SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libGraphicsMagickWand-Q16-2-1.3.43-lp155.187.4.x86_64.rpm :

* Mon Mar 25 2024 pgajdosAATTsuse.com- version update to 1.3.43 Bug fixes:
* JBIG: Add support for \'width\', \'height\', and \'pixels\', resource limits. Your mileage may vary.
* WPG: Many fixes based on oss-fuzz testing.
* Ghostscript: When invoking Ghostscript, re-direct Ghostscript stdout to stderr to avoid output corruption when GM stdout is redirected to a file. New Features:
* File write limit: Add support for a per-file write limit (-limit write or MAGICK_LIMIT_WRITE). This imposes a limit on the number of uncompressed bytes written. The behavior when the limit is hit is similar to an unexpected write error, as if the disk is full.
* Resource limit highwater: Resource highwater values are maintained for successful resource requests and final values are traced via -debug resource\' at the end of program execution. These values may be used to understand the most restrictive resource limits which may be applied while still achieving successful operation.
* BMP: Support BI_PNG compression (PNG inside BMP).
* BMP: Support reading 64 bits-per-pixel.
* BMP: Support reading 48 bits-per-pixel.
* HEIF: Call heif_init() and heif_deinit() if they are available. Support setting image width limit.
* HRZ: Added support for Slow scan TV format.
* JPEG: Added support for reading and writing lossy or lossless 12 bits, and lossless 16-bits using libjpeg-turbo-3.0
* JXL: Improve JXL reader/writer exception information.
* TIFF: Remove miniswhite/minisblack prohibitions when using Group3 and Group4 compression in order to allow using inverted photometric from the standard.
* TIFF: Store EXIF IFD and GPS IFD tag information natively in TIFF sub-IFDs, the same as it would be produced in a camera supporting TIFF. This allows an EXIF profile from HEIF, JPEG, JXL, PNG, WebP, or from the META coder to be preserved in TIFF. API Updates:
* ExpandFilenames(): Fix memory leak of existing allocations if realloc() fails.- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)
* Mon Jan 29 2024 pgajdosAATTsuse.com- ghostscript-fonts-std: relax to recommends [bsc#1216604]
* Thu Oct 26 2023 Dominique Leuenberger - Have libGraphicsMagick3-config require ghostscript-fonts-std (boo#1216604).
* Mon Oct 02 2023 pgajdosAATTsuse.com- version update to 1.3.42 Bug fixes:
* TIFF: Default the alpha channel to type EXTRASAMPLE_UNASSALPHA(2).
* BMP: Many fixes for reading esoteric BMP sub-formats.
* TranslateTextEx(): Revert change so now a NULL pointer is returned when given an empty string. Some algorithms (e.g. montage) were depending on this!.
* PAM: Fix reading comments.
* PNG: Added Add missing module aliases \"PNG00\", \"PNG48\", \"PNG64\", so it is again possible to request these subformats directly.
* TIFF: For common formats with the required number of channels, but one is an \'unspecified\' channel, promote unspecified alpha to unassociated alpha so that the alpha channel is not ignored.
* \"Magick\" command line emulation: Eliminate duplicate utility name output in error messages New Features:
* BMP: Added the ability to read and write BMP using JPEG compression. Use \'-define bmp:allow-jpeg\' to allow use of JPEG compression.
* BMP: Added support for BI_ALPHABITFIELDS compression
* BMP: Added support for reading BMP with PNG compression.- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)- deleted patches - strlcpy-wrong-sizing.patch (upstreamed)
* Fri Sep 01 2023 pgajdosAATTsuse.com- revert to 1.3.40 [bsc#1214831] https://sourceforge.net/p/graphicsmagick/news/2023/08/because-1341-is-discarded-i-has-been-published-2-builds-for-win32-architecture/- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)- deleted patches - GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch (not needed) - GraphicsMagick-name-key-return-input-file-base-name.patch (not needed)
* Mon Aug 28 2023 pgajdosAATTsuse.com- fix regression in 1.3.41 https://sourceforge.net/p/graphicsmagick/bugs/722/- added patches fix 17179:91afa18a6161 + GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch fix 17180:bb42cd90ce6f + GraphicsMagick-name-key-return-input-file-base-name.patch
* Thu Aug 24 2023 pgajdosAATTsuse.com- version update to 1.3.41 Bug fixes:
* Blob: Immediately reject attempts to write blobs to formats which can not support blobs.
* TranslateTextEx(): An empty string argument should return an empty string rather than a NULL string.
* SetImageAttribute(): Fix bounds issue when concatenating string.
* JPEG: Do not set image resolution if the values provided are outside of the valid range.
* Fixes for NaN when reading formats based on floating point.
* HEIF: Fix reading images with rotation/transformation.
* BMP: Do not decode primaries or gamma unless colorspace is LCS_CALIBRATED_RGB. Add/correct bmp_info.size \"biSize\" logic which decides if header chunks are present (or invalid).
* MNG: Fixes for resizing using X_method 5.
* GM command (convert, montage, mogrify): Many command-line parser fixes/checks for invalid command line syntax which causes unexpected behavior, or core dumps.
* TopoL: Given that a writer is now provided, issues found in the reader (and writer) due to continual fuzz-testing have been fixed, as encountered.
* GetImageClippingPathAttribute(): Check for and use clipping path name (ID=2999) to get the real attribute name.
* ReadIPTCProfile(): Fix malformed IPTC data parsing. New Features:
* TopoL: Now provides a writer.
* WPG: Now provides a writer.
