github.com/kaydxh/golang@v0.0.131/pkg/gocv/cgo/third_path/graphics-magick/share/doc/GraphicsMagick/www/ChangeLog-2016.html (about) 1 <?xml version="1.0" encoding="utf-8" ?> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 4 <head> 5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 6 <meta name="generator" content="Docutils 0.15.2: http://docutils.sourceforge.net/" /> 7 <title>ChangeLog-2016.rst</title> 8 <link rel="stylesheet" href="docutils-articles.css" type="text/css" /> 9 </head> 10 <body> 11 12 <div class="banner"> 13 <img src="images/gm-107x76.png" alt="GraphicMagick logo" width="107" height="76" /> 14 <span class="title">GraphicsMagick</span> 15 <form action="http://www.google.com/search"> 16 <input type="hidden" name="domains" value="www.graphicsmagick.org" /> 17 <input type="hidden" name="sitesearch" value="www.graphicsmagick.org" /> 18 <span class="nowrap"><input type="text" name="q" size="25" maxlength="255" /> <input type="submit" name="sa" value="Search" /></span> 19 </form> 20 </div> 21 22 <div class="navmenu"> 23 <ul> 24 <li><a href="index.html">Home</a></li> 25 <li><a href="project.html">Project</a></li> 26 <li><a href="download.html">Download</a></li> 27 <li><a href="README.html">Install</a></li> 28 <li><a href="Hg.html">Source</a></li> 29 <li><a href="NEWS.html">News</a> </li> 30 <li><a href="utilities.html">Utilities</a></li> 31 <li><a href="programming.html">Programming</a></li> 32 <li><a href="reference.html">Reference</a></li> 33 </ul> 34 </div> 35 <div class="document"> 36 37 38 <p>2016-12-31 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 39 <blockquote> 40 <ul class="simple"> 41 <li>coders/pnm.c (WritePNMImage): Support writing GRAYSCALE PAM 42 format. Before this fix, grayscale output was marked as type 43 BLACKANDWHITE. Problem was reported by Aaron Boxer via email on 44 December 31, 2016.</li> 45 <li>TclMagick/generic/Makefile.am: Applied patch by Massimo Manghi 46 (plus some fixes by me) to add a 'libttkcommon' shared library to 47 contain codde common to the TclMagick/TkMagick loadable modules, 48 and particularly to allow TkMagick to access TclMagick functions 49 without depending on dlopen() with RTLD_GLOBAL behavior.</li> 50 </ul> 51 </blockquote> 52 <p>2016-12-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 53 <blockquote> 54 <ul class="simple"> 55 <li>magick/compare.c (DifferenceImage): Fix all-black difference 56 image if an input file is colormapped. Resolves SourceForge issue 57 #404 "Difference file does not work if PNG ".</li> 58 </ul> 59 </blockquote> 60 <p>2016-12-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 61 <blockquote> 62 <ul> 63 <li><p class="first">coders/txt.c (ReadTXTImage): Fix Coverity issue 55866 "Resource 64 leak".</p> 65 </li> 66 <li><p class="first">magick/enum_strings.c (StringToCompositeOperator): Fix Coverity 67 issue 139296 "Constant expression result".</p> 68 </li> 69 <li><p class="first">magick/channel.c (ImportImageChannelsMasked): Fix Coverity issue 70 139297 "Constant expression result". This was a bug but only in 71 terms of reduced performance, not results.</p> 72 </li> 73 <li><p class="first">Magick++/lib/Drawable.cpp 74 (PathSmoothCurvetoRel::operator): Fix Coverity issue 139301 "Using 75 invalid iterator". 76 (PathSmoothCurvetoRel::operator): Fix Coverity issue 139302 "Using 77 invalid iterator"</p> 78 </li> 79 <li><p class="first">magick/attribute.c: From SourceForge patches #47 80 "GraphicsMagick-1.3.25-get-exif-attribute-gps-fix.patch" and 81 "GraphicsMagick-1.3.25-set-exif-orientation-fix.patch" by Troy 82 Patteson with description (related to provided Coverity reports in 83 coverity.txt): Those coverity errors indicate a problem with the 84 earlier patch I sent you to fix getting the EXIF orientation when 85 the GPS IFD occurs before the EXIF IFD. Although the patch fixed 86 that issue it introduced a new issue in that GPS tags could no 87 longer be retrieved. This occurs because the gpsfound flag is set 88 when the GPS IFD is pushed onto the stack but then cleared 89 immediately when breaking out of the loop processing the directory 90 entries for the current IFD. The solution is to push the gpsfound 91 flag onto the stack as well as it needs to be set when the GPS IFD 92 is popped off the stack rather than being set straight away.</p> 93 <p>The second coverity error relates to gpsoffset not being set in 94 FindEXIFAttribute(). The code that sets gpsoffset in 95 GenerateEXIFAttribute() was embedded in the code that gets tags 96 values which was removed in FindEXIFAttribute() as only the DE 97 offset is required. I have removed the need for gpsoffset and just 98 computed the GPS IFD offset when pushing it onto the stack in the 99 same way the EXIF IFD offset is computed.