Commit graph

66 commits

Author SHA1 Message Date
adam
b8410cfcaf revbump after textproc/icu update 2023-04-19 08:08:03 +00:00
ryoon
cdab5aeed7 *: Recursive revbup from graphics/freetype2 2023-01-29 21:14:22 +00:00
adam
1e7d0b40a5 GraphicsMagick p5-GraphicsMagick: updated to 1.3.40
1.3.40 (January 14, 2023)

Special Issues:

GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work.

Security Fixes:

GraphicsMagick is participating in Google's oss-fuzz project since February 4 2018 due to the contributions and assistance of Alex Gaynor and Paul Kehrer. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.

Security Fixes:

DCX: Fixed heap overflow when writing more than 1023 scenes, and also eliminated use of uninitialized memory.

Bug fixes:

GetMagickGeometry(): Fix a scaling issue where dimensions could be scaled down to zero.
PCD: Handle writing image with a dimension of 1.
PNG: When writing, use lower-case raw profile identifiers (e.g. 'Raw profile type xmp') because exiftool expects that.
SUN: The sense of monochrome images was inverted. Fix scanline size calculation.
WPG: Fix 20-year old bug in WPG header reading.

New Features:

JXL: Decode and log extra channel information. This information is not yet used.
PCX and DCX: Support writing uncompressed format (use -compress none for no compression).
Added IM1, IM8, and IM24 magick aliases for the Sun Raster format since those are the historically correct extensions.

API Updates:

AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed.

Windows Delegate Updates/Additions:

Jasper is updated to release 2.0.33.

Build Changes:

Visual Studio build possible with Visual Studio 2008 - 2022.
Windows Inno Setup installer now installs Microsoft redistributables rather than using a side-by-side DLL configuration.

Behavior Changes:

AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed.
2023-01-25 06:40:45 +00:00
wiz
92a8e1ad3c *: recursive bump for tiff shlib major bump 2023-01-03 17:36:14 +00:00
wiz
530502eac9 *: bump PKGREVISION for libunistring shlib major bump 2022-10-26 10:31:00 +00:00
wiz
8292204475 *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
adam
f084485a47 GraphicsMagick: updated to 1.3.37
1.3.37 (December ?, 2021)
==========================

Special Issues:

* The FTP site ftp.graphicsmagick.org is now shut down due to a lack
  of bandwith, extremely abusive users (including from Google and
  customers of Amazon Web Services), and a lack of support from the
  user community.  Another factor is that FTP support has been removed
  from popular web browsers.  This is very unfortunate since the site
  served multiple usages, including providing a lot of historical data
  (e.g. related to PNG) which may not be available elsewhere.

* The Microsoft Visual Studio build has not been updated for this
  release (although it does compile and the results do work fine) and
  I will not be providing any Windows installation packages
  corresponding to this release.  The problem is that the third-party
  'delegate' libraries are out of date and they need to be updated
  since some of them are known to contain severe security
  vulnerabilities.  Several third-party 'delegate' libraries now
  require real C'99 support, which means that Visual Studio 2015 or
  later would be required to build them.  The 'configure' program used
  to build the Visual Studio project files needs to be updated since
  otherwise a 20 minute project upgrade cycle is needed when using
  Visual Studio 2019, and to make minor path changes to avoid a
  multitude of project-file warnings while building.  The installation
  requirements for Visual Studio 2015 or later are different (related
  to run-time "redistributables", which are now very onerous) and so
  the Inno Setup installer needs some minor (or major) changes.  Many
  pleas for assistance have been made (e.g. even to help with testing
  to see if the software executes at all) but thus far the Microsoft
  Windows user community has not been helpful with regards to the
  Microsoft Visual Studio build.

* GraphicsMagick really does need some additional productive
  volunteers.  For several years now, the burden has entirely been on
  me.  I have been sheparding the project for 19 years already (and
  contributed to ImageMagick and GraphicsMagick combined for 25 years
  already).  It is not reasonable to expect someone with a full time
  job (and expecting to retire in a couple of years) to do all of the
  work.

Security Fixes:

* GraphicsMagick is participating in Google's oss-fuzz project due to
  the contributions and assistance of Alex Gaynor. Since February 4
  2018, 590 issues have been opened by oss-fuzz and 23 issues remain
  open (most of which are in third-party software such as development
  JasPer).  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  Please consult the
  GraphicsMagick ChangeLog file, Mercurial repository commit log, and
  the oss-fuzz issues list for details.


Bug fixes:

* CAPTION: Eliminate an assertion upon deallocation.

* CMYK: Fix broken reading of planar CMYK files (a regression since 1.3.27).

* ExecuteModuleProcess(): Add missing error reporting related to
  the -module command option.

* GIF: Handle GIF files where the 'opaque' index matches the number of
  colors by producing an extra colormap entry of transparent
  black.

* JP2: Adaptations to compile cleanly with JasPer 2.0.20.

* META: Fix types used to prefer unsigned types where possible and to
  use 'size_t' rather than 'int' for size values.

* MSL: A great many MSL parser fixes.

* Microsoft Windows: Detect and use Ghostscript point versions added
  after 9.52, after which the version number format was changed.

* PCX: Fix problem that 16-colors are used rather than 256-colors

* PDF: Fix MediaBox dimensions ("Incorrect MediaBox in PDF export").

