File GraphicsMagick.changes of Package GraphicsMagick
-------------------------------------------------------------------
Mon Sep 26 09:01:33 UTC 2016 - pgajdos@suse.com
- update to 1.3.25:
* EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
overflow in EscapeParenthesis() used in the text annotation code.
While not being able to reproduce the issue, the implementation of
this function is completely redone.
* Utah RLE: Reject truncated/absurd files which caused huge memory
allocations and/or consumed huge CPU. Problem was reported by
Agostino Sarubbo based on testing with AFL.
* SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
the MVG rendering code (also impacts SVG).
* TIFF: Fix heap buffer read overflow while copying sized TIFF
attributes. Problem was reported by Agostino Sarubbo based on
testing with AFL.
-------------------------------------------------------------------
Thu Jun 23 11:54:26 UTC 2016 - meissner@suse.com
- Build "gm" as position independend executable (PIE).
-------------------------------------------------------------------
Mon Jun 6 09:22:05 UTC 2016 - pgajdos@suse.com
- updated to 1.3.24:
* many security related changes (incl. CVE-2016-5118), see
ChangeLog
- removed patches:
* GraphicsMagick-CVE-2016-5118.patch
* GraphicsMagick-upstream-delegates-safer.patch
* GraphicsMagick-upstream-disable-mvg-ext.patch
* GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
* GraphicsMagick-upstream-image-sanity-check.patch
-------------------------------------------------------------------
Mon May 30 14:19:50 UTC 2016 - pgajdos@suse.com
- security update:
* CVE-2016-5118 [bsc#982178]
+ GraphicsMagick-CVE-2016-5118.patch
-------------------------------------------------------------------
Mon May 9 12:35:32 UTC 2016 - sflees@suse.de
- Multiple security issues in GraphicsMagick/ImageMagick [boo#978061]
(CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717)
* GraphicsMagick-upstream-delegates-safer.patch
* GraphicsMagick-upstream-disable-mvg-ext.patch
* GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
* GraphicsMagick-upstream-image-sanity-check.patch
-------------------------------------------------------------------
Sun Nov 8 12:53:03 UTC 2015 - dmitry_r@opensuse.org
- Update to version 1.3.23
* See included NEWS.txt for details
-------------------------------------------------------------------
Mon Oct 5 20:09:55 UTC 2015 - dmitry_r@opensuse.org
- Update to version 1.3.22
* See included NEWS.txt for details
-------------------------------------------------------------------
Sat Mar 21 11:41:22 UTC 2015 - dmitry_r@opensuse.org
- Update to version 1.3.21
* See included NEWS.txt for details
-------------------------------------------------------------------
Wed Sep 17 06:18:26 UTC 2014 - dmitry_r@opensuse.org
- Move library configuration files to separated package
-------------------------------------------------------------------
Tue Sep 16 07:24:18 UTC 2014 - dmitry_r@opensuse.org
- Fix devel package dependencies
-------------------------------------------------------------------
Sat Sep 13 07:21:37 UTC 2014 - dmitry_r@opensuse.org
- Update to version 1.3.20
* See included NEWS.txt for details
- Enable quantum depth in shared library names
- Enable bzip2, jbig, webp support
- Use LCMSv2
-------------------------------------------------------------------
Tue Feb 25 08:43:01 UTC 2014 - dmitry_r@opensuse.org
- Fix quantum depth in package description
-------------------------------------------------------------------
Thu Jan 2 09:43:18 UTC 2014 - pgajdos@suse.com
- updated to 1.3.19:
* EPT: Fix crash observed when Ghostscript fails to produce useful
output. This was particularly noticeable when Ghostscript was not
installed. This crash could be used to cause denial of service.
* PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a
"known incorrect ICC profile". This crash could be used to cause
denial of service.
* etc. see NEWS.txt
-------------------------------------------------------------------
Mon Jul 15 13:32:17 UTC 2013 - pgajdos@suse.com
- set quantum depth to 16 [bnc#828380]
-------------------------------------------------------------------
Tue Mar 12 07:06:04 UTC 2013 - pgajdos@suse.com
- updated to 1.3.18:
* Due to `GCC bug 53967`_, several key agorithms (e.g. convolution)
may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is
enabled for floating point math (`-mfpmath=sse`) if the GCC option
`-frename-registers` is used. Default 32-bit builds do not
experience the problem since they use '387 math. It is not clear
in what version of GCC this problem started but it was not noticed
by the developers until the GCC 4.6 timeframe. Other compilers do
not suffer from this bug.