</p> 100 </li> 101 </ul> 102 </blockquote> 103 <p>2016-12-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 104 <blockquote> 105 <ul> 106 <li><p class="first">magick/attribute.c: From SourceForge patches #47 107 "GraphicsMagick-1.3.25-5-set-exif-orientation.patch" by Troy 108 Patteson with description: Rotating an image without resetting the 109 EXIF orientation tag is problematic as follow-on viewers that 110 support the EXIF orientation tag may incorrectly rotate the image 111 a second time. For JPEG images, the current solution is to either 112 strip the image, remove the EXIF profile or modify the EXIF data 113 of the written image with other software. This patch adds the 114 ability to set the orientation tag in the EXIF profile via the 115 SetImageAttribute on attribute EXIF:Orientation provided the EXIF 116 orientation already exists. AutoOrientImage() has been modified to 117 set the EXIF orientation tag on successful rotation of the image.</p> 118 <p>The implementation is less than ideal. The EXIF profile must be 119 duplicated because it is returned read-only from the profiles 120 map. Large amounts of the GenerateEXIFAttribute() function has 121 been duplicated in a function called FindEXIFAttribute() which 122 returns the offset in the EXIF profile of a given tag ID. Once 123 found, the orientation tag value is updated accordingly and the 124 new EXIF profile set. Despite the patches shortcomings, I believe 125 it is preferable to leaving the EXIF orientation tag unchanged 126 after auto-orienting the image.</p> 127 </li> 128 <li><p class="first">wand/magick_wand.c (MagickClearException): From SourceForge 129 patches #47 "GraphicsMagick-1.3.25-1-wand-clear-exception.patch" 130 by Troy Patteson with description: This patch adds the ability to 131 clear the last Wand exception. This is particularly useful to 132 clear any exception on the Wand before calling MagickReadImage() 133 which can return success with a warning exception such as "JPEG 134 data: premature end of data segment". 135 (MagickRemoveImageOption): From SourceForge patches #47 136 "GraphicsMagick-1.3.25-2-wand-remove-image-option.patch" by Troy 137 Patteson with description: There is MagickSetImageOption() to set 138 options like JPEG preserve-settings but no way to remove the 139 option once set. Since the mechanism to remove image options 140 already exists in lower-level API there seems no reason not to 141 expose it in the Wand API. 142 (MagickGetImageOrientation, MagickSetImageOrientation): From 143 SourceForge patches #47 144 "GraphicsMagick-1.3.25-3-wand-get-set-orientation.patch" by Troy 145 Patteson with description: MagickGetImageOrientation returns the 146 internal orientation setting which is useful to know to determine 147 whether an image needs rotation. The function to set the 148 orientation is less useful as it only sets the internal 149 orientation setting which is only used when writing out TIFF 150 files. A future patch addresses this issue. 151 (MagickAutoOrientImage): From SourceForge patches #47 152 "GraphicsMagick-1.3.25-4-wand-auto-orient.patch" by Troy Patteson 153 with description: This patch adds auto-orient image to the Wand 154 API.</p> 155 </li> 156 </ul> 157 </blockquote> 158 <p>2016-12-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 159 <blockquote> 160 <ul class="simple"> 161 <li>TclMagick/{configure.ac, Makefile.am}: Applied patches by 162 Massimo Manghi to use TEA tcl.m4 version 3.9.</li> 163 </ul> 164 </blockquote> 165 <p>2016-11-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 166 <blockquote> 167 <ul class="simple"> 168 <li>coders/gif.c (DecodeImage): Applied fixes by Tianyu Lang for 169 "Excessive LZW string data" problem leading to "Corrupt image" 170 report while reading some GIF files.</li> 171 </ul> 172 </blockquote> 173 <p>2016-11-18 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 174 <blockquote> 175 <ul class="simple"> 176 <li>doc/options.imdoc, doc/config_files.imdoc, doc/benchmark.imdoc: 177 Fixed some indentation in the documentation.</li> 178 </ul> 179 </blockquote> 180 <p>2016-10-29 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 181 <blockquote> 182 <ul class="simple"> 183 <li>acinclude.m4 (LIBS): Fix memory leaks in GM_FUNC_MMAP_FILEIO 184 macro test-case so that it can be used successfully with ASAN 185 compilation options.</li> 186 <li>magick/blob.c: Eliminate unused variable compiler warnings when 187 HAVE_MMAP_FILEIO is not defined.</li> 188 </ul> 189 </blockquote> 190 <p>2016-10-24 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 191 <blockquote> 192 <ul class="simple"> 193 <li>coders/mat.c Ability to read multiple images from Matlab V4 format.