Changelog for
GraphicsMagick-devel-1.3.40-3.1.i586.rpm :
* Thu Mar 02 2023 pgajdosAATTsuse.com- clean up old conditionals
* Tue Feb 07 2023 pgajdosAATTsuse.com- version update to 1.3.40
* GetMagickGeometry(): Fix a scaling issue where dimensions could be scaled down to zero.
* PCD: Handle writing image with a dimension of 1.
* PNG: When writing, use lower-case raw profile identifiers (e.g. \'Raw profile type xmp\') because exiftool expects that.
* SUN: The sense of monochrome images was inverted. Fix scanline size calculation.
* WPG: Fix 20-year old bug in WPG header reading. New Features:
* JXL: Decode and log extra channel information. This information is not yet used.
* PCX and DCX: Support writing uncompressed format (use -compress none for no compression).
* Added IM1, IM8, and IM24 magick aliases for the Sun Raster format since those are the historically correct extensions. API Updates:
* AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed.
* Sun Jan 08 2023 munix9AATTgooglemail.com- version update to 1.3.39 Special Issues:
* GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work. Security Fixes:
* GraphicsMagick is participating in Google\'s oss-fuzz project since February 4 2018 due to the contributions and assistance of Alex Gaynor and Paul Kehrer. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Security Fixes:
* oss-fuzz: Several security fixes originating from oss-fuzz testing.
* ALL: Replace strcpy() with strlcpy(), replace strcat() with strlcat(), replace sprintf() with snprintf(). Prefer using bounded string functions. This change is made for the purpose of increasing safety than to address any existing demonstrated concern. Bug fixes:
* Coverity: Several fixes for issues found by Coverity to reduce the number of reported issues back down to zero.
* Clang Analyzer 12: Fix most discovered issues.
* PNG: Fix possible use of uninitialized \'ping_num_trans\' value in ReadOnePNGImage().
* MinGW: Eliminate overwrite of existing _MSC_VER value in MinGW compile.
* MNG: Fix heap-use-after-free in CloseBlob.
* MNG: Fix indirect leak in MagickMallocCleared().
* PS: Assure that \'bounds\' structure is initialized.
* EPT: Assure that \'bounds\' structure is initialized.
* HEIF: If heif_image_handle_get_metadata_size() returns 0, then carrying on with reading image data.
* configure.ac: Fix Bashism in maintainer-mode check.
* TGA: Remove a defective validation of comment length, which blocked reading some sample TGA files from the \"Encyclopedia Of Graphics File Formats\" book. Monochromatic bilevel TGA can now be read and written. TGA \"Footers\" are now read and used when logging as well as converted to Image attributes.
* WebP: Add configure.ac updates to check for libsharpyuv so that builds with the development version work again.
* Visual Studio Build (VisualMagick): Fix project file generation. Improve portability of code for configure.exe.
* Fixed mixed encoding (non-UTF-8) errors in text and source files.
* DrawPrimitive(): Fix composition using \"0,0\" for image size. This became broken in GraphicsMagick 1.3.36.
* Blob API: Fixed SEEK_END validation. SEEK_END was not used before, but now it is. New Features:
* AVIF: Support reading AVIF via libheif if it supports decoding AVIF (still no writer support).
* LOG: Added function IsEventLogged() to report if a particular event will be logged. Us this as much as possible throughout the software to replace use of IsEventLogging(). This avoids a possible performance hit if any logging is enabled at all and logging statements are executed which are filtered and produce no output.
* FITS: Support storing multiple scenes in one file (non-standard extension).
* JPEG: Optionally enable arithmetic coder in JPG images using \'-define jpeg:arithmetic-coding=true\'.
* JPEG: Add support for reading deep gray images.
* HEIF: Support reading ICC color profiles.
* Produce ASCII armored \".asc\" format GPG signature files.
* Support reading directly from .bz2, .gz, .svgz, and .Z files (without creating a temporary file), if possible. API Updates:
* Magick++: Provide a version of Image::colorMapSize() which is a \'const\' method. Continue to provide the non-const version in order to avoid an ABI change. The compiler should choose the appropriate version. Feature improvements:
* HTML documentation generation based on Docutils is significantly updated and improved.
* PerlMagick: Added more sample input files and changed many reader tests to use hash signature rather than comparison to reduce the distribution size.
* Blob: The ReadBlobString() function has been re-written to perform better when reading from files.
