head 1.6; access; symbols pkgsrc-2026Q2:1.5.0.28 pkgsrc-2026Q2-base:1.5 pkgsrc-2026Q1:1.5.0.26 pkgsrc-2026Q1-base:1.5 pkgsrc-2025Q4:1.5.0.24 pkgsrc-2025Q4-base:1.5 pkgsrc-2025Q3:1.5.0.22 pkgsrc-2025Q3-base:1.5 pkgsrc-2025Q2:1.5.0.20 pkgsrc-2025Q2-base:1.5 pkgsrc-2025Q1:1.5.0.18 pkgsrc-2025Q1-base:1.5 pkgsrc-2024Q4:1.5.0.16 pkgsrc-2024Q4-base:1.5 pkgsrc-2024Q3:1.5.0.14 pkgsrc-2024Q3-base:1.5 pkgsrc-2024Q2:1.5.0.12 pkgsrc-2024Q2-base:1.5 pkgsrc-2024Q1:1.5.0.10 pkgsrc-2024Q1-base:1.5 pkgsrc-2023Q4:1.5.0.8 pkgsrc-2023Q4-base:1.5 pkgsrc-2023Q3:1.5.0.6 pkgsrc-2023Q3-base:1.5 pkgsrc-2023Q2:1.5.0.4 pkgsrc-2023Q2-base:1.5 pkgsrc-2023Q1:1.5.0.2 pkgsrc-2023Q1-base:1.5 pkgsrc-2022Q4:1.4.0.10 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.8 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.6 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.4 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.2 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.3.0.24 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.22 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.20 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.18 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.16 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.14 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.10 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.12 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.8 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.6 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.4 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.2 pkgsrc-2018Q4-base:1.3 pkgsrc-2013Q2:1.2.0.2 pkgsrc-2013Q2-base:1.2; locks; strict; comment @# @; 1.6 date 2026.06.29.12.00.28; author adam; state Exp; branches; next 1.5; commitid uWFef6XvGgbtLGLG; 1.5 date 2023.01.25.06.40.46; author adam; state Exp; branches; next 1.4; commitid dbT9Utoo2DCPcTaE; 1.4 date 2021.12.14.19.56.25; author adam; state Exp; branches; next 1.3; commitid QPV5XQzQFNdSGEkD; 1.3 date 2018.11.22.16.09.23; author adam; state Exp; branches; next 1.2; commitid zLuk4fO2AZWknX0B; 1.2 date 2013.03.11.19.54.07; author adam; state dead; branches; next 1.1; 1.1 date 2013.02.19.00.23.26; author wiz; state Exp; branches; next ; desc @@ 1.6 log @GraphicsMagick p5-GraphicsMagick: updated to 1.3.47 1.3.47 Security Fixes: DPX: Fix subsampling validation logic which was failing due to incorrect logic. This avoids a divide by zero possibility. JNG writer: Properly handle and report the case where ImageToBlob()returns NULL. MNG writer: Enforce that MNG only supports a color palette up to 256 colors (ImageMagick CVE-2026-28690). MagickXImageWindowCommand(): Assure that static buffer does not overflow if the user keeps a numeric key depressed (ImageMagick CVE-2026-33535). PCD: Prevent an out of bounds read (ImageMagick security advisory GHSA-wrhr-rf8j-r842). PNG writer: Detect and report an excessively large profile, an other unexpected conditions (ImageMagick CVE-2026-30883). RenderFreetype(): Use MagickConfirmAccess() to verify that font file name is allowed to be read. TIFF EXIF IFD writer: Detect and prevent infinite looping (EXIF IFD writer code may be excluded by the -DEXPERIMENTAL_EXIF_TAGS=0 define). TIFF EXIF IFD writer: Only transfer tags from EXIF and GPS IFDs. Do not transfer tags from the main IFDs. YUV: Fix validation of 'sampling-factor' argument. (ImageMagick CVE-2026-25799). Given that the argument normally comes from a user (rather than an input file) this seems to be a minor security issue at most. PS, PS2, PS3: Enforce that width and height dimensions, and total pixels, to/from Ghostscript are within the same limits as specified for GraphicsMagick. This helps avoid Ghostscript-based denial of service opportunities. SVG: Add validations for element id syntax. Reject invalid attribute values which contain single quotes. XCF: Report an error if there are no layers. Fix two unsigned integer overflow cases. DescribeImage(): Avoid heap write overflow while parsing the image directory. Bug fixes: ColorFloodfillImage(): Disable OpenMP since it