- version update to 1.3.36
Security Fixes:
* fix issues found by oss-fuzz project
* WPG: Fixes for heap buffer overflow.
Bug fixes:
* ConstituteImage(): Set image depth appropriately based on the
storage size specified by StorageType and QuantumDepth.
* GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme
fuzz values could produce an image with negative width.
* ImageToFile(): Improve error handling to avoid possible deferred
deletion of temporary files, causing unexpected excessive use of
temporary file space.
* JNG: Add validations for alpha compression method values and use
this information to enforce decoding using the appropriate
sub-format (rather than auto-detecting the format). Also, address
memory leaks which may occur if the sub-decoder does something other
than was expected.
* MagickCondSignal(): Improvements to conditional signal handler
registration (which avoids over-riding signal handlers previously
registered by an API user).
* ModifyCache(): Fix memory leak.
* ReadCacheIndexes(): Don't blunder into accessing a null pointer if
the using code has ignored a previous error report bubled-up from
SetNexus().
* MNG: When doing image scaling and the image width or height is 1
then always use simple pixel replication as per the MNG
specification.
* MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing
to eliminate a class of malign behavior.
* MVG: Place an aribrary limit on stroke dash polygon unit maximum
OBS-URL: https://build.opensuse.org/request/show/859039
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=79
- version update to 1.3.36
Security Fixes:
* fix issues found by oss-fuzz project
* WPG: Fixes for heap buffer overflow.
Bug fixes:
* ConstituteImage(): Set image depth appropriately based on the
storage size specified by StorageType and QuantumDepth.
* GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme
fuzz values could produce an image with negative width.
* ImageToFile(): Improve error handling to avoid possible deferred
deletion of temporary files, causing unexpected excessive use of
temporary file space.
* JNG: Add validations for alpha compression method values and use
this information to enforce decoding using the appropriate
sub-format (rather than auto-detecting the format). Also, address
memory leaks which may occur if the sub-decoder does something other
than was expected.
* MagickCondSignal(): Improvements to conditional signal handler
registration (which avoids over-riding signal handlers previously
registered by an API user).
* ModifyCache(): Fix memory leak.
* ReadCacheIndexes(): Don't blunder into accessing a null pointer if
the using code has ignored a previous error report bubled-up from
SetNexus().
* MNG: When doing image scaling and the image width or height is 1
then always use simple pixel replication as per the MNG
specification.
* MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing
to eliminate a class of malign behavior.
* MVG: Place an aribrary limit on stroke dash polygon unit maximum
OBS-URL: https://build.opensuse.org/request/show/859039
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=79
Security Fixes:
* fix issues found by oss-fuzz project
* WPG: Fixes for heap buffer overflow.
Bug fixes:
* ConstituteImage(): Set image depth appropriately based on the
storage size specified by StorageType and QuantumDepth.
* GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme
fuzz values could produce an image with negative width.
* ImageToFile(): Improve error handling to avoid possible deferred
deletion of temporary files, causing unexpected excessive use of
temporary file space.
* JNG: Add validations for alpha compression method values and use
this information to enforce decoding using the appropriate
sub-format (rather than auto-detecting the format). Also, address
memory leaks which may occur if the sub-decoder does something other
than was expected.
* MagickCondSignal(): Improvements to conditional signal handler
registration (which avoids over-riding signal handlers previously
registered by an API user).
* ModifyCache(): Fix memory leak.
* ReadCacheIndexes(): Don't blunder into accessing a null pointer if
the using code has ignored a previous error report bubled-up from
SetNexus().
* MNG: When doing image scaling and the image width or height is 1
then always use simple pixel replication as per the MNG
specification.
* MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing
to eliminate a class of malign behavior.
* MVG: Place an aribrary limit on stroke dash polygon unit maximum
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=125
- version update to 1.3.35
Special Issues:
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize the 'ICU' library is
often longer than the time that GraphicsMagick would otherwise
require to read the input file, process the image, and write the
output file. If the 'ICU' dependency can not be avoided, then make
sure to use the modules build so there is only impact for file
formats which require libxml2. Please lobby the 'ICU' library
developers to change their implementation to avoid long start-up
times due to merely linking with the library.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 398 issues have been opened by oss-fuzz (some of which were
benign build issues) and 11 issues remain open.