</li> 194 </ul> 195 </blockquote> 196 <p>2016-10-21 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 197 <blockquote> 198 <p>*coders/png.c (ReadOneJNGImage): Enforce spec requirement that the 199 dimensions of the JPEG embedded in a JDAT chunk must match the 200 JHDR dimensions. This issue was assigned CVE-2016-9830 on 201 2016-12-04. Please note that GraphicsMagick's pixel, width, and 202 height default limits are often greater than the dimension limits 203 of JNG and JPEG so the user should add explicit limits (if needed) 204 to prevent unexpected memory consumption from properly-constructed 205 JNG files with large dimensions.</p> 206 <p>*doc/options.imdoc (-strip): Added a caution to not use the -strip 207 option to remove author, copyright, and license information 208 when redistributing an image that requires them to be retained.</p> 209 <p>*doc/options.imdoc (-comment and -label): Document the fact that 210 only one comment or label is stored, and how they are stored in 211 PNG files.</p> 212 </blockquote> 213 <p>2016-10-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 214 <blockquote> 215 <ul class="simple"> 216 <li>coders/sgi.c (ReadSGIImage): Adjusts some variable types and 217 lessen the amount of casting.</li> 218 </ul> 219 </blockquote> 220 <p>2016-10-09 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 221 <blockquote> 222 <ul class="simple"> 223 <li>coders/png.c (ReadJNGImage): Quiet COVERITY issue about 224 a potential memory leak.</li> 225 </ul> 226 </blockquote> 227 <p>2016-10-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 228 <blockquote> 229 <ul class="simple"> 230 <li>coders/xcf.c (ReadXCFImage): Fix memory leak of layer_info for 231 some recently added error-return paths.</li> 232 </ul> 233 </blockquote> 234 <p>2016-10-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 235 <blockquote> 236 <ul class="simple"> 237 <li>coders/sgi.c (ReadSGIImage): For RLE SGI image, defer memory 238 allocations for as long as possible and allow the file to prove 239 itself worthy before making the largest allocations. This helps 240 with rejecting bogus RLE files while avoiding rejecting valid 241 files.</li> 242 </ul> 243 </blockquote> 244 <p>2016-10-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 245 <blockquote> 246 <ul class="simple"> 247 <li>coders/tiff.c (ReadTIFFImage): If TIFF uses Old JPEG 248 compression, then read using full tiles or strips. Solves 249 "Improper call to JPEG library in state 0. (LibJpeg)." error. 250 Problem was reported via email on October 6, 2016 by John Brown.</li> 251 </ul> 252 </blockquote> 253 <p>2016-10-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 254 <blockquote> 255 <ul class="simple"> 256 <li>magick/attribute.c (GenerateEXIFAttribute): Fixed SourceForge 257 bug 400 "Exif orientation unknown for some JPEG files". Patch 258 submitted by Troy Patteson.</li> 259 </ul> 260 </blockquote> 261 <p>2016-10-02 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 262 <blockquote> 263 <ul class="simple"> 264 <li>coders/wpg.c Add sanity check for palette. Merge 265 RemoveLastImageFromList+AppendImageToList to ReplaceImageInList. 266 Possible heap overflow of colormap in Q8 build was assigned 267 CVE-2016-7996. Assertion crash due to blob != NULL was assigned 268 CVE-2016-7997.</li> 269 </ul> 270 </blockquote> 271 <p>2016-10-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 272 <blockquote> 273 <ul class="simple"> 274 <li>coders/meta.c (parse8BIM): Fix unsigned underflow leading to 275 heap overflow when parsing 8BIM chunk. Problem was reported by 276 Marco Grassi via email on October 1, 2016. Problem was already 277 known (but not fixed) based on comments in the code. This issue 278 has been assigned CVE-2016-7800.</li> 279 </ul> 280 </blockquote> 281 <p>2016-09-28 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 282 <blockquote> 283 <ul class="simple"> 284 <li>coders/xcf.c: Improve the robustness of the XCF reader by adding 285 more error checking.</li> 286 </ul> 287 </blockquote> 288 <p>2016-09-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 289 <blockquote> 290 <ul class="simple"> 291 <li>coders/rle.c (RLEConstrainColormapIndex): Was not constraining 292 colormap index like it should be. This problem was added on 293 2016-09-23.</li> 294 <li>www/thanks.rst: Added Moshe Kaplan to Thanks.</li> 295 <li>www/Hg.rst: Mercurial URL fixes. Patch from Mark Mitchell.</li> 296 <li>www/programming.rst: Updated programming APIs page.</li> 297 </ul> 298 </blockquote> 299 <p>2016-09-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 300 <blockquote> 301 <ul class="simple"> 302 <li>magick/pixel_cache.c (OpenCache): Trace ExtendCache() failures.</li> 303 </ul> 304 </blockquote> 305 <p>2016-09-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 306 <blockquote> 307 <ul class="simple"> 308 <li>coders/sgi.c (ReadSGIImage): Fix unexpectedly large memory 309 allocation with corrupt SGI file provided via email by Agostino 310 Sarubbo on September 15, 2016.