From: Brad Smith <brad@comstyle.com>
Subject: UPDATE: GraphicsMagick 1.3.45
To: ports@openbsd.org
Date: Fri, 11 Oct 2024 07:46:29 -0400

Here is an update to GraphicsMagick 1.3.45.


Security Fixes:

* GraphicsMagick is participating in Google's oss-fuzz project since
  February 4 2018 due to the contributions and assistance of Alex
  Gaynor and Paul Kehrer. The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  Please consult the
  GraphicsMagick ChangeLog file, Mercurial repository commit log, and
  the oss-fuzz issues list for details.

* GraphicsMagick has been participating in Synopsys's Coverity program
  for free software projects since 2015.  There has been a continuing
  objective to keep outstanding defects at 0, or very close to 0.
  Information about the Coverity status may be found at
  https://scan.coverity.com/projects/graphicsmagick.

* TIFF: Fixed multiple heap and stack buffer overflows (directed by
  the source EXIF profile) while writing EXIF into the native TIFF
  IFD.

* FITS: Fix problem that the FITS reader could return invalid image
  frames with rows or columns set to zero. Other code in the library
  crashes, or even asserts, if invalid image frames with rows or
  columns set to zero are returned.

* Coverity fixes: Various fixes for Coverity issues raised after the
  update to version 2023.12.2.

* Clang Analyzer (scan-build) fixes: Various fixes for new issues
  discovered by Clang Analyzer.

Bug fixes:

* configure.ac: Fix a shell syntax error.

* GCC 14: Eliminate some new warnings which appeared while in -Wall
  mode.

* JPEG: FormatJPEGSamplingFactors() now properly handles the number of
  samples for each colorspace.

* JXL: Additional validations of color channel and alpha channel
  depth.

* TGA: Fix issues discovered by Coverity.

* TGA: Fix writing TGA with opacity values in palette.

* TGA: Default orientation is (again) TopLeftOrientation.

* TIFF: Verify that TIFFTAG_BITSPERSAMPLE is within a rational range.

* TXT: Eliminate use of an uninitialized-value in GetColorTuple().

* XML: Improve detection of if the deprecated HTTP and FTP protocols
  are supported by libxml2.

New Features:

* Add support for reading the pre-rendered image from the Open Raster
  ("ORA") format. Actual rendering of Open Raster is not supported.

* Add support for Dune HD AAI Image (aka Auburn Animation Image) image
  format ("AAI").

* Add support for a --version option, which produces GNU style summary
  version output.

* Identify output now indicates if the image is opaque.

* WebP: Add support for '-define webp:exact=true' to preserve exact
  RGB values under transparent areas while writing WebP format.
  Enable this automatically when lossless is enabled.  If lossless is
  enabled, this option may be used to disable exact mode.

* PerlMagick: Add AccessDefinition(), AddDefinition(),
  AddDefinitions(), and RemoveDefinitions() methods to supporting
  adding, updating, removing definitions.

API Updates:

* Magick++/STL.h: The deprecated std::unary_function is no longer used
  given C++'11 or later. Continued use of it caused too many issues
  due to an abundance of warnings.

* Wand API PixelSetQuantumColor(): The color argument is now a const
  pointer.

Behavior Changes:

* The graphical progress indication in the X11 sub-apps 'animate' and
  'display' is disabled due to discovering a tremendous performance
  impact while rendering text under Ubuntu 22.04 LTS.  The underlying
  cause of the performance impact is not yet known.  A text-based
  progress output to the program's console is available via
  `-monitor`.


Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/GraphicsMagick/Makefile,v
retrieving revision 1.75
diff -u -p -u -p -r1.75 Makefile
--- Makefile	26 Jul 2024 11:52:51 -0000	1.75
+++ Makefile	11 Oct 2024 09:49:43 -0000
@@ -1,6 +1,6 @@
 COMMENT=	image processing tools with stable ABI
 
-DISTNAME=	GraphicsMagick-1.3.43
+DISTNAME=	GraphicsMagick-1.3.45
 CATEGORIES=	graphics devel
 SITES=		${SITE_SOURCEFORGE:=graphicsmagick/}
 EXTRACT_SUFX=	.tar.xz
@@ -17,16 +17,17 @@ MAINTAINER=	Brad Smith <brad@comstyle.co
 PERMIT_PACKAGE=		Yes
 
