./graphics/GraphicsMagick, X application for displaying and manipulating images

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.3.30, Package name: GraphicsMagick-1.3.30, Maintainer: pkgsrc-users

GraphicsMagick(TM) provides a powerful image manipulation and
translation utility. It is capable of displaying still images and
animations using the X Window system, provides a simple interface for
interactively editing images, and is capable of importing selected
windows or the entire desktop. GraphicsMagick can read and write over
88 image formats, including JPEG, TIFF, WMF, SVG, PNG, PNM, GIF, and
Photo CD. It can resize, rotate, sharpen, color reduce, or add
special effects to the image and save the result to any supported
format. GraphicsMagick may be used to create animated or transparent
.gifs, create composite images, create thumbnail images, and much,
much, more.

GraphicsMagick is one of your choices if you need a program to
manipulate and display images. If you want to develop your own
applications which use GraphicsMagick code or APIs, you need to
install GraphicsMagick-devel as well.


Required to run:
[textproc/libxml2] [print/ghostscript] [graphics/jasper] [graphics/tiff] [graphics/freetype2] [graphics/png] [devel/libltdl] [graphics/jbigkit] [fonts/urw-fonts] [graphics/lcms2] [graphics/libwebp] [devel/pkgconf]

Required to build:
[pkgtools/x11-links] [pkgtools/cwrappers]

Package options: bzip2, jasper, lzma, x11

Master sites:

SHA1: e9b1f6b84739eef3e112d4905e3d72b1e6983abd
RMD160: 5048f04e926ae2a4d2141ed1b8605a511e077fbc
Filesize: 5367.301 KB

Version history: (Expand)


CVS history: (Expand)


   2018-06-24 12:16:49 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
GraphicsMagick: update to 1.3.30.

1.3.30 (June 23, 2018)
=========================

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 238 issues have been opened by oss-fuzz and 230 of those
  issues have been resolved.  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

* SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
  PointInfo arrays.  This is another manefestation of CVE-2016-2317,
  which should finally be fixed correctly due to active
  detection/correction of pending overflow rather than using
  estimation.

Bug fixes:

* Many oss-fuzz fixes are bug fixes.

* Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).

* MIFF: Detect end of file while reading image directory.

* SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).

* The AlphaCompositePixel macro was producing wrong results when the
  output alpha value was not 100% opaque. This is a regression
  introduced in 1.3.29.

* TILE: Fix problem with tiling JPEG images because the size request
  used by the TILE algorithm was also causing re-scaling in the JPEG
  reader.  The problem is solved by stripping the size request before
  reading the image.

API Updates:

* The size of PrimitiveInfo (believed to be an internal/private
  structure but in a header which is installed, has been increased to
  store a 'flags' argument. This is intended to be an internal
  interface but but may be detected as an ABI change.

Build Changes:

* The oss-fuzz build script (fuzzing/oss-fuzz-build.sh) now includes
  many delegate libraries such as zlib, libpng, libtiff, libjpeg, and
  freetype, resulting in more comprehensive testing.  The Q16 build is
  now being tested rather than the 'configure' default of Q8.

Behavior Changes:

* JPEG: The JPEG reader now allows 3 warnings of any particular type
  before giving up on reading and throwing an exception.  This choice
  was made after observing files which produce hundreds of warnings
  and consume massive amounts of memory before reading the image data
  has even started.  It is currently unknown how many files which were
  previously accepted will be rejected by default.  The number of
  allowed warnings may be adjusted using '-define
  jpeg:max-warnings=<value>'.  The default limit will be adjusted
  based on reported user experiences and may be adjusted prior to
  compilation via the MaxWarningCount definition in coders/jpeg.c.
   2018-05-06 12:03:34 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
GraphicsMagick: updated to 1.3.29

1.3.29:
Security Fixes:
GraphicsMagick is now participating in Google's oss-fuzz project due to the \ 
contributions and assistance of Alex Gaynor. Since February 4 2018, 180 issues \ 
have been opened by oss-fuzz and 173 of those issues have been resolved. The \ 
issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list \ 
under search term "graphicsmagick". Issues are available for anyone to \ 
view and duplicate if they have been in "Verified" status for 30 days, \ 
or if they have been in "New" status for 90 days. There are too many \ 
fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial \ 
repository commit log, and the oss-fuzz issues list for details.
JNG: Require that the embedded JPEG image have the same dimensions as the JNG \ 
image as provided by JHDR. Avoids a heap write overflow.
MNG: Arbitrarily limit the number of loops which may be requested by the MNG \ 
LOOP chunk to 512 loops, and provide the '-define mng:maximum-loops=value' \ 
option in case the user wants to change the limit. This fixes a denial of \ 
service caused by large LOOP specifications.