was observed to create corrupt images. DCM/DICOM: Fix bit shift for 16-bit short, which corrupted results for some images. DrawImage(): Fix memory leak which might occur under severe conditions. Magick++: Use HAVE_PTHREAD to enable thread-safe code. This bug has been present since 2003! Magick++: If monochrome is disabled, then clear the image is_monochrome flag if it is set. Magick++: No longer throw a C++ exception from the MutexLock destructor. JP2: Fix a bug which caused lossless compression to not be engaged by '-define jp2:rate=1.0'. JPEG: Allow writing CMYK JPEG without specifically requesting it (SourceForge issue 768). This fixes a regression introduced in the last release. JPEG: For components == 1 (gray), fix reading PseudoClass images. ModuleAliases: Added a mapping from magick "MPRI" to module "MPR". This missing mapping caused the "MPRI" coder to not work for non-module builds. As a result, the 'mogrify' "hald-clut", "map", "mask", and "tile" subcommands were not working. Any use of "MPRI:N" syntax to save an image for later (from the command-line or via the APIs) would have failed. HEIF: Check the return status of heif_image_handle_get_preferred_decoding_colorspace() in order to avoid consuming uninitialized memory. While this might appear to be a security issue, it appears to be reasonably benign. Apple PICT: Since the implementation originating from ImageMagick, the rowBytes transition from from byte to short while reading byteCount was 200. However, it should have been 250! See "https://github.com/ImageMagick/ImageMagick/issues/7837" for details. The reader and writer have been changed to use 250. This means that PICT files written by the fixed GraphicsMagick will not be readable by older GraphicsMagick versions (but the fixed GraphicsMagick can read older existing files). PNM: Improve ASCII formats error checking. HEIF (HEIC, AVIF, etc.): The identify command was very slow with HEIF, although it always reported accurate information. Now identify is fast but may return wrong results if the image is rotated. Use '-define heif:ignore-transformations=false' to assure that the values returned are accurate. TIFF: Be more pessimistic about claims from libtiff and require that it produce a scanline, strip, or tile, before allocating pixels from the pixel cache. This helps prevent small files from using excessive resources. Rendering (-draw/MVG): use the resource-limited memory allocator to provide more resource limit control (for primitive info and graphic contexts). GIF: Store image comment in first image frame rather than the last frame. Add missing prototypes for some functions and declare some functions as 'static' which were accidentally left visible. PerlMagick: PerlMagick is now "const correct" and data which could be const is now declared as such. MAT: Fix memory leaks. XPM/PICON: Verify that the expected number of pixels were transferred to the image. SetImageType(): Assure that callers of SetImageType() do check for its failure, and return appropriate status. API Updates: Wand API: Added the MagickSetBackgroundColor() function to support setting the default background color. Drawing API: DrawNewContext(), is a new function to allocate an empty drawing context. Wand API: The wand/drawing_wand.c functions which duplicate code in magick/draw.c are gutted and replaced with calls into magick/draw.c. Magick++: Add access confirmation functions and enumerations to Magick namespace so that file/URL access confirmation functions may be used. A sample implementation is included in the 'zoom' demo program. New Features: PNM: Support reading PBM raw (P1), PGM raw (P2), and PPM raw (P3) files which lack a newline character at the end of the last line. HEIF (HEIC, AVCI, AVIF, MP4, etc.): Memory limits and many more libheif resource limits are now applied/available. Support reading multiple image frames. Support arbitrary image depths up to 16 bits. Deduce file type by consulting libheif. Support reading HEIF image from an in-memory BLOB, or memory mapped file. HEIF (HEIC, AVCI, AVIF, MP4, etc.): Support both RGB