 WANTLIB += ${COMPILER_LIBCXX} ICE SM X11 Xau Xdmcp Xext aom brotlicommon
-WANTLIB += brotlidec brotlienc bz2 c de265 freetype heif hwy iconv
-WANTLIB += jasper jbig jpeg jxl jxl_cms jxl_threads lcms2 ltdl
-WANTLIB += lzma m png sharpyuv tiff webp webpmux wmflite-0.2 x265
-WANTLIB += xcb xml2 z zstd
+WANTLIB += brotlidec brotlienc bz2 c crypto de265 freetype heif
+WANTLIB += hwy iconv jasper jbig jpeg jxl jxl_cms jxl_threads
+WANTLIB += lcms2 ltdl lzma m png sharpyuv tiff webp webpmux wmflite-0.2
+WANTLIB += x265 xcb xml2 z zip zstd
 
 WANTLIB += perl # uses perl ABI
 
 COMPILER =		base-clang ports-gcc
 
 LIB_DEPENDS=		archivers/bzip2 \
+			archivers/libzip \
 			archivers/xz \
 			archivers/zstd \
 			converters/libiconv \
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/GraphicsMagick/distinfo,v
retrieving revision 1.35
diff -u -p -u -p -r1.35 distinfo
--- distinfo	26 Jul 2024 11:52:51 -0000	1.35
+++ distinfo	11 Oct 2024 09:49:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (GraphicsMagick-1.3.43.tar.xz) = K4hYBzLNfkCdniLGEWI4vvSuBvzaEUUb8z0ln5y/OZ8=
-SIZE (GraphicsMagick-1.3.43.tar.xz) = 5657460
+SHA256 (GraphicsMagick-1.3.45.tar.xz) = 3OpRZ0FPfIBVV94tekepsxR7y/YXuR9fD0r+XmVDAms=
+SIZE (GraphicsMagick-1.3.45.tar.xz) = 5936968
Index: patches/patch-configure
===================================================================
RCS file: /cvs/ports/graphics/GraphicsMagick/patches/patch-configure,v
retrieving revision 1.24
diff -u -p -u -p -r1.24 patch-configure
--- patches/patch-configure	26 Jul 2024 11:52:51 -0000	1.24
+++ patches/patch-configure	11 Oct 2024 09:49:43 -0000
@@ -1,16 +1,16 @@
 Index: configure
 --- configure.orig
 +++ configure
-@@ -30112,7 +30112,7 @@ done
+@@ -32139,7 +32139,7 @@ fi
  #
  
  # Subdirectory under lib to place GraphicsMagick lib files
 -MagickLibSubdir="${PACKAGE_NAME}-${PACKAGE_VERSION}"
 +MagickLibSubdir="${PACKAGE_NAME}"
  
- cat >>confdefs.h <<_ACEOF
- #define MagickLibSubdir "$MagickLibSubdir"
-@@ -30216,7 +30216,7 @@ _ACEOF
+ printf "%s\n" "#define MagickLibSubdir \"$MagickLibSubdir\"" >>confdefs.h
+ 
+@@ -32225,7 +32225,7 @@ printf "%s\n" "#define MagickFilterModulesPath \"$Magi
  
  #
  # Path to GraphicsMagick share files
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/graphics/GraphicsMagick/pkg/PLIST,v
retrieving revision 1.30
diff -u -p -u -p -r1.30 PLIST
--- pkg/PLIST	26 Jul 2024 11:52:51 -0000	1.30
+++ pkg/PLIST	11 Oct 2024 09:49:43 -0000
@@ -99,6 +99,8 @@ lib/GraphicsMagick/config/type-windows.m
 lib/GraphicsMagick/config/type.mgk
 lib/GraphicsMagick/modules-Q16/
 lib/GraphicsMagick/modules-Q16/coders/
+lib/GraphicsMagick/modules-Q16/coders/aai.la
+@so lib/GraphicsMagick/modules-Q16/coders/aai.so
 lib/GraphicsMagick/modules-Q16/coders/art.la
 @so lib/GraphicsMagick/modules-Q16/coders/art.so
 lib/GraphicsMagick/modules-Q16/coders/avs.la
@@ -195,6 +197,8 @@ lib/GraphicsMagick/modules-Q16/coders/mv
 @so lib/GraphicsMagick/modules-Q16/coders/mvg.so
 lib/GraphicsMagick/modules-Q16/coders/null.la
 @so lib/GraphicsMagick/modules-Q16/coders/null.so
+lib/GraphicsMagick/modules-Q16/coders/ora.la
+@so lib/GraphicsMagick/modules-Q16/coders/ora.so
 lib/GraphicsMagick/modules-Q16/coders/otb.la
 @so lib/GraphicsMagick/modules-Q16/coders/otb.so
 lib/GraphicsMagick/modules-Q16/coders/palm.la