From owner-freebsd-ports-bugs@freebsd.org Wed Sep 13 19:18:23 2017 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44506E0B523 for ; Wed, 13 Sep 2017 19:18:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 319F073361 for ; Wed, 13 Sep 2017 19:18:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8DJIMrq090469 for ; Wed, 13 Sep 2017 19:18:23 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 222309] graphics/ImageMagick and graphics/ImageMagick7: remove FPX from default options Date: Wed, 13 Sep 2017 19:18:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: citrin+pr@citrin.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kwm@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 19:18:23 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222309 Bug ID: 222309 Summary: graphics/ImageMagick and graphics/ImageMagick7: remove FPX from default options Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: kwm@FreeBSD.org Reporter: citrin+pr@citrin.ru Assignee: kwm@FreeBSD.org Flags: maintainer-feedback?(kwm@FreeBSD.org) Created attachment 186354 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D186354&action= =3Dedit remove FPX from default options Please remove FPX from default options for graphics/ImageMagick and graphics/ImageMagick7. 1. FlashPix images are very rare noways. I was not able to found them on the Internet except in ImageMagick test cases. In rare case when fpx support is needed it is possible to rebuild ImageMagick from ports with this option enabled. 2. libfpx contains multiple DoS vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12925 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12924 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12922 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12921 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12920 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12919 and it is unlikely that they will be fixed in near future, because libfxp is not actively developed: https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-= wchar-c/ --=20 You are receiving this mail because: You are the assignee for the bug.=