* Fixed bug with format substitutions if input string ends with a
single '%'.
* BMP: Fixed an old bug with decoding chromaticity primaries.
* PNG: Fixed reading of interlaced images. Fix reading of sub-8-bit
palette and grayscale images. Some PNG sub-formats were written
incorrectly. Fix crash in PNG8 writer if image colors happened to
be non-zero but image was not actually colormapped.
* PNG: Configure script now also searches for libpng versions 16 and
17.
* TIFF: Fix a crash which was noticed when writing RGBA separated
(planar) format.
* `--enable-symbol-prefix` was not prefixing all of the C
symbols. Some core C library functions were not prefixed. This
option applies to the Wand library API as well now.
* C API: When input is from a user-provided file descriptor, the
file position is restored after reading the file header bytes.
Previously the file position was rewound to the beginning of the
file. This allows reading embedded image data from the current
offset in a file, and allows continuing to use the stream after
GraphicsMagick has returned the image.
* C API: It is now possible to invoke CloseBlob() multiple times.
* etc. see NEWS.txt
-------------------------------------------------------------------
Mon Oct 15 07:13:56 UTC 2012 - pgajdos@suse.com
- updated to 1.3.17:
* PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in
coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper
variable type for the allocation size, which might allow remote
attackers to cause a denial of service (crash) via a crafted PNG
file that triggers incorrect memory allocation.
* PNG: Reading sub-8-bit palette images is fixed (images looked
stretched).
* SVG: Fixed bug which allowed MVG and SVG files with long vector
paths to crash the software.
* SVG: Ignore XML headers rather than rendering them as text.
* MVG/SVG/WMF/-draw: It is now possible to draw a plain ','
character.
* etc., see NEWS.txt
-------------------------------------------------------------------
Tue Jul 31 09:01:37 UTC 2012 - pgajdos@suse.com
- fixed PerlMagick/Makefile.PL.in [bnc#771540]
-------------------------------------------------------------------
Mon Jun 25 08:29:04 UTC 2012 - pgajdos@suse.com
- updated to 1.3.16:
Security Fixes:
* Don't translate 'comment' and 'label' attributes if the request is
made while a file is being read. Only translate such attributes
if they come from the command line or API user.
Bug fixes:
* SWT: SWT reader suffered from a number of implementation errors
which caused it not to work any more. Works again.
* XBM: Fix memory leak observed when reading file in 'ping' mode.
* Support -trim on images which use a consistent (single color)
transparent background. In this case, trim is done based on
opacity rather than foreground color.
* Include <sys/types.h> in order to assure that 'size_t' and
'ssize_t' are declared. This is necessary since
MagickExtentImage() uses these types as part of its definition.
* +repage was not working because parser was insisting that it
should include an argument.
(i.e. multiplying rather than dividing).
* PerlMagick: Fix compilation with Perl 5.16.
* PingBlob(): PingBlob was not working for all cases. Is now based
on BlobToImage() for assured reliability.
Feature improvements:
* MAT: Animated movies inside 4D matrices are loaded now.
* PDF: File base name is used as the document title.
* PNG: Fix issues observed specifically with libpng 1.5.10.
Performance Improvements:
* Pixel iterators should be more efficient now if the image uses a
file-backed cache.
* Motion blur algorithm does scale well as cores are added so
include OpenMP support for it by default.
-------------------------------------------------------------------
Mon Jun 4 08:50:13 UTC 2012 - pgajdos@suse.com
- added PerlMagick/typemap to build module with perl 5.16; to be
removed for 1.4.0
-------------------------------------------------------------------
Wed May 2 08:59:10 UTC 2012 - pgajdos@suse.com
- updated to 1.3.15:
Bug fixes:
* PNG - fixed problem with bit depth when the encoder decides to
write RGBA instead of indexed PNG.
* Fixed some temporary file leaks which were caused by the temporary
file name being automatically extended to include a scene number,
and therefore fail to be deleted.
New Features:
* Added '+noise random' and '-operator noise-random' to 'convert'
and 'mogrify'. This modulates the existing image data with
uniformely random noise.
* Added -strip option in composite, convert, mogrify, and montage to
remove all profiles and text attributes from the image.
* Added -repage option to composite, convert, mogrify, and montage
subcommands to reset or adjust the current image page offsets
based on a provided geometry specification.
* New C function StripImage() to remove all profiles and text
attributes from the image.
* New C function ResetImagePage() to adjust the current image page
canvas and position based on a relative page specification.
