Path to this page:
Subject: CVS commit: pkgsrc/graphics/GraphicsMagick
From: Adam Ciarcinski
Date: 2018-05-06 12:03:34
Message id: 20180506100334.24319FBEC@cvs.NetBSD.org
Log Message:
GraphicsMagick: updated to 1.3.29
1.3.29:
Security Fixes:
GraphicsMagick is now participating in Google's oss-fuzz project due to the \
contributions and assistance of Alex Gaynor. Since February 4 2018, 180 issues \
have been opened by oss-fuzz and 173 of those issues have been resolved. The \
issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list \
under search term "graphicsmagick". Issues are available for anyone to \
view and duplicate if they have been in "Verified" status for 30 days, \
or if they have been in "New" status for 90 days. There are too many \
fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial \
repository commit log, and the oss-fuzz issues list for details.
JNG: Require that the embedded JPEG image have the same dimensions as the JNG \
image as provided by JHDR. Avoids a heap write overflow.
MNG: Arbitrarily limit the number of loops which may be requested by the MNG \
LOOP chunk to 512 loops, and provide the '-define mng:maximum-loops=value' \
option in case the user wants to change the limit. This fixes a denial of \
service caused by large LOOP specifications.
Bug fixes:
Many oss-fuzz fixes are bug fixes.
DICOM: Pre/post rescale functions are temporarily disabled (until the \
implementation is fixed).
JPEG: Fix regression in last release in which reading some JPEG files produces \
the error "Improper call to JPEG library in state 201".
ICON: Some DIB-based Windows ICON files were reported as corrupt to an \
unexpectedly missing opacity mask image.
In-memory Blob I/O: Don't implicitly increase the allocation size due to seek \
offsets.
MNG: Detect and handle failure to allocate global PLTE. Fix divide by zero.
DrawGetStrokeDashArray(): Check for failure to allocate memory.
BlobToImage(): Now produces useful exception reports to cover the cases where \
'magick' was not set and the file format could not be deduced from its header.
API Updates:
Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(), \
MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap() based on \
contributions by Troy Patteson.
New structure ImageExtra added and Image 'clip_mask' member is replaced by \
'extra' which points to private ImageExtra allocation. The ImageGetClipMask() \
function now provides access to the clip mask image.
New structure DrawInfoExtra and DrawInfo 'clip_path' is replaced by 'extra' \
which points to private DrawInfoExtra allocation. The DrawInfoGetClipPath() \
function now provides access to the clip path.
New core library functions: GetImageCompositeMask(), CompositeMaskImage(), \
CompositePathImage(), SetImageCompositeMask(), ImageGetClipMask(), \
ImageGetCompositeMask(), DrawInfoGetClipPath(), DrawInfoGetCompositePath()
Deprecated core library functions: RegisterStaticModules(), \
UnregisterStaticModules().
Feature improvements:
Static modules (in static library or shared library without dynamically loadable \
modules) are now lazy-loaded using the same external interface as the \
lazy-loader for dynamic modules. This results in more similarity between the \
builds and reduces the fixed initialization overhead by only initializing the \
modules which are used.
SVG: The quality of SVG support has been significantly improved due to the \
efforts of Greg Wolfe.
FreeType/TTF rendering: Rendering fixes for opacity.
Files: