On Mon, 25 Jul 2016, László Böszörményi (GCS) wrote:
On Sun, Jul 24, 2016 at 3:16 PM, Paul Gevers <elb...@debian.org> wrote:
On Sun, 3 Jul 2016 13:39:40 -0500 (CDT) Bob Friesenhahn
<bfrie...@simple.dallas.tx.us> wrote:
While the SVG rendering properties are not improved, this error is
fixed by GraphicsMagick Mercurial changeset 14869:ae78bb613993.
Are the graphicsmagick maintainers considering to upload the fix to Debian?
As I read, Bob found two other SVG related problems[1]:
"I found two problems. One was related to the pixel limits checks and
the other was related to an arbitrary limit I added to try to limit
DoS opportunities."
There is an unfortunate issue in that the many SVG-based icons
delivered under /usr/share are almost all authored using inkscape and
apparently inkscape makes no consideration for the size of the
gradient images that it requests. For example, I have observed a
gradient image request of 20,000x20,000 pixels for a SVG which renders
to 8x8 pixels. GraphicsMagick actually produces a gradient image
based on requests (in advance) rather than storing values for later
use in an equation. It is possible that some gradients which were
requested were not subsequenty used.
The fact that gradients consume real resources is a flaw in
GraphicsMagick, but inkscape's propensity to produce unreasonably huge
gradient requests is not helping.
Allowing gradient requests of 5000x5000 pixels (outrageous!) is
sufficent to render most of the icon SVGs delivered via /usr/share.
Please let us know either way, so we can judge if we need to work around
this issue that is causing our FTBFS.
If this is the only SVG problem and fix, I can backport it and do an
upload. However I recall an other email from Bob who said (wrote) that
GraphicsMagick 1.3.25 is expected soon with several important fixes.
Waiting on feedback.
It is true that I do not plan to do much more work on GraphicsMagick
before making another release. I only expect to make changes related
to security issues.
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
