pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2019Q4]: pkgsrc/graphics Pullup ticket #6112 - requested by nia



details:   https://anonhg.NetBSD.org/pkgsrc/rev/309b3d792f5d
branches:  pkgsrc-2019Q4
changeset: 406587:309b3d792f5d
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Jan 09 14:58:32 2020 +0000

description:
Pullup ticket #6112 - requested by nia
graphics/GraphicsMagick: security fix

Revisions pulled up:
- graphics/GraphicsMagick/Makefile                              1.103
- graphics/GraphicsMagick/Makefile.common                       1.25
- graphics/GraphicsMagick/distinfo                              1.51
- graphics/p5-GraphicsMagick/Makefile                           1.49

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Wed Jan  8 12:11:36 UTC 2020

   Modified Files:
        pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common distinfo
        pkgsrc/graphics/p5-GraphicsMagick: Makefile

   Log Message:
   GraphicsMagick: Update to 1.3.34

   1.3.34 (December 24, 2019)
   ==========================

   Special Issues:

   * It has been discovered that the 'ICU' library (a perhaps 30MB C++
     library) which is now often a libxml2 dependendency causes huge
     process initialization overhead.  This is noticed as unexpected
     slowness when GraphicsMagick utilities are used to process small to
     medium sized files.  The time to initialize the 'ICU' library is
     often longer than the time that GraphicsMagick would otherwise
     require to read the input file, process the image, and write the
     output file.  If the 'ICU' dependency can not be avoided, then make
     sure to use the modules build so there is only impact for file
     formats which require libxml2.  Please lobby the 'ICU' library
     developers to change their implementation to avoid long start-up
     times due to merely linking with the library.

   Security Fixes:

   * GraphicsMagick is now participating in Google's oss-fuzz project due
     to the contributions and assistance of Alex Gaynor. Since February 4
     2018, 386 issues have been opened by oss-fuzz (some of which were
     benign build issues) and 376 of those issues have been resolved.
     The issues list is available at
     https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
     "graphicsmagick".  Issues are available for anyone to view and
     duplicate if they have been in "Verified" status for 30 days, or if
     they have been in "New" status for 90 days.  There are too many
     fixes to list here.  Please consult the GraphicsMagick ChangeLog
     file, Mercurial repository commit log, and the oss-fuzz issues list
     for details.

   Bug fixes:

   * DPS: Eliminate a memory leak.

   * Debug Trace: Only output text to terminate an XML format log file if
     XML format is active.

   * EXIF Parser: Detect non-terminal parsing and report an error.

   * EXIF Parser: Eliminate heap buffer overflows.

   * HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.

   * MAT: Implement subimage/subrange support.

   * MVG: Address non-terminal loops, excessive run-time, thrown
     assertions, divide-by-zero, heap overflow, and memory leaks.

   * OpenModule(): Now properly case-insensitive, as it used to be.

   * PCX: Verify that pixel region is not negative. Assure that opacity
     channel is initialized to opaqueOpacity.  Update DirectClass
     representation while PseudoClass representation is updated.  Improve
     read performance with uncompressed PCX.

   * PICT: Fix heap overflow in PICT writer.

   * PNG: Fix validation of raw profile length.

   * PNG: Skip coalescing layers if there is only one layer.

   * PNM: Fix denial of service opportunity by limiting the length of PNM
     comment text.

   * WPG: Avoid Avoid dereferencing a null pointer.

   * WPG: Implement subimage/subrange support.

   * WPG: Improve performance when reading an embedded image.

   * Wand library: In MagickClearException(), destroy any existing
     exception info before re-initializing the exception info or else
     there will be a memory leak.

   * XPM: Rquire that image properties appear in the first 512 bytes of
     the XPM file header.

   New Features:

   * Visual Studio build supports JBIG and WebP compression in TIFF format.

   API Updates:

   * None

   Feature improvements:

   * Compliles clean using GCC 9.

   Windows Delegate Updates/Additions:

   * bzlib: bzip is updated to 1.0.8 release.

   * jbig: jbigkit is updated to 2.1 release.

   * lcms: lcms2 is updated to 2.9 release.

   * libxml: libxml2 is updated to 2.9.10 release.

   * png: libpng is updated to 1.6.37 release.

   * tiff: libtiff is updated to 4.1.0 release.

   * webp: libwebp is updated to the 1.0.3 release.

   * zlib: zlib is updated to 1.2.11 release.

   * TIFF: Now also supports reading JBIG-compressed TIFF, and
     reading/writing WebP-compressed TIFF.  A number of libtiff feature
     options which are now commonly enabled were disabled and are now
     enabled by default.

   Build Changes:

   * MinGW: Static and shared library builds were not working.  Only the
     modules build was actually working!

   * Python scripts related to the build (enabled by
     --enable-maintainer-mode) are now compatible with Python 3.

   * Now supports using Google gperftools tcmalloc library for the memory
     allocator.  This improves performance for certain repetitive
     work-loads and heavily-threaded algorithms.

   * Configure now reports the status of zstd (FaceBook Zstandard)
     compression in its configuration summary.

   * TclMagick: Address many issues mentioned by SourceForge issue #420
     "TclMagick issues and patch".

