github.com/kaydxh/golang@v0.0.131/pkg/gocv/cgo/third_path/graphics-magick/share/doc/GraphicsMagick/ChangeLog.2017 (about) 1 2017-12-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 2 3 * tests/rwfile.tap: Add tests for MIFF compressed sub-formats. 4 5 2017-12-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 6 7 * magick/blob.c (OpenBlob): Zlib 1.2.8 does not accept an open 8 mode of "w+b" or "wb+". It seems to be allergic to '+'. As a 9 result, writing to ".gz" files was not working with Zlib 1.2.8. 10 Note that "w+b" must be used in the normal case since the test 11 suite fails otherwise! 12 13 2017-12-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 14 15 * coders/png.c (ReadMNGImage): Fix SourceForge issue #535 16 "heap-buffer-overflow in ReadMNGImage". Problem was caused by 17 accessing byte before testing that limit has been reached, rather 18 than testing for limit before accessing the byte. This means that 19 it could only ever read one past the buffer allocation size. 20 21 * coders/webp.c (WriteWEBPImage): Fix SourceForge issue #536 22 "stack-buffer-overflow in WriteWEBPImage". Due to a change to use 23 WebPMemoryWriter as part of the EXIF and ICC profile support 24 addition (enabled with libwebp 0.5.0), the progress indicator 25 callback is now passed a pointer to a wrong structure. This is 26 quite unfortunate since the progress indication is useful. The 27 progress indication is temporarily disabled when the 28 WebPMemoryWriter is in use until a solution is implemented. 29 (ProgressCallback): Re-implement progress callback so that image 30 pointer is stored/retrieved as thread-specific data. 31 32 * coders/png.c (ReadMNGImage): Fix SourceForge issue #537 "null 33 pointer dereference in ReadMNGImage". DEFI chunk must be at least 34 2 bytes long. 35 36 * coders/tiff.c (ReadNewsProfile): Fix SourceForge issue #533 37 "heap-buffer-overflow on LocaleNCompare". LocaleNCompare() was 38 being allowed to read heap data beyond the allocated region. 39 40 2017-12-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 41 42 * magick/shear.c (IntegralRotateImage): Assure that reported error 43 in rotate by 270 case does immediately terminate processing. 44 Return a NULL Image pointer if there is a problem rather than a 45 corrupted image. Fix is related to SourceForge issue #532 46 "heap-buffer-overflow bug in ReadWPGImage". 47 48 * magick/pixel_cache.c (AcquireCacheNexus): Add a check that the 49 pixel cache is compatible with the image dimensions. Fix is 50 related to SourceForge issue #532 "heap-buffer-overflow bug in 51 ReadWPGImage". 52 53 2017-12-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 54 55 * coders/png.c (ReadOneJNGImage): Fix SourceForge issue #530 56 "heap-buffer-overflow in ReadOneJNGImage". In this case there is 57 a read one byte beyond the oFFs chunk allocation size due to an 58 error in specifying an offset into the chunk. 59 60 * coders/palm.c (ReadPALMImage): Fix SourceForge issue #529 61 "global-buffer-overflow in ReadPALMImage". This issue only 62 occured in builds with QuantumDepth=8 due to the small range of 63 IndexPacket. 64 65 2017-12-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 66 67 * PerlMagick/{Magick.pm, Magick.pm.in, Makefile.PL.in}: Only base 68 PerlMagick version on numeric portion of PACKAGE_VERSION. 69 70 2017-12-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 71 72 * www/index.rst: Update to 1.3.27. 73 74 * www/Changes.rst: Add 1.3.27 75 76 * version.sh: Update library versioning. 77 78 * NEWS.txt: Update NEWS in preparation for releasing 1.3.27. 79 80 2017-12-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 81 82 * coders/dcm.c (DCM_ReadElement): Change size checks addressing 83 CVE-2017-12140 to be based on size_t rather than magick_off_t due 84 to apparent instability of the previous check across compilers. 85 86 2017-12-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 87 88 * coders/png.c (WriteOnePNGImage): Fix heap read access outside of 89 allocated PixelPacket array while testing pixels for opacity. 90 Resolves SourceForge issue #526 "heap-buffer-overflow in 91 WriteOnePNGImage". 92 93 2017-12-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 94 95 * coders/pnm.c (WritePNMImage): Fix SourceForge bug #525 96 "heap-buffer-overflow in MagickBitStreamMSBWrite". 97 98 2017-12-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 99 100 * coders/dcm.c (DCM_ReadElement): Eliminate huge memory allocation 101 based on bogus length value. Addresses CVE-2017-12140. Problem was 102 reported via email from Petr Gajdos on Tue, 5 Dec 2017. 103 104 2017-12-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 105 106 * Magick++/lib/Image.cpp (colorMap): Try to eliminate Coverity CID 107 172796 "Dereference after null check" which seems to be bogus. 108 109 * coders/png.c (WriteOnePNGImage): Fix Coverity CID 168053 110 "Dereference after null check". The check for null and the error 111 report which attempted to use the null value was not needed at 112 all. 113 114 * coders/cut.c (GetCutColors): Fix Coverity CID 10181: "Null 115 pointer dereferences". SetImagePixels() may return NULL. 116 117 * coders/rgb.c (ReadRGBImage): Fix SourceForge issue #523 118 "heap-buffer-overflow". Similar issue to cmyk.c. 119 120 * coders/gray.c (ReadGRAYImage): Fix SourceForge issue #522 121 "heap-buffer-overflow". Similar issue to cmyk.c. 122 123 * coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #521 124 "heap-buffer-overflow". The requested tile must be within the 125 bounds of the image. As it happens, 'montage' passes size and 126 tile information which is useless for reading a raw image so it is 127 not possible to read raw CMYK using 'montage'. 128 129 2017-12-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 130 131 * coders/pwp.c (ReadPWPImage): Eliminate dereference of null image 132 pointer. Addresses CVE-2017-11640. Also address access to 133 uninitialized memory. Problem was reported via email from Petr 134 Gajdos on Wed, 29 Nov 2017. 