From: Brad Smith Subject: Re: UPDATE: GraphicsMagick 1.3.45 To: ports@openbsd.org Date: Sun, 27 Oct 2024 18:35:47 -0400 ping. On 2024-10-11 7:46 a.m., Brad Smith wrote: > Here is an update to GraphicsMagick 1.3.45. > > > Security Fixes: > > * GraphicsMagick is participating in Google's oss-fuzz project since > February 4 2018 due to the contributions and assistance of Alex > Gaynor and Paul Kehrer. The issues list is available at > https://bugs.chromium.org/p/oss-fuzz/issues/list under search term > "graphicsmagick". Issues are available for anyone to view and > duplicate if they have been in "Verified" status for 30 days, or if > they have been in "New" status for 90 days. Please consult the > GraphicsMagick ChangeLog file, Mercurial repository commit log, and > the oss-fuzz issues list for details. > > * GraphicsMagick has been participating in Synopsys's Coverity program > for free software projects since 2015. There has been a continuing > objective to keep outstanding defects at 0, or very close to 0. > Information about the Coverity status may be found at > https://scan.coverity.com/projects/graphicsmagick. > > * TIFF: Fixed multiple heap and stack buffer overflows (directed by > the source EXIF profile) while writing EXIF into the native TIFF > IFD. > > * FITS: Fix problem that the FITS reader could return invalid image > frames with rows or columns set to zero. Other code in the library > crashes, or even asserts, if invalid image frames with rows or > columns set to zero are returned. > > * Coverity fixes: Various fixes for Coverity issues raised after the > update to version 2023.12.2. > > * Clang Analyzer (scan-build) fixes: Various fixes for new issues > discovered by Clang Analyzer. > > Bug fixes: > > * configure.ac: Fix a shell syntax error. > > * GCC 14: Eliminate some new warnings which appeared while in -Wall > mode. > > * JPEG: FormatJPEGSamplingFactors() now properly handles the number of > samples for each colorspace. > > * JXL: Additional validations of color channel and alpha channel > depth. > > * TGA: Fix issues discovered by Coverity. > > * TGA: Fix writing TGA with opacity values in palette. > > * TGA: Default orientation is (again) TopLeftOrientation. > > * TIFF: Verify that TIFFTAG_BITSPERSAMPLE is within a rational range. > > * TXT: Eliminate use of an uninitialized-value in GetColorTuple(). > > * XML: Improve detection of if the deprecated HTTP and FTP protocols > are supported by libxml2. > > New Features: > > * Add support for reading the pre-rendered image from the Open Raster > ("ORA") format. Actual rendering of Open Raster is not supported. > > * Add support for Dune HD AAI Image (aka Auburn Animation Image) image > format ("AAI"). > > * Add support for a --version option, which produces GNU style summary > version output. > > * Identify output now indicates if the image is opaque. > > * WebP: Add support for '-define webp:exact=true' to preserve exact > RGB values under transparent areas while writing WebP format. > Enable this automatically when lossless is enabled. If lossless is > enabled, this option may be used to disable exact mode. > > * PerlMagick: Add AccessDefinition(), AddDefinition(), > AddDefinitions(), and RemoveDefinitions() methods to supporting > adding, updating, removing definitions. > > API Updates: > > * Magick++/STL.h: The deprecated std::unary_function is no longer used > given C++'11 or later. Continued use of it caused too many issues > due to an abundance of warnings. > > * Wand API PixelSetQuantumColor(): The color argument is now a const > pointer. > > Behavior Changes: > > * The graphical progress indication in the X11 sub-apps 'animate' and > 'display' is disabled due to discovering a tremendous performance > impact while rendering text under Ubuntu 22.04 LTS. The underlying > cause of the performance impact is not yet known. A text-based > progress output to the program's console is available via > `-monitor`. > > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/graphics/GraphicsMagick/Makefile,v > retrieving revision 1.75 > diff -u -p -u -p -r1.75 Makefile > --- Makefile 26 Jul 2024 11:52:51 -0000 1.75 > +++ Makefile 11 Oct 2024 09:49:43 -0000 > @@ -1,6 +1,6 @@ > COMMENT= image processing tools with stable ABI > > -DISTNAME= GraphicsMagick-1.3.43 > +DISTNAME= GraphicsMagick-1.3.45 > CATEGORIES= graphics devel > SITES= ${SITE_SOURCEFORGE:=graphicsmagick/} > EXTRACT_SUFX= .tar.xz > @@ -17,16 +17,17 @@ MAINTAINER= Brad Smith PERMIT_PACKAGE= Yes > > WANTLIB += ${COMPILER_LIBCXX} ICE SM X11 Xau Xdmcp Xext aom brotlicommon > -WANTLIB += brotlidec brotlienc bz2 c de265 freetype heif hwy iconv > -WANTLIB += jasper jbig jpeg jxl jxl_cms jxl_threads lcms2 ltdl > -WANTLIB += lzma m png sharpyuv tiff webp webpmux wmflite-0.2 x265 > -WANTLIB += xcb xml2 z zstd > +WANTLIB += brotlidec brotlienc bz2 c crypto de265 freetype heif > +WANTLIB += hwy iconv jasper jbig jpeg jxl jxl_cms jxl_threads > +WANTLIB += lcms2 ltdl lzma m png sharpyuv tiff webp webpmux wmflite-0.2 > +WANTLIB += x265 xcb xml2 z zip zstd > > WANTLIB += perl # uses perl ABI > > COMPILER = base-clang ports-gcc > > LIB_DEPENDS= archivers/bzip2 \ > + archivers/libzip \ > archivers/xz \ > archivers/zstd \ > converters/libiconv \ > Index: distinfo > =================================================================== > RCS file: /cvs/ports/graphics/GraphicsMagick/distinfo,v > retrieving revision 1.35 > diff -u -p -u -p -r1.35 distinfo > --- distinfo 26 Jul 2024 11:52:51 -0000 1.35 > +++ distinfo 11 Oct 2024 09:49:43 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (GraphicsMagick-1.3.43.tar.xz) = K4hYBzLNfkCdniLGEWI4vvSuBvzaEUUb8z0ln5y/OZ8= > -SIZE (GraphicsMagick-1.3.43.tar.xz) = 5657460 > +SHA256 (GraphicsMagick-1.3.45.tar.xz) = 3OpRZ0FPfIBVV94tekepsxR7y/YXuR9fD0r+XmVDAms= > +SIZE (GraphicsMagick-1.3.45.tar.xz) = 5936968 > Index: patches/patch-configure > =================================================================== > RCS file: /cvs/ports/graphics/GraphicsMagick/patches/patch-configure,v > retrieving revision 1.24 > diff -u -p -u -p -r1.24 patch-configure > --- patches/patch-configure 26 Jul 2024 11:52:51 -0000 1.24 > +++ patches/patch-configure 11 Oct 2024 09:49:43 -0000 > @@ -1,16 +1,16 @@ > Index: configure > --- configure.orig > +++ configure > -@@ -30112,7 +30112,7 @@ done > +@@ -32139,7 +32139,7 @@ fi > # > > # Subdirectory under lib to place GraphicsMagick lib files > -MagickLibSubdir="${PACKAGE_NAME}-${PACKAGE_VERSION}" > +MagickLibSubdir="${PACKAGE_NAME}" > > - cat >>confdefs.h <<_ACEOF > - #define MagickLibSubdir "$MagickLibSubdir" > -@@ -30216,7 +30216,7 @@ _ACEOF > + printf "%s\n" "#define MagickLibSubdir \"$MagickLibSubdir\"" >>confdefs.h > + > +@@ -32225,7 +32225,7 @@ printf "%s\n" "#define MagickFilterModulesPath \"$Magi > > # > # Path to GraphicsMagick share files > Index: pkg/PLIST > =================================================================== > RCS file: /cvs/ports/graphics/GraphicsMagick/pkg/PLIST,v > retrieving revision 1.30 > diff -u -p -u -p -r1.30 PLIST > --- pkg/PLIST 26 Jul 2024 11:52:51 -0000 1.30 > +++ pkg/PLIST 11 Oct 2024 09:49:43 -0000 > @@ -99,6 +99,8 @@ lib/GraphicsMagick/config/type-windows.m > lib/GraphicsMagick/config/type.mgk > lib/GraphicsMagick/modules-Q16/ > lib/GraphicsMagick/modules-Q16/coders/ > +lib/GraphicsMagick/modules-Q16/coders/aai.la > +@so lib/GraphicsMagick/modules-Q16/coders/aai.so > lib/GraphicsMagick/modules-Q16/coders/art.la > @so lib/GraphicsMagick/modules-Q16/coders/art.so > lib/GraphicsMagick/modules-Q16/coders/avs.la > @@ -195,6 +197,8 @@ lib/GraphicsMagick/modules-Q16/coders/mv > @so lib/GraphicsMagick/modules-Q16/coders/mvg.so > lib/GraphicsMagick/modules-Q16/coders/null.la > @so lib/GraphicsMagick/modules-Q16/coders/null.so > +lib/GraphicsMagick/modules-Q16/coders/ora.la > +@so lib/GraphicsMagick/modules-Q16/coders/ora.so > lib/GraphicsMagick/modules-Q16/coders/otb.la > @so lib/GraphicsMagick/modules-Q16/coders/otb.so > lib/GraphicsMagick/modules-Q16/coders/palm.la