</li> 311 <li>coders/rle.c (ReadRLEImage): Only report an invalid colormap 312 index once. Fixes slowness problem with corrupt file provided via 313 email by Agostino Sarubbo on September 15, 2016.</li> 314 </ul> 315 </blockquote> 316 <p>2016-09-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 317 <blockquote> 318 <ul class="simple"> 319 <li>www/thanks.rst: Added a 'thanks' page.</li> 320 </ul> 321 </blockquote> 322 <p>2016-09-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 323 <blockquote> 324 <ul class="simple"> 325 <li>PerlMagick/MANIFEST: Fix content of PerlMagick MANIFEST.</li> 326 </ul> 327 </blockquote> 328 <p>2016-09-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 329 <blockquote> 330 <ul class="simple"> 331 <li>coders/pcx.c (ReadPCXImage): Check that filesize is reasonable 332 given header. Fixes excessive memory allocation followed by 333 eventual file truncation error for corrupt file. Problem was 334 reported via email by Agostino Sarubbo on 2016-09-10.</li> 335 <li>coders/sgi.c (ReadSGIImage): Check that filesize is reasonable 336 given header. Fixes excessive memory allocation followed by 337 eventual file truncation error for corrupt file. Problem was 338 reported via email by Agostino Sarubbo on 2016-09-09.</li> 339 <li>coders/sct.c (ReadSCTImage): Fix stack-buffer read overflow 340 while reading SCT header. Problem was reported via email by 341 Agostino Sarubbo on 2016-09-09.</li> 342 <li>coders/svg.c: Fix Coverity issue 135772 "RESOURCE_LEAK" and 343 issue 135829 "Null pointer dereferences". None of these issues 344 were new, but Coverity noticed them now. Reflowed source to GNU C 345 style for consistent indentation and so it does not fight with my 346 editor.</li> 347 </ul> 348 </blockquote> 349 <p>2016-09-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 350 <blockquote> 351 <ul class="simple"> 352 <li>magick/common.h (MAGICK_HAS_ATTRIBUTE): Coverity is allergic to 353 __has_attribute() so don't use it for Coverity builds.</li> 354 </ul> 355 </blockquote> 356 <p>2016-09-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 357 <blockquote> 358 <ul class="simple"> 359 <li>www/index.rst: Update for 1.3.25 release.</li> 360 <li>version.sh: Update library versioning for 1.3.25 release.</li> 361 <li>NEWS.txt: Make sure is up to date.</li> 362 <li>Various fixes for minor issues noticed when compiling under 363 Visual Studio.</li> 364 </ul> 365 </blockquote> 366 <p>2016-08-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 367 <blockquote> 368 <ul class="simple"> 369 <li>magick/studio.h (MAGICK_CACHE_LINE_SIZE): Apply patch from 370 Gentoo Linux to increase MAGICK_CACHE_LINE_SIZE to 128 when 371 __powerpc__ is defined.</li> 372 </ul> 373 </blockquote> 374 <p>2016-08-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 375 <blockquote> 376 <ul class="simple"> 377 <li>NEWS.txt: Updated with latest changes.</li> 378 </ul> 379 </blockquote> 380 <p>2016-08-20 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 381 <blockquote> 382 <ul class="simple"> 383 <li>coders/rle.c (ReadRLEImage): Reject truncated/absurd Utah RLE 384 files. Problem was reported by Agostino Sarubbo on August 19, 385 2016. This problem was assigned CVE-2016-7448 after the 1.3.25 386 release.</li> 387 </ul> 388 </blockquote> 389 <p>2016-08-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 390 <blockquote> 391 <ul class="simple"> 392 <li>coders/tiff.c (ReadTIFFImage): Fix heap-based buffer read 393 overflow. TIFF sized attibutes were not being properly copied to 394 a null-terminated string if the value was not null terminated. 395 Problem was reported by Agostino Sarubbo on August 18, 2016. This 396 problem was assigned CVE-2016-7449 after the 1.3.25 release.</li> 397 </ul> 398 </blockquote> 399 <p>2016-08-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 400 <blockquote> 401 <ul class="simple"> 402 <li>lcms/src/cmstypes.c (Type_MLU_Read): "Added an extra check to 403 MLU bounds", change based on github mm2/Little-CMS commit 404 5ca71a7bc18b6897ab21d815d15e218e204581e2 and announced to the 405 oss-security list by Ibrahim M. El-Sayed on Mon, 15 Aug 2016.</li> 406 </ul> 407 </blockquote> 408 <p>2016-08-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 409 <blockquote> 410 <ul class="simple"> 411 <li>webp: Updated bundled libwebp to release 0.5.1.</li> 412 <li>libxml: Updated bundled libxml2 to release 2.9.4.</li> 413 <li>lcms: Updated bundled lcms2 to release 2.8.</li> 414 <li>png: Update bundled libpng to release 1.6.24.</li> 415 <li>coders/jpeg.c (ReadJPEGImage): Log setting resolution and 416 resolution units due to JFIF marker.</li> 417 <li>coders/sgi.c (SGIDecode): Fix integer overflow of size type in 418 Win64 build where sizeof(long) < sizeof(size_t).</li> 419 </ul> 420 </blockquote> 421 <p>2016-08-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 422 <blockquote> 423 <ul class="simple"> 424 <li>coders, magick: Compile clean using GCC with -std=c90.</li> 425 <li>magick/describe.c (DescribeImage): The 'identify' and 'info' 426 functionality only shows the pixel read rate if image was not read 427 in 'ping' mode. Provide seconds timing with 6 digits of precision 428 since that is what is needed.</li> 429 </ul> 430 </blockquote> 431 <p>2016-08-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 432 <blockquote> 433 <ul class="simple"> 434 <li>magick/describe.c (DescribeImage): Include milliseconds 435 resolution in elapsed time output.</li> 436 <li>magick/timer.c (ElapsedTime): Use clock_gettime() (when 437 available with default linkage) to obtain elapsed time.</li> 438 </ul> 439 </blockquote> 440 <p>2016-08-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 441 <blockquote> 442 <ul class="simple"> 443 <li>coders/yuv.c (WriteYUVImage): Fix benign clang compiler warning 444 regarding "variable 'x' is incremented both in the loop header and 445 in the loop body".</li> 446 <li>configure.ac: Fixes to use clang's OpenMP runtime library 447 (-lomp) for clang 3.8 and later. Specifically tested with clang 448 3.8 on Ubuntu 16.04 'xenial'. Problem was reported by Holger 449 Hoffstätte via private email.</li> 450 <li>NEWS.txt: Bring up to date with latest changes.</li> 451 </ul> 452 </blockquote> 453 <p>2016-07-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 454 <blockquote> 455 <ul class="simple"> 456 <li>magick/render.c (DrawImage): Reject abnormally absurd gradient 457 size requests (many absurd requests are still allowed). Provide 458 detailed error reports when a gradient is rejected.</li> 459 <li>coders/svg.c: Support units for 'stroke-dashoffset'.</li> 460 </ul> 461 </blockquote> 462 <p>2016-07-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 463 <blockquote> 464 <ul class="simple"> 465 <li>magick/annotate.c (EscapeParenthesis): In private email on 466 2016-07-07, Gustavo Grieco notified us of a heap overflow in 467 EscapeParenthesis(). I was not able to reproduce the issue but 468 changed the implementation with the suspicion that the 469 implementation has a bug, and due to noticing arbitary limits and 470 inefficiency. This issue was assigned CVE-2016-7447 after the 471 1.3.25 release.</li> 472 </ul> 473 </blockquote> 474 <p>2016-07-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 475 <blockquote> 476 <ul class="simple"> 477 <li>magick/render.c (DrawImage): Fix absolute and arbitrary gradient 478 dimension sanity checks which caused gradient requests to fail. 479 Resolves SourceForge issue #392 "SVG 'push defs' fails (Debian 480 bugs 829063 and 828120)".</li> 481 </ul> 482 </blockquote> 483 <p>2016-06-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 484 <blockquote> 485 <ul class="simple"> 486 <li>www/security.rst: Add discussion of SVG format and SSRF 487 vulnerability.</li> 488 </ul> 489 </blockquote> 490 <p>2016-06-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 491 <blockquote> 492 <ul class="simple"> 493 <li>coders/svg.c (ReadSVGImage): Assure that SVGInfo data is freed 494 when XMP parsing is aborted due to an error.</li> 495 </ul> 496 </blockquote> 497 <p>2016-06-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 498 <blockquote> 499 <ul class="simple"> 500 <li>NEWS.txt: Updated NEWS with changes since last release.</li> 501 <li>www/security.rst: Add a page about GraphicsMagick security.</li> 502 </ul> 503 </blockquote> 504 <p>2016-06-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 505 <blockquote> 506 <ul class="simple"> 507 <li>magick/render.c (DrawPrimitive): Over-aggressive error reporting 508 was causing failures when elements were "drawn" off-image. 509 Resolves SourceForge issue #389 "Non-conforming drawing primitive 510 definition (line)".</li> 511 </ul> 512 </blockquote> 513 <p>2016-05-31 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 514 <blockquote> 515 <ul class="simple"> 516 <li>magick/render.c (DrawImage): Fix problem while reading file 517 "tnamkejarz.svg.2532308010849170049" provided via private email 518 from Gustavo Grieco on May 31, 2016.</li> 519 <li>magick/utility.c (MagickGetToken): Fix problem while reading 520 file "vqxwatmqmi.svg.-3669039972557308254" provided via private 521 email from Gustavo Grieco on May 31, 2016.</li> 522 </ul> 523 </blockquote> 524 <p>2016-05-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 525 <blockquote> 526 <ul class="simple"> 527 <li>NEWS.txt: Update for 1.3.24 release.</li> 528 <li>www/Changes.rst: Mention 1.3.24 release.</li> 529 <li>www/index.rst: Update for 1.3.24 release.</li> 530 <li>version.sh: Update library ABI information in preparation for 531 1.3.24 release.</li> 532 <li>NEWS.txt: Updated NEWS to reflect fixes and issues.</li> 533 </ul> 534 </blockquote> 535 <p>2016-05-29 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 536 <blockquote> 537 <ul class="simple"> 538 <li>NEWS.txt: Updated with latest news.