The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
Bug fixes:
* Fix broken definition of ResourceInfinity which resulted in that
GetMagickResource() would return -1 rather than the maximum range
OBS-URL: https://build.opensuse.org/request/show/788080
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=76
- version update to 1.3.35
Special Issues:
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize the 'ICU' library is
often longer than the time that GraphicsMagick would otherwise
require to read the input file, process the image, and write the
output file. If the 'ICU' dependency can not be avoided, then make
sure to use the modules build so there is only impact for file
formats which require libxml2. Please lobby the 'ICU' library
developers to change their implementation to avoid long start-up
times due to merely linking with the library.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 398 issues have been opened by oss-fuzz (some of which were
benign build issues) and 11 issues remain open.
The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
Bug fixes:
* Fix broken definition of ResourceInfinity which resulted in that
GetMagickResource() would return -1 rather than the maximum range
OBS-URL: https://build.opensuse.org/request/show/788080
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=76
Special Issues:
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize the 'ICU' library is
often longer than the time that GraphicsMagick would otherwise
require to read the input file, process the image, and write the
output file. If the 'ICU' dependency can not be avoided, then make
sure to use the modules build so there is only impact for file
formats which require libxml2. Please lobby the 'ICU' library
developers to change their implementation to avoid long start-up
times due to merely linking with the library.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 398 issues have been opened by oss-fuzz (some of which were
benign build issues) and 11 issues remain open.
The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
Bug fixes:
* Fix broken definition of ResourceInfinity which resulted in that
GetMagickResource() would return -1 rather than the maximum range
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=119
- Relinquish resources used by OpenMP on all devices (GCC >= 9)
+ GraphicsMagick-wait-for-threads-close.patch
- Set configure options to what is actually build
- version update to 1.3.34
* DPS: Eliminate a memory leak.
* Debug Trace: Only output text to terminate an XML format log file
if XML format is active.
* EXIF Parser: Detect non-terminal parsing and report an error.
* EXIF Parser: Eliminate heap buffer overflows.
* HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.
* MAT: Implement subimage/subrange support.
* MVG: Address non-terminal loops, excessive run-time, thrown
assertions, divide-by-zero, heap overflow, and memory leaks.
* OpenModule(): Now properly case-insensitive, as it used to be.
* PCX: Verify that pixel region is not negative. Assure that opacity
channel is initialized to opaqueOpacity. Update DirectClass
representation while PseudoClass representation is updated.
Improve read performance with uncompressed PCX.
* PICT: Fix heap overflow in PICT writer.
* PNG: Fix validation of raw profile length.
* PNG: Skip coalescing layers if there is only one layer.
* PNM: Fix denial of service opportunity by limiting the length of
PNM comment text.
* WPG: Avoid Avoid dereferencing a null pointer.
* WPG: Implement subimage/subrange support.
* WPG: Improve performance when reading an embedded image.
* Wand library: In MagickClearException(), destroy any existing
exception info before re-initializing the exception info or else
there will be a memory leak.
* XPM: Rquire that image properties appear in the first 512 bytes
of the XPM file header.
* Compliles clean using GCC 9.
* Python scripts related to the build (enabled by --enable-maintainer-mode)
are now compatible with Python 3.
* Now supports using Google gperftools tcmalloc library for the memory
allocator. This improves performance for certain repetitive work-loads
and heavily-threaded algorithms.
* Configure now reports the status of zstd (FaceBook Zstandard)
compression in its configuration summary.
* TclMagick: Address many issues mentioned by SourceForge issue #420
"TclMagick issues and patch".
* PNG: Post-processing to convert the image type in the PNG reader based
on a specified magick prefix string is now disabled. This can (and
should) be done after the image has been returned.
* Trace Logging: The compiled-in logging default is always to stderr,
which may be over-ridden using log.mgk as soon as it is loaded.
OBS-URL: https://build.opensuse.org/request/show/760078
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=113
- version update to 1.3.33
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize is often longer than the
time to read the input file, process the image, and write the output
file. If the 'ICU' dependency can not be avoided, then make sure to
use the modules build. Please lobby the 'ICU' library developers to
change their implementation to avoid long start-up times due to
merely linking with the library.
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 353 issues have been opened by oss-fuzz and 338 of those
issues have been resolved. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
* Documentation has been added regarding security hazards due to
commands which support a '@filename' syntax.
* MontageImages(): Fix wrong length argument to strlcat() when
building montage directory, which could allow heap overwrite.