* C functions GenerateDifferentialNoise(), AddNoiseImageChannel(),
QuantumOperatorRegionImage(), AddNoiseImage() updated to support
RandomNoise enumeration.
* New C++ Image method strip(), and unary function stripImage() to
remove all profiles and text attributes from the image.
* XCF format now respects image subimage and subrange members so
that returned image layers may be selected.
* The INFO coder (e.g. output file "info:-") now respects the
-format option so that its output may be adjusted identically to
how -format works for 'identify'.
* TclMagick now supports Random noise.
Feature improvements:
* C function ThumbnailImage() now allows the user to override the
filter used, but still defaults to using the box filter.
Behavior Changes:
* No longer add a printf-style scene formatting specification to
filenames which do not have one and no longer automatically
operate in 'adjoin' mode in such cases. If multiple numbered
files are intended to be output, then add +adjoin to the command
line and use an output filename specification similar to
"image-%d.jpg". Output files are now completely specified and
predictable but this may break some existing usages which
anticipate the automatic file numbering.
-------------------------------------------------------------------
Mon Feb 27 08:05:20 UTC 2012 - pgajdos@suse.com
- updated to 1.3.14:
Bug fixes:
* TGA format: Assume that 32-bit TGA files have an alpha channel,
even if they are not marked as such.
* XCF format: Fix reading XCF which is comprised of different sized
layers.
* JPEG & CineonLog: Convert RGB-compatible colorspaces
(e.g. CineonLog) to RGB by default since that was the case prior
to release 1.3.13.
* RAW formats: Small memory leak in dcraw module was fixed.
* Resize: ResizeImage() was ignoring its resize filter argument and
was using the filter setting from the Image structure instead.
* The mirror virtual pixel method was broken.
New Features:
* Open64 Compiler Suite: Version 5.0 is fully supported.
* Wand API: Added MagickExtentImage().
* MEF RAW: Mamiya Photo RAW "MEF" format is now supported.
Feature improvements:
* DPX format: Original file endianness is preserved by default.
Performance Improvements:
* Despeckle algorithm (-despeckle) is many times faster.
Behavior Changes:
* DPX format: Original file endianness is preserved by default.
-------------------------------------------------------------------
Tue Dec 27 09:30:07 UTC 2011 - pgajdos@suse.com
- updated to 1.3.13:
* In I/O blob, don't rewind already open file handle passed to
OpenBlob() since we don't know the intended state of this file
handle, and because it prevents appending to an existing file.
* In AppendImageProfile(), don't leak profile buffer while appending
a chunk to an existing profile.
* Fix deadlock in ClonePixelCache() which was caused by using the
same semaphore pointer in the source and destination images.
* etc. see NEWS.txt
- disabled perl.patch
-------------------------------------------------------------------
Mon Apr 11 11:26:09 CEST 2011 - pgajdos@suse.cz
- removed dependency of devel packages on the main package
[bnc#685755]
-------------------------------------------------------------------
Wed Dec 22 10:11:32 UTC 2010 - neptunia@mail.ru
- restoring *-config scripts as in upstream version: their removal
breaks older software
-------------------------------------------------------------------
Tue Dec 14 16:53:58 UTC 2010 - cristian.rodriguez@opensuse.org
- package no longer requires -fno-strict-aliasins
- fix -devel package dependencies
- run make check
- exclude *-config scripts, whatever uses them _must_ use pkgconfig
to avoid the mess this scripts create.
-------------------------------------------------------------------
Mon Jul 12 13:50:07 CEST 2010 - pgajdos@suse.cz
- added xorg-x11-fonts as runtime dependency [bnc#619103]
-------------------------------------------------------------------
Tue Mar 9 08:59:09 CET 2010 - pgajdos@suse.cz
- updated to version 1.3.12:
* Filter mode (write to stdout) was completely broken.
* Should now compile with libpng 1.4.
* DCX output format is only written on request. Previously the PCX
coder would automatically switch to DCX format if multiple frames
would be written.
-------------------------------------------------------------------
Tue Feb 23 09:44:42 CET 2010 - pgajdos@suse.cz
- updated to version 1.3.11:
* Fixed array underflow on systems using signed char
which could result in a program crash due to extended
characters in filenames or in certain file formats.
* Fixed array underflow on systems using signed char
which could result in a program crash due to extended
characters in filenames or in certain file formats.
* Added a -thumbnail command to 'convert' and 'mogrify'.
This is a faster way to scale down the image when
speed is a primary concern.