135 136 2017-11-22 Fojtik Jaroslav <JaFojtik@seznam.cz> 137 138 * coders/wpg.c Additional check for wrong bpp CVE-2017-14342. 139 140 141 2017-11-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 142 143 * Magick++/lib/Image.cpp (autoOrient): Add method to auto-orient 144 an image so it looks right-side up by default. Based on patch by 145 Przemysław Sobala submitted as SourceForge patch #53 "Add 146 Magick::Image::autoOrient() method to Magick++ library". 147 148 * www/download.rst: Change "Czechoslovakian ftp mirror" to "Czech 149 ftp mirror". Resolves SourceForge bug #520 "[web] Download sites: 150 non-existent country". 151 152 2017-11-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 153 154 * coders/wpg.c (ReadWPGImage): Fix excessive use of disk resources 155 due to unreasonable record length. Addresses CVE-2017-14341. 156 Notified of this issue (with suggested patch) via email by Petr 157 Gajdos on Tue, 21 Nov 2017. 158 159 2017-11-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 160 161 * README.txt: Comprehensive white-space clean-up across 162 GraphicsMagick core source files. Hard TAB character is converted 163 to spaces. Trailing white-space garbage is stripped. 164 165 * magick/colormap.c (MagickConstrainColormapIndex): Deprecate use 166 of MagickConstrainColormapIndex() and prefer use of 167 VerifyColormapIndex() and VerifyColormapIndexWithColors() due to 168 avoiding dependence on index type, allowing provision of colors 169 other than image->colors, and capturing more useful source file 170 and line information. 171 172 * coders/{rle.c, mat.c, xbm.c, sgi.c, png.c}: Eliminate size_t vs 173 unsigned 32 conversion warnings in WIN64 build. 174 175 2017-11-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 176 177 * tiff: Import libtiff 4.0.9. 178 179 2017-11-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 180 181 * coders/bmp.c (DecodeImage): "Right-size" and "Right-type" 182 DecodeImage() variables and check for EOF at every point of the 183 way. Pass buffer size as an argument. 184 185 * coders/dib.c (DecodeImage): "Right-size" and "Right-type" 186 DecodeImage() variables and check for EOF at every point of the 187 way. Pass buffer size as an argument. 188 189 * coders/bmp.c (_BMPInfo): "Right-size" BMPInfo members. The 190 'long' type is promoted to 64-bit on LP64 systems and the large 191 size is not needed. 192 193 2017-11-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 194 195 * coders/webp.c: Incorporate patch by Jan Spitalnik to add EXIF 196 and ICC metadata support to the WebP coder. While WebP is still 197 supported back to libwebp 0.1.99, the metadata support requires at 198 least libwebp 0.5.0. Resolves SourceForge patch #52 "Add EXIF/ICC 199 metadata support to WebP coder". 200 201 * coders/png.c (ReadOneJNGImage): Fix JNG memory leaks when JPEG 202 image fails to be read. 203 (WriteOnePNGImage): Promotion of indexed PNG to RGBA lacked 204 setting of image matte, resulting in undersized buffer allocation 205 and heap overflow. Fixes SourceForge bug #453 "Heap overflow in 206 source-gra/coders/png.c". 207 208 2017-11-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 209 210 * coders/sfw.c (SFWScan): Fix heap buffer overflow 211 (CVE-2017-13134). Notified of problem via email (including a 212 patch) from Petr Gajdos on Mon, 6 Nov 2017. 213 214 2017-11-05 Fojtik Jaroslav <JaFojtik@seznam.cz> 215 216 * coders/wpg.c Wrong MaxMap check condition - fixed. 217 218 2017-11-04 Fojtik Jaroslav <JaFojtik@seznam.cz> 219 220 * coders/wpg.c Check for InsertRow() return value. 221 222 2017-11-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 223 224 * magick/export.c: Add not-null check for indexes pointer where 225 needed. 226 227 * magick/import.c: Add not-null check for indexes pointer with 228 associated exception report where the indexes pointer is needed. 229 (ImportCMYKQuantumType): Was wrongly importing an opacity channel 230 in some cases. Would have crashed if these cases were ever used. 231 232 * coders/wpg.c (ReadWPGImage): Assure that colormapped image is a 233 PseudoClass type with valid colormapped indexes. Fixes 234 SourceForge bug 519 "Null Pointer Dereference (Write) with 235 malformed WPG Image". 236 237 * coders/sfw.c (ReadSFWImage): Avoid possible heap overflow while 238 copying JFIF magic into buffer. Reject runt files. Fixes 239 CVE-2017-12983. Notified of problem via email from Petr Gajdos on 240 Thu, 2 Nov 2017. 241 242 2017-10-28 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 243 244 * magick/render.c (DrawImage): Fix SourceForge bug #517 "Push 245 operations in DrawImage can lead to negative strncpy when looking 246 for pop". Interestingly, valgrind and ASAN only detected a 247 problem with one of the test cases since exercised code which 248 updated an array using the index. It appears that Linux strncpy() 249 simply ignores the bad request. 250 251 2017-10-27 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 252 253 * coders/png.c (ReadOneJNGImage): Make sure that a reasonable 254 exception is reported to the user when there is a read failure. 255 256 2017-10-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 257 258 * coders/png.c (ReadOneJNGImage): Reject JNG files with 259 unreasonable dimensions given the file size. 260 261 2017-10-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 262 263 * coders/png.c (ReadOneJNGImage): Fix SourceForge bug #518 "Null 264 pointer in". Also make sure that errors are reported properly due 265 to problems with transferring JPEG scanlines. 266 (ReadOneJNGImage): Add more checks for null value returned from 267 SetImagePixels(). 