|
|
|
|
Changelog for libGraphicsMagick-Q16-3-1.3.25-123.1.x86_64.rpm :
Thu Jan 3 13:00:00 2019 Petr Gajdos - security update (bmp.c): * CVE-2018-20467 [bsc#1120381] + GraphicsMagick-bmp.c-update.patch
Fri Dec 21 13:00:00 2018 Petr Gajdos - security update (tga.c): * CVE-2018-20184 [bsc#1119822] + GraphicsMagick-CVE-2018-20184.patch
Fri Dec 21 13:00:00 2018 Petr Gajdos - security update (dib.c): * CVE-2018-20189 [bsc#1119790] + GraphicsMagick-CVE-2018-20189.patch
Thu Nov 1 13:00:00 2018 Petr Gajdos - security update (msl.c): * CVE-2018-18544 [bsc#1113064] + GraphicsMagick-CVE-2018-18544.patch
Tue Oct 23 14:00:00 2018 Petr Gajdos - security update (tiff.c): * CVE-2017-10794 [bsc#1112392] GraphicsMagick-CVE-2017-10794.patch
Mon Oct 22 14:00:00 2018 Petr Gajdos - security update (pict.c): * CVE-2017-14997 [bsc#1112399] + GraphicsMagick-CVE-2017-14997.patch
Mon Oct 22 14:00:00 2018 Petr Gajdos - asan_build: build ASAN included - debug_build: build more suitable for debugging
Fri Oct 12 14:00:00 2018 Petr Gajdos - security update (bmp.c) * CVE-2018-18024 [bsc#1111069] * GraphicsMagick-CVE-2018-18024.patch
Sat Sep 15 14:00:00 2018 Petr Gajdos - security update (meta.c): * CVE-2018-16750 [bsc#1108283] + GraphicsMagick-meta.c-update.patch
Mon Sep 10 14:00:00 2018 Petr Gajdos - security update (pict.c): * CVE-2018-16644 [bsc#1107609] + GraphicsMagick-CVE-2018-16644.patch
Mon Sep 10 14:00:00 2018 Petr Gajdos - security update (bmp.c, dib.c): * CVE-2018-16645 [bsc#1107604] + GraphicsMagick-CVE-2018-16645.patch
Mon Sep 3 14:00:00 2018 pgajdosAATTsuse.com - security update * CVE-2018-16323 [bsc#1106855] . GraphicsMagick-CVE-2017-13776,13777.patch renamed to GraphicsMagick-CVE-2017-13776,13777,CVE-2018-16323.patch
Wed Aug 22 14:00:00 2018 pgajdosAATTsuse.com - disable PS, PS2, PS3 and PDF coders by default, remove gs calls from delegates.mgk [bsc#1105592]
Tue Aug 7 14:00:00 2018 pgajdosAATTsuse.com - security update (pcd.c): * CVE-2018-14435 [bsc#1102007] + GraphicsMagick-CVE-2018-14435.patch
Wed Jun 20 14:00:00 2018 pgajdosAATTsuse.com - security update (rgb.c, cmyk.c, gray.c) * CVE-2018-10805 and similar memory leaks [bsc#1095812] + GraphicsMagick-CVE-2018-10805.patch
Wed Jun 13 14:00:00 2018 pgajdosAATTsuse.com - security udpate (dcm.c) * fix invalid reads in dcm.c [bsc#1075821c#14] GraphicsMagick-dcm.c-update-2.patch
Wed May 23 14:00:00 2018 pgajdosAATTsuse.com - security update (miff.c) * CVE-2017-18271 [bsc#1094204] + GraphicsMagick-CVE-2017-18271.patch
Mon Apr 30 14:00:00 2018 pgajdosAATTsuse.com - security update (png.c) * CVE-2018-10177 [bsc#1089781] + GraphicsMagick-CVE-2018-10177.patch
Tue Apr 24 14:00:00 2018 pgajdosAATTsuse.com - security update (core) * CVE-2018-6799 [bsc#1080522] + GraphicsMagick-CVE-2018-6799.patch
Tue Apr 24 14:00:00 2018 pgajdosAATTsuse.com - GraphicsMagick-CVE-2017-8353.patch renamed to GraphicsMagick-CVE-2017-13066.patch [bsc#1055010] - GraphicsMagick-CVE-2017-11532.patch renamed to GraphicsMagick-CVE-2017-11641.patch [bsc#1050623] - GraphicsMagick-CVE-2017-18028.patch renamed to GraphicsMagick-CVE-2017-18229.patch [bsc#1085236]
Fri Apr 13 14:00:00 2018 pgajdosAATTsuse.com - security update (png.c) * CVE-2018-9018 [bsc#1086773] + GraphicsMagick-CVE-2018-9018.patch
Tue Apr 10 14:00:00 2018 pgajdosAATTsuse.com - security update (gif.c) * CVE-2017-18254 [bsc#1087027] + GraphicsMagick-CVE-2017-18254.patch
