Navigation:
Browse pkgsrc
(this page) 2018-12-16 15:20:22 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: leptonica: updated to 1.77.0 1.77.0: Here is the current status of CVE issues with leptonica; see https://security-tracker.debian.org/tracker/source-package/leptonlib * CVE-2018-7442: potential injection attack because '/' is allowed in gplot rootdir. Functions using this command have been disabled by default in the distribution, starting with 1.76.0. As for the specific issue, it is impossible to specify a general path without using the standard directory subdivider '/'. * CVE-2018-7186: number of characters not limited in fscanf or sscanf, allowing possible attack with buffer overflow. This has been fixed in 1.75.3. * CVE-2018-3836: command injection vulnerability in gplotMakeOutput(). This has been fixed in 1.75.3, using stringCheckForChars() to block rootnames containing any of: ;&|>"?*$()/< * CVE-2017-18196: duplicated path components. This was fixed in 1.75.3. * CVE-2018-7441: hardcoded /tmp pathnames. These are all wrapped in special debug functions that are not enabled by default in the distribution, starting with 1.76.0. * CVE-2018-7247: input 'rootname' can overflow a buffer. This was fixed in 1.76.0, using snprintf(). * CVE-2018-7440: command injection in gplotMakeOutput using $(command). Fixed in 1.75.3, which blocks '$' as well as 11 other characters. Wrapped the few 'system' calls in an extra layer of debug code. More coverity scan fixes; defects are about 1 per 10,000 source lines. New regression tests: numa1_reg, numa2_reg, lowaccess_reg, pixmem_reg. New non-regression test programs: histoduptest Juergen Buchmueller is working on Lua bindings. He typedef'd l_ok and used it in 1100 functions that return a success/failure status. He also helped clean up remaining issues in the doxygen-generated documentation. Using a packed struct for bmp headers to avoid crash on some big-endians. Fixed a bug in the prototype parser for xtractprotos that was surfaced by a typedef declaration for the bmp headers. Cleaned up IOS guards to avoid compiling a system(3) call on IOS. Renamed autobuild --> autogen.sh Added some basic pixa functions for rotation and translation. Added an iterative method to find rectangular coverings for arbitrary connected components. Converted two tests to reg tests running in alltests_reg: ptra1_reg, ptra2_reg Enabled read/write for standard jpeg compressed tiff images. Enabled reading for the old (deprecated) jpeg-encoded tiffs. Fix range selectors for pixa, pixaa, boxa, boxaa, pta: Now, last = -1 goes to the end. When reading tiff --> pix, insert IMAGEDESCRIPTION into text field. Converted iotest to reg test iomisc_reg; added to alltests_reg Converted rasterop_reg into a standard regression test; added to alltests_reg. Converted boxa2_reg and fhmtauto_reg into standard regression tests; added to alltests_reg. Split boxa sequence functions out of boxfunc4.c, into a new boxfunc5.c. Simplified bmp header and made reading more clearly endian agnostic (Juergen Buchmueller) New boxa3_reg regression test. This tests sequences of boxes by two new boxfunctions in boxfunc5.c. New bootnumgen4.c for more digit templates. Rename prog/recog_bootnum.c --> prog/recog_bootname1.c New in prog: recog_bootnum2.c, recog_bootnum3.c, recogtest7.c Fixed uninitialized data in pixCentroid() on 1 bpp pix. New reg test: bytea_reg.c. (removed byteatest.c) Fixed bug in non-transcoding pdf generation from 1 bpp png. Added LGTM to static analyzers that run over the library. |