268 269 2017-10-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 270 271 * magick/describe.c (DescribeImage): Fix possible heap read 272 overflow while accessing heap data, and possible information 273 disclosure while describing the IPTC profile. Report was provided 274 via email from Maor Shwartz to the graphicsmagick-security mail 275 alias on Thu, 19 Oct 2017. Independent security researchers, 276 Jeremy Heng (@nn_amon) and Terry Chia (Ayrx), reported this 277 vulnerability to Beyond Security’s SecuriTeam Secure Disclosure 278 program. Please note that this interface is usually (but not 279 exclusively) used from within the command-line utility program, in 280 which case there is not much useful information which might be 281 disclosed. 282 (DescribeImage): Fix possible heap write overflow when describing 283 visual image directory. Report was provided via email from Maor 284 Shwartz to the graphicsmagick-security mail alias on Thu, 19 Oct 285 2017. Independent security researchers, Jeremy Heng (@nn_amon) 286 and Terry Chia (Ayrx), reported this vulnerability to Beyond 287 Security’s SecuriTeam Secure Disclosure program. Please note that 288 this interface is usually (but not exclusively) used from within 289 the command-line utility program, in which case the only harm 290 would be a program crash. 291 292 * magick/constitute.c (WriteImage): Assure that the errno present 293 when the blob error status first occured is reported to the user. 294 295 * magick/blob.c (GetBlobStatus): Blob error status is now updated 296 immediately upon the first error reported. 297 (GetBlobFirstErrno): Returns errno value when the first blob error 298 was reported. This is useful for error reporting. 299 300 2017-10-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 301 302 * magick/constitute.c (WriteImage): Restore use of GetBlobStatus() 303 to test if an I/O error was encountered while writing output file. 304 This assures that I/O failure in writers which do not themselves 305 verify writes is assured to be reported. 306 307 2017-10-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 308 309 * coders/webp.c (WriterCallback): WebP writer now detects partial 310 write to output file. Patch by Przemysław Sobala from a posting 311 on Mon, 16 Oct 2017 via the graphicsmagick-help mailing list. 312 313 2017-10-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 314 315 * magick/command.c (MontageImageCommand): Fix memory leaks in 316 error return path. Only people doing leak testing or the few who 317 execute MontageImageCommand() as a function will care about this. 318 319 * magick/studio.h (NumberOfObjectsInArray): The 320 NumberOfObjectsInArray() macro is used to compute the number of 321 whole objects in an array. Instead it was rounding up, resulting 322 in scrambling the heap beyond the allocation. Fixes 323 CVE-2017-13737 "There is an invalid free in the MagickFree 324 function in magick/memory.c in GraphicsMagick 1.3.26 that will 325 lead to a remote denial of service attack." 326 327 2017-10-09 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 328 329 * coders/png.c (ReadOnePNGImage): Suppress "comparison between 330 signed and unsigned integer expressions" warning. 331 * coders/png.c (ReadJNGImage): Fix memory leak in SourceForge 332 Issue #469 "use after free in ReadJNGImage". 333 * coders/png.c (ReadJNGImage): Fix memory leak in SourceForge 334 Issue #470 "Assert failure in writeblob". 335 336 2017-10-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 337 338 * doc/options.imdoc: Fix SourceForge issue #444 "gm mogrify: Wrong 339 documentation for option -output-directory". 340 341 2017-10-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 342 343 * magick/module.c (InitializeModuleSearchPath): Verify that any 344 component paths specified in MAGICK_CODER_MODULE_PATH and 345 MAGICK_FILTER_MODULE_PATH exist before adding them to search paths 346 actually used, and convert to real paths if possible. This avoids 347 possible use of relative paths to load modules (a possible 348 security issue) and may improve efficiency by removing 349 non-existent paths. 350 351 * coders/yuv.c (ReadYUVImage): Fix leak of scanline upon Image 352 allocation failure. Patch submitted by Petr Gajdos via email on 353 Fri, 6 Oct 2017. 354 355 2017-09-13 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 356 357 * coders/png.c: Attempt to fix SourceForge Issue #469 "use after 358 free in ReadJNGImage". Note that this change was found to replace 359 a use after free with a memory leak so the problem is not solved 360 yet. 361 362 2017-10-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 363 364 * coders/dcm.c (DCM_ReadNonNativeImages): Additional fix 365 (improvement) for SourceForge issue #512 "NULL Pointer Dereference 366 in DICOM Decoder". 367 368 2017-10-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 369 370 * coders/dcm.c (ReadDCMImage): Fix SourceForge issue #512 "NULL 371 Pointer Dereference in DICOM Decoder". 372 373 * coders/pict.c (ReadPICTImage): Fix SourceForge issue #511 374 "Memory Allocation error due to malformed image file". 375 376 * coders/pnm.c (WritePNMImage): Fix SourceForge issue #503 "memory 377 leak in WritePNMImage". 378 379 * coders/png.c (ReadMNGImage): Fix SourceForge issue #501 "memory 380 leak in ReadMNGImage". 381 382 * magick/segment.c (InitializeIntervalTree): Fix SourceForge issue 383 #507 "null pointer in segment.c" and issue #508 "null pointer in 384 segment.c". 385 386 * coders/topol.c (ReadTOPOLImage): Fix SourceForge issue #510 387 "null pointer and meory leak in topol.c". 388 389 * magick/widget.c (MagickXFileBrowserWidget): Fix SourceForge 390 issue #506 "null pointer in widget.c". 391 392 * coders/tiff.c (WriteTIFFImage): Fix SourceForge issue #509 393 "Memory leak in tiff.c". 394 395 * magick/module.c (FindMagickModule): Fix SourceForge issue #502 396 "null pointer in module.c". 397 398 * coders/avs.c (ReadAVSImage): Fix Coverity CID 184115 "Control 399 flow issues (DEADCODE)". 