Fri Apr 6 14:00:00 2018 pgajdosAATTsuse.com - security update (pcd.c) * CVE-2017-18251 [bsc#1087037] + ImageMagick-CVE-2017-18251.patch
Tue Mar 20 13:00:00 2018 pgajdosAATTsuse.com - security update (core) * CVE-2017-11524 [bsc#1050087] + GraphicsMagick-CVE-2017-11524.patch
Wed Mar 14 13:00:00 2018 pgajdosAATTsuse.com - security update (cineon.c): * CVE-2017-18230 [bsc#1085233] + GraphicsMagick-CVE-2017-18230.patch
Wed Feb 28 13:00:00 2018 pgajdosAATTsuse.com - security update (core) * CVE-2017-16353 [bsc#1066170] + GraphicsMagick-CVE-2017-16353.patch * CVE-2017-16352 [bsc#1066168] + GraphicsMagick-CVE-2017-16352.patch * CVE-2017-14314 [bsc#1058630] + GraphicsMagick-CVE-2017-14314.patch * CVE-2017-14505 [bsc#1059735] + GraphicsMagick-CVE-2017-14505.patch
Mon Feb 26 13:00:00 2018 pgajdosAATTsuse.com - security update (emf.c): * CVE-2017-15016 [bsc#1082291] + GraphicsMagick-CVE-2017-15016.patch
Mon Feb 26 13:00:00 2018 pgajdosAATTsuse.com - security update (png.c): * CVE-2017-15017 [bsc#1082283] + GraphicsMagick-CVE-2017-15017.patch
Tue Feb 20 13:00:00 2018 pgajdosAATTsuse.com - security update (uil.c): * CVE-2017-11533 [bsc#1050132] + GraphicsMagick-CVE-2017-11533.patch
Tue Feb 20 13:00:00 2018 pgajdosAATTsuse.com - security update (wpg.c): * CVE-2017-17682 [bsc#1072898] + GraphicsMagick-CVE-2017-17682.patch
Tue Feb 20 13:00:00 2018 pgajdosAATTsuse.com - security update (rgb.c): * CVE-2017-17500 [bsc#1077737] + GraphicsMagick-rgb.c-update.patch
Thu Feb 15 13:00:00 2018 pgajdosAATTsuse.com - security update (pcl.c): * CVE-2017-11637 [bsc#1050669] + GraphicsMagick-CVE-2017-11637.patch
Wed Feb 14 13:00:00 2018 pgajdosAATTsuse.com - security update (map.c): * CVE-2017-11638, CVE-2017-11642 [bsc#1050617] + GraphicsMagick-CVE-2017-11638,11642.patch
Wed Feb 14 13:00:00 2018 pgajdosAATTsuse.com - security update (gray.c): * CVE-2017-17503 [bsc#1072934] + GraphicsMagick-gray.c-update.patch
Tue Feb 13 13:00:00 2018 pgajdosAATTsuse.com - security udpate (cut.c): * CVE-2017-14060 [bsc#1056768] + ImageMagick-CVE-2017-14060.patch
Fri Feb 9 13:00:00 2018 pgajdosAATTsuse.com - update dcm.c to newest code
Fri Feb 9 13:00:00 2018 pgajdosAATTsuse.com - security update (cmyk.c): * CVE-2017-17502 [bsc#1073081] + GraphicsMagick-cmyk.c-update.patch
Wed Feb 7 13:00:00 2018 pgajdosAATTsuse.com - security update (jpeg.c): * CVE-2017-11450 [bsc#1049374] + GraphicsMagick-CVE-2017-11450.patch * CVE-2017-11140 [bsc#1047900] + GraphicsMagick-CVE-2017-11140.patch
Tue Feb 6 13:00:00 2018 pgajdosAATTsuse.com - security update (pcx.c): * CVE-2017-14224 [bsc#1058009] + ImageMagick-CVE-2017-14224.patch
Mon Jan 29 13:00:00 2018 pgajdosAATTsuse.com - security update (tiff.c): * CVE-2017-17912 [bsc#1074307] + GraphicsMagick-CVE-2017-17912.patch * CVE-2017-18229 [bsc#1085236] + GraphicsMagick-CVE-2017-18229.patch
Fri Jan 26 13:00:00 2018 pgajdosAATTsuse.com - GraphicsMagick-CVE-2017-13063,13064.patch a renamed to GraphicsMagick-CVE-2017-13063,13064,13065.patch as it also fixes CVE-2017-13065 [bsc#1055038]
Wed Jan 24 13:00:00 2018 pgajdosAATTsuse.com - security update (bmp.c): * CVE-2018-5685 [bsc#1075939] + GraphicsMagick-CVE-2018-5685.patch