* gm batch: Implement simple Test Anything Protocol (TAP) test counting and \"ok N\"/\"not ok N\" messaging.
* TIFF: Support \'-define tiff:photometric=minisblack\' and \'-define tiff:photometric=miniswhite\' to be able to adjust the sense used when writing bilevel TIFF images.
* TIFF: Require that TIFFTAG_EXTRASAMPLES be used appropriately to indicate the intention of extra channels.
* utilities/tests/gen-tiff-images/genimages: Script for writing (and then reading) thousands (5568 permutations) of TIFF format variants.
* EXIF and PNG: Retrieve image orientation from EXIF (if present) and store in image.
* HEIF: Retrieve image orientation from EXIF and store in image. Behavior Changes:
* The ability to extend existing image attribute text by calling SetImageAttribute() multiple times with the same key is now deprecated, and will soon be removed. In the mean time, the annoying message \"SetImageAttribute: Extending attribute value text is deprecated!\" is printed to the standard error output to help expose code which is using this feature.- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)- deleted patches - strlcpy-wrong-sizing.patch (upstreamed)
* Tue Aug 08 2023 Dirk Müller - add strlcpy-wrong-sizing.patch: fix incorrect usages of strlcpy and strlcat detected by glibc 2.38\'s fortify
* Thu Mar 02 2023 pgajdosAATTsuse.com- clean up old conditionals
* Tue Feb 07 2023 pgajdosAATTsuse.com- version update to 1.3.40
* GetMagickGeometry(): Fix a scaling issue where dimensions could be scaled down to zero.
* PCD: Handle writing image with a dimension of 1.
* PNG: When writing, use lower-case raw profile identifiers (e.g. \'Raw profile type xmp\') because exiftool expects that.
* SUN: The sense of monochrome images was inverted. Fix scanline size calculation.
* WPG: Fix 20-year old bug in WPG header reading. New Features:
* JXL: Decode and log extra channel information. This information is not yet used.
* PCX and DCX: Support writing uncompressed format (use -compress none for no compression).
* Added IM1, IM8, and IM24 magick aliases for the Sun Raster format since those are the historically correct extensions. API Updates:
* AppendImageToList() now updates the image list pointer to be the image which was just added. Use GetFirstImageInList() when the pointer to the first image in the list is needed.
* Sun Jan 08 2023 munix9AATTgooglemail.com- version update to 1.3.39 Special Issues:
* GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work. Security Fixes:
* GraphicsMagick is participating in Google\'s oss-fuzz project since February 4 2018 due to the contributions and assistance of Alex Gaynor and Paul Kehrer. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Security Fixes:
* oss-fuzz: Several security fixes originating from oss-fuzz testing.
* ALL: Replace strcpy() with strlcpy(), replace strcat() with strlcat(), replace sprintf() with snprintf(). Prefer using bounded string functions. This change is made for the purpose of increasing safety than to address any existing demonstrated concern. Bug fixes:
* Coverity: Several fixes for issues found by Coverity to reduce the number of reported issues back down to zero.
* Clang Analyzer 12: Fix most discovered issues.
* PNG: Fix possible use of uninitialized \'ping_num_trans\' value in ReadOnePNGImage().
* MinGW: Eliminate overwrite of existing _MSC_VER value in MinGW compile.
* MNG: Fix heap-use-after-free in CloseBlob.
* MNG: Fix indirect leak in MagickMallocCleared().
* PS: Assure that \'bounds\' structure is initialized.
* EPT: Assure that \'bounds\' structure is initialized.
* HEIF: If heif_image_handle_get_metadata_size() returns 0, then carrying on with reading image data.
* configure.ac: Fix Bashism in maintainer-mode check.
* TGA: Remove a defective validation of comment length, which blocked reading some sample TGA files from the \"Encyclopedia Of Graphics File Formats\" book. Monochromatic bilevel TGA can now be read and written. TGA \"Footers\" are now read and used when logging as well as converted to Image attributes.
* WebP: Add configure.ac updates to check for libsharpyuv so that builds with the development version work again.
* Visual Studio Build (VisualMagick): Fix project file generation. Improve portability of code for configure.exe.
* Fixed mixed encoding (non-UTF-8) errors in text and source files.
* DrawPrimitive(): Fix composition using \"0,0\" for image size. This became broken in GraphicsMagick 1.3.36.
* Blob API: Fixed SEEK_END validation. SEEK_END was not used before, but now it is. New Features:
* AVIF: Support reading AVIF via libheif if it supports decoding AVIF (still no writer support).
* LOG: Added function IsEventLogged() to report if a particular event will be logged. Us this as much as possible throughout the software to replace use of IsEventLogging(). This avoids a possible performance hit if any logging is enabled at all and logging statements are executed which are filtered and produce no output.
* FITS: Support storing multiple scenes in one file (non-standard extension).
* JPEG: Optionally enable arithmetic coder in JPG images using \'-define jpeg:arithmetic-coding=true\'.
* JPEG: Add support for reading deep gray images.
* HEIF: Support reading ICC color profiles.
* Produce ASCII armored \".asc\" format GPG signature files.
* Support reading directly from .bz2, .gz, .svgz, and .Z files (without creating a temporary file), if possible. API Updates:
* Magick++: Provide a version of Image::colorMapSize() which is a \'const\' method. Continue to provide the non-const version in order to avoid an ABI change. The compiler should choose the appropriate version. Feature improvements:
* HTML documentation generation based on Docutils is significantly updated and improved.
* PerlMagick: Added more sample input files and changed many reader tests to use hash signature rather than comparison to reduce the distribution size.
