The NetBSD Project

CVS log for pkgsrc/graphics/GraphicsMagick/Makefile.common

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / graphics / GraphicsMagick

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.29 / (download) - annotate - [select for diffs], Wed Jan 25 06:40:45 2023 UTC (7 months, 4 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, HEAD
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

GraphicsMagick p5-GraphicsMagick: updated to 1.3.40

1.3.40 (January 14, 2023)

Special Issues:

GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work.

Security Fixes:

GraphicsMagick is participating in Google's oss-fuzz project since February 4 2018 due to the contributions and assistance of Alex Gaynor and Paul Kehrer. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.

Security Fixes:

DCX: Fixed heap overflow when writing more than 1023 scenes, and also eliminated use of uninitialized memory.

Bug fixes:

GetMagickGeometry(): Fix a scaling issue where dimensions could be scaled down to zero.
PCD: Handle writing image with a dimension of 1.
PNG: When writing, use lower-case raw profile identifiers (e.g. 'Raw profile type xmp') because exiftool expects that.
SUN: The sense of monochrome images was inverted. Fix scanline size calculation.
WPG: Fix 20-year old bug in WPG header reading.

New Features:

JXL: Decode and log extra channel information. This information is not yet used.
PCX and DCX: Support writing uncompressed format (use -compress none for no compression).
Added IM1, IM8, and IM24 magick aliases for the Sun Raster format since those are the historically correct extensions.

API Updates:

AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed.

Windows Delegate Updates/Additions:

Jasper is updated to release 2.0.33.

Build Changes:

Visual Studio build possible with Visual Studio 2008 - 2022.
Windows Inno Setup installer now installs Microsoft redistributables rather than using a side-by-side DLL configuration.

Behavior Changes:

AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed.

Revision 1.28 / (download) - annotate - [select for diffs], Tue Dec 14 19:56:24 2021 UTC (21 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

GraphicsMagick: updated to 1.3.37

1.3.37 (December ?, 2021)
==========================

Special Issues:

* The FTP site ftp.graphicsmagick.org is now shut down due to a lack
  of bandwith, extremely abusive users (including from Google and
  customers of Amazon Web Services), and a lack of support from the
  user community.  Another factor is that FTP support has been removed
  from popular web browsers.  This is very unfortunate since the site
  served multiple usages, including providing a lot of historical data
  (e.g. related to PNG) which may not be available elsewhere.

* The Microsoft Visual Studio build has not been updated for this
  release (although it does compile and the results do work fine) and
  I will not be providing any Windows installation packages
  corresponding to this release.  The problem is that the third-party
  'delegate' libraries are out of date and they need to be updated
  since some of them are known to contain severe security
  vulnerabilities.  Several third-party 'delegate' libraries now
  require real C'99 support, which means that Visual Studio 2015 or
  later would be required to build them.  The 'configure' program used
  to build the Visual Studio project files needs to be updated since
  otherwise a 20 minute project upgrade cycle is needed when using
  Visual Studio 2019, and to make minor path changes to avoid a
  multitude of project-file warnings while building.  The installation
  requirements for Visual Studio 2015 or later are different (related
  to run-time "redistributables", which are now very onerous) and so
  the Inno Setup installer needs some minor (or major) changes.  Many
  pleas for assistance have been made (e.g. even to help with testing
  to see if the software executes at all) but thus far the Microsoft
  Windows user community has not been helpful with regards to the
  Microsoft Visual Studio build.

* GraphicsMagick really does need some additional productive
  volunteers.  For several years now, the burden has entirely been on
  me.  I have been sheparding the project for 19 years already (and
  contributed to ImageMagick and GraphicsMagick combined for 25 years
  already).  It is not reasonable to expect someone with a full time
  job (and expecting to retire in a couple of years) to do all of the
  work.

Security Fixes:

* GraphicsMagick is participating in Google's oss-fuzz project due to
  the contributions and assistance of Alex Gaynor. Since February 4
  2018, 590 issues have been opened by oss-fuzz and 23 issues remain
  open (most of which are in third-party software such as development
  JasPer).  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  Please consult the
  GraphicsMagick ChangeLog file, Mercurial repository commit log, and
  the oss-fuzz issues list for details.


Bug fixes:

* CAPTION: Eliminate an assertion upon deallocation.

* CMYK: Fix broken reading of planar CMYK files (a regression since 1.3.27).

* ExecuteModuleProcess(): Add missing error reporting related to
  the -module command option.

* GIF: Handle GIF files where the 'opaque' index matches the number of
  colors by producing an extra colormap entry of transparent
  black.

* JP2: Adaptations to compile cleanly with JasPer 2.0.20.

* META: Fix types used to prefer unsigned types where possible and to
  use 'size_t' rather than 'int' for size values.

* MSL: A great many MSL parser fixes.

* Microsoft Windows: Detect and use Ghostscript point versions added
  after 9.52, after which the version number format was changed.

* PCX: Fix problem that 16-colors are used rather than 256-colors

* PDF: Fix MediaBox dimensions ("Incorrect MediaBox in PDF export").

* PDF: Use appropriate memory deallocator for memory returned by
  StringToList().

* RGB: Fix broken reading of planar RGB files (a regression since
  1.3.27).

* TIFF: Fix double-charging for memory allocations (a regression since
  1.3.36).

* TIFF: Make sure that loops using TIFFReadScanline(), etc, do quit
  upon first reported error.

* WEBP: Enforce that embedded profiles provided by libWebP are not
  zero-sized.

* WEBP: Use SetImagePixelsEx() rather than GetImagePixelsEx() in
  reader.

* WriteBlob(): Use appropriate handle for bzip2.

New Features:

* None

API Updates:

* DisposeTypeToString(): New utility function to convert a DisposeType
  to a string.

* StringToDisposeType(): New utility function to convert a string to a
  DisposeType.

Feature improvements:

* JP2: Support building using development JasPer 3.0.0 and request
  that it use our managed-memory allocators for resource control.

* Pixel Cache: Memory cache implementation of pixel cache now uses
  resource limited memory allocator.

* Analyze filter module: Add OpenMP speed-ups.

* IsImagesEqual(): Allow comparing images when the 'matte' channel
  flag differs.

Windows Delegate Updates/Additions:

* Remove bundled hp2xx.exe, mpeg2dec.exe, and mpeg2enc.exe.

Build Changes:

* Microsoft Windows: configure.ac fixes for gdi32 to depend on user32
  as well.

* Microsoft Windows: VisualMagick/All/All.vcproj.in updated to fix
  problem with not being able to load the 'All' project if the project
  supports the x64 target.

* Autotools build, many more TAP tests have been added, including to
  exercise all of the 'convert' commands.

* TIFF: Adaptations to compile cleanly for libtiff versions
  beyond 20201219.

* Magick++: Support compiling with C++'98 through C++'17.

* Autotools build, Add support for using an external
  'graphicsmagick_snapshot_copy' script to copy files for the
  'snapshot' target. This provides local control over how files are
  copied and where they are copied to.

Behavior Changes:

* TranslateTextEx(): If image resolution is impossibly small, then
  report the default resolution of 72 DPI, or the equivalent in
  centimeters if units is in pixels-per-centimeter.

Revision 1.27 / (download) - annotate - [select for diffs], Sun Jan 24 15:29:26 2021 UTC (2 years, 7 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)

graphicsmagick: Update to 1.3.36

1.3.36 (December 26, 2020)
==========================

Special Issues:

* None

Security Fixes:

* GraphicsMagick is participating in Google's oss-fuzz project due to
  the contributions and assistance of Alex Gaynor. Since February 4
  2018, 454 issues have been opened by oss-fuzz (some of which were
  benign build issues such as SourceForge Mercurial not working
  correctly) and 7 issues remain open (all of which are marked in an
  "unreproducible" state).  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  Please consult the
  GraphicsMagick ChangeLog file, Mercurial repository commit log, and
  the oss-fuzz issues list for details.

* WPG: Fixes for heap buffer overflow.

Bug fixes:

* ConstituteImage(): Set image depth appropriately based on the
  storage size specified by StorageType and QuantumDepth.

* GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme
  fuzz values could produce an image with negative width.

* ImageToFile(): Improve error handling to avoid possible deferred
  deletion of temporary files, causing unexpected excessive use of
  temporary file space.

* JNG: Add validations for alpha compression method values and use
  this information to enforce decoding using the appropriate
  sub-format (rather than auto-detecting the format).  Also, address
  memory leaks which may occur if the sub-decoder does something other
  than was expected.

* MagickCondSignal(): Improvements to conditional signal handler
  registration (which avoids over-riding signal handlers previously
  registered by an API user).

* ModifyCache(): Fix memory leak.

* ReadCacheIndexes(): Don't blunder into accessing a null pointer if
  the using code has ignored a previous error report bubled-up from
  SetNexus().

* MNG: When doing image scaling and the image width or height is 1
  then always use simple pixel replication as per the MNG
  specification.

* MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing
  to eliminate a class of malign behavior.

* MVG: Place an aribrary limit on stroke dash polygon unit maximum
  length in order to avoid possibly rendering "forever".

* PCL: No longer attempt to handle reading HP PCL format via the
  external 'hp2xx' program since it seems worthless for that task.

* PS: Fix corrupt image when writing PseudoClass image with a colormap
  larger than two entries as bilevel.

* SVG: Memory leak fixes.

* SVG reader: Now support 'ping' support so the identify command works
  as expected.

* TIFF: WEBP compression only supports a depth of 8 so force that
  value.

* Wand MagickSetSamplingFactors(): Correct formatting of sampling
  factors string.

New Features:

* Logging is now fully programmable.

* DPX format: Support dpx:swap-samples-read define which behaves
  similar to dpx:swap-samples, but is only applied when reading, as
  well as dpx:swap-samples-write, which is only applied when
  writing. This provides for use when there is both reading and
  writing in the same operation (otherwise the final result was no
  effect!).

API Updates:

* magick/api.h: Add "magick/enum_strings.h" to API headers.

* New log settings accessor C functions: SetLogDefaultFileName(),
  SetLogDefaultFormat(), SetLogDefaultOutputType(),
  SetLogDefaultLogMethod(), SetLogDefaultLimit(),
  SetLogDefaultGenerations(), SetLogDefaultEventType().  These
  functions allow a program to set the same parameters which may be
  set by loading a "log.mgk" function.  If a default logging callback
  was provided via SetLogDefaultLogMethod() such that MethodOutput is
  used, then the search for a "log.mgk" is avoided entirely.

* New log settings accessor C++ functions: SetLogDefaultFileName(),
  SetLogDefaultFormat(), SetLogDefaultOutputType(),
  SetLogDefaultLogMethod(), SetLogDefaultLimit(),
  SetLogDefaultGenerations(), SetLogDefaultEventType().  These C++
  functions just pass through to the equivalent C functions and
  provide the same benefits.

Feature improvements:

* A simple resource-limit respecting memory allocator has been
  developed for internal use wherever arbitrarily-large amounts of
  memory might be requested.  This will gradually be added wherever it
  appears to be needed.  The memory resource limits are at the overall
  process level.  The MVG/SVG rendering code is updated to use this
  new allocator.  Almost all of the coders (image format
  readers/writers) have now been updated to use this new allocator.
  This means that '-limit memory 300MB' would be more complete and
  meaningful now.  Temporary allocations by the image processing
  algorithms (other than for the images themselves) are still not
  accounted for in the resource limiting.

* MVG Renderer / DrawImage(): Use resource-limit respecting memory
  allocators for remaining large memory allocations.

* PNG writer: Don't skip optional Exif identifier code if it isn't present.

* DPX reader/writer: decode/encode of 10-bit packed DPX is now twice
  as fast due to code simplification.

* TIFF reader: Apply the same resource limits to TIFF tile sizes as
  apply to the image itself.

Windows Delegate Updates/Additions:

* None

Build Changes:

* configure.ac: Update syntax to avoid using deprecated syntax
  according to Autoconf 2.69.  Also added copious m4 quoting.

* Magick++ Drawable base class no longer uses std::unary_function when
  compiled using C++'17 or later, since this feature has been removed
  from the language.

* Support the configure option --disable-compressed-files to disable
  automatic decompress of gzip and bzip2 compressed files (e.g. files
  with extension 'gz' or 'bz2', and sometimes 'svgz', but sometimes
  posing as some other format).  It turns out that there are some
  extremely compressed files (e.g. over 1000x compression ratio) which
  can take a long time to decompress and produce large temporary
  files.  We currently normally wait for the whole file to be
  decompressed before decoding it.  The only exception is for coders
  with native 'blob' support and which do not require seeking, and
  that the user forced forced the format by adding a magick prefix
  like "DPX:file.dpx" to avoid the automatic file format detection.

