chunky_png 1.2.5 → 1.2.6

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,10 +1,11 @@
1
+ language: ruby
1
2
  rvm:
2
- - 1.8.6
3
3
  - 1.8.7
4
- - 1.9.1
5
4
  - 1.9.2
6
5
  - ruby-head
7
6
  - ree
8
- - rbx
9
- - rbx-2.0
10
- - jruby
7
+ - rbx-18mode
8
+ - rbx-19mode
9
+ - jruby-18mode
10
+ - jruby-19mode
11
+
@@ -57,6 +57,17 @@ provides a massive speed boost to encoding and decoding.
57
57
  For more information, see the project wiki on http://github.com/wvanbergen/chunky_png/wiki
58
58
  or the RDOC documentation on http://rdoc.info/gems/chunky_png/frames
59
59
 
60
+ == Security warning
61
+
62
+ ChunkyPNG is vulnerable to decompression bombs, which means that ChunkyPNG is vulnerable to
63
+ DOS attacks by running out of memory when loading a specifically crafted PNG file. Because
64
+ of the pure-Ruby nature of the library it is very hard to fix this problem in the library
65
+ itself.
66
+
67
+ In order to safely deal with untrusted images, you should make sure to do the image
68
+ processing using ChunkyPNG in a separate process, e.g. by using fork or a background
69
+ processing library.
70
+
60
71
  == About
61
72
 
62
73
  The library is written by Willem van Bergen for Floorplanner.com, and released
@@ -3,8 +3,8 @@ Gem::Specification.new do |s|
3
3
 
4
4
  # Do not change the version and date fields by hand. This will be done
5
5
  # automatically by the gem release script.
6
- s.version = "1.2.5"
7
- s.date = "2011-09-23"
6
+ s.version = "1.2.6"
7
+ s.date = "2012-08-07"
8
8
 
9
9
  s.summary = "Pure ruby library for read/write, chunk-level access to PNG files"
10
10
  s.description = <<-EOT
@@ -25,7 +25,7 @@ module ChunkyPNG
25
25
 
26
26
  # The current version of ChunkyPNG. This value will be updated
27
27
  # automatically by them <tt>gem:release</tt> rake task.
28
- VERSION = "1.2.5"
28
+ VERSION = "1.2.6"
29
29
 
30
30
  ###################################################
31
31
  # PNG international standard defined constants
@@ -10,7 +10,7 @@ module ChunkyPNG
10
10
  # @raise ChunkyPNG::SignatureMismatch if the provides string is not a properly
11
11
  # formatted PNG data URL (i.e. it should start with "data:image/png;base64,")
12
12
  def from_data_url(string)
13
- if string =~ %r[^data:image/png;base64,((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))$]
13
+ if string =~ %r[^data:image/png;base64,((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)$]
14
14
  from_blob($1.unpack('m').first)
15
15
  else
16
16
  raise SignatureMismatch, "The string was not a properly formatted data URL for a PNG image."
@@ -385,7 +385,7 @@ module ChunkyPNG
385
385
  else nil
386
386
  end
387
387
 
388
- raise ChunkyPNG::NotSupported, "No decoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(decoder_method)
388
+ raise ChunkyPNG::NotSupported, "No decoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(decoder_method, true)
389
389
  decoder_method
390
390
  end
391
391
 
@@ -367,7 +367,7 @@ module ChunkyPNG
367
367
  else nil
368
368
  end
369
369
 
370
- raise ChunkyPNG::NotSupported, "No encoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(encoder_method)
370
+ raise ChunkyPNG::NotSupported, "No encoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(encoder_method, true)
371
371
  encoder_method
372
372
  end
373
373
 
@@ -1,4 +1,4 @@
1
- require 'rmagick'
1
+ require 'RMagick'
2
2
 
3
3
  module ChunkyPNG
4
4
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chunky_png
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.5
4
+ version: 1.2.6
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,12 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2011-09-23 00:00:00.000000000 -04:00
13
- default_executable:
12
+ date: 2012-08-07 00:00:00.000000000 Z
14
13
  dependencies:
15
14
  - !ruby/object:Gem::Dependency
16
15
  name: rake
17
- requirement: &2153017100 !ruby/object:Gem::Requirement
16
+ requirement: &70146123334240 !ruby/object:Gem::Requirement
18
17
  none: false
19
18
  requirements:
20
19
  - - ! '>='
@@ -22,10 +21,10 @@ dependencies:
22
21
  version: '0'
23
22
  type: :development
24
23
  prerelease: false
25
- version_requirements: *2153017100
24
+ version_requirements: *70146123334240
26
25
  - !ruby/object:Gem::Dependency
27
26
  name: rspec
28
- requirement: &2153016480 !ruby/object:Gem::Requirement
27
+ requirement: &70146123345040 !ruby/object:Gem::Requirement
29
28
  none: false
30
29
  requirements:
31
30
  - - ~>
@@ -33,7 +32,7 @@ dependencies:
33
32
  version: '2.2'
34
33
  type: :development
35
34
  prerelease: false
36
- version_requirements: *2153016480
35
+ version_requirements: *70146123345040
37
36
  description: ! " This pure Ruby library can read and write PNG images without depending
38
37
  on an external \n image library, like RMagick. It tries to be memory efficient
39
38
  and reasonably fast.\n \n It supports reading and writing all PNG variants
@@ -372,7 +371,6 @@ files:
372
371
  - spec/spec_helper.rb
373
372
  - tasks/benchmarks.rake
374
373
  - tasks/github-gem.rake
375
- has_rdoc: true
376
374
  homepage: http://wiki.github.com/wvanbergen/chunky_png
377
375
  licenses: []
378
376
  post_install_message:
@@ -399,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
399
397
  version: '0'
400
398
  requirements: []
401
399
  rubyforge_project:
402
- rubygems_version: 1.6.2
400
+ rubygems_version: 1.8.16
403
401
  signing_key:
404
402
  specification_version: 3
405
403
  summary: Pure ruby library for read/write, chunk-level access to PNG files