CVS commit: pkgsrc/graphics/GraphicsMagick

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/GraphicsMagick
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Wed, 7 Sep 2016 06:29:31 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Wed Sep  7 06:29:31 UTC 2016

Modified Files:
        pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common PLIST distinfo

Log Message:
Updated GraphicsMagick to 1.3.25.

1.3.25 (September 5, 2016)
==========================

Special Issues:

* None

Security Fixes:

* EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
  overflow in EscapeParenthesis() used in the text annotation code.
  While not being able to reproduce the issue, the implementation of
  this function is completely redone.

* Utah RLE: Reject truncated/absurd files which caused huge memory
  allocations and/or consumed huge CPU.  Problem was reported by
  Agostino Sarubbo based on testing with AFL.

* SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
  the MVG rendering code (also impacts SVG).

* TIFF: Fix heap buffer read overflow while copying sized TIFF
  attributes.  Problem was reported by Agostino Sarubbo based on
  testing with AFL.

Bug fixes:

* GetToken(): Fix obscure bug (read beyond end of string buffer)
  noticed while parsing a MVG file.  This problem was reported by
  Gustavo Grieco.

* MVG rendering: Fix undesired hard errors when some objects were
  drawn outside of the image bounds.  Requests to draw objects
  entirely outside of the image should be silently ignored.

* MVG/SVG rendering: Fix gradient size sanity checks which were
  causing gradient requests to fail.  Due to a design weakness in that
  gradient images allocate resources rather than being computations at
  point of use, the maximum gradient image size is now hard-limited to
  5000x5000 pixels until the design problem is fixed.  Some SVG icons
  (as small as 8x8 pixels) authored using Inkscape request absurdly
  huge gradients.  Gradient sizes as large as 20,000x20,000 have been
  observed in SVG icon files delivered by packages on an Ubuntu Linux
  system.

* SVG: Fix some memory leaks which occur on parsing error.

New Features:

* None

Feature improvements:

* ElapsedTime(): Use clock_gettime() (when available with default
  linkage) to obtain elapsed time.

* DescribeImage(): Provide 6 digits of seconds precision in in elapsed
  time output.  Previously the resolution was rounded up to a full
  second.

Windows Delegate Updates/Additions:

* webp: Updated bundled libwebp to release 0.5.1.

* libxml: Updated bundled libxml2 to release 2.9.4.

* lcms: Updated bundled lcms2 to release 2.8.

* png: Update bundled libpng to release 1.6.24.

Build Changes:

* OpenMP is properly configured for clang 3.8 using its own '-lomp'
  rather than '-lgomp'.

Behavior Changes:

* SVG: Some SVG files may be rejected due to absurdly large gradient
  requests.

* The 'identify' and 'info' functionality only shows the pixel read
  rate if image was not read in 'ping' mode. Provide 6 digits of
  seconds precision in in elapsed time output.


To generate a diff of this commit:
cvs rdiff -u -r1.77 -r1.78 pkgsrc/graphics/GraphicsMagick/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/graphics/GraphicsMagick/Makefile.common
cvs rdiff -u -r1.23 -r1.24 pkgsrc/graphics/GraphicsMagick/PLIST
cvs rdiff -u -r1.41 -r1.42 pkgsrc/graphics/GraphicsMagick/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/GraphicsMagick/Makefile
diff -u pkgsrc/graphics/GraphicsMagick/Makefile:1.77 pkgsrc/graphics/GraphicsMagick/Makefile:1.78
--- pkgsrc/graphics/GraphicsMagick/Makefile:1.77        Sat Jul  9 06:38:19 2016
+++ pkgsrc/graphics/GraphicsMagick/Makefile     Wed Sep  7 06:29:31 2016
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.77 2016/07/09 06:38:19 wiz Exp $
+# $NetBSD: Makefile,v 1.78 2016/09/07 06:29:31 wiz Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost

Index: pkgsrc/graphics/GraphicsMagick/Makefile.common
diff -u pkgsrc/graphics/GraphicsMagick/Makefile.common:1.14 pkgsrc/graphics/GraphicsMagick/Makefile.common:1.15
--- pkgsrc/graphics/GraphicsMagick/Makefile.common:1.14 Mon Jun  6 11:46:04 2016
+++ pkgsrc/graphics/GraphicsMagick/Makefile.common      Wed Sep  7 06:29:31 2016
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.14 2016/06/06 11:46:04 wiz Exp $
+# $NetBSD: Makefile.common,v 1.15 2016/09/07 06:29:31 wiz Exp $
 # used by graphics/GraphicsMagick/Makefile
 # used by graphics/p5-GraphicsMagick/Makefile
 
 GM_MAJOR_VER=  1.3
-GM_MINOR_VER=  24
+GM_MINOR_VER=  25
 DISTVERSION=   ${GM_MAJOR_VER}.${GM_MINOR_VER}
 DISTNAME=      GraphicsMagick-${DISTVERSION}
 CATEGORIES=    graphics

Index: pkgsrc/graphics/GraphicsMagick/PLIST
diff -u pkgsrc/graphics/GraphicsMagick/PLIST:1.23 pkgsrc/graphics/GraphicsMagick/PLIST:1.24
--- pkgsrc/graphics/GraphicsMagick/PLIST:1.23   Mon Jun  6 11:46:04 2016
+++ pkgsrc/graphics/GraphicsMagick/PLIST        Wed Sep  7 06:29:31 2016
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.23 2016/06/06 11:46:04 wiz Exp $
+@comment $NetBSD: PLIST,v 1.24 2016/09/07 06:29:31 wiz Exp $
 bin/GraphicsMagick++-config
 bin/GraphicsMagick-config
 bin/GraphicsMagickWand-config
@@ -367,6 +367,7 @@ share/doc/GraphicsMagick/www/programming
 share/doc/GraphicsMagick/www/project.html
 share/doc/GraphicsMagick/www/quantize.html
 share/doc/GraphicsMagick/www/reference.html
+share/doc/GraphicsMagick/www/security.html
 share/doc/GraphicsMagick/www/smile.c
 share/doc/GraphicsMagick/www/time.html
 share/doc/GraphicsMagick/www/tools.html

Index: pkgsrc/graphics/GraphicsMagick/distinfo
diff -u pkgsrc/graphics/GraphicsMagick/distinfo:1.41 pkgsrc/graphics/GraphicsMagick/distinfo:1.42
--- pkgsrc/graphics/GraphicsMagick/distinfo:1.41        Mon Jun  6 11:46:04 2016
+++ pkgsrc/graphics/GraphicsMagick/distinfo     Wed Sep  7 06:29:31 2016
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.41 2016/06/06 11:46:04 wiz Exp $
+$NetBSD: distinfo,v 1.42 2016/09/07 06:29:31 wiz Exp $
 
-SHA1 (GraphicsMagick-1.3.24.tar.xz) = 4f208b7bda9f139ca22d9921758452bb9915334e
-RMD160 (GraphicsMagick-1.3.24.tar.xz) = 1670b2d5712cdff2010d2936ad427977195bfaa2
-SHA512 (GraphicsMagick-1.3.24.tar.xz) = d55f8b7d96bc746e2b501ec6315f174f2ab5f6b31a1d138196bf17b506e6d0c2b91ee19f5dd0a2877cd47910aebdcf11158303e90b1b267c6082d462f8548684
-Size (GraphicsMagick-1.3.24.tar.xz) = 5372048 bytes
+SHA1 (GraphicsMagick-1.3.25.tar.xz) = 0dcf4c1f6f3ead29147ea0392a148ce50cd64bb4
+RMD160 (GraphicsMagick-1.3.25.tar.xz) = 6a4e8c415c3d268a46f1327c819d7ec2afd9bc60
+SHA512 (GraphicsMagick-1.3.25.tar.xz) = d62d6aee96d7b8444f1aa206b0c5cbbed9511612cb71d667af072ea52b68dcd11088699debc58faacbb014ad83fb8c2b3e474220f506069f7b5d22f0340f8ef8
+Size (GraphicsMagick-1.3.25.tar.xz) = 5387880 bytes
 SHA1 (patch-config_delegates.mgk.in) = c7a38daeeccd12e19480d1222e400899da1d4153

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index