Bug fixes:
Many oss-fuzz fixes are bug fixes.
DICOM: Pre/post rescale functions are temporarily disabled (until the \ 
implementation is fixed).
JPEG: Fix regression in last release in which reading some JPEG files produces \ 
the error "Improper call to JPEG library in state 201".
ICON: Some DIB-based Windows ICON files were reported as corrupt to an \ 
unexpectedly missing opacity mask image.
In-memory Blob I/O: Don't implicitly increase the allocation size due to seek \ 
offsets.
MNG: Detect and handle failure to allocate global PLTE. Fix divide by zero.
DrawGetStrokeDashArray(): Check for failure to allocate memory.
BlobToImage(): Now produces useful exception reports to cover the cases where \ 
'magick' was not set and the file format could not be deduced from its header.

API Updates:
Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(), \ 
MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap() based on \ 
contributions by Troy Patteson.
New structure ImageExtra added and Image 'clip_mask' member is replaced by \ 
'extra' which points to private ImageExtra allocation. The ImageGetClipMask() \ 
function now provides access to the clip mask image.
New structure DrawInfoExtra and DrawInfo 'clip_path' is replaced by 'extra' \ 
which points to private DrawInfoExtra allocation. The DrawInfoGetClipPath() \ 
function now provides access to the clip path.
New core library functions: GetImageCompositeMask(), CompositeMaskImage(), \ 
CompositePathImage(), SetImageCompositeMask(), ImageGetClipMask(), \ 
ImageGetCompositeMask(), DrawInfoGetClipPath(), DrawInfoGetCompositePath()
Deprecated core library functions: RegisterStaticModules(), \ 
UnregisterStaticModules().

Feature improvements:
Static modules (in static library or shared library without dynamically loadable \ 
modules) are now lazy-loaded using the same external interface as the \ 
lazy-loader for dynamic modules. This results in more similarity between the \ 
builds and reduces the fixed initialization overhead by only initializing the \ 
modules which are used.
SVG: The quality of SVG support has been significantly improved due to the \ 
efforts of Greg Wolfe.
FreeType/TTF rendering: Rendering fixes for opacity.
   2018-04-18 00:29:53 by Thomas Klausner | Files touched by this commit (286)
Log message:
Add p11-kit to gnutls/bl3.mk and bump dependencies.
   2018-04-16 16:35:28 by Thomas Klausner | Files touched by this commit (1284)
Log message:
Recursive bump for new fribidi dependency in pango.
   2018-03-12 12:18:01 by Thomas Klausner | Files touched by this commit (2155)
Log message:
Recursive bumps for fontconfig and libzip dependency changes.
   2018-01-28 21:11:10 by Thomas Klausner | Files touched by this commit (462) | Package updated
Log message:
Bump PKGREVISION for gdbm shlib major bump
   2018-01-28 16:23:52 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
GraphicsMagick: update to 1.3.28.

1.3.28 (January 20, 2017)
=========================

Security Fixes:

* BMP: Fix non-terminal loop due to unexpected bit-field mask value
  (DOS opportunity).

* PALM: Fix heap buffer underflow in builds with QuantumDepth=8.

* SetNexus() Fix heap overwrite under certain conditions due to using
  a wrong destination buffer.  This issue impacts all 1.3.X releases.

* TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
  NEWS profile.

Bug fixes:

* DescribeImage(): Eliminate possible use of null pointer.

* GIF: Fix memory leak of global colormap in error path.

* GZ: Writing to gzip files with the extension ".gz" was not working
  with Zlib 1.2.8.

* JNG: Fix buffer read overflow (a tiny fixed overflow of just one byte).

* JPEG: Promoting certain libjpeg warnings to errors caused much more
  problems than expected.  The promotion of warnings to errors is
  removed.  Claimed pixel dimensions are validated by file size before
  allocating memory for the pixels.

* IntegralRotateImage(): Assure that reported error in rotate by 270
  case does immediately terminate processing.