400 401 2017-09-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 402 403 * coders/avs.c (ReadAVSImage): Fix SourceForge issue #499 "memory 404 leak in avs.c". 405 406 * coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #498 407 "memory leak in cmyk.c". 408 409 * coders/cut.c (ReadCUTImage): Fix SourceForge issue #497 "memory 410 leak in cut.c". 411 412 * coders/dpx.c (ReadDPXImage): Fix SourceForge issue #496 "memory 413 leak in dpx.c". 414 415 * coders/hdf.c (ReadHDFImage): Fix SourceForge issue #495 "memory 416 leak in hdf.c". 417 418 * coders/pcx.c (ReadPCXImage): Fix SourceForge issue #494 "memory 419 leak in pcx.c". 420 421 * coders/pcd.c (ReadPCDImage): Fix SourceForge issue #493 "memory 422 leak in ReadPCDImage". 423 424 * coders/histogram.c (WriteHISTOGRAMImage): Fix SourceForge issue 425 #492 "memory leak in WriteHISTOGRAMImage". 426 427 * coders/gif.c (WriteGIFImage): Fix SourceForge issue #491 "memory 428 leak in WriteGIFImage". 429 430 * coders/fits.c (WriteFITSImage): Fix SourceForge issue #490 431 "memory leak in WriteFITSImage". 432 433 * coders/palm.c (WritePALMImage): Fix SourceForge issue #489 434 "memory leak in WritePALMImage". 435 436 * coders/rgb.c (ReadRGBImage): Fix SourceForge issue #488 "Memory 437 leak in rgb.c". 438 439 * coders/palm.c (ReadPALMImage): Fix SourceForge issue #487 "NULL 440 pointer dereference in ReadPALMImage". 441 442 * Magick++/lib/Options.cpp (strokeDashArray): Fix SourceForge 443 issue #486 "NULL pointer dereference in 444 Magick::Options::strokeDashArray". 445 446 * magick/nt_feature.c (NTGetTypeList): Fix SourceForge issue #485 447 "NULL pointer dereference in NTGetTypeList". 448 449 * coders/sun.c (ReadSUNImage): Fix SourceForge issue #484 "Memory 450 leak in sun.c". 451 452 * coders/tim.c (ReadTIMImage): Fix SourceForge issue #483 "Memory 453 leak in tim.c". 454 455 * magick/nt_base.c (NTRegistryKeyLookup): Fix SourceForge issue 456 #482 "NULL pointer dereference in NTRegistryKeyLookup". 457 458 * coders/viff.c (ReadVIFFImage): Fix SourceForge issue #481 459 "Memory leak in viff.c". 460 461 * magick/profile.c (SetImageProfile): Fix SourceForge issue #480 462 "assertion failure in MagickMapAllocateMap". 463 464 * coders/yuv.c (ReadYUVImage): Fix SourceForge issue #478 "Memory 465 leak in yuv.c". 466 467 * magick/map.c (MagickMapCloneMap): Fix SourceForge issue #477 468 "assertion failure in MagickMapIterateNext". 469 470 * coders/emf.c (ReadEnhMetaFile): Fix SourceForge issue #475 "NULL 471 pointer dereference in ReadEnhMetaFile". 472 473 * coders/cineon.c (ReadCINEONImage): Fix SourceForge issue #473 474 "NULL pointer dereference in ReadCINEONImage" 475 476 * coders/tiff.c (TIFFIgnoreTags): Fix SourceForge issue #476 "NULL 477 Pointer in tiff.c". 478 479 2017-09-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 480 481 * magick/blob.c (GetConfigureBlob): Fix SourceForge issue #472 482 "NULL Pointer in GetConfigureBlob". 483 484 2017-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 485 486 * coders/rle.c (ReadRLEImage): Fix SourceForge issue #458 "Heap 487 out of bounds read in ReadRLEImage()". 488 489 2017-09-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 490 491 * coders/sgi.c (ReadSGIImage): Check for EOF while reading SGI 492 file header. Issue was brought to our attention by Petr Gajdos 493 via email on Fri, 1 Sep 2017. 494 495 2017-09-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 496 497 * coders/tiff.c (ReadTIFFImage): Allow a single scanline, strip, 498 tile, to be 1000X larger than the input file in order to not cause 499 problems for extremely compressible images or tile sizes much 500 larger than the pixel dimensions. 501 502 2017-09-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 503 504 * magick/symbols.h, wand/wand_symbols.h: Update C library symbols 505 which should be prefixed with 'Gm'. However, GM will not move 506 Magick++ namespace because of the ImageMagick version. Resolves 507 SourceForge issue #468 "--enable-symbol-prefix does not prevent 508 clashes with libMagick++ or libMagickWand?" 509 510 * coders/png.c (DestroyJNG): DestroyJNG should be a static 511 function. Was wrongly exposed as DestroyJNGInfo in 1.3.26. This 512 is not a public function and was not intended to be part of the 513 ABI. 514 515 * coders/tiff.c (ReadTIFFImage): Limit scanline, strip, and tile 516 memory allocations based on file size multiplied by a maximum 517 compression ratio. Fixes SourceForge issues #460, #461, #462, 518 #463, #464 "allocation failure in ReadTIFFImage". 519 520 * coders/pnm.c (ReadPNMImage): Require that XV 332 format have 256 521 colors. Fixes SourceForge issue #465 "NULL Pointer Dereference 522 triggered by malformed file". In our own testing the test case 523 produced an assertion failure because assertions were enabled. 524 525 * magick/colormap.c (AllocateImageColormap): Use unsigned array 526 index. 527 528 2017-09-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 529 530 * coders/mat.c (ReadMATImage): Fix CVE-2016-10070, which is a heap 531 overflow in the MAT reader due to an under-sized memory 532 allocation. Based on private email from Petr Gajdos on Mon, 11 533 Sep 2017. 534 535 2017-09-13 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 536 537 * coders/png.c: Check MemoryResource before allocating 538 ping_pixel array. 539 540 2017-09-11 Fojtik Jaroslav <JaFojtik@seznam.cz> 541 542 * magick/shear.c: Possible evil loop might waste CPU for long time 543 without any reason. 544 545 2017-09-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 546 547 * magick/render.c (DrawImage): Fix SourceForge issue #448 "Heap 548 out of bounds read in DrawDashPolygon()". Problem was reported by 549 Kamil Frankowicz on August 28, 2017. 550 551 * coders/uil.c (WriteUILImage): Fix crash in UIL writer when 552 writing image containing transparency. Issue was reported by 553 LCatro via email on 18 Jul 2017. 