* Support the configure option --without-gs to disable reading PS,
  EPS, and PDF formats via an external Ghostscript delegate program.
  This corresponds to the HasGS definition in the source code.

* Support the configure option --without-gdi32 to support disabling
  use of the Microsoft Windows gdi32 library if it is not wanted.

* The Automake-based test suite now applies a memory limit of 128MB
  for the Q8, or 256MB for the Q16, or 512MB for the Q32 build, as
  well as setting a disk space limit of 0.  The limits place an upper
  bound on the resources required, while assuring that tests do pass
  with resource limits applied, while also assuring that disk-based
  pixel-cache files are not used.

Behavior Changes:

* Previously the formatting settings from "log.mgk" were only used
  when writing to a file, or to the console, via a file handle.  Now
  the log formatting has been normalized so that the settings provided
  by "log.mgk" (or SetLogDefaultFormat()) will always be used.  It is
  possible this may result in some formatting changes.

* In the Windows Visual Studio build, the ProvideDllMain option is now
  disabled by default (can still be enabled) since it causes
  InitializeMagick() to be invoked prior to when the program's main()
  routine is called, thereby blocking configuration activities or use
  of InitializeMagickEx().  With this change it is even more
  imperative that InitializeMagick() be explicitly invoked by all
  programs using GraphicsMagick.

Revision 1.26 / (download) - annotate - [select for diffs], Wed Feb 26 15:19:20 2020 UTC (3 years, 6 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

graphicsmagick: Update to 1.3.35

1.3.35 (February 23, 2020)
==========================

Special Issues:

* It has been discovered that the 'ICU' library (a perhaps 30MB C++
  library) which is now often a libxml2 dependendency causes huge
  process initialization overhead.  This is noticed as unexpected
  slowness when GraphicsMagick utilities are used to process small to
  medium sized files.  The time to initialize the 'ICU' library is
  often longer than the time that GraphicsMagick would otherwise
  require to read the input file, process the image, and write the
  output file.  If the 'ICU' dependency can not be avoided, then make
  sure to use the modules build so there is only impact for file
  formats which require libxml2.  Please lobby the 'ICU' library
  developers to change their implementation to avoid long start-up
  times due to merely linking with the library.

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 398 issues have been opened by oss-fuzz (some of which were
  benign build issues) and 11 issues remain open.
  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

Bug fixes:

* Fix broken definition of ResourceInfinity which resulted in that
  GetMagickResource() would return -1 rather than the maximum range
  value for the return type as documented. (problem added by the
  1.3.32 release).

* ModifyCache(): Re-open the pixel cache if the cache rows/columns do
  not match the owning image rows/columns.

* Fix DisplayImages() return status.  The return status was inverted.

* HISTOGRAM: Histogram once again includes the histogram as a text
  comment.  This became broken by previous security fixes.

* PICT: Fixed heap buffer overuns reported multiple sources.

* JNG: Detect when JPEG encoder has failed and throw an exception.

* MVG/DrawImage(): Performs even more parsing validations.

* Clang static analyzer fixes: A great many fixes were made based on
  problem reports by the Clang static analyzer.

* Visual Studio static analyzer fixes: A great many fixes were made
  based on problem reports by the Visual Studio 2019 static analyzer.
  Many of these may improve the robustness of 64-bit code.

New Features:

* GRADIENT/GradientImage(): Improved accuracy of gradient levels as
  well as dramaticaly improving performance.  Output PseudoClass
  images if we can.  Add support for using the image 'gravity'
  attribute as well as the "gradient:direction" definition to produce
  gradient vector directions corresponding to SouthGravity (the
  previously-existing default), NorthGravity, WestGravity,
  EastGravity, NorthWestGravity, NorthEastGravity, SouthWestGravity,
  and SouthEastGravity.

API Updates:

* InitializeMagickEx(): New function which may be used in place of
  InitializeMagick() to initialize GraphicsMagick.  This
  initialization function returns an error status value, may update a
  passed ExceptionInfo structure with error information, and provides
  an options parameter which supports simple bit-flags to tailor
  initialization.  The signal handler registrations are skipped if the
  MAGICK_OPT_NO_SIGNAL_HANDER flag is set in the options.

Feature improvements:

* Replace use of non-reentrant legacy POSIX functions with reentrant
  equivalents.

* Timing of image reads should now be very accurate.  The timer was
  sometimes not stopped as soon as it should be.

* PICT: The PICT reader is working pretty good now.  It handles all
  the PICT image files I have available to me.

Windows Delegate Updates/Additions:

* None

Build Changes:

* Visual Studio Build: Configure program now provides a checkbox to
  enable common optimizations for better performance.

Behavior Changes:

* POSIX Signals: Use the normal termination signal handler for SIGXCPU
  and SIGXFSZ so that ulimit or setrlimit(2) may be used to apply CPU
  (RLIMIT_CPU) and output file size (RLIMIT_FSIZE) limits with the
  normal cleanup, and without dumping core. Note that any output files
  currently being written may be truncated and files being written by
  external programs (e.g. Ghostscript) might be left behind unless
  they are to a temporary file assigned by GraphicsMagick.

* Some private string and integer constants were removed from the
  apparent library ABI.  Some private functions were marked static and
  removed from the apparent library ABI.  This is mentioned because
  someone is sure to notice and be concerned about it.

* The remaining private content in installed header files was moved
  into -private.h header files which are not installed.  This should
  not be cause for concern but is mentiond because someone is sure to
  notice and be concerned about it.

Revision 1.24.6.1 / (download) - annotate - [select for diffs], Thu Jan 9 14:58:32 2020 UTC (3 years, 8 months ago) by bsiegert
Branch: pkgsrc-2019Q4
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)

Pullup ticket #6112 - requested by nia
graphics/GraphicsMagick: security fix

Revisions pulled up:
- graphics/GraphicsMagick/Makefile                              1.103
- graphics/GraphicsMagick/Makefile.common                       1.25
- graphics/GraphicsMagick/distinfo                              1.51
- graphics/p5-GraphicsMagick/Makefile                           1.49

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Jan  8 12:11:36 UTC 2020

   Modified Files:
   	pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common distinfo
   	pkgsrc/graphics/p5-GraphicsMagick: Makefile

   Log Message:
   GraphicsMagick: Update to 1.3.34

   1.3.34 (December 24, 2019)
   ==========================

   Special Issues:

   * It has been discovered that the 'ICU' library (a perhaps 30MB C++
     library) which is now often a libxml2 dependendency causes huge
     process initialization overhead.  This is noticed as unexpected
     slowness when GraphicsMagick utilities are used to process small to
     medium sized files.  The time to initialize the 'ICU' library is
     often longer than the time that GraphicsMagick would otherwise
     require to read the input file, process the image, and write the
     output file.  If the 'ICU' dependency can not be avoided, then make
     sure to use the modules build so there is only impact for file
     formats which require libxml2.  Please lobby the 'ICU' library
     developers to change their implementation to avoid long start-up
     times due to merely linking with the library.

   Security Fixes:

   * GraphicsMagick is now participating in Google's oss-fuzz project due
     to the contributions and assistance of Alex Gaynor. Since February 4
     2018, 386 issues have been opened by oss-fuzz (some of which were
     benign build issues) and 376 of those issues have been resolved.
     The issues list is available at
     https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
     "graphicsmagick".  Issues are available for anyone to view and
     duplicate if they have been in "Verified" status for 30 days, or if
     they have been in "New" status for 90 days.  There are too many
     fixes to list here.  Please consult the GraphicsMagick ChangeLog
     file, Mercurial repository commit log, and the oss-fuzz issues list
     for details.

   Bug fixes:

   * DPS: Eliminate a memory leak.

   * Debug Trace: Only output text to terminate an XML format log file if
     XML format is active.

   * EXIF Parser: Detect non-terminal parsing and report an error.

   * EXIF Parser: Eliminate heap buffer overflows.

   * HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.

   * MAT: Implement subimage/subrange support.

   * MVG: Address non-terminal loops, excessive run-time, thrown
     assertions, divide-by-zero, heap overflow, and memory leaks.

   * OpenModule(): Now properly case-insensitive, as it used to be.

   * PCX: Verify that pixel region is not negative. Assure that opacity
     channel is initialized to opaqueOpacity.  Update DirectClass
     representation while PseudoClass representation is updated.  Improve
     read performance with uncompressed PCX.

   * PICT: Fix heap overflow in PICT writer.

   * PNG: Fix validation of raw profile length.

   * PNG: Skip coalescing layers if there is only one layer.

   * PNM: Fix denial of service opportunity by limiting the length of PNM
     comment text.

   * WPG: Avoid Avoid dereferencing a null pointer.

   * WPG: Implement subimage/subrange support.

   * WPG: Improve performance when reading an embedded image.

   * Wand library: In MagickClearException(), destroy any existing
     exception info before re-initializing the exception info or else
     there will be a memory leak.

   * XPM: Rquire that image properties appear in the first 512 bytes of
     the XPM file header.

   New Features:

   * Visual Studio build supports JBIG and WebP compression in TIFF format.

   API Updates:

   * None

   Feature improvements:

   * Compliles clean using GCC 9.

   Windows Delegate Updates/Additions:

   * bzlib: bzip is updated to 1.0.8 release.

   * jbig: jbigkit is updated to 2.1 release.

   * lcms: lcms2 is updated to 2.9 release.

   * libxml: libxml2 is updated to 2.9.10 release.

   * png: libpng is updated to 1.6.37 release.

   * tiff: libtiff is updated to 4.1.0 release.

   * webp: libwebp is updated to the 1.0.3 release.

   * zlib: zlib is updated to 1.2.11 release.

   * TIFF: Now also supports reading JBIG-compressed TIFF, and
     reading/writing WebP-compressed TIFF.  A number of libtiff feature
     options which are now commonly enabled were disabled and are now
     enabled by default.

   Build Changes:

   * MinGW: Static and shared library builds were not working.  Only the
     modules build was actually working!

   * Python scripts related to the build (enabled by
     --enable-maintainer-mode) are now compatible with Python 3.

   * Now supports using Google gperftools tcmalloc library for the memory
     allocator.  This improves performance for certain repetitive
     work-loads and heavily-threaded algorithms.

   * Configure now reports the status of zstd (FaceBook Zstandard)
     compression in its configuration summary.

   * TclMagick: Address many issues mentioned by SourceForge issue #420
     "TclMagick issues and patch".

   Behavior Changes:

   * PNG: Post-processing to convert the image type in the PNG reader
     based on a specified magick prefix string is now disabled.  This can
     (and should) be done after the image has been returned.

   * Trace Logging: The compiled-in logging default is always to stderr,
     which may be over-ridden using log.mgk as soon as it is loaded.

   * Windows Build: Search registry key HKEY_CURRENT_USER as well as
     HKEY_LOCAL_MACHINE when searching for Ghostscript.  By following the
     procedure documented in SourceForge bug 615 "GhostScript
     installation check", this allows for local user installations
     without "administrator" privileges.

Revision 1.25 / (download) - annotate - [select for diffs], Wed Jan 8 12:11:36 2020 UTC (3 years, 8 months ago) by nia
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)

GraphicsMagick: Update to 1.3.34

1.3.34 (December 24, 2019)
==========================

Special Issues:

* It has been discovered that the 'ICU' library (a perhaps 30MB C++
  library) which is now often a libxml2 dependendency causes huge
  process initialization overhead.  This is noticed as unexpected
  slowness when GraphicsMagick utilities are used to process small to
  medium sized files.  The time to initialize the 'ICU' library is
  often longer than the time that GraphicsMagick would otherwise
  require to read the input file, process the image, and write the
  output file.  If the 'ICU' dependency can not be avoided, then make
  sure to use the modules build so there is only impact for file
  formats which require libxml2.  Please lobby the 'ICU' library
  developers to change their implementation to avoid long start-up
  times due to merely linking with the library.

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 386 issues have been opened by oss-fuzz (some of which were
  benign build issues) and 376 of those issues have been resolved.
  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

Bug fixes:

* DPS: Eliminate a memory leak.

* Debug Trace: Only output text to terminate an XML format log file if
  XML format is active.

* EXIF Parser: Detect non-terminal parsing and report an error.

* EXIF Parser: Eliminate heap buffer overflows.

* HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.

* MAT: Implement subimage/subrange support.

