Subject: CVS commit: pkgsrc/graphics
From: Adam Ciarcinski
Date: 2012-11-03 21:45:46
Message id: 20121103204546.ADC9B175DD@cvs.netbsd.org

Log Message:
Changes 1.3.17:

Security Fixes:
  * PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in
    coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper
    variable type for the allocation size, which might allow remote
    attackers to cause a denial of service (crash) via a crafted PNG
    file that triggers incorrect memory allocation.
  * Automake (derived): Fix for CVE-2012-3386: The "make distcheck"
    rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants
    world-writable permissions to the extraction directory, which
    introduces a race condition that allows local users to execute
    arbitrary code via unspecified vectors.

Bug fixes:
  * PNG: Reading sub-8-bit palette images is fixed (images looked
    stretched).
  * SVG: Fixed bug which allowed MVG and SVG files with long vector
    paths to crash the software.
  * SVG: Ignore XML headers rather than rendering them as text.
  * MVG/SVG/WMF/-draw: It is now possible to draw a plain ','
    character.
  * WMF: Fixed a bug which caused wrong centered-text placement.
  * import: Return status was inverted.
  * configure: Don't force that liblzma is used just because libtiff
    is used.

New Features:
  * The configure script now supports a --enable-quantum-library-names
    option to enable that shared library name includes quantum depth
    to allow shared libraries with different quantum depths to
    co-exist in same directory (only one can be used for development).
  * JNX: Support is added for reading the Garmin proprietary Image
    Format.
  * BMP: Support an alpha channel in uncompressed 32-bit BMP.

Feature improvements:
  * -lat: The adaptive threshold algorithm is replaced with a new
     algorithm which scales linearly (rather than quadratically) with
     area size.
  * Tests: Test suite is re-written to use TAP-based tests.
  * GIF: Reader tries to be better at detecting and reporting
    failures.

Performance Improvements:
  * -lat: Adaptive threshold is much faster with large area sizes.

Windows Delegate Updates:
  * Dcraw 9.16 is now included in the build (with JPEG and JPEG2000
    support).
  * Libxml2 is updated to the 2.9.0 release.
  * Libtiff is updated to the 4.0.3 release.
  * Lcms2 is updated to the 2.4 release.
  * Libpng is updated to the 1.5.13 release.

Behavior Changes:
  * Loading modules is only supported for the modules build.
    Previously any build using shared libraries could load modules.
  * Bundled libltdl is now configured as 'installable' rather than
    'convenience'.
  * -enhance: Only filter based on color channels (ignore opacity).
  * BrowseDelegate: Web browser (for viewing help information) now
    defaults to 'xdg-open', but if it is not found, then configure
    will search for firefox, google-chrome, mozilla (in that order).

Files:
RevisionActionfile
1.52modifypkgsrc/graphics/GraphicsMagick/Makefile
1.7modifypkgsrc/graphics/GraphicsMagick/Makefile.common
1.18modifypkgsrc/graphics/GraphicsMagick/PLIST
1.26modifypkgsrc/graphics/GraphicsMagick/buildlink3.mk
1.32modifypkgsrc/graphics/GraphicsMagick/distinfo
1.11modifypkgsrc/graphics/p5-GraphicsMagick/Makefile
1.3removepkgsrc/graphics/GraphicsMagick/patches/patch-coders_png.c