* Blob: The ReadBlobString() function has been re-written to perform better when reading from files.
* JXL: The JXL coder is updated to compile with what will likely become JXL 0.8.0. Support for 16-bit \'short\' samples, 16-bit \'float\' samples, and 32-bit float samples added. Support for reading and writing ICC, EXIF, and XMP profiles added.
* MIME: GM \"magick\" to MIME mappings have been added for apng, avif, bmp, ico, and webp (regardless of if they are supported).
* XPM: The XPM reader performance is dramatically improved and is observed to be 32x faster when reading a medium-sized XPM file (e.g. the GraphicsMagick logo).
* XPM: Support reading \"deep\" images with more pallete entries than the maximum colormap size. Windows Delegate Updates/Additions:
* Update bundled libjasper to version 1.900.26. Please note that 4.0.0 is the latest version at this time and fixes a great many security and stability issues which are present in 1.900.26.
* Update bundled libjpeg to version 9e.
* Update bundled libtiff to version 4.5.0. Build Changes:
* MSVC: Added porting function to emulate C\'99 snprintf for MSVC older than 2015.
* MSVC: Successfully compiles using Visual Studio 2008 and 2019. Compiles successfully using Visual Studio 2022 if optimization is disabled (otherwise there is an internal compiler error in effect.c).- Enable JPEG-XL on Tumbleweed.
* Tue Apr 12 2022 pgajdosAATTsuse.com- version update to 1.3.38 Special Issues:
* The FTP site ftp.graphicsmagick.org is now shut down due to a lack of bandwith, extremely abusive users (including from Google and customers of Amazon Web Services), and a lack of support from the user community. Another factor is that FTP support has been removed from popular web browsers. This is very unfortunate since the site served multiple usages, including providing a lot of historical data (e.g. related to PNG) which may not be available elsewhere.
* GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work. Security Fixes:
* GraphicsMagick is participating in Google\'s oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, ??? issues have been opened by oss-fuzz and ?? issues remain open. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Bug fixes:
* Documentation: Generator scripts in \'doc\' directory now produce similar results using GNU sed and Solaris/Illumos sed and don\'t produce warnings.
* JNG: Fixes to error handling to avoid temporary file leaks and avoiding returning a broken image.
* JPEG: Always store embedded profiles in image, even if in \'ping\' mode.
* MAT: Change from using \'int\' for sizes/offsets to using \'size_t\' and check all related calculations for overload.
* MIFF: Fix heap buffer overflow which may be provoked in builds with BZLIB support.
* MogrifyImage() and Magick::Image::trim(): Trim requires NorthWestGravity.
* PICT: Fixed a heap overflow.
* PerlMagick: Fix issue that image fill attribute had its opacity reset to transparent so it could not be usefully set at image scope.
* Test Suite: Fixed portability issue related to \'sed\' which broke utilities/tests/convert.tap test script.
* WPG: Fix incorrect TrX and TrY elements in CTM. New Features:
* Added support for a \'Read\' resource limit (e.g. \'-limit read 5mb\'). This allows the user to specify a hard limit for how much data may be read from a file, read from a pipe, or decompressed from a file (e.g gzip or bzip2) before a hard error is reported. This resource limit is a useful alternative to completely disabling support for compressed files using the --disable-compressed-files option and it provides more protections as well.
* Added support for reading HEIF/HEIC format.
* Added support for reading and writing JPEG XL format.
* Support for JasPer 3.0.0 is completed. Upgrading to JasPer 3.0.0 is strongly recommended due to its many security fixes and integration with GraphicsMagick\'s resource-limited memory allocator.
* PNG: Support the define png:chunk-malloc-max=limit in order to allow reading PNG files which report \"chunk data is too large\" or to reduce the default limit.
* compare: Added support for the \'-compress\' option.
* compare: Added support for the \'-auto-orient\' option. This tries to assure that the two images are right-side up before comparing. API Updates:
* Magick++: Support the new \'ReadResource\' enumeration. Feature improvements:
* JPEG: Implement more efficient way to append JPEG profile chunks.
* Resource Limited Memory: The resource limited memory allocator now maintains useful statistics such as a tally of the total number of octets moved by realloc. Windows Delegate Updates/Additions:
* None Build Changes:
* In maintainer mode, the configure script searches for a GnuPG \'gpg\' program to use for signing snapshot releases and uses this to support PGP-signed development snapshots. Behavior Changes:
* None
* fixes CVE-2022-1270 [bsc#1198351]- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)
* Mon Dec 13 2021 pgajdosAATTsuse.com- version update to 1.3.37
* bug fix release, see NEWS.txt- modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed)- added sources + GraphicsMagick-1.3.37.tar.xz.sig
* Mon Dec 28 2020 pgajdosAATTsuse.com- version update to 1.3.36 Security Fixes:
* fix issues found by oss-fuzz project
* WPG: Fixes for heap buffer overflow. Bug fixes:
* ConstituteImage(): Set image depth appropriately based on the storage size specified by StorageType and QuantumDepth.
* GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme fuzz values could produce an image with negative width.
* ImageToFile(): Improve error handling to avoid possible deferred deletion of temporary files, causing unexpected excessive use of temporary file space.
* JNG: Add validations for alpha compression method values and use this information to enforce decoding using the appropriate sub-format (rather than auto-detecting the format). Also, address memory leaks which may occur if the sub-decoder does something other than was expected.
* MagickCondSignal(): Improvements to conditional signal handler registration (which avoids over-riding signal handlers previously registered by an API user).
