github.com/kaydxh/golang@v0.0.131/pkg/gocv/cgo/third_path/graphics-magick/share/doc/GraphicsMagick/ChangeLog.2016 (about) 1 2016-12-31 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 2 3 * coders/pnm.c (WritePNMImage): Support writing GRAYSCALE PAM 4 format. Before this fix, grayscale output was marked as type 5 BLACKANDWHITE. Problem was reported by Aaron Boxer via email on 6 December 31, 2016. 7 8 * TclMagick/generic/Makefile.am: Applied patch by Massimo Manghi 9 (plus some fixes by me) to add a 'libttkcommon' shared library to 10 contain codde common to the TclMagick/TkMagick loadable modules, 11 and particularly to allow TkMagick to access TclMagick functions 12 without depending on dlopen() with RTLD_GLOBAL behavior. 13 14 2016-12-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 15 16 * magick/compare.c (DifferenceImage): Fix all-black difference 17 image if an input file is colormapped. Resolves SourceForge issue 18 #404 "Difference file does not work if PNG ". 19 20 2016-12-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 21 22 * coders/txt.c (ReadTXTImage): Fix Coverity issue 55866 "Resource 23 leak". 24 25 * magick/enum_strings.c (StringToCompositeOperator): Fix Coverity 26 issue 139296 "Constant expression result". 27 28 * magick/channel.c (ImportImageChannelsMasked): Fix Coverity issue 29 139297 "Constant expression result". This was a bug but only in 30 terms of reduced performance, not results. 31 32 * Magick++/lib/Drawable.cpp 33 (PathSmoothCurvetoRel::operator): Fix Coverity issue 139301 "Using 34 invalid iterator". 35 (PathSmoothCurvetoRel::operator): Fix Coverity issue 139302 "Using 36 invalid iterator" 37 38 * magick/attribute.c: From SourceForge patches #47 39 "GraphicsMagick-1.3.25-get-exif-attribute-gps-fix.patch" and 40 "GraphicsMagick-1.3.25-set-exif-orientation-fix.patch" by Troy 41 Patteson with description (related to provided Coverity reports in 42 coverity.txt): Those coverity errors indicate a problem with the 43 earlier patch I sent you to fix getting the EXIF orientation when 44 the GPS IFD occurs before the EXIF IFD. Although the patch fixed 45 that issue it introduced a new issue in that GPS tags could no 46 longer be retrieved. This occurs because the gpsfound flag is set 47 when the GPS IFD is pushed onto the stack but then cleared 48 immediately when breaking out of the loop processing the directory 49 entries for the current IFD. The solution is to push the gpsfound 50 flag onto the stack as well as it needs to be set when the GPS IFD 51 is popped off the stack rather than being set straight away. 52 53 The second coverity error relates to gpsoffset not being set in 54 FindEXIFAttribute(). The code that sets gpsoffset in 55 GenerateEXIFAttribute() was embedded in the code that gets tags 56 values which was removed in FindEXIFAttribute() as only the DE 57 offset is required. I have removed the need for gpsoffset and just 58 computed the GPS IFD offset when pushing it onto the stack in the 59 same way the EXIF IFD offset is computed. 60 61 2016-12-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 62 63 * magick/attribute.c: From SourceForge patches #47 64 "GraphicsMagick-1.3.25-5-set-exif-orientation.patch" by Troy 65 Patteson with description: Rotating an image without resetting the 66 EXIF orientation tag is problematic as follow-on viewers that 67 support the EXIF orientation tag may incorrectly rotate the image 68 a second time. For JPEG images, the current solution is to either 69 strip the image, remove the EXIF profile or modify the EXIF data 70 of the written image with other software. This patch adds the 71 ability to set the orientation tag in the EXIF profile via the 72 SetImageAttribute on attribute EXIF:Orientation provided the EXIF 73 orientation already exists. AutoOrientImage() has been modified to 74 set the EXIF orientation tag on successful rotation of the image. 75 76 The implementation is less than ideal. The EXIF profile must be 77 duplicated because it is returned read-only from the profiles 78 map. Large amounts of the GenerateEXIFAttribute() function has 79 been duplicated in a function called FindEXIFAttribute() which 80 returns the offset in the EXIF profile of a given tag ID. Once 81 found, the orientation tag value is updated accordingly and the 82 new EXIF profile set. Despite the patches shortcomings, I believe 83 it is preferable to leaving the EXIF orientation tag unchanged 84 after auto-orienting the image. 85 86 * wand/magick_wand.c (MagickClearException): From SourceForge 87 patches #47 "GraphicsMagick-1.3.25-1-wand-clear-exception.patch" 88 by Troy Patteson with description: This patch adds the ability to 89 clear the last Wand exception. This is particularly useful to 90 clear any exception on the Wand before calling MagickReadImage() 91 which can return success with a warning exception such as "JPEG 92 data: premature end of data segment". 