GraphicsMagick: updated to 1.3.27a

1.3.27:
Security Fixes:
* CMYK: Fix heap overwrites in raw CMYK writer.  Fix heap overwrites
  in raw CMYK reader (noticed when doing montage).
* GIF: Assure that global colormap is initialized.
* DescribeImage(): Fix possible heap write overflow when describing
  visual image directory. Fix possible heap read overflow while
  accessing heap data, and possible information disclosure while
  describing the IPTC profile.
* DICOM: Fix huge memory allocation based on bogus length value (DOS
  opportunity).
* DrawDashPolygon(): Fix heap out of bounds read in render code.
* GRAY: Fix heap overwrites in raw GRAY reader (noticed when doing
  montage).
* JNG: Fix heap overruns.  Fix assertions.
* JNG: Prevent a crash due to zero-length color_image while reading a
  JNG image. (CVE-2017-11102).  Reject JNG files with unreasonable
  dimensions given the file size (avoid DOS).
* JNX: Fix DOS due to excessive memory allocations with corrupt file.
* JPEG: Do not allocate backing image pixels until a scanline has been
  successfully read.  Avoids DOS opportunity with suitably
  manufactured file.
* MAP: Fix null pointer dereference or segmentation violation.
* MAT: Fix heap write overflow.
* MNG: Reject over-large (65k by 65k) image.  Fix heap overwrites.
* PAM: Fix heap buffer overflow in PAM writer for 1 bit/sample + alpha.
* PICT: Fix excessive memory allocation due to malformed image file.
* PNG: Fix heap buffer overflow in PNG writer when promoting from
  indexed PNG to RGBA.
* PNM: Fix DOS due to excessive memory allocations with corrupt file.
* RGB: Fix heap overwrite in raw RGB writer. Fix heap overwrites in
  raw RGB reader (noticed when doing montage).
* RLE: Fix DOS opportunities due to false claims in image header.  Fix
  heap out of bounds read.
* SFW: Avoid possible heap write overflow.
* SUN: Fix heap read overflow.  Fix DOS due to excessive memory
  allocations with corrupt file.
* SVG: Fix heap write overflow.
* TIFF: Use heuristics to avoid DOS (excessive memory use) due to
  false claims by input file.  It is possible that this may reject
  some valid files.  Fix possible small heap overwrite beyond the
  allocated scanline buffer due to the NumberOfObjectsInArray() macro
  rounding up rather than down.
* UIL: Fix heap overwrite in writer.
* WPG: Fix DOS issues (memory, disk space, CPU time) due to
  insufficient validations.  Fix heap overwrites.
* XBM: Fix DOS issue where code remains stuck in loop and does not
  return.
* XV 332 (PNM): Fix null pointer dereference due to malformed file.
* TracePSClippingPath()/TraceSVGClippingPath(): Fix heap out of bounds
  read.
* Validate path entries in the MAGICK_CODER_MODULE_PATH and
  MAGICK_FILTER_MODULE_PATH environment variables and convert all
  paths to real paths if possible. This avoids possible use of
  relative paths to load modules (a possible security issue), or the
  possibility of adding a directory which was in the path, but
  missing, and may improve efficiency by removing non-existent paths.