Tue Jan 16 13:00:00 2018 pgajdosAATTsuse.com - security update (png.c): * CVE-2017-9262 [bsc#1043353] * CVE-2017-9261 [bsc#1043354] * CVE-2017-11750 [bsc#1051442] * CVE-2017-12676 [bsc#1052708] * CVE-2017-12673 [bsc#1052717] * CVE-2017-12641 [bsc#1052777] * CVE-2017-12935 [bsc#1054600] * CVE-2017-13147 [bsc#1055374] * CVE-2017-13142 [bsc#1055455] * CVE-2017-14103 [bsc#1057000] * CVE-2017-15218 [bsc#1062752] * CVE-2017-11722 [bsc#1051411] * CVE-2017-18219 [bsc#1084060] * CVE-2017-18220 [bsc#1084062] * CVE-2018-16749 [bsc#1108282] + added GraphicsMagick-png.c-update.patch, 15288:5c4bd14a370c state of png.c
Tue Jan 9 13:00:00 2018 pgajdosAATTsuse.com - security update (core): * CVE-2017-18022 [bsc#1074975] + GraphicsMagick-CVE-2017-18022.patch
Mon Jan 8 13:00:00 2018 pgajdosAATTsuse.com - security update (mat.c): * CVE-2017-12672 [bsc#1052720] * CVE-2017-13060 [bsc#1055065] * CVE-2017-12670 [bsc#1052731] * CVE-2017-10800 [bsc#1047044] * CVE-2017-13648 [bsc#1055434] * CVE-2017-12564 [bsc#1052468] * CVE-2017-12675 [bsc#1052710] * CVE-2017-14326 [bsc#1058640] * CVE-2017-17881 [bsc#1074123] * CVE-2017-18029 [bsc#1076021] * CVE-2017-18027 [bsc#1076051] + added GraphicsMagick-mat.c-update.patch, 15288:5c4bd14a370c state of mat.c
Wed Jan 3 13:00:00 2018 pgajdosAATTsuse.com - security update (mpc.c): * CVE-2017-11449 [bsc#1049373] + GraphicsMagick-CVE-2017-11449.patch * CVE-2017-11641 [bsc#1050623] + GraphicsMagick-CVE-2017-11641.patch
Tue Jan 2 13:00:00 2018 pgajdosAATTsuse.com - security update (render.c): * CVE-2017-16547 [bsc#1067177] + GraphicsMagick-CVE-2017-16547.patch
Tue Jan 2 13:00:00 2018 pgajdosAATTsuse.com - security update (pwp.c): * memory leak in pwp.c [bsc#1051412] + GraphicsMagick-pwp.c-memory-leak.patch
Wed Dec 13 13:00:00 2017 pgajdosAATTsuse.com - security update (pnm.c): * CVE-2017-14042 [bsc#1056550] + GraphicsMagick-CVE-2017-14042.patch * CVE-2017-14504 [bsc#1059721] + GraphicsMagick-CVE-2017-14504.patch * CVE-2017-17498 [bsc#1072103] + GraphicsMagick-CVE-2017-17498.patch
Mon Dec 11 13:00:00 2017 pgajdosAATTsuse.com - security update (gif.c): * CVE-2017-15277 [bsc#1063050] + GraphicsMagick-CVE-2017-15277.patch
Wed Dec 6 13:00:00 2017 pgajdosAATTsuse.com - security update (rle.c): * CVE-2017-14733 [bsc#1060577] + GraphicsMagick-CVE-2017-14733.patch
Tue Dec 5 13:00:00 2017 pgajdosAATTsuse.com - security update (pdf.c): * CVE-2017-12662 [bsc#1052758] + GraphicsMagick-CVE-2017-12662.patch
Mon Dec 4 13:00:00 2017 pgajdosAATTsuse.com - security update (dcm.c): * CVE-2017-14994 [bsc#1061587] + GraphicsMagick-CVE-2017-14994.patch * CVE-2017-12140, CVE-2017-12644 [bsc#1052764] [bsc#1051847] + GraphicsMagick-CVE-2017-12140,12644.patch
Mon Dec 4 13:00:00 2017 pgajdosAATTsuse.com - security update (dpx.c): * CVE-2017-10799 [bsc#1047054] + GraphicsMagick-CVE-2017-10799.patch
Mon Nov 27 13:00:00 2017 pgajdosAATTsuse.com - security update (tiff.c) * CVE-2017-13737 [bsc#1056162] + GraphicsMagick-CVE-2017-13737.patch * CVE-2017-11640 [bsc#1050632] + GraphicsMagick-CVE-2017-11640.patch
Tue Nov 21 13:00:00 2017 pgajdosAATTsuse.com - security update (wpg.c): * CVE-2017-14342 [bsc#1058485] + GraphicsMagick-CVE-2017-14342.patch * CVE-2017-14341 [bsc#1058637] + GraphicsMagick-CVE-2017-14341.patch * CVE-2017-16546 [bsc#1067181] + GraphicsMagick-CVE-2017-16546.patch * CVE-2017-16545 [bsc#1067184] + GraphicsMagick-CVE-2017-16545.patch * CVE-2017-16669 [bsc#1067409] + GraphicsMagick-CVE-2017-16669.patch