* PDF: Use appropriate memory deallocator for memory returned by
  StringToList().

* RGB: Fix broken reading of planar RGB files (a regression since
  1.3.27).

* TIFF: Fix double-charging for memory allocations (a regression since
  1.3.36).

* TIFF: Make sure that loops using TIFFReadScanline(), etc, do quit
  upon first reported error.

* WEBP: Enforce that embedded profiles provided by libWebP are not
  zero-sized.

* WEBP: Use SetImagePixelsEx() rather than GetImagePixelsEx() in
  reader.

* WriteBlob(): Use appropriate handle for bzip2.

New Features:

* None

API Updates:

* DisposeTypeToString(): New utility function to convert a DisposeType
  to a string.

* StringToDisposeType(): New utility function to convert a string to a
  DisposeType.

Feature improvements:

* JP2: Support building using development JasPer 3.0.0 and request
  that it use our managed-memory allocators for resource control.

* Pixel Cache: Memory cache implementation of pixel cache now uses
  resource limited memory allocator.

* Analyze filter module: Add OpenMP speed-ups.

* IsImagesEqual(): Allow comparing images when the 'matte' channel
  flag differs.

Windows Delegate Updates/Additions:

* Remove bundled hp2xx.exe, mpeg2dec.exe, and mpeg2enc.exe.

Build Changes:

* Microsoft Windows: configure.ac fixes for gdi32 to depend on user32
  as well.

* Microsoft Windows: VisualMagick/All/All.vcproj.in updated to fix
  problem with not being able to load the 'All' project if the project
  supports the x64 target.

* Autotools build, many more TAP tests have been added, including to
  exercise all of the 'convert' commands.

* TIFF: Adaptations to compile cleanly for libtiff versions
  beyond 20201219.

* Magick++: Support compiling with C++'98 through C++'17.

* Autotools build, Add support for using an external
  'graphicsmagick_snapshot_copy' script to copy files for the
  'snapshot' target. This provides local control over how files are
  copied and where they are copied to.

Behavior Changes:

* TranslateTextEx(): If image resolution is impossibly small, then
  report the default resolution of 72 DPI, or the equivalent in
  centimeters if units is in pixels-per-centimeter.
2021-12-14 19:56:24 +00:00
adam
b6d9bd86bc revbump for icu and libffi 2021-12-08 16:01:42 +00:00
adam
5e7c36d9d2 revbump for boost-libs 2021-09-29 19:00:02 +00:00
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
adam
da0a125726 revbump for boost-libs 2021-04-21 13:24:06 +00:00
riastradh
77697b790a Revbump for openpam cppflags change months ago, belatedly. 2020-12-04 04:55:41 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
leot
953ab724e1 *: revbump after fontconfig bl3 changes (libuuid removal) 2020-08-17 20:19:01 +00:00
adam
d62c903eea revbump after updating security/nettle 2020-05-22 10:55:42 +00:00
wiz
4e3b1b97c2 librsvg: update bl3.mk to remove libcroco in rust case
recursive bump for the dependency change
2020-03-10 22:08:37 +00:00
wiz
f669fda471 *: recursive bump for libffi 2020-03-08 16:47:24 +00:00
nia
9c9ed88be7 GraphicsMagick: Update to 1.3.34
1.3.34 (December 24, 2019)
==========================

Special Issues:

* It has been discovered that the 'ICU' library (a perhaps 30MB C++
  library) which is now often a libxml2 dependendency causes huge
  process initialization overhead.  This is noticed as unexpected
  slowness when GraphicsMagick utilities are used to process small to
  medium sized files.  The time to initialize the 'ICU' library is
  often longer than the time that GraphicsMagick would otherwise
  require to read the input file, process the image, and write the
  output file.  If the 'ICU' dependency can not be avoided, then make
  sure to use the modules build so there is only impact for file
  formats which require libxml2.  Please lobby the 'ICU' library
  developers to change their implementation to avoid long start-up
  times due to merely linking with the library.

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 386 issues have been opened by oss-fuzz (some of which were
  benign build issues) and 376 of those issues have been resolved.
  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

Bug fixes:

* DPS: Eliminate a memory leak.

* Debug Trace: Only output text to terminate an XML format log file if
  XML format is active.

* EXIF Parser: Detect non-terminal parsing and report an error.

* EXIF Parser: Eliminate heap buffer overflows.

* HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.

* MAT: Implement subimage/subrange support.

* MVG: Address non-terminal loops, excessive run-time, thrown
  assertions, divide-by-zero, heap overflow, and memory leaks.

* OpenModule(): Now properly case-insensitive, as it used to be.

* PCX: Verify that pixel region is not negative. Assure that opacity
  channel is initialized to opaqueOpacity.  Update DirectClass
  representation while PseudoClass representation is updated.  Improve
  read performance with uncompressed PCX.

* PICT: Fix heap overflow in PICT writer.

* PNG: Fix validation of raw profile length.

* PNG: Skip coalescing layers if there is only one layer.

* PNM: Fix denial of service opportunity by limiting the length of PNM
  comment text.

* WPG: Avoid Avoid dereferencing a null pointer.

* WPG: Implement subimage/subrange support.

* WPG: Improve performance when reading an embedded image.