* ModifyCache(): Fix memory leak.
* ReadCacheIndexes(): Don\'t blunder into accessing a null pointer if the using code has ignored a previous error report bubled-up from SetNexus().
* MNG: When doing image scaling and the image width or height is 1 then always use simple pixel replication as per the MNG specification.
* MVG: Fixes to \'push clip-path foo\' and \'pop clip-path foo\' parsing to eliminate a class of malign behavior.
* MVG: Place an aribrary limit on stroke dash polygon unit maximum length in order to avoid possibly rendering \"forever\".
* PCL: No longer attempt to handle reading HP PCL format via the external \'hp2xx\' program since it seems worthless for that task.
* PS: Fix corrupt image when writing PseudoClass image with a colormap larger than two entries as bilevel.
* SVG: Memory leak fixes.
* SVG reader: Now support \'ping\' support so the identify command works as expected.
* TIFF: WEBP compression only supports a depth of 8 so force that value.
* Wand MagickSetSamplingFactors(): Correct formatting of sampling factors string. New Features:
* Logging is now fully programmable.
* DPX format: Support dpx:swap-samples-read define which behaves similar to dpx:swap-samples, but is only applied when reading, as well as dpx:swap-samples-write, which is only applied when writing. This provides for use when there is both reading and writing in the same operation (otherwise the final result was no effect!). API Updates:
* magick/api.h: Add \"magick/enum_strings.h\" to API headers.
* New log settings accessor C functions: SetLogDefaultFileName(), SetLogDefaultFormat(), SetLogDefaultOutputType(), SetLogDefaultLogMethod(), SetLogDefaultLimit(), SetLogDefaultGenerations(), SetLogDefaultEventType(). These functions allow a program to set the same parameters which may be set by loading a \"log.mgk\" function. If a default logging callback was provided via SetLogDefaultLogMethod() such that MethodOutput is used, then the search for a \"log.mgk\" is avoided entirely.
* New log settings accessor C++ functions: SetLogDefaultFileName(), SetLogDefaultFormat(), SetLogDefaultOutputType(), SetLogDefaultLogMethod(), SetLogDefaultLimit(), SetLogDefaultGenerations(), SetLogDefaultEventType(). These C++ functions just pass through to the equivalent C functions and provide the same benefits.
* A simple resource-limit respecting memory allocator has been developed for internal use wherever arbitrarily-large amounts of memory might be requested. This will gradually be added wherever it appears to be needed. The memory resource limits are at the overall process level. The MVG/SVG rendering code is updated to use this new allocator. Almost all of the coders (image format readers/writers) have now been updated to use this new allocator. This means that \'-limit memory 300MB\' would be more complete and meaningful now. Temporary allocations by the image processing algorithms (other than for the images themselves) are still not accounted for in the resource limiting.
* MVG Renderer / DrawImage(): Use resource-limit respecting memory allocators for remaining large memory allocations.
* PNG writer: Don\'t skip optional Exif identifier code if it isn\'t present.
* DPX reader/writer: decode/encode of 10-bit packed DPX is now twice as fast due to code simplification.
* TIFF reader: Apply the same resource limits to TIFF tile sizes as apply to the image itself.- deleted patches - GraphicsMagick-CVE-2020-12672.patch (upstreamed)
* Tue Aug 25 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Tue Jun 02 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-12672 [bsc#1171271], heap-based buffer overflow in ReadMNGImage in coders/png.c. + GraphicsMagick-CVE-2020-12672.patch
* Wed Mar 25 2020 pgajdosAATTsuse.com- version update to 1.3.35 Special Issues:
* It has been discovered that the \'ICU\' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize the \'ICU\' library is often longer than the time that GraphicsMagick would otherwise require to read the input file, process the image, and write the output file. If the \'ICU\' dependency can not be avoided, then make sure to use the modules build so there is only impact for file formats which require libxml2. Please lobby the \'ICU\' library developers to change their implementation to avoid long start-up times due to merely linking with the library. Security Fixes:
* GraphicsMagick is now participating in Google\'s oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 398 issues have been opened by oss-fuzz (some of which were benign build issues) and 11 issues remain open. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Bug fixes:
* Fix broken definition of ResourceInfinity which resulted in that GetMagickResource() would return -1 rather than the maximum range value for the return type as documented. (problem added by the 1.3.32 release).
* ModifyCache(): Re-open the pixel cache if the cache rows/columns do not match the owning image rows/columns.
* Fix DisplayImages() return status. The return status was inverted.
* HISTOGRAM: Histogram once again includes the histogram as a text comment. This became broken by previous security fixes.
* PICT: Fixed heap buffer overuns reported multiple sources.
* JNG: Detect when JPEG encoder has failed and throw an exception.
* MVG/DrawImage(): Performs even more parsing validations.
* Clang static analyzer fixes: A great many fixes were made based on problem reports by the Clang static analyzer.
* Visual Studio static analyzer fixes: A great many fixes were made based on problem reports by the Visual Studio 2019 static analyzer. Many of these may improve the robustness of 64-bit code. New Features:
* GRADIENT/GradientImage(): Improved accuracy of gradient levels as well as dramaticaly improving performance. Output PseudoClass images if we can. Add support for using the image \'gravity\' attribute as well as the \"gradient:direction\" definition to produce gradient vector directions corresponding to SouthGravity (the previously-existing default), NorthGravity, WestGravity, EastGravity, NorthWestGravity, NorthEastGravity, SouthWestGravity, and SouthEastGravity. API Updates:
* InitializeMagickEx(): New function which may be used in place of InitializeMagick() to initialize GraphicsMagick. This initialization function returns an error status value, may update a passed ExceptionInfo structure with error information, and provides an options parameter which supports simple bit-flags to tailor initialization. The signal handler registrations are skipped if the MAGICK_OPT_NO_SIGNAL_HANDER flag is set in the options. Feature improvements:
* Replace use of non-reentrant legacy POSIX functions with reentrant equivalents.
