2018-11-20 11:19:29 by Adam Ciarcinski | Files touched by this commit (6) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
GraphicsMagick: updated to 1.3.31
1.3.31:
Special Issues:
Firmware and operating system updates to address the Spectre vulnerability (and \
possibly to some extent the Meltdown vulnerability) have substantially penalized \
GraphicsMagick's OpenMP performance. Performance is reduced even with GCC 7 and \
8's improved optimizers. There does not appear to be anything we can do about \
this.
Security Fixes:
GraphicsMagick is now participating in Google's oss-fuzz project due to the \
contributions and assistance of Alex Gaynor. Since February 4 2018, 292 issues \
have been opened by oss-fuzz and 279 of those issues have been resolved. The \
issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list \
under search term "graphicsmagick". Issues are available for anyone to \
view and duplicate if they have been in "Verified" status for 30 days, \
or if they have been in "New" status for 90 days. There are too many \
fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial \
repository commit log, and the oss-fuzz issues list for details.
Bug fixes:
See above note about oss-fuzz fixes.
CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge issue 571.
Drawing recursion is limited to 100 and may be tuned via the \
MAX_DRAWIMAGE_RECURSION pre-processor definition.
Fix reading MIFF files using legacy keyword 'color-profile' for ICC color \
profile as was used by ImageMagick 4.2.9.
Fix reading/writing files when 'magick' is specified in lower case. This bug was \
a regression in 1.3.30.
New Features:
TIFF: Support Zstd compression in TIFF. This requires libtiff 4.0.10 or later.
TIFF: Support WebP compression in TIFF. This requires libtiff 4.0.10 or later.
API Updates:
MagickMonitor() is marked as deprecated. Code should not be using this function \
any more.
Feature improvements:
The progress monitor callbacks (registered using MagickMonitor() or \
MagickMonitorFormatted()) are serialized via a common semaphore rather than via \
critical sections in OpenMP loops. OpenMP loops are updated to use OpenMP \
'atomic' and 'flush' to update shared loop variables rather than using a OpenMP \
'critical' construct, reducing contention. Performance on some targets is \
observed to have been improved by this change.
Build Changes:
There was already a 'compare' command installed with the \
'--enable-magick-compat' configure option was used but it did not function. Now \
it functions. There was no compare command in ImageMagick 5.5.2 and this compare \
command is only roughly similar to a compare command in some subsequent \
ImageMagick release.
Removed Remove Ghostscript library support (--with-gslib) from configure script. \
The 'HasGS' pre-processor defines which were enabled by this remain in the \
source code so it is still possible to use this library if absolutely necessary \
(e.g. CPPFLAGS=-DHasGS LIBS=-lgs).
No longer explicitly link with the OpenMP library when it will be supplied \
already due to CFLAGS.
Behavior Changes:
JPEG: Libjpeg-turbo is allowed 1/5th the memory resource limit provided for \
Graphicsmagick via the cinfo->mem->max_memory_to_use option, which is part \
of the IJG JPEG API/ABI, but usually not supported there. This feature works for \
libjpeg-turbo 1.5.2 and later. Limiting the memory usage is useful since \
libjpeg-turbo may otherwise consume arbitrary amounts of memory even before \
Graphicsmagick is informed of the image dimensions.
JPEG: The maximum number of JPEG progressive scans is limited to 50. Otherwise \
some technically valid files could be read for almost forever.
|
2018-11-14 23:22:54 by Klaus Klein | Files touched by this commit (1332) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
Revbump after cairo 1.16.0 update.
|
2018-11-12 04:53:16 by Ryo ONODERA | Files touched by this commit (1532) |
Log message:
Recursive revbump from hardbuzz-2.1.1
|
2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558) |
Log message:
Recursive bump for perl5-5.28.0
|
2018-05-06 12:05:39 by Adam Ciarcinski | Files touched by this commit (1) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
p5-GraphicsMagick: updated to 1.3.29
|
2018-04-18 00:29:53 by Thomas Klausner | Files touched by this commit (286) |
Log message:
Add p11-kit to gnutls/bl3.mk and bump dependencies.