* MNG: Fix possible null pointer reference related to DEFI chunk
  parsing.  Fix minor heap read overflow (constrained to just one
  byte) due to an ordering issue in a limit check.  Fix memory leaks
  in error path.

* WebP: Fix stack buffer overflow in WriteWEBPImage() which occurs
  with libwebp 0.5.0 or newer due to a structure type change in the
  structure passed to the progress monitor callback.

* WPG: Memory leaks fixed.

API Updates:

* InterpolateViewColor(): This function now returns MagickPassFail (an
  unsigned int) rather than void so that errors can be efficiently
  reported.

* The magick/pixel_cache.h header is updated to add deprecation
  attributes such that code using GetPixels(), GetIndexes(), and
  GetOnePixel() will produce deprecation warnings for compilers which
  support them.  These functions will not be removed in the 1.3.X
  release series and when they are removed, pre-processor macros will
  be added so a replacement function is used instead.  There is a
  long-term objective to eliminate functionally-redundant pixel cache
  functions to only the ones with the best properties since this
  reduces maintenance and may reduce the depth of the call stack
  (improving performance).

Build Changes:

* PerlMagick: Sanitize PACKAGE_VERSION so that Perl is not confused by
  any trailing alpha character.

* Improved symbol renaming due to adding --enable-symbol-prefix.  Some
  symbols (for static const strings) were not being included in the
  renaming.
   2017-12-19 09:09:29 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
GraphicsMagick: updated to 1.3.27a

1.3.27:
Security Fixes:
* CMYK: Fix heap overwrites in raw CMYK writer.  Fix heap overwrites
  in raw CMYK reader (noticed when doing montage).
* GIF: Assure that global colormap is initialized.
* DescribeImage(): Fix possible heap write overflow when describing
  visual image directory. Fix possible heap read overflow while
  accessing heap data, and possible information disclosure while
  describing the IPTC profile.
* DICOM: Fix huge memory allocation based on bogus length value (DOS
  opportunity).
* DrawDashPolygon(): Fix heap out of bounds read in render code.
* GRAY: Fix heap overwrites in raw GRAY reader (noticed when doing
  montage).
* JNG: Fix heap overruns.  Fix assertions.
* JNG: Prevent a crash due to zero-length color_image while reading a
  JNG image. (CVE-2017-11102).  Reject JNG files with unreasonable
  dimensions given the file size (avoid DOS).
* JNX: Fix DOS due to excessive memory allocations with corrupt file.
* JPEG: Do not allocate backing image pixels until a scanline has been
  successfully read.  Avoids DOS opportunity with suitably
  manufactured file.
* MAP: Fix null pointer dereference or segmentation violation.
* MAT: Fix heap write overflow.
* MNG: Reject over-large (65k by 65k) image.  Fix heap overwrites.
* PAM: Fix heap buffer overflow in PAM writer for 1 bit/sample + alpha.
* PICT: Fix excessive memory allocation due to malformed image file.
* PNG: Fix heap buffer overflow in PNG writer when promoting from
  indexed PNG to RGBA.
* PNM: Fix DOS due to excessive memory allocations with corrupt file.
* RGB: Fix heap overwrite in raw RGB writer. Fix heap overwrites in
  raw RGB reader (noticed when doing montage).
* RLE: Fix DOS opportunities due to false claims in image header.  Fix
  heap out of bounds read.
* SFW: Avoid possible heap write overflow.
* SUN: Fix heap read overflow.  Fix DOS due to excessive memory
  allocations with corrupt file.
* SVG: Fix heap write overflow.
* TIFF: Use heuristics to avoid DOS (excessive memory use) due to
  false claims by input file.  It is possible that this may reject
  some valid files.  Fix possible small heap overwrite beyond the
  allocated scanline buffer due to the NumberOfObjectsInArray() macro
  rounding up rather than down.
* UIL: Fix heap overwrite in writer.
* WPG: Fix DOS issues (memory, disk space, CPU time) due to
  insufficient validations.  Fix heap overwrites.
* XBM: Fix DOS issue where code remains stuck in loop and does not
  return.
* XV 332 (PNM): Fix null pointer dereference due to malformed file.
* TracePSClippingPath()/TraceSVGClippingPath(): Fix heap out of bounds
  read.
* Validate path entries in the MAGICK_CODER_MODULE_PATH and
  MAGICK_FILTER_MODULE_PATH environment variables and convert all
  paths to real paths if possible. This avoids possible use of
  relative paths to load modules (a possible security issue), or the
  possibility of adding a directory which was in the path, but
  missing, and may improve efficiency by removing non-existent paths.