* Wand library: In MagickClearException(), destroy any existing
  exception info before re-initializing the exception info or else
  there will be a memory leak.

* XPM: Rquire that image properties appear in the first 512 bytes of
  the XPM file header.

New Features:

* Visual Studio build supports JBIG and WebP compression in TIFF format.

API Updates:

* None

Feature improvements:

* Compliles clean using GCC 9.

Windows Delegate Updates/Additions:

* bzlib: bzip is updated to 1.0.8 release.

* jbig: jbigkit is updated to 2.1 release.

* lcms: lcms2 is updated to 2.9 release.

* libxml: libxml2 is updated to 2.9.10 release.

* png: libpng is updated to 1.6.37 release.

* tiff: libtiff is updated to 4.1.0 release.

* webp: libwebp is updated to the 1.0.3 release.

* zlib: zlib is updated to 1.2.11 release.

* TIFF: Now also supports reading JBIG-compressed TIFF, and
  reading/writing WebP-compressed TIFF.  A number of libtiff feature
  options which are now commonly enabled were disabled and are now
  enabled by default.

Build Changes:

* MinGW: Static and shared library builds were not working.  Only the
  modules build was actually working!

* Python scripts related to the build (enabled by
  --enable-maintainer-mode) are now compatible with Python 3.

* Now supports using Google gperftools tcmalloc library for the memory
  allocator.  This improves performance for certain repetitive
  work-loads and heavily-threaded algorithms.

* Configure now reports the status of zstd (FaceBook Zstandard)
  compression in its configuration summary.

* TclMagick: Address many issues mentioned by SourceForge issue #420
  "TclMagick issues and patch".

Behavior Changes:

* PNG: Post-processing to convert the image type in the PNG reader
  based on a specified magick prefix string is now disabled.  This can
  (and should) be done after the image has been returned.

* Trace Logging: The compiled-in logging default is always to stderr,
  which may be over-ridden using log.mgk as soon as it is loaded.

* Windows Build: Search registry key HKEY_CURRENT_USER as well as
  HKEY_LOCAL_MACHINE when searching for Ghostscript.  By following the
  procedure documented in SourceForge bug 615 "GhostScript
  installation check", this allows for local user installations
  without "administrator" privileges.
2020-01-08 12:11:36 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
nia
3d144393c3 {p5-}GraphicsMagick: Update to 1.3.33
1.3.33 (July 20, 2019)
==========================

Special Issues:

* It has been discovered that the 'ICU' library (a perhaps 30MB C++
  library) which is now often a libxml2 dependendency causes huge
  process initialization overhead.  This is noticed as unexpected
  slowness when GraphicsMagick utilities are used to process small to
  medium sized files.  The time to initialize is often longer than the
  time to read the input file, process the image, and write the output
  file.  If the 'ICU' dependency can not be avoided, then make sure to
  use the modules build.  Please lobby the 'ICU' library developers to
  change their implementation to avoid long start-up times due to
  merely linking with the library.

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 353 issues have been opened by oss-fuzz and 338 of those
  issues have been resolved.  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

* Documentation has been added regarding security hazards due to
  commands which support a '@filename' syntax.

* MontageImages(): Fix wrong length argument to strlcat() when
  building montage directory, which could allow heap overwrite.

Bug fixes:

* PNG: Pass correct size value to strlcat() in module registration
  code.  This bug is noticed to cause problems for Apple's OS X and
  Linux Alpine with musl libc.  This fixes a regression introduced by
  the 1.3.32 release.

* Re-implement command-line utility `'@'` file inclusion support for
  `-comment`, `-draw`, `-format`, and `-label` which was removed for
  the 1.3.32 release.  The new implementation is isolated to
  command-line utility implementation code rather than being deeply
  embedded in the library and exposed in other usage contexts.  This
  fixes a regression introduced by the 1.3.32 release.

* CAPTION: The The CAPTION reader did not appear to work at all any
  more.  Now it works again, but still not very well.

* MagickXDisplayImage(): Fix heap overwrite of windows->image.name and
  windows->image.icon_name buffers.  This bug has surely existed since
  early GraphicsMagick releases.

* MagickXAnimateImages(): Fix memory leak of scene_info.pixels.

* AcquireTemporaryFileDescriptor(): Fix compilation under Cygwin. This
  fixes a regression introduced by the 1.3.32 release.

* PNG: Fix saving to palette when mage has an alpha channel but no
  color is marked as transparent.

* Compilation warnings in the Visual Studio WIN64 build due to the
  'long' type being only 32-bits have been addressed.

New Features:

* None

API Updates:

* None

Feature improvements:

* None

Windows Delegate Updates/Additions:

* None

Build Changes:

* None

Behavior Changes:

* Support for `'@'` file inclusion support for `-comment`, `-draw`,
  `-format`, and `-label` has been restored.
2019-08-08 20:56:40 +00:00
wiz
1ac2210b6f *: recursive bump for gdk-pixbuf2-2.38.1 2019-07-21 22:23:57 +00:00
wiz
c30c5fbc0b *: recursive bump for nettle 3.5.1 2019-07-20 22:45:58 +00:00
adam
fb54def692 {p5-}GraphicsMagick: updated to 1.3.32
1.3.32:

Special Issues:

It has been discovered that the 'ICU' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize is often longer than the time to read the input file, process the image, and write the output file. If the 'ICU' dependency can not be avoided, then make sure to use the modules build. Please lobby the 'ICU' library developers to change their implementation to avoid long start-up times due to merely linking with the library.
Security Fixes:

GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 343 issues have been opened by oss-fuzz and 331 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.
BMP reader: Fix heap overflow in 32-bit build due to arithmetic overflow. Only happens if limits are changed from defaults.
BMP reader/writer: Improve buffer-size calculations to guard against buffer overflows.
DIB reader: Reject files which claim more than 8-bits per pixel but also claim to be colormapped.
DIB reader/writer: Improve buffer-size calculations to guard against buffer overflows.
MIFF reader: Detect end of file while reading RLE packets.
MIFF reader: Fix heap overflow (for some files using RLE compression) caused by a typo in the code.
MAT writer: Added missing error handling to avoid heap overflow.
MNG reader: Fixed a small heap buffer overflow.
SVG reader: Fixed a stack buffer overflow.
TGA writer: Fix heap overflow when image rows/columns are larger than 65535.
TIFF reader: Rationalize tile width/height to reject large tile sizes which are much larger than the image dimensions.
TIFF reader: Apply memory resource limits to strip and tile allocations.
WMF reader: Fixed a division by zero problem.
XWD reader: Many heap buffer overflows and uses of uninitialized data were fixed.
Pixel cache: Now apply resource limits to pixel nexus allocations using the same limits (total pixels, width, height, memory) as applied to the whole image since some requests are directly influenced by the input file. More tests are added for arithmetic overflow. Care was taken to minimize performance impact due to the many extra checks.

Bug fixes:

See above note about oss-fuzz fixes.
Fixed include order of magick/api.h vs wand/wand_symbols.h.
WriteImage(): Eliminate use of just-freed memory in clone_info->magick when throwing exception due to no support for format.
Magick++/lib/Magick++/Drawable.h: Fix use of clang diagnostic syntax.
DIB: Preserve PseudoClass opaque representation if ICO mask is opaque.
JPEG reader: Restore ability to access detailed image properties while in 'ping' mode.
JPEG reader: Base test for "Unreasonable dimensions" on original JPEG dimensions and not the scaled dimensions.
JPEG reader: Allow input files to have a compression ratio as high as 2500. Extremely compressed files were being rejected.
FreeType renderer: Fixed a memory leak.
PDF writer: Fixed a memory leak.
PDF writer: Fixed a thread safety problem.
PICT reader: Fix a thread safety problem.
Exception reporting: Throwing an exception was not thread safe. Now it is.
Exception reporting: Handle the case where some passed character strings refer to existing exception character strings.
Command-line parser now does not attempt to read a list of filenames from a file in '@name' syntax if the path '@name' exists. Previously it would attempt to read a list of file names from 'name' even if '@name' did exist.
Rendering: Short-circuit path parsing and return and error immediately if an error occurs.

New Features:

Added support for writing the Braille image format (by Samuel Thibault).
WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use sharp (and slow) RGB->YUV conversion") via -define webp:use-sharp-yuv=true.
The version command output now reports the OpenMP specification number rather than just the integer version identifier.

API Updates:

ReallocateImageColormap() added to re-allocate an existing colormap.
Some improperly-exposed globals are now static as they should have been.
2019-06-18 13:30:52 +00:00
gdt
75fb5e1b59 Recursive bump for ghostscript default change 2019-03-18 16:17:46 +00:00
adam
0dae54bcae GraphicsMagick: updated to 1.3.31
1.3.31:

Special Issues:
Firmware and operating system updates to address the Spectre vulnerability (and possibly to some extent the Meltdown vulnerability) have substantially penalized GraphicsMagick's OpenMP performance. Performance is reduced even with GCC 7 and 8's improved optimizers. There does not appear to be anything we can do about this.
Security Fixes:

GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 292 issues have been opened by oss-fuzz and 279 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.

Bug fixes:
See above note about oss-fuzz fixes.
CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge issue 571.
Drawing recursion is limited to 100 and may be tuned via the MAX_DRAWIMAGE_RECURSION pre-processor definition.
Fix reading MIFF files using legacy keyword 'color-profile' for ICC color profile as was used by ImageMagick 4.2.9.
Fix reading/writing files when 'magick' is specified in lower case. This bug was a regression in 1.3.30.

New Features:
TIFF: Support Zstd compression in TIFF. This requires libtiff 4.0.10 or later.
TIFF: Support WebP compression in TIFF. This requires libtiff 4.0.10 or later.

API Updates:
MagickMonitor() is marked as deprecated. Code should not be using this function any more.

Feature improvements:
The progress monitor callbacks (registered using MagickMonitor() or MagickMonitorFormatted()) are serialized via a common semaphore rather than via critical sections in OpenMP loops. OpenMP loops are updated to use OpenMP 'atomic' and 'flush' to update shared loop variables rather than using a OpenMP 'critical' construct, reducing contention. Performance on some targets is observed to have been improved by this change.

Build Changes:
There was already a 'compare' command installed with the '--enable-magick-compat' configure option was used but it did not function. Now it functions. There was no compare command in ImageMagick 5.5.2 and this compare command is only roughly similar to a compare command in some subsequent ImageMagick release.
Removed Remove Ghostscript library support (--with-gslib) from configure script. The 'HasGS' pre-processor defines which were enabled by this remain in the source code so it is still possible to use this library if absolutely necessary (e.g. CPPFLAGS=-DHasGS LIBS=-lgs).
No longer explicitly link with the OpenMP library when it will be supplied already due to CFLAGS.

Behavior Changes:
JPEG: Libjpeg-turbo is allowed 1/5th the memory resource limit provided for Graphicsmagick via the cinfo->mem->max_memory_to_use option, which is part of the IJG JPEG API/ABI, but usually not supported there. This feature works for libjpeg-turbo 1.5.2 and later. Limiting the memory usage is useful since libjpeg-turbo may otherwise consume arbitrary amounts of memory even before Graphicsmagick is informed of the image dimensions.
JPEG: The maximum number of JPEG progressive scans is limited to 50. Otherwise some technically valid files could be read for almost forever.
2018-11-20 10:19:29 +00:00
kleink
f1a683c990 Revbump after cairo 1.16.0 update. 2018-11-14 22:20:58 +00:00
ryoon
b86dfe6873 Recursive revbump from hardbuzz-2.1.1 2018-11-12 03:51:07 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00
adam
dde44b0bb9 p5-GraphicsMagick: updated to 1.3.29 2018-05-06 10:05:39 +00:00
wiz
e5209a786e Add p11-kit to gnutls/bl3.mk and bump dependencies. 2018-04-17 22:29:31 +00:00
wiz
8ee21bdcf0 Recursive bump for new fribidi dependency in pango. 2018-04-16 14:33:44 +00:00
wiz
c57215a7b2 Recursive bumps for fontconfig and libzip dependency changes. 2018-03-12 11:15:24 +00:00
wiz
bff4597ffc Bump PKGREVISION for gdbm shlib major bump 2018-01-28 20:10:34 +00:00
adam
34a8c10d51 GraphicsMagick: updated to 1.3.27a
1.3.27:
Security Fixes:
* CMYK: Fix heap overwrites in raw CMYK writer.  Fix heap overwrites
  in raw CMYK reader (noticed when doing montage).
* GIF: Assure that global colormap is initialized.
* DescribeImage(): Fix possible heap write overflow when describing
  visual image directory. Fix possible heap read overflow while
  accessing heap data, and possible information disclosure while
  describing the IPTC profile.
* DICOM: Fix huge memory allocation based on bogus length value (DOS
  opportunity).
* DrawDashPolygon(): Fix heap out of bounds read in render code.
* GRAY: Fix heap overwrites in raw GRAY reader (noticed when doing
  montage).
* JNG: Fix heap overruns.  Fix assertions.
* JNG: Prevent a crash due to zero-length color_image while reading a
  JNG image. (CVE-2017-11102).  Reject JNG files with unreasonable
  dimensions given the file size (avoid DOS).
* JNX: Fix DOS due to excessive memory allocations with corrupt file.
* JPEG: Do not allocate backing image pixels until a scanline has been
  successfully read.  Avoids DOS opportunity with suitably
  manufactured file.
* MAP: Fix null pointer dereference or segmentation violation.
* MAT: Fix heap write overflow.
* MNG: Reject over-large (65k by 65k) image.  Fix heap overwrites.
* PAM: Fix heap buffer overflow in PAM writer for 1 bit/sample + alpha.
* PICT: Fix excessive memory allocation due to malformed image file.
* PNG: Fix heap buffer overflow in PNG writer when promoting from
  indexed PNG to RGBA.
* PNM: Fix DOS due to excessive memory allocations with corrupt file.
* RGB: Fix heap overwrite in raw RGB writer. Fix heap overwrites in
  raw RGB reader (noticed when doing montage).
* RLE: Fix DOS opportunities due to false claims in image header.  Fix
  heap out of bounds read.
* SFW: Avoid possible heap write overflow.
* SUN: Fix heap read overflow.  Fix DOS due to excessive memory
  allocations with corrupt file.
* SVG: Fix heap write overflow.
* TIFF: Use heuristics to avoid DOS (excessive memory use) due to
  false claims by input file.  It is possible that this may reject
  some valid files.  Fix possible small heap overwrite beyond the
  allocated scanline buffer due to the NumberOfObjectsInArray() macro
  rounding up rather than down.
* UIL: Fix heap overwrite in writer.
* WPG: Fix DOS issues (memory, disk space, CPU time) due to
  insufficient validations.  Fix heap overwrites.
* XBM: Fix DOS issue where code remains stuck in loop and does not
  return.
* XV 332 (PNM): Fix null pointer dereference due to malformed file.
* TracePSClippingPath()/TraceSVGClippingPath(): Fix heap out of bounds
  read.
* Validate path entries in the MAGICK_CODER_MODULE_PATH and
  MAGICK_FILTER_MODULE_PATH environment variables and convert all
  paths to real paths if possible. This avoids possible use of
  relative paths to load modules (a possible security issue), or the
  possibility of adding a directory which was in the path, but
  missing, and may improve efficiency by removing non-existent paths.

