Log message:
Add patch needed for 1.3.24.

Log message:
Updated GraphicsMagick to 1.3.24.

1.3.24 (May 30, 2016)
==========================

.. _`GCC bug 53967` : http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53967

Special Issues:

* A shell exploit (CVE-2016-5118) was discovered associated with a
  filename syntax where file names starting with '|' are intepreted as
  shell commands executed via popen().  Insufficient sanitization in
  the SVG and MVG renderers allows such filenames to be passed through
  from potentially untrusted files.  There might be other ways for
  untrusted inputs to produce such filenames.  Due to this issue,
  support for the feature is removed entirely.

* A shell exploit was discovered associated with the gnuplot delegate
  and which is triggered by the 'gplt' entry in delegates.mgk.  A
  remote exploit is possible if the attacker can cause a provided SVG
  or MVG file to be rendered (or the user opens a provided file).  The
  gnuplot program must be installed in order for the exploit to be
  successful.  It is strongly recommended to remove this entry in all
  delegates.mgk files.

* Due to `GCC bug 53967`_, several key agorithms (e.g. convolution)
  may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is
  enabled for floating point math (`-mfpmath=sse`) if the GCC option
  `-frename-registers` is used. Default 32-bit builds do not
  experience the problem since they use '387 math.  It is not clear in
  what version of GCC this problem started but it was not noticed by
  the developers until the GCC 4.6 timeframe.  Other compilers do not
  suffer from this bug.  Please lobby the GCC project to fix this
  embarrassing performance bug.

Security Fixes:

* BLOB: Remove support for reading input from a shell command, or
  writing output to a shell command, by prefixing the specified
  filename (containing the command) with a '|'.  This feature provided
  a remote shell execution opportunity.

* DIB: Fixed out of bounds reads.  Added more header validations.

* JNG: File size limits are enforced.

* MAT: Fixed denial of service opportunity.  Fix hang on corrupt deflate stream.

* META: Fixed out of bounds reads and writes.

* MIFF: Fixed thrown assertion.

* MSL: Ignore the file extension on MSL files.  It is necessary to add
  a "msl:" prefix to MSL files to read the as an image.

* MVG: No longer assume that files ending with extension ".mvg" are
  MVG files.  MVG parsing does more validity checking on its input.
  Assure that enough PrimitiveInfo structures are allocated in advance
  to support a given vector path (heap overflow problem).

* PCX: Fixed unreasonable memory allocation due to intentionally
  corrupt file.

* PDB: Fixed a heap buffer overflow and out of bounds read.

* PICT: Fixed an out of bounds write.

* PS: Ghostscript is now always run with -dSAFER for safer execution.

* PSD: Fixed segmentation violations, heap buffer overflows, and out
  of bounds writes.

* RLE: Fixed out of bounds reads and writes.

* ReadImages(): Fixed a possible infinite recursion due to a crafted input file.

* RotateImage(): Fixed thrown assertion.

* SGI: Fixed out of bounds writes.

* SUN: Fixed out of bounds reads and writes.

* SVG: Fixed heap and stack buffer overflows, as well as segmentation
  violations (CVE-2016-2317 and CVE-2016-2318).  Also fixed endless
  loop, unexpectedly large memory allocation, divide by zero, and
  recursion issues.

* TIFF: Fixed an assertion while reading.  Fixed benign heap overflow.

* TMP: Adding a "tmp:" prefix to a filename no longer removes the file
  since this seems dangerous.

* VIFF: Fix excessive memory allocation with intentionally corrupted input file.

* XCF: Fixed a heap buffer overflow.

* XPM: Fixed several heap buffer overflows, and out of bound
  reads/writes.  Also fixed a case of excessive memory allocation.

* delegate.mgk: The default delegate.mgk file has been pared down in
  order to reduce security exposure.

* gnuplot ('gplt' delegate in delegates.mgk): Support for rendering
  gnuplot files is removed since the format is inherently insecure.

* File names: File names starting with a '|' character are no longer
  interpreted as shell commands to be executed as input or output.

Bug fixes:

* BMP: Fix reading 24-bit Microsoft BMP which claims to have a
  colormap.