* MVG: Address non-terminal loops, excessive run-time, thrown
  assertions, divide-by-zero, heap overflow, and memory leaks.

* OpenModule(): Now properly case-insensitive, as it used to be.

* PCX: Verify that pixel region is not negative. Assure that opacity
  channel is initialized to opaqueOpacity.  Update DirectClass
  representation while PseudoClass representation is updated.  Improve
  read performance with uncompressed PCX.

* PICT: Fix heap overflow in PICT writer.

* PNG: Fix validation of raw profile length.

* PNG: Skip coalescing layers if there is only one layer.

* PNM: Fix denial of service opportunity by limiting the length of PNM
  comment text.

* WPG: Avoid Avoid dereferencing a null pointer.

* WPG: Implement subimage/subrange support.

* WPG: Improve performance when reading an embedded image.

* Wand library: In MagickClearException(), destroy any existing
  exception info before re-initializing the exception info or else
  there will be a memory leak.

* XPM: Rquire that image properties appear in the first 512 bytes of
  the XPM file header.

New Features:

* Visual Studio build supports JBIG and WebP compression in TIFF format.

API Updates:

* None

Feature improvements:

* Compliles clean using GCC 9.

Windows Delegate Updates/Additions:

* bzlib: bzip is updated to 1.0.8 release.

* jbig: jbigkit is updated to 2.1 release.

* lcms: lcms2 is updated to 2.9 release.

* libxml: libxml2 is updated to 2.9.10 release.

* png: libpng is updated to 1.6.37 release.

* tiff: libtiff is updated to 4.1.0 release.

* webp: libwebp is updated to the 1.0.3 release.

* zlib: zlib is updated to 1.2.11 release.

* TIFF: Now also supports reading JBIG-compressed TIFF, and
  reading/writing WebP-compressed TIFF.  A number of libtiff feature
  options which are now commonly enabled were disabled and are now
  enabled by default.

Build Changes:

* MinGW: Static and shared library builds were not working.  Only the
  modules build was actually working!

* Python scripts related to the build (enabled by
  --enable-maintainer-mode) are now compatible with Python 3.

* Now supports using Google gperftools tcmalloc library for the memory
  allocator.  This improves performance for certain repetitive
  work-loads and heavily-threaded algorithms.

* Configure now reports the status of zstd (FaceBook Zstandard)
  compression in its configuration summary.

* TclMagick: Address many issues mentioned by SourceForge issue #420
  "TclMagick issues and patch".

Behavior Changes:

* PNG: Post-processing to convert the image type in the PNG reader
  based on a specified magick prefix string is now disabled.  This can
  (and should) be done after the image has been returned.

* Trace Logging: The compiled-in logging default is always to stderr,
  which may be over-ridden using log.mgk as soon as it is loaded.

* Windows Build: Search registry key HKEY_CURRENT_USER as well as
  HKEY_LOCAL_MACHINE when searching for Ghostscript.  By following the
  procedure documented in SourceForge bug 615 "GhostScript
  installation check", this allows for local user installations
  without "administrator" privileges.

Revision 1.24 / (download) - annotate - [select for diffs], Thu Aug 8 20:56:40 2019 UTC (4 years, 1 month ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Branch point for: pkgsrc-2019Q4
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)

{p5-}GraphicsMagick: Update to 1.3.33

1.3.33 (July 20, 2019)
==========================

Special Issues:

* It has been discovered that the 'ICU' library (a perhaps 30MB C++
  library) which is now often a libxml2 dependendency causes huge
  process initialization overhead.  This is noticed as unexpected
  slowness when GraphicsMagick utilities are used to process small to
  medium sized files.  The time to initialize is often longer than the
  time to read the input file, process the image, and write the output
  file.  If the 'ICU' dependency can not be avoided, then make sure to
  use the modules build.  Please lobby the 'ICU' library developers to
  change their implementation to avoid long start-up times due to
  merely linking with the library.

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 353 issues have been opened by oss-fuzz and 338 of those
  issues have been resolved.  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

* Documentation has been added regarding security hazards due to
  commands which support a '@filename' syntax.

* MontageImages(): Fix wrong length argument to strlcat() when
  building montage directory, which could allow heap overwrite.

Bug fixes:

* PNG: Pass correct size value to strlcat() in module registration
  code.  This bug is noticed to cause problems for Apple's OS X and
  Linux Alpine with musl libc.  This fixes a regression introduced by
  the 1.3.32 release.

* Re-implement command-line utility `'@'` file inclusion support for
  `-comment`, `-draw`, `-format`, and `-label` which was removed for
  the 1.3.32 release.  The new implementation is isolated to
  command-line utility implementation code rather than being deeply
  embedded in the library and exposed in other usage contexts.  This
  fixes a regression introduced by the 1.3.32 release.

* CAPTION: The The CAPTION reader did not appear to work at all any
  more.  Now it works again, but still not very well.

* MagickXDisplayImage(): Fix heap overwrite of windows->image.name and
  windows->image.icon_name buffers.  This bug has surely existed since
  early GraphicsMagick releases.

* MagickXAnimateImages(): Fix memory leak of scene_info.pixels.

* AcquireTemporaryFileDescriptor(): Fix compilation under Cygwin. This
  fixes a regression introduced by the 1.3.32 release.

* PNG: Fix saving to palette when mage has an alpha channel but no
  color is marked as transparent.

* Compilation warnings in the Visual Studio WIN64 build due to the
  'long' type being only 32-bits have been addressed.

New Features:

* None

API Updates:

* None

Feature improvements:

* None

Windows Delegate Updates/Additions:

* None

Build Changes:

* None

Behavior Changes:

* Support for `'@'` file inclusion support for `-comment`, `-draw`,
  `-format`, and `-label` has been restored.

Revision 1.23 / (download) - annotate - [select for diffs], Tue Jun 18 13:30:52 2019 UTC (4 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

{p5-}GraphicsMagick: updated to 1.3.32

1.3.32:

Special Issues:

It has been discovered that the 'ICU' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize is often longer than the time to read the input file, process the image, and write the output file. If the 'ICU' dependency can not be avoided, then make sure to use the modules build. Please lobby the 'ICU' library developers to change their implementation to avoid long start-up times due to merely linking with the library.
Security Fixes:

GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 343 issues have been opened by oss-fuzz and 331 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.
BMP reader: Fix heap overflow in 32-bit build due to arithmetic overflow. Only happens if limits are changed from defaults.
BMP reader/writer: Improve buffer-size calculations to guard against buffer overflows.
DIB reader: Reject files which claim more than 8-bits per pixel but also claim to be colormapped.
DIB reader/writer: Improve buffer-size calculations to guard against buffer overflows.
MIFF reader: Detect end of file while reading RLE packets.
MIFF reader: Fix heap overflow (for some files using RLE compression) caused by a typo in the code.
MAT writer: Added missing error handling to avoid heap overflow.
MNG reader: Fixed a small heap buffer overflow.
SVG reader: Fixed a stack buffer overflow.
TGA writer: Fix heap overflow when image rows/columns are larger than 65535.
TIFF reader: Rationalize tile width/height to reject large tile sizes which are much larger than the image dimensions.
TIFF reader: Apply memory resource limits to strip and tile allocations.
WMF reader: Fixed a division by zero problem.
XWD reader: Many heap buffer overflows and uses of uninitialized data were fixed.
Pixel cache: Now apply resource limits to pixel nexus allocations using the same limits (total pixels, width, height, memory) as applied to the whole image since some requests are directly influenced by the input file. More tests are added for arithmetic overflow. Care was taken to minimize performance impact due to the many extra checks.

Bug fixes:

See above note about oss-fuzz fixes.
Fixed include order of magick/api.h vs wand/wand_symbols.h.
WriteImage(): Eliminate use of just-freed memory in clone_info->magick when throwing exception due to no support for format.
Magick++/lib/Magick++/Drawable.h: Fix use of clang diagnostic syntax.
DIB: Preserve PseudoClass opaque representation if ICO mask is opaque.
JPEG reader: Restore ability to access detailed image properties while in 'ping' mode.
JPEG reader: Base test for "Unreasonable dimensions" on original JPEG dimensions and not the scaled dimensions.
JPEG reader: Allow input files to have a compression ratio as high as 2500. Extremely compressed files were being rejected.
FreeType renderer: Fixed a memory leak.
PDF writer: Fixed a memory leak.
PDF writer: Fixed a thread safety problem.
PICT reader: Fix a thread safety problem.
Exception reporting: Throwing an exception was not thread safe. Now it is.
Exception reporting: Handle the case where some passed character strings refer to existing exception character strings.
Command-line parser now does not attempt to read a list of filenames from a file in '@name' syntax if the path '@name' exists. Previously it would attempt to read a list of file names from 'name' even if '@name' did exist.
Rendering: Short-circuit path parsing and return and error immediately if an error occurs.

New Features:

Added support for writing the Braille image format (by Samuel Thibault).
WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use sharp (and slow) RGB->YUV conversion") via -define webp:use-sharp-yuv=true.
The version command output now reports the OpenMP specification number rather than just the integer version identifier.

API Updates:

ReallocateImageColormap() added to re-allocate an existing colormap.
Some improperly-exposed globals are now static as they should have been.

Revision 1.22 / (download) - annotate - [select for diffs], Tue Nov 20 10:19:29 2018 UTC (4 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

GraphicsMagick: updated to 1.3.31

1.3.31:

Special Issues:
Firmware and operating system updates to address the Spectre vulnerability (and possibly to some extent the Meltdown vulnerability) have substantially penalized GraphicsMagick's OpenMP performance. Performance is reduced even with GCC 7 and 8's improved optimizers. There does not appear to be anything we can do about this.
Security Fixes:

GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 292 issues have been opened by oss-fuzz and 279 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.

Bug fixes:
See above note about oss-fuzz fixes.
CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge issue 571.
Drawing recursion is limited to 100 and may be tuned via the MAX_DRAWIMAGE_RECURSION pre-processor definition.
Fix reading MIFF files using legacy keyword 'color-profile' for ICC color profile as was used by ImageMagick 4.2.9.
Fix reading/writing files when 'magick' is specified in lower case. This bug was a regression in 1.3.30.

New Features:
TIFF: Support Zstd compression in TIFF. This requires libtiff 4.0.10 or later.
TIFF: Support WebP compression in TIFF. This requires libtiff 4.0.10 or later.

API Updates:
MagickMonitor() is marked as deprecated. Code should not be using this function any more.

Feature improvements:
The progress monitor callbacks (registered using MagickMonitor() or MagickMonitorFormatted()) are serialized via a common semaphore rather than via critical sections in OpenMP loops. OpenMP loops are updated to use OpenMP 'atomic' and 'flush' to update shared loop variables rather than using a OpenMP 'critical' construct, reducing contention. Performance on some targets is observed to have been improved by this change.

Build Changes:
There was already a 'compare' command installed with the '--enable-magick-compat' configure option was used but it did not function. Now it functions. There was no compare command in ImageMagick 5.5.2 and this compare command is only roughly similar to a compare command in some subsequent ImageMagick release.
Removed Remove Ghostscript library support (--with-gslib) from configure script. The 'HasGS' pre-processor defines which were enabled by this remain in the source code so it is still possible to use this library if absolutely necessary (e.g. CPPFLAGS=-DHasGS LIBS=-lgs).
No longer explicitly link with the OpenMP library when it will be supplied already due to CFLAGS.

Behavior Changes:
JPEG: Libjpeg-turbo is allowed 1/5th the memory resource limit provided for Graphicsmagick via the cinfo->mem->max_memory_to_use option, which is part of the IJG JPEG API/ABI, but usually not supported there. This feature works for libjpeg-turbo 1.5.2 and later. Limiting the memory usage is useful since libjpeg-turbo may otherwise consume arbitrary amounts of memory even before Graphicsmagick is informed of the image dimensions.
JPEG: The maximum number of JPEG progressive scans is limited to 50. Otherwise some technically valid files could be read for almost forever.

Revision 1.21 / (download) - annotate - [select for diffs], Sun Jun 24 10:16:49 2018 UTC (5 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

GraphicsMagick: update to 1.3.30.

1.3.30 (June 23, 2018)
=========================

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 238 issues have been opened by oss-fuzz and 230 of those
  issues have been resolved.  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

* SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
  PointInfo arrays.  This is another manefestation of CVE-2016-2317,
  which should finally be fixed correctly due to active
  detection/correction of pending overflow rather than using
  estimation.

Bug fixes:

* Many oss-fuzz fixes are bug fixes.

* Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).

* MIFF: Detect end of file while reading image directory.

* SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).

* The AlphaCompositePixel macro was producing wrong results when the
  output alpha value was not 100% opaque. This is a regression
  introduced in 1.3.29.

* TILE: Fix problem with tiling JPEG images because the size request
  used by the TILE algorithm was also causing re-scaling in the JPEG
  reader.  The problem is solved by stripping the size request before
  reading the image.

API Updates:

* The size of PrimitiveInfo (believed to be an internal/private
  structure but in a header which is installed, has been increased to
  store a 'flags' argument. This is intended to be an internal
  interface but but may be detected as an ABI change.

Build Changes:

* The oss-fuzz build script (fuzzing/oss-fuzz-build.sh) now includes
  many delegate libraries such as zlib, libpng, libtiff, libjpeg, and
  freetype, resulting in more comprehensive testing.  The Q16 build is
  now being tested rather than the 'configure' default of Q8.

Behavior Changes:

* JPEG: The JPEG reader now allows 3 warnings of any particular type
  before giving up on reading and throwing an exception.  This choice
  was made after observing files which produce hundreds of warnings
  and consume massive amounts of memory before reading the image data
  has even started.  It is currently unknown how many files which were
  previously accepted will be rejected by default.  The number of
  allowed warnings may be adjusted using '-define
  jpeg:max-warnings=<value>'.  The default limit will be adjusted
  based on reported user experiences and may be adjusted prior to
  compilation via the MaxWarningCount definition in coders/jpeg.c.

Revision 1.20 / (download) - annotate - [select for diffs], Sun May 6 10:03:33 2018 UTC (5 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

GraphicsMagick: updated to 1.3.29

1.3.29:
Security Fixes:
GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 180 issues have been opened by oss-fuzz and 173 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.
JNG: Require that the embedded JPEG image have the same dimensions as the JNG image as provided by JHDR. Avoids a heap write overflow.
MNG: Arbitrarily limit the number of loops which may be requested by the MNG LOOP chunk to 512 loops, and provide the '-define mng:maximum-loops=value' option in case the user wants to change the limit. This fixes a denial of service caused by large LOOP specifications.

Bug fixes:
Many oss-fuzz fixes are bug fixes.
DICOM: Pre/post rescale functions are temporarily disabled (until the implementation is fixed).
JPEG: Fix regression in last release in which reading some JPEG files produces the error "Improper call to JPEG library in state 201".
ICON: Some DIB-based Windows ICON files were reported as corrupt to an unexpectedly missing opacity mask image.
In-memory Blob I/O: Don't implicitly increase the allocation size due to seek offsets.
MNG: Detect and handle failure to allocate global PLTE. Fix divide by zero.
DrawGetStrokeDashArray(): Check for failure to allocate memory.
BlobToImage(): Now produces useful exception reports to cover the cases where 'magick' was not set and the file format could not be deduced from its header.

API Updates:
Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(), MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap() based on contributions by Troy Patteson.
New structure ImageExtra added and Image 'clip_mask' member is replaced by 'extra' which points to private ImageExtra allocation. The ImageGetClipMask() function now provides access to the clip mask image.
New structure DrawInfoExtra and DrawInfo 'clip_path' is replaced by 'extra' which points to private DrawInfoExtra allocation. The DrawInfoGetClipPath() function now provides access to the clip path.
New core library functions: GetImageCompositeMask(), CompositeMaskImage(), CompositePathImage(), SetImageCompositeMask(), ImageGetClipMask(), ImageGetCompositeMask(), DrawInfoGetClipPath(), DrawInfoGetCompositePath()
Deprecated core library functions: RegisterStaticModules(), UnregisterStaticModules().

Feature improvements:
Static modules (in static library or shared library without dynamically loadable modules) are now lazy-loaded using the same external interface as the lazy-loader for dynamic modules. This results in more similarity between the builds and reduces the fixed initialization overhead by only initializing the modules which are used.
SVG: The quality of SVG support has been significantly improved due to the efforts of Greg Wolfe.
FreeType/TTF rendering: Rendering fixes for opacity.

Revision 1.19 / (download) - annotate - [select for diffs], Sun Jan 28 15:23:52 2018 UTC (5 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.18: +4 -3 lines
Diff to previous 1.18 (colored)

GraphicsMagick: update to 1.3.28.

1.3.28 (January 20, 2017)
=========================

Security Fixes:

* BMP: Fix non-terminal loop due to unexpected bit-field mask value
  (DOS opportunity).

* PALM: Fix heap buffer underflow in builds with QuantumDepth=8.

* SetNexus() Fix heap overwrite under certain conditions due to using
  a wrong destination buffer.  This issue impacts all 1.3.X releases.

* TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
  NEWS profile.

Bug fixes:

* DescribeImage(): Eliminate possible use of null pointer.

* GIF: Fix memory leak of global colormap in error path.

* GZ: Writing to gzip files with the extension ".gz" was not working
  with Zlib 1.2.8.

* JNG: Fix buffer read overflow (a tiny fixed overflow of just one byte).

* JPEG: Promoting certain libjpeg warnings to errors caused much more
  problems than expected.  The promotion of warnings to errors is
  removed.  Claimed pixel dimensions are validated by file size before
  allocating memory for the pixels.

* IntegralRotateImage(): Assure that reported error in rotate by 270
  case does immediately terminate processing.

* MNG: Fix possible null pointer reference related to DEFI chunk
  parsing.  Fix minor heap read overflow (constrained to just one
  byte) due to an ordering issue in a limit check.  Fix memory leaks
  in error path.

* WebP: Fix stack buffer overflow in WriteWEBPImage() which occurs
  with libwebp 0.5.0 or newer due to a structure type change in the
  structure passed to the progress monitor callback.

* WPG: Memory leaks fixed.

API Updates:

* InterpolateViewColor(): This function now returns MagickPassFail (an
  unsigned int) rather than void so that errors can be efficiently
  reported.

* The magick/pixel_cache.h header is updated to add deprecation
  attributes such that code using GetPixels(), GetIndexes(), and
  GetOnePixel() will produce deprecation warnings for compilers which
  support them.  These functions will not be removed in the 1.3.X
  release series and when they are removed, pre-processor macros will
  be added so a replacement function is used instead.  There is a
  long-term objective to eliminate functionally-redundant pixel cache
  functions to only the ones with the best properties since this
  reduces maintenance and may reduce the depth of the call stack
  (improving performance).

Build Changes:

* PerlMagick: Sanitize PACKAGE_VERSION so that Perl is not confused by
  any trailing alpha character.

* Improved symbol renaming due to adding --enable-symbol-prefix.  Some
  symbols (for static const strings) were not being included in the
  renaming.

Revision 1.18 / (download) - annotate - [select for diffs], Tue Dec 19 08:09:29 2017 UTC (5 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.17: +3 -4 lines
Diff to previous 1.17 (colored)

GraphicsMagick: updated to 1.3.27a

1.3.27:
Security Fixes:
* CMYK: Fix heap overwrites in raw CMYK writer.  Fix heap overwrites
  in raw CMYK reader (noticed when doing montage).
* GIF: Assure that global colormap is initialized.
* DescribeImage(): Fix possible heap write overflow when describing
  visual image directory. Fix possible heap read overflow while
  accessing heap data, and possible information disclosure while
  describing the IPTC profile.
* DICOM: Fix huge memory allocation based on bogus length value (DOS
  opportunity).
* DrawDashPolygon(): Fix heap out of bounds read in render code.
* GRAY: Fix heap overwrites in raw GRAY reader (noticed when doing
  montage).
* JNG: Fix heap overruns.  Fix assertions.
* JNG: Prevent a crash due to zero-length color_image while reading a
  JNG image. (CVE-2017-11102).  Reject JNG files with unreasonable
  dimensions given the file size (avoid DOS).
* JNX: Fix DOS due to excessive memory allocations with corrupt file.
* JPEG: Do not allocate backing image pixels until a scanline has been
  successfully read.  Avoids DOS opportunity with suitably
  manufactured file.
* MAP: Fix null pointer dereference or segmentation violation.
* MAT: Fix heap write overflow.
* MNG: Reject over-large (65k by 65k) image.  Fix heap overwrites.
* PAM: Fix heap buffer overflow in PAM writer for 1 bit/sample + alpha.
* PICT: Fix excessive memory allocation due to malformed image file.
* PNG: Fix heap buffer overflow in PNG writer when promoting from
  indexed PNG to RGBA.
* PNM: Fix DOS due to excessive memory allocations with corrupt file.
* RGB: Fix heap overwrite in raw RGB writer. Fix heap overwrites in
  raw RGB reader (noticed when doing montage).
* RLE: Fix DOS opportunities due to false claims in image header.  Fix
  heap out of bounds read.
* SFW: Avoid possible heap write overflow.
* SUN: Fix heap read overflow.  Fix DOS due to excessive memory
  allocations with corrupt file.
* SVG: Fix heap write overflow.
* TIFF: Use heuristics to avoid DOS (excessive memory use) due to
  false claims by input file.  It is possible that this may reject
  some valid files.  Fix possible small heap overwrite beyond the
  allocated scanline buffer due to the NumberOfObjectsInArray() macro
  rounding up rather than down.
* UIL: Fix heap overwrite in writer.
* WPG: Fix DOS issues (memory, disk space, CPU time) due to
  insufficient validations.  Fix heap overwrites.
* XBM: Fix DOS issue where code remains stuck in loop and does not
  return.
* XV 332 (PNM): Fix null pointer dereference due to malformed file.
* TracePSClippingPath()/TraceSVGClippingPath(): Fix heap out of bounds
  read.
* Validate path entries in the MAGICK_CODER_MODULE_PATH and
  MAGICK_FILTER_MODULE_PATH environment variables and convert all
  paths to real paths if possible. This avoids possible use of
  relative paths to load modules (a possible security issue), or the
  possibility of adding a directory which was in the path, but
  missing, and may improve efficiency by removing non-existent paths.

Bug fixes:
* AVS: Memory leaks eliminated.
* CINEON: Fix possible use of NULL pointer.
* CMYK: Memory leaks eliminated.
* CUT: Memory leaks eliminated.  Fix possible use of NULL pointer.
* DCM: Fix possible use of NULL pointer.
* DrawImage(): Avoid "negative" strncpy().  This seems to be benign
  with glibc but perhaps not with other implementations.
* DPX: Memory leaks eliminated.
* EMF: Fix possible use of NULL pointer.
* FindMagickModule(): Fix possible use of NULL pointer.
* FITS: Fix memory leak.
* GIF: Fix memory leak.
* HDF: Memory leaks eliminated.
* HISTOGRAM: Fix memory leak.
* JNG: Memory leaks eliminated. Memory use after free and double-free
  issues eliminated.  Error reporting fixes.
* Magick::Options::strokeDashArray(): Fix possible use of NULL pointer.
* MagickXFileBrowserWidget(): Fix possible use of NULL pointer.
* MAT: Memory leaks eliminated.
* MagickMapCloneMap(): Fix possible assertion failure.
* MNG: Memory use after free issues eliminated.  Fix possible use of
  NULL pointer.  Fix memory leaks.
* MontageImageCommand(): Fix memory leaks.
* MPC: Fix memory leak in writer.
* MPEG: Fix memory leaks in writer.
* MTV: Memory leaks eliminated.
* NTRegistryKeyLookup(): Fix possible use of NULL pointer.
* NTGetTypeList(): Fix possible use of NULL pointer.
* PCD: Memory leaks eliminated.
* PCL: Fix null pointer dereference in PCL writer.
* PCX: Memory leaks eliminated.
* PALM: Fix possible use of NULL pointer. Fix memory leak.
* PICT: Memory leaks eliminated.
* PNG: Fix small (one-off) heap read overflow.
* PNM: Fix memory leaks.
* PS: Fix use of null pointer in error path.
* PWP: Fix possible use of null pointer.
* ReplaceImageColormap(): Throw an exception rather than assertion if
  the input image is not colormapped.
* RGB: Fix memory leak.
* SegmentImage(): Fix possible use of NULL pointer.
* SetImageProfile(): Fix possible assertion failure.
* SGI: Check for EOF while reading SGI file header.
* SUN: Fix memory leak.
* TIFF: Fix possible use of NULL pointer.  Fix memory leaks in writer.
* TIM: Fix memory leak.
* TOPOL: Fix possible use of NULL pointer.  Fix memory leaks.
* VIFF: Fix memory leak.
* WEBP: Detect partial write to output file.
* WPG: Fix possible use of null pointer. Fix excessive use of disk
  resources due to insufficient validations.
* WriteImage(): Restore use of GetBlobStatus() to test if an I/O error
  was encountered while writing output file. This assures that I/O
  failure in writers which do not themselves verify writes is assured
  to be reported.
* WMF: Memory use after free issues eliminated.
* YUV: Fix memory leaks.