Bug fixes:
* AVS: Memory leaks eliminated.
* CINEON: Fix possible use of NULL pointer.
* CMYK: Memory leaks eliminated.
* CUT: Memory leaks eliminated.  Fix possible use of NULL pointer.
* DCM: Fix possible use of NULL pointer.
* DrawImage(): Avoid "negative" strncpy().  This seems to be benign
  with glibc but perhaps not with other implementations.
* DPX: Memory leaks eliminated.
* EMF: Fix possible use of NULL pointer.
* FindMagickModule(): Fix possible use of NULL pointer.
* FITS: Fix memory leak.
* GIF: Fix memory leak.
* HDF: Memory leaks eliminated.
* HISTOGRAM: Fix memory leak.
* JNG: Memory leaks eliminated. Memory use after free and double-free
  issues eliminated.  Error reporting fixes.
* Magick::Options::strokeDashArray(): Fix possible use of NULL pointer.
* MagickXFileBrowserWidget(): Fix possible use of NULL pointer.
* MAT: Memory leaks eliminated.
* MagickMapCloneMap(): Fix possible assertion failure.
* MNG: Memory use after free issues eliminated.  Fix possible use of
  NULL pointer.  Fix memory leaks.
* MontageImageCommand(): Fix memory leaks.
* MPC: Fix memory leak in writer.
* MPEG: Fix memory leaks in writer.
* MTV: Memory leaks eliminated.
* NTRegistryKeyLookup(): Fix possible use of NULL pointer.
* NTGetTypeList(): Fix possible use of NULL pointer.
* PCD: Memory leaks eliminated.
* PCL: Fix null pointer dereference in PCL writer.
* PCX: Memory leaks eliminated.
* PALM: Fix possible use of NULL pointer. Fix memory leak.
* PICT: Memory leaks eliminated.
* PNG: Fix small (one-off) heap read overflow.
* PNM: Fix memory leaks.
* PS: Fix use of null pointer in error path.
* PWP: Fix possible use of null pointer.
* ReplaceImageColormap(): Throw an exception rather than assertion if
  the input image is not colormapped.
* RGB: Fix memory leak.
* SegmentImage(): Fix possible use of NULL pointer.
* SetImageProfile(): Fix possible assertion failure.
* SGI: Check for EOF while reading SGI file header.
* SUN: Fix memory leak.
* TIFF: Fix possible use of NULL pointer.  Fix memory leaks in writer.
* TIM: Fix memory leak.
* TOPOL: Fix possible use of NULL pointer.  Fix memory leaks.
* VIFF: Fix memory leak.
* WEBP: Detect partial write to output file.
* WPG: Fix possible use of null pointer. Fix excessive use of disk
  resources due to insufficient validations.
* WriteImage(): Restore use of GetBlobStatus() to test if an I/O error
  was encountered while writing output file. This assures that I/O
  failure in writers which do not themselves verify writes is assured
  to be reported.
* WMF: Memory use after free issues eliminated.
* YUV: Fix memory leaks.

New Features:
* PNG: Implemented eXIf chunk support.
* WEBP: Add support for EXIF and ICC metadata provided that at least
  libwebp 0.5.0 is used.
* Magick++ Image autoOrient(): New Image method to auto-orient an
  image so it looks right-side up by default.

Windows Delegate Updates/Additions:
* Libtiff is updated to libtiff 4.0.9.

Build Changes:
* JPEG/PNG: The SETJMP_IS_THREAD_SAFE definition is used to determine
  if setjmp/longjmp are thread safe.  If these interfaces are thread
  safe, then concurrent reads/writes are possible.  This definition is
  false for Solaris but true for Linux.  JPEG and PNG will be fully
  concurrent if this definition is enabled.

Behavior Changes:
* PALM: PALM writer is disabled.
* ThrowLoggedException(): Capture the first exception at
  ErrorException level or greater, or only capture exception if it is
  more severe than an already reported exception.
* DestroyJNG(): This internal function is now declared static and is
  removed from shared library or DLL namespace.
2017-12-19 08:09:29 +00:00
wiz
20f7c989fe recursive bump for libxkbcommon removal from at-spi2-core 2017-11-23 17:19:40 +00:00
adam
bed293428c 1.3.26:
Security Fixes:
---------------
DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799).
JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800).
META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
PCX: Fix denial of service issue.
RLE: Fix abnomally slow operation (denial of service issue) with intentionally corrupt colormapped file.
PICT: Fix possible buffer overflow vulnerability given suitably truncated input file.
PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
PNG: Avoid NULL dereference when MAGN chunk processing fails.
SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
SGI: Fix denial of service issues. Delay large memory allocations until file header has fully passed sanity checks.
TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335).
TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794).
WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).

Bug fixes:
----------
DifferenceImage(): Fix Fix all-black difference image if an input file is colormapped.
EXIF orientation was not being properly detected for some files.
-frame: The import command -frame handling was improperly implemented and was using already freed data.
GIF: Fixes for "Excessive LZW string data" problem.
Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and PathSmoothCurvetoRel::operator().
PAM: Support writing GRAYSCALE PAM format.
PNG: Fix memory leaks.
SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
TclMagick: Problem that TkMagick could not resolve functions from TclMagick under Linux is fixed.
TclMagick: Fix parser validatation in magickCmd() to avoid crash given a syntax error.
TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG library in state 0. (LibJpeg).").
TXT: Fixed memory leak.
XCF: Error checking is improved.

