pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/GraphicsMagick Updated GraphicsMagick to 1.3.25.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/5cdf1a6a096a
branches:  trunk
changeset: 352113:5cdf1a6a096a
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Wed Sep 07 06:29:31 2016 +0000

description:
Updated GraphicsMagick to 1.3.25.

1.3.25 (September 5, 2016)
==========================

Special Issues:

* None

Security Fixes:

* EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
  overflow in EscapeParenthesis() used in the text annotation code.
  While not being able to reproduce the issue, the implementation of
  this function is completely redone.

* Utah RLE: Reject truncated/absurd files which caused huge memory
  allocations and/or consumed huge CPU.  Problem was reported by
  Agostino Sarubbo based on testing with AFL.

* SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
  the MVG rendering code (also impacts SVG).

* TIFF: Fix heap buffer read overflow while copying sized TIFF
  attributes.  Problem was reported by Agostino Sarubbo based on
  testing with AFL.

Bug fixes:

* GetToken(): Fix obscure bug (read beyond end of string buffer)
  noticed while parsing a MVG file.  This problem was reported by
  Gustavo Grieco.

* MVG rendering: Fix undesired hard errors when some objects were
  drawn outside of the image bounds.  Requests to draw objects
  entirely outside of the image should be silently ignored.

* MVG/SVG rendering: Fix gradient size sanity checks which were
  causing gradient requests to fail.  Due to a design weakness in that
  gradient images allocate resources rather than being computations at
  point of use, the maximum gradient image size is now hard-limited to
  5000x5000 pixels until the design problem is fixed.  Some SVG icons
  (as small as 8x8 pixels) authored using Inkscape request absurdly
  huge gradients.  Gradient sizes as large as 20,000x20,000 have been
  observed in SVG icon files delivered by packages on an Ubuntu Linux
  system.

* SVG: Fix some memory leaks which occur on parsing error.

New Features:

* None

Feature improvements:

* ElapsedTime(): Use clock_gettime() (when available with default
  linkage) to obtain elapsed time.

* DescribeImage(): Provide 6 digits of seconds precision in in elapsed
  time output.  Previously the resolution was rounded up to a full
  second.

Windows Delegate Updates/Additions:

* webp: Updated bundled libwebp to release 0.5.1.

* libxml: Updated bundled libxml2 to release 2.9.4.

* lcms: Updated bundled lcms2 to release 2.8.

* png: Update bundled libpng to release 1.6.24.

Build Changes:

* OpenMP is properly configured for clang 3.8 using its own '-lomp'
  rather than '-lgomp'.

Behavior Changes:

* SVG: Some SVG files may be rejected due to absurdly large gradient
  requests.

* The 'identify' and 'info' functionality only shows the pixel read
  rate if image was not read in 'ping' mode. Provide 6 digits of
  seconds precision in in elapsed time output.

diffstat:

 graphics/GraphicsMagick/Makefile        |   3 +--
 graphics/GraphicsMagick/Makefile.common |   4 ++--
 graphics/GraphicsMagick/PLIST           |   3 ++-
 graphics/GraphicsMagick/distinfo        |  10 +++++-----
 4 files changed, 10 insertions(+), 10 deletions(-)

diffs (59 lines):

diff -r 3c6f1fe18aca -r 5cdf1a6a096a graphics/GraphicsMagick/Makefile
--- a/graphics/GraphicsMagick/Makefile  Wed Sep 07 06:21:56 2016 +0000
+++ b/graphics/GraphicsMagick/Makefile  Wed Sep 07 06:29:31 2016 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.77 2016/07/09 06:38:19 wiz Exp $
+# $NetBSD: Makefile,v 1.78 2016/09/07 06:29:31 wiz Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 3c6f1fe18aca -r 5cdf1a6a096a graphics/GraphicsMagick/Makefile.common
--- a/graphics/GraphicsMagick/Makefile.common   Wed Sep 07 06:21:56 2016 +0000
+++ b/graphics/GraphicsMagick/Makefile.common   Wed Sep 07 06:29:31 2016 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.14 2016/06/06 11:46:04 wiz Exp $
+# $NetBSD: Makefile.common,v 1.15 2016/09/07 06:29:31 wiz Exp $
 # used by graphics/GraphicsMagick/Makefile
 # used by graphics/p5-GraphicsMagick/Makefile
 
 GM_MAJOR_VER=  1.3
-GM_MINOR_VER=  24
+GM_MINOR_VER=  25
 DISTVERSION=   ${GM_MAJOR_VER}.${GM_MINOR_VER}
 DISTNAME=      GraphicsMagick-${DISTVERSION}
 CATEGORIES=    graphics
diff -r 3c6f1fe18aca -r 5cdf1a6a096a graphics/GraphicsMagick/PLIST
--- a/graphics/GraphicsMagick/PLIST     Wed Sep 07 06:21:56 2016 +0000
+++ b/graphics/GraphicsMagick/PLIST     Wed Sep 07 06:29:31 2016 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.23 2016/06/06 11:46:04 wiz Exp $
+@comment $NetBSD: PLIST,v 1.24 2016/09/07 06:29:31 wiz Exp $
 bin/GraphicsMagick++-config
 bin/GraphicsMagick-config
 bin/GraphicsMagickWand-config
@@ -367,6 +367,7 @@
 share/doc/GraphicsMagick/www/project.html
 share/doc/GraphicsMagick/www/quantize.html
 share/doc/GraphicsMagick/www/reference.html
+share/doc/GraphicsMagick/www/security.html
 share/doc/GraphicsMagick/www/smile.c
 share/doc/GraphicsMagick/www/time.html
 share/doc/GraphicsMagick/www/tools.html
diff -r 3c6f1fe18aca -r 5cdf1a6a096a graphics/GraphicsMagick/distinfo
--- a/graphics/GraphicsMagick/distinfo  Wed Sep 07 06:21:56 2016 +0000
+++ b/graphics/GraphicsMagick/distinfo  Wed Sep 07 06:29:31 2016 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.41 2016/06/06 11:46:04 wiz Exp $
+$NetBSD: distinfo,v 1.42 2016/09/07 06:29:31 wiz Exp $
 
-SHA1 (GraphicsMagick-1.3.24.tar.xz) = 4f208b7bda9f139ca22d9921758452bb9915334e
-RMD160 (GraphicsMagick-1.3.24.tar.xz) = 1670b2d5712cdff2010d2936ad427977195bfaa2
-SHA512 (GraphicsMagick-1.3.24.tar.xz) = d55f8b7d96bc746e2b501ec6315f174f2ab5f6b31a1d138196bf17b506e6d0c2b91ee19f5dd0a2877cd47910aebdcf11158303e90b1b267c6082d462f8548684
-Size (GraphicsMagick-1.3.24.tar.xz) = 5372048 bytes
+SHA1 (GraphicsMagick-1.3.25.tar.xz) = 0dcf4c1f6f3ead29147ea0392a148ce50cd64bb4
+RMD160 (GraphicsMagick-1.3.25.tar.xz) = 6a4e8c415c3d268a46f1327c819d7ec2afd9bc60
+SHA512 (GraphicsMagick-1.3.25.tar.xz) = d62d6aee96d7b8444f1aa206b0c5cbbed9511612cb71d667af072ea52b68dcd11088699debc58faacbb014ad83fb8c2b3e474220f506069f7b5d22f0340f8ef8
+Size (GraphicsMagick-1.3.25.tar.xz) = 5387880 bytes
 SHA1 (patch-config_delegates.mgk.in) = c7a38daeeccd12e19480d1222e400899da1d4153



Home | Main Index | Thread Index | Old Index