Bug fixes:
* AVS: Memory leaks eliminated.
* CINEON: Fix possible use of NULL pointer.
* CMYK: Memory leaks eliminated.
* CUT: Memory leaks eliminated.  Fix possible use of NULL pointer.
* DCM: Fix possible use of NULL pointer.
* DrawImage(): Avoid "negative" strncpy().  This seems to be benign
  with glibc but perhaps not with other implementations.
* DPX: Memory leaks eliminated.
* EMF: Fix possible use of NULL pointer.
* FindMagickModule(): Fix possible use of NULL pointer.
* FITS: Fix memory leak.
* GIF: Fix memory leak.
* HDF: Memory leaks eliminated.
* HISTOGRAM: Fix memory leak.
* JNG: Memory leaks eliminated. Memory use after free and double-free
  issues eliminated.  Error reporting fixes.
* Magick::Options::strokeDashArray(): Fix possible use of NULL pointer.
* MagickXFileBrowserWidget(): Fix possible use of NULL pointer.
* MAT: Memory leaks eliminated.
* MagickMapCloneMap(): Fix possible assertion failure.
* MNG: Memory use after free issues eliminated.  Fix possible use of
  NULL pointer.  Fix memory leaks.
* MontageImageCommand(): Fix memory leaks.
* MPC: Fix memory leak in writer.
* MPEG: Fix memory leaks in writer.
* MTV: Memory leaks eliminated.
* NTRegistryKeyLookup(): Fix possible use of NULL pointer.
* NTGetTypeList(): Fix possible use of NULL pointer.
* PCD: Memory leaks eliminated.
* PCL: Fix null pointer dereference in PCL writer.
* PCX: Memory leaks eliminated.
* PALM: Fix possible use of NULL pointer. Fix memory leak.
* PICT: Memory leaks eliminated.
* PNG: Fix small (one-off) heap read overflow.
* PNM: Fix memory leaks.
* PS: Fix use of null pointer in error path.
* PWP: Fix possible use of null pointer.
* ReplaceImageColormap(): Throw an exception rather than assertion if
  the input image is not colormapped.
* RGB: Fix memory leak.
* SegmentImage(): Fix possible use of NULL pointer.
* SetImageProfile(): Fix possible assertion failure.
* SGI: Check for EOF while reading SGI file header.
* SUN: Fix memory leak.
* TIFF: Fix possible use of NULL pointer.  Fix memory leaks in writer.
* TIM: Fix memory leak.
* TOPOL: Fix possible use of NULL pointer.  Fix memory leaks.
* VIFF: Fix memory leak.
* WEBP: Detect partial write to output file.
* WPG: Fix possible use of null pointer. Fix excessive use of disk
  resources due to insufficient validations.
* WriteImage(): Restore use of GetBlobStatus() to test if an I/O error
  was encountered while writing output file. This assures that I/O
  failure in writers which do not themselves verify writes is assured
  to be reported.
* WMF: Memory use after free issues eliminated.
* YUV: Fix memory leaks.

New Features:
* PNG: Implemented eXIf chunk support.
* WEBP: Add support for EXIF and ICC metadata provided that at least
  libwebp 0.5.0 is used.
* Magick++ Image autoOrient(): New Image method to auto-orient an
  image so it looks right-side up by default.

Windows Delegate Updates/Additions:
* Libtiff is updated to libtiff 4.0.9.

Build Changes:
* JPEG/PNG: The SETJMP_IS_THREAD_SAFE definition is used to determine
  if setjmp/longjmp are thread safe.  If these interfaces are thread
  safe, then concurrent reads/writes are possible.  This definition is
  false for Solaris but true for Linux.  JPEG and PNG will be fully
  concurrent if this definition is enabled.

Behavior Changes:
* PALM: PALM writer is disabled.
* ThrowLoggedException(): Capture the first exception at
  ErrorException level or greater, or only capture exception if it is
  more severe than an already reported exception.
* DestroyJNG(): This internal function is now declared static and is
  removed from shared library or DLL namespace.