New Features:
-------------
EXIF rotation: Support is added such that the EXIF orientation tag is updated when the image is rotated.
MAT: Now support reading multiple images from Matlab V4 format.
Magick++: Orientation method now updates orientation in EXIF profile, if it exists.
Magick++: Added Image attribute method which accepts a 'char *' argument, and will remove the attribute if the value argument is NULL.
-orient: The -orient command line option now also updates the orientation in the EXIF profile, if it exists.
PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds of what JasPer supports).
Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), MagickSetImageOrientation(), MagickRemoveImageOption(), and MagickClearException().
2017-07-09 20:02:28 +00:00
ryoon
17cfb59fe1 Recursive revbump from lang/perl5 5.26.0 2017-06-05 14:23:47 +00:00
wiz
6fdd27c3de Updated p5-GraphicsMagick to 1.3.25.
To match GraphicsMagick.
2016-09-07 06:30:01 +00:00
wiz
86a78fce2e Bump PKGREVISION for perl-5.24. 2016-06-08 19:22:13 +00:00
wiz
67ebd75b20 Reset PKGREVISION for GraphicsMagick update to 1.3.24. 2016-06-06 11:47:19 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
adam
cc0f3d6029 Changes 1.3.22:
Special Issues:
* Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.
* Magick++: Any libraries or applications using Magick++ should be rebuilt in order to use this new release. Libraries and applications will be able to continue to use prior versions of Magick++ without being re-built, while benefiting from updated C libraries, provided that the system supports library versioning.

Security Fixes:
* General Coverity fixes. Some might have security consequences.
* Ghostscript options concatenation is more secure against buffer overflow.
* Windows: Built-in random number generator is now salted using CryptGenRandom(). This improves the robustness of the temporary file allocator.

Bug fixes:
* ...
2015-10-06 16:50:31 +00:00
wiz
0982effce2 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:48:20 +00:00
wiz
cda18437be Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
adam
4afd964150 Changes 1.3.20:
Special Issues:

Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.

Bug fixes:

Compilation: No longer undefine __attribute__ since this may be used by system or compiler headers and cause problems.
BMP: Alpha channel from BMP3 format was inverted.
PNG: Fix round-trip repeatability issue (due to rounding algorithm) with modern versions of libpng. Prefer the less accurate method which does not alter the image.
PNG: Fix some memory leaks in error-handling paths.
PNM: Scaling of alpha in sub-ranged pixels is fixed.
Wand API: Removed development debug fprintf which causes each drawing primitive to be printed to stderr.
PS, PS2, PS3, PDF: Only use resolution from image or -density if units was properly specified. Without units, resolution is worthless.
PS, PS2, PS3, PDF: Use resolution from image if it appears to be valid.
WebP: Fix inverted return status which caused failure to be reported instead of success.
Rotation clipping/shearing errors for short wide images at some angles is fixed.
-geometry: Deal with resize geometry missing width or height (e.g. '640x' or 'x480') by substituting the missing value with one which preserves the image aspect ratio. This has been documented to be supported since almost the dawn of GraphicsMagick but was not actually supported until now.
-geometry: Support '>' and '<' qualifiers with '@' qualifier to specify if image should be resized if larger or lesser than given area specification.

New Features:

Wand API: MagickSetImageGravity() - New function to set image gravity.
Wand API: MagickGetImageGravity() - New function to get image gravity.
Wand API: MagickSetImageMatte() - New function to set the image matte channel enable flag.
Wand API: MagickGetImageMatte() - New function to read the image matte channel enable flag.
Wand API: MagickSetImageGeometry() - New function to set the image geometry string.
Wand API: MagickGetImageGeometry() - New function to get the image geometry string.
Wand API: MagickOperatorImageChannel() - New function to apply an operator to an image channel.
Magick++ API: New Image::thumbnail() method for fast image resizing, particularly to make thumbnails.
Core C API: Added SetLogMethod() to allow an application/library to specify a function to be called for logging.
Clang/LLVM: Provide support for clang/llvm attribute and builtin specifiers similar to that provided for GCC.
OpenMP: OpenMP native locking and thread specific data is supported via a configuration option (is not the default). This offers a "pure" OpenMP compilation mode. No real value for this compilation mode has been observed yet but it seems worthy to support.
Coders: Added BrokenCoderClass to mark coders which often malfunction or are not very useful in their current condition.
Composition: Added HardLight composition operator, which is now used by PSD and XCF formats, and available via command line, Magick++ API, PerlMagick API, and Wand API.
Composition: Added ScreenCompositePixels composition operator.
Composition: Added missing Photoshop separable compositing operations, Overlay, Exclusion, ColorBurn, ColorDodge, SoftLight, LinearBurn, LinearDodge, LinearLight, VividLight, PinLight, HardMix.
+set: Command line utilities now support +set to remove an existing image attribute.
-format: Support additional format specifiers 'g', 'A', 'C', 'D', 'G', 'H', 'M', 'O', 'P', 'Q', 'T', 'U', 'W', 'X', and '@', similar to the major brand.
-operator: New quantum operators ThresholdBlackNegateQuantumOp and ThresholdWhiteNegateQuantumOp These correspond to -operator "Threshold-Black-Negate" and "Threshold-White-Negate".
TIFF: Now support setting the TIFF "Software" tag for users who do not want to admit to using GraphicsMagick.
WebP: All of the WebP encoder encoder options are now supported by -define arguments.

