RubyGems - chunky_png - Versions diffs - 1.2.5 → 1.2.6 - Mend

chunky_png 1.2.5 → 1.2.6

Files changed (9) hide show

data/.travis.yml +6 -5
data/README.rdoc +11 -0
data/chunky_png.gemspec +2 -2
data/lib/chunky_png.rb +1 -1
data/lib/chunky_png/canvas/data_url_importing.rb +1 -1
data/lib/chunky_png/canvas/png_decoding.rb +1 -1
data/lib/chunky_png/canvas/png_encoding.rb +1 -1
data/lib/chunky_png/rmagick.rb +1 -1
metadata +7 -9

data/.travis.yml CHANGED

@@ -1,10 +1,11 @@
+language: ruby
 rvm:
-  - 1.8.6
   - 1.8.7
-  - 1.9.1
   - 1.9.2
   - ruby-head
   - ree
-  - rbx
-  - rbx-2.0
-  - jruby
+  - rbx-18mode
+  - rbx-19mode
+  - jruby-18mode
+  - jruby-19mode

data/README.rdoc CHANGED

@@ -57,6 +57,17 @@ provides a massive speed boost to encoding and decoding.
 For more information, see the project wiki on http://github.com/wvanbergen/chunky_png/wiki
 or the RDOC documentation on http://rdoc.info/gems/chunky_png/frames
+== Security warning
+ChunkyPNG is vulnerable to decompression bombs, which means that ChunkyPNG is vulnerable to
+DOS attacks by running out of memory when loading a specifically crafted PNG file. Because
+of the pure-Ruby nature of the library it is very hard to fix this problem in the library
+itself.
+In order to safely deal with untrusted images, you should make sure to do the image
+processing using ChunkyPNG in a separate process, e.g. by using fork or a background
+processing library.
 == About
 The library is written by Willem van Bergen for Floorplanner.com, and released

data/chunky_png.gemspec CHANGED

@@ -3,8 +3,8 @@ Gem::Specification.new do |s|
   # Do not change the version and date fields by hand. This will be done
   # automatically by the gem release script.
-  s.version = "1.2.5"
-  s.date    = "2011-09-23"
+  s.version = "1.2.6"
+  s.date    = "2012-08-07"
   s.summary     = "Pure ruby library for read/write, chunk-level access to PNG files"
   s.description = <<-EOT

data/lib/chunky_png.rb CHANGED

@@ -25,7 +25,7 @@ module ChunkyPNG
   # The current version of ChunkyPNG. This value will be updated
   # automatically by them <tt>gem:release</tt> rake task.
-  VERSION = "1.2.5"
+  VERSION = "1.2.6"
   ###################################################
   # PNG international standard defined constants

data/lib/chunky_png/canvas/data_url_importing.rb CHANGED

@@ -10,7 +10,7 @@ module ChunkyPNG
       # @raise ChunkyPNG::SignatureMismatch if the provides string is not a properly
       #    formatted PNG data URL (i.e. it should start with "data:image/png;base64,")
       def from_data_url(string)
-        if string =~ %r[^data:image/png;base64,((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))$]
+        if string =~ %r[^data:image/png;base64,((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)$]
           from_blob($1.unpack('m').first)
         else
           raise SignatureMismatch, "The string was not a properly formatted data URL for a PNG image."

data/lib/chunky_png/canvas/png_decoding.rb CHANGED

@@ -385,7 +385,7 @@ module ChunkyPNG
           else nil
         end
-        raise ChunkyPNG::NotSupported, "No decoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(decoder_method)
+        raise ChunkyPNG::NotSupported, "No decoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(decoder_method, true)
         decoder_method
       end

data/lib/chunky_png/canvas/png_encoding.rb CHANGED

@@ -367,7 +367,7 @@ module ChunkyPNG
           else nil
         end
-        raise ChunkyPNG::NotSupported, "No encoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(encoder_method)
+        raise ChunkyPNG::NotSupported, "No encoder found for color mode #{color_mode} and #{depth}-bit depth!" unless respond_to?(encoder_method, true)
         encoder_method
       end

data/lib/chunky_png/rmagick.rb CHANGED

@@ -1,4 +1,4 @@
-require 'rmagick'
+require 'RMagick'
 module ChunkyPNG

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chunky_png
 version: !ruby/object:Gem::Version
-  version: 1.2.5
+  version: 1.2.6
   prerelease:
 platform: ruby
 authors:
@@ -9,12 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-09-23 00:00:00.000000000 -04:00
-default_executable:
+date: 2012-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2153017100 !ruby/object:Gem::Requirement
+  requirement: &70146123334240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +21,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2153017100
+  version_requirements: *70146123334240
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2153016480 !ruby/object:Gem::Requirement
+  requirement: &70146123345040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -33,7 +32,7 @@ dependencies:
         version: '2.2'
   type: :development
   prerelease: false
-  version_requirements: *2153016480
+  version_requirements: *70146123345040
 description: ! "    This pure Ruby library can read and write PNG images without depending
   on an external \n    image library, like RMagick. It tries to be memory efficient
   and reasonably fast.\n    \n    It supports reading and writing all PNG variants
@@ -372,7 +371,6 @@ files:
 - spec/spec_helper.rb
 - tasks/benchmarks.rake
 - tasks/github-gem.rake
-has_rdoc: true
 homepage: http://wiki.github.com/wvanbergen/chunky_png
 licenses: []
 post_install_message:
@@ -399,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.6.2
+rubygems_version: 1.8.16
 signing_key:
 specification_version: 3
 summary: Pure ruby library for read/write, chunk-level access to PNG files