</li> 539 <li>magick/blob.c (OpenBlob): Remove support for reading input from 540 a shell command, or writing output to a shell command, by 541 prefixing the specified filename (containing the command) with a 542 '|'. This feature provided a remote shell execution opportunity 543 (CVE-2016-5118).</li> 544 <li>coders/mat.c (ReadMATImage): Validate that MAT frames is not 545 zero.</li> 546 </ul> 547 </blockquote> 548 <p>2016-05-28 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 549 <blockquote> 550 <ul class="simple"> 551 <li>magick/render.c (DrawImage): Be less optimistic when estimating 552 the number of points required to represent a path. This should 553 help address CVE-2016-2317 "Heap buffer overflow". This resolves 554 SourceForge issue #275 "Applying Clipping Path to high resolution 555 JPG".</li> 556 </ul> 557 </blockquote> 558 <p>2016-05-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 559 <blockquote> 560 <ul class="simple"> 561 <li>magick/render.c (DrawImage): Fix problem while reading file 562 "pxypjhfdxf.svg.7406476585885697806" provided via via private 563 email from Gustavo Grieco on May 24, 2016.</li> 564 <li>coders/svg.c: Fix problem while reading file 565 "pxypjhfdxf.svg.308008972284643989" provided via private email 566 from Gustavo Grieco on May 24, 2016.</li> 567 </ul> 568 </blockquote> 569 <p>2016-05-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 570 <blockquote> 571 <ul class="simple"> 572 <li>coders/svg.c ("C"): Support font-size "medium".</li> 573 </ul> 574 </blockquote> 575 <p>2016-05-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 576 <blockquote> 577 <ul class="simple"> 578 <li>NEWS.txt: Updated NEWS.txt to reflect latest changes.</li> 579 <li>magick/render.c (DrawImage): Added DrawImage() recursion 580 detection/prevention.</li> 581 <li>coders/svg.c (ReadSVGImage): Add basic primitive argument 582 validation.</li> 583 <li>magick/render.c (DrawImage): Add basic primitive argument 584 validation.</li> 585 </ul> 586 </blockquote> 587 <p>2016-05-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 588 <blockquote> 589 <ul class="simple"> 590 <li>coders/url.c (ReadURLImage): Reading "<a class="reference external" href="file://">file://</a>" URLs was not 591 working. Now file URLs are working.</li> 592 </ul> 593 </blockquote> 594 <p>2016-05-21 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 595 <blockquote> 596 <ul class="simple"> 597 <li>coders/png.c: Respect JPEG limits (65535x65535) and user width 598 and height limits from "-limit" while reading or writing JNG files.</li> 599 </ul> 600 </blockquote> 601 <p>2016-05-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 602 <blockquote> 603 <ul class="simple"> 604 <li>coders/url.c: Don't hide HTTP, FTP, and FILE URL support from 605 '-list format' output. Ignore HTTP, FTP, and FILE as a useful 606 file extension for determing the file format.</li> 607 </ul> 608 </blockquote> 609 <p>2016-05-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 610 <blockquote> 611 <ul class="simple"> 612 <li>magick/render.c (ConvertPathToPolygon): Make sure that first 613 edge is initialized. Make sure that points is not null.</li> 614 </ul> 615 </blockquote> 616 <p>2016-05-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 617 <blockquote> 618 <ul class="simple"> 619 <li>magick/render.c (DrawImage): Fixed segmentation violation while 620 reading file "275077586554139424.lqxdgqxtfs.svg" provided via 621 private email from Gustavo Grieco on May 15, 2016. This is due to 622 another CVE-2016-2317 related issue.</li> 623 </ul> 624 </blockquote> 625 <p>2016-05-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 626 <blockquote> 627 <ul class="simple"> 628 <li>coders/svg.c ("C"): Fixed problems while reading files 629 "aaphrbkwwe.svg.-1899680443073025602", 630 "aaphrbkwwe.svg.-5751004588641220738", 631 "aaphrbkwwe.svg.-8875730334406147537", and 632 "aaphrbkwwe.svg.4495884156523242589" provided via private email 633 from Gustavo Grieco on February 8, 2016.</li> 634 </ul> 635 </blockquote> 636 <p>2016-05-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 637 <blockquote> 638 <ul class="simple"> 639 <li>coders/dib.c (ReadDIBImage): Verify that DIB file data is 640 sufficient to meet claims made by file header. Validate image 641 planes. Fixes Fixes problem reported by Hanno Böck on May 8th, 642 2016 via private email entitled "malloc issue in ReadDIBImage".</li> 643 </ul> 644 </blockquote> 645 <p>2016-05-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 646 <blockquote> 647 <ul class="simple"> 648 <li>coders/msl.c (RegisterMSLImage): Ignore the file extension on 649 MSL files. The only way to read an image from a MSL file (as 650 opposed to explicitly running a MSL script with 'conjure') is by 651 reading using a filename specification like "msl:filename". This 652 is done for security reasons.