +0100 @@ -72,6 +72,3 @@ blocks=(unsigned char *) RelinquishMagickMemory(blocks); } /* --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0052-Fixed-usage-of-object-after-it-has-been-destroyed-an.patch imagemagick-6.8.9.9/debian/patches/0052-Fixed-usage-of-object-after-it-has-been-destroyed-an.patch --- imagemagick-6.8.9.9/debian/patches/0052-Fixed-usage-of-object-after-it-has-been-destroyed-an.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0052-Fixed-usage-of-object-after-it-has-been-destroyed-an.patch 2016-01-18 21:33:34.000000000 +0100 @@ -57,6 +57,3 @@ break; } default: --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0053-Create-IsValidColormapIndex-function.patch imagemagick-6.8.9.9/debian/patches/0053-Create-IsValidColormapIndex-function.patch --- imagemagick-6.8.9.9/debian/patches/0053-Create-IsValidColormapIndex-function.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0053-Create-IsValidColormapIndex-function.patch 2016-01-18 21:33:34.000000000 +0100 @@ -36,6 +36,3 @@ #if defined(__cplusplus) || defined(c_plusplus) } #endif --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0054-Replaced-calls-to-ConstrainColormapIndex-with-IsVali.patch imagemagick-6.8.9.9/debian/patches/0054-Replaced-calls-to-ConstrainColormapIndex-with-IsVali.patch --- imagemagick-6.8.9.9/debian/patches/0054-Replaced-calls-to-ConstrainColormapIndex-with-IsVali.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0054-Replaced-calls-to-ConstrainColormapIndex-with-IsVali.patch 2016-01-18 21:33:34.000000000 +0100 @@ -101,6 +101,3 @@ if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0055-During-identification-of-image-do-not-fill-memory.patch imagemagick-6.8.9.9/debian/patches/0055-During-identification-of-image-do-not-fill-memory.patch --- imagemagick-6.8.9.9/debian/patches/0055-During-identification-of-image-do-not-fill-memory.patch 2014-12-29 11:55:38.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0055-During-identification-of-image-do-not-fill-memory.patch 2016-01-18 21:33:34.000000000 +0100 @@ -25,6 +25,3 @@ TIFFGetProperties(tiff,image); option=GetImageOption(image_info,"tiff:exif-properties"); if ((option == (const char *) NULL) || --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0056-Fix-correctly-the-xpm-crash-problem.patch imagemagick-6.8.9.9/debian/patches/0056-Fix-correctly-the-xpm-crash-problem.patch --- imagemagick-6.8.9.9/debian/patches/0056-Fix-correctly-the-xpm-crash-problem.patch 2014-12-29 11:55:39.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0056-Fix-correctly-the-xpm-crash-problem.patch 2016-01-18 21:33:34.000000000 +0100 @@ -57,6 +57,3 @@ j=(ssize_t) GetValueFromSplayTree(xpm_colors,key); if (image->storage_class == PseudoClass) SetPixelIndex(indexes+x,j); --- -2.1.4 - diff -Nru imagemagick-6.8.9.9/debian/patches/0057-Fix-a-miff-security-bug.patch imagemagick-6.8.9.9/debian/patches/0057-Fix-a-miff-security-bug.patch --- imagemagick-6.8.9.9/debian/patches/0057-Fix-a-miff-security-bug.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0057-Fix-a-miff-security-bug.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,69 @@ +From 75657e1145de7d6904fd67f4f235bbeec652ad3b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com> +Date: Fri, 31 Jul 2015 19:08:37 +0200 +Subject: [PATCH] Fix a miff security bug + +Specially crafted MIFF file could lead to DOS by using excessive CPU. + +Fix TEMP-0000000-FDAC72 + +origin: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931 +git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17854 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74 +--- + coders/miff.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/coders/miff.c b/coders/miff.c +index a55879a..958ab46 100644 +--- a/coders/miff.c ++++ b/coders/miff.c +@@ -1405,6 +1405,9 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, + bzip_info.avail_out=(unsigned int) (packet_size*image->columns); + do + { ++ int ++ code; ++ + if (bzip_info.avail_in == 0) + { + bzip_info.next_in=(char *) compress_pixels; +@@ -1414,7 +1417,13 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, + bzip_info.avail_in=(unsigned int) ReadBlob(image,length, + (unsigned char *) bzip_info.next_in); + } +- if (BZ2_bzDecompress(&bzip_info) == BZ_STREAM_END) ++ code=BZ2_bzDecompress(&bzip_info); ++ if (code < 0) ++ { ++ status=MagickFalse; ++ break; ++ } ++ if (code == BZ_STREAM_END) + break; + } while (bzip_info.avail_out != 0); + (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, +@@ -1461,6 +1470,9 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, + zip_info.avail_out=(uInt) (packet_size*image->columns); + do + { ++ int ++ code; ++ + if (zip_info.avail_in == 0) + { + zip_info.next_in=compress_pixels; +@@ -1470,7 +1482,13 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, + zip_info.avail_in=(unsigned int) ReadBlob(image,length, + zip_info.next_in); + } +- if (inflate(&zip_info,Z_SYNC_FLUSH) == Z_STREAM_END) ++ code=inflate(&zip_info,Z_SYNC_FLUSH); ++ if (code < 0) ++ { ++ status=MagickFalse; ++ break; ++ } ++ if (code == Z_STREAM_END) + break; + } while (zip_info.avail_out != 0); + (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, diff -Nru imagemagick-6.8.9.9/debian/patches/0058-Fix-a-DOS-in-viccar-file-handling.patch imagemagick-6.8.9.9/debian/patches/0058-Fix-a-DOS-in-viccar-file-handling.patch --- imagemagick-6.8.9.9/debian/patches/0058-Fix-a-DOS-in-viccar-file-handling.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0058-Fix-a-DOS-in-viccar-file-handling.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,26 @@ +From aa2bed6c629866065a6e4ad47563e6152cc4bd41 Mon Sep 17 00:00:00 2001 +From: cristy <cristy@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74> +Date: Sun, 25 Jan 2015 17:31:57 +0000 +Subject: [PATCH] Fix a DOS in viccar file handling + +The current code does not check for EOF condition leading to infinite loop + +origin: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933 +git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17856 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74 +--- + coders/vicar.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/vicar.c b/coders/vicar.c +index 78b4732..9a148a0 100644 +--- a/coders/vicar.c ++++ b/coders/vicar.c +@@ -275,6 +275,8 @@ static Image *ReadVICARImage(const ImageInfo *image_info, + while (count < (ssize_t) length) + { + c=ReadBlobByte(image); ++ if (c == EOF) ++ break; + count++; + } + if ((image->columns == 0) || (image->rows == 0)) diff -Nru imagemagick-6.8.9.9/debian/patches/0059-Fix-a-DOS-in-HDR-file.patch imagemagick-6.8.9.9/debian/patches/0059-Fix-a-DOS-in-HDR-file.patch --- imagemagick-6.8.9.9/debian/patches/0059-Fix-a-DOS-in-HDR-file.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0059-Fix-a-DOS-in-HDR-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,74 @@ +From 36132fa46fc18445f48a36be50473921d1aa7f93 Mon Sep 17 00:00:00 2001 +From: dirk <dirk@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74> +Date: Sun, 25 Jan 2015 07:32:56 +0000 +Subject: [PATCH] Fix a DOS in HDR file + +Fixed infinite loop and added checks for the sscanf result. + +git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17846 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74 +origin: http://trac.imagemagick.org/changeset/17846 +--- + coders/hdr.c | 36 ++++++++++++++++++++---------------- + 1 file changed, 20 insertions(+), 16 deletions(-) + +diff --git a/coders/hdr.c b/coders/hdr.c +index 393dc89..5c3414f 100644 +--- a/coders/hdr.c ++++ b/coders/hdr.c +@@ -274,7 +274,7 @@ static Image *ReadHDRImage(const ImageInfo *image_info,ExceptionInfo *exception) + if (value_expected == MagickFalse) + continue; + p=value; +- while ((c != '\n') && (c != '\0')) ++ while ((c != '\n') && (c != '\0') && (c != EOF)) + { + if ((size_t) (p-value) < (MaxTextExtent-1)) + *p++=c; +@@ -319,18 +319,20 @@ static Image *ReadHDRImage(const ImageInfo *image_info,ExceptionInfo *exception) + chromaticity[6], + white_point[2]; + +- (void) sscanf(value,"%g %g %g %g %g %g %g %g", +- &chromaticity[0],&chromaticity[1],&chromaticity[2], +- &chromaticity[3],&chromaticity[4],&chromaticity[5], +- &white_point[0],&white_point[1]); +- image->chromaticity.red_primary.x=chromaticity[0]; +- image->chromaticity.red_primary.y=chromaticity[1]; +- image->chromaticity.green_primary.x=chromaticity[2]; +- image->chromaticity.green_primary.y=chromaticity[3]; +- image->chromaticity.blue_primary.x=chromaticity[4]; +- image->chromaticity.blue_primary.y=chromaticity[5]; +- image->chromaticity.white_point.x=white_point[0], +- image->chromaticity.white_point.y=white_point[1]; ++ if (sscanf(value,"%g %g %g %g %g %g %g %g",&chromaticity[0], ++ &chromaticity[1],&chromaticity[2],&chromaticity[3], ++ &chromaticity[4],&chromaticity[5],&white_point[0], ++ &white_point[1]) == 8) ++ { ++ image->chromaticity.red_primary.x=chromaticity[0]; ++ image->chromaticity.red_primary.y=chromaticity[1]; ++ image->chromaticity.green_primary.x=chromaticity[2]; ++ image->chromaticity.green_primary.y=chromaticity[3]; ++ image->chromaticity.blue_primary.x=chromaticity[4]; ++ image->chromaticity.blue_primary.y=chromaticity[5]; ++ image->chromaticity.white_point.x=white_point[0], ++ image->chromaticity.white_point.y=white_point[1]; ++ } + break; + } + (void) FormatLocaleString(tag,MaxTextExtent,"hdr:%s",keyword); +@@ -346,9 +348,11 @@ static Image *ReadHDRImage(const ImageInfo *image_info,ExceptionInfo *exception) + height, + width; + +- (void) sscanf(value,"%d +X %d",&height,&width); +- image->columns=(size_t) width; +- image->rows=(size_t) height; ++ if (sscanf(value,"%d +X %d",&height,&width) == 2) ++ { ++ image->columns=(size_t) width; ++ image->rows=(size_t) height; ++ } + break; + } + (void) FormatLocaleString(tag,MaxTextExtent,"hdr:%s",keyword); diff -Nru imagemagick-6.8.9.9/debian/patches/0060-Fix-a-DOS-in-PDB-file-handling.patch imagemagick-6.8.9.9/debian/patches/0060-Fix-a-DOS-in-PDB-file-handling.patch --- imagemagick-6.8.9.9/debian/patches/0060-Fix-a-DOS-in-PDB-file-handling.