* JXL: The JXL coder is updated to compile with what will likely become JXL 0.8.0. Support for 16-bit \'short\' samples, 16-bit \'float\' samples, and 32-bit float samples added. Support for reading and writing ICC, EXIF, and XMP profiles added.
* MIME: GM \"magick\" to MIME mappings have been added for apng, avif, bmp, ico, and webp (regardless of if they are supported).
* XPM: The XPM reader performance is dramatically improved and is observed to be 32x faster when reading a medium-sized XPM file (e.g. the GraphicsMagick logo).
* XPM: Support reading \"deep\" images with more pallete entries than the maximum colormap size. Windows Delegate Updates/Additions:
* Update bundled libjasper to version 1.900.26. Please note that 4.0.0 is the latest version at this time and fixes a great many security and stability issues which are present in 1.900.26.
* Update bundled libjpeg to version 9e.
* Update bundled libtiff to version 4.5.0. Build Changes:
* MSVC: Added porting function to emulate C\'99 snprintf for MSVC older than 2015.
* MSVC: Successfully compiles using Visual Studio 2008 and 2019. Compiles successfully using Visual Studio 2022 if optimization is disabled (otherwise there is an internal compiler error in effect.c).- Enable JPEG-XL on Tumbleweed.
* Tue Apr 12 2022 pgajdosAATTsuse.com- version update to 1.3.38 Special Issues:
* The FTP site ftp.graphicsmagick.org is now shut down due to a lack of bandwith, extremely abusive users (including from Google and customers of Amazon Web Services), and a lack of support from the user community. Another factor is that FTP support has been removed from popular web browsers. This is very unfortunate since the site served multiple usages, including providing a lot of historical data (e.g. related to PNG) which may not be available elsewhere.
* GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work. Security Fixes:
* GraphicsMagick is participating in Google\'s oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, ??? issues have been opened by oss-fuzz and ?? issues remain open. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Bug fixes:
* Documentation: Generator scripts in \'doc\' directory now produce similar results using GNU sed and Solaris/Illumos sed and don\'t produce warnings.
* JNG: Fixes to error handling to avoid temporary file leaks and avoiding returning a broken image.
* JPEG: Always store embedded profiles in image, even if in \'ping\' mode.
* MAT: Change from using \'int\' for sizes/offsets to using \'size_t\' and check all related calculations for overload.
* MIFF: Fix heap buffer overflow which may be provoked in builds with BZLIB support.
* MogrifyImage() and Magick::Image::trim(): Trim requires NorthWestGravity.
* PICT: Fixed a heap overflow.
* PerlMagick: Fix issue that image fill attribute had its opacity reset to transparent so it could not be usefully set at image scope.
* Test Suite: Fixed portability issue related to \'sed\' which broke utilities/tests/convert.tap test script.
* WPG: Fix incorrect TrX and TrY elements in CTM. New Features:
* Added support for a \'Read\' resource limit (e.g. \'-limit read 5mb\'). This allows the user to specify a hard limit for how much data may be read from a file, read from a pipe, or decompressed from a file (e.g gzip or bzip2) before a hard error is reported. This resource limit is a useful alternative to completely disabling support for compressed files using the --disable-compressed-files option and it provides more protections as well.
* Added support for reading HEIF/HEIC format.
* Added support for reading and writing JPEG XL format.
* Support for JasPer 3.0.0 is completed. Upgrading to JasPer 3.0.0 is strongly recommended due to its many security fixes and integration with GraphicsMagick\'s resource-limited memory allocator.
* PNG: Support the define png:chunk-malloc-max=limit in order to allow reading PNG files which report \"chunk data is too large\" or to reduce the default limit.
* compare: Added support for the \'-compress\' option.
* compare: Added support for the \'-auto-orient\' option. This tries to assure that the two images are right-side up before comparing. API Updates:
* Magick++: Support the new \'ReadResource\' enumeration. Feature improvements:
* JPEG: Implement more efficient way to append JPEG profile chunks.