* Timing of image reads should now be very accurate. The timer was sometimes not stopped as soon as it should be.
* PICT: The PICT reader is working pretty good now. It handles all the PICT image files I have available to me. Behavior Changes:
* POSIX Signals: Use the normal termination signal handler for SIGXCPU and SIGXFSZ so that ulimit or setrlimit(2) may be used to apply CPU (RLIMIT_CPU) and output file size (RLIMIT_FSIZE) limits with the normal cleanup, and without dumping core. Note that any output files currently being written may be truncated and files being written by external programs (e.g. Ghostscript) might be left behind unless they are to a temporary file assigned by GraphicsMagick.
* Some private string and integer constants were removed from the apparent library ABI. Some private functions were marked static and removed from the apparent library ABI. This is mentioned because someone is sure to notice and be concerned about it.
* The remaining private content in installed header files was moved into -private.h header files which are not installed. This should not be cause for concern but is mentiond because someone is sure to notice and be concerned about it.
* Mon Jan 06 2020 Stefan Brüns - Remove xorg-x11-fonts runtime Requires, gm display no longer fails when it is missing (see boo#619103).- Cleanup, replace $RPM_OPT_FLAGS with %optflags
* Sat Jan 04 2020 Arjen de Korte - Revert the change to relinquish resources used by OpenMP on all devices. There are concerns upstream that this might break applications that use OpenMP too and suddenly find their threads closed (remove GraphicsMagick-wait-for-threads-close.patch)
* Thu Jan 02 2020 Arjen de Korte - Due to a broken check, it wasn\'t noticed the typemap file is already provided in the source archive (removed typemap)
* Sun Dec 29 2019 Arjen de Korte - Relinquish resources used by OpenMP on all devices (GCC >= 9) + GraphicsMagick-wait-for-threads-close.patch- Set configure options to what is actually build
* Fri Dec 27 2019 Arjen de Korte - version update to 1.3.34
* DPS: Eliminate a memory leak.
* Debug Trace: Only output text to terminate an XML format log file if XML format is active.
* EXIF Parser: Detect non-terminal parsing and report an error.
* EXIF Parser: Eliminate heap buffer overflows.
* HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.
* MAT: Implement subimage/subrange support.
* MVG: Address non-terminal loops, excessive run-time, thrown assertions, divide-by-zero, heap overflow, and memory leaks.
* OpenModule(): Now properly case-insensitive, as it used to be.
* PCX: Verify that pixel region is not negative. Assure that opacity channel is initialized to opaqueOpacity. Update DirectClass representation while PseudoClass representation is updated. Improve read performance with uncompressed PCX.
* PICT: Fix heap overflow in PICT writer.
* PNG: Fix validation of raw profile length.
* PNG: Skip coalescing layers if there is only one layer.
* PNM: Fix denial of service opportunity by limiting the length of PNM comment text.
* WPG: Avoid Avoid dereferencing a null pointer.
* WPG: Implement subimage/subrange support.
* WPG: Improve performance when reading an embedded image.
* Wand library: In MagickClearException(), destroy any existing exception info before re-initializing the exception info or else there will be a memory leak.
* XPM: Rquire that image properties appear in the first 512 bytes of the XPM file header.
* Compliles clean using GCC 9.
* Python scripts related to the build (enabled by --enable-maintainer-mode) are now compatible with Python 3.
* Now supports using Google gperftools tcmalloc library for the memory allocator. This improves performance for certain repetitive work-loads and heavily-threaded algorithms.
* Configure now reports the status of zstd (FaceBook Zstandard) compression in its configuration summary.
* TclMagick: Address many issues mentioned by SourceForge issue #420 \"TclMagick issues and patch\".
* PNG: Post-processing to convert the image type in the PNG reader based on a specified magick prefix string is now disabled. This can (and should) be done after the image has been returned.
* Trace Logging: The compiled-in logging default is always to stderr, which may be over-ridden using log.mgk as soon as it is loaded.
* Tue Oct 08 2019 pgajdosAATTsuse.com- version update to 1.3.33
* It has been discovered that the \'ICU\' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize is often longer than the time to read the input file, process the image, and write the output file. If the \'ICU\' dependency can not be avoided, then make sure to use the modules build. Please lobby the \'ICU\' library developers to change their implementation to avoid long start-up times due to merely linking with the library.
* GraphicsMagick is now participating in Google\'s oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 353 issues have been opened by oss-fuzz and 338 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.
* Documentation has been added regarding security hazards due to commands which support a \'AATTfilename\' syntax.
* MontageImages(): Fix wrong length argument to strlcat() when building montage directory, which could allow heap overwrite.
* PNG: Pass correct size value to strlcat() in module registration code. This bug is noticed to cause problems for Apple\'s OS X and Linux Alpine with musl libc. This fixes a regression introduced by the 1.3.32 release.
* Re-implement command-line utility `\'AATT\'` file inclusion support for `-comment`, `-draw`, `-format`, and `-label` which was removed for the 1.3.32 release. The new implementation is isolated to command-line utility implementation code rather than being deeply embedded in the library and exposed in other usage contexts. This fixes a regression introduced by the 1.3.32 release.