Tue Nov 7 13:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-13776, CVE-2017-13777 [bsc#1056429], [bsc#1056426] + GraphicsMagick-CVE-2017-13776,13777.patch
Mon Nov 6 13:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-13134 [bsc#1055214] + GraphicsMagick-CVE-2017-13134.patch
Mon Nov 6 13:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-15930 [bsc#1066003] + GraphicsMagick-CVE-2017-15930.patch
Fri Nov 3 13:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-12983 [bsc#1054757] + GraphicsMagick-CVE-2017-12983.patch
Wed Nov 1 13:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-14165 [bsc#1057508] + GraphicsMagick-CVE-2017-14165.patch
Tue Oct 24 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-12936 [bsc#1054598] + GraphicsMagick-CVE-2017-12936.patch
Mon Oct 23 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-13139 [bsc#1055430] + GraphicsMagick-CVE-2017-13139.patch
Mon Oct 23 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-12937 [bsc#1054596] + GraphicsMagick-CVE-2017-12937.patch
Fri Oct 20 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-13063 [bsc#1055050], CVE-2017-13064 [bsc#1055042] + GraphicsMagick-CVE-2017-13063,13064.patch
Fri Oct 20 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-13775 [bsc#1056431] + GraphicsMagick-CVE-2017-13775.patch
Mon Oct 9 14:00:00 2017 pgajdosAATTsuse.com - ThrowException does not return [bsc#1061873c#6] + amended GraphicsMagick-CVE-2017-15033.patch
Fri Oct 6 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-15033 [bsc#1061873] + GraphicsMagick-CVE-2017-15033.patch
Thu Oct 5 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-14532 [bsc#1059663] + GraphicsMagick-CVE-2017-14532.patch
Tue Aug 15 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-11643 [bsc#1050611] + GraphicsMagick-CVE-2017-11643.patch * CVE-2017-11636 [bsc#1050674] + GraphicsMagick-CVE-2017-11636.patch
Fri Jul 21 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-11403 [bsc#1049072] + GraphicsMagick-CVE-2017-11403.patch
Mon Jun 26 14:00:00 2017 pgajdosAATTsuse.com - complementary fix for CVE-2017-8350 [bsc#1036985 c13-c21] * modified GraphicsMagick-CVE-2017-8350.patch
Tue May 30 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-9142 [bsc#1040304] + GraphicsMagick-CVE-2017-9142.patch
Wed May 3 14:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-8350 [bsc#1036985] + GraphicsMagick-CVE-2017-8350.patch * CVE-2017-8351 [bsc#1036986] + GraphicsMagick-CVE-2017-8351.patch * CVE-2017-13066 [bsc#1055010] + GraphicsMagick-CVE-2017-8353.patch * CVE-2017-8355 [bsc#1036990] + GraphicsMagick-CVE-2017-8355.patch
Tue Mar 21 13:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2017-6335 [bsc#1027255] + GraphicsMagick-CVE-2017-6335.patch
Tue Jan 17 13:00:00 2017 pgajdosAATTsuse.com - security update: * CVE-2016-10050 [bsc#1017312] + GraphicsMagick-CVE-2016-10050.patch * CVE-2016-10051 [bsc#1017313] + GraphicsMagick-CVE-2016-10051.patch * CVE-2016-10052 [bsc#1017314] + GraphicsMagick-CVE-2016-10052.patch * CVE-2016-10048 [bsc#1017310] + GraphicsMagick-CVE-2016-10048.patch * CVE-2016-10146 [bsc#1020443] + GraphicsMagick-CVE-2016-10146.patch * CVE-2017-5511 [bsc#1020448] + GraphicsMagick-CVE-2017-5511.patch * CVE-2016-10068 [bsc#1017324] + GraphicsMagick-CVE-2016-10068.patch * CVE-2016-10070 [bsc#1017326] + GraphicsMagick-CVE-2016-10070.patch - GraphicsMagick-buffer-overflow-pdb.patch corrected to GraphicsMagick-buffer-overflow-map.patch name