interleaved and planar decode modes at once. Use the heif:interleaved-rgb-decode=yes/no define to select which mode is used. HEIF (HEIC, AVCI, AVIF, MP4, etc.): Add support for -define heif:tile-threads=number to specify how many tiles may be decoded at once. The 'convert' and 'mogrify' subcommands now support -remap, which is equivalent to -map. This is to improve compatibility with ImageMagick, which changed from -map to -remap some time after the GraphicsMagick fork in 2022. Command arguments which currently accept "Opacity" now accept "Alpha" as a synonym. This is to improve compatibility with ImageMagick Command arguments which currently accept "CopyOpacity" now accept "CopyAlpha" as a synonym. This is to improve compatibility with ImageMagick. Resource Limited Memory: Added module, function, and line parameters for the purpose of tracing, and to capture the source location where the allocation was made. Resource limit for number of simultaneous images: Add an 'ImagesResource' limit and '-limit images' to place a limit on discrete raster images which may be loaded into the program simultaneously. The resource which is limited is the number of Image pixel cache stores with allocated pixels rather than reference-counted "Image" handles. WBMP: Support alternate file extensions "WBM" and "WBP". OSS-Fuzz: The oss-fuzz build script is completely re-written and supports building almost all of the available library dependencies. TIFF: Added support for LERC compression in TIFF reader and writer, as welll as update Magick++, PerlMagick, and TclMagick to be able to access it. Behavior Changes: Apple PICT: Older GraphicsMagick will be unable to read the PICT files that newer versions write, but newer GraphicsMagick can still read files which were written by ImageMagick or GraphicsMagick in the broken format. C API: MagickRealloc() now behaves like standard realloc() and the MagickReallocMemory() macro takes responsibility for freeing the original memory upon a reallocation failure. Rendering (-draw/MVG): The default image canvas color is now the background color (default white), which may be transparent. Previously, the image was always set to opaque. General Implementation Improvements: FormatString(): Deprecate FormatString(), and replace all usages with MagickFormatString(), or a suitable equivalent. Code previously depended on many string buffers being allocated with size 'MaxTextExtent' to avoid buffer overflow. The updates result in MagickFormatString() being passed the actual underlying buffer size in most cases (except for when the API design prevents it). This allows underlying buffer sizes to be optimially-sized, but that has not been done yet. @ text @$NetBSD$ Do not save configure args; they reference workdir. --- configure.orig 2026-05-13 14:14:52.000000000 +0000 +++ configure @@@@ -36236,31 +36236,8 @@@@ MAGICK_API_LIBS=`echo $MAGICK_API_LIBS | # Save configure/build parameters for later reference -printf "%s\n" "#define GM_BUILD_CONFIGURE_ARGS \"$0 ${ac_configure_args}\"" >>confdefs.h -printf "%s\n" "#define GM_BUILD_HOST \"${host}\"" >>confdefs.h - - -printf "%s\n" "#define GM_BUILD_CC \"${CC}\"" >>confdefs.h - - -printf "%s\n" "#define GM_BUILD_CXX \"${CXX}\"" >>confdefs.h - - -printf "%s\n" "#define GM_BUILD_CFLAGS \"${CFLAGS}\"" >>confdefs.h - - -printf "%s\n" "#define GM_BUILD_CPPFLAGS \"${CPPFLAGS}\"" >>confdefs.h - - -printf "%s\n" "#define GM_BUILD_CXXFLAGS \"${CXXFLAGS}\"" >>confdefs.h - - -printf "%s\n" "#define GM_BUILD_LDFLAGS \"${LDFLAGS}\"" >>confdefs.h - - -printf "%s\n" "#define GM_BUILD_LIBS \"${MAGICK_API_DEP_LIBS}\"" >>confdefs.h # Pass only user-provided LIBS as "global" libraries @ 1.5 log @GraphicsMagick p5-GraphicsMagick: updated to 1.3.40 1.3.40 (January 14, 2023) Special Issues: GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work. Security Fixes: GraphicsMagick is participating in Google's oss-fuzz project since February 4 2018 due to the contributions and assistance of Alex Gaynor and Paul Kehrer. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Security Fixes: DCX: Fixed heap overflow when writing more than 1023 scenes, and also eliminated use of uninitialized memory. Bug fixes: GetMagickGeometry(): Fix a scaling issue where dimensions could be scaled down to zero. PCD: Handle writing image with a dimension of 1. PNG: When writing, use lower-case raw profile identifiers (e.g. 'Raw profile type xmp') because exiftool expects that. SUN: The sense of monochrome images was inverted. Fix scanline size calculation. WPG: Fix 20-year old bug in WPG header reading. New Features: JXL: Decode and log extra channel information. This information is not yet used. PCX and DCX: Support writing uncompressed format (use -compress none for no compression). Added IM1, IM8, and IM24 magick aliases for the Sun Raster format since those are the historically correct extensions. API Updates: AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed. Windows Delegate Updates/Additions: Jasper is updated to release 2.0.33. Build Changes: Visual Studio build possible with Visual Studio 2008 - 2022. Windows Inno Setup installer now installs Microsoft redistributables rather than using a side-by-side DLL configuration. Behavior Changes: AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.4 2021/12/14 19:56:25 adam Exp $ d5 1 a5 1 --- configure.orig 2022-12-26 16:56:04.000000000 +0000 d7 1 a7 1 @@@@ -30779,9 +30779,6 @@@@ MAGICK_API_LIBS=`echo $MAGICK_API_LIBS | d11 1 a11 3 -cat >>confdefs.h <<_ACEOF -#define GM_BUILD_CONFIGURE_ARGS "$0 ${ac_configure_args}" -_ACEOF d14 25 a38 1 cat >>confdefs.h <<_ACEOF @ 1.4 log @GraphicsMagick: updated to 1.3.37 1.3.37 (December ?, 2021) ========================== Special Issues: * The FTP site ftp.graphicsmagick.org is now shut down due to a lack of bandwith, extremely abusive users (including from Google and customers of Amazon Web Services), and a lack of support from the user community. Another factor is that FTP support has been removed from popular web browsers. This is very unfortunate since the site served multiple usages, including providing a lot of historical data (e.g. related to PNG) which may not be available elsewhere. * The Microsoft Visual Studio build has not been updated for this release (although it does compile and the results do work fine) and I will not be providing any Windows installation packages corresponding to this release. The problem is that the third-party 'delegate' libraries are out of date and they need to be updated since some of them are known to contain severe security vulnerabilities. Several third-party 'delegate' libraries now require real C'99 support, which means that Visual Studio 2015 or later would be required to build them. The 'configure' program used to build the Visual Studio project files needs to be updated since otherwise a 20 minute project upgrade cycle is needed when using Visual Studio 2019, and to make minor path changes to avoid a multitude of project-file warnings while building. The installation requirements for Visual Studio 2015 or later are different (related to run-time "redistributables", which are now very onerous) and so the Inno Setup installer needs some minor (or major) changes. Many pleas for assistance have been made (e.g. even to help with testing to see if the software executes at all) but thus far the Microsoft Windows user community has not been helpful with regards to the Microsoft Visual Studio build. * GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me. I have been sheparding the project for 19 years already (and contributed to ImageMagick and GraphicsMagick combined for 25 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a couple of years) to do all of the work. Security Fixes: * GraphicsMagick is participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 590 issues have been opened by oss-fuzz and 23 issues remain open (most of which are in third-party software such as development JasPer). The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Bug fixes: * CAPTION: Eliminate an assertion upon deallocation. * CMYK: Fix broken reading of planar CMYK files (a regression since 1.3.27). * ExecuteModuleProcess(): Add