93 (MagickRemoveImageOption): From SourceForge patches #47 94 "GraphicsMagick-1.3.25-2-wand-remove-image-option.patch" by Troy 95 Patteson with description: There is MagickSetImageOption() to set 96 options like JPEG preserve-settings but no way to remove the 97 option once set. Since the mechanism to remove image options 98 already exists in lower-level API there seems no reason not to 99 expose it in the Wand API. 100 (MagickGetImageOrientation, MagickSetImageOrientation): From 101 SourceForge patches #47 102 "GraphicsMagick-1.3.25-3-wand-get-set-orientation.patch" by Troy 103 Patteson with description: MagickGetImageOrientation returns the 104 internal orientation setting which is useful to know to determine 105 whether an image needs rotation. The function to set the 106 orientation is less useful as it only sets the internal 107 orientation setting which is only used when writing out TIFF 108 files. A future patch addresses this issue. 109 (MagickAutoOrientImage): From SourceForge patches #47 110 "GraphicsMagick-1.3.25-4-wand-auto-orient.patch" by Troy Patteson 111 with description: This patch adds auto-orient image to the Wand 112 API. 113 114 2016-12-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 115 116 * TclMagick/{configure.ac, Makefile.am}: Applied patches by 117 Massimo Manghi to use TEA tcl.m4 version 3.9. 118 119 2016-11-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 120 121 * coders/gif.c (DecodeImage): Applied fixes by Tianyu Lang for 122 "Excessive LZW string data" problem leading to "Corrupt image" 123 report while reading some GIF files. 124 125 2016-11-18 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 126 127 * doc/options.imdoc, doc/config_files.imdoc, doc/benchmark.imdoc: 128 Fixed some indentation in the documentation. 129 130 2016-10-29 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 131 132 * acinclude.m4 (LIBS): Fix memory leaks in GM_FUNC_MMAP_FILEIO 133 macro test-case so that it can be used successfully with ASAN 134 compilation options. 135 136 * magick/blob.c: Eliminate unused variable compiler warnings when 137 HAVE_MMAP_FILEIO is not defined. 138 139 2016-10-24 Fojtik Jaroslav <JaFojtik@seznam.cz> 140 141 * coders/mat.c Ability to read multiple images from Matlab V4 format. 142 143 2016-10-21 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 144 145 *coders/png.c (ReadOneJNGImage): Enforce spec requirement that the 146 dimensions of the JPEG embedded in a JDAT chunk must match the 147 JHDR dimensions. This issue was assigned CVE-2016-9830 on 148 2016-12-04. Please note that GraphicsMagick's pixel, width, and 149 height default limits are often greater than the dimension limits 150 of JNG and JPEG so the user should add explicit limits (if needed) 151 to prevent unexpected memory consumption from properly-constructed 152 JNG files with large dimensions. 153 154 *doc/options.imdoc (-strip): Added a caution to not use the -strip 155 option to remove author, copyright, and license information 156 when redistributing an image that requires them to be retained. 157 158 *doc/options.imdoc (-comment and -label): Document the fact that 159 only one comment or label is stored, and how they are stored in 160 PNG files. 161 162 2016-10-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 163 164 * coders/sgi.c (ReadSGIImage): Adjusts some variable types and 165 lessen the amount of casting. 166 167 2016-10-09 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 168 169 * coders/png.c (ReadJNGImage): Quiet COVERITY issue about 170 a potential memory leak. 171 172 2016-10-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 173 174 * coders/xcf.c (ReadXCFImage): Fix memory leak of layer_info for 175 some recently added error-return paths. 176 177 2016-10-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 178 179 * coders/sgi.c (ReadSGIImage): For RLE SGI image, defer memory 180 allocations for as long as possible and allow the file to prove 181 itself worthy before making the largest allocations. This helps 182 with rejecting bogus RLE files while avoiding rejecting valid 183 files. 184 185 2016-10-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 186 187 * coders/tiff.c (ReadTIFFImage): If TIFF uses Old JPEG 188 compression, then read using full tiles or strips. Solves 189 "Improper call to JPEG library in state 0. (LibJpeg)." error. 190 Problem was reported via email on October 6, 2016 by John Brown. 191 192 2016-10-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 193 194 * magick/attribute.c (GenerateEXIFAttribute): Fixed SourceForge 195 bug 400 "Exif orientation unknown for some JPEG files". Patch 196 submitted by Troy Patteson. 197 198 2016-10-02 Fojtik Jaroslav <JaFojtik@seznam.cz> 199 200 * coders/wpg.c Add sanity check for palette. Merge 201 RemoveLastImageFromList+AppendImageToList to ReplaceImageInList. 202 Possible heap overflow of colormap in Q8 build was assigned 203 CVE-2016-7996. Assertion crash due to blob != NULL was assigned 204 CVE-2016-7997. 205 206 2016-10-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 207 208 * coders/meta.c (parse8BIM): Fix unsigned underflow leading to 209 heap overflow when parsing 8BIM chunk. Problem was reported by 210 Marco Grassi via email on October 1, 2016. Problem was already 211 known (but not fixed) based on comments in the code. This issue 212 has been assigned CVE-2016-7800. 213 214 2016-09-28 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 215 216 * coders/xcf.c: Improve the robustness of the XCF reader by adding 217 more error checking. 218 219 2016-09-27 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 220 221 * coders/rle.c (RLEConstrainColormapIndex): Was not constraining 222 colormap index like it should be. This problem was added on 223 2016-09-23. 224 225 * www/thanks.rst: Added Moshe Kaplan to Thanks. 226 227 * www/Hg.rst: Mercurial URL fixes. Patch from Mark Mitchell. 228 229 * www/programming.rst: Updated programming APIs page. 230 231 2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 232 233 * magick/pixel_cache.c (OpenCache): Trace ExtendCache() failures. 234 235 2016-09-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 236 237 * coders/sgi.c (ReadSGIImage): Fix unexpectedly large memory 238 allocation with corrupt SGI file provided via email by Agostino 239 Sarubbo on September 15, 2016. 240 241 * coders/rle.c (ReadRLEImage): Only report an invalid colormap 242 index once. Fixes slowness problem with corrupt file provided via 243 email by Agostino Sarubbo on September 15, 2016. 244 245 2016-09-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 246 247 * www/thanks.rst: Added a 'thanks' page. 248 249 2016-09-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 250 251 * PerlMagick/MANIFEST: Fix content of PerlMagick MANIFEST. 252 253 2016-09-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 254 255 * coders/pcx.c (ReadPCXImage): Check that filesize is reasonable 256 given header. Fixes excessive memory allocation followed by 257 eventual file truncation error for corrupt file. Problem was 258 reported via email by Agostino Sarubbo on 2016-09-10. 259 260 * coders/sgi.c (ReadSGIImage): Check that filesize is reasonable 261 given header. Fixes excessive memory allocation followed by 262 eventual file truncation error for corrupt file. Problem was 263 reported via email by Agostino Sarubbo on 2016-09-09. 264 265 * coders/sct.c (ReadSCTImage): Fix stack-buffer read overflow 266 while reading SCT header. Problem was reported via email by 267 Agostino Sarubbo on 2016-09-09. 268 269 * coders/svg.c: Fix Coverity issue 135772 "RESOURCE_LEAK" and 270 issue 135829 "Null pointer dereferences". None of these issues 271 were new, but Coverity noticed them now. Reflowed source to GNU C 272 style for consistent indentation and so it does not fight with my 273 editor. 274 275 2016-09-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 276 277 * magick/common.h (MAGICK_HAS_ATTRIBUTE): Coverity is allergic to 278 __has_attribute() so don't use it for Coverity builds. 279 280 2016-09-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 281 282 * www/index.rst: Update for 1.3.25 release. 283 284 * version.sh: Update library versioning for 1.3.25 release. 285 286 * NEWS.txt: Make sure is up to date. 287 288 * Various fixes for minor issues noticed when compiling under 289 Visual Studio. 290 291 2016-08-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 292 293 * magick/studio.h (MAGICK_CACHE_LINE_SIZE): Apply patch from 294 Gentoo Linux to increase MAGICK_CACHE_LINE_SIZE to 128 when 295 __powerpc__ is defined. 296 297 2016-08-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 298 299 * NEWS.txt: Updated with latest changes. 300 301 2016-08-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 302 303 * coders/rle.c (ReadRLEImage): Reject truncated/absurd Utah RLE 304 files. Problem was reported by Agostino Sarubbo on August 19, 305 2016. This problem was assigned CVE-2016-7448 after the 1.3.25 306 release. 307 308 2016-08-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 309 310 * coders/tiff.c (ReadTIFFImage): Fix heap-based buffer read 311 overflow. TIFF sized attibutes were not being properly copied to 312 a null-terminated string if the value was not null terminated. 313 Problem was reported by Agostino Sarubbo on August 18, 2016. This 314 problem was assigned CVE-2016-7449 after the 1.3.25 release. 315 316 2016-08-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 317 318 * lcms/src/cmstypes.c (Type_MLU_Read): "Added an extra check to 319 MLU bounds", change based on github mm2/Little-CMS commit 320 5ca71a7bc18b6897ab21d815d15e218e204581e2 and announced to the 321 oss-security list by Ibrahim M. El-Sayed on Mon, 15 Aug 2016. 322 323 2016-08-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 324 325 * webp: Updated bundled libwebp to release 0.5.1. 326 327 * libxml: Updated bundled libxml2 to release 2.9.4. 328 329 * lcms: Updated bundled lcms2 to release 2.8. 330 331 * png: Update bundled libpng to release 1.6.24. 332 333 * coders/jpeg.c (ReadJPEGImage): Log setting resolution and 334 resolution units due to JFIF marker. 335 336 * coders/sgi.c (SGIDecode): Fix integer overflow of size type in 337 Win64 build where sizeof(long) < sizeof(size_t). 338 339 2016-08-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 340 341 * coders, magick: Compile clean using GCC with -std=c90. 342 343 * magick/describe.c (DescribeImage): The 'identify' and 'info' 344 functionality only shows the pixel read rate if image was not read 345 in 'ping' mode. Provide seconds timing with 6 digits of precision 346 since that is what is needed. 347 348 2016-08-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 349 350 * magick/describe.c (DescribeImage): Include milliseconds 351 resolution in elapsed time output. 352 353 * magick/timer.c (ElapsedTime): Use clock_gettime() (when 354 available with default linkage) to obtain elapsed time. 355 356 2016-08-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 357 358 * coders/yuv.c (WriteYUVImage): Fix benign clang compiler warning 359 regarding "variable 'x' is incremented both in the loop header and 360 in the loop body". 361 362 * configure.ac: Fixes to use clang's OpenMP runtime library 363 (-lomp) for clang 3.8 and later. Specifically tested with clang 364 3.8 on Ubuntu 16.04 'xenial'. Problem was reported by Holger 365 Hoffstätte via private email. 366 367 * NEWS.txt: Bring up to date with latest changes. 368 369 2016-07-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 370 371 * magick/render.c (DrawImage): Reject abnormally absurd gradient 372 size requests (many absurd requests are still allowed). Provide 373 detailed error reports when a gradient is rejected. 374 375 * coders/svg.c: Support units for 'stroke-dashoffset'. 376 377 2016-07-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 378 379 * magick/annotate.c (EscapeParenthesis): In private email on 380 2016-07-07, Gustavo Grieco notified us of a heap overflow in 381 EscapeParenthesis(). I was not able to reproduce the issue but 382 changed the implementation with the suspicion that the 383 implementation has a bug, and due to noticing arbitary limits and 384 inefficiency. This issue was assigned CVE-2016-7447 after the 385 1.3.25 release. 386 387 2016-07-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 388 389 * magick/render.c (DrawImage): Fix absolute and arbitrary gradient 390 dimension sanity checks which caused gradient requests to fail. 391 Resolves SourceForge issue #392 "SVG 'push defs' fails (Debian 392 bugs 829063 and 828120)". 393 394 2016-06-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 395 396 * www/security.rst: Add discussion of SVG format and SSRF 397 vulnerability. 398 399 2016-06-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 400 401 * coders/svg.c (ReadSVGImage): Assure that SVGInfo data is freed 402 when XMP parsing is aborted due to an error. 403 404 2016-06-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 405 406 * NEWS.txt: Updated NEWS with changes since last release. 407 408 * www/security.rst: Add a page about GraphicsMagick security. 409 410 2016-06-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 411 412 * magick/render.c (DrawPrimitive): Over-aggressive error reporting 413 was causing failures when elements were "drawn" off-image. 414 Resolves SourceForge issue #389 "Non-conforming drawing primitive 415 definition (line)". 416 417 2016-05-31 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 418 419 * magick/render.c (DrawImage): Fix problem while reading file 420 "tnamkejarz.svg.2532308010849170049" provided via private email 421 from Gustavo Grieco on May 31, 2016. 422 423 * magick/utility.c (MagickGetToken): Fix problem while reading 424 file "vqxwatmqmi.svg.-3669039972557308254" provided via private 425 email from Gustavo Grieco on May 31, 2016. 426 427 2016-05-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 428 429 * NEWS.txt: Update for 1.3.24 release. 430 431 * www/Changes.rst: Mention 1.3.24 release. 432 433 * www/index.rst: Update for 1.3.24 release. 434 435 * version.sh: Update library ABI information in preparation for 436 1.3.24 release. 437 438 * NEWS.txt: Updated NEWS to reflect fixes and issues. 439 440 2016-05-29 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 441 442 * NEWS.txt: Updated with latest news. 443 444 * magick/blob.c (OpenBlob): Remove support for reading input from 445 a shell command, or writing output to a shell command, by 446 prefixing the specified filename (containing the command) with a 447 '|'. This feature provided a remote shell execution opportunity 448 (CVE-2016-5118). 449 450 * coders/mat.c (ReadMATImage): Validate that MAT frames is not 451 zero. 452 453 2016-05-28 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 454 455 * magick/render.c (DrawImage): Be less optimistic when estimating 456 the number of points required to represent a path. This should 457 help address CVE-2016-2317 "Heap buffer overflow". This resolves 458 SourceForge issue #275 "Applying Clipping Path to high resolution 459 JPG". 460 461 2016-05-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 462 463 * magick/render.c (DrawImage): Fix problem while reading file 464 "pxypjhfdxf.svg.7406476585885697806" provided via via private 465 email from Gustavo Grieco on May 24, 2016. 466 467 * coders/svg.c: Fix problem while reading file 468 "pxypjhfdxf.svg.308008972284643989" provided via private email 469 from Gustavo Grieco on May 24, 2016. 470 471 2016-05-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 472 473 * coders/svg.c ("C"): Support font-size "medium". 474 475 2016-05-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 476 477 * NEWS.txt: Updated NEWS.txt to reflect latest changes. 478 479 * magick/render.c (DrawImage): Added DrawImage() recursion 480 detection/prevention. 481 482 * coders/svg.c (ReadSVGImage): Add basic primitive argument 483 validation. 484 485 * magick/render.c (DrawImage): Add basic primitive argument 486 validation. 487 488 2016-05-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 489 490 * coders/url.c (ReadURLImage): Reading "file://" URLs was not 491 working. Now file URLs are working. 492 493 2016-05-21 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 494 495 * coders/png.c: Respect JPEG limits (65535x65535) and user width 496 and height limits from "-limit" while reading or writing JNG files. 497 498 2016-05-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 499 500 * coders/url.c: Don't hide HTTP, FTP, and FILE URL support from 501 '-list format' output. Ignore HTTP, FTP, and FILE as a useful 502 file extension for determing the file format. 503 504 2016-05-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 505 506 * magick/render.c (ConvertPathToPolygon): Make sure that first 507 edge is initialized. Make sure that points is not null. 508 509 2016-05-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 510 511 * magick/render.c (DrawImage): Fixed segmentation violation while 512 reading file "275077586554139424.lqxdgqxtfs.svg" provided via 513 private email from Gustavo Grieco on May 15, 2016. This is due to 514 another CVE-2016-2317 related issue. 515 516 2016-05-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 517 518 * coders/svg.c ("C"): Fixed problems while reading files 519 "aaphrbkwwe.svg.-1899680443073025602", 520 "aaphrbkwwe.svg.-5751004588641220738", 521 "aaphrbkwwe.svg.-8875730334406147537", and 522 "aaphrbkwwe.svg.4495884156523242589" provided via private email 523 from Gustavo Grieco on February 8, 2016. 524 525 2016-05-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 526 527 * coders/dib.c (ReadDIBImage): Verify that DIB file data is 528 sufficient to meet claims made by file header. Validate image 529 planes. Fixes Fixes problem reported by Hanno Böck on May 8th, 530 2016 via private email entitled "malloc issue in ReadDIBImage". 531 532 2016-05-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 533 534 * coders/msl.c (RegisterMSLImage): Ignore the file extension on 535 MSL files. The only way to read an image from a MSL file (as 536 opposed to explicitly running a MSL script with 'conjure') is by 537 reading using a filename specification like "msl:filename". This 538 is done for security reasons. 539 540 * magick/render.c (DrawPrimitive): Fix Coverity issue 126378 541 "Resource leak". 542 543 * coders/mat.c (DecompressBlock): Fix Coverity issue 126379 544 "Resource leak". 545 546 * magick/render.c (DrawImage): Fix Coverity issue 126380 "Resource 547 leak". 548 549 2016-05-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 550 551 * magick/render.c (DrawPrimitive): Sanity check the image file 552 path or URL before passing it to ReadImage(). 553 554 * config/delegates.mgk.in: Pare down delegates.mgk to reduce 555 security exposure due to external programs not under our control. 556 557 2016-05-08 Fojtik Jaroslav <JaFojtik@seznam.cz> 558 559 * coders/mat.c Typo fix - matrix has nothing to do with PostScript. 