Feature improvements:

Pixel interpolation quality is greatly improved, with minimal impact on performance. Pixel interpolation now also works well given an alpha channel.
WebP: WebP support is now prepared to compile with most WebP library versions and supports all features except for those pertaining to "RIFF" container support.
Performance Improvements:

Non-integral image rotation performance has been improved by about 40%, with lower memory usage as well.
GradientImage: Update image is_grayscale and is_monochrome flags based on gradient color properties.
Windows Delegate Updates/Additions:

PNG: Libpng 1.6.12 - June 12, 2014.
JPEG: libjpeg 9a of January 19, 2014.
FreeType: FreeType 2.5.3 of March 6, 2014.
WebP: webp 0.4.0 of January 20, 2013.
zlib: zlib 1.2.8 of April 28, 2013.
Build Changes:

--without-threads no longer disables use of OpenMP. Use the already existing option --disable-openmp to disable OpenMP.
Makefiles: Include paths are now exceedingly pedantic to make sure that only the required directories are included.
VisualMagick configure: Improve configure program so that it is possible to select QuantumDepth, OpenMP, and 64-bit build via configure dialog boxes as well as options on the command line. Also automatically detects and deals with similarly named files in subdirectories so that WebP support can now build successfully.
Behavior Changes:

MultiplyCompositePixels: Multiply composition now uses SVG interpretation of how alpha should be handled. No longer does a simple multiply of alpha channel.
Composition: The Difference, Darken, Lighten, and HardLight composition operators were modified to support alpha in their computations.
PNG: Using -optimize no longer triggers palette and depth optimizations since their implementations have been problematic.
2014-08-18 11:13:45 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
tron
73d05e2276 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:17:32 +00:00
adam
496a42bd39 Changes 1.3.19:
Security Fixes:
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed. This crash could be used to cause denial of service.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile". This crash could be used to cause denial of service.

Bug fixes:
Build: Fix cross-compilation for MinGW64 on Linux build machine.
Build: configure FreeType test no longer insists that <freetype/freetype.h> can be included.
CMS profile: Only delete the CMS transform if it is non-null. Fixes assersion observed when lcms returned a null profile and GraphicsMagick attempted to deallocate it.
Drawing: Improve error handling logic so that drawing returns quickly on pixel access errors rather than plowing on ahead. This avoids problems with SVGs which take seemingly forever to render.
Drawing via C/C++ APIs: BevelJoin no longer causes a MVG parsing error.
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed.
OpenMP: Revert use of omp_set_dynamic() since it caused performance issues when using GCC's GOMP implementation and the number of threads to use is specified.
EXIF profile: Support the SubjectArea EXIF tag.
MIFF writer: PseudoClass format was written incorrectly for depth greater than 8.
MIFF writer: RLE compressed format used inverted alpha from the other subformats and contrary to the MIFF specification.
MIFF reader: Fixes Fixes to be able to read MIFF written by ImageMagick 6.X, including DirectClass grayscale images (except for RLE compressed).
Mosaic: Fixed unsigned underflow problem with -mosaic when page offset is negative and exceeds image width or height, resulting in assertions, out of memory errors, or pixel cache limit errors.
PDF: Consistently initialize Image page width and height to image width and height. While general to all of GraphicsMagick, this change is to assure that the PDF writer computes page dimensioning consistently. PDF page dimensioning was wrong if the image had been resized with -geometry "100%".
PAM: Fix MAXVAL scaling when reading PAM images. PAM was only working correctly for images with 256 or 64k levels.
PNM: PGM "P2" format writer wrote bad output for 8-bit depth.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile".
PNG: Q8 GM build now correctly reads 16-bit PNG files.
TIFF writer: Try to avoid writing more than 32k strips per image by increasing rows-per-strip since some programs fail to read images with more than 32k strips per image.
TIM reader: PSX TIM reports 8-bit depth (rather than 16).
TTF font rendering: Improve FreeType rendering error logic so that rendering returns immediately on pixel access errors rather than plowing on ahead.
TTF font rendering: Support rendering UTF-8 up to 21-bit code points. Was only supporting 16-bit code points.
Wand API: DrawSetStrokeDashArray() / DrawGetStrokeDashArray(), fix failure to work properly due to this code path never being tested.
Windows Ghostscript: 64-bit GraphicsMagick no longer requires both 32-bit and 64-bit builds of Ghostscript to be installed in order to read Postscript and PDF formats.
XPM reader: Reported depth now depends on the colormap rather than always claiming to be 16-bit.

New Features:
JPEG: Add support for writing 'XMP' profile.
PNM: As a simple non-standard extension to the standard PNM and PAM formats, support writing and reading 32-bit sample depth. Writing such files is only supported by the Q32 build although they may be read by any build.
WebP: Now supports reading and writing Google's WebP format. This feature is not currently supported by the Windows Visual Studio build.
2014-01-01 23:21:34 +00:00
tron
a36fb86593 Try to fix the fallout caused by the fix for PR pkg/47882. Part 3:
Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.
2013-06-04 22:15:37 +00:00
wiz
53745b22ea Bump freetype2 and fontconfig dependencies to current pkgsrc versions,
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.

While doing that, also bump freetype2 dependency to current pkgsrc
version.

Suggested by tron in PR 47882
2013-06-03 10:05:17 +00:00