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0060-Fix-a-DOS-in-PDB-file-handling.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,36 @@ +From 13fe49da6e584b8ae8a06095b2d1db0af5a81b13 Mon Sep 17 00:00:00 2001 +From: cristy <cristy@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74> +Date: Sun, 25 Jan 2015 17:29:48 +0000 +Subject: [PATCH] Fix a DOS in PDB file handling + +Avoid an infinite loop by checking EOF. + +http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932 + +origin: http://trac.imagemagick.org/changeset/17855 +git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17855 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74 +--- + coders/pdb.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/coders/pdb.c b/coders/pdb.c +index af6bfec..914d4c3 100644 +--- a/coders/pdb.c ++++ b/coders/pdb.c +@@ -370,7 +370,15 @@ static Image *ReadPDBImage(const ImageInfo *image_info,ExceptionInfo *exception) + ThrowReaderException(CorruptImageError,"CorruptImage"); + } + num_pad_bytes = (size_t) (img_offset - TellBlob( image )); +- while (num_pad_bytes--) ReadBlobByte( image ); ++ while (num_pad_bytes-- != 0) ++ { ++ int ++ c; ++ ++ c=ReadBlobByte(image); ++ if (c == EOF) ++ break; ++ } + /* + Read image header. + */ diff -Nru imagemagick-6.8.9.9/debian/patches/0061-Avoid-using-NULL-alpha_image-in-the-JNG-decoder.patch imagemagick-6.8.9.9/debian/patches/0061-Avoid-using-NULL-alpha_image-in-the-JNG-decoder.patch --- imagemagick-6.8.9.9/debian/patches/0061-Avoid-using-NULL-alpha_image-in-the-JNG-decoder.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0061-Avoid-using-NULL-alpha_image-in-the-JNG-decoder.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,67 @@ +From c987f85c86ac553d832b08e3f21dfbb166c4ee7d Mon Sep 17 00:00:00 2001 +From: glennrp <glennrp@git.imagemagick.org> +Date: Thu, 9 Apr 2015 16:51:44 +0000 +Subject: [PATCH] Avoid using NULL alpha_image in the JNG decoder. + +Avoid a NULL pointer dereference + +Applied-upstream: 6.9.1.2 +--- + coders/png.c | 16 ++++++---------- + 1 file changed, 6 insertions(+), 10 deletions(-) + +diff --git a/coders/png.c b/coders/png.c +index ed6d613..c8c4568 100644 +--- a/coders/png.c ++++ b/coders/png.c +@@ -4367,7 +4367,7 @@ static Image *ReadOneJNGImage(MngInfo *mng_info, + + /* Copy IDAT header and chunk data to alpha_image->blob */ + +- if (image_info->ping == MagickFalse) ++ if (alpha_image != NULL && image_info->ping == MagickFalse) + { + if (logging != MagickFalse) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -4392,7 +4392,7 @@ static Image *ReadOneJNGImage(MngInfo *mng_info, + { + /* Copy chunk data to alpha_image->blob */ + +- if (image_info->ping == MagickFalse) ++ if (alpha_image != NULL && image_info->ping == MagickFalse) + { + if (logging != MagickFalse) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -4826,8 +4826,7 @@ static Image *ReadMNGImage(const ImageInfo *image_info,ExceptionInfo *exception) + page_geometry[MaxTextExtent]; + + Image +- *image, +- *previous; ++ *image; + + MagickBooleanType + logging, +@@ -6291,7 +6290,6 @@ static Image *ReadMNGImage(const ImageInfo *image_info,ExceptionInfo *exception) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + } + +- previous=image; + mng_info->image=image; + mng_info->mng_type=mng_type; + mng_info->object_id=object_id; +@@ -6306,11 +6304,9 @@ static Image *ReadMNGImage(const ImageInfo *image_info,ExceptionInfo *exception) + + if (image == (Image *) NULL) + { +- if (IsImageObject(previous) != MagickFalse) +- { +- (void) DestroyImageList(previous); +- (void) CloseBlob(previous); +- } ++ if (logging != MagickFalse) ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "exit ReadJNGImage() with error"); + + MngInfoFreeStruct(mng_info,&have_mng_structure); + return((Image *) NULL); diff -Nru imagemagick-6.8.9.9/debian/patches/0062-Jpeg-images-no-longer-have-pixels-per-inch-as-a-defa.patch imagemagick-6.8.9.9/debian/patches/0062-Jpeg-images-no-longer-have-pixels-per-inch-as-a-defa.patch --- imagemagick-6.8.9.9/debian/patches/0062-Jpeg-images-no-longer-have-pixels-per-inch-as-a-defa.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0062-Jpeg-images-no-longer-have-pixels-per-inch-as-a-defa.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,32 @@ +From 1697553b33407927669f173dfd8c815cf0f113e1 Mon Sep 17 00:00:00 2001 +From: dirk <dirk@git.imagemagick.org> +Date: Mon, 11 May 2015 11:02:38 +0000 +Subject: [PATCH] Jpeg images no longer have pixels per inch as a default value + for density units when the density is not set. + +Debian-bug: https://bugs.debian.org/763799 +Applied-upstream: 6.9.1.3 +--- + coders/jpeg.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/coders/jpeg.c b/coders/jpeg.c +index 2263eaf..d1310f6 100644 +--- a/coders/jpeg.c ++++ b/coders/jpeg.c +@@ -2155,7 +2155,6 @@ static MagickBooleanType WriteJPEGImage(const ImageInfo *image_info, + jpeg_info.data_precision=8; + else + jpeg_info.data_precision=BITS_IN_JSAMPLE; +- jpeg_info.density_unit=1; + if (image->debug != MagickFalse) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "Image resolution: %.20g,%.20g",floor(image->x_resolution+0.5), +@@ -2171,7 +2170,6 @@ static MagickBooleanType WriteJPEGImage(const ImageInfo *image_info, + /* + Set image resolution units. + */ +- jpeg_info.density_unit=(UINT8) 0; + if (image->units == PixelsPerInchResolution) + jpeg_info.density_unit=(UINT8) 1; + if (image->units == PixelsPerCentimeterResolution) diff -Nru imagemagick-6.8.9.9/debian/patches/0063-Add-an-additional-check-for-end-of-file-for-the-RLE-.patch imagemagick-6.8.9.9/debian/patches/0063-Add-an-additional-check-for-end-of-file-for-the-RLE-.patch --- imagemagick-6.8.9.9/debian/patches/0063-Add-an-additional-check-for-end-of-file-for-the-RLE-.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0063-Add-an-additional-check-for-end-of-file-for-the-RLE-.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,48 @@ +From 0c7c348630121b7ed156bc6542e4f165bbe1a0be Mon Sep 17 00:00:00 2001 +From: cristy <urban-warrior@git.imagemagick.org> +Date: Thu, 18 Jun 2015 23:36:26 +0000 +Subject: [PATCH] Add an additional check for end-of-file for the RLE coder + +Bug: http://www.imagemagick.org/discourse-server/viewforum.php?f=3 +Applied-upstream: 6.9.1.6 +--- + coders/rle.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/coders/rle.c b/coders/rle.c +index 74f4968..84b0ccc 100644 +--- a/coders/rle.c ++++ b/coders/rle.c +@@ -227,8 +227,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception) + /* + Read image header. + */ +- (void) ReadBlobLSBShort(image); +- (void) ReadBlobLSBShort(image); ++ image->page.x=ReadBlobLSBShort(image); ++ image->page.y=ReadBlobLSBShort(image); + image->columns=ReadBlobLSBShort(image); + image->rows=ReadBlobLSBShort(image); + flags=(MagickStatusType) ReadBlobByte(image); +@@ -237,7 +237,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception) + bits_per_pixel=1UL*ReadBlobByte(image); + number_colormaps=1UL*ReadBlobByte(image); + map_length=(unsigned char) ReadBlobByte(image); +- if (map_length >= 64) ++ if (map_length >= 32) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + one=1; + map_length=one << map_length; +@@ -264,6 +264,12 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception) + } + if ((number_planes & 0x01) == 0) + (void) ReadBlobByte(image); ++ if (EOFBlob(image) != MagickFalse) ++ { ++ ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", ++ image->filename); ++ break; ++ } + colormap=(unsigned char *) NULL; + if (number_colormaps != 0) + { diff -Nru imagemagick-6.8.9.9/debian/patches/0064-Fix-a-double-free-in-tga-file.patch imagemagick-6.8.9.9/debian/patches/0064-Fix-a-double-free-in-tga-file.patch --- imagemagick-6.8.9.9/debian/patches/0064-Fix-a-double-free-in-tga-file.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0064-Fix-a-double-free-in-tga-file.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,23 @@ +From fb898d9633396f8e39a97e318ae5cf63de422477 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Mon, 31 Aug 2015 16:19:40 -0400 +Subject: [PATCH] Fix a double free in tga file + +Bug-ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362 +--- + coders/tga.