bcc3eebd72
- version update to 1.3.41 Bug fixes: * Blob: Immediately reject attempts to write blobs to formats which can not support blobs. * TranslateTextEx(): An empty string argument should return an empty string rather than a NULL string. * SetImageAttribute(): Fix bounds issue when concatenating string. * JPEG: Do not set image resolution if the values provided are outside of the valid range. * Fixes for NaN when reading formats based on floating point. * HEIF: Fix reading images with rotation/transformation. * BMP: Do not decode primaries or gamma unless colorspace is LCS_CALIBRATED_RGB. Add/correct bmp_info.size "biSize" logic which decides if header chunks are present (or invalid). * MNG: Fixes for resizing using X_method 5. * GM command (convert, montage, mogrify): Many command-line parser fixes/checks for invalid command line syntax which causes unexpected behavior, or core dumps.
Petr Gajdos2023-08-24 12:38:27 +00:00
09179c41d5
- version update to 1.3.40 * GetMagickGeometry(): Fix a scaling issue where dimensions could be scaled down to zero. * PCD: Handle writing image with a dimension of 1. * PNG: When writing, use lower-case raw profile identifiers (e.g. 'Raw profile type xmp') because exiftool expects that. * SUN: The sense of monochrome images was inverted. Fix scanline size calculation. * WPG: Fix 20-year old bug in WPG header reading. New Features: * JXL: Decode and log extra channel information. This information is not yet used. * PCX and DCX: Support writing uncompressed format (use -compress none for no compression). * Added IM1, IM8, and IM24 magick aliases for the Sun Raster format since those are the historically correct extensions. API Updates: * AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed.
Petr Gajdos2023-02-07 13:13:08 +00:00
ae7a441e4e
- version update to 1.3.38 Special Issues: * The FTP site ftp.graphicsmagick.org is now shut down due to a lack of bandwith, extremely abusive users (including from Google and customers of Amazon Web Services), and a lack of support from the user community. Another factor is that FTP support has been removed from popular web browsers. This is very unfortunate since the site served multiple usages, including providing a lot of historical data (e.g. related to PNG) which may not be available elsewhere. * GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work. Security Fixes: * GraphicsMagick is participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, ??? issues have been opened by oss-fuzz and ?? issues remain open. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Bug fixes: * Documentation: Generator scripts in 'doc' directory now produce similar results using GNU sed and Solaris/Illumos sed and don't
Petr Gajdos2022-04-12 07:52:36 +00:00
a22cd6e689
- version update to 1.3.36 Security Fixes: * fix issues found by oss-fuzz project * WPG: Fixes for heap buffer overflow. Bug fixes: * ConstituteImage(): Set image depth appropriately based on the storage size specified by StorageType and QuantumDepth. * GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme fuzz values could produce an image with negative width. * ImageToFile(): Improve error handling to avoid possible deferred deletion of temporary files, causing unexpected excessive use of temporary file space. * JNG: Add validations for alpha compression method values and use this information to enforce decoding using the appropriate sub-format (rather than auto-detecting the format). Also, address memory leaks which may occur if the sub-decoder does something other than was expected. * MagickCondSignal(): Improvements to conditional signal handler registration (which avoids over-riding signal handlers previously registered by an API user). * ModifyCache(): Fix memory leak. * ReadCacheIndexes(): Don't blunder into accessing a null pointer if the using code has ignored a previous error report bubled-up from SetNexus(). * MNG: When doing image scaling and the image width or height is 1 then always use simple pixel replication as per the MNG specification. * MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing to eliminate a class of malign behavior. * MVG: Place an aribrary limit on stroke dash polygon unit maximum
Petr Gajdos2020-12-28 14:31:02 +00:00
5ff08c35ab
- version update to 1.3.35 Special Issues: * It has been discovered that the 'ICU' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize the 'ICU' library is often longer than the time that GraphicsMagick would otherwise require to read the input file, process the image, and write the output file. If the 'ICU' dependency can not be avoided, then make sure to use the modules build so there is only impact for file formats which require libxml2. Please lobby the 'ICU' library developers to change their implementation to avoid long start-up times due to merely linking with the library. Security Fixes: * GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 398 issues have been opened by oss-fuzz (some of which were benign build issues) and 11 issues remain open. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Bug fixes: * Fix broken definition of ResourceInfinity which resulted in that GetMagickResource() would return -1 rather than the maximum range
Petr Gajdos2020-03-25 08:20:41 +00:00
216f4ae7cd
- version update to 1.3.33 * It has been discovered that the 'ICU' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize is often longer than the time to read the input file, process the image, and write the output file. If the 'ICU' dependency can not be avoided, then make sure to use the modules build. Please lobby the 'ICU' library developers to change their implementation to avoid long start-up times due to merely linking with the library. * GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 353 issues have been opened by oss-fuzz and 338 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. * Documentation has been added regarding security hazards due to commands which support a '@filename' syntax. * MontageImages(): Fix wrong length argument to strlcat() when building montage directory, which could allow heap overwrite. * PNG: Pass correct size value to strlcat() in module registration code. This bug is noticed to cause problems for Apple's OS X and Linux Alpine with musl libc. This fixes a regression introduced by the 1.3.32 release.