   Behavior Changes:

   * PNG: Post-processing to convert the image type in the PNG reader
     based on a specified magick prefix string is now disabled.  This can
     (and should) be done after the image has been returned.

   * Trace Logging: The compiled-in logging default is always to stderr,
     which may be over-ridden using log.mgk as soon as it is loaded.

   * Windows Build: Search registry key HKEY_CURRENT_USER as well as
     HKEY_LOCAL_MACHINE when searching for Ghostscript.  By following the
     procedure documented in SourceForge bug 615 "GhostScript
     installation check", this allows for local user installations
     without "administrator" privileges.

diffstat:

 graphics/GraphicsMagick/Makefile        |   3 +--
 graphics/GraphicsMagick/Makefile.common |   4 ++--
 graphics/GraphicsMagick/distinfo        |  10 +++++-----
 graphics/p5-GraphicsMagick/Makefile     |   3 +--
 4 files changed, 9 insertions(+), 11 deletions(-)

diffs (55 lines):

diff -r 4c83a323883c -r 309b3d792f5d graphics/GraphicsMagick/Makefile
--- a/graphics/GraphicsMagick/Makefile  Tue Jan 07 21:29:33 2020 +0000
+++ b/graphics/GraphicsMagick/Makefile  Thu Jan 09 14:58:32 2020 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.102 2019/08/11 13:21:06 wiz Exp $
+# $NetBSD: Makefile,v 1.102.6.1 2020/01/09 14:58:32 bsiegert Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 4c83a323883c -r 309b3d792f5d graphics/GraphicsMagick/Makefile.common
--- a/graphics/GraphicsMagick/Makefile.common   Tue Jan 07 21:29:33 2020 +0000
+++ b/graphics/GraphicsMagick/Makefile.common   Thu Jan 09 14:58:32 2020 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.24 2019/08/08 20:56:40 nia Exp $
+# $NetBSD: Makefile.common,v 1.24.6.1 2020/01/09 14:58:32 bsiegert Exp $
 #
 # used by graphics/GraphicsMagick/Makefile
 # used by graphics/p5-GraphicsMagick/Makefile
 
 GM_MAJOR_VER=  1.3
-GM_MINOR_VER=  33
+GM_MINOR_VER=  34
 DISTVERSION=   ${GM_MAJOR_VER}.${GM_MINOR_VER}
 DISTNAME=      GraphicsMagick-${DISTVERSION}
 CATEGORIES=    graphics
diff -r 4c83a323883c -r 309b3d792f5d graphics/GraphicsMagick/distinfo
--- a/graphics/GraphicsMagick/distinfo  Tue Jan 07 21:29:33 2020 +0000
+++ b/graphics/GraphicsMagick/distinfo  Thu Jan 09 14:58:32 2020 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.50 2019/08/08 20:56:40 nia Exp $
+$NetBSD: distinfo,v 1.50.6.1 2020/01/09 14:58:32 bsiegert Exp $
 
-SHA1 (GraphicsMagick-1.3.33.tar.xz) = 8336d6b2fb76fbfaf6df025ac99dc689cf5631e4
-RMD160 (GraphicsMagick-1.3.33.tar.xz) = 12ebd0a7c278d321ad6d28b4bbe3f6a2c6d41077
-SHA512 (GraphicsMagick-1.3.33.tar.xz) = 8afeb461d1a9dab9b88b9bc7c2d50b5c409463b369e6b0ba7ee39b0ece32da9393d7a5a4d18faf8f72a529346a3477bae61b802bac2af81aeae79d95c9d6cd13
-Size (GraphicsMagick-1.3.33.tar.xz) = 5558348 bytes
+SHA1 (GraphicsMagick-1.3.34.tar.xz) = cc1b77b7f2e4b0b345f97f7963704dbb4d0d3e3b
+RMD160 (GraphicsMagick-1.3.34.tar.xz) = 62ae36203e0b456da54e5c261513f14b020b6182
+SHA512 (GraphicsMagick-1.3.34.tar.xz) = 50bfd016badd6a1a336ba8b10fdfdde2d760d6c098d44c80ff95e4df9a811957127ee24d241df6a1f6daff34b8a6b0c0d892f1050c003d651a1bbbecbf28ced8
+Size (GraphicsMagick-1.3.34.tar.xz) = 5518784 bytes
 SHA1 (patch-config_delegates.mgk.in) = c52192a35bede530d310688a576ef2181a9f073c
 SHA1 (patch-configure) = bdb76557cd8a5c116b6c84dc63f4e35ddde39c87
diff -r 4c83a323883c -r 309b3d792f5d graphics/p5-GraphicsMagick/Makefile
--- a/graphics/p5-GraphicsMagick/Makefile       Tue Jan 07 21:29:33 2020 +0000
+++ b/graphics/p5-GraphicsMagick/Makefile       Thu Jan 09 14:58:32 2020 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.48 2019/08/11 13:21:14 wiz Exp $
+# $NetBSD: Makefile,v 1.48.6.1 2020/01/09 14:58:32 bsiegert Exp $
 
-PKGREVISION= 1
 .include "../../graphics/GraphicsMagick/Makefile.common"
 
 PKGNAME=       p5-GraphicsMagick-${DISTVERSION}



Home | Main Index | Thread Index | Old Index