560 561 2016-05-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 562 563 * coders/mat.c (DecompressBlock): Don't hang on a corrupt deflate 564 stream when reading matlab v6 file. Fixes problem reported by 565 Hanno Böck on May 8, 2016 via private email entitled "hang of 566 matlab input file". 567 568 2016-05-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 569 570 * magick/image.c (SetImageInfo): Undocumented "TMP" magick prefix 571 no longer removes the argument file after it has been read. This 572 functionality is only used to support the "show" delegate which is 573 used by options in the 'display' program which need to display a 574 generated image in a new instance of 'display'. The "show" 575 delegate is used by writing a temporary file to be viewed, and 576 which should be removed before the program quits. Since the "TMP" 577 feature was originally implemented, GraphicsMagick added a 578 temporary file management subsystem which assures that temporary 579 files are removed so this feature is not needed. 580 581 * coders/tiff.c (ReadTIFFImage): Fix heap overflow with file 582 "gkkxrilssm.tiff.-4678010562506843336" provided by Gustavo Grieco 583 on February 8, 2006 via private email. 584 585 * coders/viff.c (ReadVIFFImage): Fix problem with a very large 586 malloc in sample file provided by Hanno Böck on May 7, 2016 with 587 subject "large malloc in ReadVIFFImage". 588 589 * coders/mvg.c (RegisterMVGImage): Do not auto-detect MVG format 590 based on file extension. MVG files can then only be read by 591 adding a "MVG:" prefix to the file name. There is already no 592 auto-detection of MVG based on content. 593 594 2016-05-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 595 596 * coders/xpm.c (ReadXPMImage): Limit the number of XPM colors and 597 assure array initialization. Fixes bad behavior with a sample 598 file provided by Hanno Böck on May 6, 2016 with subject "Invalid 599 free in ReadXPMImage". 600 601 * coders/pcx.c (ReadPCXImage): Limit the number of PCX image 602 planes allowed. Fixes an unreasonable memory allocation in a 603 sample file provided by Hanno Böck on May 5, 2016. 604 605 2016-05-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 606 607 * config/delegates.mgk.in: Gnuplot files are inherently insecure. 608 Remove delegates support for reading them. Reported by John 609 Lightsey via private email. 610 Added -dSAFER to Ghostscript invokations in delegates.mgk for more 611 secure execution. Reported by David Chan via SourceForge bug 612 "#386 ghostscript delegates should explicitly use -dSAFER.". 613 614 * magick/constitute.c (ReadImages): Avoid possible infinite 615 ReadImage() recursion. 616 617 2016-05-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 618 619 * magick/render.c (DrawPolygonPrimitive): Fix divide by zero 620 exception encountered while reading file "sigfpe.svg" posted by 621 Gustavo Grieco on May 1, 2016 to the oss-security mailing list 622 with subject "CVE request: DoS in multiple versions of 623 GraphicsMagick". 624 (DrawDashPolygon): Fix endless loop problem caused by negative 625 stroke-dasharray arguments. Resolves problem observed while 626 reading file "circular.svg" posted by Gustavo Grieco on May 1, 627 2016 to the oss-security mailing list with subject "CVE request: 628 DoS in multiple versions of GraphicsMagick". 629 630 * magick/import.c (ImportViewPixelArea): Fix assertion while 631 reading TIFF file gkkxrilssm.tiff.105123337066 provided by Gustavo 632 Grieco. 633 634 2016-04-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 635 636 * coders/locale.c (ReadLOCALEImage): Make sure to close blob 637 before returning. 638 639 * coders/svg.c ("C"): Provide a hack work-around for double-quoted 640 font-family argument. 641 642 * magick/render.c (DrawImage): Make SVG path and other primitive 643 parsing more robust. Fixes SEGV when reading files provided by 644 CVE-2016-2318 test cases. Fixes CVE-2016-2318 completely. 645 646 2016-04-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 647 648 * magick/render.c (DrawImage): Fix heap buffer overflow when 649 reading aaphrbkwwe.svg.-1114777018469422437 from CVE-2016-2317 650 test cases. This resolves CVE-2016-2317 completely. 651 652 2016-04-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 653 654 * magick/command.c (MogrifyImageCommand): Added mogrify 655 -preserve-timestamp option to preserve file access and 656 modification timestamps. Contributed by Niko Rosvall via 657 SourceForge patch #45 "preserve-timestamp option for mogrify 658 command." 