* CAPTION: The The CAPTION reader did not appear to work at all any more. Now it works again, but still not very well.
* MagickXDisplayImage(): Fix heap overwrite of windows->image.name and windows->image.icon_name buffers. This bug has surely existed since early GraphicsMagick releases.
* MagickXAnimateImages(): Fix memory leak of scene_info.pixels.
* AcquireTemporaryFileDescriptor(): Fix compilation under Cygwin. This fixes a regression introduced by the 1.3.32 release.
* PNG: Fix saving to palette when mage has an alpha channel but no color is marked as transparent.
* Compilation warnings in the Visual Studio WIN64 build due to the \'long\' type being only 32-bits have been addressed.
* Wed Aug 21 2019 pgajdosAATTsuse.com- drop JPEG2000 support [bsc#1144240]
* Mon Jul 15 2019 Stefan Brüns - Cleanup BuildRequires:
* Remove ghostscript-library (support removed upstream)
* Use ghostscript-mini (sufficient for path and feature detection) instead of full ghostscript (implicitly added by ghostscript-library)
* Remove ghostscript-fonts-other (unused).
* Tue Jun 18 2019 pgajdosAATTsuse.com- version update to 1.3.32 New Features:
* Added support for writing the Braille image format (by Samuel Thibault).
* WebP writer: Support WebP \'use_sharp_yuv\' option (\"if needed, use sharp (and slow) RGB->YUV conversion\") via `-define webp:use-sharp-yuv=true`.
* The version command output now reports the OpenMP specification number rather than just the integer version identifier. API Updates:
* ReallocateImageColormap() added to re-allocate an existing colormap.
* Some improperly-exposed globals are now static as they should have been.
* The \'benchmark\' command now shows 6 digits (microseconds) of elapsed time indication.
* The \'time\' command now shows 6 digits (microseconds) of elapsed time indication.
* The logging facility now shows 6 digits (microseconds) of time resolulution
* Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw so that it returns a 16-bit/sample image.
* Dcraw: If Dcraw supports TIFF format, then request TIFF format in order to be able to acquire more metatdata.
* Scale algorithm: Eliminate artifacts when scaling an image with semi-transparent pixels.
* Library metrics: The number of shared library relocations and the amount of initialized data has been signficantly reduced by following recommendations from Ulrich Drepper\'s document `How To Write Shared Libraries `_. (Security) Bug Fixes:
* see NEWS.txt
* fixes [bsc#1138425]
* Wed Dec 19 2018 Petr Gajdos - asan_build: build ASAN included- debug_build: build more suitable for debugging
* Wed Dec 19 2018 Petr Gajdos - update to 1.3.31: Special Issues:
* Firmware and operating system updates to address the Spectre vulnerability (and possibly to some extent the Meltdown vulnerability) have substantially penalized GraphicsMagick\'s OpenMP performance. Performance is reduced even with GCC 7 and 8\'s improved optimizers. There does not appear to be anything we can do about this. Security Fixes:
* GraphicsMagick is now participating in Google\'s oss-fuzz project due to the contributions and assistance of Alex Gaynor. Bug fixes:
* See above note about oss-fuzz fixes.
* CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge issue 571.
* Drawing recursion is limited to 100 and may be tuned via the MAX_DRAWIMAGE_RECURSION pre-processor definition.
* Fix reading MIFF files using legacy keyword \'color-profile\' for ICC color profile as was used by ImageMagick 4.2.9.
* Fix reading/writing files when \'magick\' is specified in lower case. This bug was a regression in 1.3.30. New Features:
* TIFF: Support Zstd compression in TIFF. This requires libtiff 4.0.10 or later.
* TIFF: Support WebP compression in TIFF. This requires libtiff 4.0.10 or later. API Updates:
* MagickMonitor() is marked as deprecated.- see NEWS.txt for more details
* Wed Aug 22 2018 pgajdosAATTsuse.com- disable PS, PS2, PS3 and PDF coders by default, remove gs calls from delegates.mgk [bsc#1105592] + GraphicsMagick-disable-insecure-coders.patch
* Fri Aug 03 2018 idonmezAATTsuse.com- update to 1.3.30:
* Security Fixes: . GraphicsMagick is now participating in Google\'s oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 238 issues have been opened by oss-fuzz and 230 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term \"graphicsmagick\". Issues are available for anyone to view and duplicate if they have been in \"Verified\" status for 30 days, or if they have been in \"New\" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. . SVG/Rendering: Fix heap write overflow of PrimitiveInfo and PointInfo arrays. This is another manefestation of CVE-2016-2317, which should finally be fixed correctly due to active detection/correction of pending overflow rather than using estimation.
* Bug fixes: . Many oss-fuzz fixes are bug fixes. . Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog). . MIFF: Detect end of file while reading image directory. . SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog). . The AlphaCompositePixel macro was producing wrong results when the output alpha value was not 100% opaque. This is a regression introduced in 1.3.29. . TILE: Fix problem with tiling JPEG images because the size request used by the TILE algorithm was also causing re-scaling in the JPEG reader. The problem is solved by stripping the size request before reading the image.
* API Updates: . The size of PrimitiveInfo (believed to be an internal/private structure but in a header which is installed, has been increased to store a \'flags\' argument. This is intended to be an internal interface but but may be detected as an ABI change.