* PNG: Pass correct size value to strlcat() in module registration
code. This bug is noticed to cause problems for Apple's OS X and
Linux Alpine with musl libc. This fixes a regression introduced by
the 1.3.32 release.
OBS-URL: https://build.opensuse.org/request/show/736253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=73
- version update to 1.3.33
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize is often longer than the
time to read the input file, process the image, and write the output
file. If the 'ICU' dependency can not be avoided, then make sure to
use the modules build. Please lobby the 'ICU' library developers to
change their implementation to avoid long start-up times due to
merely linking with the library.
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 353 issues have been opened by oss-fuzz and 338 of those
issues have been resolved. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
* Documentation has been added regarding security hazards due to
commands which support a '@filename' syntax.
* MontageImages(): Fix wrong length argument to strlcat() when
building montage directory, which could allow heap overwrite.
* PNG: Pass correct size value to strlcat() in module registration
code. This bug is noticed to cause problems for Apple's OS X and
Linux Alpine with musl libc. This fixes a regression introduced by
the 1.3.32 release.
OBS-URL: https://build.opensuse.org/request/show/736253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=73
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize is often longer than the
time to read the input file, process the image, and write the output
file. If the 'ICU' dependency can not be avoided, then make sure to
use the modules build. Please lobby the 'ICU' library developers to
change their implementation to avoid long start-up times due to
merely linking with the library.
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 353 issues have been opened by oss-fuzz and 338 of those
issues have been resolved. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
* Documentation has been added regarding security hazards due to
commands which support a '@filename' syntax.
* MontageImages(): Fix wrong length argument to strlcat() when
building montage directory, which could allow heap overwrite.
* PNG: Pass correct size value to strlcat() in module registration
code. This bug is noticed to cause problems for Apple's OS X and
Linux Alpine with musl libc. This fixes a regression introduced by
the 1.3.32 release.
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=109
- version update to 1.3.32
New Features:
* Added support for writing the Braille image format (by Samuel
Thibault).
* WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use
sharp (and slow) RGB->YUV conversion") via `-define
webp:use-sharp-yuv=true`.
* The version command output now reports the OpenMP specification
number rather than just the integer version identifier.
API Updates:
* ReallocateImageColormap() added to re-allocate an existing colormap.
* Some improperly-exposed globals are now static as they should have
been.
* The 'benchmark' command now shows 6 digits (microseconds) of elapsed
time indication.
* The 'time' command now shows 6 digits (microseconds) of elapsed time
indication.
* The logging facility now shows 6 digits (microseconds) of time
resolulution
* Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw
so that it returns a 16-bit/sample image.
* Dcraw: If Dcraw supports TIFF format, then request TIFF format in
order to be able to acquire more metatdata.
* Scale algorithm: Eliminate artifacts when scaling an image with
semi-transparent pixels.
* Library metrics: The number of shared library relocations and the
amount of initialized data has been signficantly reduced by
following recommendations from Ulrich Drepper's document `How To
Write Shared Libraries <https://akkadia.org/drepper/dsohowto.pdf>`_.
(Security) Bug Fixes:
OBS-URL: https://build.opensuse.org/request/show/710587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=70
- version update to 1.3.32
New Features:
* Added support for writing the Braille image format (by Samuel
Thibault).
* WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use
sharp (and slow) RGB->YUV conversion") via `-define
webp:use-sharp-yuv=true`.
* The version command output now reports the OpenMP specification
number rather than just the integer version identifier.
API Updates:
* ReallocateImageColormap() added to re-allocate an existing colormap.
* Some improperly-exposed globals are now static as they should have
been.
* The 'benchmark' command now shows 6 digits (microseconds) of elapsed
time indication.
* The 'time' command now shows 6 digits (microseconds) of elapsed time
indication.
* The logging facility now shows 6 digits (microseconds) of time
resolulution
* Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw
so that it returns a 16-bit/sample image.
* Dcraw: If Dcraw supports TIFF format, then request TIFF format in
order to be able to acquire more metatdata.
* Scale algorithm: Eliminate artifacts when scaling an image with
semi-transparent pixels.
* Library metrics: The number of shared library relocations and the
amount of initialized data has been signficantly reduced by
following recommendations from Ulrich Drepper's document `How To
Write Shared Libraries <https://akkadia.org/drepper/dsohowto.pdf>`_.
(Security) Bug Fixes:
OBS-URL: https://build.opensuse.org/request/show/710587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=70
New Features:
* Added support for writing the Braille image format (by Samuel
Thibault).
* WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use
sharp (and slow) RGB->YUV conversion") via `-define
webp:use-sharp-yuv=true`.
* The version command output now reports the OpenMP specification
number rather than just the integer version identifier.
API Updates:
* ReallocateImageColormap() added to re-allocate an existing colormap.
* Some improperly-exposed globals are now static as they should have
been.
* The 'benchmark' command now shows 6 digits (microseconds) of elapsed
time indication.
* The 'time' command now shows 6 digits (microseconds) of elapsed time
indication.
* The logging facility now shows 6 digits (microseconds) of time
resolulution
* Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw
so that it returns a 16-bit/sample image.
* Dcraw: If Dcraw supports TIFF format, then request TIFF format in
order to be able to acquire more metatdata.
* Scale algorithm: Eliminate artifacts when scaling an image with
semi-transparent pixels.
* Library metrics: The number of shared library relocations and the
amount of initialized data has been signficantly reduced by
following recommendations from Ulrich Drepper's document `How To
Write Shared Libraries <https://akkadia.org/drepper/dsohowto.pdf>`_.
(Security) Bug Fixes:
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=102
- update to 1.3.31:
Special Issues:
* Firmware and operating system updates to address the Spectre
vulnerability (and possibly to some extent the Meltdown
vulnerability) have substantially penalized GraphicsMagick's OpenMP
performance. Performance is reduced even with GCC 7 and 8's
improved optimizers. There does not appear to be anything we can do
about this.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor.
Bug fixes:
* See above note about oss-fuzz fixes.
* CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge
issue 571.
* Drawing recursion is limited to 100 and may be tuned via the
MAX_DRAWIMAGE_RECURSION pre-processor definition.
* Fix reading MIFF files using legacy keyword 'color-profile' for ICC
color profile as was used by ImageMagick 4.2.9.
* Fix reading/writing files when 'magick' is specified in lower case.
This bug was a regression in 1.3.30.
New Features:
* TIFF: Support Zstd compression in TIFF. This requires libtiff
4.0.10 or later.
* TIFF: Support WebP compression in TIFF. This requires libtiff
4.0.10 or later.
API Updates:
OBS-URL: https://build.opensuse.org/request/show/659963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=68
- update to 1.3.31:
Special Issues:
* Firmware and operating system updates to address the Spectre
vulnerability (and possibly to some extent the Meltdown
vulnerability) have substantially penalized GraphicsMagick's OpenMP
performance. Performance is reduced even with GCC 7 and 8's
improved optimizers. There does not appear to be anything we can do
about this.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor.
Bug fixes:
* See above note about oss-fuzz fixes.
* CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge
issue 571.
* Drawing recursion is limited to 100 and may be tuned via the
MAX_DRAWIMAGE_RECURSION pre-processor definition.
* Fix reading MIFF files using legacy keyword 'color-profile' for ICC
color profile as was used by ImageMagick 4.2.9.
* Fix reading/writing files when 'magick' is specified in lower case.
This bug was a regression in 1.3.30.
New Features:
* TIFF: Support Zstd compression in TIFF. This requires libtiff
4.0.10 or later.
* TIFF: Support WebP compression in TIFF. This requires libtiff
4.0.10 or later.
API Updates:
OBS-URL: https://build.opensuse.org/request/show/659963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/GraphicsMagick?expand=0&rev=68
Special Issues:
* Firmware and operating system updates to address the Spectre
vulnerability (and possibly to some extent the Meltdown
vulnerability) have substantially penalized GraphicsMagick's OpenMP
performance. Performance is reduced even with GCC 7 and 8's
improved optimizers. There does not appear to be anything we can do
about this.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor.
Bug fixes:
* See above note about oss-fuzz fixes.
* CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge
issue 571.
* Drawing recursion is limited to 100 and may be tuned via the
MAX_DRAWIMAGE_RECURSION pre-processor definition.
* Fix reading MIFF files using legacy keyword 'color-profile' for ICC
color profile as was used by ImageMagick 4.2.9.
* Fix reading/writing files when 'magick' is specified in lower case.
This bug was a regression in 1.3.30.
New Features:
* TIFF: Support Zstd compression in TIFF. This requires libtiff
4.0.10 or later.
* TIFF: Support WebP compression in TIFF. This requires libtiff
4.0.10 or later.
API Updates:
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=97
