Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Sep 2017 19:18:22 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 222309] graphics/ImageMagick and graphics/ImageMagick7: remove FPX from default options
Message-ID:  <bug-222309-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222309

            Bug ID: 222309
           Summary: graphics/ImageMagick and graphics/ImageMagick7: remove
                    FPX from default options
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: kwm@FreeBSD.org
          Reporter: citrin+pr@citrin.ru
          Assignee: kwm@FreeBSD.org
             Flags: maintainer-feedback?(kwm@FreeBSD.org)

Created attachment 186354
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D186354&action=
=3Dedit
remove FPX from default options

Please remove FPX from default options for graphics/ImageMagick and
graphics/ImageMagick7.

1. FlashPix images are very rare noways. I was not able to found them on the
Internet except in ImageMagick test cases. In rare case when fpx support is
needed it is possible to rebuild ImageMagick from ports with this option
enabled.

2. libfpx contains multiple DoS vulnerabilities:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-12919

and it is unlikely that they will be fixed in near future, because libfxp is
not actively developed:
https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-=
wchar-c/

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222309-13>