chunky_png 1.2.5 → 1.2.6
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +6 -5
- data/README.rdoc +11 -0
- data/chunky_png.gemspec +2 -2
- data/lib/chunky_png.rb +1 -1
- data/lib/chunky_png/canvas/data_url_importing.rb +1 -1
- data/lib/chunky_png/canvas/png_decoding.rb +1 -1
- data/lib/chunky_png/canvas/png_encoding.rb +1 -1
- data/lib/chunky_png/rmagick.rb +1 -1
- metadata +7 -9
data/.travis.yml
CHANGED
data/README.rdoc
CHANGED
@@ -57,6 +57,17 @@ provides a massive speed boost to encoding and decoding.
|
|
57
57
|
For more information, see the project wiki on http://github.com/wvanbergen/chunky_png/wiki
|
58
58
|
or the RDOC documentation on http://rdoc.info/gems/chunky_png/frames
|
59
59
|
|
60
|
+
== Security warning
|
61
|
+
|
62
|
+
ChunkyPNG is vulnerable to decompression bombs, which means that ChunkyPNG is vulnerable to
|
63
|
+
DOS attacks by running out of memory when loading a specifically crafted PNG file. Because
|
64
|
+
of the pure-Ruby nature of the library it is very hard to fix this problem in the library
|
65
|
+
itself.
|
66
|
+
|
67
|
+
In order to safely deal with untrusted images, you should make sure to do the image
|
68
|
+
processing using ChunkyPNG in a separate process, e.g. by using fork or a background
|
69
|
+
processing library.
|
70
|
+
|
60
71
|
== About
|
61
72
|
|
62
73
|
The library is written by Willem van Bergen for Floorplanner.com, and released
|
data/chunky_png.gemspec
CHANGED
@@ -3,8 +3,8 @@ Gem::Specification.new do |s|
|
|
3
3
|
|
4
4
|
# Do not change the version and date fields by hand. This will be done
|
5
5
|
# automatically by the gem release script.
|
6
|
-
s.version = "1.2.
|
7
|
-
s.date = "
|
6
|
+
s.version = "1.2.6"
|
7
|
+
s.date = "2012-08-07"
|
8
8
|
|
9
9
|
s.summary = "Pure ruby library for read/write, chunk-level access to PNG files"
|
10
10
|
s.description = <<-EOT
|
data/lib/chunky_png.rb
CHANGED
@@ -25,7 +25,7 @@ module ChunkyPNG
|
|
25
25
|
|
26
26
|
# The current version of ChunkyPNG. This value will be updated
|
27
27
|
# automatically by them <tt>gem:release</tt> rake task.
|
28
|
-
VERSION = "1.2.
|
28
|
+
VERSION = "1.2.6"
|
29
29
|
|
30
30
|
###################################################
|
31
31
|
# PNG international standard defined constants
|
@@ -10,7 +10,7 @@ module ChunkyPNG
|
|
10
10
|
# @raise ChunkyPNG::SignatureMismatch if the provides string is not a properly
|
11
11
|
# formatted PNG data URL (i.e. it should start with "data:image/png;base64,")
|
12
12
|
def from_data_url(string)
|
13
|
-
if string =~ %r[^data:image/png;base64,((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))$]
|
13
|
+
if string =~ %r[^data:image/png;base64,((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)$]
|
14
14
|
from_blob($1.unpack('m').first)
|
15
15
|
else
|
16
16
|
raise SignatureMismatch, "The string was not a properly formatted data URL for a PNG image."
|
@@ -385,7 +385,7 @@ module ChunkyPNG
|
|
385
385
|
else nil
|
386
386
|
end
|
387
387
|
|
388
|
-
raise ChunkyPNG::NotSupported, "No decoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(decoder_method)
|
388
|
+
raise ChunkyPNG::NotSupported, "No decoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(decoder_method, true)
|
389
389
|
decoder_method
|
390
390
|
end
|
391
391
|
|
@@ -367,7 +367,7 @@ module ChunkyPNG
|
|
367
367
|
else nil
|
368
368
|
end
|
369
369
|
|
370
|
-
raise ChunkyPNG::NotSupported, "No encoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(encoder_method)
|
370
|
+
raise ChunkyPNG::NotSupported, "No encoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(encoder_method, true)
|
371
371
|
encoder_method
|
372
372
|
end
|
373
373
|
|
data/lib/chunky_png/rmagick.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chunky_png
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.6
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,12 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
13
|
-
default_executable:
|
12
|
+
date: 2012-08-07 00:00:00.000000000 Z
|
14
13
|
dependencies:
|
15
14
|
- !ruby/object:Gem::Dependency
|
16
15
|
name: rake
|
17
|
-
requirement: &
|
16
|
+
requirement: &70146123334240 !ruby/object:Gem::Requirement
|
18
17
|
none: false
|
19
18
|
requirements:
|
20
19
|
- - ! '>='
|
@@ -22,10 +21,10 @@ dependencies:
|
|
22
21
|
version: '0'
|
23
22
|
type: :development
|
24
23
|
prerelease: false
|
25
|
-
version_requirements: *
|
24
|
+
version_requirements: *70146123334240
|
26
25
|
- !ruby/object:Gem::Dependency
|
27
26
|
name: rspec
|
28
|
-
requirement: &
|
27
|
+
requirement: &70146123345040 !ruby/object:Gem::Requirement
|
29
28
|
none: false
|
30
29
|
requirements:
|
31
30
|
- - ~>
|
@@ -33,7 +32,7 @@ dependencies:
|
|
33
32
|
version: '2.2'
|
34
33
|
type: :development
|
35
34
|
prerelease: false
|
36
|
-
version_requirements: *
|
35
|
+
version_requirements: *70146123345040
|
37
36
|
description: ! " This pure Ruby library can read and write PNG images without depending
|
38
37
|
on an external \n image library, like RMagick. It tries to be memory efficient
|
39
38
|
and reasonably fast.\n \n It supports reading and writing all PNG variants
|
@@ -372,7 +371,6 @@ files:
|
|
372
371
|
- spec/spec_helper.rb
|
373
372
|
- tasks/benchmarks.rake
|
374
373
|
- tasks/github-gem.rake
|
375
|
-
has_rdoc: true
|
376
374
|
homepage: http://wiki.github.com/wvanbergen/chunky_png
|
377
375
|
licenses: []
|
378
376
|
post_install_message:
|
@@ -399,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
399
397
|
version: '0'
|
400
398
|
requirements: []
|
401
399
|
rubyforge_project:
|
402
|
-
rubygems_version: 1.
|
400
|
+
rubygems_version: 1.8.16
|
403
401
|
signing_key:
|
404
402
|
specification_version: 3
|
405
403
|
summary: Pure ruby library for read/write, chunk-level access to PNG files
|