* Resource Limited Memory: The resource limited memory allocator now maintains useful statistics such as a tally of the total number of octets moved by realloc. Windows Delegate Updates/Additions:
* None Build Changes:
* In maintainer mode, the configure script searches for a GnuPG \'gpg\' program to use for signing snapshot releases and uses this to support PGP-signed development snapshots. Behavior Changes:
* None
* fixes CVE-2022-1270 [bsc#1198351]- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)
* Mon Dec 13 2021 pgajdosAATTsuse.com- version update to 1.3.37
* bug fix release, see NEWS.txt- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)- added sources + GraphicsMagick-1.3.37.tar.xz.sig
* Mon Dec 28 2020 pgajdosAATTsuse.com- version update to 1.3.36 Security Fixes:
* fix issues found by oss-fuzz project
* WPG: Fixes for heap buffer overflow. Bug fixes:
* ConstituteImage(): Set image depth appropriately based on the storage size specified by StorageType and QuantumDepth.
* GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme fuzz values could produce an image with negative width.
* ImageToFile(): Improve error handling to avoid possible deferred deletion of temporary files, causing unexpected excessive use of temporary file space.
* JNG: Add validations for alpha compression method values and use this information to enforce decoding using the appropriate sub-format (rather than auto-detecting the format). Also, address memory leaks which may occur if the sub-decoder does something other than was expected.
* MagickCondSignal(): Improvements to conditional signal handler registration (which avoids over-riding signal handlers previously registered by an API user).
* ModifyCache(): Fix memory leak.
* ReadCacheIndexes(): Don\'t blunder into accessing a null pointer if the using code has ignored a previous error report bubled-up from SetNexus().
* MNG: When doing image scaling and the image width or height is 1 then always use simple pixel replication as per the MNG specification.
* MVG: Fixes to \'push clip-path foo\' and \'pop clip-path foo\' parsing to eliminate a class of malign behavior.
* MVG: Place an aribrary limit on stroke dash polygon unit maximum length in order to avoid possibly rendering \"forever\".
* PCL: No longer attempt to handle reading HP PCL format via the external \'hp2xx\' program since it seems worthless for that task.
* PS: Fix corrupt image when writing PseudoClass image with a colormap larger than two entries as bilevel.
* SVG: Memory leak fixes.
* SVG reader: Now support \'ping\' support so the identify command works as expected.
* TIFF: WEBP compression only supports a depth of 8 so force that value.
* Wand MagickSetSamplingFactors(): Correct formatting of sampling factors string. New Features:
* Logging is now fully programmable.
* DPX format: Support dpx:swap-samples-read define which behaves similar to dpx:swap-samples, but is only applied when reading, as well as dpx:swap-samples-write, which is only applied when writing. This provides for use when there is both reading and writing in the same operation (otherwise the final result was no effect!). API Updates:
* magick/api.h: Add \"magick/enum_strings.h\" to API headers.
* New log settings accessor C functions: SetLogDefaultFileName(), SetLogDefaultFormat(), SetLogDefaultOutputType(), SetLogDefaultLogMethod(), SetLogDefaultLimit(), SetLogDefaultGenerations(), SetLogDefaultEventType(). These functions allow a program to set the same parameters which may be set by loading a \"log.mgk\" function. If a default logging callback was provided via SetLogDefaultLogMethod() such that MethodOutput is used, then the search for a \"log.mgk\" is avoided entirely.
* New log settings accessor C++ functions: SetLogDefaultFileName(), SetLogDefaultFormat(), SetLogDefaultOutputType(), SetLogDefaultLogMethod(), SetLogDefaultLimit(), SetLogDefaultGenerations(), SetLogDefaultEventType(). These C++ functions just pass through to the equivalent C functions and provide the same benefits.
* A simple resource-limit respecting memory allocator has been developed for internal use wherever arbitrarily-large amounts of memory might be requested. This will gradually be added wherever it appears to be needed. The memory resource limits are at the overall process level. The MVG/SVG rendering code is updated to use this new allocator. Almost all of the coders (image format readers/writers) have now been updated to use this new allocator. This means that \'-limit memory 300MB\' would be more complete and meaningful now. Temporary allocations by the image processing algorithms (other than for the images themselves) are still not accounted for in the resource limiting.
* MVG Renderer / DrawImage(): Use resource-limit respecting memory allocators for remaining large memory allocations.
* PNG writer: Don\'t skip optional Exif identifier code if it isn\'t present.
* DPX reader/writer: decode/encode of 10-bit packed DPX is now twice as fast due to code simplification.
