19628f33bc
Security Fixes: * PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. * Automake (derived): Fix for CVE-2012-3386: The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. Bug fixes: * PNG: Reading sub-8-bit palette images is fixed (images looked stretched). * SVG: Fixed bug which allowed MVG and SVG files with long vector paths to crash the software. * SVG: Ignore XML headers rather than rendering them as text. * MVG/SVG/WMF/-draw: It is now possible to draw a plain ',' character. * WMF: Fixed a bug which caused wrong centered-text placement. * import: Return status was inverted. * configure: Don't force that liblzma is used just because libtiff is used. New Features: * The configure script now supports a --enable-quantum-library-names option to enable that shared library name includes quantum depth to allow shared libraries with different quantum depths to co-exist in same directory (only one can be used for development). * JNX: Support is added for reading the Garmin proprietary Image Format. * BMP: Support an alpha channel in uncompressed 32-bit BMP. Feature improvements: * -lat: The adaptive threshold algorithm is replaced with a new algorithm which scales linearly (rather than quadratically) with area size. * Tests: Test suite is re-written to use TAP-based tests. * GIF: Reader tries to be better at detecting and reporting failures. Performance Improvements: * -lat: Adaptive threshold is much faster with large area sizes. Windows Delegate Updates: * Dcraw 9.16 is now included in the build (with JPEG and JPEG2000 support). * Libxml2 is updated to the 2.9.0 release. * Libtiff is updated to the 4.0.3 release. * Lcms2 is updated to the 2.4 release. * Libpng is updated to the 1.5.13 release. Behavior Changes: * Loading modules is only supported for the modules build. Previously any build using shared libraries could load modules. * Bundled libltdl is now configured as 'installable' rather than 'convenience'. * -enhance: Only filter based on color channels (ignore opacity). * BrowseDelegate: Web browser (for viewing help information) now defaults to 'xdg-open', but if it is not found, then configure will search for firefox, google-chrome, mozilla (in that order). |
||
---|---|---|
.. | ||
buildlink3.mk | ||
DESCR | ||
distinfo | ||
Makefile | ||
Makefile.common | ||
options.mk | ||
PLIST |