Tue Dec 13 13:00:00 2016 pgajdosAATTsuse.com - security update: * CVE-2016-8866 [bsc#1009318] + GraphicsMagick-CVE-2016-8866.patch * CVE-2016-9830 [bsc#1013640] + GraphicsMagick-CVE-2016-9830.patch
Tue Nov 29 13:00:00 2016 pgajdosAATTsuse.com - security update: * CVE-2016-5118 [bsc#982178] + GraphicsMagick-CVE-2016-5118.patch * CVE-2014-9805 [bsc#983752] + GraphicsMagick-CVE-2014-9805.patch * CVE-2014-9846 [bsc#983521] + GraphicsMagick-CVE-2014-9846.patch * CVE-2014-9807 [bsc#983794] + GraphicsMagick-CVE-2014-9807.patch * CVE-2014-9809 [bsc#983799] + GraphicsMagick-CVE-2014-9809.patch * CVE-2014-9815 [bsc#984372] + GraphicsMagick-CVE-2014-9815.patch * CVE-2014-9817 [bsc#984400] + GraphicsMagick-CVE-2014-9817.patch * CVE-2014-9820 [bsc#984150] + GraphicsMagick-CVE-2014-9820.patch * CVE-2014-9834 [bsc#984436] + GraphicsMagick-CVE-2014-9834.patch * CVE-2014-9835, CVE-2014-9831 [bsc#984145] [bsc#984375] + GraphicsMagick-CVE-2014-9835,9831.patch * CVE-2014-9837 [bsc#984166] + GraphicsMagick-CVE-2014-9837.patch * CVE-2014-9845 [bsc#984394] + GraphicsMagick-CVE-2014-9845.patch * CVE-2014-9817 [bsc#984400] + GraphicsMagick-CVE-2014-9853.patch * CVE-2016-7529 [bsc#1000399] + GraphicsMagick-CVE-2016-7529.patch * CVE-2016-7528 [bsc#1000434] + GraphicsMagick-CVE-2016-7528.patch * CVE-2016-7515 [bsc#1000689] + GraphicsMagick-CVE-2016-7515.patch * CVE-2016-7522 [bsc#1000698] + GraphicsMagick-CVE-2016-7522.patch * CVE-2016-7531 [bsc#1000704] + GraphicsMagick-CVE-2016-7531.patch * CVE-2016-7533 [bsc#1000707] + GraphicsMagick-CVE-2016-7533.patch * CVE-2016-7537 [bsc#1000711] + GraphicsMagick-CVE-2016-7537.patch * CVE-2016-6823 [bsc#1001066] + GraphicsMagick-CVE-2016-6823.patch * CVE-2016-7101 [bsc#1001221] + GraphicsMagick-CVE-2016-7101.patch * do not divide by zero in WriteTIFFImage [bsc#1002206] + GraphicsMagick-write-tiff-div-by-zero.patch * fix buffer overflow [bsc#1002209] + GraphicsMagick-buffer-overflow-pdb.patch * CVE-2016-7800 [bsc#1002422] + GraphicsMagick-CVE-2016-7800.patch * CVE-2016-7996, CVE-2016-7997 [bsc#1003629] + GraphicsMagick-CVE-2016-7996,7997.patch * CVE-2016-8684 [bsc#1005123] + GraphicsMagick-CVE-2016-8684.patch * CVE-2016-8682 [bsc#1005125] + GraphicsMagick-CVE-2016-8682.patch * CVE-2016-8683 [bsc#1005127] + GraphicsMagick-CVE-2016-8683.patch * CVE-2016-8862 [bsc#1007245] + GraphicsMagick-CVE-2016-8862.patch * CVE-2016-9556 [bsc#1011130] + GraphicsMagick-CVE-2016-9556.patch
Mon Sep 26 14:00:00 2016 pgajdosAATTsuse.com - update to 1.3.25: * EscapeParenthesis(): I was notified by Gustavo Grieco of a heap overflow in EscapeParenthesis() used in the text annotation code. While not being able to reproduce the issue, the implementation of this function is completely redone. * Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU. Problem was reported by Agostino Sarubbo based on testing with AFL. * SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in the MVG rendering code (also impacts SVG). * TIFF: Fix heap buffer read overflow while copying sized TIFF attributes. Problem was reported by Agostino Sarubbo based on testing with AFL.
Thu Jun 23 14:00:00 2016 meissnerAATTsuse.com - Build \"gm\" as position independend executable (PIE).