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/tga.c b/coders/tga.c +index a527f32..5eec5fe 100644 +--- a/coders/tga.c ++++ b/coders/tga.c +@@ -314,6 +314,8 @@ static Image *ReadTGAImage(const ImageInfo *image_info, + /* + Read TGA raster colormap. + */ ++ if (image->colors < tga_info.colormap_index) ++ image->colors=tga_info.colormap_index; + if (AcquireImageColormap(image,image->colors) == MagickFalse) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + for (i=0; i < (ssize_t) image->colors; i++) diff -Nru imagemagick-6.8.9.9/debian/patches/0065-Add-field-width-to-sscanf-to-prevent-buffer-overflow.patch imagemagick-6.8.9.9/debian/patches/0065-Add-field-width-to-sscanf-to-prevent-buffer-overflow.patch --- imagemagick-6.8.9.9/debian/patches/0065-Add-field-width-to-sscanf-to-prevent-buffer-overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0065-Add-field-width-to-sscanf-to-prevent-buffer-overflow.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,76 @@ +From 15e201fdc2a42c826480b888014794d372d2f1f7 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 5 Sep 2015 08:12:48 -0400 +Subject: [PATCH] Add field width to sscanf() to prevent buffer overflow + +Applied-upstream: 6.9.2.1 +--- + coders/gradient.c | 2 +- + coders/xbm.c | 10 +++++----- + magick/property.c | 4 ++-- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/coders/gradient.c b/coders/gradient.c +index c41b71c..84d93bc 100644 +--- a/coders/gradient.c ++++ b/coders/gradient.c +@@ -95,7 +95,7 @@ static Image *ReadGRADIENTImage(const ImageInfo *image_info, + ExceptionInfo *exception) + { + char +- colorname[MaxTextExtent]; ++ colorname[MaxTextExtent+4]; + + Image + *image; +diff --git a/coders/xbm.c b/coders/xbm.c +index d8045fc..7ce7b6a 100644 +--- a/coders/xbm.c ++++ b/coders/xbm.c +@@ -234,12 +234,12 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + width=0; + height=0; + while (ReadBlobString(image,buffer) != (char *) NULL) +- if (sscanf(buffer,"#define %s %u",name,&width) == 2) ++ if (sscanf(buffer,"#define %32s %u",name,&width) == 2) + if ((strlen(name) >= 6) && + (LocaleCompare(name+strlen(name)-6,"_width") == 0)) + break; + while (ReadBlobString(image,buffer) != (char *) NULL) +- if (sscanf(buffer,"#define %s %u",name,&height) == 2) ++ if (sscanf(buffer,"#define %32s %u",name,&height) == 2) + if ((strlen(name) >= 7) && + (LocaleCompare(name+strlen(name)-7,"_height") == 0)) + break; +@@ -254,13 +254,13 @@ static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) + version=11; + while (ReadBlobString(image,buffer) != (char *) NULL) + { +- if (sscanf(buffer,"static short %s = {",name) == 1) ++ if (sscanf(buffer,"static short %32s = {",name) == 1) + version=10; + else +- if (sscanf(buffer,"static unsigned char %s = {",name) == 1) ++ if (sscanf(buffer,"static unsigned char %32s = {",name) == 1) + version=11; + else +- if (sscanf(buffer,"static char %s = {",name) == 1) ++ if (sscanf(buffer,"static char %32s = {",name) == 1) + version=11; + else + continue; +diff --git a/magick/property.c b/magick/property.c +index c9c81d4..545cb6f 100644 +--- a/magick/property.c ++++ b/magick/property.c +@@ -580,8 +580,8 @@ static MagickBooleanType Get8BIMProperty(const Image *image,const char *key) + profile=GetImageProfile(image,"8bim"); + if (profile == (StringInfo *) NULL) + return(MagickFalse); +- count=(ssize_t) sscanf(key,"8BIM:%ld,%ld:%[^\n]\n%[^\n]",&start,&stop,name, +- format); ++ count=(ssize_t) sscanf(key,"8BIM:%ld,%ld:%1024[^\n]\n%1024[^\n]",&start,&stop, ++ name,format); + if ((count != 2) && (count != 3) && (count != 4)) + return(MagickFalse); + if (count < 4) diff -Nru imagemagick-6.8.9.9/debian/patches/0066-Limit-fx-recursive-to-avoid-stack-overflow.patch imagemagick-6.8.9.9/debian/patches/0066-Limit-fx-recursive-to-avoid-stack-overflow.patch --- imagemagick-6.8.9.9/debian/patches/0066-Limit-fx-recursive-to-avoid-stack-overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0066-Limit-fx-recursive-to-avoid-stack-overflow.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,803 @@ +From f8f5654938b2f90c6a3955ff79cc495e5ff44047 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 15 Aug 2015 12:44:09 -0400 +Subject: [PATCH] Limit -fx recursive to avoid stack overflow + +Applied-upstream: 6.9.2.1 +--- + magick/color.c | 4 - + magick/fx.c | 309 +++++++++++++++++++++++++++++++++------------------------ + 2 files changed, 178 insertions(+), 135 deletions(-) + +diff --git a/magick/color.c b/magick/color.c +index aa89f59..db9d039 100644 +--- a/magick/color.c ++++ b/magick/color.c +@@ -2778,10 +2778,6 @@ MagickExport MagickBooleanType QueryMagickColorCompliance(const char *name, + PixelPacket + pixel; + +- scale=1.0/360.0; +- if ((flags & PercentValue) != 0) +- scale=1.0/100.0; +- geometry_info.rho*=360.0*scale; + scale=1.0/255.0; + if ((flags & PercentValue) != 0) + scale=1.0/100.0; +diff --git a/magick/fx.c b/magick/fx.c +index 2e9299c..89847a2 100644 +--- a/magick/fx.c ++++ b/magick/fx.c +@@ -1256,7 +1256,7 @@ static double FxChannelStatistics(FxInfo *fx_info,const Image *image, + + static double + FxEvaluateSubexpression(FxInfo *,const ChannelType,const ssize_t, +- const ssize_t,const char *,double *,ExceptionInfo *); ++ const ssize_t,const char *,size_t *,double *,ExceptionInfo *); + + static MagickOffsetType FxGCD(MagickOffsetType alpha,MagickOffsetType beta) + { +@@ -1325,10 +1325,12 @@ static double FxGetSymbol(FxInfo *fx_info,const ChannelType channel, + length; + + size_t ++ depth, + level; + + p=expression; + i=GetImageIndexInList(fx_info->images); ++ depth=0; + level=0; + point.x=(double) x; + point.y=(double) y; +@@ -1367,7 +1369,7 @@ static double FxGetSymbol(FxInfo *fx_info,const ChannelType channel, + } + *q='\0'; + alpha=FxEvaluateSubexpression(fx_info,channel,x,y,subexpression, +- &beta,exception); ++ &depth,&beta,exception); + i=(ssize_t) (alpha+0.5); + p++; + } +@@ -1396,7 +1398,7 @@ static double FxGetSymbol(FxInfo *fx_info,const ChannelType channel, + } + *q='\0'; + alpha=FxEvaluateSubexpression(fx_info,channel,x,y,subexpression, +- &beta,exception); ++ &depth,&beta,exception); + point.x=alpha; + point.y=beta; + p++; +@@ -1421,7 +1423,7 @@ static double FxGetSymbol(FxInfo *fx_info,const ChannelType channel, + } + *q='\0'; + alpha=FxEvaluateSubexpression(fx_info,channel,x,y,subexpression, +- &beta,exception); ++ &depth,&beta,exception); + point.x+=alpha; + point.y+=beta; + p++; +@@ -2118,9 +2120,11 @@ static const char *FxOperatorPrecedence(const char *expression, + } + + static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, +- const ssize_t x,const ssize_t y,const char *expression,double *beta, +- ExceptionInfo *exception) ++ const ssize_t x,const ssize_t y,const char *expression,size_t *depth, ++ double *beta,ExceptionInfo *exception) + { ++#define FxMaxParenthesisDepth 58 ++ + char + *q, + subexpression[MaxTextExtent]; +@@ -2145,36 +2149,40 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + (void) CopyMagickString(subexpression,expression,(size_t) + (p-expression+1)); +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,subexpression,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,subexpression,depth, ++ beta,exception); + switch ((unsigned char) *p) + { + case '~': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + *beta=(double) (~(size_t) *beta); + return(*beta); + } + case '!': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(*beta == 0.0 ? 1.0 : 0.0); + } + case '^': + { + *beta=pow((double) alpha,(double) FxEvaluateSubexpression(fx_info, +- channel,x,y,++p,beta,exception)); ++ channel,x,y,++p,depth,beta,exception)); + return(*beta); + } + case '*': + case ExponentialNotation: + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha*(*beta)); + } + case '/': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + if (*beta == 0.0) + { + (void) ThrowMagickException(exception,GetMagickModule(), +@@ -2185,7 +2193,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + } + case '%': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + *beta=fabs(floor(((double) *beta)+0.5)); + if (*beta == 0.0) + { +@@ -2197,78 +2206,104 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + } + case '+': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha+(*beta)); + } + case '-': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha-(*beta)); + } + case LeftShiftOperator: + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + *beta=(double) ((size_t) (alpha+0.5) << (size_t) (gamma+0.5)); + return(*beta); + } + case RightShiftOperator: + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + *beta=(double) ((size_t) (alpha+0.5) >> (size_t) (gamma+0.5)); + return(*beta); + } + case '<': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha < *beta ? 1.0 : 0.0); + } + case LessThanEqualOperator: + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha <= *beta ? 1.0 : 0.0); + } + case '>': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha > *beta ? 1.0 : 0.0); + } + case GreaterThanEqualOperator: + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha >= *beta ? 1.0 : 0.0); + } + case EqualOperator: + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(fabs(alpha-(*beta)) < MagickEpsilon ? 1.0 : 0.0); + } + case NotEqualOperator: + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(fabs(alpha-(*beta)) >= MagickEpsilon ? 