#57903 closed update (fixed)

ImageMagick @6.9.9-40_5: update to 6.9.10-40

Reported by: l2dy (Zero King) Owned by: ryandesign (Ryan Schmidt)
Priority: Normal Milestone:
Component: ports Version:
Keywords: security Cc: FranklinYu (Franklin Yu), Dave-Allured (Dave Allured), fmw42 (Fred Weinhaus)
Port: ImageMagick

Description

  • Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts (credit to OSS Fuzz).

Change History (13)

comment:1 Changed 22 months ago by ryandesign (Ryan Schmidt)

Status: assignedaccepted

I've been meaning to update ImageMagick to the latest version of 6.x. But because the library versions change, it means I have to identify and revbump all the ports that link with those libraries, which is tedious and time-consuming.

comment:2 Changed 20 months ago by FranklinYu (Franklin Yu)

Cc: FranklinYu added

comment:3 Changed 20 months ago by l2dy (Zero King)

Summary: ImageMagick @6.9.9-40_5: update to 6.9.10-23ImageMagick @6.9.9-40_5: update to 6.9.10-27

comment:4 Changed 20 months ago by l2dy (Zero King)

Summary: ImageMagick @6.9.9-40_5: update to 6.9.10-27ImageMagick @6.9.9-40_5: update to 6.9.10-30

comment:5 Changed 19 months ago by Dave-Allured (Dave Allured)

Cc: Dave-Allured added

comment:6 Changed 19 months ago by ryandesign (Ryan Schmidt)

Cc: fmw42 added

Has duplicate #58292.

comment:7 Changed 18 months ago by l2dy (Zero King)

Summary: ImageMagick @6.9.9-40_5: update to 6.9.10-30ImageMagick @6.9.9-40_5: update to 6.9.10-40

comment:8 Changed 18 months ago by fmw42 (Fred Weinhaus)

Is there a reason, the upgrade was backed down to 6.9.9.40 after attempting to upgrade to 6.9.10.40? Imagemagick is now at 6.9.10.44. Is the upgrade still in progress?

comment:9 Changed 15 months ago by ryandesign (Ryan Schmidt)

Nothing has been backed down. No update past 6.9.9-40 has been attempted by me.

comment:10 Changed 12 months ago by fmw42 (Fred Weinhaus)

MacPorts is becoming less useful for installing Imagemagick as time goes on, since your version seems to be stuck at 6.9.10.40. The current version is 6.9.10.69 and 7.0.9.0. A number of users of Imagemagick are complaining because the Imagemagick documentation says the preferred way to install is via MacPorts. If MacPorts stays stuck at 6.9.10.40, the Imagemagick team may need to change its recommendation to use other sources of Imagemagick that provide current versions of Imagemagick 6 and/or Imagemagick 7. Perhaps you would consider providing current versions of Imagemagick 7 if you are freezing Imagemagick 6 at 6.9.10.40. Thanks for your consideration.

comment:11 in reply to:  10 Changed 12 months ago by Dave-Allured (Dave Allured)

Replying to fmw42: IMO, discussion of version 7.x should be continued in #51310. There are several considerations.

comment:12 Changed 12 months ago by ryandesign (Ryan Schmidt)

We have stayed at 6.9.9-40 because updating to anything newer involves identifying and revbumping anything that links with ImageMagick libraries, and I have not taken the time to do that. Anybody else is welcome to take the time to do that and submit a PR. In fact, someone has already done so: https://github.com/macports/macports-ports/pull/5016

comment:13 Changed 12 months ago by rubendibattista (Ruben Di Battista)

Resolution: fixed
Status: acceptedclosed

In 833ba1ff2df379fc8e45a9ad42f007c72b0f30ff/macports-ports (master):

ImageMagick: Bump to version 6.9.10-60 and revbump dependents

Closes: #57903

Note: See TracTickets for help on using tickets.