Mon Jun 6 14:00:00 2016 pgajdosAATTsuse.com - updated to 1.3.24: * many security related changes (incl. CVE-2016-5118), see ChangeLog - removed patches: * GraphicsMagick-CVE-2016-5118.patch * GraphicsMagick-upstream-delegates-safer.patch * GraphicsMagick-upstream-disable-mvg-ext.patch * GraphicsMagick-upstream-disable-tmp-magick-prefix.patch * GraphicsMagick-upstream-image-sanity-check.patch
Mon May 30 14:00:00 2016 pgajdosAATTsuse.com - security update: * CVE-2016-5118 [bsc#982178] + GraphicsMagick-CVE-2016-5118.patch
Mon May 9 14:00:00 2016 sfleesAATTsuse.de - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061] (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717) * GraphicsMagick-upstream-delegates-safer.patch * GraphicsMagick-upstream-disable-mvg-ext.patch * GraphicsMagick-upstream-disable-tmp-magick-prefix.patch * GraphicsMagick-upstream-image-sanity-check.patch
Sun Nov 8 13:00:00 2015 dmitry_rAATTopensuse.org - Update to version 1.3.23 * See included NEWS.txt for details
Mon Oct 5 14:00:00 2015 dmitry_rAATTopensuse.org - Update to version 1.3.22 * See included NEWS.txt for details
Sat Mar 21 13:00:00 2015 dmitry_rAATTopensuse.org - Update to version 1.3.21 * See included NEWS.txt for details
Wed Sep 17 14:00:00 2014 dmitry_rAATTopensuse.org - Move library configuration files to separated package
Tue Sep 16 14:00:00 2014 dmitry_rAATTopensuse.org - Fix devel package dependencies
Sat Sep 13 14:00:00 2014 dmitry_rAATTopensuse.org - Update to version 1.3.20 * See included NEWS.txt for details - Enable quantum depth in shared library names - Enable bzip2, jbig, webp support - Use LCMSv2
Tue Feb 25 13:00:00 2014 dmitry_rAATTopensuse.org - Fix quantum depth in package description
Thu Jan 2 13:00:00 2014 pgajdosAATTsuse.com - updated to 1.3.19: * EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed. This crash could be used to cause denial of service. * PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a \"known incorrect ICC profile\". This crash could be used to cause denial of service. * etc. see NEWS.txt
Mon Jul 15 14:00:00 2013 pgajdosAATTsuse.com - set quantum depth to 16 [bnc#828380]
Tue Mar 12 13:00:00 2013 pgajdosAATTsuse.com - updated to 1.3.18: * Due to `GCC bug 53967`_, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (`-mfpmath=sse`) if the GCC option `-frename-registers` is used. Default 32-bit builds do not experience the problem since they use \'387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. * Fixed bug with format substitutions if input string ends with a single \'%\'. * BMP: Fixed an old bug with decoding chromaticity primaries. * PNG: Fixed reading of interlaced images. Fix reading of sub-8-bit palette and grayscale images. Some PNG sub-formats were written incorrectly. Fix crash in PNG8 writer if image colors happened to be non-zero but image was not actually colormapped. * PNG: Configure script now also searches for libpng versions 16 and 17. * TIFF: Fix a crash which was noticed when writing RGBA separated (planar) format. * `--enable-symbol-prefix` was not prefixing all of the C symbols. Some core C library functions were not prefixed. This option applies to the Wand library API as well now. * C API: When input is from a user-provided file descriptor, the file position is restored after reading the file header bytes. Previously the file position was rewound to the beginning of the file. This allows reading embedded image data from the current offset in a file, and allows continuing to use the stream after GraphicsMagick has returned the image. * C API: It is now possible to invoke CloseBlob() multiple times. * etc. see NEWS.txt
Mon Oct 15 14:00:00 2012 pgajdosAATTsuse.com - updated to 1.3.17: * PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. * PNG: Reading sub-8-bit palette images is fixed (images looked stretched). * SVG: Fixed bug which allowed MVG and SVG files with long vector paths to crash the software. * SVG: Ignore XML headers rather than rendering them as text. * MVG/SVG/WMF/-draw: It is now possible to draw a plain \',\' character. * etc., see NEWS.txt
Tue Jul 31 14:00:00 2012 pgajdosAATTsuse.com - fixed PerlMagick/Makefile.PL.in [bnc#771540]
Mon Jun 25 14:00:00 2012 pgajdosAATTsuse.com - updated to 1.3.16: Security Fixes: * Don\'t translate \'comment\' and \'label\' attributes if the request is made while a file is being read. Only translate such attributes if they come from the command line or API user. Bug fixes: * SWT: SWT reader suffered from a number of implementation errors which caused it not to work any more. Works again. * XBM: Fix memory leak observed when reading file in \'ping\' mode. * Support -trim on images which use a consistent (single color) transparent background. In this case, trim is done based on opacity rather than foreground color. * Include in order to assure that \'size_t\' and \'ssize_t\' are declared. This is necessary since MagickExtentImage() uses these types as part of its definition. * +repage was not working because parser was insisting that it should include an argument. (i.e. multiplying rather than dividing). * PerlMagick: Fix compilation with Perl 5.16. * PingBlob(): PingBlob was not working for all cases. Is now based on BlobToImage() for assured reliability. Feature improvements: * MAT: Animated movies inside 4D matrices are loaded now. * PDF: File base name is used as the document title. * PNG: Fix issues observed specifically with libpng 1.5.10. Performance Improvements: * Pixel iterators should be more efficient now if the image uses a file-backed cache. * Motion blur algorithm does scale well as cores are added so include OpenMP support for it by default.