* Behavior Changes: . JPEG: The JPEG reader now allows 3 warnings of any particular type before giving up on reading and throwing an exception. This choice was made after observing files which produce hundreds of warnings and consume massive amounts of memory before reading the image data has even started. It is currently unknown how many files which were previously accepted will be rejected by default. The number of allowed warnings may be adjusted using \'-define jpeg:max-warnings=\'. The default limit will be adjusted based on reported user experiences and may be adjusted prior to compilation via the MaxWarningCount definition in coders/jpeg.c.
* Wed May 23 2018 pgajdosAATTsuse.com- update to 1.3.29:
* Security Fixes: . GraphicsMagick is now participating in Google\'s oss-fuzz project . JNG: Require that the embedded JPEG image have the same dimensions as the JNG image as provided by JHDR. Avoids a heap write overflow. . MNG: Arbitrarily limit the number of loops which may be requested by the MNG LOOP chunk to 512 loops, and provide the \'-define mng:maximum-loops=value\' option in case the user wants to change the limit. This fixes a denial of service caused by large LOOP specifications.
* Bug fixes: . DICOM: Pre/post rescale functions are temporarily disabled (until the implementation is fixed). . JPEG: Fix regression in last release in which reading some JPEG files produces the error \"Improper call to JPEG library in state 201\". . ICON: Some DIB-based Windows ICON files were reported as corrupt to an unexpectedly missing opacity mask image. . In-memory Blob I/O: Don\'t implicitly increase the allocation size due to seek offsets. . MNG: Detect and handle failure to allocate global PLTE. Fix divide by zero. . DrawGetStrokeDashArray(): Check for failure to allocate memory. . BlobToImage(): Now produces useful exception reports to cover the cases where \'magick\' was not set and the file format could not be deduced from its header.
* API Updates: . Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(), MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap() based on contributions by Troy Patteson. . New structure ImageExtra added and Image \'clip_mask\' member is replaced by \'extra\' which points to private ImageExtra allocation. The ImageGetClipMask() function now provides access to the clip mask image. . New structure DrawInfoExtra and DrawInfo \'clip_path\' is replaced by \'extra\' which points to private DrawInfoExtra allocation. The DrawInfoGetClipPath() function now provides access to the clip path. . New core library functions: GetImageCompositeMask(), CompositeMaskImage(), CompositePathImage(), SetImageCompositeMask(), ImageGetClipMask(), ImageGetCompositeMask(), DrawInfoGetClipPath(), DrawInfoGetCompositePath() . Deprecated core library functions: RegisterStaticModules(), UnregisterStaticModules().
* Feature improvements: . Static modules (in static library or shared library without dynamically loadable modules) are now lazy-loaded using the same external interface as the lazy-loader for dynamic modules. This results in more similarity between the builds and reduces the fixed initialization overhead by only initializing the modules which are used. . SVG: The quality of SVG support has been significantly improved due to the efforts of Greg Wolfe. . FreeType/TTF rendering: Rendering fixes for opacity.
* Tue Feb 20 2018 crrodriguezAATTopensuse.org- Add explicit buildrequires on: pkgconfig(libwebpmux), pkgconfig(libpng), pkgconfig(x11), pkgconfig(xext), pkgconfig(zlib), libjpeg-devel. all of them direct build dependencies but not included in the spec file
* Wed Jan 24 2018 pgajdosAATTsuse.com- update to 1.3.28:
* Security Fixes: BMP: Fix non-terminal loop due to unexpected bit-field mask value (DOS opportunity). PALM: Fix heap buffer underflow in builds with QuantumDepth=8. SetNexus() Fix heap overwrite under certain conditions due to using a wrong destination buffer. This issue impacts all 1.3.X releases. TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing NEWS profile.
* Bug fixes: DescribeImage(): Eliminate possible use of null pointer. GIF: Fix memory leak of global colormap in error path. GZ: Writing to gzip files with the extension \".gz\" was not working with Zlib 1.2.8. JNG: Fix buffer read overflow (a tiny fixed overflow of just one byte). JPEG: Promoting certain libjpeg warnings to errors caused much more problems than expected. The promotion of warnings to errors is removed. Claimed pixel dimensions are validated by file size before allocating memory for the pixels. IntegralRotateImage(): Assure that reported error in rotate by 270 case does immediately terminate processing. MNG: Fix possible null pointer reference related to DEFI chunk parsing. Fix minor heap read overflow (constrained to just one byte) due to an ordering issue in a limit check. Fix memory leaks in error path. WebP: Fix stack buffer overflow in WriteWEBPImage() which occurs with libwebp 0.5.0 or newer due to a structure type change in the structure passed to the progress monitor callback. WPG: Memory leaks fixed.
* API Updates: InterpolateViewColor(): This function now returns MagickPassFail (an unsigned int) rather than void so that errors can be efficiently reported. The magick/pixel_cache.h header is updated to add deprecation attributes such that code using GetPixels(), GetIndexes(), and GetOnePixel() will produce deprecation warnings for compilers which support them. These functions will not be removed in the 1.3.X release series and when they are removed, pre-processor macros will be added so a replacement function is used instead. There is a long-term objective to eliminate functionally-redundant pixel cache functions to only the ones with the best properties since this reduces maintenance and may reduce the depth of the call stack (improving performance).
* removed unneded GraphicsMagick-release-date-missing-quote.patch
* Wed Jan 10 2018 pgajdosAATTsuse.com- update to 1.3.27:
* New Features: . PNG: Implemented eXIf chunk support. . WEBP: Add support for EXIF and ICC metadata provided that at least libwebp 0.5.0 is used. . Magick++ Image autoOrient(): New Image method to auto-orient an image so it looks right-side up by default.