554 555 * coders/wpg.c (InsertRow): Fix crash which occurs if image is not 556 PseudoClass but a PseudoColor scanline is needed. Resolves 557 SourceForge issue #449 "Null pointer dereference in InsertRow()". 558 559 * coders/rle.c (ReadRLEImage): Impose image dimension limits 560 according to Utah RLE specification. Cap number of planes handled 561 internally at 4. Remove non-standard multi-frame extension, which 562 did not work anyway. 563 564 2017-09-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 565 566 * coders/png.c (ReadJNGImage): Complete fixing CVE-2017-8350 crash 567 while reading a malformed JNG file. 568 569 * coders/{html.c, map.c, plasma.c, png.c, psd.c, rle.c, stegano.c, 570 uil.c}: Downgrade claimed coder stability level for HTML, SHTML, 571 MAP, FRACTAL, PLASMA, JNG, MNG, RLE, STEGANO, and UIL formats. 572 573 2017-09-08 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 574 575 * coders/png.c (ReadJNGImage): More efforts toward fixing 576 CVE-2017-8350 while reading a malformed JNG file. 577 578 2017-09-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 579 580 * magick/error.c (ThrowLoggedException): Capture the first 581 exception at ErrorException level or greater, or only capture 582 exception if it is more severe than an already reported exception. 583 This should help lead to better error reports since the first 584 error is usually the most significant. 585 586 * coders/png.c (ReadJNGImage): Add "improper header" exception 587 reporting. 588 589 2017-09-01 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 590 591 * coders/png.c (ReadJNGImage): Efforts toward fixing CVE-2017-8350 592 while reading a malformed JNG file. 593 594 2017-08-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 595 596 * coders/wpg.c (ReadWPGImage): Patch submitted by Petr Gajdos to 597 check that .Width and .Height are greater than zero before they 598 are assigned to image->columns and image->rows respectively 599 (CVE-2014-9815). 600 (ReadWPGImage): Do more validations on WPG_Palette.StartIndex and 601 WPG_Palette.NumOfEntries. 602 603 2017-08-29 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 604 605 * coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #440 606 "use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR 607 CVE-2017-11403)" and SourceForge issue #438 "heap use after free 608 in CloseBlob". 609 * coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #439 610 "assertion failure in magick/pixel_cache.c" 611 612 2017-08-27 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 613 614 * coders/mpeg.c (WriteMPEGImage): Fix MPEG writer memory leak. 615 Only the first image in the coalesce image list was being freed. 616 Problem was reported by LCatro via email on July 15, 2017. 617 618 * magick/attribute.c (TracePSClippingPath, TraceSVGClippingPath): 619 Fix SourceForge bug #447 "Heap out of bounds read in 620 ReadMSBShort()". 621 622 2017-08-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 623 624 * coders/xbm.c (ReadXBMImage): Fix two denial of service (DOS) 625 issues in ReadXBMImage() which result in the reader not 626 returning. Problem was reported via email on Wed Aug 23 2017 by 627 Xiaohei and Wangchu from Alibaba Security Team. 628 629 * coders/jnx.c (ReadJNXImage): Fix denial of service (DOS) issue 630 in ReadJNXImage() whereby large amounts of CPU and memory 631 resources may be consumed although the file itself does not 632 support the requests. Problem was reported via email on Wed Aug 633 23 2017 by Xiaohei and Wangchu from Alibaba Security Team. 634 635 2017-08-14 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 636 637 * coders/png.c (ReadOneMNGImage): Deal with invalid (too large) 638 length of MNG chunks (bug #446). 639 640 2017-08-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 641 642 * coders/pnm.c (ReadPNMImage): Verify that sufficient file data 643 exists to support what the file header requires before allocating 644 memory for it. Fixes problem reported by Agostino Sarubbo via 645 email on Wed, 12 Jul 2017 and reported yet again via SourceForge 646 bug #441 "memory allocation failure in MagickRealloc". 647 648 2017-08-20 Fojtik Jaroslav <JaFojtik@seznam.cz> 649 650 * coders/mat.c: Fix SourceForge bug #433 "memory leak in 651 ReadMATImage". Credit for discovering and reporting the problem 652 is "ADLab of Venustech". 653 654 * coders/sun.c (ReadSUNImage): Fix failure to allocate memory due 655 to inadequate file data to support claimed image width and height. 656 First notified by email from Agostino Sarubbo on 14 Jul 2017 and 657 then again as SourceForge bug #442 "memory allocation failure in 658 magickmalloc". 659 660 2017-08-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 661 662 * coders/svg.c (GetStyleTokens): Fix SourceForge bugs 434 "heap 663 buffer overflow in GetStyleTokens", 435 "null pointer 664 dereference_in_SVGStartElement", and 436 "heap buffer overflow in 665 GetStyleTokens" which all originated from a heap buffer overflow 666 in GetStyleStokens(), or inconsistent initialization. Now the 667 implementation truncates parsing for poorly-formed input (to avoid 668 buffer overflow) while still correctly parsing well-formed input. 669 The reproducers and problem reports are attributed to "ADLab of 670 Venustech". 671 672 2017-08-14 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 673 674 * coders/png.c (ReadOneJNGImage): Fixed double-free after 675 reading a malformed JNG (Issue #438). 676 677 2017-08-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 678 679 * coders/pcd.c (ReadPCDImage): Fix memory leak on return path due 680 to corrupted header. Patch included in email on 14 Aug 2017 by 681 Petr Gajdos (ImageMagick CVE CVE-2017-8351). 682 683 2017-08-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 684 685 * coders/gif.c (ReadGIFImage): Assure that global colormap is 686 initialized. 687 688 * coders/pict.c (ReadPICTImage): Fix memory leaks in error return 689 path. ImageMagick CVE CVE-2017-8353. Patch by Petr Gajdos. 