Mon Jun 4 14:00:00 2012 pgajdosAATTsuse.com - added PerlMagick/typemap to build module with perl 5.16; to be removed for 1.4.0
Wed May 2 14:00:00 2012 pgajdosAATTsuse.com - updated to 1.3.15: Bug fixes: * PNG - fixed problem with bit depth when the encoder decides to write RGBA instead of indexed PNG. * Fixed some temporary file leaks which were caused by the temporary file name being automatically extended to include a scene number, and therefore fail to be deleted. New Features: * Added \'+noise random\' and \'-operator noise-random\' to \'convert\' and \'mogrify\'. This modulates the existing image data with uniformely random noise. * Added -strip option in composite, convert, mogrify, and montage to remove all profiles and text attributes from the image. * Added -repage option to composite, convert, mogrify, and montage subcommands to reset or adjust the current image page offsets based on a provided geometry specification. * New C function StripImage() to remove all profiles and text attributes from the image. * New C function ResetImagePage() to adjust the current image page canvas and position based on a relative page specification. * C functions GenerateDifferentialNoise(), AddNoiseImageChannel(), QuantumOperatorRegionImage(), AddNoiseImage() updated to support RandomNoise enumeration. * New C++ Image method strip(), and unary function stripImage() to remove all profiles and text attributes from the image. * XCF format now respects image subimage and subrange members so that returned image layers may be selected. * The INFO coder (e.g. output file \"info:-\") now respects the - format option so that its output may be adjusted identically to how -format works for \'identify\'. * TclMagick now supports Random noise. Feature improvements: * C function ThumbnailImage() now allows the user to override the filter used, but still defaults to using the box filter. Behavior Changes: * No longer add a printf-style scene formatting specification to filenames which do not have one and no longer automatically operate in \'adjoin\' mode in such cases. If multiple numbered files are intended to be output, then add +adjoin to the command line and use an output filename specification similar to \"image-%d.jpg\". Output files are now completely specified and predictable but this may break some existing usages which anticipate the automatic file numbering.
Mon Feb 27 13:00:00 2012 pgajdosAATTsuse.com - updated to 1.3.14: Bug fixes: * TGA format: Assume that 32-bit TGA files have an alpha channel, even if they are not marked as such. * XCF format: Fix reading XCF which is comprised of different sized layers. * JPEG & CineonLog: Convert RGB-compatible colorspaces (e.g. CineonLog) to RGB by default since that was the case prior to release 1.3.13. * RAW formats: Small memory leak in dcraw module was fixed. * Resize: ResizeImage() was ignoring its resize filter argument and was using the filter setting from the Image structure instead. * The mirror virtual pixel method was broken. New Features: * Open64 Compiler Suite: Version 5.0 is fully supported. * Wand API: Added MagickExtentImage(). * MEF RAW: Mamiya Photo RAW \"MEF\" format is now supported. Feature improvements: * DPX format: Original file endianness is preserved by default. Performance Improvements: * Despeckle algorithm (-despeckle) is many times faster. Behavior Changes: * DPX format: Original file endianness is preserved by default.
Tue Dec 27 13:00:00 2011 pgajdosAATTsuse.com - updated to 1.3.13: * In I/O blob, don\'t rewind already open file handle passed to OpenBlob() since we don\'t know the intended state of this file handle, and because it prevents appending to an existing file. * In AppendImageProfile(), don\'t leak profile buffer while appending a chunk to an existing profile. * Fix deadlock in ClonePixelCache() which was caused by using the same semaphore pointer in the source and destination images. * etc. see NEWS.txt - disabled perl.patch
Mon Apr 11 14:00:00 2011 pgajdosAATTsuse.cz - removed dependency of devel packages on the main package [bnc#685755]
Wed Dec 22 13:00:00 2010 neptuniaAATTmail.ru - restoring *-config scripts as in upstream version: their removal breaks older software
Tue Dec 14 13:00:00 2010 cristian.rodriguezAATTopensuse.org - package no longer requires -fno-strict-aliasins - fix -devel package dependencies - run make check - exclude *-config scripts, whatever uses them _must_ use pkgconfig to avoid the mess this scripts create.
Mon Jul 12 14:00:00 2010 pgajdosAATTsuse.cz - added xorg-x11-fonts as runtime dependency [bnc#619103]
Tue Mar 9 13:00:00 2010 pgajdosAATTsuse.cz - updated to version 1.3.12: * Filter mode (write to stdout) was completely broken. * Should now compile with libpng 1.4. * DCX output format is only written on request. Previously the PCX coder would automatically switch to DCX format if multiple frames would be written.