Petr Gajdos2019-10-08 15:02:05 +00:00
b64401f250
- version update to 1.3.32 New Features: * Added support for writing the Braille image format (by Samuel Thibault). * WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use sharp (and slow) RGB->YUV conversion") via -define webp:use-sharp-yuv=true. * The version command output now reports the OpenMP specification number rather than just the integer version identifier. API Updates: * ReallocateImageColormap() added to re-allocate an existing colormap. * Some improperly-exposed globals are now static as they should have been. * The 'benchmark' command now shows 6 digits (microseconds) of elapsed time indication. * The 'time' command now shows 6 digits (microseconds) of elapsed time indication. * The logging facility now shows 6 digits (microseconds) of time resolulution * Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw so that it returns a 16-bit/sample image. * Dcraw: If Dcraw supports TIFF format, then request TIFF format in order to be able to acquire more metatdata. * Scale algorithm: Eliminate artifacts when scaling an image with semi-transparent pixels. * Library metrics: The number of shared library relocations and the amount of initialized data has been signficantly reduced by following recommendations from Ulrich Drepper's document How To Write Shared Libraries <https://akkadia.org/drepper/dsohowto.pdf>_. (Security) Bug Fixes:
Petr Gajdos2019-06-18 08:40:02 +00:00
46dcb92899
- update to 1.3.31: Special Issues: * Firmware and operating system updates to address the Spectre vulnerability (and possibly to some extent the Meltdown vulnerability) have substantially penalized GraphicsMagick's OpenMP performance. Performance is reduced even with GCC 7 and 8's improved optimizers. There does not appear to be anything we can do about this.
Petr Gajdos2018-12-19 10:13:32 +00:00
33e1952f9c
- update to 1.3.29: * Security Fixes: . GraphicsMagick is now participating in Google's oss-fuzz project . JNG: Require that the embedded JPEG image have the same dimensions as the JNG image as provided by JHDR. Avoids a heap write overflow. . MNG: Arbitrarily limit the number of loops which may be requested by the MNG LOOP chunk to 512 loops, and provide the '-define mng:maximum-loops=value' option in case the user wants to change the limit. This fixes a denial of service caused by large LOOP specifications. * Bug fixes: . DICOM: Pre/post rescale functions are temporarily disabled (until the implementation is fixed). . JPEG: Fix regression in last release in which reading some JPEG files produces the error "Improper call to JPEG library in state 201". . ICON: Some DIB-based Windows ICON files were reported as corrupt to an unexpectedly missing opacity mask image. . In-memory Blob I/O: Don't implicitly increase the allocation size due to seek offsets. . MNG: Detect and handle failure to allocate global PLTE. Fix divide by zero. . DrawGetStrokeDashArray(): Check for failure to allocate memory. . BlobToImage(): Now produces useful exception reports to cover the cases where 'magick' was not set and the file format could not be deduced from its header. * API Updates: . Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(), MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap() based on contributions by Troy Patteson.
Petr Gajdos2018-05-23 08:47:51 +00:00
4104e9f5d3
- upate to 1.3.28: * Security Fixes: BMP: Fix non-terminal loop due to unexpected bit-field mask value (DOS opportunity). PALM: Fix heap buffer underflow in builds with QuantumDepth=8. SetNexus() Fix heap overwrite under certain conditions due to using a wrong destination buffer. This issue impacts all 1.3.X releases. TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing NEWS profile. * Bug fixes: DescribeImage(): Eliminate possible use of null pointer. GIF: Fix memory leak of global colormap in error path. GZ: Writing to gzip files with the extension ".gz" was not working with Zlib 1.2.8. JNG: Fix buffer read overflow (a tiny fixed overflow of just one byte). JPEG: Promoting certain libjpeg warnings to errors caused much more problems than expected. The promotion of warnings to errors is removed. Claimed pixel dimensions are validated by file size before allocating memory for the pixels. IntegralRotateImage(): Assure that reported error in rotate by 270 case does immediately terminate processing. MNG: Fix possible null pointer reference related to DEFI chunk parsing. Fix minor heap read overflow (constrained to just one byte) due to an ordering issue in a limit check. Fix memory leaks in error path. WebP: Fix stack buffer overflow in WriteWEBPImage() which occurs with libwebp 0.5.0 or newer due to a structure type
Petr Gajdos2018-01-24 10:39:55 +00:00
0dee5cbb1f
- added GraphicsMagick-release-date-missing-quote.patch
Petr Gajdos2018-01-10 15:21:04 +00:00
dbd1b57343
* Behavior Changes: . PALM: PALM writer is disabled. . ThrowLoggedException(): Capture the first exception at ErrorException level or greater, or only capture exception if it is more severe than an already reported exception. . DestroyJNG(): This internal function is now declared static and is removed from shared library or DLL namespace.
Petr Gajdos2018-01-10 12:13:38 +00:00
090cd39142
- update to 1.3.27: * New Features: . PNG: Implemented eXIf chunk support. . WEBP: Add support for EXIF and ICC metadata provided that at least libwebp 0.5.0 is used. . Magick++ Image autoOrient(): New Image method to auto-orient an image so it looks right-side up by default. * lot of security and other bug fixes, see https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/1.3.27/Petr Gajdos2018-01-10 11:55:40 +00:00
28827a477d
- update to 1.3.25: * EscapeParenthesis(): I was notified by Gustavo Grieco of a heap overflow in EscapeParenthesis() used in the text annotation code. While not being able to reproduce the issue, the implementation of this function is completely redone. * Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU. Problem was reported by Agostino Sarubbo based on testing with AFL. * SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in the MVG rendering code (also impacts SVG). * TIFF: Fix heap buffer read overflow while copying sized TIFF attributes. Problem was reported by Agostino Sarubbo based on testing with AFL.
Petr Gajdos2016-09-26 09:02:48 +00:00
OBS User unknown
Ana Guerrero
Petr Gajdos
Dominique Leuenberger
Adrian Schröter
Ismail Dönmez
Stephan Kulow