CVS commit: pkgsrc/graphics/GraphicsMagick

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Mar  2 09:57:03 UTC 2015

Modified Files:
        pkgsrc/graphics/GraphicsMagick: Makefile.common PLIST distinfo

Log Message:
Changes 1.3.21:

Security Fixes:
---------------
Annotate: Some requestable text-subsitution attributes caused a crash.
All formats: Image dimensions are checked to assure that they are within limits before proceeding to read the image.
BMP: Fix hang (endless loop) for certain files.
DCM: Fix crash as well as small heap over-write.
DPX: Fix crash due to DPX file reporting more elements than it has.
MNG: Validate MHDR chunk length to avoid huge memory allocation and DOS.
PCX: Fix for CVE-2014-8355. Validate file header in order to avoid buffer overun later.
PDB: Detect arithmetic overflows when calculating buffer sizes. Fix crash in writer when image width is not even multiple of 16. Fix buffer overrun with 2 and 4-bit PDB image files.
PNM: Validate PGM, PPM, and PAM header MaxValue parameter to avoid crash on poorly-formed input.
PNG: Impose a 10-million limit on dimensions when reading a PNG file to avoid denial of service.
PSD: Avoid problems caused by huge PSD colormap size.
PSD: Fix small stack over-write if more than 99 layers are written to PSD format.
PSD: Returns immediately if pixel limit was exceeded.
RLE: URT RLE reader is now more robust with errant files.
SUN: Header validation is now made fully robust, and arithmetic overflows in buffer-size calculations are detected to avoid heap overwrite.
TIFF: Fix crashes for photometrics which may delivery one or three samples per pixel (was assuming always three).
VIFF: Fixes to prevent buffer overflow. Validate colormap indexes.
Windows delegates: Fix unexpected argument splitting when invoking an external delegate program via delegates.mgk.
WPG: Fix use of NULL pointers. Fix buffer overflows.
XPM: Detect truncated row and quit with error rather than over-running a buffer.
XWD: Improve header validation. Added to UnstableCoderClass since the reader for this format should not be entrusted with untrustworthy input.

Bug fixes:
----------
CIN: Fix problem with text attribute values which are not NULL terminated. Validate sizes claimed by Cineon header.
Coverity: Fixes for many issues detected by Coverity scan (see ChangeLog).
DPX: Fix problem with text attribute values which are not NULL terminated.
DPX: Fix severe corruption of little-endian 32-bit packed output. Corruption was severe enough that it would have been noticed immediately.
Delegates: Fix possible memory leaks when invoking external application.
FITS: Properly validate values provided by file header.
GIF: Fix use of uninitialized data.
JBIG: Fix memory leaks.
JNG: Fix double-free error in error path.
JPEG: Verify the number of output components before attempting to decode the image.
Magick++: Image resolutionUnits() was not always returning correct value.
Magick++: Locking has not been working properly since the code was written in 1998. Apparently the issue has not been significant enough to cause run-time issues.
ICO: Windows icon reader is now much more robust.
MIFF: Reader now quits with an error if zip or bzip2 stream is corrupted.
MAT: Fix memory leaks.
PALM: Reader now reads various input formats (up to version 2) correctly whereas it was crashing or otherwise malfunctioning before. More work remains, particularly in the writer.
PCX: Eliminate memory leaks in error paths.
PDB: In PDB writer, void possible under-allocation due to arthimetic overflow when allocating packets.
PICT: Fix PICT reader crash with corrupted file.
PNG: Fix double-free error in error path.
PNG: Fixed handling of transparency when writing indexed PNG.
PNG: Avoid reading beyond the end of a tEXt keyword.
PSD: Fix error when reading PSDs files which have no layers.
RLA: Fix possible crash due to file header.
Signal Handling: Signal handling is now more robust and handles SIGSEGV and other critical signals. The sole purpose of the default signal handling is to remove any temporary files and quit. An 
informative message is printed for signals other than SIGINT.
SUN: Sun raster reader was not completely robust. Now it is.
SWF: Fix pixel cache access errors in 'ping' mode.
Text annotation: An empty text string is no longer treated as an error.
Text annotation: Fix regression added in 1.3.19 which caused spurious drawing errors to be produced while rendering with text when all of the text is off the left-hand side of the image.
TIFF: Fix unreliable reading JBIG compressed files by forcing use of strip reader rather than sometimes using scanline reader (which libtiff's JBIG codec does not support).
TIFF: Fix reading or writing planar min-is-white or min-is-black images with an associated alpha channel.
WebP: WebP writer now writes truely lossless output when requested.
identify / GetImageStatistics(): Failed to compute statistics for the Black channel of CMYK image files.
VICAR: Fix problem with continuing to "read" data when there is no more data left to read.
WMF: Fix memory leaks.
WPG: Fix potential DOS due to long reads during an error condition.
XPM: Avoid strncpy() of overlapping memory. Fixed memory leaks in error paths. Fixed bad memory access caused by empty file.

New Features:
-------------
compose: Supports composite operator names similar to the major *Magick brand, without losing any any compatibility with previous naming.
ICO: Windows ICO reader now supports reading PNG-encoded files.
Magick++ Geometry: New methods limitPixels() and fillArea() to support '@' and '^' geometry qualifiers. This enancement breaks the ABI due to previous use of inline methods and no place to put the 
new flags.
Magick++ Image::extent(): New method to place image on sized canvas of constant color using gravity.
Magick++ Image::formatExpression(): New method format a string based on a format similar to command-line -format.
Magick++ Image::resize(): New method to resize image specifying geometry, filter, and blur.
Magick++ STL extentImage: New New function object to invoke image extent method.
Magick++ Image::quiet(). New method which blocks (ignores) warning exceptions when passed a 'true' argument.
Resource limits: Added support for image Width and Height limits. Default image Width and Height limits are based on the range of a 32-bit signed integer, even for 64-bit builds which may have 
sufficient numeric range to image an entire galaxy. Limits may be increased as desired.
TIFF: Use define tiff:ignore-tags to ignore tags in 'corrupted' files with unknown and invalid tags. Use to read TIFF files which otherwise can not be read due to errors.
TIFF: Use '-define tiff:report-warnings=true' to enable that warnings reported by libtiff are thrown as warning exceptions so that they may be caught or will be reported at the gm command-line.
Windows Exceptions: A handler is registered (due to calling InitializeMagick()) to capture Windows Exceptions in a similar manner to the existing POSIX signal handler. If an application is using the 
library and wants to provide it own Windows exception handling, then it should make any changes after invoking InitializeMagick().

Windows Delegate Updates/Additions:
-----------------------------------
PNG: Update bundled libpng to 1.6.16. Resolves known security issues.
FreeType: Update bundled Freetype to 2.5.4. Resolves known security issues.
WebP: Update bundled WebP to 0.4.2 release.
WebP is auto-linked in Visual Studio.
Build Changes:

WebP is not included in the build when building with Visual Studio 6 (1998 vintage compiler!) since it requires more modern C.

Behavior Changes:
-----------------
AVI: Support for this format is removed since the implementation was worthless.
TIFF: Now uses YCbCr encoding when JPEG compression is requested for an RGB image.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/graphics/GraphicsMagick/Makefile.common
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/GraphicsMagick/PLIST
cvs rdiff -u -r1.36 -r1.37 pkgsrc/graphics/GraphicsMagick/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.