690 691 2017-08-11 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 692 693 * tests/rwblob.c and rwfile.c: Write the reason for FAIL in 694 test-suite.log. 695 * magick/image.h: Revised table of image orientations to show 696 Exif ImageOrientation values (which happen to be the same as 697 the enum values 1 to 8). 698 * coders/png.c: ReadJNGIMage(): fix memory leak (Issue 431). 699 700 2017-08-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 701 702 * coders/mtv.c (ReadMTVImage): Fix memory leak in error return 703 path upon unexpected EOF (ImageMagick CVE-2017-9142). Problem was 704 brought to our attention via email from Petr Gajdos on Wed, 9 Aug 705 2017. Also changed pixel cache access functions used to assure 706 delivery of exception to the user. 707 708 2017-08-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 709 710 * configure.ac (SETJMP_IS_THREAD_SAFE): Decide if setjmp/longjmp 711 are thread safe based on host OS. Assume that these interfaces 712 are thread safe by default. Declared not to be thread safe under 713 Solaris. Declaring these interfaces to be thread safe increases 714 available concurrency for coders which use setjmp/longjmp for 715 error recovery (e.g. PNG and JPEG). 716 717 2017-08-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 718 719 * coders/jpeg.c (RegisterJPEGImage): Add support for the 720 SETJMP_IS_THREAD_SAFE preprocessor definition (already used by 721 coders/png.c) to indicate if setjmp/longjmp are thread safe on 722 this platform and that it is safe for multiple encoders/decoders 723 to be active at one time. 724 725 2017-07-31 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 726 727 * coders/sun.c: Fix heap read overflow while indexing into 728 colormap. Problem was reported via email on 17 Jul 2017 by 729 Agostino Sarubbo. 730 731 2017-07-31 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 732 733 * coders/png.c (ReadMNGImage): Stop a leak when rejecting a 734 MNG image with dimensions that are too large. 735 736 2017-07-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 737 738 * coders/wmf.c (ReadWMFImage): Eliminate use of already freed heap 739 data in error reporting path. Problem was reported via email by 740 Agostino Sarubbo on Fri, 14 Jul 2017 741 742 2017-07-25 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 743 744 * coders/png.c (ReadMNGImage) Free chunk allocation that remains 745 after attempting to read a truncated file. 746 * coders/png.c: Removed some redundant checks for chunk length 747 before MagickFreeMemory(chunk), which is safe to call with a 748 NULL argument. 749 * coders/png.c: Fixed writer bug due to missing brackets; a Log 750 statement should have been inside the "i" loop but instead was 751 using i++ left over from the loop. Bug report by L. Catro. 752 * coders/png.c: Reject a MNG with dimensions greater than 65k 753 by 65k. 754 * coders/png.c (WriteOnePNGImage): Return without crashing if 755 WriteOnePNGImage is passed a NULL image. Fixes CVE-2017-11522. 756 757 2017-07-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 758 759 * coders/pcl.c (WritePCLImage): Fix null pointer dereference in 760 PCL writer when writing monochrome images. Problem was reported 761 by LCatro via email on July 18. 762 763 * magick/pixel_cache.c (PersistCache): Fix memory leak while 764 writing a MPC file. Problem was reported by LCatro via email on 765 July 18. 766 767 * coders/map.c (WriteMAPImage): Fix null pointer dereference or 768 segmentation violation in the MAP writer if the input image is not 769 already colormapped. Problem was reported by LCatro via email on 770 July 18. 771 772 * coders/gray.c (WriteGRAYImage): Improve tracing and tidy up. 773 774 * coders/rgb.c (WriteRGBImage): Fix heap overwrite in raw RGB 775 writer (all output subformats) given a multiframe sequence using 776 different widths. Problem was reported by LCatro via email on 777 July 18. 778 779 * coders/cmyk.c (WriteCMYKImage): Fix heap overwrite in raw CMYK 780 writer (all output subformats) given a multiframe sequence using 781 different widths. Also fix wrong output of CMYKA (and vice-versa) 782 when CMYK was intended. Problem was reported by LCatro via email 783 on July 18. 784 785 * coders/palm.c: Disable the PALM writer since the writer is a 786 work in progress and still has implementation problems. Perhaps 787 no one in the world remains who cares about the undocumented PALM 788 format. Resolves heap overflow and assertion issues reported by 789 LCatro via emails on July 11th, and 12th, 2017. 790 791 * magick/colormap.c (ReplaceImageColormap): Throw an exception 792 rather than assertion if the input image is not colormapped. 793 794 2017-07-13 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 795 796 * coders/png.c: Implemented eXIf chunk support. 797 798 2017-07-12 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 799 800 * coders/png.c: Fix typecast of left shifts (patch by Bob F) 801 802 2017-07-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 803 804 * coders/ps.c (ReadPSImage): Fix reference to constant NULL image 805 argument which is dereferenced to pass an exception to 806 MagickMonitorFormatted(). Problem was reported by Agostino 807 Sarubbo via email on Wed, 12 Jul 2017. 808 809 2017-07-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 810 811 * magick/blob.c: Add casts to fix undefined behavior in left 812 shifts. Issue was reported by Agostino Sarubbo via email on Mon, 813 10 Jul 2017. 814 815 2017-07-10 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 816 817 * coders/png.c (ReadOneJNGImage): Ignore out-of-bounds MOVE 818 and CLIP object_id's. 819 * coders/png.c (ReadMNGImage): Fix apparent off-by-one error 820 in MNG FRAM change_clipping processing. 821 * coders/png.c (ReadMNGImage): Fix out-of-order CloseBlob() 822 and DestroyImageList() that caused a use-after-free crash. 