* FILE: `file://` URLs are properly supported now (they never worked
  before).

* JP2: It is now possible to write lossless JPEG 2000 "JP2" format.

* SVG: Support font-size "medium".

New Features:

* Blob I/O C APIs: Added signed versions of short and long Read/Write
  functions.

* FILE: `file://` URLs are properly supported now (they never worked
  before).

* MAT: Matlab V4 is now partially supported.

* Magick++: Added double-precision xResolution() and yResolution()
  methods to support setting the horizontal and vertical resolution
  with double floating point precision.

* Mogrify now supports a -preserve-timestamp option to preserve file
  access and modification timestamps.

Feature improvements:

Windows Delegate Updates/Additions:

* Updated bundled libpng to release 1.6.19.

* Updated bundled libwebp to release 0.4.4.

* Update bundled libxml2 to release 2.9.3.

* Update bundled freetype to release 2.6.2.

Build Changes:

* Added ``--enable-broken-coders`` configure option to enable file
  format support which may be broken or cause security issues.  The
  PSD format is now classified as "broken" (until it is fixed).

Behavior Changes:

* PSD format is not included in the build by default.

* Files ending with ".mvg" and ".msl" are not assumed to be image
  files by default.

* File names starting with '|' are no longer treated as shell
  commands.

* Gnuplot and POV delegate support is removed from the default
  delegate.mgk file.

Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
Revbump after updating graphics/libwebp

Log message:
Add libwebp dependency and bump PKGREVISION accordingly.

Log message:
Remove mk/find-prefix.mk usage from the graphics category.

The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.

Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure.  Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.

Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.

Log message:
Changes 1.3.23:

Special Issues:
* Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute \ 
much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point \ 
math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit \ 
builds do not experience the problem since they use '387 math. It is not clear \ 
in what version of GCC this problem started but it was not noticed by the \ 
developers until the GCC 4.6 timeframe. Other compilers do not suffer from this \ 
bug. Please lobby the GCC project to fix this embarrassing performance bug.

Security Fixes:
* ScaleImage(): While not strictly a security issue, requesting to scale an \ 
image while retaining the original number of rows will lead to a program crash \ 
or memory corruption due to double-free.

Bug fixes:
* ScaleImage(): Fix problem with new width/height match original (regression \ 
added by 1.3.22).
* ScaleImage(): Fix double-free when new rows matches original rows (regression \ 
added by 1.3.22).
* MinGW build fix related to eliminating a sleep() macro which conflicts with a \ 
MinGW-provided inline sleep() function.
* PNG: Issue a warning instead of an error when attempting to read a PNG file \ 
containing a zero-length profile. This allows the file to be read.
* identify: Fix problem in that identify -format "%A" (to test if \ 
transparency is supported in image) does not always produce the correct results.

Log message:
Add SHA512 digests for distfiles for graphics category

Problems found with existing digests:
	Package fotoxx distfile fotoxx-14.03.1.tar.gz
	ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
	118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
	Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
	34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
	Package pgraf: missing distfile pgraf-20010131.tar.gz
	Package qvplay: missing distfile qvplay-0.95.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Log message:
Changes 1.3.22:

Special Issues:
* Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute \ 
much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point \ 
math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit \ 
builds do not experience the problem since they use '387 math. It is not clear \ 
in what version of GCC this problem started but it was not noticed by the \ 
developers until the GCC 4.6 timeframe. Other compilers do not suffer from this \ 
bug. Please lobby the GCC project to fix this embarrassing performance bug.
* Magick++: Any libraries or applications using Magick++ should be rebuilt in \ 
order to use this new release. Libraries and applications will be able to \ 
continue to use prior versions of Magick++ without being re-built, while \ 
benefiting from updated C libraries, provided that the system supports library \ 
versioning.

Security Fixes:
* General Coverity fixes. Some might have security consequences.
* Ghostscript options concatenation is more secure against buffer overflow.
* Windows: Built-in random number generator is now salted using \ 
CryptGenRandom(). This improves the robustness of the temporary file allocator.

Bug fixes:
* ...

Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.