Tue Feb 23 13:00:00 2010 pgajdosAATTsuse.cz - updated to version 1.3.11: * Fixed array underflow on systems using signed char which could result in a program crash due to extended characters in filenames or in certain file formats. * Fixed array underflow on systems using signed char which could result in a program crash due to extended characters in filenames or in certain file formats. * Added a -thumbnail command to \'convert\' and \'mogrify\'. This is a faster way to scale down the image when speed is a primary concern. * Added a -extent command to \'convert\' and \'mogrify\' which composites the image on top of a backing canvas image of solid color. * Added support for -compose to the \'convert\' and \'mogrify\', which were documented to support it (but did not). * Requests for \'Over\' and \'Atop\' composition are converted to a request for the (faster) \'Copy\' composition when both images are opaque.
Mon Feb 15 13:00:00 2010 pgajdosAATTsuse.cz - updated to version 1.3.10: * +adjoin was not working correctly for the case when only one image frame is present. With +adjoin and writing one frame to \"foo%d.jpg\" it was outputting \"foo%d.jpg\" rather than \"foo0.jpg\". * When drawing paths, memory allocation for the points was much larger than it needed to be (patch by Vladimir Lukianov). * To reiterate the change which first appeared in 1.3.9, there is no longer an implicit +adjoin if the output file name happens to contain a %d sequence, or there are multiple frames and the output file format only supports storing one frame. Specify +adjoin if scene number substition is desired in the output file names.
Mon Feb 8 13:00:00 2010 pgajdosAATTsuse.cz - updated to version 1.3.9: * There is no longer an implicit \'adjoin\' if an output filename contains an apparent scene specification (e.g. foo%02d.tiff) and multiple files are not needed to save the image.. It is necessary to use +adjoin. For example ``gm convert foo.pdf +adjoin %02d.tiff``. * For formats which support multiple frames, output with +adjoing to filenames containing a scene specification (e.g. foo%02d.tiff) was resulting in wrong output file names. * -flatten now applies the image background color under the first image in the list if it is not already opaque. * Fix \"double free\" error when using gm import -frame. * XPM does not support RGBA color syntax, so return RGB instead. * The display \'-update\' option was only working in conjunction with the \'-delay\' option with a delay setting of 2 or greater. * -convolve was crashing rather than reporting an error. * Fixed crash if the number of OpenMP threads was reduced from the original value via \'-limit threads\' or omp_set_num_threads(). * -blur was not blurring the opacity channel for solid-color images. * Several deleted global string constants are restored with deprecated status in order to assure that symbols are not removed from the ABI.
Mon Jan 25 13:00:00 2010 pgajdosAATTsuse.cz - updated to version 1.3.8: Security Fixes: * Fix for CVE-2009-1882 \"Integer overflow in the XMakeImage function\". * Fix lockup due to hanging in loop while parsing malformed sub-image specification (SourceForge issue 2886560). * Libltdl: Updated libtool to 2.2.6b in order to fix security issue. Resolves CVE-2009-3736 as it pertains to GraphicsMagick. Bug fixes: * -convolve, -recolor: Validate that user-provided matrix is square when parsing -convolve and -recolor commands in order to avoid a core dump. * CALS: Reading images taller than the image width resulted in a failure. * ConstituteImage(), DispatchImage(): \'A\' and \'T\' should indicate transparency and \'O\' should indicate opacity. Behavior was inconsistent. In some cases \'O\' meant transparency while in other cases it meant opacity. Also, in a few cases, matte was not getting enabled in the image as it should. * DCRAW: Module name was not registered so modules based builds were not supporting formats provided via \'dcraw\'. * GetOptimalKernelWidth1D(), GetOptimalKernelWidth2D(): In the Q32 build, convolution kernel size was estimated incorrectly for large sigmas on 32-bit systems due to arithmetic overflow. This could cause wrong results for -convolve, -blur, -sharpen, and other algorithms which use these functions. etc., see NEWS.txt
Mon Nov 23 13:00:00 2009 pgajdosAATTsuse.cz - updated to version 1.3.7 (see ChangeLog)
Tue Nov 3 13:00:00 2009 cooloAATTnovell.com - updated patches to apply with fuzz=0
Tue Aug 4 14:00:00 2009 pgajdosAATTsuse.cz - updated to 1.2.7: - Bug fixes: * VID: Eliminate memory leak. * montage: Eliminate use of freed memory. * delegates.mgk: Fix hang when co-process is invoked. * identify: Return comment text of any size. * ConvolveImage: Correctly log the convolution kernel used. - Feature improvements: * Convert: Re-implement -write so that it works in a useful fashion. - Performance improvments: * TIFF: Ping mode (\'identify\') is now really fast.
|
|
|