lovell
commented
8 years ago Just spotted v8.3.1 is out - I'll update this PR.
Closed lovell closed 8 years ago
lovell
commented
8 years ago Just spotted v8.3.1 is out - I'll update this PR.
lovell
commented
8 years ago Updated to v8.3.1 and tested working - see https://ci.appveyor.com/project/lovell/sharp/build/436/job/n1ckswt82w1t5jjs
jcupitt
commented
8 years ago Great! Thanks Lovell.
jcupitt
commented
8 years ago Oh hmm, not working in mingw. There's a missing intsafe.h:
In file included from ./magick/thread-private.h:23:0,
from ./magick/cache-private.h:25,
from magick/accelerate.c:47:
./magick/thread_.h:26:21: fatal error: intsafe.h: No such file or directory
#include <intsafe.h>
^
compilation terminated.I'll investigate.
jcupitt
commented
8 years ago Looks like intsafe.h is now a core part of IM's Windows threading system, but the mingw on 16.04 at least does not yet have a working intsafe implementation. It seems one might be coming very soon, but it's not here yet.
http://mingw-w64-public.narkive.com/d0Vi1Wtc/patch-complete-implementation-of-intsafe-h#post19
I think we need to revert to IM 6.8.9-10 for now and add a note somewhere that anyone concerned about security should not be using vips + IM.
lovell
commented
8 years ago Oh, I missed that, sorry. I'll try to update the Travis CI config so this kind of thing can be detected sooner.
The ready-built Windows "web" binary for v8.3.1 is available at https://github.com/lovell/build-win64/releases/tag/v8.3.1
I've recently added some security considerations to the sharp docs that might be relevant here.
jcupitt
commented
8 years ago I like your security note, @lovell, I'll add something to the vips docs as well.
libpng CVE-2015-8126 ImageMagick CVE-2016-3714
Also removes the radiance, ppm and analyze loaders from the -web group.
Successfully tested with sharp on Windows, e.g. https://ci.appveyor.com/project/lovell/sharp/build/435/job/l4xsuy8anhfvi4rt