* Added a -extent command to 'convert' and 'mogrify'
which composites the image on top of a backing
canvas image of solid color.
* Added support for -compose to the 'convert' and
'mogrify', which were documented to support it
(but did not).
* Requests for 'Over' and 'Atop' composition are
converted to a request for the (faster) 'Copy'
composition when both images are opaque.
-------------------------------------------------------------------
Mon Feb 15 11:05:19 CET 2010 - pgajdos@suse.cz
- updated to version 1.3.10:
* +adjoin was not working correctly for the case when only one image
frame is present. With +adjoin and writing one frame to
"foo%d.jpg" it was outputting "foo%d.jpg" rather than "foo0.jpg".
* When drawing paths, memory allocation for the points was much
larger than it needed to be (patch by Vladimir Lukianov).
* To reiterate the change which first appeared in 1.3.9, there is no
longer an implicit +adjoin if the output file name happens to
contain a %d sequence, or there are multiple frames and the output
file format only supports storing one frame. Specify +adjoin if
scene number substition is desired in the output file names.
-------------------------------------------------------------------
Mon Feb 8 10:22:54 CET 2010 - pgajdos@suse.cz
- updated to version 1.3.9:
* There is no longer an implicit 'adjoin' if an output filename
contains an apparent scene specification (e.g. foo%02d.tiff) and
multiple files are not needed to save the image.. It is necessary
to use +adjoin. For example ``gm convert foo.pdf +adjoin
%02d.tiff``.
* For formats which support multiple frames, output with +adjoing to
filenames containing a scene specification (e.g. foo%02d.tiff) was
resulting in wrong output file names.
* -flatten now applies the image background color under the first
image in the list if it is not already opaque.
* Fix "double free" error when using gm import -frame.
* XPM does not support RGBA color syntax, so return RGB instead.
* The display '-update' option was only working in conjunction with
the '-delay' option with a delay setting of 2 or greater.
* -convolve was crashing rather than reporting an error.
* Fixed crash if the number of OpenMP threads was reduced from the
original value via '-limit threads' or omp_set_num_threads().
* -blur was not blurring the opacity channel for solid-color images.
* Several deleted global string constants are restored with
deprecated status in order to assure that symbols are not removed
from the ABI.
-------------------------------------------------------------------
Mon Jan 25 10:16:57 CET 2010 - pgajdos@suse.cz
- updated to version 1.3.8:
Security Fixes:
* Fix for CVE-2009-1882 "Integer overflow in the XMakeImage
function".
* Fix lockup due to hanging in loop while parsing malformed
sub-image specification (SourceForge issue 2886560).
* Libltdl: Updated libtool to 2.2.6b in order to fix security issue.
Resolves CVE-2009-3736 as it pertains to GraphicsMagick.
Bug fixes:
* -convolve, -recolor: Validate that user-provided matrix is square
when parsing -convolve and -recolor commands in order to avoid a
core dump.
* CALS: Reading images taller than the image width resulted in a
failure.
* ConstituteImage(), DispatchImage(): 'A' and 'T' should indicate
transparency and 'O' should indicate opacity. Behavior was
inconsistent. In some cases 'O' meant transparency while in other
cases it meant opacity. Also, in a few cases, matte was not
getting enabled in the image as it should.
* DCRAW: Module name was not registered so modules based builds were
not supporting formats provided via 'dcraw'.
* GetOptimalKernelWidth1D(), GetOptimalKernelWidth2D(): In the Q32
build, convolution kernel size was estimated incorrectly for large
sigmas on 32-bit systems due to arithmetic overflow. This could
cause wrong results for -convolve, -blur, -sharpen, and other
algorithms which use these functions.
etc., see NEWS.txt
-------------------------------------------------------------------
Mon Nov 23 17:05:42 CET 2009 - pgajdos@suse.cz
- updated to version 1.3.7 (see ChangeLog)
-------------------------------------------------------------------
Tue Nov 3 19:09:19 UTC 2009 - coolo@novell.com
- updated patches to apply with fuzz=0
-------------------------------------------------------------------
Tue Aug 4 18:38:37 CEST 2009 - pgajdos@suse.cz
- updated to 1.2.7:
- Bug fixes:
* VID: Eliminate memory leak.
* montage: Eliminate use of freed memory.
* delegates.mgk: Fix hang when co-process is invoked.
* identify: Return comment text of any size.
* ConvolveImage: Correctly log the convolution kernel used.
- Feature improvements:
* Convert: Re-implement -write so that it works in a useful fashion.