* TIFF reader: Apply the same resource limits to TIFF tile sizes as apply to the image itself.- deleted patches - GraphicsMagick-CVE-2020-12672.patch (upstreamed)
* Tue Aug 25 2020 Callum Farmer
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Tue Jun 02 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-12672 [bsc#1171271], heap-based buffer overflow in ReadMNGImage in coders/png.c. + GraphicsMagick-CVE-2020-12672.patch
* Wed Mar 25 2020 pgajdosAATTsuse.com- version update to 1.3.35 Special Issues:
* It has been discovered that the \'ICU\' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize the \'ICU\' library is often longer than the time that GraphicsMagick would otherwise require to read the input file, process the image, and write the output file. If the \'ICU\' dependency can not be avoided, then make sure to use the modules build so there is only impact for file formats which require libxml2. Please lobby the \'ICU\' library developers to change their implementation to avoid long start-up times due to merely linking with the library. Security Fixes:
* GraphicsMagick is now participating in Google\'s oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 398 issues have been opened by oss-fuzz (some of which were benign build issues) and 11 issues remain open. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Bug fixes:
* Fix broken definition of ResourceInfinity which resulted in that GetMagickResource() would return -1 rather than the maximum range value for the return type as documented. (problem added by the 1.3.32 release).
* ModifyCache(): Re-open the pixel cache if the cache rows/columns do not match the owning image rows/columns.
* Fix DisplayImages() return status. The return status was inverted.
* HISTOGRAM: Histogram once again includes the histogram as a text comment. This became broken by previous security fixes.
* PICT: Fixed heap buffer overuns reported multiple sources.
* JNG: Detect when JPEG encoder has failed and throw an exception.
* MVG/DrawImage(): Performs even more parsing validations.
* Clang static analyzer fixes: A great many fixes were made based on problem reports by the Clang static analyzer.
* Visual Studio static analyzer fixes: A great many fixes were made based on problem reports by the Visual Studio 2019 static analyzer. Many of these may improve the robustness of 64-bit code. New Features:
* GRADIENT/GradientImage(): Improved accuracy of gradient levels as well as dramaticaly improving performance. Output PseudoClass images if we can. Add support for using the image \'gravity\' attribute as well as the \"gradient:direction\" definition to produce gradient vector directions corresponding to SouthGravity (the previously-existing default), NorthGravity, WestGravity, EastGravity, NorthWestGravity, NorthEastGravity, SouthWestGravity, and SouthEastGravity. API Updates:
* InitializeMagickEx(): New function which may be used in place of InitializeMagick() to initialize GraphicsMagick. This initialization function returns an error status value, may update a passed ExceptionInfo structure with error information, and provides an options parameter which supports simple bit-flags to tailor initialization. The signal handler registrations are skipped if the MAGICK_OPT_NO_SIGNAL_HANDER flag is set in the options. Feature improvements:
* Replace use of non-reentrant legacy POSIX functions with reentrant equivalents.
* Timing of image reads should now be very accurate. The timer was sometimes not stopped as soon as it should be.
* PICT: The PICT reader is working pretty good now. It handles all the PICT image files I have available to me. Behavior Changes:
* POSIX Signals: Use the normal termination signal handler for SIGXCPU and SIGXFSZ so that ulimit or setrlimit(2) may be used to apply CPU (RLIMIT_CPU) and output file size (RLIMIT_FSIZE) limits with the normal cleanup, and without dumping core. Note that any output files currently being written may be truncated and files being written by external programs (e.g. Ghostscript) might be left behind unless they are to a temporary file assigned by GraphicsMagick.
* Some private string and integer constants were removed from the apparent library ABI. Some private functions were marked static and removed from the apparent library ABI. This is mentioned because someone is sure to notice and be concerned about it.
* The remaining private content in installed header files was moved into -private.h header files which are not installed. This should not be cause for concern but is mentiond because someone is sure to notice and be concerned about it.
* Mon Jan 06 2020 Stefan BrĂ¼ns - Remove xorg-x11-fonts runtime Requires, gm display no longer fails when it is missing (see boo#619103).- Cleanup, replace $RPM_OPT_FLAGS with %optflags
* Sat Jan 04 2020 Arjen de Korte - Revert the change to relinquish resources used by OpenMP on all devices. There are concerns upstream that this might break applications that use OpenMP too and suddenly find their threads closed (remove GraphicsMagick-wait-for-threads-close.patch)
* Thu Jan 02 2020 Arjen de Korte - Due to a broken check, it wasn\'t noticed the typemap file is already provided in the source archive (removed typemap)