659 660 2016-04-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 661 662 * magick/blob.c: Added ReadBlobLSBSignedShort(), 663 ReadBlobMSBSignedShort(), 664 ReadBlobLSBSignedLong(),ReadBlobMSBSignedLong(), 665 WriteBlobLSBSignedShort(), WriteBlobLSBSignedLong(), 666 WriteBlobMSBSignedLong(), WriteBlobMSBSignedShort() for doing I/O 667 on signed integer types without the need for dangerous casts or 668 unexpected values due to signed/unsigned conversion. 669 670 2016-04-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 671 672 * NEWS.txt: Updated with latest changes. 673 674 * magick/constitute.c (ReadImage): Added asserts to check that the 675 I/O blob is not still open in the returned image since this causes 676 problems. 677 678 * magick/blob.c (CloneBlobInfo): Use a cloning approach which does 679 not require manually keeping structure members in sync. 680 681 * coders/msl.c (ProcessMSLScript): Need to close I/O blob before 682 returning. 683 684 * coders/psd.c (ReadPSDImage): Assure that allocated image is not 685 dereferenced before checking if it is NULL. Check some memory 686 calculations for overflow. 687 (ReadPSDImage): Need to close I/O blob before returning. 688 689 * coders/dib.c (ReadDIBImage): Use DestroyBlob() rather than 690 DestroyBlobInfo(). 691 692 * coders/bmp.c (ReadBMPImage): Use DestroyBlob() rather than 693 DestroyBlobInfo(). 694 695 * magick/blob.c: Improve blob tracing. 696 697 2016-04-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 698 699 * coders/bmp.c (ReadBMPImage): Fix reading 24-bit Microsoft BMP 700 which claims to have a colormap. 701 702 2016-04-13 Fojtik Jaroslav <JaFojtik@seznam.cz> 703 704 * PerlMagick/t/input_complex_lsb_double_V4.mat Demo Matlab V4 705 complex file. 706 * coders/mat.c Missing break added. 707 708 2016-04-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 709 710 * coders/xpm.c (ReadXPMImage): Fix SourceForge issue #361 711 "out-of-bounds read in coders/xpm.c:150:24" 712 713 * coders/psd.c (ReadPSDImage): Add some defensive code to assure 714 that image layers are not freed twice. 715 716 2016-04-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 717 718 * magick/log.c (InitializeLogInfo): Simplify LogInfo structure and 719 its allocation in order to lessen the amount of fixed overhead. 720 721 2016-04-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 722 723 * coders/jp2.c (WriteJP2Image): Fix SourceForge issue #378 "jp2: 724 impossible to create lossless jpeg-2000". With this fix, 725 specifying 'define jp2:rate=1.0' or '-quality 100' results in a 726 lossless JP2 file. 727 728 2016-04-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 729 730 * magick/common.h: Update for GCC 5. 731 732 * PerlMagick/MANIFEST: Update PerlMagick manifest. 733 734 * PerlMagick/t/{read.t, write.t}: Add tests for MAT v4. 735 736 2016-04-03 Fojtik Jaroslav <JaFojtik@seznam.cz> 737 738 * coders/mat.c Matlab V4 attempt to read complex part of data. 739 740 2016-04-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 741 742 * PerlMagick/t/features.pl.in: Provide a way that PerlMagick 743 feature tests can test if a feature is supported. Use it to make 744 the PSD test optional. 745 746 * coders/Makefile.am: Only build PSD module if 747 ENABLE_BROKEN_CODERS is enabled. 748 749 * magick/module.c (UnloadModule): Only invoke the module 750 unregister function if it is defined. The module register 751 function is not defined if either the register or unregister 752 functions were not found in the module which was loaded. 753 754 2016-04-02 Fojtik Jaroslav <JaFojtik@seznam.cz> 755 756 * coders/mat.c Matlab V4 files are also rotated. 757 * PerlMagick/t/input_gray_lsb_double_V4.mat Demo Matlab V4 file. 758 759 2016-04-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 760 761 * magick/magick.c (GetMagickInfo): Only declare that ExceptionInfo 762 argument is not used if modules are not supported. 763 764 2016-03-28 Fojtik Jaroslav <JaFojtik@seznam.cz> 765 766 * coders/mat.c Attempt to read Matlab V4 files. 767 768 2016-03-27 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 769 770 * magick/image.c (DestroyImage): Simply return if image is NULL 771 since it is more user-friendly. 772 773 * magick/shear.c (RotateImage): Fix Coverity issue 124519 774 "Logically dead code". 775 776 * magick/effect.c (BlurImage): Fix Coverity issue 124520 777 "Dereference after null check". 778 779 * coders/pdb.c (WritePDBImage): Fix SourceForge bug #360 780 "out-of-bounds read in utilities/gm+0x80fcc71) (PDB reader)". 781 782 * coders/meta.c (convertHTMLcodes): Fix SourceForge bug #373 783 "out-of-bounds read in coders/meta.c:444:50" 784 (ReadMETAImage): Fix SourceForge bug #364 "out-of-bounds write in 785 coders/meta.c:1331:7". 786 787 2016-03-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 788 789 * coders/sgi.c (ReadSGIImage): Fix SourceForge bug #366 790 "out-of-bounds write in coders/sgi.c:528:4" and bug #369 791 "out-of-bounds write in coders/sgi.c:535:4". 