- Performance improvments:
* TIFF: Ping mode ('identify') is now really fast.
-------------------------------------------------------------------
Wed Oct 15 11:35:47 CEST 2008 - nadvornik@suse.cz
- renamed libGraphicsMagick1 -> libGraphicsMagick2
-------------------------------------------------------------------
Fri Sep 12 15:05:31 CEST 2008 - nadvornik@suse.cz
- updated to 1.2.5
* many fixes and improvements
* see NEWS.txt for details
- renamed libGraphicsMagickWand0 -> libGraphicsMagickWand1
- renamed libGraphicsMagick++1 -> libGraphicsMagick++2
-------------------------------------------------------------------
Fri May 23 15:51:33 CEST 2008 - nadvornik@suse.cz
- fixed CVE-2008-1097 PCX buffer overflow [bnc#391366]
- fixed CVE-2008-1096 XCF Buffer overflow [bnc#391364]
-------------------------------------------------------------------
Tue Mar 11 17:02:23 CET 2008 - nadvornik@suse.cz
- updated to 1.1.11:
* security fixes merged upstream
* BMP, DIB: Support large files
* TIFF: Endian option (-endian) now controls TIFF byte endian
order rather than bit fill order
-------------------------------------------------------------------
Tue Oct 23 17:13:42 CEST 2007 - nadvornik@suse.cz
- updated to 1.1.10:
Bugs Fixed:
o Image rotate by -90/270 degrees was producing wrong output.
o In mogrify command, don't remove file name based on random junk in
memory.
o Fixed memory leak when reading MPC files.
o Fixed crash when writing MIFF format and depth is not expected 8/16/32/.
o In mogrify command, don't leak memory in the case where the image
file contains multiple frames.
o Fixed crash in PNG and JPEG coders when the image to be written is
part of an image list.
o PNG reader errors are now properly reported to the user.
o TIFF output can now be written to a pipe or other non-seekable
destination.
o Support writing PDF with CCITT compression.
Feature Improvements:
o Added a new 'benchmark' command which can be used to perform
benchmarking on any other command.
o Image rotate in clockwise (90 degrees) or counter-clockwise (270
degrees) direction is now 2-9X faster than before.
o The -version option now includes a list of supported features.
- fixed interger overflows: CVE-2007-4985, CVE-2007-4986,
CVE-2007-4988 [#327021]
- fixed to build with GCC 4.3
-------------------------------------------------------------------
Mon Aug 6 16:53:26 CEST 2007 - nadvornik@suse.cz
- updated to 1.1.8:
* security fixes merged upstream
* a lot of other bugfixes
-------------------------------------------------------------------
Wed Jul 25 13:41:10 CEST 2007 - nadvornik@suse.cz
- adjusted to Shared Library Policy:
* new subpackages libGraphicsMagick1, libGraphicsMagickWand0
* GraphicsMagick-c++ -> libGraphicsMagick++1
* GraphicsMagick-c++-devel -> libGraphicsMagick++-devel
- fixed to build
-------------------------------------------------------------------
Thu Apr 19 14:15:49 CEST 2007 - nadvornik@suse.cz
- fixed various crashes on malformed input, including
CVE-2007-1797 and CVE-2007-1667 [#258253]
- adjusted BuildRequires for libjasper-devel
-------------------------------------------------------------------
Tue Feb 27 22:49:43 CET 2007 - dmueller@suse.de
- reduce buildrequires
-------------------------------------------------------------------
Thu Feb 22 17:32:48 CET 2007 - nadvornik@suse.cz
- fixed patch for palm codec CVE-2006-5456 [#215685]
- fixed palm patch for palm codec [#215685]
- fixed PerlMagic module library dependencies [#243002]
- fixed broken code that caused compiler warnings [#243012]
-------------------------------------------------------------------
Thu Nov 16 18:35:03 CET 2006 - dmueller@suse.de
- fix c++-devel package requires
-------------------------------------------------------------------
Mon Oct 30 16:27:15 CET 2006 - nadvornik@suse.cz
- applied debian patch for CVE-2006-5456, CVE-2006-3743,
CVE-2006-3744, CAN-2005-0397, CVE-2005-4601
-------------------------------------------------------------------
Thu Sep 21 18:47:45 CEST 2006 - nadvornik@suse.cz
- minor adjustments in spec file
-------------------------------------------------------------------
Thu Sep 14 18:20:05 CEST 2006 - lmichnovic@suse.cz
- initial version 1.1.7