1.0 : 0.0); + } + case '&': + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + *beta=(double) ((size_t) (alpha+0.5) & (size_t) (gamma+0.5)); + return(*beta); + } + case '|': + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + *beta=(double) ((size_t) (alpha+0.5) | (size_t) (gamma+0.5)); + return(*beta); + } + case LogicalAndOperator: + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); +- *beta=(alpha > 0.0) && (gamma > 0.0) ? 1.0 : 0.0; ++ p++; ++ if (alpha <= 0.0) ++ { ++ *beta=0.0; ++ return(*beta); ++ } ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,p,depth,beta, ++ exception); ++ *beta=(gamma > 0.0) ? 1.0 : 0.0; + return(*beta); + } + case LogicalOrOperator: + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); +- *beta=(alpha > 0.0) || (gamma > 0.0) ? 1.0 : 0.0; ++ p++; ++ if (alpha > 0.0) ++ { ++ *beta=1.0; ++ return(*beta); ++ } ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,p,depth,beta, ++ exception); ++ *beta=(gamma > 0.0) ? 1.0 : 0.0; + return(*beta); + } + case '?': +@@ -2286,9 +2321,11 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(0.0); + } + if (fabs((double) alpha) >= MagickEpsilon) +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,p,beta,exception); ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,p,depth,beta, ++ exception); + else +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,q,beta,exception); ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,q,depth,beta, ++ exception); + return(gamma); + } + case '=': +@@ -2306,7 +2343,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(0.0); + } + ClearMagickException(exception); +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + (void) FormatLocaleString(numeric,MaxTextExtent,"%g",(double) + *beta); + (void) DeleteNodeFromSplayTree(fx_info->symbols,subexpression); +@@ -2316,17 +2354,19 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + } + case ',': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(alpha); + } + case ';': + { +- *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,beta,exception); ++ *beta=FxEvaluateSubexpression(fx_info,channel,x,y,++p,depth,beta, ++ exception); + return(*beta); + } + default: + { +- gamma=alpha*FxEvaluateSubexpression(fx_info,channel,x,y,p,beta, ++ gamma=alpha*FxEvaluateSubexpression(fx_info,channel,x,y,p,depth,beta, + exception); + return(gamma); + } +@@ -2334,29 +2374,34 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + } + if (strchr("(",(int) *expression) != (char *) NULL) + { ++ (*depth)++; ++ if (*depth >= FxMaxParenthesisDepth) ++ (void) ThrowMagickException(exception,GetMagickModule(),OptionError, ++ "ParenthesisNestedTooDeeply","`%s'",expression); + (void) CopyMagickString(subexpression,expression+1,MaxTextExtent); + subexpression[strlen(subexpression)-1]='\0'; +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,subexpression,beta, +- exception); ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,subexpression,depth, ++ beta,exception); ++ (*depth)--; + return(gamma); + } + switch (*expression) + { + case '+': + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,expression+1,beta, ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,expression+1,depth,beta, + exception); + return(1.0*gamma); + } + case '-': + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,expression+1,beta, ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,expression+1,depth,beta, + exception); + return(-1.0*gamma); + } + case '~': + { +- gamma=FxEvaluateSubexpression(fx_info,channel,x,y,expression+1,beta, ++ gamma=FxEvaluateSubexpression(fx_info,channel,x,y,expression+1,depth,beta, + exception); + return((double) (~(size_t) (gamma+0.5))); + } +@@ -2365,29 +2410,29 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + if (LocaleNCompare(expression,"abs",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(fabs((double) alpha)); + } + #if defined(MAGICKCORE_HAVE_ACOSH) + if (LocaleNCompare(expression,"acosh",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return(acosh((double) alpha)); + } + #endif + if (LocaleNCompare(expression,"acos",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(acos((double) alpha)); + } + #if defined(MAGICKCORE_HAVE_J1) + if (LocaleNCompare(expression,"airy",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + if (alpha == 0.0) + return(1.0); + gamma=2.0*j1((double) (MagickPI*alpha))/(MagickPI*alpha); +@@ -2397,41 +2442,41 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + #if defined(MAGICKCORE_HAVE_ASINH) + if (LocaleNCompare(expression,"asinh",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return(asinh((double) alpha)); + } + #endif + if (LocaleNCompare(expression,"asin",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(asin((double) alpha)); + } + if (LocaleNCompare(expression,"alt",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(((ssize_t) alpha) & 0x01 ? -1.0 : 1.0); + } + if (LocaleNCompare(expression,"atan2",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return(atan2((double) alpha,(double) *beta)); + } + #if defined(MAGICKCORE_HAVE_ATANH) + if (LocaleNCompare(expression,"atanh",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return(atanh((double) alpha)); + } + #endif + if (LocaleNCompare(expression,"atan",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(atan((double) alpha)); + } + if (LocaleCompare(expression,"a") == 0) +@@ -2450,20 +2495,19 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + if (LocaleNCompare(expression,"ceil",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(ceil((double) alpha)); + } + if (LocaleNCompare(expression,"cosh",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, beta,exception); + return(cosh((double) alpha)); + } + if (LocaleNCompare(expression,"cos",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(cos((double) alpha)); + } + if (LocaleCompare(expression,"c") == 0) +@@ -2478,8 +2522,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + const char + *type; + +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + if (fx_info->images->colorspace == CMYKColorspace) + switch (channel) + { +@@ -2511,8 +2555,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + } + if (LocaleNCompare(expression,"drc",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return((alpha/(*beta*(alpha-1.0)+1.0))); + } + break; +@@ -2524,8 +2568,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(MagickEpsilon); + if (LocaleNCompare(expression,"exp",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(exp((double) alpha)); + } + if (LocaleCompare(expression,"e") == 0) +@@ -2537,8 +2581,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + if (LocaleNCompare(expression,"floor",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return(floor((double) alpha)); + } + break; +@@ -2548,8 +2592,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + if (LocaleNCompare(expression,"gauss",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + gamma=exp((double) (-alpha*alpha/2.0))/sqrt(2.0*MagickPI); + return(gamma); + } +@@ -2558,8 +2602,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + MagickOffsetType + gcd; + +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + gcd=FxGCD((MagickOffsetType) (alpha+0.5),(MagickOffsetType) + (*beta+0.5)); + return((double) gcd); +@@ -2577,8 +2621,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(FxGetSymbol(fx_info,channel,x,y,expression,exception)); + if (LocaleNCompare(expression,"hypot",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return(hypot((double) alpha,(double) *beta)); + } + break; +@@ -2597,15 +2641,15 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(FxGetSymbol(fx_info,channel,x,y,expression,exception)); + if (LocaleNCompare(expression,"int",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(floor(alpha)); + } + #if defined(MAGICKCORE_HAVE_ISNAN) + if (LocaleNCompare(expression,"isnan",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return((double) !!isnan((double) alpha)); + } + #endif +@@ -2621,24 +2665,23 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + #if defined(MAGICKCORE_HAVE_J0) + if (LocaleNCompare(expression,"j0",2) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+2,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+2,depth, ++ beta,exception); + return(j0((double) alpha)); + } + #endif + #if defined(MAGICKCORE_HAVE_J1) + if (LocaleNCompare(expression,"j1",2) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+2,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+2,depth, beta,exception); + return(j1((double) alpha)); + } + #endif + #if defined(MAGICKCORE_HAVE_J1) + if (LocaleNCompare(expression,"jinc",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + if (alpha == 0.0) + return(1.0); + gamma=(2.0*j1((double) (MagickPI*alpha))/(MagickPI*alpha)); +@@ -2652,20 +2695,20 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + if (LocaleNCompare(expression,"ln",2) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+2,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+2,depth, ++ beta,exception); + return(log((double) alpha)); + } + if (LocaleNCompare(expression,"logtwo",6) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+6,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+6,depth, ++ beta,exception); + return(log10((double) alpha))/log10(2.0); + } + if (LocaleNCompare(expression,"log",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(log10((double) alpha)); + } + if (LocaleCompare(expression,"lightness") == 0) +@@ -2681,22 +2724,22 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + break; + if (LocaleNCompare(expression,"max",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(alpha > *beta ? alpha : *beta); + } + if (LocaleNCompare(expression,"minima",6) == 0) + break; + if (LocaleNCompare(expression,"min",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(alpha < *beta ? alpha : *beta); + } + if (LocaleNCompare(expression,"mod",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + gamma=alpha-floor((double) (alpha/(*beta)))*(*beta); + return(gamma); + } +@@ -2709,8 +2752,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + if (LocaleNCompare(expression,"not",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return((double) (alpha < MagickEpsilon)); + } + if (LocaleCompare(expression,"n") == 0) +@@ -2735,8 +2778,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(MagickPI); + if (LocaleNCompare(expression,"pow",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(pow((double) alpha,(double) *beta)); + } + if (LocaleCompare(expression,"p") == 0) +@@ -2759,8 +2802,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(GetPseudoRandomValue(fx_info->random_info)); + if (LocaleNCompare(expression,"round",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + return(floor((double) alpha+0.5)); + } + if (LocaleCompare(expression,"r") == 0) +@@ -2774,14 +2817,14 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + return(FxGetSymbol(fx_info,channel,x,y,expression,exception)); + if (LocaleNCompare(expression,"sign",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(alpha < 0.0 ? -1.0 : 1.0); + } + if (LocaleNCompare(expression,"sinc",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + if (alpha == 0) + return(1.0); + gamma=(sin((double) (MagickPI*alpha))/(MagickPI*alpha)); +@@ -2789,26 +2832,26 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + } + if (LocaleNCompare(expression,"sinh",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(sinh((double) alpha)); + } + if (LocaleNCompare(expression,"sin",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(sin((double) alpha)); + } + if (LocaleNCompare(expression,"sqrt",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(sqrt((double) alpha)); + } + if (LocaleNCompare(expression,"squish",6) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+6,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+6,depth, ++ beta,exception); + return((1.0/(1.0+exp((double) (-alpha))))); + } + if (LocaleCompare(expression,"s") == 0) +@@ -2820,22 +2863,22 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + if (LocaleNCompare(expression,"tanh",4) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+4,depth, ++ beta,exception); + return(tanh((double) alpha)); + } + if (LocaleNCompare(expression,"tan",3) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+3,depth, ++ beta,exception); + return(tan((double) alpha)); + } + if (LocaleCompare(expression,"Transparent") == 0) + return(0.0); + if (LocaleNCompare(expression,"trunc",5) == 0) + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,depth, ++ beta,exception); + if (alpha >= 0.0) + return(floor((double) alpha)); + return(ceil((double) alpha)); +@@ -2865,8 +2908,8 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,const ChannelType channel, + { + do + { +- alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5,beta, +- exception); ++ alpha=FxEvaluateSubexpression(fx_info,channel,x,y,expression+5, ++ depth,beta,exception); + } while (fabs((double) alpha) >= MagickEpsilon); + return(*beta); + } +@@ -2931,9 +2974,13 @@ MagickExport MagickBooleanType FxEvaluateChannelExpression(FxInfo *fx_info, + double + beta; + ++ size_t ++ depth; ++ + beta=0.0; +- *alpha=FxEvaluateSubexpression(fx_info,channel,x,y,fx_info->expression,&beta, +- exception); ++ depth=0; ++ *alpha=FxEvaluateSubexpression(fx_info,channel,x,y,fx_info->expression,&depth, ++ &beta,exception); + return(exception->severity == OptionError ? MagickFalse : MagickTrue); + } + diff -Nru imagemagick-6.8.9.9/debian/patches/0067-Added-extra-checks-to-avoid-out-of-bounds-error-when.patch imagemagick-6.8.9.9/debian/patches/0067-Added-extra-checks-to-avoid-out-of-bounds-error-when.patch --- imagemagick-6.8.9.9/debian/patches/0067-Added-extra-checks-to-avoid-out-of-bounds-error-when.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0067-Added-extra-checks-to-avoid-out-of-bounds-error-when.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,42 @@ +From 8c953645e59e07bdebb2fe5469dd9756f0a515a6 Mon Sep 17 00:00:00 2001 +From: dirk <dirk@git.imagemagick.org> +Date: Thu, 17 Sep 2015 13:10:15 +0200 +Subject: [PATCH] Added extra checks to avoid out of bounds error when parsing + the 8bim profile. (Github: #31) + +Bug: https://github.com/ImageMagick/ImageMagick/issues/31 +Fixed-upstream: 6.9.2-2 +--- + magick/profile.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/magick/profile.c b/magick/profile.c +index e8ee899..44b45b3 100644 +--- a/magick/profile.c ++++ b/magick/profile.c +@@ -1573,7 +1573,8 @@ static void GetProfilesFromResourceBlock(Image *image, + break; + p=ReadResourceLong(p,&value); + count=(ssize_t) value; +- if ((p > (datum+length-count)) || (count > (ssize_t) length)) ++ if ((p > (datum+length-count)) || (count > (ssize_t) length) || ++ (count < 0)) + break; + switch (id) + { +@@ -1913,13 +1914,13 @@ static MagickBooleanType Sync8BimProfile(Image *image,StringInfo *profile) + return(MagickFalse); + id=ReadProfileMSBShort(&p,&length); + count=(ssize_t) ReadProfileByte(&p,&length); +- if (count > length) ++ if ((count > (ssize_t) length) || (count < 0)) + return(MagickFalse); + p+=count; + if ((*p & 0x01) == 0) + (void) ReadProfileByte(&p,&length); + count=(ssize_t) ReadProfileMSBLong(&p,&length); +- if (count > length) ++ if ((count > (ssize_t) length) || (count < 0)) + return(MagickFalse); + if ((id == 0x3ED) && (count == 16)) + { diff -Nru imagemagick-6.8.9.9/debian/patches/0068-Fixed-size-of-memory-allocation-to-avoid-segfault-Gi.patch imagemagick-6.8.9.9/debian/patches/0068-Fixed-size-of-memory-allocation-to-avoid-segfault-Gi.patch --- imagemagick-6.8.9.9/debian/patches/0068-Fixed-size-of-memory-allocation-to-avoid-segfault-Gi.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0068-Fixed-size-of-memory-allocation-to-avoid-segfault-Gi.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,37 @@ +From 235cd684fd1283d5db85376c8a7f41622391e0ce Mon Sep 17 00:00:00 2001 +From: dirk <dirk@git.imagemagick.org> +Date: Thu, 17 Sep 2015 22:35:27 +0200 +Subject: [PATCH] Fixed size of memory allocation to avoid segfault (Github: + #32). + +Bug: https://github.com/ImageMagick/ImageMagick/issues/32 +Fixed-upstream: 6.9.2-2 +--- + coders/rle.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/coders/rle.c b/coders/rle.c +index 84b0ccc..5808d5b 100644 +--- a/coders/rle.c ++++ b/coders/rle.c +@@ -212,10 +212,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception) + image=AcquireImage(image_info); + status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); + if (status == MagickFalse) +- { +- image=DestroyImageList(image); +- return((Image *) NULL); +- } ++ return(DestroyImageList(image)); + /* + Determine if this a RLE file. + */ +@@ -321,7 +318,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception) + number_pixels=(MagickSizeType) image->columns*image->rows; + if ((number_pixels*number_planes) != (size_t) (number_pixels*number_planes)) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); +- pixel_info_length=image->columns*image->rows*MagickMax(number_planes,4); ++ pixel_info_length=image->columns*image->rows*number_planes; + pixel_info=AcquireVirtualMemory(pixel_info_length,sizeof(*pixels)); + if (pixel_info == (MemoryInfo *) NULL) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); diff -Nru imagemagick-6.8.9.9/debian/patches/0069-Fixed-memory-leak-when-reading-incorrect-PSD-files.patch imagemagick-6.8.9.9/debian/patches/0069-Fixed-memory-leak-when-reading-incorrect-PSD-files.patch --- imagemagick-6.8.9.9/debian/patches/0069-Fixed-memory-leak-when-reading-incorrect-PSD-files.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0069-Fixed-memory-leak-when-reading-incorrect-PSD-files.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,26 @@ +From cd8f0c3d9d7f4a1a51a42d746179f40f71a76da9 Mon Sep 17 00:00:00 2001 +From: dirk <dirk@git.imagemagick.org> +Date: Wed, 16 Dec 2015 21:37:00 +0100 +Subject: [PATCH] Fixed memory leak when reading incorrect PSD files + +Fixed-upstream: 6.9.2.10 +--- + coders/psd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/coders/psd.c b/coders/psd.c +index e0dc766..f6eedb7 100644 +--- a/coders/psd.c ++++ b/coders/psd.c +@@ -1521,8 +1521,10 @@ static MagickStatusType ReadPSDLayers(Image *image,const ImageInfo *image_info, + image->next=layer_info[0].image; + layer_info[0].image->previous=image; + } ++ layer_info=(LayerInfo *) RelinquishMagickMemory(layer_info); + } +- layer_info=(LayerInfo *) RelinquishMagickMemory(layer_info); ++ else ++ layer_info=DestroyLayerInfo(layer_info,number_layers); + } + + return(status); diff -Nru imagemagick-6.8.9.9/debian/patches/0070-Fix-PixelColor-off-by-one-on-i386.patch imagemagick-6.8.9.9/debian/patches/0070-Fix-PixelColor-off-by-one-on-i386.patch --- imagemagick-6.8.9.9/debian/patches/0070-Fix-PixelColor-off-by-one-on-i386.