Bug fixes:
* AVS: Memory leaks eliminated.
* CINEON: Fix possible use of NULL pointer.
* CMYK: Memory leaks eliminated.
* CUT: Memory leaks eliminated.  Fix possible use of NULL pointer.
* DCM: Fix possible use of NULL pointer.
* DrawImage(): Avoid "negative" strncpy().  This seems to be benign
  with glibc but perhaps not with other implementations.
* DPX: Memory leaks eliminated.
* EMF: Fix possible use of NULL pointer.
* FindMagickModule(): Fix possible use of NULL pointer.
* FITS: Fix memory leak.
* GIF: Fix memory leak.
* HDF: Memory leaks eliminated.
* HISTOGRAM: Fix memory leak.
* JNG: Memory leaks eliminated. Memory use after free and double-free
  issues eliminated.  Error reporting fixes.
* Magick::Options::strokeDashArray(): Fix possible use of NULL pointer.
* MagickXFileBrowserWidget(): Fix possible use of NULL pointer.
* MAT: Memory leaks eliminated.
* MagickMapCloneMap(): Fix possible assertion failure.
* MNG: Memory use after free issues eliminated.  Fix possible use of
  NULL pointer.  Fix memory leaks.
* MontageImageCommand(): Fix memory leaks.
* MPC: Fix memory leak in writer.
* MPEG: Fix memory leaks in writer.
* MTV: Memory leaks eliminated.
* NTRegistryKeyLookup(): Fix possible use of NULL pointer.
* NTGetTypeList(): Fix possible use of NULL pointer.
* PCD: Memory leaks eliminated.
* PCL: Fix null pointer dereference in PCL writer.
* PCX: Memory leaks eliminated.
* PALM: Fix possible use of NULL pointer. Fix memory leak.
* PICT: Memory leaks eliminated.
* PNG: Fix small (one-off) heap read overflow.
* PNM: Fix memory leaks.
* PS: Fix use of null pointer in error path.
* PWP: Fix possible use of null pointer.
* ReplaceImageColormap(): Throw an exception rather than assertion if
  the input image is not colormapped.
* RGB: Fix memory leak.
* SegmentImage(): Fix possible use of NULL pointer.
* SetImageProfile(): Fix possible assertion failure.
* SGI: Check for EOF while reading SGI file header.
* SUN: Fix memory leak.
* TIFF: Fix possible use of NULL pointer.  Fix memory leaks in writer.
* TIM: Fix memory leak.
* TOPOL: Fix possible use of NULL pointer.  Fix memory leaks.
* VIFF: Fix memory leak.
* WEBP: Detect partial write to output file.
* WPG: Fix possible use of null pointer. Fix excessive use of disk
  resources due to insufficient validations.
* WriteImage(): Restore use of GetBlobStatus() to test if an I/O error
  was encountered while writing output file. This assures that I/O
  failure in writers which do not themselves verify writes is assured
  to be reported.
* WMF: Memory use after free issues eliminated.
* YUV: Fix memory leaks.

New Features:
* PNG: Implemented eXIf chunk support.
* WEBP: Add support for EXIF and ICC metadata provided that at least
  libwebp 0.5.0 is used.
* Magick++ Image autoOrient(): New Image method to auto-orient an
  image so it looks right-side up by default.

Windows Delegate Updates/Additions:
* Libtiff is updated to libtiff 4.0.9.

Build Changes:
* JPEG/PNG: The SETJMP_IS_THREAD_SAFE definition is used to determine
  if setjmp/longjmp are thread safe.  If these interfaces are thread
  safe, then concurrent reads/writes are possible.  This definition is
  false for Solaris but true for Linux.  JPEG and PNG will be fully
  concurrent if this definition is enabled.

Behavior Changes:
* PALM: PALM writer is disabled.
* ThrowLoggedException(): Capture the first exception at
  ErrorException level or greater, or only capture exception if it is
  more severe than an already reported exception.
* DestroyJNG(): This internal function is now declared static and is
  removed from shared library or DLL namespace.

4 files changed, 11 insertions, 14 deletions

diff --git a/graphics/GraphicsMagick/Makefile b/graphics/GraphicsMagick/Makefile
index ff1385c41da..4362fd13b33 100644
--- a/graphics/GraphicsMagick/Makefile
+++ b/graphics/GraphicsMagick/Makefile
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.82 2017/11/23 17:19:42 wiz Exp $
+# $NetBSD: Makefile,v 1.83 2017/12/19 08:09:29 adam Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
@@ -17,7 +16,7 @@ USE_FEATURES=		vsnprintf	# optional but recommended for security
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--enable-shared
 CONFIGURE_ARGS+=	--with-modules=yes
-CONFIGURE_ARGS+=	--with-gs-font-dir=${LOCALBASE}/share/fonts/urw
+CONFIGURE_ARGS+=	--with-gs-font-dir=${PREFIX}/share/fonts/urw
 CONFIGURE_ARGS+=	--with-ltdl-include=${BUILDLINK_PREFIX.libltdl}/include
 CONFIGURE_ARGS+=	--with-ltdl-lib=${BUILDLINK_PREFIX.libltdl}/lib
 CONFIGURE_ARGS+=	--without-perl
diff --git a/graphics/GraphicsMagick/Makefile.common b/graphics/GraphicsMagick/Makefile.common
index febd995ef0a..c2da1355a4d 100755
--- a/graphics/GraphicsMagick/Makefile.common
+++ b/graphics/GraphicsMagick/Makefile.common
@@ -1,16 +1,15 @@
-# $NetBSD: Makefile.common,v 1.17 2017/07/09 20:02:28 adam Exp $
+# $NetBSD: Makefile.common,v 1.18 2017/12/19 08:09:29 adam Exp $
 # used by graphics/GraphicsMagick/Makefile
 # used by graphics/p5-GraphicsMagick/Makefile
 