</li> 653 <li>magick/render.c (DrawPrimitive): Fix Coverity issue 126378 654 "Resource leak".</li> 655 <li>coders/mat.c (DecompressBlock): Fix Coverity issue 126379 656 "Resource leak".</li> 657 <li>magick/render.c (DrawImage): Fix Coverity issue 126380 "Resource 658 leak".</li> 659 </ul> 660 </blockquote> 661 <p>2016-05-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 662 <blockquote> 663 <ul class="simple"> 664 <li>magick/render.c (DrawPrimitive): Sanity check the image file 665 path or URL before passing it to ReadImage().</li> 666 <li>config/delegates.mgk.in: Pare down delegates.mgk to reduce 667 security exposure due to external programs not under our control.</li> 668 </ul> 669 </blockquote> 670 <p>2016-05-08 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 671 <blockquote> 672 <ul class="simple"> 673 <li>coders/mat.c Typo fix - matrix has nothing to do with PostScript.</li> 674 </ul> 675 </blockquote> 676 <p>2016-05-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 677 <blockquote> 678 <ul class="simple"> 679 <li>coders/mat.c (DecompressBlock): Don't hang on a corrupt deflate 680 stream when reading matlab v6 file. Fixes problem reported by 681 Hanno Böck on May 8, 2016 via private email entitled "hang of 682 matlab input file".</li> 683 </ul> 684 </blockquote> 685 <p>2016-05-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 686 <blockquote> 687 <ul class="simple"> 688 <li>magick/image.c (SetImageInfo): Undocumented "TMP" magick prefix 689 no longer removes the argument file after it has been read. This 690 functionality is only used to support the "show" delegate which is 691 used by options in the 'display' program which need to display a 692 generated image in a new instance of 'display'. The "show" 693 delegate is used by writing a temporary file to be viewed, and 694 which should be removed before the program quits. Since the "TMP" 695 feature was originally implemented, GraphicsMagick added a 696 temporary file management subsystem which assures that temporary 697 files are removed so this feature is not needed.</li> 698 <li>coders/tiff.c (ReadTIFFImage): Fix heap overflow with file 699 "gkkxrilssm.tiff.-4678010562506843336" provided by Gustavo Grieco 700 on February 8, 2006 via private email.</li> 701 <li>coders/viff.c (ReadVIFFImage): Fix problem with a very large 702 malloc in sample file provided by Hanno Böck on May 7, 2016 with 703 subject "large malloc in ReadVIFFImage".</li> 704 <li>coders/mvg.c (RegisterMVGImage): Do not auto-detect MVG format 705 based on file extension. MVG files can then only be read by 706 adding a "MVG:" prefix to the file name. There is already no 707 auto-detection of MVG based on content.</li> 708 </ul> 709 </blockquote> 710 <p>2016-05-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 711 <blockquote> 712 <ul class="simple"> 713 <li>coders/xpm.c (ReadXPMImage): Limit the number of XPM colors and 714 assure array initialization. Fixes bad behavior with a sample 715 file provided by Hanno Böck on May 6, 2016 with subject "Invalid 716 free in ReadXPMImage".</li> 717 <li>coders/pcx.c (ReadPCXImage): Limit the number of PCX image 718 planes allowed. Fixes an unreasonable memory allocation in a 719 sample file provided by Hanno Böck on May 5, 2016.</li> 720 </ul> 721 </blockquote> 722 <p>2016-05-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 723 <blockquote> 724 <ul class="simple"> 725 <li>config/delegates.mgk.in: Gnuplot files are inherently insecure. 726 Remove delegates support for reading them. Reported by John 727 Lightsey via private email. 728 Added -dSAFER to Ghostscript invokations in delegates.mgk for more 729 secure execution. Reported by David Chan via SourceForge bug 730 "#386 ghostscript delegates should explicitly use -dSAFER.".</li> 731 <li>magick/constitute.c (ReadImages): Avoid possible infinite 732 ReadImage() recursion.</li> 733 </ul> 734 </blockquote> 735 <p>2016-05-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 736 <blockquote> 737 <ul class="simple"> 738 <li>magick/render.c (DrawPolygonPrimitive): Fix divide by zero 739 exception encountered while reading file "sigfpe.svg" posted by 740 Gustavo Grieco on May 1, 2016 to the oss-security mailing list 741 with subject "CVE request: DoS in multiple versions of 742 GraphicsMagick". 743 (DrawDashPolygon): Fix endless loop problem caused by negative 744 stroke-dasharray arguments. Resolves problem observed while 745 reading file "circular.svg" posted by Gustavo Grieco on May 1, 746 2016 to the oss-security mailing list with subject "CVE request: 747 DoS in multiple versions of GraphicsMagick".</li> 748 <li>magick/import.c (ImportViewPixelArea): Fix assertion while 749 reading TIFF file gkkxrilssm.tiff.105123337066 provided by Gustavo 750 Grieco.