|
2018-04-16 16:35:28 by Thomas Klausner | Files touched by this commit (1284) |
Log message:
Recursive bump for new fribidi dependency in pango.
|
2018-03-12 12:18:01 by Thomas Klausner | Files touched by this commit (2155) |
Log message:
Recursive bumps for fontconfig and libzip dependency changes.
|
2018-01-28 21:11:10 by Thomas Klausner | Files touched by this commit (462) |
Log message:
Bump PKGREVISION for gdbm shlib major bump
|
2017-12-19 09:09:29 by Adam Ciarcinski | Files touched by this commit (4) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
GraphicsMagick: updated to 1.3.27a
1.3.27:
Security Fixes:
* CMYK: Fix heap overwrites in raw CMYK writer. Fix heap overwrites
in raw CMYK reader (noticed when doing montage).
* GIF: Assure that global colormap is initialized.
* DescribeImage(): Fix possible heap write overflow when describing
visual image directory. Fix possible heap read overflow while
accessing heap data, and possible information disclosure while
describing the IPTC profile.
* DICOM: Fix huge memory allocation based on bogus length value (DOS
opportunity).
* DrawDashPolygon(): Fix heap out of bounds read in render code.
* GRAY: Fix heap overwrites in raw GRAY reader (noticed when doing
montage).
* JNG: Fix heap overruns. Fix assertions.
* JNG: Prevent a crash due to zero-length color_image while reading a
JNG image. (CVE-2017-11102). Reject JNG files with unreasonable
dimensions given the file size (avoid DOS).
* JNX: Fix DOS due to excessive memory allocations with corrupt file.
* JPEG: Do not allocate backing image pixels until a scanline has been
successfully read. Avoids DOS opportunity with suitably
manufactured file.
* MAP: Fix null pointer dereference or segmentation violation.
* MAT: Fix heap write overflow.
* MNG: Reject over-large (65k by 65k) image. Fix heap overwrites.
* PAM: Fix heap buffer overflow in PAM writer for 1 bit/sample + alpha.
* PICT: Fix excessive memory allocation due to malformed image file.
* PNG: Fix heap buffer overflow in PNG writer when promoting from
indexed PNG to RGBA.
* PNM: Fix DOS due to excessive memory allocations with corrupt file.
* RGB: Fix heap overwrite in raw RGB writer. Fix heap overwrites in
raw RGB reader (noticed when doing montage).
* RLE: Fix DOS opportunities due to false claims in image header. Fix
heap out of bounds read.
* SFW: Avoid possible heap write overflow.
* SUN: Fix heap read overflow. Fix DOS due to excessive memory
allocations with corrupt file.
* SVG: Fix heap write overflow.
* TIFF: Use heuristics to avoid DOS (excessive memory use) due to
false claims by input file. It is possible that this may reject
some valid files. Fix possible small heap overwrite beyond the
allocated scanline buffer due to the NumberOfObjectsInArray() macro
rounding up rather than down.
* UIL: Fix heap overwrite in writer.
* WPG: Fix DOS issues (memory, disk space, CPU time) due to
insufficient validations. Fix heap overwrites.
* XBM: Fix DOS issue where code remains stuck in loop and does not
return.
* XV 332 (PNM): Fix null pointer dereference due to malformed file.
* TracePSClippingPath()/TraceSVGClippingPath(): Fix heap out of bounds
read.
* Validate path entries in the MAGICK_CODER_MODULE_PATH and
MAGICK_FILTER_MODULE_PATH environment variables and convert all
paths to real paths if possible. This avoids possible use of
relative paths to load modules (a possible security issue), or the
possibility of adding a directory which was in the path, but
missing, and may improve efficiency by removing non-existent paths.
Bug fixes:
* AVS: Memory leaks eliminated.