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0070-Fix-PixelColor-off-by-one-on-i386.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,314 @@ +From f40ae7899afa53437ea99f7be105e549e85b0c47 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sun, 8 Nov 2015 13:16:51 -0500 +Subject: [PATCH] Fix PixelColor off by one on i386 + +Bug: https://github.com/ImageMagick/ImageMagick/issues/54 +--- + coders/jpeg.c | 20 ++++++++++---------- + magick/cache.c | 48 +++++++++++++++++++++++++++++++++++++++--------- + magick/color.c | 22 ++++++++++++---------- + magick/identify.c | 26 ++++++++++++++------------ + 4 files changed, 75 insertions(+), 41 deletions(-) + +diff --git a/coders/jpeg.c b/coders/jpeg.c +index d1310f6..2c963bb 100644 +--- a/coders/jpeg.c ++++ b/coders/jpeg.c +@@ -1668,7 +1668,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (description == (XMLTreeInfo *) NULL) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlMissingElement", "<description>, slot \"%s\"",slot); ++ "XmlMissingElement","<description>, slot \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + xml=DestroyString(xml); + return(table); +@@ -1677,7 +1677,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (levels == (XMLTreeInfo *) NULL) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlMissingElement", "<levels>, slot \"%s\"", slot); ++ "XmlMissingElement","<levels>, slot \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + xml=DestroyString(xml); + return(table); +@@ -1699,7 +1699,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (attribute == (char *) NULL) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlMissingAttribute", "<levels width>, slot \"%s\"",slot); ++ "XmlMissingAttribute","<levels width>, slot \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +@@ -1709,7 +1709,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (table->width == 0) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlInvalidAttribute", "<levels width>, table \"%s\"",slot); ++ "XmlInvalidAttribute","<levels width>, table \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +@@ -1719,7 +1719,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (attribute == (char *) NULL) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlMissingAttribute", "<levels height>, table \"%s\"",slot); ++ "XmlMissingAttribute","<levels height>, table \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +@@ -1729,7 +1729,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (table->height == 0) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlInvalidAttribute", "<levels height>, table \"%s\"",slot); ++ "XmlInvalidAttribute","<levels height>, table \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +@@ -1739,7 +1739,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (attribute == (char *) NULL) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlMissingAttribute", "<levels divisor>, table \"%s\"",slot); ++ "XmlMissingAttribute","<levels divisor>, table \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +@@ -1749,7 +1749,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (table->divisor == 0.0) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlInvalidAttribute", "<levels divisor>, table \"%s\"",slot); ++ "XmlInvalidAttribute","<levels divisor>, table \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +@@ -1759,7 +1759,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (content == (char *) NULL) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlMissingContent", "<levels>, table \"%s\"",slot); ++ "XmlMissingContent","<levels>, table \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +@@ -1788,7 +1788,7 @@ static QuantizationTable *GetQuantizationTable(const char *filename, + if (p != content) + { + (void) ThrowMagickException(exception,GetMagickModule(),OptionError, +- "XmlInvalidContent", "<level> too many values, table \"%s\"",slot); ++ "XmlInvalidContent","<level> too many values, table \"%s\"",slot); + quantization_tables=DestroyXMLTree(quantization_tables); + table=DestroyQuantizationTable(table); + xml=DestroyString(xml); +diff --git a/magick/cache.c b/magick/cache.c +index 129b769..c34f62c 100644 +--- a/magick/cache.c ++++ b/magick/cache.c +@@ -3420,6 +3420,11 @@ static inline MagickOffsetType WritePixelCacheRegion( + const CacheInfo *restrict cache_info,const MagickOffsetType offset, + const MagickSizeType length,const unsigned char *restrict buffer) + { ++#if !defined(MAGICKCORE_HAVE_PWRITE) ++ MagickOffsetType ++ current_offset; ++#endif ++ + register MagickOffsetType + i; + +@@ -3427,6 +3432,9 @@ static inline MagickOffsetType WritePixelCacheRegion( + count; + + #if !defined(MAGICKCORE_HAVE_PWRITE) ++ current_offset=(MagickOffsetType) lseek(cache_info->file,0,SEEK_CUR); ++ if (current_offset < 0) ++ return((MagickOffsetType) -1); + if (lseek(cache_info->file,offset,SEEK_SET) < 0) + return((MagickOffsetType) -1); + #endif +@@ -3447,6 +3455,10 @@ static inline MagickOffsetType WritePixelCacheRegion( + break; + } + } ++#if !defined(MAGICKCORE_HAVE_PWRITE) ++ if (lseek(cache_info->file,current_offset,SEEK_SET) < 0) ++ return((MagickOffsetType) -1); ++#endif + return(i); + } + +@@ -3479,9 +3491,13 @@ static MagickBooleanType SetPixelCacheExtent(Image *image,MagickSizeType length) + if (offset < 0) + return(MagickFalse); + if ((MagickSizeType) offset >= length) +- return(MagickTrue); +- extent=(MagickOffsetType) length-1; +- count=WritePixelCacheRegion(cache_info,extent,1,(const unsigned char *) ""); ++ count=(MagickOffsetType) 1; ++ else ++ { ++ extent=(MagickOffsetType) length-1; ++ count=WritePixelCacheRegion(cache_info,extent,1,(const unsigned char *) ++ ""); ++ } + #if defined(MAGICKCORE_HAVE_POSIX_FALLOCATE) + if (cache_info->synchronize != MagickFalse) + { +@@ -4173,6 +4189,11 @@ static inline MagickOffsetType ReadPixelCacheRegion( + const CacheInfo *restrict cache_info,const MagickOffsetType offset, + const MagickSizeType length,unsigned char *restrict buffer) + { ++#if !defined(MAGICKCORE_HAVE_PREAD) ++ MagickOffsetType ++ current_offset; ++#endif ++ + register MagickOffsetType + i; + +@@ -4180,6 +4201,9 @@ static inline MagickOffsetType ReadPixelCacheRegion( + count; + + #if !defined(MAGICKCORE_HAVE_PREAD) ++ current_offset=(MagickOffsetType) lseek(cache_info->file,0,SEEK_CUR); ++ if (current_offset < 0) ++ return((MagickOffsetType) -1); + if (lseek(cache_info->file,offset,SEEK_SET) < 0) + return((MagickOffsetType) -1); + #endif +@@ -4187,11 +4211,11 @@ static inline MagickOffsetType ReadPixelCacheRegion( + for (i=0; i < (MagickOffsetType) length; i+=count) + { + #if !defined(MAGICKCORE_HAVE_PREAD) +- count=read(cache_info->file,buffer+i,(size_t) MagickMin(length-i, +- (MagickSizeType) SSIZE_MAX)); ++ count=read(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) ++ SSIZE_MAX)); + #else +- count=pread(cache_info->file,buffer+i,(size_t) MagickMin(length-i, +- (MagickSizeType) SSIZE_MAX),(off_t) (offset+i)); ++ count=pread(cache_info->file,buffer+i,(size_t) MagickMin(length-i,(size_t) ++ SSIZE_MAX),(off_t) (offset+i)); + #endif + if (count <= 0) + { +@@ -4200,6 +4224,10 @@ static inline MagickOffsetType ReadPixelCacheRegion( + break; + } + } ++#if !defined(MAGICKCORE_HAVE_PREAD) ++ if (lseek(cache_info->file,current_offset,SEEK_SET) < 0) ++ return((MagickOffsetType) -1); ++#endif + return(i); + } + +@@ -4392,8 +4420,10 @@ static MagickBooleanType ReadPixelCachePixels(CacheInfo *restrict cache_info, + + if (nexus_info->authentic_pixel_cache != MagickFalse) + return(MagickTrue); +- offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+ +- nexus_info->region.x; ++ offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns; ++ if ((offset/cache_info->columns) != (MagickOffsetType) nexus_info->region.y) ++ return(MagickFalse); ++ offset+=nexus_info->region.x; + length=(MagickSizeType) nexus_info->region.width*sizeof(PixelPacket); + rows=nexus_info->region.height; + extent=length*rows; +diff --git a/magick/color.c b/magick/color.c +index db9d039..12fdffe 100644 +--- a/magick/color.c ++++ b/magick/color.c +@@ -2731,18 +2731,20 @@ MagickExport MagickBooleanType QueryMagickColorCompliance(const char *name, + if ((flags & PercentValue) != 0) + scale=(MagickRealType) (QuantumRange/100.0); + if ((flags & RhoValue) != 0) +- color->red=(MagickRealType) ClampToQuantum(scale*geometry_info.rho); ++ color->red=(MagickRealType) ClampToQuantum((MagickRealType) ++ floor(scale*geometry_info.rho)); + if ((flags & SigmaValue) != 0) +- color->green=(MagickRealType) ClampToQuantum(scale* +- geometry_info.sigma); ++ color->green=(MagickRealType) ClampToQuantum((MagickRealType) ++ floor(scale*geometry_info.sigma)); + if ((flags & XiValue) != 0) +- color->blue=(MagickRealType) ClampToQuantum(scale*geometry_info.xi); ++ color->blue=(MagickRealType) ClampToQuantum((MagickRealType) ++ floor(scale*geometry_info.xi)); + color->opacity=(MagickRealType) OpaqueOpacity; + if ((flags & PsiValue) != 0) + { + if (color->colorspace == CMYKColorspace) +- color->index=(MagickRealType) ClampToQuantum(scale* +- geometry_info.psi); ++ color->index=(MagickRealType) ClampToQuantum((MagickRealType) ++ floor(scale*geometry_info.psi)); + else + if (color->matte != MagickFalse) + color->opacity=(MagickRealType) ClampToQuantum( +@@ -2755,11 +2757,11 @@ MagickExport MagickBooleanType QueryMagickColorCompliance(const char *name, + if (color->colorspace == LabColorspace) + { + if ((flags & SigmaValue) != 0) +- color->green=(MagickRealType) ClampToQuantum(scale* +- geometry_info.sigma+(QuantumRange+1)/2.0); ++ color->green=(MagickRealType) ClampToQuantum((MagickRealType) ++ floor(scale*geometry_info.sigma+(QuantumRange+1)/2.0)); + if ((flags & XiValue) != 0) +- color->blue=(MagickRealType) ClampToQuantum(scale* +- geometry_info.xi+(QuantumRange+1)/2.0); ++ color->blue=(MagickRealType) ClampToQuantum((MagickRealType) ++ floor(scale*geometry_info.xi+(QuantumRange+1)/2.0)); + } + if (LocaleCompare(colorspace,"gray") == 0) + { +diff --git a/magick/identify.c b/magick/identify.c +index 2a9ed92..8a3bd7b 100644 +--- a/magick/identify.c ++++ b/magick/identify.c +@@ -455,11 +455,13 @@ static ssize_t PrintChannelStatistics(FILE *file,const ChannelType channel, + + if (channel == AlphaChannel) + { +- n=FormatLocaleFile(file,StatisticsFormat,name,ClampToQuantum(scale* +- (QuantumRange-channel_statistics[channel].maxima)), +- (QuantumRange-channel_statistics[channel].maxima)/(double) QuantumRange, +- ClampToQuantum(scale*(QuantumRange-channel_statistics[channel].minima)), +- (QuantumRange-channel_statistics[channel].minima)/(double) QuantumRange, ++ n=FormatLocaleFile(file,StatisticsFormat,name,ClampToQuantum( ++ (MagickRealType) floor(scale*(QuantumRange- ++ channel_statistics[channel].maxima))),(QuantumRange- ++ channel_statistics[channel].maxima)/(double) QuantumRange, ++ ClampToQuantum((MagickRealType) floor(scale*(QuantumRange- ++ channel_statistics[channel].minima))),(QuantumRange- ++ channel_statistics[channel].minima)/(double) QuantumRange, + scale*(QuantumRange-channel_statistics[channel].mean),(QuantumRange- + channel_statistics[channel].mean)/(double) QuantumRange,scale* + channel_statistics[channel].standard_deviation, +@@ -468,13 +470,13 @@ static ssize_t PrintChannelStatistics(FILE *file,const ChannelType channel, + channel_statistics[channel].skewness); + return(n); + } +- n=FormatLocaleFile(file,StatisticsFormat,name,ClampToQuantum(scale* +- channel_statistics[channel].minima),channel_statistics[channel].minima/ +- (double) QuantumRange,ClampToQuantum(scale* +- channel_statistics[channel].maxima),channel_statistics[channel].maxima/ +- (double) QuantumRange,scale*channel_statistics[channel].mean, +- channel_statistics[channel].mean/(double) QuantumRange,scale* +- channel_statistics[channel].standard_deviation, ++ n=FormatLocaleFile(file,StatisticsFormat,name,ClampToQuantum((MagickRealType) ++ floor(scale*channel_statistics[channel].minima)), ++ channel_statistics[channel].minima/(double) QuantumRange,ClampToQuantum( ++ (MagickRealType) (scale*channel_statistics[channel].maxima)), ++ channel_statistics[channel].maxima/(double) QuantumRange,scale* ++ channel_statistics[channel].mean,channel_statistics[channel].mean/(double) ++ QuantumRange,scale*channel_statistics[channel].standard_deviation, + channel_statistics[channel].standard_deviation/(double) QuantumRange, + channel_statistics[channel].kurtosis,channel_statistics[channel].skewness); + return(n); diff -Nru imagemagick-6.8.9.9/debian/patches/0071-Prevent-null-pointer-access-in-magick-constitute.c.patch imagemagick-6.8.9.9/debian/patches/0071-Prevent-null-pointer-access-in-magick-constitute.c.patch --- imagemagick-6.8.9.9/debian/patches/0071-Prevent-null-pointer-access-in-magick-constitute.c.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0071-Prevent-null-pointer-access-in-magick-constitute.c.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,38 @@ +From d8ccf0cde8b1df3d44b47f560a69c821bcb96921 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Thu, 24 Sep 2015 09:37:24 -0400 +Subject: [PATCH] Prevent null pointer access in magick/constitute.c + +Bug: https://github.com/ImageMagick/ImageMagick/pull/34 +--- + magick/constitute.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/magick/constitute.c b/magick/constitute.c +index ff339ee..820f632 100644 +--- a/magick/constitute.c ++++ b/magick/constitute.c +@@ -1299,7 +1299,14 @@ MagickExport MagickBooleanType WriteImages(const ImageInfo *image_info, + sans_exception=DestroyExceptionInfo(sans_exception); + p=images; + for ( ; GetNextImageInList(p) != (Image *) NULL; p=GetNextImageInList(p)) +- if (p->scene >= GetNextImageInList(p)->scene) ++ { ++ register Image ++ *next; ++ ++ next=GetNextImageInList(p); ++ if (next == (Image *) NULL) ++ break; ++ if (p->scene >= next->scene) + { + register ssize_t + i; +@@ -1312,6 +1319,7 @@ MagickExport MagickBooleanType WriteImages(const ImageInfo *image_info, + p->scene=(size_t) i++; + break; + } ++ } + /* + Write images. + */ diff -Nru imagemagick-6.8.9.9/debian/patches/0072-Fixed-out-of-bounds-error-in-SpliceImage.patch imagemagick-6.8.9.9/debian/patches/0072-Fixed-out-of-bounds-error-in-SpliceImage.patch --- imagemagick-6.8.9.9/debian/patches/0072-Fixed-out-of-bounds-error-in-SpliceImage.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0072-Fixed-out-of-bounds-error-in-SpliceImage.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,87 @@ +From 281308d0fc7b1beaa3b71c44f472b7664f53d0e5 Mon Sep 17 00:00:00 2001 +From: dirk <dirk@git.imagemagick.org> +Date: Fri, 9 Oct 2015 10:08:06 +0200 +Subject: [PATCH] Fixed out of bounds error in SpliceImage. + +Bug: http://www.imagemagick.org/discourse-server/viewtopic.html?f=3&t=28466 +--- + magick/transform.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/magick/transform.c b/magick/transform.c +index 69ff36e..785090e 100644 +--- a/magick/transform.c ++++ b/magick/transform.c +@@ -95,6 +95,14 @@ + % o exception: Return any errors or warnings in this structure. + % + */ ++static inline size_t MagickMin(const size_t x,const size_t y) ++{ ++ if (x < y) ++ return(x); ++ return(y); ++} ++ ++ + MagickExport Image *AutoOrientImage(const Image *image, + const OrientationType orientation,ExceptionInfo *exception) + { +@@ -1733,6 +1741,7 @@ MagickExport Image *SpliceImage(const Image *image, + splice_geometry; + + ssize_t ++ columns, + y; + + /* +@@ -1817,6 +1826,7 @@ MagickExport Image *SpliceImage(const Image *image, + */ + status=MagickTrue; + progress=0; ++ columns=MagickMin(splice_geometry.x,(ssize_t) splice_image->columns); + image_view=AcquireVirtualCacheView(image,exception); + splice_view=AcquireAuthenticCacheView(splice_image,exception); + #if defined(MAGICKCORE_OPENMP_SUPPORT) +@@ -1840,7 +1850,8 @@ MagickExport Image *SpliceImage(const Image *image, + + if (status == MagickFalse) + continue; +- p=GetCacheViewVirtualPixels(image_view,0,y,image->columns,1,exception); ++ p=GetCacheViewVirtualPixels(image_view,0,y,splice_image->columns,1, ++ exception); + q=QueueCacheViewAuthenticPixels(splice_view,0,y,splice_image->columns,1, + exception); + if ((p == (const PixelPacket *) NULL) || (q == (PixelPacket *) NULL)) +@@ -1850,7 +1861,7 @@ MagickExport Image *SpliceImage(const Image *image, + } + indexes=GetCacheViewAuthenticIndexQueue(image_view); + splice_indexes=GetCacheViewAuthenticIndexQueue(splice_view); +- for (x=0; x < splice_geometry.x; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(q,GetPixelRed(p)); + SetPixelGreen(q,GetPixelGreen(p)); +@@ -1918,10 +1929,10 @@ MagickExport Image *SpliceImage(const Image *image, + + if (status == MagickFalse) + continue; +- p=GetCacheViewVirtualPixels(image_view,0,y-(ssize_t) splice_geometry.height, +- image->columns,1,exception); +- if ((y < 0) || (y >= (ssize_t) splice_image->rows)) ++ if ((y < 0) || (y >= (ssize_t)splice_image->rows)) + continue; ++ p=GetCacheViewVirtualPixels(image_view,0,y-(ssize_t) splice_geometry.height, ++ splice_image->columns,1,exception); + q=QueueCacheViewAuthenticPixels(splice_view,0,y,splice_image->columns,1, + exception); + if ((p == (const PixelPacket *) NULL) || (q == (PixelPacket *) NULL)) +@@ -1931,7 +1942,7 @@ MagickExport Image *SpliceImage(const Image *image, + } + indexes=GetCacheViewAuthenticIndexQueue(image_view); + splice_indexes=GetCacheViewAuthenticIndexQueue(splice_view); +- for (x=0; x < splice_geometry.x; x++) ++ for (x=0; x < columns; x++) + { + SetPixelRed(q,GetPixelRed(p)); + SetPixelGreen(q,GetPixelGreen(p)); diff -Nru imagemagick-6.8.9.9/debian/patches/0073-Fixed-memory-leaks.patch imagemagick-6.8.9.9/debian/patches/0073-Fixed-memory-leaks.patch --- imagemagick-6.8.9.9/debian/patches/0073-Fixed-memory-leaks.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0073-Fixed-memory-leaks.