New Features:
* PNG: Implemented eXIf chunk support.
* WEBP: Add support for EXIF and ICC metadata provided that at least
  libwebp 0.5.0 is used.
* Magick++ Image autoOrient(): New Image method to auto-orient an
  image so it looks right-side up by default.

Windows Delegate Updates/Additions:
* Libtiff is updated to libtiff 4.0.9.

Build Changes:
* JPEG/PNG: The SETJMP_IS_THREAD_SAFE definition is used to determine
  if setjmp/longjmp are thread safe.  If these interfaces are thread
  safe, then concurrent reads/writes are possible.  This definition is
  false for Solaris but true for Linux.  JPEG and PNG will be fully
  concurrent if this definition is enabled.

Behavior Changes:
* PALM: PALM writer is disabled.
* ThrowLoggedException(): Capture the first exception at
  ErrorException level or greater, or only capture exception if it is
  more severe than an already reported exception.
* DestroyJNG(): This internal function is now declared static and is
  removed from shared library or DLL namespace.

Revision 1.16.4.1 / (download) - annotate - [select for diffs], Sun Jul 23 19:52:42 2017 UTC (6 years, 2 months ago) by spz
Branch: pkgsrc-2017Q2
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored) next main 1.17 (colored)

Pullup ticket #5518 - requested by taca
graphics/GraphicsMagick: security update

Revisions pulled up:
- graphics/GraphicsMagick/Makefile                              1.81
- graphics/GraphicsMagick/Makefile.common                       1.17
- graphics/GraphicsMagick/PLIST                                 1.25
- graphics/GraphicsMagick/distinfo                              1.43

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Sun Jul  9 20:02:28 UTC 2017

   Modified Files:
   	pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common PLIST distinfo
   	pkgsrc/graphics/p5-GraphicsMagick: Makefile

   Log Message:
   1.3.26:

   Security Fixes:
   ---------------
   DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799).
   JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
   MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800).
   META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
   PCX: Fix denial of service issue.
   RLE: Fix abnomally slow operation (denial of service issue) with intentionally corrupt colormapped file.
   PICT: Fix possible buffer overflow vulnerability given suitably truncated input file.
   PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
   PNG: Avoid NULL dereference when MAGN chunk processing fails.
   SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
   SGI: Fix denial of service issues. Delay large memory allocations until file header has fully passed sanity checks.
   TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335).
   TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794).
   WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).

   Bug fixes:
   ----------
   DifferenceImage(): Fix Fix all-black difference image if an input file is colormapped.
   EXIF orientation was not being properly detected for some files.
   -frame: The import command -frame handling was improperly implemented and was using already freed data.
   GIF: Fixes for "Excessive LZW string data" problem.
   Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and PathSmoothCurvetoRel::operator().
   PAM: Support writing GRAYSCALE PAM format.
   PNG: Fix memory leaks.
   SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
   TclMagick: Problem that TkMagick could not resolve functions from TclMagick under Linux is fixed.
   TclMagick: Fix parser validatation in magickCmd() to avoid crash given a syntax error.
   TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG library in state 0. (LibJpeg).").
   TXT: Fixed memory leak.
   XCF: Error checking is improved.

   New Features:
   -------------
   EXIF rotation: Support is added such that the EXIF orientation tag is updated when the image is rotated.
   MAT: Now support reading multiple images from Matlab V4 format.
   Magick++: Orientation method now updates orientation in EXIF profile, if it exists.
   Magick++: Added Image attribute method which accepts a 'char *' argument, and will remove the attribute if the value argument is NULL.
   -orient: The -orient command line option now also updates the orientation in the EXIF profile, if it exists.
   PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds of what JasPer supports).
   Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), MagickSetImageOrientation(), MagickRemoveImageOption(), and MagickClearException().


   To generate a diff of this commit:
   cvs rdiff -u -r1.80 -r1.81 pkgsrc/graphics/GraphicsMagick/Makefile
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/graphics/GraphicsMagick/Makefile.common
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/graphics/GraphicsMagick/PLIST
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/graphics/GraphicsMagick/distinfo

Revision 1.17 / (download) - annotate - [select for diffs], Sun Jul 9 20:02:28 2017 UTC (6 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

1.3.26:

Security Fixes:
---------------
DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799).
JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800).
META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
PCX: Fix denial of service issue.
RLE: Fix abnomally slow operation (denial of service issue) with intentionally corrupt colormapped file.
PICT: Fix possible buffer overflow vulnerability given suitably truncated input file.
PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
PNG: Avoid NULL dereference when MAGN chunk processing fails.
SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
SGI: Fix denial of service issues. Delay large memory allocations until file header has fully passed sanity checks.
TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335).
TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794).
WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).

Bug fixes:
----------
DifferenceImage(): Fix Fix all-black difference image if an input file is colormapped.
EXIF orientation was not being properly detected for some files.
-frame: The import command -frame handling was improperly implemented and was using already freed data.
GIF: Fixes for "Excessive LZW string data" problem.
Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and PathSmoothCurvetoRel::operator().
PAM: Support writing GRAYSCALE PAM format.
PNG: Fix memory leaks.
SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
TclMagick: Problem that TkMagick could not resolve functions from TclMagick under Linux is fixed.
TclMagick: Fix parser validatation in magickCmd() to avoid crash given a syntax error.
TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG library in state 0. (LibJpeg).").
TXT: Fixed memory leak.
XCF: Error checking is improved.

New Features:
-------------
EXIF rotation: Support is added such that the EXIF orientation tag is updated when the image is rotated.
MAT: Now support reading multiple images from Matlab V4 format.
Magick++: Orientation method now updates orientation in EXIF profile, if it exists.
Magick++: Added Image attribute method which accepts a 'char *' argument, and will remove the attribute if the value argument is NULL.
-orient: The -orient command line option now also updates the orientation in the EXIF profile, if it exists.
PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds of what JasPer supports).
Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), MagickSetImageOrientation(), MagickRemoveImageOption(), and MagickClearException().

Revision 1.16 / (download) - annotate - [select for diffs], Thu Jan 19 18:52:11 2017 UTC (6 years, 8 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q1-base, pkgsrc-2017Q1
Branch point for: pkgsrc-2017Q2
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)

Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.

Revision 1.15 / (download) - annotate - [select for diffs], Wed Sep 7 06:29:31 2016 UTC (7 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Updated GraphicsMagick to 1.3.25.

1.3.25 (September 5, 2016)
==========================

Special Issues:

* None

Security Fixes:

* EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
  overflow in EscapeParenthesis() used in the text annotation code.
  While not being able to reproduce the issue, the implementation of
  this function is completely redone.

* Utah RLE: Reject truncated/absurd files which caused huge memory
  allocations and/or consumed huge CPU.  Problem was reported by
  Agostino Sarubbo based on testing with AFL.

* SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
  the MVG rendering code (also impacts SVG).

* TIFF: Fix heap buffer read overflow while copying sized TIFF
  attributes.  Problem was reported by Agostino Sarubbo based on
  testing with AFL.

Bug fixes:

* GetToken(): Fix obscure bug (read beyond end of string buffer)
  noticed while parsing a MVG file.  This problem was reported by
  Gustavo Grieco.

* MVG rendering: Fix undesired hard errors when some objects were
  drawn outside of the image bounds.  Requests to draw objects
  entirely outside of the image should be silently ignored.

* MVG/SVG rendering: Fix gradient size sanity checks which were
  causing gradient requests to fail.  Due to a design weakness in that
  gradient images allocate resources rather than being computations at
  point of use, the maximum gradient image size is now hard-limited to
  5000x5000 pixels until the design problem is fixed.  Some SVG icons
  (as small as 8x8 pixels) authored using Inkscape request absurdly
  huge gradients.  Gradient sizes as large as 20,000x20,000 have been
  observed in SVG icon files delivered by packages on an Ubuntu Linux
  system.

* SVG: Fix some memory leaks which occur on parsing error.

New Features:

* None

Feature improvements:

* ElapsedTime(): Use clock_gettime() (when available with default
  linkage) to obtain elapsed time.

* DescribeImage(): Provide 6 digits of seconds precision in in elapsed
  time output.  Previously the resolution was rounded up to a full
  second.

Windows Delegate Updates/Additions:

* webp: Updated bundled libwebp to release 0.5.1.

* libxml: Updated bundled libxml2 to release 2.9.4.

* lcms: Updated bundled lcms2 to release 2.8.

* png: Update bundled libpng to release 1.6.24.

Build Changes:

* OpenMP is properly configured for clang 3.8 using its own '-lomp'
  rather than '-lgomp'.

Behavior Changes:

* SVG: Some SVG files may be rejected due to absurdly large gradient
  requests.

* The 'identify' and 'info' functionality only shows the pixel read
  rate if image was not read in 'ping' mode. Provide 6 digits of
  seconds precision in in elapsed time output.

Revision 1.14 / (download) - annotate - [select for diffs], Mon Jun 6 11:46:04 2016 UTC (7 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

Updated GraphicsMagick to 1.3.24.

1.3.24 (May 30, 2016)
==========================

.. _`GCC bug 53967` : http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53967

Special Issues:

* A shell exploit (CVE-2016-5118) was discovered associated with a
  filename syntax where file names starting with '|' are intepreted as
  shell commands executed via popen().  Insufficient sanitization in
  the SVG and MVG renderers allows such filenames to be passed through
  from potentially untrusted files.  There might be other ways for
  untrusted inputs to produce such filenames.  Due to this issue,
  support for the feature is removed entirely.

* A shell exploit was discovered associated with the gnuplot delegate
  and which is triggered by the 'gplt' entry in delegates.mgk.  A
  remote exploit is possible if the attacker can cause a provided SVG
  or MVG file to be rendered (or the user opens a provided file).  The
  gnuplot program must be installed in order for the exploit to be
  successful.  It is strongly recommended to remove this entry in all
  delegates.mgk files.

* Due to `GCC bug 53967`_, several key agorithms (e.g. convolution)
  may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is
  enabled for floating point math (`-mfpmath=sse`) if the GCC option
  `-frename-registers` is used. Default 32-bit builds do not
  experience the problem since they use '387 math.  It is not clear in
  what version of GCC this problem started but it was not noticed by
  the developers until the GCC 4.6 timeframe.  Other compilers do not
  suffer from this bug.  Please lobby the GCC project to fix this
  embarrassing performance bug.

Security Fixes:

* BLOB: Remove support for reading input from a shell command, or
  writing output to a shell command, by prefixing the specified
  filename (containing the command) with a '|'.  This feature provided
  a remote shell execution opportunity.

* DIB: Fixed out of bounds reads.  Added more header validations.

* JNG: File size limits are enforced.

* MAT: Fixed denial of service opportunity.  Fix hang on corrupt deflate stream.

* META: Fixed out of bounds reads and writes.

* MIFF: Fixed thrown assertion.

* MSL: Ignore the file extension on MSL files.  It is necessary to add
  a "msl:" prefix to MSL files to read the as an image.

* MVG: No longer assume that files ending with extension ".mvg" are
  MVG files.  MVG parsing does more validity checking on its input.
  Assure that enough PrimitiveInfo structures are allocated in advance
  to support a given vector path (heap overflow problem).

* PCX: Fixed unreasonable memory allocation due to intentionally
  corrupt file.

* PDB: Fixed a heap buffer overflow and out of bounds read.

* PICT: Fixed an out of bounds write.

* PS: Ghostscript is now always run with -dSAFER for safer execution.

* PSD: Fixed segmentation violations, heap buffer overflows, and out
  of bounds writes.

* RLE: Fixed out of bounds reads and writes.

* ReadImages(): Fixed a possible infinite recursion due to a crafted input file.

* RotateImage(): Fixed thrown assertion.

* SGI: Fixed out of bounds writes.

* SUN: Fixed out of bounds reads and writes.

* SVG: Fixed heap and stack buffer overflows, as well as segmentation
  violations (CVE-2016-2317 and CVE-2016-2318).  Also fixed endless
  loop, unexpectedly large memory allocation, divide by zero, and
  recursion issues.

* TIFF: Fixed an assertion while reading.  Fixed benign heap overflow.