 GM_MAJOR_VER=	1.3
-GM_MINOR_VER=	26
+GM_MINOR_VER=	27
 DISTVERSION=	${GM_MAJOR_VER}.${GM_MINOR_VER}
-DISTNAME=	GraphicsMagick-${DISTVERSION}
+DISTNAME=	GraphicsMagick-${DISTVERSION}a
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=graphicsmagick/}
 MASTER_SITES+=	ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/${GM_MAJOR_VER}/
 EXTRACT_SUFX=	.tar.xz
 
 DISTINFO_FILE=	${.CURDIR}/../../graphics/GraphicsMagick/distinfo
-#FILESDIR=	${.CURDIR}/../../graphics/GraphicsMagick/files
 PATCHDIR=	${.CURDIR}/../../graphics/GraphicsMagick/patches
diff --git a/graphics/GraphicsMagick/distinfo b/graphics/GraphicsMagick/distinfo
index 09d02c03a1e..562547663f3 100644
--- a/graphics/GraphicsMagick/distinfo
+++ b/graphics/GraphicsMagick/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.43 2017/07/09 20:02:28 adam Exp $
+$NetBSD: distinfo,v 1.44 2017/12/19 08:09:29 adam Exp $
 
-SHA1 (GraphicsMagick-1.3.26.tar.xz) = 2cc885d1b157996aa14c98e34f7aa17815d00c41
-RMD160 (GraphicsMagick-1.3.26.tar.xz) = 3dd490364c3e4498c308c38b26a0fe41cf4e81f2
-SHA512 (GraphicsMagick-1.3.26.tar.xz) = b33ca0f1c858428693aee27a9089acff9e63d1110f85fa036894cfefe6274e7b2422758ea39852f94fdb4823c9c3f3c44b0d8906627503301f5928096f739f22
-Size (GraphicsMagick-1.3.26.tar.xz) = 5400564 bytes
+SHA1 (GraphicsMagick-1.3.27a.tar.xz) = 14f3ff175e79d67c2d557f60885fec9781e83a38
+RMD160 (GraphicsMagick-1.3.27a.tar.xz) = 3a83017ede8972ce3d158cdab49e02f1dcda4eae
+SHA512 (GraphicsMagick-1.3.27a.tar.xz) = 3e53ce74e76c10d62e51e5570073dd01e7cbf5f6fe636cf42d0f510891021765c76665f90e83007aaec97725c7427b094374f69358724b3361d55d3e2bc5785e
+Size (GraphicsMagick-1.3.27a.tar.xz) = 5414508 bytes
 SHA1 (patch-config_delegates.mgk.in) = c7a38daeeccd12e19480d1222e400899da1d4153
diff --git a/graphics/p5-GraphicsMagick/Makefile b/graphics/p5-GraphicsMagick/Makefile
index 20749fafbb7..af5673b0130 100644
--- a/graphics/p5-GraphicsMagick/Makefile
+++ b/graphics/p5-GraphicsMagick/Makefile
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.32 2017/11/23 17:19:57 wiz Exp $
+# $NetBSD: Makefile,v 1.33 2017/12/19 08:09:29 adam Exp $
 
-PKGREVISION= 1
 .include "../../graphics/GraphicsMagick/Makefile.common"
 
 PKGNAME=	p5-GraphicsMagick-${DISTVERSION}