823 Fixes CVE-2017-11403. This bug was discovered by Agostino Sarubbo. 824 825 2017-07-08 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 826 827 * coders/png.c (ReadOneJngImage): Revised double-free fix. 828 829 2017-07-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 830 831 * coders/png.c (ReadOneJNGImage): Fix double-frees caused by 832 commit on 2017-07-06. 833 834 * coders/jpeg.c (ReadJPEGImage): Defer creating pixel cache until 835 after successfully reading first scanline. Classify some serious 836 libjpeg reported "warnings" as errors and quit processing 837 scanlines immediately upon first error so that corrupt JPEG does 838 not consume excessive resources. Resolves excessive resource 839 consumption issue reported for two JPEG files provided via email 840 by LCatro on Tue, 4 Jul 2017. 841 842 2017-07-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 843 844 * coders/png.c (ReadOneJNGImage): Remove spurious '\n' from log 845 statement. 846 847 2017-07-06 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 848 849 * coders/png.c: Consolidate JNG cleanup into a new DestroyJNG() 850 function. 851 852 2017-07-05 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 853 854 * coders/png.c: prevent a crash due to zero-length color_image 855 while reading a JNG image. (CVE-2017-11102) 856 857 2017-07-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 858 859 * NEWS.txt: Make sure is up to date. 860 861 * www/index.rst: Update for 1.3.26 release. 862 863 * version.sh: Update library versioning for 1.3.26 release. 864 865 * magick/command.c (BatchCommand): Add ferror() checks around 866 batch input loop. 867 868 2017-07-03 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 869 870 * coders/png.c: Reject a PNG file if the file size is too small 871 (less than 61 bytes). Reject a JNG file if it is too small (less 872 than 147 bytes). 873 * coders/jpeg.c: Reject a JPEG file if the file size is too small 874 (less than 107 bytes). 875 876 2017-07-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 877 878 * coders/dpx.c (ReadDPXImage): Compute required file size and 879 verify that sufficient data exists in file before allocating 880 memory to decode the image data. Resolves problem with DPX file 881 with valid header (but a huge claimed image width) provided 882 provided via email on Thu, 29 Jun 2017 by LCatro. This issue has 883 been assigned CVE-2017-10799. 884 885 2016-07-02 Fojtik Jaroslav <JaFojtik@seznam.cz> 886 887 * coders/mat.c Check whether reported object size overflows file size. 888 889 2016-07-01 Fojtik Jaroslav <JaFojtik@seznam.cz> 890 891 * coders/mat.c Safety check for forged and or corrupted data. 892 This issue has been assigned CVE-2017-10800. 893 894 2017-07-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 895 896 * coders/tiff.c ("QuantumTransferMode"): Use a generalized method 897 to enforce that buffer overflow can not happen while importing 898 pixels. Resolves problem with RGB TIFF claiming only one sample 899 per pixel provided via email on Thu, 29 Jun 2017 by LCatro. This 900 issue has been assigned CVE-2017-10794. 901 902 2017-06-29 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 903 904 * magick/command.c: Convert bare 'unsigned int' to MagickPassFail 905 where suitable to make intentions clear. Convert True/False to 906 MagickTrue/MagickFalse or MagickPass/MagickFail according to 907 purpose. This is a continuation of a gradual migration and does 908 not represent an API change. 909 910 2017-06-25 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 911 912 * coders/png.c: Avoid NULL dereference when MAGN chunk processing 913 fails (https://sourceforge.net/p/graphicsmagick/bugs/426/). Expand 914 TABs. 915 916 2017-06-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 917 918 * NEWS.txt: Update NEWS with changes since the previous release. 919 920 * www/programming.rst: Switch the Lua link to 921 https://github.com/arcapos/luagraphicsmagick, which is a more 922 complete and direct interface from Lua to GraphicsMagick's Wand 923 API. 924 925 2017-06-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 926 927 * VisualMagick/installer/gm-foo-dll.iss: Remove PerlMagick from 928 the slim Inno Setup installer builder and remove mention of 929 PerlMagick from the installer documentation. 930 931 * TclMagick/generic/TclMagick.c (magickCmd): Resolve SourceForge 932 patch #51 "TclMagick: memory access error; possible segfault". 933 (newMagickObj): Fix formatting of pointer value so it is 64-bit 934 safe. Resolves SourceForge patch #50 "TclMagick: 64-bit 935 portability issue". 936 937 * coders/pict.c (ReadPICTImage): Avoid possible use of negative 938 value when indexing array, which would cause buffer overflow. 939 Resolves SourceForge issue #427 "One possible buffer overflow 940 vulnerability in 941 GraphicsMagick-1.3.25/coders/pict.c:ReadPICTImage()". 942 943 2017-06-22 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 944 945 * coders/png.c: Stop memory leak when reading invalid JNG image. 946 Fixes CVE-2017-8350. 947 948 2017-06-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 949 950 * coders/png.c: Fix lcms2.h inclusion logic. 951 952 * wand/magick_wand.c (MagickSetImageOrientation): Eliminate use of 953 snprintf, which is not supported by older Visual Studio. 954 955 2017-06-09 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 956 957 * coders/png.c: Accept exIf chunks whose data segment 958 erroneously begins with "Exif\0\0". 959 960 2017-06-01 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 961 962 * coders/png.c: Removed experimental zxIF chunk support. That 963 proposal is dead. 964 965 2017-05-27 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 966 967 * config/log.mgk: Added documentation suggested by SourceForge 968 issue #419 "Consider a small patch to log.mgk". 969 970 * www/Changes.rst: Add missing link to most recent changes. 