* Behavior Changes: . PALM: PALM writer is disabled. . ThrowLoggedException(): Capture the first exception at ErrorException level or greater, or only capture exception if it is more severe than an already reported exception. . DestroyJNG(): This internal function is now declared static and is removed from shared library or DLL namespace.
* lot of security and other bug fixes, see https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/1.3.27/- added GraphicsMagick-release-date-missing-quote.patch
* Tue Sep 19 2017 pgajdosAATTsuse.com- builds for sle11
* Mon Sep 11 2017 pgajdosAATTsuse.com- fix perl bindings + GraphicsMagick-perl-linkage.patch from fedora- turn on perl test suite
* Mon Jul 24 2017 jengelhAATTinai.de- Trim descriptions. Redo summaries and RPM groups.
* Fri Jul 21 2017 tchvatalAATTsuse.com- Drop patches not meintioned in the changelog ever:
* GraphicsMagick-debian-fixed.patch
* GraphicsMagick-include.patch
* GraphicsMagick-perl-link.patch
* The package builds just fine without them and there is no refference explaining it- Convert the deps to pkgconfig variants where possible.
* Fri Jul 21 2017 tchvatalAATTsuse.com- Version update to 1.3.26:
* DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799 bsc#1047054).
* JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
* MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800 bsc#1047044).
* META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
* PCX: Fix denial of service issue.
* RLE: Fix abnomally slow operation (denial of service issue) with intentionally corrupt colormapped file.
* PICT: Fix possible buffer overflow vulnerability given suitably truncated input file.
* PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
* PNG: Avoid NULL dereference when MAGN chunk processing fails.
* SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
* SGI: Fix denial of service issues. Delay large memory allocations until file header has fully passed sanity checks.
* TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335 bsc#1027255).
* TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794).
* WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).
* DifferenceImage(): Fix Fix all-black difference image if an input file is colormapped.
* EXIF orientation was not being properly detected for some files.
* -frame: The `import` command -frame handling was improperly implemented and was using already freed data.
* GIF: Fixes for \"Excessive LZW string data\" problem.
* Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and PathSmoothCurvetoRel::operator().
* PAM: Support writing GRAYSCALE PAM format.
* PNG: Fix memory leaks.
* SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
* TclMagick: Problem that TkMagick could not resolve functions from TclMagick under Linux is fixed.
* TclMagick: Fix parser validatation in magickCmd() to avoid crash given a syntax error.
* TIFF: Fix for reading old JPEG files (avoids \"Improper call to JPEG library in state 0. (LibJpeg).\").
* TXT: Fixed memory leak.
* XCF: Error checking is improved.
* EXIF rotation: Support is added such that the EXIF orientation tag is updated when the image is rotated.
* MAT: Now support reading multiple images from Matlab V4 format.
* Magick++: Orientation method now updates orientation in EXIF profile, if it exists.
* Magick++: Added Image attribute method which accepts a \'char
*\' argument, and will remove the attribute if the value argument is NULL.
* -orient: The -orient command line option now also updates the orientation in the EXIF profile, if it exists.
* PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds of what JasPer supports).
* Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), MagickSetImageOrientation(), MagickRemoveImageOption(), and MagickClearException().- Drop merged patch GraphicsMagick-CVE-2017-8350.patch
* Mon Jun 26 2017 pgajdosAATTsuse.com- complementary fix for CVE-2017-8350 [bsc#1036985 c13-c21]
* GraphicsMagick-CVE-2017-8350.patch
* Mon Sep 26 2016 pgajdosAATTsuse.com- update to 1.3.25:
* EscapeParenthesis(): I was notified by Gustavo Grieco of a heap overflow in EscapeParenthesis() used in the text annotation code. While not being able to reproduce the issue, the implementation of this function is completely redone.
* Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU. Problem was reported by Agostino Sarubbo based on testing with AFL.
* SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in the MVG rendering code (also impacts SVG).
* TIFF: Fix heap buffer read overflow while copying sized TIFF attributes. Problem was reported by Agostino Sarubbo based on testing with AFL.
* Thu Jun 23 2016 meissnerAATTsuse.com- Build \"gm\" as position independend executable (PIE).
* Mon Jun 06 2016 pgajdosAATTsuse.com- updated to 1.3.24:
* many security related changes (incl. CVE-2016-5118), see ChangeLog- removed patches:
* GraphicsMagick-CVE-2016-5118.patch
* GraphicsMagick-upstream-delegates-safer.patch
* GraphicsMagick-upstream-disable-mvg-ext.patch
* GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
* GraphicsMagick-upstream-image-sanity-check.patch
* Mon May 30 2016 pgajdosAATTsuse.com- security update:
* CVE-2016-5118 [bsc#982178] + GraphicsMagick-CVE-2016-5118.patch
* Mon May 09 2016 sfleesAATTsuse.de- Multiple security issues in GraphicsMagick/ImageMagick [boo#978061] (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717)
* GraphicsMagick-upstream-delegates-safer.patch
* GraphicsMagick-upstream-disable-mvg-ext.patch
* GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
* GraphicsMagick-upstream-image-sanity-check.patch
* Sun Nov 08 2015 dmitry_rAATTopensuse.org- Update to version 1.3.23
* See included NEWS.txt for details
* Mon Oct 05 2015 dmitry_rAATTopensuse.org- Update to version 1.3.22
* See included NEWS.txt for details
* Sat Mar 21 2015 dmitry_rAATTopensuse.org- Update to version 1.3.21
* See included NEWS.txt for details
  
ICM