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,64 @@ +From 1d726ed4bdeec8a4852c81e561375b7f8890a04f Mon Sep 17 00:00:00 2001 +From: dirk <dirk@git.imagemagick.org> +Date: Sat, 26 Dec 2015 20:17:54 +0100 +Subject: [PATCH] Fixed memory leaks. + +Bug: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791 +Applied-upstream: https://github.com/ImageMagick/ImageMagick/commit/9043f3d1fb76c8f4f158d75dc6e2455c43d2f1de +--- + magick/nt-base.c | 2 ++ + magick/utility.c | 9 ++++++--- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/magick/nt-base.c b/magick/nt-base.c +index 9730631..302bc1e 100644 +--- a/magick/nt-base.c ++++ b/magick/nt-base.c +@@ -1107,6 +1107,7 @@ static int NTGhostscriptGetString(const char *name,BOOL *is_64_bit, + directory,DirectorySeparator); + if (IsPathAccessible(buffer) != MagickFalse) + { ++ directory=DestroyString(directory); + (void) CopyMagickString(value,buffer,length); + if (is_64_bit != NULL) + *is_64_bit=FALSE; +@@ -1116,6 +1117,7 @@ static int NTGhostscriptGetString(const char *name,BOOL *is_64_bit, + directory,DirectorySeparator); + if (IsPathAccessible(buffer) != MagickFalse) + { ++ directory=DestroyString(directory); + (void) CopyMagickString(value,buffer,length); + if (is_64_bit != NULL) + *is_64_bit=TRUE; +diff --git a/magick/utility.c b/magick/utility.c +index 8b1efe2..4a88e61 100644 +--- a/magick/utility.c ++++ b/magick/utility.c +@@ -1817,6 +1817,7 @@ MagickPrivate MagickBooleanType ShredFile(const char *path) + /* + Don't shred the file, just remove it. + */ ++ passes=DestroyString(passes); + status=remove_utf8(path); + if (status == -1) + return(MagickFalse); +@@ -1828,6 +1829,7 @@ MagickPrivate MagickBooleanType ShredFile(const char *path) + /* + Don't shred the file, just remove it. + */ ++ passes=DestroyString(passes); + status=remove_utf8(path); + return(MagickFalse); + } +@@ -1877,7 +1879,8 @@ MagickPrivate MagickBooleanType ShredFile(const char *path) + } + status=close(file); + status=remove_utf8(path); +- if (status == -1) +- return(MagickFalse); +- return(i < (ssize_t) StringToInteger(passes) ? MagickFalse : MagickTrue); ++ if (status != -1) ++ status=StringToInteger(passes); ++ passes=DestroyString(passes); ++ return((status == -1 || i < (ssize_t) status) ? MagickFalse : MagickTrue); + } diff -Nru imagemagick-6.8.9.9/debian/patches/0074-Fix-overflow-in-pict-image-parsing.patch imagemagick-6.8.9.9/debian/patches/0074-Fix-overflow-in-pict-image-parsing.patch --- imagemagick-6.8.9.9/debian/patches/0074-Fix-overflow-in-pict-image-parsing.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0074-Fix-overflow-in-pict-image-parsing.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,56 @@ +From 2176134da732b638db47c5aa713dffccbe4837b9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com> +Date: Mon, 7 Dec 2015 16:04:17 +0100 +Subject: [PATCH] Fix overflow in pict image parsing Backport a small part of + an upstream commit fixing an issue with pict image parsing. Origin: + backport, + https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 + Bug-Ubuntu: + https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 + Applied-Upstream: 7.0.0 Last-Update: 2015-11-27 --- This patch header follows + DEP-3: http://dep.debian.net/deps/dep3/ + +--- + coders/pict.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/coders/pict.c b/coders/pict.c +index f6165a4..ee24aeb 100644 +--- a/coders/pict.c ++++ b/coders/pict.c +@@ -1615,7 +1615,8 @@ static MagickBooleanType WritePICTImage(const ImageInfo *image_info, + storage_class; + + ssize_t +- y; ++ y, ++ row_bytes; + + unsigned char + *buffer, +@@ -1625,7 +1626,6 @@ static MagickBooleanType WritePICTImage(const ImageInfo *image_info, + + unsigned short + base_address, +- row_bytes, + transfer_mode; + + /* +@@ -1656,7 +1656,7 @@ static MagickBooleanType WritePICTImage(const ImageInfo *image_info, + source_rectangle=size_rectangle; + destination_rectangle=size_rectangle; + base_address=0xff; +- row_bytes=(unsigned short) (image->columns | 0x8000); ++ row_bytes=image->columns; + bounds.top=0; + bounds.left=0; + bounds.bottom=(short) image->rows; +@@ -1686,7 +1686,7 @@ static MagickBooleanType WritePICTImage(const ImageInfo *image_info, + pixmap.bits_per_pixel=32; + pixmap.pack_type=0x04; + transfer_mode=0x40; +- row_bytes=(unsigned short) ((4*image->columns) | 0x8000); ++ row_bytes=4*image->columns; + } + /* + Allocate memory. diff -Nru imagemagick-6.8.9.9/debian/patches/0075-Fix-buffer-overflow-in-icon-parsing-code.patch imagemagick-6.8.9.9/debian/patches/0075-Fix-buffer-overflow-in-icon-parsing-code.patch --- imagemagick-6.8.9.9/debian/patches/0075-Fix-buffer-overflow-in-icon-parsing-code.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/0075-Fix-buffer-overflow-in-icon-parsing-code.patch 2016-01-18 21:33:34.000000000 +0100 @@ -0,0 +1,30 @@ +From 67cdf9296c72b6e2d7ff2e64ea28f1797e8a7ddc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com> +Date: Mon, 7 Dec 2015 16:02:33 +0100 +Subject: [PATCH] Fix buffer overflow in icon parsing code + + This patch backports a small extract of a larger upstream + commit that addresses this specific issue. +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 +Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 +Applied-Upstream: 7.0.0 +Last-Update: 2015-11-26 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- + coders/icon.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/icon.c b/coders/icon.c +index 80a0e1a..2bcdbc1 100644 +--- a/coders/icon.c ++++ b/coders/icon.c +@@ -347,6 +347,8 @@ static Image *ReadICONImage(const ImageInfo *image_info, + Icon image encoded as a compressed PNG image. + */ + length=icon_file.directory[i].size; ++ if (~length < 16) ++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + png=(unsigned char *) AcquireQuantumMemory(length+16,sizeof(*png)); + if (png == (unsigned char *) NULL) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); diff -Nru imagemagick-6.8.9.9/debian/patches/series imagemagick-6.8.9.9/debian/patches/series --- imagemagick-6.8.9.9/debian/patches/series 2014-12-29 11:55:39.000000000 +0100 +++ imagemagick-6.8.9.9/debian/patches/series 2016-01-18 21:33:34.000000000 +0100 @@ -55,3 +55,22 @@ 0054-Replaced-calls-to-ConstrainColormapIndex-with-IsVali.patch 0055-During-identification-of-image-do-not-fill-memory.patch 0056-Fix-correctly-the-xpm-crash-problem.patch +0057-Fix-a-miff-security-bug.patch +0058-Fix-a-DOS-in-viccar-file-handling.patch +0059-Fix-a-DOS-in-HDR-file.patch +0060-Fix-a-DOS-in-PDB-file-handling.patch +0061-Avoid-using-NULL-alpha_image-in-the-JNG-decoder.patch +0062-Jpeg-images-no-longer-have-pixels-per-inch-as-a-defa.patch +0063-Add-an-additional-check-for-end-of-file-for-the-RLE-.patch +0064-Fix-a-double-free-in-tga-file.patch +0065-Add-field-width-to-sscanf-to-prevent-buffer-overflow.patch +0066-Limit-fx-recursive-to-avoid-stack-overflow.patch +0067-Added-extra-checks-to-avoid-out-of-bounds-error-when.patch +0068-Fixed-size-of-memory-allocation-to-avoid-segfault-Gi.patch +0069-Fixed-memory-leak-when-reading-incorrect-PSD-files.patch +0070-Fix-PixelColor-off-by-one-on-i386.patch +0071-Prevent-null-pointer-access-in-magick-constitute.c.patch +0072-Fixed-out-of-bounds-error-in-SpliceImage.patch +0073-Fixed-memory-leaks.patch +0074-Fix-overflow-in-pict-image-parsing.patch +0075-Fix-buffer-overflow-in-icon-parsing-code.patch diff -Nru imagemagick-6.8.9.9/debian/rules imagemagick-6.8.9.9/debian/rules --- imagemagick-6.8.9.9/debian/rules 2014-12-29 11:53:11.000000000 +0100 +++ imagemagick-6.8.9.9/debian/rules 2016-01-17 22:24:09.000000000 +0100 @@ -211,17 +211,21 @@ while read SIZE; do \ mkdir -p $(CURDIR)/debian/tmp-$*/usr/share/icons/hicolor/$$SIZE/apps/ ;\ cd $(CURDIR)/debian/build-quantum-$*; \ + echo "Make icons for size $$SIZE..."; \ $(CONVERT) $(CURDIR)/debian/display-im$(DEB_UPSTREAM_VERSION_MAJOR).svg \ $(CONVERT_FLAGS) -resize $$SIZE \ -gravity center -extent $$SIZE \ $(CURDIR)/debian/tmp-$*/usr/share/icons/hicolor/$$SIZE/apps/display-im$(DEB_UPSTREAM_VERSION_MAJOR).${shell echo $* | sed -e 's/$.*$/\L\1/'}.png; \ + echo "Done"; \ done < $(CURDIR)/debian/display-im$(DEB_UPSTREAM_VERSION_MAJOR).iconssize # make xpm mkdir -p $(CURDIR)/debian/tmp-$*/usr/share/pixmaps/ cd $(CURDIR)/debian/build-quantum-$*; \ + echo "Make xpm size 32x32..." ; \ $(CONVERT) $(CURDIR)/debian/display-im$(DEB_UPSTREAM_VERSION_MAJOR).svg $(CONVERT_FLAGS) -resize 32x32 \ -gravity center -extent 32x32 \ - $(CURDIR)/debian/tmp-$*/usr/share/pixmaps/display-im$(DEB_UPSTREAM_VERSION_MAJOR).${shell echo $* | sed -e 's/$.*$/\L\1/'}.xpm + $(CURDIR)/debian/tmp-$*/usr/share/pixmaps/display-im$(DEB_UPSTREAM_VERSION_MAJOR).${shell echo $* | sed -e 's/$.*$/\L\1/'}.xpm ;\ + echo "Done" # do not forget svgz mkdir -p $(CURDIR)/debian/tmp-$*/usr/share/icons/hicolor/scalable/apps/ gzip -c -n -9 $(CURDIR)/debian/display-im$(DEB_UPSTREAM_VERSION_MAJOR).svg \ diff -Nru imagemagick-6.8.9.9/debian/source/git-patches imagemagick-6.8.9.9/debian/source/git-patches --- imagemagick-6.8.9.9/debian/source/git-patches 2014-12-29 11:53:11.000000000 +0100 +++ imagemagick-6.8.9.9/debian/source/git-patches 2016-01-17 22:24:09.000000000 +0100 @@ -1 +1,2 @@ -upstream/$UPSTREAM_REF..debian-patches/$DEB_REF +upstream/$UPSTREAM_REF..debian-patches/6.8.9.9-5 +debian-patches/6.8.9.9-5..debian-patches/6.8.9.9-5+deb8u1

Reply to: