Bug fixes:
* TIFF: Default the alpha channel to type EXTRASAMPLE_UNASSALPHA(2).
* BMP: Many fixes for reading esoteric BMP sub-formats.
* TranslateTextEx(): Revert change so now a NULL pointer is returned
when given an empty string. Some algorithms (e.g. montage) were
depending on this!.
* PAM: Fix reading comments.
* PNG: Added Add missing module aliases "PNG00", "PNG48", "PNG64", so
it is again possible to request these subformats directly.
* TIFF: For common formats with the required number of channels, but
one is an 'unspecified' channel, promote unspecified alpha to
unassociated alpha so that the alpha channel is not ignored.
* "Magick" command line emulation: Eliminate duplicate utility name
output in error messages
New Features:
* BMP: Added the ability to read and write BMP using JPEG compression.
Use '-define bmp:allow-jpeg' to allow use of JPEG compression.
* BMP: Added support for BI_ALPHABITFIELDS compression
* BMP: Added support for reading BMP with PNG compression.
- modified patches
% GraphicsMagick-disable-insecure-coders.patch (refreshed)
- deleted patches
- strlcpy-wrong-sizing.patch (upstreamed)
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=151
Bug fixes:
* Blob: Immediately reject attempts to write blobs to formats which
can not support blobs.
* TranslateTextEx(): An empty string argument should return an empty
string rather than a NULL string.
* SetImageAttribute(): Fix bounds issue when concatenating string.
* JPEG: Do not set image resolution if the values provided are outside
of the valid range.
* Fixes for NaN when reading formats based on floating point.
* HEIF: Fix reading images with rotation/transformation.
* BMP: Do not decode primaries or gamma unless colorspace is
LCS_CALIBRATED_RGB. Add/correct bmp_info.size "biSize" logic which
decides if header chunks are present (or invalid).
* MNG: Fixes for resizing using X_method 5.
* GM command (convert, montage, mogrify): Many command-line parser
fixes/checks for invalid command line syntax which causes unexpected
behavior, or core dumps.
* TopoL: Given that a writer is now provided, issues found in the
reader (and writer) due to continual fuzz-testing have been fixed,
as encountered.
* GetImageClippingPathAttribute(): Check for and use clipping path
name (ID=2999) to get the real attribute name.
* ReadIPTCProfile(): Fix malformed IPTC data parsing.
New Features:
* TopoL: Now provides a writer.
* WPG: Now provides a writer.
* gm batch: Implement simple Test Anything Protocol (TAP) test
counting and "ok N"/"not ok N" messaging.
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=143
* GetMagickGeometry(): Fix a scaling issue where dimensions could be
scaled down to zero.
* PCD: Handle writing image with a dimension of 1.
* PNG: When writing, use lower-case raw profile identifiers (e.g. 'Raw
profile type xmp') because exiftool expects that.
* SUN: The sense of monochrome images was inverted. Fix scanline size
calculation.
* WPG: Fix 20-year old bug in WPG header reading.
New Features:
* JXL: Decode and log extra channel information. This information is
not yet used.
* PCX and DCX: Support writing uncompressed format (use -compress none
for no compression).
* Added IM1, IM8, and IM24 magick aliases for the Sun Raster format
since those are the historically correct extensions.
API Updates:
* AppendImageToList() now updates the image list pointer to be the
image which was just added. Use GetFirstImageInList() when the
pointer to the first image in the list is needed.
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=136
- version update to 1.3.39
Special Issues:
* GraphicsMagick really does need some additional productive
volunteers. For several years now, the burden has entirely been on
me (Bob Friesenhahn). I have been sheparding the project for 20
years already (and contributed to ImageMagick and GraphicsMagick
combined for 26 years already). It is not reasonable to expect
someone with a full time job (and expecting to retire in a few
years) to do all of the work.
Security Fixes:
* GraphicsMagick is participating in Google's oss-fuzz project since
February 4 2018 due to the contributions and assistance of Alex
Gaynor and Paul Kehrer. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. Please consult the
GraphicsMagick ChangeLog file, Mercurial repository commit log, and
the oss-fuzz issues list for details.
Security Fixes:
* oss-fuzz: Several security fixes originating from oss-fuzz testing.
* ALL: Replace strcpy() with strlcpy(), replace strcat() with
strlcat(), replace sprintf() with snprintf(). Prefer using bounded
string functions. This change is made for the purpose of increasing
safety than to address any existing demonstrated concern.
Bug fixes:
* Coverity: Several fixes for issues found by Coverity to reduce the
number of reported issues back down to zero.
* Clang Analyzer 12: Fix most discovered issues.
* PNG: Fix possible use of uninitialized 'ping_num_trans' value in
ReadOnePNGImage().
* MinGW: Eliminate overwrite of existing _MSC_VER value in MinGW compile.
* MNG: Fix heap-use-after-free in CloseBlob.
* MNG: Fix indirect leak in MagickMallocCleared().
* PS: Assure that 'bounds' structure is initialized.
* EPT: Assure that 'bounds' structure is initialized.
* HEIF: If heif_image_handle_get_metadata_size() returns 0, then
carrying on with reading image data.
* configure.ac: Fix Bashism in maintainer-mode check.
* TGA: Remove a defective validation of comment length, which blocked
reading some sample TGA files from the "Encyclopedia Of Graphics
File Formats" book. Monochromatic bilevel TGA can now be read and
written. TGA "Footers" are now read and used when logging as well
as converted to Image attributes.
* WebP: Add configure.ac updates to check for libsharpyuv so that
builds with the development version work again.
* Visual Studio Build (VisualMagick): Fix project file generation.
Improve portability of code for configure.exe.
* Fixed mixed encoding (non-UTF-8) errors in text and source files.
* DrawPrimitive(): Fix composition using "0,0" for image size. This
became broken in GraphicsMagick 1.3.36.
* Blob API: Fixed SEEK_END validation. SEEK_END was not used before,
but now it is.
New Features:
* AVIF: Support reading AVIF via libheif if it supports decoding AVIF
(still no writer support).
* LOG: Added function IsEventLogged() to report if a particular event
will be logged. Us this as much as possible throughout the software
to replace use of IsEventLogging(). This avoids a possible
performance hit if any logging is enabled at all and logging
statements are executed which are filtered and produce no output.
* FITS: Support storing multiple scenes in one file (non-standard
extension).
* JPEG: Optionally enable arithmetic coder in JPG images using
'-define jpeg:arithmetic-coding=true'.
* JPEG: Add support for reading deep gray images.
* HEIF: Support reading ICC color profiles.
* Produce ASCII armored ".asc" format GPG signature files.
* Support reading directly from .bz2, .gz, .svgz, and .Z files
(without creating a temporary file), if possible.
API Updates:
* Magick++: Provide a version of Image::colorMapSize() which is a
'const' method. Continue to provide the non-const version in order
to avoid an ABI change. The compiler should choose the appropriate
version.
Feature improvements:
* HTML documentation generation based on Docutils is significantly
updated and improved.
* PerlMagick: Added more sample input files and changed many reader
tests to use hash signature rather than comparison to reduce the
distribution size.
* Blob: The ReadBlobString() function has been re-written to perform
better when reading from files.
* JXL: The JXL coder is updated to compile with what will likely
become JXL 0.8.0. Support for 16-bit 'short' samples, 16-bit
'float' samples, and 32-bit float samples added. Support for
reading and writing ICC, EXIF, and XMP profiles added.
* MIME: GM "magick" to MIME mappings have been added for apng, avif,
bmp, ico, and webp (regardless of if they are supported).
* XPM: The XPM reader performance is dramatically improved and is
observed to be 32x faster when reading a medium-sized XPM file
(e.g. the GraphicsMagick logo).
* XPM: Support reading "deep" images with more pallete entries than
the maximum colormap size.
Windows Delegate Updates/Additions:
* Update bundled libjasper to version 1.900.26. Please note that 4.0.0
is the latest version at this time and fixes a great many security
and stability issues which are present in 1.900.26.
* Update bundled libjpeg to version 9e.
* Update bundled libtiff to version 4.5.0.
Build Changes:
* MSVC: Added porting function to emulate C'99 snprintf for MSVC older
than 2015.
* MSVC: Successfully compiles using Visual Studio 2008 and 2019.
Compiles successfully using Visual Studio 2022 if optimization is
disabled (otherwise there is an internal compiler error in effect.c).
- Enable JPEG-XL on Tumbleweed.
OBS-URL: https://build.opensuse.org/request/show/1056878
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=134
Special Issues:
* The FTP site ftp.graphicsmagick.org is now shut down due to a lack
of bandwith, extremely abusive users (including from Google and
customers of Amazon Web Services), and a lack of support from the
user community. Another factor is that FTP support has been removed
from popular web browsers. This is very unfortunate since the site
served multiple usages, including providing a lot of historical data
(e.g. related to PNG) which may not be available elsewhere.
* GraphicsMagick really does need some additional productive
volunteers. For several years now, the burden has entirely been on
me (Bob Friesenhahn). I have been sheparding the project for 20
years already (and contributed to ImageMagick and GraphicsMagick
combined for 26 years already). It is not reasonable to expect
someone with a full time job (and expecting to retire in a few
years) to do all of the work.
Security Fixes:
* GraphicsMagick is participating in Google's oss-fuzz project due to
the contributions and assistance of Alex Gaynor. Since February 4
2018, ??? issues have been opened by oss-fuzz and ?? issues remain
open. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. Please consult the
GraphicsMagick ChangeLog file, Mercurial repository commit log, and
the oss-fuzz issues list for details.
Bug fixes:
* Documentation: Generator scripts in 'doc' directory now produce
similar results using GNU sed and Solaris/Illumos sed and don't
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=129
Security Fixes:
* fix issues found by oss-fuzz project
* WPG: Fixes for heap buffer overflow.
Bug fixes:
* ConstituteImage(): Set image depth appropriately based on the
storage size specified by StorageType and QuantumDepth.
* GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme
fuzz values could produce an image with negative width.
* ImageToFile(): Improve error handling to avoid possible deferred
deletion of temporary files, causing unexpected excessive use of
temporary file space.
* JNG: Add validations for alpha compression method values and use
this information to enforce decoding using the appropriate
sub-format (rather than auto-detecting the format). Also, address
memory leaks which may occur if the sub-decoder does something other
than was expected.
* MagickCondSignal(): Improvements to conditional signal handler
registration (which avoids over-riding signal handlers previously
registered by an API user).
* ModifyCache(): Fix memory leak.
* ReadCacheIndexes(): Don't blunder into accessing a null pointer if
the using code has ignored a previous error report bubled-up from
SetNexus().
* MNG: When doing image scaling and the image width or height is 1
then always use simple pixel replication as per the MNG
specification.
* MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing
to eliminate a class of malign behavior.
* MVG: Place an aribrary limit on stroke dash polygon unit maximum
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=125
Special Issues:
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize the 'ICU' library is
often longer than the time that GraphicsMagick would otherwise
require to read the input file, process the image, and write the
output file. If the 'ICU' dependency can not be avoided, then make
sure to use the modules build so there is only impact for file
formats which require libxml2. Please lobby the 'ICU' library
developers to change their implementation to avoid long start-up
times due to merely linking with the library.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 398 issues have been opened by oss-fuzz (some of which were
benign build issues) and 11 issues remain open.
The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
Bug fixes:
* Fix broken definition of ResourceInfinity which resulted in that
GetMagickResource() would return -1 rather than the maximum range
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=119
- Relinquish resources used by OpenMP on all devices (GCC >= 9)
+ GraphicsMagick-wait-for-threads-close.patch
- Set configure options to what is actually build
- version update to 1.3.34
* DPS: Eliminate a memory leak.
* Debug Trace: Only output text to terminate an XML format log file
if XML format is active.
* EXIF Parser: Detect non-terminal parsing and report an error.
* EXIF Parser: Eliminate heap buffer overflows.
* HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.
* MAT: Implement subimage/subrange support.
* MVG: Address non-terminal loops, excessive run-time, thrown
assertions, divide-by-zero, heap overflow, and memory leaks.
* OpenModule(): Now properly case-insensitive, as it used to be.
* PCX: Verify that pixel region is not negative. Assure that opacity
channel is initialized to opaqueOpacity. Update DirectClass
representation while PseudoClass representation is updated.
Improve read performance with uncompressed PCX.
* PICT: Fix heap overflow in PICT writer.
* PNG: Fix validation of raw profile length.
* PNG: Skip coalescing layers if there is only one layer.
* PNM: Fix denial of service opportunity by limiting the length of
PNM comment text.
* WPG: Avoid Avoid dereferencing a null pointer.
* WPG: Implement subimage/subrange support.
* WPG: Improve performance when reading an embedded image.
* Wand library: In MagickClearException(), destroy any existing
exception info before re-initializing the exception info or else
there will be a memory leak.
* XPM: Rquire that image properties appear in the first 512 bytes
of the XPM file header.
* Compliles clean using GCC 9.
* Python scripts related to the build (enabled by --enable-maintainer-mode)
are now compatible with Python 3.
* Now supports using Google gperftools tcmalloc library for the memory
allocator. This improves performance for certain repetitive work-loads
and heavily-threaded algorithms.
* Configure now reports the status of zstd (FaceBook Zstandard)
compression in its configuration summary.
* TclMagick: Address many issues mentioned by SourceForge issue #420
"TclMagick issues and patch".
* PNG: Post-processing to convert the image type in the PNG reader based
on a specified magick prefix string is now disabled. This can (and
should) be done after the image has been returned.
* Trace Logging: The compiled-in logging default is always to stderr,
which may be over-ridden using log.mgk as soon as it is loaded.
OBS-URL: https://build.opensuse.org/request/show/760078
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=113
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize is often longer than the
time to read the input file, process the image, and write the output
file. If the 'ICU' dependency can not be avoided, then make sure to
use the modules build. Please lobby the 'ICU' library developers to
change their implementation to avoid long start-up times due to
merely linking with the library.
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 353 issues have been opened by oss-fuzz and 338 of those
issues have been resolved. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
* Documentation has been added regarding security hazards due to
commands which support a '@filename' syntax.
* MontageImages(): Fix wrong length argument to strlcat() when
building montage directory, which could allow heap overwrite.
* PNG: Pass correct size value to strlcat() in module registration
code. This bug is noticed to cause problems for Apple's OS X and
Linux Alpine with musl libc. This fixes a regression introduced by
the 1.3.32 release.
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=109
New Features:
* Added support for writing the Braille image format (by Samuel
Thibault).
* WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use
sharp (and slow) RGB->YUV conversion") via `-define
webp:use-sharp-yuv=true`.
* The version command output now reports the OpenMP specification
number rather than just the integer version identifier.
API Updates:
* ReallocateImageColormap() added to re-allocate an existing colormap.
* Some improperly-exposed globals are now static as they should have
been.
* The 'benchmark' command now shows 6 digits (microseconds) of elapsed
time indication.
* The 'time' command now shows 6 digits (microseconds) of elapsed time
indication.
* The logging facility now shows 6 digits (microseconds) of time
resolulution
* Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw
so that it returns a 16-bit/sample image.
* Dcraw: If Dcraw supports TIFF format, then request TIFF format in
order to be able to acquire more metatdata.
* Scale algorithm: Eliminate artifacts when scaling an image with
semi-transparent pixels.
* Library metrics: The number of shared library relocations and the
amount of initialized data has been signficantly reduced by
following recommendations from Ulrich Drepper's document `How To
Write Shared Libraries <https://akkadia.org/drepper/dsohowto.pdf>`_.
(Security) Bug Fixes:
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=102
Special Issues:
* Firmware and operating system updates to address the Spectre
vulnerability (and possibly to some extent the Meltdown
vulnerability) have substantially penalized GraphicsMagick's OpenMP
performance. Performance is reduced even with GCC 7 and 8's
improved optimizers. There does not appear to be anything we can do
about this.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor.
Bug fixes:
* See above note about oss-fuzz fixes.
* CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge
issue 571.
* Drawing recursion is limited to 100 and may be tuned via the
MAX_DRAWIMAGE_RECURSION pre-processor definition.
* Fix reading MIFF files using legacy keyword 'color-profile' for ICC
color profile as was used by ImageMagick 4.2.9.
* Fix reading/writing files when 'magick' is specified in lower case.
This bug was a regression in 1.3.30.
New Features:
* TIFF: Support Zstd compression in TIFF. This requires libtiff
4.0.10 or later.
* TIFF: Support WebP compression in TIFF. This requires libtiff
4.0.10 or later.
API Updates:
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=97
- update to 1.3.30:
* Security Fixes:
. GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 238 issues have been opened by oss-fuzz and 230 of those
issues have been resolved. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
. SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
PointInfo arrays. This is another manefestation of CVE-2016-2317,
which should finally be fixed correctly due to active
detection/correction of pending overflow rather than using
estimation.
* Bug fixes:
. Many oss-fuzz fixes are bug fixes.
. Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).
. MIFF: Detect end of file while reading image directory.
. SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).
. The AlphaCompositePixel macro was producing wrong results when the
output alpha value was not 100% opaque. This is a regression
introduced in 1.3.29.
. TILE: Fix problem with tiling JPEG images because the size request
used by the TILE algorithm was also causing re-scaling in the JPEG
reader. The problem is solved by stripping the size request before
reading the image.