792 793 * coders/rle.c (ReadRLEImage): Fix SourceForge bug #371 794 "out-of-bounds read in coders/rle.c:633:39". 795 796 2016-03-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 797 798 * coders/dib.c (ReadDIBImage): Fix SourceForge bug #367 799 "out-of-bounds read in coders/dib.c:706:13" and bug #370 800 "out-of-bounds read in coders/dib.c:716:15". 801 802 * coders/pict.c (ReadPICTImage): Fix SourceForge bug #365 803 "out-of-bounds read in magick/image.c:1305:3" 804 805 * magick/utility.c (GetPageGeometry): Fix SourceForge bug #374 806 "out-of-bounds write in magick/utility.c:4355:7" 807 808 2016-03-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 809 810 * coders/miff.c (ReadMIFFImage): Fix SourceForge bug #376 "SIGABRT 811 in magick/colorspace.c:1052". 812 813 * magick/shear.c (RotateImage): Fix SourceForge bug #375 "SIGABRT 814 in magick/image.c:1230". 815 816 * coders/sun.c (DecodeImage): Fix SourceForge bug #368 817 "out-of-bounds read in coders/sun.c:223:17" and bug #363 818 "out-of-bounds read in coders/sun.c:221:16". 819 820 2016-03-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 821 822 * coders/svg.c (GetUserSpaceCoordinateValue): Fix stack buffer 823 overflow when reading file 'aaphrbkwwe.svg.-632425326915265752' 824 from CVE-2016-2317 problem files. Partial fix for SourceForge bug 825 #358 "CVE-2016-2317 - SVG heap/stack buffer overflows". 826 827 * magick/utility.c (MagickGetToken): New private function to 828 replace GetToken(). The new function accepts a token buffer 829 length argument. GetToken() is modified to assume a token buffer 830 length 'MaxTextExtent'. All code using GetToken() is updated to 831 use MagickGetToken(). 832 833 * coders/svg.c: Fix heap buffer overflow when reading file 834 "aaphrbkwwe.svg.4495884156523242589" from CVE-2016-2317 problem 835 files. Partial fix for SourceForge bug #358 "CVE-2016-2317 - SVG 836 heap/stack buffer overflows". 837 838 2016-03-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 839 840 * coders/psd.c (ReadPSDImage): Fix SourceForge bug #341 841 "out-of-bounds read in coders/psd.c:1435". 842 (WriteWhiteBackground): Fix SourceForge bug #350 "SEGV in 843 coders/psd.c:1685". 844 (DecodeImage): Fix SourceForge bug #351 "heap-buffer-overflow in 845 coders/psd.c:142". 846 (ReadPSDImage): Fix SourceForge bug #342 "out-of-bounds write in 847 coders/psd.c:892" 848 849 * coders/xcf.c (load_tile): Fix SourceForge bug #337 850 "heap-buffer-overflow in coders/xcf.c:373". 851 852 * coders/pict.c (WritePICTImage): Fix SourceForge bug #340 853 "out-of-bounds write in coders/pict.c:1929". 854 855 * coders/pdb.c (WritePDBImage): Fix SourceForge bug #348 856 "heap-buffer-overflow in coders/pdb.c:949:26". 857 858 * coders/xpm.c (ReadXPMImage): Fix SourceForge bug #334 859 "heap-buffer-overflow in coders/xpm.c:150". 860 861 2016-03-09 Fojtik Jaroslav <JaFojtik@seznam.cz> 862 863 * coders/mat.c Fixed huge image limitation. 864 865 2016-03-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 866 867 * coders/sun.c (WriteSUNImage): Fix SourceForge bug #343 868 "out-of-bounds write in coders/sun.c:962". 869 870 * coders/rle.c (ReadRLEImage): Fix SourceForge bug #344 871 "out-of-bounds write in coders/rle.c:524". 872 873 * coders/xpm.c (ReadXPMImage): Fix SourceForge bug #335 874 "out-of-bounds read in coders/xpm.c:154 ". 875 876 2016-03-06 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 877 878 * doc/options.imdoc (-extent): Revised the example to 879 clarify the interaction of -gravity with the "geometry" offsets. 880 881 2016-03-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 882 883 * configure.ac: Add support for --enable-broken-coders which 884 determines if broken or hazardous file format support should be 885 enabled in the build. Currently Adobe Photoshop (PSD) format is 886 included in this category. 887 888 * Rotate Changelog for new year. Update documentation copyrights 889 for new year. 890 891 2016-03-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 892 893 * tiff/libtiff/tif_config.h (HAVE_SNPRINTF): Define HAVE_SNPRINTF 894 when using Microsoft Visual C++ 14 (Visual Studio 2015) or later. 895 This is based on advice by Pablo Elpuro. 896 897 2016-02-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 898 899 * Magick++/lib/Image.cpp (xResolution): New method to support 900 setting the horizontal resolution with double precision. 901 (yResolution): New method to support setting the vertical 902 resolution with double precision. 903 904 * www/Hg.rst: Document the ssh public keys for the server hosting 905 the development Mercurial repository. 906 907 2016-02-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 908 909 * coders/xpm.c (ReadXPMImage): Fix SourceForge bug #333 910 heap-buffer-overflow in coders/xpm.c:409. 911