* CINEON: Fix possible use of NULL pointer.
* CMYK: Memory leaks eliminated.
* CUT: Memory leaks eliminated. Fix possible use of NULL pointer.
* DCM: Fix possible use of NULL pointer.
* DrawImage(): Avoid "negative" strncpy(). This seems to be benign
with glibc but perhaps not with other implementations.
* DPX: Memory leaks eliminated.
* EMF: Fix possible use of NULL pointer.
* FindMagickModule(): Fix possible use of NULL pointer.
* FITS: Fix memory leak.
* GIF: Fix memory leak.
* HDF: Memory leaks eliminated.
* HISTOGRAM: Fix memory leak.
* JNG: Memory leaks eliminated. Memory use after free and double-free
issues eliminated. Error reporting fixes.
* Magick::Options::strokeDashArray(): Fix possible use of NULL pointer.
* MagickXFileBrowserWidget(): Fix possible use of NULL pointer.
* MAT: Memory leaks eliminated.
* MagickMapCloneMap(): Fix possible assertion failure.
* MNG: Memory use after free issues eliminated. Fix possible use of
NULL pointer. Fix memory leaks.
* MontageImageCommand(): Fix memory leaks.
* MPC: Fix memory leak in writer.
* MPEG: Fix memory leaks in writer.
* MTV: Memory leaks eliminated.
* NTRegistryKeyLookup(): Fix possible use of NULL pointer.
* NTGetTypeList(): Fix possible use of NULL pointer.
* PCD: Memory leaks eliminated.
* PCL: Fix null pointer dereference in PCL writer.
* PCX: Memory leaks eliminated.
* PALM: Fix possible use of NULL pointer. Fix memory leak.
* PICT: Memory leaks eliminated.
* PNG: Fix small (one-off) heap read overflow.
* PNM: Fix memory leaks.
* PS: Fix use of null pointer in error path.
* PWP: Fix possible use of null pointer.
* ReplaceImageColormap(): Throw an exception rather than assertion if
the input image is not colormapped.
* RGB: Fix memory leak.
* SegmentImage(): Fix possible use of NULL pointer.
* SetImageProfile(): Fix possible assertion failure.
* SGI: Check for EOF while reading SGI file header.
* SUN: Fix memory leak.
* TIFF: Fix possible use of NULL pointer. Fix memory leaks in writer.
* TIM: Fix memory leak.
* TOPOL: Fix possible use of NULL pointer. Fix memory leaks.
* VIFF: Fix memory leak.
* WEBP: Detect partial write to output file.
* WPG: Fix possible use of null pointer. Fix excessive use of disk
resources due to insufficient validations.
* WriteImage(): Restore use of GetBlobStatus() to test if an I/O error
was encountered while writing output file. This assures that I/O
failure in writers which do not themselves verify writes is assured
to be reported.
* WMF: Memory use after free issues eliminated.
* YUV: Fix memory leaks.
New Features:
* PNG: Implemented eXIf chunk support.
* WEBP: Add support for EXIF and ICC metadata provided that at least
libwebp 0.5.0 is used.
* Magick++ Image autoOrient(): New Image method to auto-orient an
image so it looks right-side up by default.
Windows Delegate Updates/Additions:
* Libtiff is updated to libtiff 4.0.9.
Build Changes:
* JPEG/PNG: The SETJMP_IS_THREAD_SAFE definition is used to determine
if setjmp/longjmp are thread safe. If these interfaces are thread
safe, then concurrent reads/writes are possible. This definition is
false for Solaris but true for Linux. JPEG and PNG will be fully
concurrent if this definition is enabled.
Behavior Changes:
* PALM: PALM writer is disabled.
* ThrowLoggedException(): Capture the first exception at
ErrorException level or greater, or only capture exception if it is
more severe than an already reported exception.
* DestroyJNG(): This internal function is now declared static and is
removed from shared library or DLL namespace.
|