| 2018-05-09 13:39:04 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: leptonica: updated to 1.76.0 1.76.0: Modify infrastructure to fix outstanding security issues. By default, you can no longer create temp directories and temp files whose names are known to the compiler. Also, prevent "system" calls, which were used for image display and gnuplot. Replaced remaining sprintf() with snprintf() in prog tests. Added non-transcoding functions for generating pdf from jpeg pixacomp Add control of jpeg quality from pixWriteMem() and pixWriteStream() Fixed getFilenamesInDirectory() to properly identify directories Prevent size overflow in calloc for kernel; cleaned it up fpix and dpix bmp reading now accepts negative height Simplified splitimage2pdf; it no longer uses ps2pdf Remove name-mangling WRITE_AS_NAMED compile option. Removed 2 deprecated write functions. Added these regression tests: locminmax_reg, speckle_reg, watershed_reg, |
| 2018-02-20 10:37:56 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: leptonica: updated to 1.75.3 1.75.3: Fixed some coverity scan issues. Autotools fix to check for png if enabling gnuplot |
| 2018-02-14 12:19:36 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: leptonica: updated to 1.75.2 1.75.2: Converted several progs to standard regression tests. Added these tests to the alltests_reg suite: adaptnorm_reg, binmorph1_reg, binmorph3_reg, equal_reg, extrema_reg, grayfill_reg, falsecolor_reg, grayquant_reg. Autotools fix for restricting giflib to 5.1+, and allowing openjpeg 2.3 |
| 2018-02-05 11:53:36 by Jonathan Perkin | Files touched by this commit (2) |
Log message: leptonica: Avoid fstatat(2) until it can be properly tested for. |
| 2018-02-02 13:09:18 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: leptonica: updated to 1.75.1 1.75.1: * Simpler and more accurate function for finding word masks from * text image; better debugging and more thorough testing. * Added to regression test set: prog/italic_reg * Fix for potential injection attack using gplot rootdir. * Bug fix for bmp reading to set opacity. |
| 2018-01-25 12:27:35 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: leptonica: updated to 1.75.0 This is a new version, for major Ubuntu release 18.04. $TMPDIR path rewriting turned off on Unix; only used for Windows. Added pix conversion to depth 2 and 4. We now have general converters to 1, 2, 4, 8, 16 and 32 bpp. Modified giflib to use read/write from/to memory; no temp files; no longer support versions before 5.1. Move most low-level code from separate files to their callers; about 30 of them became static. Improved table detection on scanned page images (tests: pageseg_reg.c) Added support for write/compare regression tests for files. Modified printimage for more flexibility. Enable lookup by key on comma-separated key/value text file. Update README.html for building with Visual Studio. Improved functions for getting pixel averages in RGB images Simplified and speedup of unsharp masking. New function for detecting and correcting text orientation. Remove slow sharpening operation when not appropriate during scaling. Better handling of gplots with 0 or 1 data point. Coverity scan fixes. Modified jpeg2000 header to use openjpeg 2.3. Improved depth accessors for pixa and pixaa; added size accessors for pixa and pixaa. Bug fix in webp interface on read error. New function that finds the closest boxes in a boxa to any particular box, in each of 4 directions. New regression tests in automated sequence: blend5_reg, quadtree_reg, wordboxes_reg. New program: textorient Removed programs: snapcolortest |
| 2017-10-12 00:54:42 by Jonathan Perkin | Files touched by this commit (2) |
Log message: leptonica: Support openjpeg-2.3. |
| 2017-06-14 16:26:24 by Filip Hajny | Files touched by this commit (2) |
Log message: Update graphics/leptonica to 1.74.4. 1.74.4 11 Jun 17 - Converted two progs to reg tests - New version because 1.74.3 had some spurious files (xtractprotos, endianness.h) 1.74.3 9 Jun 17 - Coverity scan fixes. - Several fixes for running on Windows, including subtle one with tiff encoding depending on pad bits. - Utility and test if a page image likely has a table. - Remove use of pixCreateTemplateNoInit() where it may cause problems. - Make release 'configure-make ready' |
| 2017-02-28 16:20:12 by Ryo ONODERA | Files touched by this commit (208) |
Log message: Recursive revbump from graphics/libwebp |
New packages: