Path to this page:
Subject: CVS commit: pkgsrc/graphics
From: Adam Ciarcinski
Date: 2012-11-03 21:45:46
Message id: 20121103204546.ADC9B175DD@cvs.netbsd.org
Log Message:
Changes 1.3.17:
Security Fixes:
* PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in
coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper
variable type for the allocation size, which might allow remote
attackers to cause a denial of service (crash) via a crafted PNG
file that triggers incorrect memory allocation.
* Automake (derived): Fix for CVE-2012-3386: The "make distcheck"
rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants
world-writable permissions to the extraction directory, which
introduces a race condition that allows local users to execute
arbitrary code via unspecified vectors.
Bug fixes:
* PNG: Reading sub-8-bit palette images is fixed (images looked
stretched).
* SVG: Fixed bug which allowed MVG and SVG files with long vector
paths to crash the software.
* SVG: Ignore XML headers rather than rendering them as text.
* MVG/SVG/WMF/-draw: It is now possible to draw a plain ','
character.
* WMF: Fixed a bug which caused wrong centered-text placement.
* import: Return status was inverted.
* configure: Don't force that liblzma is used just because libtiff
is used.
New Features:
* The configure script now supports a --enable-quantum-library-names
option to enable that shared library name includes quantum depth
to allow shared libraries with different quantum depths to
co-exist in same directory (only one can be used for development).
* JNX: Support is added for reading the Garmin proprietary Image
Format.
* BMP: Support an alpha channel in uncompressed 32-bit BMP.
Feature improvements:
* -lat: The adaptive threshold algorithm is replaced with a new
algorithm which scales linearly (rather than quadratically) with
area size.
* Tests: Test suite is re-written to use TAP-based tests.
* GIF: Reader tries to be better at detecting and reporting
failures.
Performance Improvements:
* -lat: Adaptive threshold is much faster with large area sizes.
Windows Delegate Updates:
* Dcraw 9.16 is now included in the build (with JPEG and JPEG2000
support).
* Libxml2 is updated to the 2.9.0 release.
* Libtiff is updated to the 4.0.3 release.
* Lcms2 is updated to the 2.4 release.
* Libpng is updated to the 1.5.13 release.
Behavior Changes:
* Loading modules is only supported for the modules build.
Previously any build using shared libraries could load modules.
* Bundled libltdl is now configured as 'installable' rather than
'convenience'.
* -enhance: Only filter based on color channels (ignore opacity).
* BrowseDelegate: Web browser (for viewing help information) now
defaults to 'xdg-open', but if it is not found, then configure
will search for firefox, google-chrome, mozilla (in that order).
Files: