package/graphicsmagick: security bump to version 1.3.40

Fixes the following security issues:

1.3.39:
- oss-fuzz: Several security fixes originating from oss-fuzz testing.
- ALL: Replace strcpy() with strlcpy(), replace strcat() with strlcat(),
  replace sprintf() with snprintf().  Prefer using bounded string functions.
  This change is made for the purpose of increasing safety than to address
  any existing demonstrated concern.

1.3.40:
- DCX: Fixed heap overflow when writing more than 1023 scenes, and also
  eliminated use of uninitialized memory.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[Peter: mark as security fix, extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fd3ff0761c741723afc556f5eaf96e1941264eb4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/graphicsmagick/graphicsmagick.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  d60cd9db59351d2b9cb19beb443170acaa28f073d13d258f67b3627635e32675  GraphicsMagick-1.3.38.tar.xz
+sha256  97dc1a9d4e89c77b25a3b24505e7ff1653b88f9bfe31f189ce10804b8efa7746  GraphicsMagick-1.3.40.tar.xz
 sha256  0a20e661de942ebe115a354d0ec6d1d42b93856ea765f813f350a5ce5024cdb7  Copyright.txt

package/graphicsmagick/graphicsmagick.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GRAPHICSMAGICK_VERSION = 1.3.38
+GRAPHICSMAGICK_VERSION = 1.3.40
 GRAPHICSMAGICK_SOURCE = GraphicsMagick-$(GRAPHICSMAGICK_VERSION).tar.xz
 GRAPHICSMAGICK_SITE = https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/$(GRAPHICSMAGICK_VERSION)
 GRAPHICSMAGICK_LICENSE = MIT