Репозитории ALT
Последнее обновление в Сб, 06 июня 2020, 00:49:50 +0000 | Пакетов: 15384
en ru
Исходные пакеты в ветвях
свернуть окно
Группа :: Графика
Исходный пакет: ImageMagick
Текущая версия:
Собрано: почти 5 лет назад
Размер архива: 8,0 МБ
Отчёт repocop: skip
Gear:   http://git.altlinux.org/gears/I/ImageMagick.git
Архив:   http://ftp.altlinux.org/pub/distributions/archive/p7/index/src/I/ImageMagick
Домашняя страница:   http://www.imagemagick.org/

Лицензия: OpenSource
О пакете: An X application for displaying and manipulating images

ImageMagick is a powerful image display, conversion and manipulation tool.
It runs in an X session. With this tool, you can view, edit and display
a variety of image formats.

This package installs the necessary files to run ImageMagick.

Текущий сопровождающий: Антон Фарыгин

Список участников
(данной и/или предыдущих сборок пакета):
Права: Список rpm-пакетов, предоставляемых данным srpm-пакетом:
  • ImageMagick
  • ImageMagick-doc
  • ImageMagick-tools
  • ImageMagick-tools-debuginfo
  • libImageMagick
  • libImageMagick-debuginfo
  • libImageMagick-devel
  • perl-Magick
  • perl-Magick-debuginfo
Последние изменения (три последних записи журнала изменений):

2016-06-06 Андрей Черепанов

    - Apply security patch from Debian:
      Disable support for reading input from a shell command, or writing
      output to a shell command. This was done by the pipe (|) prefix. It
      was possible to perform a command injection as discrived by
      CVE-2016-5118 since it use popen.

2016-05-18 Андрей Черепанов

    - Apply security patches from Debian:
      ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT,
      SHOW, WIN, and PLT are disabled via policy.xml file, since they are
      vulnerable to code injection. This mitigates CVE-2016-3714,
      CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718.
      Since ImageMagick reverts to its internal SVG renderer (which uses
      MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg
      is included. Closes: 823542. In addition, some other actions were
      taken with respect to these vulnerabilities:
      - Drop the PLT/Gnuplot decoder, which was vulnerable to command
      - Some sanitization for input filenames in http/https delegates is
      - Indirect filename are now authorized by policy.
      - Indirect reads with label:@ are prevented.
      - Less secure coders (such as MVG, TEXT, and MSL) require explicit
        reference in the filename (e.g. mvg:my-graph.mvg).

2013-04-25 Георгий Курячий

    - Avoid ImageMagick pipe i/o bug
Проект Geyser основан на коде из проекта Prometheus 2.0, который был доступен по лицензии MIT