971 972 2017-05-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 973 974 * www/Magick++/Image.rst: Improve documentation for Magick++ 975 Image::iccColorProfile() and Image::renderingIntent(). 976 977 2017-05-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 978 979 * tiff: Update to libtiff 4.0.8. 980 981 2017-03-19 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 982 983 * coders/png.c: Quieted a new Coverity complaint about a potential 984 text buffer overrun. 985 986 2017-03-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 987 988 * magick/image.c (SetImageInfo): Ignore empty magic prefix 989 specification and do not remove colon character from start of 990 filename. Resolves SourceForge bug #415 "Inconsistent Behavior w/ 991 input_file Parameter". 992 993 2017-03-18 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 994 995 * coders/png.c: Added new private orNT PNG chunk, to 996 preserve image->orientation when it is defined and not 997 the default TopLeft. 998 * coders/jpeg.c: Mention image->orientation in the log when 999 writing a JPEG. 1000 1001 2017-03-15 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 1002 1003 * coders/png.c (WriteOnePNGImage): Add version info about 1004 gm, libpng, zlib, and lcms to the PNG debug log. 1005 1006 2017-03-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1007 1008 * magick/command.c (ImportImageCommand): Fix handling of -frame 1009 options. Option handling was incorrect due to option checking the 1010 frame option after it had been freed. Checking the frame dash 1011 option before freeing the argument solves the problem. From patch 1012 provided by Victor Ananjevsky as SourceForge patch #49 "-frame 1013 doesn't work in gm import". 1014 1015 * Magick++/lib/Image.cpp (attribute): Added Image attribute method 1016 which accepts a 'char *' argument, and will remove the attribute 1017 if the value argument is NULL. From patch provided by "Gints" as 1018 SourceForge patch #46 "C++ api - method to clear/remove 1019 attribute". 1020 1021 * VisualMagick/configure/configure.cpp (InitInstance): Applied 1022 patch by Paul McConkey to allow the quantum command line argument 1023 to set the default value in the wizard drop list. This allows 1024 setting the quantum depth when the /nowizard argument was 1025 supplied. Resolves SourceForge patch #48 "When running from the 1026 command line configure.exe does not use the quantum argument". 1027 The provided configure.exe still needs to be rebuilt to 1028 incorporate this change. 1029 1030 * magick/command.c (MogrifyImage): The -orient command now also 1031 updates the orientation in the EXIF profile, if it exists. 1032 1033 * Magick++/lib/Image.cpp (orientation): Update orientation in EXIF 1034 profile, if it exists. 1035 1036 2017-03-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1037 1038 * coders/jp2.c: Support PGX JPEG 2000 format for reading and 1039 writing (within the bounds of what JasPer supports). 1040 1041 2017-02-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1042 1043 * coders/tiff.c (QuantumTransferMode): Fix out of bounds read when 1044 reading CMYKA TIFF which claims to have only 2 samples per pixel. 1045 Problem was reported via email on February 15, 2017 by Valon 1046 Chu. This issue was assigned CVE-2017-6335. 1047 1048 2017-01-29 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1049 1050 * doc/options.imdoc (-geometry): Geometry documentation changes 1051 suggested by Jon Wong. 1052 1053 2017-01-26 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 1054 1055 * coders/png.c: Added support for a proposed new PNG chunk 1056 (zxIf, read-only) that is currently being discussed on the 1057 png-mng-misc at lists.sourceforge.net mailing list. Enable 1058 exIf and zxIf with CPPFLAGS="-DexIf_SUPPORTED -DxzIf_SUPPORTED". 1059 If exIf is enabled, only the uncompressed exIF chunk will be 1060 written and the hex-encoded zTXt chunk containing the raw Exif 1061 profile won't be written. 1062 1063 2017-01-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1064 1065 * coders/msl.c (MSLStartElement): Change test for NULL image 1066 pointer to before it is used rather than after it is used. 1067 Problem reported by Petr Gajdos on 2017-01-25. 1068 1069 2017-01-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1070 1071 * TclMagick/unix/m4/tcl.m4: Update tcl.m4 to TEA 3.10. File 1072 supplied by Massimo Manghi. 1073 1074 2017-01-21 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 1075 1076 * coders/png.c: Added support for a proposed new PNG 1077 chunk (exIf read-write, eXIf read-only) that is currently 1078 being discussed on the png-mng-misc at lists.sourceforge.net 1079 mailing list. 1080 1081 2017-01-21 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us> 1082 1083 * coders/png.c: Added read_user_chunk_callback() function 1084 and used it to implement a private PNG caNv (canvas) chunk 1085 for remembering the original dimensions and offsets when an 1086 image is cropped. Previously we used the oFFs chunk for this 1087 purpose, but this had potential conflicts with other applications 1088 that also use the oFFs chunk. 1089 1090 2017-01-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1091 1092 * TclMagick/Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Applied 1093 patch by Massimo Manghi to set AM_DISTCHECK_CONFIGURE_FLAGS so 1094 that 'make distcheck' remembers configuration options, and also to 1095 uninstall pkgIndex.tcl. 1096 1097 * magick/image.c (SetImageEx): Use PixelIterateMonoSet() for 1098 possibly improved efficiency. 1099 1100 * magick/pixel_iterator.c (PixelIterateMonoSet): New pixel 1101 iterator intended for use when initializing image pixels, without 1102 regard to existing values. 1103 1104 2017-01-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1105 1106 * Copyright.txt: Bump copyright years and rotate ChangeLog. 1107 1108