* TMP: Adding a "tmp:" prefix to a filename no longer removes the file
  since this seems dangerous.

* VIFF: Fix excessive memory allocation with intentionally corrupted input file.

* XCF: Fixed a heap buffer overflow.

* XPM: Fixed several heap buffer overflows, and out of bound
  reads/writes.  Also fixed a case of excessive memory allocation.

* delegate.mgk: The default delegate.mgk file has been pared down in
  order to reduce security exposure.

* gnuplot ('gplt' delegate in delegates.mgk): Support for rendering
  gnuplot files is removed since the format is inherently insecure.

* File names: File names starting with a '|' character are no longer
  interpreted as shell commands to be executed as input or output.


Bug fixes:

* BMP: Fix reading 24-bit Microsoft BMP which claims to have a
  colormap.

* FILE: `file://` URLs are properly supported now (they never worked
  before).

* JP2: It is now possible to write lossless JPEG 2000 "JP2" format.

* SVG: Support font-size "medium".

New Features:

* Blob I/O C APIs: Added signed versions of short and long Read/Write
  functions.

* FILE: `file://` URLs are properly supported now (they never worked
  before).

* MAT: Matlab V4 is now partially supported.

* Magick++: Added double-precision xResolution() and yResolution()
  methods to support setting the horizontal and vertical resolution
  with double floating point precision.

* Mogrify now supports a -preserve-timestamp option to preserve file
  access and modification timestamps.

Feature improvements:

Windows Delegate Updates/Additions:

* Updated bundled libpng to release 1.6.19.

* Updated bundled libwebp to release 0.4.4.

* Update bundled libxml2 to release 2.9.3.

* Update bundled freetype to release 2.6.2.

Build Changes:

* Added ``--enable-broken-coders`` configure option to enable file
  format support which may be broken or cause security issues.  The
  PSD format is now classified as "broken" (until it is fixed).

Behavior Changes:

* PSD format is not included in the build by default.

* Files ending with ".mvg" and ".msl" are not assumed to be image
  files by default.

* File names starting with '|' are no longer treated as shell
  commands.

* Gnuplot and POV delegate support is removed from the default
  delegate.mgk file.

Revision 1.13 / (download) - annotate - [select for diffs], Tue Nov 17 20:05:48 2015 UTC (7 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

Changes 1.3.23:

Special Issues:
* Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.

Security Fixes:
* ScaleImage(): While not strictly a security issue, requesting to scale an image while retaining the original number of rows will lead to a program crash or memory corruption due to double-free.

Bug fixes:
* ScaleImage(): Fix problem with new width/height match original (regression added by 1.3.22).
* ScaleImage(): Fix double-free when new rows matches original rows (regression added by 1.3.22).
* MinGW build fix related to eliminating a sleep() macro which conflicts with a MinGW-provided inline sleep() function.
* PNG: Issue a warning instead of an error when attempting to read a PNG file containing a zero-length profile. This allows the file to be read.
* identify: Fix problem in that identify -format "%A" (to test if transparency is supported in image) does not always produce the correct results.

Revision 1.12 / (download) - annotate - [select for diffs], Tue Oct 6 16:50:31 2015 UTC (7 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)

Changes 1.3.22:

Special Issues:
* Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.
* Magick++: Any libraries or applications using Magick++ should be rebuilt in order to use this new release. Libraries and applications will be able to continue to use prior versions of Magick++ without being re-built, while benefiting from updated C libraries, provided that the system supports library versioning.

Security Fixes:
* General Coverity fixes. Some might have security consequences.
* Ghostscript options concatenation is more secure against buffer overflow.
* Windows: Built-in random number generator is now salted using CryptGenRandom(). This improves the robustness of the temporary file allocator.

Bug fixes:
* ...

Revision 1.11 / (download) - annotate - [select for diffs], Mon Mar 2 09:57:03 2015 UTC (8 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

Changes 1.3.21:

Security Fixes:
---------------
Annotate: Some requestable text-subsitution attributes caused a crash.
All formats: Image dimensions are checked to assure that they are within limits before proceeding to read the image.
BMP: Fix hang (endless loop) for certain files.
DCM: Fix crash as well as small heap over-write.
DPX: Fix crash due to DPX file reporting more elements than it has.
MNG: Validate MHDR chunk length to avoid huge memory allocation and DOS.
PCX: Fix for CVE-2014-8355. Validate file header in order to avoid buffer overun later.
PDB: Detect arithmetic overflows when calculating buffer sizes. Fix crash in writer when image width is not even multiple of 16. Fix buffer overrun with 2 and 4-bit PDB image files.
PNM: Validate PGM, PPM, and PAM header MaxValue parameter to avoid crash on poorly-formed input.
PNG: Impose a 10-million limit on dimensions when reading a PNG file to avoid denial of service.
PSD: Avoid problems caused by huge PSD colormap size.
PSD: Fix small stack over-write if more than 99 layers are written to PSD format.
PSD: Returns immediately if pixel limit was exceeded.
RLE: URT RLE reader is now more robust with errant files.
SUN: Header validation is now made fully robust, and arithmetic overflows in buffer-size calculations are detected to avoid heap overwrite.
TIFF: Fix crashes for photometrics which may delivery one or three samples per pixel (was assuming always three).
VIFF: Fixes to prevent buffer overflow. Validate colormap indexes.
Windows delegates: Fix unexpected argument splitting when invoking an external delegate program via delegates.mgk.
WPG: Fix use of NULL pointers. Fix buffer overflows.
XPM: Detect truncated row and quit with error rather than over-running a buffer.
XWD: Improve header validation. Added to UnstableCoderClass since the reader for this format should not be entrusted with untrustworthy input.

Bug fixes:
----------
CIN: Fix problem with text attribute values which are not NULL terminated. Validate sizes claimed by Cineon header.
Coverity: Fixes for many issues detected by Coverity scan (see ChangeLog).
DPX: Fix problem with text attribute values which are not NULL terminated.
DPX: Fix severe corruption of little-endian 32-bit packed output. Corruption was severe enough that it would have been noticed immediately.
Delegates: Fix possible memory leaks when invoking external application.
FITS: Properly validate values provided by file header.
GIF: Fix use of uninitialized data.
JBIG: Fix memory leaks.
JNG: Fix double-free error in error path.
JPEG: Verify the number of output components before attempting to decode the image.
Magick++: Image resolutionUnits() was not always returning correct value.
Magick++: Locking has not been working properly since the code was written in 1998. Apparently the issue has not been significant enough to cause run-time issues.
ICO: Windows icon reader is now much more robust.
MIFF: Reader now quits with an error if zip or bzip2 stream is corrupted.
MAT: Fix memory leaks.
PALM: Reader now reads various input formats (up to version 2) correctly whereas it was crashing or otherwise malfunctioning before. More work remains, particularly in the writer.
PCX: Eliminate memory leaks in error paths.
PDB: In PDB writer, void possible under-allocation due to arthimetic overflow when allocating packets.
PICT: Fix PICT reader crash with corrupted file.
PNG: Fix double-free error in error path.
PNG: Fixed handling of transparency when writing indexed PNG.
PNG: Avoid reading beyond the end of a tEXt keyword.
PSD: Fix error when reading PSDs files which have no layers.
RLA: Fix possible crash due to file header.
Signal Handling: Signal handling is now more robust and handles SIGSEGV and other critical signals. The sole purpose of the default signal handling is to remove any temporary files and quit. An informative message is printed for signals other than SIGINT.
SUN: Sun raster reader was not completely robust. Now it is.
SWF: Fix pixel cache access errors in 'ping' mode.
Text annotation: An empty text string is no longer treated as an error.
Text annotation: Fix regression added in 1.3.19 which caused spurious drawing errors to be produced while rendering with text when all of the text is off the left-hand side of the image.
TIFF: Fix unreliable reading JBIG compressed files by forcing use of strip reader rather than sometimes using scanline reader (which libtiff's JBIG codec does not support).
TIFF: Fix reading or writing planar min-is-white or min-is-black images with an associated alpha channel.
WebP: WebP writer now writes truely lossless output when requested.
identify / GetImageStatistics(): Failed to compute statistics for the Black channel of CMYK image files.
VICAR: Fix problem with continuing to "read" data when there is no more data left to read.
WMF: Fix memory leaks.
WPG: Fix potential DOS due to long reads during an error condition.
XPM: Avoid strncpy() of overlapping memory. Fixed memory leaks in error paths. Fixed bad memory access caused by empty file.

New Features:
-------------
compose: Supports composite operator names similar to the major *Magick brand, without losing any any compatibility with previous naming.
ICO: Windows ICO reader now supports reading PNG-encoded files.
Magick++ Geometry: New methods limitPixels() and fillArea() to support '@' and '^' geometry qualifiers. This enancement breaks the ABI due to previous use of inline methods and no place to put the new flags.
Magick++ Image::extent(): New method to place image on sized canvas of constant color using gravity.
Magick++ Image::formatExpression(): New method format a string based on a format similar to command-line -format.
Magick++ Image::resize(): New method to resize image specifying geometry, filter, and blur.
Magick++ STL extentImage: New New function object to invoke image extent method.
Magick++ Image::quiet(). New method which blocks (ignores) warning exceptions when passed a 'true' argument.
Resource limits: Added support for image Width and Height limits. Default image Width and Height limits are based on the range of a 32-bit signed integer, even for 64-bit builds which may have sufficient numeric range to image an entire galaxy. Limits may be increased as desired.
TIFF: Use define tiff:ignore-tags to ignore tags in 'corrupted' files with unknown and invalid tags. Use to read TIFF files which otherwise can not be read due to errors.
TIFF: Use '-define tiff:report-warnings=true' to enable that warnings reported by libtiff are thrown as warning exceptions so that they may be caught or will be reported at the gm command-line.
Windows Exceptions: A handler is registered (due to calling InitializeMagick()) to capture Windows Exceptions in a similar manner to the existing POSIX signal handler. If an application is using the library and wants to provide it own Windows exception handling, then it should make any changes after invoking InitializeMagick().

Windows Delegate Updates/Additions:
-----------------------------------
PNG: Update bundled libpng to 1.6.16. Resolves known security issues.
FreeType: Update bundled Freetype to 2.5.4. Resolves known security issues.
WebP: Update bundled WebP to 0.4.2 release.
WebP is auto-linked in Visual Studio.
Build Changes:

WebP is not included in the build when building with Visual Studio 6 (1998 vintage compiler!) since it requires more modern C.

Behavior Changes:
-----------------
AVI: Support for this format is removed since the implementation was worthless.
TIFF: Now uses YCbCr encoding when JPEG compression is requested for an RGB image.

Revision 1.10 / (download) - annotate - [select for diffs], Mon Aug 18 11:13:45 2014 UTC (9 years, 1 month ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

Changes 1.3.20:

Special Issues:

Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.

Bug fixes:

Compilation: No longer undefine __attribute__ since this may be used by system or compiler headers and cause problems.
BMP: Alpha channel from BMP3 format was inverted.
PNG: Fix round-trip repeatability issue (due to rounding algorithm) with modern versions of libpng. Prefer the less accurate method which does not alter the image.
PNG: Fix some memory leaks in error-handling paths.
PNM: Scaling of alpha in sub-ranged pixels is fixed.
Wand API: Removed development debug fprintf which causes each drawing primitive to be printed to stderr.
PS, PS2, PS3, PDF: Only use resolution from image or -density if units was properly specified. Without units, resolution is worthless.
PS, PS2, PS3, PDF: Use resolution from image if it appears to be valid.
WebP: Fix inverted return status which caused failure to be reported instead of success.
Rotation clipping/shearing errors for short wide images at some angles is fixed.
-geometry: Deal with resize geometry missing width or height (e.g. '640x' or 'x480') by substituting the missing value with one which preserves the image aspect ratio. This has been documented to be supported since almost the dawn of GraphicsMagick but was not actually supported until now.
-geometry: Support '>' and '<' qualifiers with '@' qualifier to specify if image should be resized if larger or lesser than given area specification.

New Features:

Wand API: MagickSetImageGravity() - New function to set image gravity.
Wand API: MagickGetImageGravity() - New function to get image gravity.
Wand API: MagickSetImageMatte() - New function to set the image matte channel enable flag.
Wand API: MagickGetImageMatte() - New function to read the image matte channel enable flag.
Wand API: MagickSetImageGeometry() - New function to set the image geometry string.
Wand API: MagickGetImageGeometry() - New function to get the image geometry string.
Wand API: MagickOperatorImageChannel() - New function to apply an operator to an image channel.
Magick++ API: New Image::thumbnail() method for fast image resizing, particularly to make thumbnails.
Core C API: Added SetLogMethod() to allow an application/library to specify a function to be called for logging.
Clang/LLVM: Provide support for clang/llvm attribute and builtin specifiers similar to that provided for GCC.
OpenMP: OpenMP native locking and thread specific data is supported via a configuration option (is not the default). This offers a "pure" OpenMP compilation mode. No real value for this compilation mode has been observed yet but it seems worthy to support.
Coders: Added BrokenCoderClass to mark coders which often malfunction or are not very useful in their current condition.
Composition: Added HardLight composition operator, which is now used by PSD and XCF formats, and available via command line, Magick++ API, PerlMagick API, and Wand API.
Composition: Added ScreenCompositePixels composition operator.
Composition: Added missing Photoshop separable compositing operations, Overlay, Exclusion, ColorBurn, ColorDodge, SoftLight, LinearBurn, LinearDodge, LinearLight, VividLight, PinLight, HardMix.
+set: Command line utilities now support +set to remove an existing image attribute.
-format: Support additional format specifiers 'g', 'A', 'C', 'D', 'G', 'H', 'M', 'O', 'P', 'Q', 'T', 'U', 'W', 'X', and '@', similar to the major brand.
-operator: New quantum operators ThresholdBlackNegateQuantumOp and ThresholdWhiteNegateQuantumOp These correspond to -operator "Threshold-Black-Negate" and "Threshold-White-Negate".
TIFF: Now support setting the TIFF "Software" tag for users who do not want to admit to using GraphicsMagick.
WebP: All of the WebP encoder encoder options are now supported by -define arguments.

Feature improvements:

Pixel interpolation quality is greatly improved, with minimal impact on performance. Pixel interpolation now also works well given an alpha channel.
WebP: WebP support is now prepared to compile with most WebP library versions and supports all features except for those pertaining to "RIFF" container support.
Performance Improvements:

Non-integral image rotation performance has been improved by about 40%, with lower memory usage as well.
GradientImage: Update image is_grayscale and is_monochrome flags based on gradient color properties.
Windows Delegate Updates/Additions:

PNG: Libpng 1.6.12 - June 12, 2014.
JPEG: libjpeg 9a of January 19, 2014.
FreeType: FreeType 2.5.3 of March 6, 2014.
WebP: webp 0.4.0 of January 20, 2013.
zlib: zlib 1.2.8 of April 28, 2013.
Build Changes:

--without-threads no longer disables use of OpenMP. Use the already existing option --disable-openmp to disable OpenMP.
Makefiles: Include paths are now exceedingly pedantic to make sure that only the required directories are included.
VisualMagick configure: Improve configure program so that it is possible to select QuantumDepth, OpenMP, and 64-bit build via configure dialog boxes as well as options on the command line. Also automatically detects and deals with similarly named files in subdirectories so that WebP support can now build successfully.
Behavior Changes:

MultiplyCompositePixels: Multiply composition now uses SVG interpretation of how alpha should be handled. No longer does a simple multiply of alpha channel.
Composition: The Difference, Darken, Lighten, and HardLight composition operators were modified to support alpha in their computations.
PNG: Using -optimize no longer triggers palette and depth optimizations since their implementations have been problematic.

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jan 1 23:21:34 2014 UTC (9 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)

Changes 1.3.19:

Security Fixes:
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed. This crash could be used to cause denial of service.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile". This crash could be used to cause denial of service.

Bug fixes:
Build: Fix cross-compilation for MinGW64 on Linux build machine.
Build: configure FreeType test no longer insists that <freetype/freetype.h> can be included.
CMS profile: Only delete the CMS transform if it is non-null. Fixes assersion observed when lcms returned a null profile and GraphicsMagick attempted to deallocate it.
Drawing: Improve error handling logic so that drawing returns quickly on pixel access errors rather than plowing on ahead. This avoids problems with SVGs which take seemingly forever to render.
Drawing via C/C++ APIs: BevelJoin no longer causes a MVG parsing error.
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed.
OpenMP: Revert use of omp_set_dynamic() since it caused performance issues when using GCC's GOMP implementation and the number of threads to use is specified.
EXIF profile: Support the SubjectArea EXIF tag.
MIFF writer: PseudoClass format was written incorrectly for depth greater than 8.
MIFF writer: RLE compressed format used inverted alpha from the other subformats and contrary to the MIFF specification.
MIFF reader: Fixes Fixes to be able to read MIFF written by ImageMagick 6.X, including DirectClass grayscale images (except for RLE compressed).
Mosaic: Fixed unsigned underflow problem with -mosaic when page offset is negative and exceeds image width or height, resulting in assertions, out of memory errors, or pixel cache limit errors.
PDF: Consistently initialize Image page width and height to image width and height. While general to all of GraphicsMagick, this change is to assure that the PDF writer computes page dimensioning consistently. PDF page dimensioning was wrong if the image had been resized with -geometry "100%".
PAM: Fix MAXVAL scaling when reading PAM images. PAM was only working correctly for images with 256 or 64k levels.
PNM: PGM "P2" format writer wrote bad output for 8-bit depth.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile".
PNG: Q8 GM build now correctly reads 16-bit PNG files.
TIFF writer: Try to avoid writing more than 32k strips per image by increasing rows-per-strip since some programs fail to read images with more than 32k strips per image.
TIM reader: PSX TIM reports 8-bit depth (rather than 16).
TTF font rendering: Improve FreeType rendering error logic so that rendering returns immediately on pixel access errors rather than plowing on ahead.
TTF font rendering: Support rendering UTF-8 up to 21-bit code points. Was only supporting 16-bit code points.
Wand API: DrawSetStrokeDashArray() / DrawGetStrokeDashArray(), fix failure to work properly due to this code path never being tested.
Windows Ghostscript: 64-bit GraphicsMagick no longer requires both 32-bit and 64-bit builds of Ghostscript to be installed in order to read Postscript and PDF formats.
XPM reader: Reported depth now depends on the colormap rather than always claiming to be 16-bit.

New Features:
JPEG: Add support for writing 'XMP' profile.
PNM: As a simple non-standard extension to the standard PNM and PAM formats, support writing and reading 32-bit sample depth. Writing such files is only supported by the Q32 build although they may be read by any build.
WebP: Now supports reading and writing Google's WebP format. This feature is not currently supported by the Windows Visual Studio build.

Revision 1.8 / (download) - annotate - [select for diffs], Mon Mar 11 17:45:05 2013 UTC (10 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Changes 1.3.18:
Special Issues:

Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug.
Security Fixes:

None.
Bug fixes:

Fixed bug with format substitutions if input string ends with a single '%'.
BMP: Fixed an old bug with decoding chromaticity primaries.
PNG: Fixed reading of interlaced images. Fix reading of sub-8-bit palette and grayscale images. Some PNG sub-formats were written incorrectly. Fix crash in PNG8 writer if image colors happened to be non-zero but image was not actually colormapped.
PNG: Configure script now also searches for libpng versions 16 and 17.
TIFF: Fix a crash which was noticed when writing RGBA separated (planar) format.
--enable-symbol-prefix was not prefixing all of the C symbols. Some core C library functions were not prefixed. This option applies to the Wand library API as well now.
C API: When input is from a user-provided file descriptor, the file position is restored after reading the file header bytes. Previously the file position was rewound to the beginning of the file. This allows reading embedded image data from the current offset in a file, and allows continuing to use the stream after GraphicsMagick has returned the image.
C API: It is now possible to invoke CloseBlob() multiple times.
display: Display was supposed to respond to +/-usePixmap, but was not. It was responding to +/-use_pixmap. Now it responds to both.
Windows/VisualMagick: Fix building GraphicsMagick with Intel ICC compiler driven by Visual Studio Professional 2012.
Windows: Avoid a crash and produce a useful diagnostic if Ghostscript is needed but not yet installed.
New Features:

GM utility: New 'batch' command was contributed by Kenneth Xu which supports executing any number of other GM utility sub-commands in a single invokation in a sort of "batch" script. Input may be piped from standard input, from a specified file, or from a 'GM >' command prompt. This utilities front-end allows any other program/script to drive 'gm' using a co-process model and speeds up execution by eliminating utility start-up/shut-down time.
WIN64 (64-bit Windows): Windows 64-bit is now officially supported.
convert/mogrify: Now support -auto-orient to automatically rotate the image upright for viewing based on its current orientation setting. Also support -orient to support setting the current image orientation. Please note that the orientation property of EXIF profiles is not yet updated so the EXIF profile will be wrong after using -auto-orient.
C API: AutoOrientImage(), new New function to automatically orient the image so that it is upright for normal viewing.
Wand API: MagickGetImagePage()/MagickSetImagePage(), new functions to support getting and setting the image page size and offsets.
PNG: Added PNG48 and PNG64 support. Added PNG00 support (png encoder that inherits its color-type and bit-depth from the input, if the input was a PNG datastream).
Feature improvements:

GraphicsMagick TAP tests may now be run stand-alone using Perl's 'prove' TAP test driver.
Performance Improvements:

Detection of glob specifications in file names is more efficient.
Windows Delegate Updates:

None.
Behavior Changes:

ltdl: Libltdl is no longer bundled. Libltdl must be previously installed on the system in order to build the modules configuration.
AppendImages() now converts subsequent images to the colorspace of the first image, and no longer converts the first image to RGB. Instead, it is assumed the user knows what she is doing.
SetImageColorRegion() no longer automatically converts the image to RGB. The user is responsible for assuring that the provided color is in the same colorspace as the image.

Revision 1.7 / (download) - annotate - [select for diffs], Sat Nov 3 20:45:46 2012 UTC (10 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.6: +7 -8 lines
Diff to previous 1.6 (colored)

Changes 1.3.17:

Security Fixes:
  * PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in
    coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper
    variable type for the allocation size, which might allow remote
    attackers to cause a denial of service (crash) via a crafted PNG
    file that triggers incorrect memory allocation.
  * Automake (derived): Fix for CVE-2012-3386: The "make distcheck"
    rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants
    world-writable permissions to the extraction directory, which
    introduces a race condition that allows local users to execute
    arbitrary code via unspecified vectors.

Bug fixes:
  * PNG: Reading sub-8-bit palette images is fixed (images looked
    stretched).
  * SVG: Fixed bug which allowed MVG and SVG files with long vector
    paths to crash the software.
  * SVG: Ignore XML headers rather than rendering them as text.
  * MVG/SVG/WMF/-draw: It is now possible to draw a plain ','
    character.
  * WMF: Fixed a bug which caused wrong centered-text placement.
  * import: Return status was inverted.
  * configure: Don't force that liblzma is used just because libtiff
    is used.

New Features:
  * The configure script now supports a --enable-quantum-library-names
    option to enable that shared library name includes quantum depth
    to allow shared libraries with different quantum depths to
    co-exist in same directory (only one can be used for development).
  * JNX: Support is added for reading the Garmin proprietary Image
    Format.
  * BMP: Support an alpha channel in uncompressed 32-bit BMP.

Feature improvements:
  * -lat: The adaptive threshold algorithm is replaced with a new
     algorithm which scales linearly (rather than quadratically) with
     area size.
  * Tests: Test suite is re-written to use TAP-based tests.
  * GIF: Reader tries to be better at detecting and reporting
    failures.

Performance Improvements:
  * -lat: Adaptive threshold is much faster with large area sizes.

Windows Delegate Updates:
  * Dcraw 9.16 is now included in the build (with JPEG and JPEG2000
    support).
  * Libxml2 is updated to the 2.9.0 release.
  * Libtiff is updated to the 4.0.3 release.
  * Lcms2 is updated to the 2.4 release.
  * Libpng is updated to the 1.5.13 release.

Behavior Changes:
  * Loading modules is only supported for the modules build.
    Previously any build using shared libraries could load modules.
  * Bundled libltdl is now configured as 'installable' rather than
    'convenience'.
  * -enhance: Only filter based on color channels (ignore opacity).
  * BrowseDelegate: Web browser (for viewing help information) now
    defaults to 'xdg-open', but if it is not found, then configure
    will search for firefox, google-chrome, mozilla (in that order).

Revision 1.6 / (download) - annotate - [select for diffs], Sun Jun 24 02:03:45 2012 UTC (11 years, 3 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Update GraphicsMagick to 1.3.16.

1.3.16 (June 24, 2012)
==========================

Security Fixes:

  * Don't translate 'comment' and 'label' attributes if the request is
    made while a file is being read.  Only translate such attributes
    if they come from the command line or API user.