OBS-URL: https://build.opensuse.org/request/show/627341
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=91
* Security Fixes:
. GraphicsMagick is now participating in Google's oss-fuzz project
. JNG: Require that the embedded JPEG image have the same dimensions
as the JNG image as provided by JHDR. Avoids a heap write overflow.
. MNG: Arbitrarily limit the number of loops which may be requested by
the MNG LOOP chunk to 512 loops, and provide the '-define
mng:maximum-loops=value' option in case the user wants to change the
limit. This fixes a denial of service caused by large LOOP
specifications.
* Bug fixes:
. DICOM: Pre/post rescale functions are temporarily disabled (until
the implementation is fixed).
. JPEG: Fix regression in last release in which reading some JPEG
files produces the error "Improper call to JPEG library in state
201".
. ICON: Some DIB-based Windows ICON files were reported as corrupt to
an unexpectedly missing opacity mask image.
. In-memory Blob I/O: Don't implicitly increase the allocation size
due to seek offsets.
. MNG: Detect and handle failure to allocate global PLTE. Fix divide
by zero.
. DrawGetStrokeDashArray(): Check for failure to allocate memory.
. BlobToImage(): Now produces useful exception reports to cover the
cases where 'magick' was not set and the file format could not be
deduced from its header.
* API Updates:
. Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(),
MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap()
based on contributions by Troy Patteson.
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=89
* Security Fixes:
BMP: Fix non-terminal loop due to unexpected bit-field mask
value (DOS opportunity).
PALM: Fix heap buffer underflow in builds with QuantumDepth=8.
SetNexus() Fix heap overwrite under certain conditions due to
using a wrong destination buffer. This issue impacts all
1.3.X releases.
TIFF: Fix heap buffer read overflow in LocaleNCompare() when
parsing NEWS profile.
* Bug fixes:
DescribeImage(): Eliminate possible use of null pointer.
GIF: Fix memory leak of global colormap in error path.
GZ: Writing to gzip files with the extension ".gz" was
not working with Zlib 1.2.8.
JNG: Fix buffer read overflow (a tiny fixed overflow of just
one byte).
JPEG: Promoting certain libjpeg warnings to errors caused
much more problems than expected. The promotion of
warnings to errors is removed. Claimed pixel dimensions
are validated by file size before allocating memory for
the pixels.
IntegralRotateImage(): Assure that reported error in rotate by
270 case does immediately terminate processing.
MNG: Fix possible null pointer reference related to DEFI chunk
parsing. Fix minor heap read overflow (constrained to just
one byte) due to an ordering issue in a limit check. Fix
memory leaks in error path.
WebP: Fix stack buffer overflow in WriteWEBPImage() which
occurs with libwebp 0.5.0 or newer due to a structure type
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=85
. PALM: PALM writer is disabled.
. ThrowLoggedException(): Capture the first exception
at ErrorException level or greater, or only capture exception
if it is more severe than an already reported exception.
. DestroyJNG(): This internal function is now declared static
and is removed from shared library or DLL namespace.
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=82
- Drop patches not meintioned in the changelog ever:
* GraphicsMagick-debian-fixed.patch
* GraphicsMagick-include.patch
* GraphicsMagick-perl-link.patch
* The package builds just fine without them and there is no
refference explaining it
- Convert the deps to pkgconfig variants where possible.
- Version update to 1.3.26:
* DPX: Fix excessive use of memory (DOS issue) due to file header
claiming large image dimensions but insufficient backing
data. (CVE-2017-10799 bsc#1047054).
* JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
* MAT: Fix excessive use of memory (DOS issue) due to continuing
processing with insufficient data and claimed large image
size. Verify each file extent to make sure that it is within range
of file size. (CVE-2017-10800 bsc#1047044).
* META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
* PCX: Fix denial of service issue.
* RLE: Fix abnomally slow operation (denial of service issue) with
intentionally corrupt colormapped file.
* PICT: Fix possible buffer overflow vulnerability given suitably
truncated input file.
* PNG: Enforce spec requirement that the dimensions of the JPEG
embedded in a JDAT chunk must match the JHDR dimensions
(CVE-2016-9830).
* PNG: Avoid NULL dereference when MAGN chunk processing fails.
* SCT: Fix stack-buffer read overflow (underflow?) while reading SCT
header.
* SGI: Fix denial of service issues. Delay large memory allocations
OBS-URL: https://build.opensuse.org/request/show/511776
OBS-URL: https://build.opensuse.org/package/show/graphics/GraphicsMagick?expand=0&rev=73
