CVS commit: pkgsrc/graphics/GraphicsMagick

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/GraphicsMagick
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Sun, 24 Jun 2018 10:16:49 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Jun 24 10:16:49 UTC 2018

Modified Files:
        pkgsrc/graphics/GraphicsMagick: Makefile.common distinfo

Log Message:
GraphicsMagick: update to 1.3.30.

1.3.30 (June 23, 2018)
=========================

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 238 issues have been opened by oss-fuzz and 230 of those
  issues have been resolved.  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

* SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
  PointInfo arrays.  This is another manefestation of CVE-2016-2317,
  which should finally be fixed correctly due to active
  detection/correction of pending overflow rather than using
  estimation.

Bug fixes:

* Many oss-fuzz fixes are bug fixes.

* Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).

* MIFF: Detect end of file while reading image directory.

* SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).

* The AlphaCompositePixel macro was producing wrong results when the
  output alpha value was not 100% opaque. This is a regression
  introduced in 1.3.29.

* TILE: Fix problem with tiling JPEG images because the size request
  used by the TILE algorithm was also causing re-scaling in the JPEG
  reader.  The problem is solved by stripping the size request before
  reading the image.

API Updates:

* The size of PrimitiveInfo (believed to be an internal/private
  structure but in a header which is installed, has been increased to
  store a 'flags' argument. This is intended to be an internal
  interface but but may be detected as an ABI change.

Build Changes:

* The oss-fuzz build script (fuzzing/oss-fuzz-build.sh) now includes
  many delegate libraries such as zlib, libpng, libtiff, libjpeg, and
  freetype, resulting in more comprehensive testing.  The Q16 build is
  now being tested rather than the 'configure' default of Q8.

Behavior Changes:

* JPEG: The JPEG reader now allows 3 warnings of any particular type
  before giving up on reading and throwing an exception.  This choice
  was made after observing files which produce hundreds of warnings
  and consume massive amounts of memory before reading the image data
  has even started.  It is currently unknown how many files which were
  previously accepted will be rejected by default.  The number of
  allowed warnings may be adjusted using '-define
  jpeg:max-warnings=<value>'.  The default limit will be adjusted
  based on reported user experiences and may be adjusted prior to
  compilation via the MaxWarningCount definition in coders/jpeg.c.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/GraphicsMagick/Makefile.common
cvs rdiff -u -r1.46 -r1.47 pkgsrc/graphics/GraphicsMagick/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/GraphicsMagick/Makefile.common
diff -u pkgsrc/graphics/GraphicsMagick/Makefile.common:1.20 pkgsrc/graphics/GraphicsMagick/Makefile.common:1.21
--- pkgsrc/graphics/GraphicsMagick/Makefile.common:1.20 Sun May  6 10:03:33 2018
+++ pkgsrc/graphics/GraphicsMagick/Makefile.common      Sun Jun 24 10:16:49 2018
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.20 2018/05/06 10:03:33 adam Exp $
+# $NetBSD: Makefile.common,v 1.21 2018/06/24 10:16:49 wiz Exp $
 #
 # used by graphics/GraphicsMagick/Makefile
 # used by graphics/p5-GraphicsMagick/Makefile
 
 GM_MAJOR_VER=  1.3
-GM_MINOR_VER=  29
+GM_MINOR_VER=  30
 DISTVERSION=   ${GM_MAJOR_VER}.${GM_MINOR_VER}
 DISTNAME=      GraphicsMagick-${DISTVERSION}
 CATEGORIES=    graphics

Index: pkgsrc/graphics/GraphicsMagick/distinfo
diff -u pkgsrc/graphics/GraphicsMagick/distinfo:1.46 pkgsrc/graphics/GraphicsMagick/distinfo:1.47
--- pkgsrc/graphics/GraphicsMagick/distinfo:1.46        Sun May  6 10:03:33 2018
+++ pkgsrc/graphics/GraphicsMagick/distinfo     Sun Jun 24 10:16:49 2018
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.46 2018/05/06 10:03:33 adam Exp $
+$NetBSD: distinfo,v 1.47 2018/06/24 10:16:49 wiz Exp $
 
-SHA1 (GraphicsMagick-1.3.29.tar.xz) = d6963fafaa0e0b5c3d9b112f176f9c8913edb8dd
-RMD160 (GraphicsMagick-1.3.29.tar.xz) = 59ecf7531ddb04e833923c0373ceb932b6b5900f
-SHA512 (GraphicsMagick-1.3.29.tar.xz) = c4765dfe8d971715b74a5c885c6e6e22d9330e2a0d6398a39a89a2a374d256424818b819f7f2a604f3fd9ccc46b788ac3679803aa900ef905ce1cdbebea13252
-Size (GraphicsMagick-1.3.29.tar.xz) = 5462424 bytes
+SHA1 (GraphicsMagick-1.3.30.tar.xz) = e9b1f6b84739eef3e112d4905e3d72b1e6983abd
+RMD160 (GraphicsMagick-1.3.30.tar.xz) = 5048f04e926ae2a4d2141ed1b8605a511e077fbc
+SHA512 (GraphicsMagick-1.3.30.tar.xz) = 4f04245b8abef85de96a1527ad4adc1fadea144a1917db3ea21632a9fe732bdaa7021ffdbbeb7c2ead814ca7b6a14e81bb68a962bbfb64fa6809a235f1b0be5c
+Size (GraphicsMagick-1.3.30.tar.xz) = 5496116 bytes
 SHA1 (patch-config_delegates.mgk.in) = c7a38daeeccd12e19480d1222e400899da1d4153

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index