Bug fixes:

  * SWT: SWT reader suffered from a number of implementation errors
         which caused it not to work any more.  Works again.

  * XBM: Fix memory leak observed when reading file in 'ping' mode.

  * Support -trim on images which use a consistent (single color)
    transparent background.  In this case, trim is done based on
    opacity rather than foreground color.

  * Include <sys/types.h> in order to assure that 'size_t' and
    'ssize_t' are declared.  This is necessary since
    MagickExtentImage() uses these types as part of its definition.

  * +repage was not working because parser was insisting that it
    should include an argument.

  * -units was scaling existing resolution the wrong way around
     (i.e. multiplying rather than dividing).

  * PerlMagick: Fix compilation with Perl 5.16.

  * PingBlob(): PingBlob was not working for all cases.  Is now based
    on BlobToImage() for assured reliability.

New Features:

  None

Feature improvements:

  * MAT: Animated movies inside 4D matrices are loaded now.

  * PDF: File base name is used as the document title.

  * PNG: Fix issues observed specifically with libpng 1.5.10.

Performance Improvements:

  * Pixel iterators should be more efficient now if the image uses a
    file-backed cache.

  * Motion blur algorithm does scale well as cores are added so
    include OpenMP support for it by default.

Windows Delegate Updates:

  * JPEG: Updated to IJG 8d release.

  * PNG: Updated to 1.5.11 release

  * TIFF: Updated to 4.0.2 release.

  * Zlib: Updated to 1.2.7 release.

  * libxml2: Updated to 2.8.0 release.

Behavior Changes:

  None

Revision 1.5 / (download) - annotate - [select for diffs], Sun Apr 29 12:41:48 2012 UTC (11 years, 4 months ago) by obache
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Update GraphicsMagick to 1.3.15.

1.3.15 (April 28, 2012)
==========================

Security Fixes:

  * Libpng in Windows build is updated to 1.5.10 release.  Provides a
    fix for CVE-2011-3048.

Bug fixes:

  * PNG - fixed problem with bit depth when the encoder decides to
    write RGBA instead of indexed PNG.

  * Fixed some temporary file leaks which were caused by the temporary
    file name being automatically extended to include a scene number,
    and therefore fail to be deleted.

New Features:

  * Added '+noise random' and '-operator noise-random' to 'convert'
    and 'mogrify'.  This modulates the existing image data with
    uniformely random noise.

  * Added -strip option in composite, convert, mogrify, and montage to
    remove all profiles and text attributes from the image.

  * Added -repage option to composite, convert, mogrify, and montage
    subcommands to reset or adjust the current image page offsets
    based on a provided geometry specification.

  * New C function StripImage() to remove all profiles and text
    attributes from the image.

  * New C function ResetImagePage() to adjust the current image page
    canvas and position based on a relative page specification.

  * C functions GenerateDifferentialNoise(), AddNoiseImageChannel(),
    QuantumOperatorRegionImage(), AddNoiseImage() updated to support
    RandomNoise enumeration.

  * New C++ Image method strip(), and unary function stripImage() to
    remove all profiles and text attributes from the image.

  * XCF format now respects image subimage and subrange members so
    that returned image layers may be selected.

  * The INFO coder (e.g. output file "info:-") now respects the
    -format option so that its output may be adjusted identically to
    how -format works for 'identify'.

  * TclMagick now supports Random noise.

Feature improvements:

  * C function ThumbnailImage() now allows the user to override the
    filter used, but still defaults to using the box filter.

Performance Improvements:

  * None

Behavior Changes:

  * No longer add a printf-style scene formatting specification to
    filenames which do not have one and no longer automatically
    operate in 'adjoin' mode in such cases.  If multiple numbered
    files are intended to be output, then add +adjoin to the command
    line and use an output filename specification similar to
    "image-%d.jpg".  Output files are now completely specified and
    predictable but this may break some existing usages which
    anticipate the automatic file numbering.

Revision 1.4 / (download) - annotate - [select for diffs], Sun Feb 26 12:22:06 2012 UTC (11 years, 6 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

Update GraphicsMagick to 1.3.14.

1.3.14 (February 25, 2012)
==========================

Security Fixes:

  * Windows bundled libpng updated to the 1.5.9 release, which fixes
    the dire CVE-2011-3026 buffer overrun bug.

Bug fixes:

  * EMF format : Fixed wrong module mapping which caused EMF reading
    to not work under Windows.

  * TGA format: Assume that 32-bit TGA files have an alpha channel,
    even if they are not marked as such.

  * XCF format: Fix reading XCF which is comprised of different sized
    layers.

  * JPEG & CineonLog: Convert RGB-compatible colorspaces
    (e.g. CineonLog) to RGB by default since that was the case prior
    to release 1.3.13.

  * RAW formats: Small memory leak in dcraw module was fixed.

  * Resize: ResizeImage() was ignoring its resize filter argument and
    was using the filter setting from the Image structure instead.

  * The mirror virtual pixel method was broken.

New Features:

  * Open64 Compiler Suite: Version 5.0 is fully supported.

  * Wand API: Added MagickExtentImage().

  * MEF RAW: Mamiya Photo RAW "MEF" format is now supported.

Feature improvements:

  * DPX format: Original file endianness is preserved by default.

  * PNG library: Updated libpng to 1.5.9 release.

  * TIFF library: Updated libtiff to 4.0.1 release.

  * Zlib library: Updated to zlib 1.2.6 release.

Performance Improvements:

  * Despeckle algorithm (-despeckle) is many times faster.

Behavior Changes:

  * DPX format: Original file endianness is preserved by default.

Revision 1.3 / (download) - annotate - [select for diffs], Sun Jan 8 05:25:54 2012 UTC (11 years, 8 months ago) by obache
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Update GraphicsMagick to 1.3.13.

While here, remove unwanted buildlink and add lzma option.

1.3.13 (December 24, 2011)
==========================

Security Fixes:

  None

Bug fixes:

  * In I/O blob, don't rewind already open file handle passed to
    OpenBlob() since we don't know the intended state of this file
    handle, and because it prevents appending to an existing file.

  * In AppendImageProfile(), don't leak profile buffer while appending
    a chunk to an existing profile.

  * Fix deadlock in ClonePixelCache() which was caused by using the
    same semaphore pointer in the source and destination images.

  * Removed bogus SyncBlob() code which sometimes caused a crash and
    was not useful.

  * Fixed crash or hang which occured when the user entered CONTROL-C
    while threaded code was being executed.

  * Fix core dump in AcquireOneCacheViewPixelInlined() when the image
    is in CMYK space.

  * In MontageImages (montage), fix crash observed with "-geometry
    x+0+0".

  * The TIFF reader was crashing for images which use the
    TIFFTAG_OPIIMAGEID tag.

  * AppendImages() (-append) was failing when only one image was
    provided.

  * The `animate`, `display`, and `identify` commands now report any
    error only once, and then proceed to the next file name rather
    than quitting.

  * Don't change the locale settings in InitializeMagick() since this
    may cause problems for international users.  API users are still
    responsible for assuring that locale settings don't break floating
    point parsing and output (i.e. floating point decimal needs to be
    '.' rather than ',').

  * RPM build is fixed (PerlMagick build was broken).

  * RPM build installs documentation to expected places on Red Hat
    type systems.

  * Fixes for usage with OpenSolaris.

  * DESTDIR is supported by PerlMagick build.

  * The matte channel was not being properly enabled or respected for
    TXT images.

  * InitializeMagick() and DestroyMagick() are now fully thread safe.

  * When a shear angle was as zero, the shear request was being
    ignored entirely.

  * In DispatchImage(), the `K` channel was always output as black for
    "CMYK" specification unless the image matte flag was True.

  * MATLAB fixes.

  * PNG fixes.

  * PCL fixes for printing bi-level image on Konica-Minolta printers.

  * EPT error handling fixes.

  * JPEG reader was sometimes truncating large IPTC profiles.

  * JPEG writer now handles errors properly rather than allowing
    libjpeg to exit the program (or hanging if driven by Magick++).

  * JPEG reader now treats an unhandled EXP marker as a warning rather
    than a hard error.

  * File open errors are now reliably reported.

  * Improved rendering precision when using the drawing APIs.

  * For the Magick++ Image backgroundColor(), borderColor(), and
    matteColor() methods, preserve the opacity part of the
    user-specified color.

New Features:

  * Add support for drawing text using a bitmap font.

  * benchmark command supports a -stepthreads option to execute the
    specified command with an increasing number of threads to measure
    how an algorithm benefits from threading.  This mode includes a
    column to show the speedup compared with one thread, and the
    Karp-Flatt metric

  * Added Add support for invoking "gs-cmyk" and "gs-cmyka" entries in
    delegates.mgk when ColorSeparationType or ColorSeparationMatteType
    is requested.  These cause Ghostscript to always output CMYK PAM
    format (even if the input file was not in CMYK format).

  * EXIF profiles are preserved when writing JPEG files.

  * The -mosaic command now respects the composition option specified
    by -compose as well as the image background color specified by
    -background.

  * The TXT coder now supports multiple image frames.

  * For image normalization (-normalize), add support for
    histogram-threshold setting to specify the percentage of the
    histogram to discard when computing image normalization parameters
    (default is 0.1%).  For example `-set histogram-threshold 0.01
    -normalize`.

  * Added an `INFO` coder which produces textual image description
    output similar to `identify` but may be used with convert like "gm
    convert myfile info:-".

  * Support application of the PDF crop box via '-define
    pdf:use-cropbox=true'.

  * For PCL printer output, define pcl:fit-to-page in order for the
    printer to scale the image to fit the page.

  * Added order dither 5x5, 6x6, and 7x7 circular dither patterns to
    create a halftone effect.

  * PNM subformats are now reported as the specific subformat rather
    than just "PNM".

  * NetPBM's PAM format is now supported.

  * MacPaint image format reader is added.

  * Added TIFF LZMA compressor support.

  * Added TIFF support for a tiff:group-three-options define to allow
    power-users to set the value of the GROUP3OPTIONS tag.

  * New core C API function SetImageColorRegion() to set the constant
    pixel color for a specified region of the image.

  * New Wand C API function MagickWriteImagesFile() to append images
    to a provided file handle.

  * New Wand C API function MagickSetImageSavedType() to allow
    specifying the storage type used when saving the file (rather than
    changing the current image characteristics).

  * In Wand C API, the functions NewPixelWand(), NewDrawingWand(), and
    NewMagickWand() invoke InitializeMagick() automatically in case
    user forgets to do so.

  * New Wand C API function MagickSetFormat() to allow setting the
    file or blob format before it has been read.

  * New Wand C API function MagickSetDepth() to set the depth used
    when reading from an image format which requires that the depth be
    specified in advance.

Feature improvements:

  * Now compiles properly with libpng 1.4.X and 1.5.X.

  * Lcms 2.X is supported.

Performance Improvements:

  * TGA read performance improved.

  * PNM read/write performance improved.

  * Convolution (-convolve, -sharpen, -guassian, etc.) is faster.

  * Adaptive threshold image (-lat) is faster.

  * Image trimming (-trim) is faster.

Behavior Changes:

  * For DPX format and packed 10 bits, datums are now represented in
    the same (reversed) order for all RGB and YCbCr formats.
    Previously YCbCr 4:4:4 formats were not swapping the word datums
    because the only real-world files encountered did not swap the
    word datums.

  * The -colors, -map, and -monochrome options now take effect
    immediately rather than at the end of all other processing.

  * Removed non-standard multi-frame extension for SGI format.

  * Windows install footprint is more consistent between DLL and
    static builds.

  * LZMA compressed tarball is in 'xz' format rather than deprecated
    'lzma' format.

Revision 1.2 / (download) - annotate - [select for diffs], Wed May 18 14:26:26 2011 UTC (12 years, 4 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.1: +5 -1 lines
Diff to previous 1.1 (colored)

Moudulalize GraphicsMagick, for let PerlMagick to lightweight.
Bump PKGREVISION.

It introduce bump PKGREVISION of p5-GraphicsMagick.
While here,
 * move distinfo and patches location to Makefile.common.
 * let to exactly linked against installed GraphicsMagick.

Revision 1.1 / (download) - annotate - [select for diffs], Mon May 16 01:18:54 2011 UTC (12 years, 4 months ago) by dmcmahill
Branch: MAIN

Add options.mk for GraphicsMagic and add options for building without X
or a few other dependencies.  This is part of PR pkg/43929 from
Edgar Fu

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>