missing error reporting related to the -module command option. * GIF: Handle GIF files where the 'opaque' index matches the number of colors by producing an extra colormap entry of transparent black. * JP2: Adaptations to compile cleanly with JasPer 2.0.20. * META: Fix types used to prefer unsigned types where possible and to use 'size_t' rather than 'int' for size values. * MSL: A great many MSL parser fixes. * Microsoft Windows: Detect and use Ghostscript point versions added after 9.52, after which the version number format was changed. * PCX: Fix problem that 16-colors are used rather than 256-colors * PDF: Fix MediaBox dimensions ("Incorrect MediaBox in PDF export"). * PDF: Use appropriate memory deallocator for memory returned by StringToList(). * RGB: Fix broken reading of planar RGB files (a regression since 1.3.27). * TIFF: Fix double-charging for memory allocations (a regression since 1.3.36). * TIFF: Make sure that loops using TIFFReadScanline(), etc, do quit upon first reported error. * WEBP: Enforce that embedded profiles provided by libWebP are not zero-sized. * WEBP: Use SetImagePixelsEx() rather than GetImagePixelsEx() in reader. * WriteBlob(): Use appropriate handle for bzip2. New Features: * None API Updates: * DisposeTypeToString(): New utility function to convert a DisposeType to a string. * StringToDisposeType(): New utility function to convert a string to a DisposeType. Feature improvements: * JP2: Support building using development JasPer 3.0.0 and request that it use our managed-memory allocators for resource control. * Pixel Cache: Memory cache implementation of pixel cache now uses resource limited memory allocator. * Analyze filter module: Add OpenMP speed-ups. * IsImagesEqual(): Allow comparing images when the 'matte' channel flag differs. Windows Delegate Updates/Additions: * Remove bundled hp2xx.exe, mpeg2dec.exe, and mpeg2enc.exe. Build Changes: * Microsoft Windows: configure.ac fixes for gdi32 to depend on user32 as well. * Microsoft Windows: VisualMagick/All/All.vcproj.in updated to fix problem with not being able to load the 'All' project if the project supports the x64 target. * Autotools build, many more TAP tests have been added, including to exercise all of the 'convert' commands. * TIFF: Adaptations to compile cleanly for libtiff versions beyond 20201219. * Magick++: Support compiling with C++'98 through C++'17. * Autotools build, Add support for using an external 'graphicsmagick_snapshot_copy' script to copy files for the 'snapshot' target. This provides local control over how files are copied and where they are copied to. Behavior Changes: * TranslateTextEx(): If image resolution is impossibly small, then report the default resolution of 72 DPI, or the equivalent in centimeters if units is in pixels-per-centimeter. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.3 2018/11/22 16:09:23 adam Exp $ a2 1 Portability fix. d5 1 a5 1 --- configure.orig 2021-12-12 21:09:14.000000000 +0000 d7 1 a7 10 @@@@ -29058,7 +29058,7 @@@@ fi # Tests for programs only used while in maintainer mode -if test "$MAINT" == '' ; then +if test "$MAINT" = '' ; then # Test for optional rst2html.py utility and define automake conditional HasRST2HTML if found. for ac_prog in rst2html.py rst2html do @@@@ -30160,9 +30160,6 @@@@ MAGICK_API_LIBS=`echo $MAGICK_API_LIBS | @ 1.3 log @GraphicsMagick: commit missing patch, fix buildlink.mk @ text @d1 1 a1 1 $NetBSD$ d3 1 d6 1 a6 1 --- configure.orig 2018-11-20 10:05:54.000000000 +0000 d8 10 a17 1 @@@@ -30127,9 +30127,6 @@@@ MAGICK_API_LIBS=`echo $MAGICK_API_LIBS | @ 1.2 log @patches are no longer required @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.1 2013/02/19 00:23:26 wiz Exp $ d3 1 a3 1 Detect png-1.6 and 1.7. d5 1 a5 1 --- configure.orig 2012-10-13 21:32:07.000000000 +0000 d7 1 a7 1 @@@@ -26183,7 +11531,7 @@@@ fi d9 1 d11 6 a16 6 if test $passed -gt 0; then - for var in 5 4 2 '' ; do + for var in 7 6 5 4 2 '' ; do if test "x${var}" = 'x' ; then pnglib='png' else @ 1.1 log @Detect png-1.6 and 1.7, while we're here. @ text @d1 1 a1 1 $NetBSD$ @