</li> 751 </ul> 752 </blockquote> 753 <p>2016-04-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 754 <blockquote> 755 <ul class="simple"> 756 <li>coders/locale.c (ReadLOCALEImage): Make sure to close blob 757 before returning.</li> 758 <li>coders/svg.c ("C"): Provide a hack work-around for double-quoted 759 font-family argument.</li> 760 <li>magick/render.c (DrawImage): Make SVG path and other primitive 761 parsing more robust. Fixes SEGV when reading files provided by 762 CVE-2016-2318 test cases. Fixes CVE-2016-2318 completely.</li> 763 </ul> 764 </blockquote> 765 <p>2016-04-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 766 <blockquote> 767 <ul class="simple"> 768 <li>magick/render.c (DrawImage): Fix heap buffer overflow when 769 reading aaphrbkwwe.svg.-1114777018469422437 from CVE-2016-2317 770 test cases. This resolves CVE-2016-2317 completely.</li> 771 </ul> 772 </blockquote> 773 <p>2016-04-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 774 <blockquote> 775 <ul class="simple"> 776 <li>magick/command.c (MogrifyImageCommand): Added mogrify 777 -preserve-timestamp option to preserve file access and 778 modification timestamps. Contributed by Niko Rosvall via 779 SourceForge patch #45 "preserve-timestamp option for mogrify 780 command."</li> 781 </ul> 782 </blockquote> 783 <p>2016-04-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 784 <blockquote> 785 <ul class="simple"> 786 <li>magick/blob.c: Added ReadBlobLSBSignedShort(), 787 ReadBlobMSBSignedShort(), 788 ReadBlobLSBSignedLong(),ReadBlobMSBSignedLong(), 789 WriteBlobLSBSignedShort(), WriteBlobLSBSignedLong(), 790 WriteBlobMSBSignedLong(), WriteBlobMSBSignedShort() for doing I/O 791 on signed integer types without the need for dangerous casts or 792 unexpected values due to signed/unsigned conversion.</li> 793 </ul> 794 </blockquote> 795 <p>2016-04-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 796 <blockquote> 797 <ul class="simple"> 798 <li>NEWS.txt: Updated with latest changes.</li> 799 <li>magick/constitute.c (ReadImage): Added asserts to check that the 800 I/O blob is not still open in the returned image since this causes 801 problems.</li> 802 <li>magick/blob.c (CloneBlobInfo): Use a cloning approach which does 803 not require manually keeping structure members in sync.</li> 804 <li>coders/msl.c (ProcessMSLScript): Need to close I/O blob before 805 returning.</li> 806 <li>coders/psd.c (ReadPSDImage): Assure that allocated image is not 807 dereferenced before checking if it is NULL. Check some memory 808 calculations for overflow. 809 (ReadPSDImage): Need to close I/O blob before returning.</li> 810 <li>coders/dib.c (ReadDIBImage): Use DestroyBlob() rather than 811 DestroyBlobInfo().</li> 812 <li>coders/bmp.c (ReadBMPImage): Use DestroyBlob() rather than 813 DestroyBlobInfo().</li> 814 <li>magick/blob.c: Improve blob tracing.</li> 815 </ul> 816 </blockquote> 817 <p>2016-04-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 818 <blockquote> 819 <ul class="simple"> 820 <li>coders/bmp.c (ReadBMPImage): Fix reading 24-bit Microsoft BMP 821 which claims to have a colormap.</li> 822 </ul> 823 </blockquote> 824 <p>2016-04-13 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 825 <blockquote> 826 <ul class="simple"> 827 <li>PerlMagick/t/input_complex_lsb_double_V4.mat Demo Matlab V4 828 complex file.</li> 829 <li>coders/mat.c Missing break added.</li> 830 </ul> 831 </blockquote> 832 <p>2016-04-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 833 <blockquote> 834 <ul class="simple"> 835 <li>coders/xpm.c (ReadXPMImage): Fix SourceForge issue #361 836 "out-of-bounds read in coders/xpm.c:150:24"</li> 837 <li>coders/psd.c (ReadPSDImage): Add some defensive code to assure 838 that image layers are not freed twice.</li> 839 </ul> 840 </blockquote> 841 <p>2016-04-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 842 <blockquote> 843 <ul class="simple"> 844 <li>magick/log.c (InitializeLogInfo): Simplify LogInfo structure and 845 its allocation in order to lessen the amount of fixed overhead.</li> 846 </ul> 847 </blockquote> 848 <p>2016-04-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 849 <blockquote> 850 <ul class="simple"> 851 <li>coders/jp2.c (WriteJP2Image): Fix SourceForge issue #378 "jp2: 852 impossible to create lossless jpeg-2000". With this fix, 853 specifying 'define jp2:rate=1.0' or '-quality 100' results in a 854 lossless JP2 file.</li> 855 </ul> 856 </blockquote> 857 <p>2016-04-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 858 <blockquote> 859 <ul class="simple"> 860 <li>magick/common.h: Update for GCC 5.</li> 861 <li>PerlMagick/MANIFEST: Update PerlMagick manifest.</li> 862 <li>PerlMagick/t/{read.t, write.t}: Add tests for MAT v4.</li> 863 </ul> 864 </blockquote> 865 <p>2016-04-03 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 866 <blockquote> 867 <ul class="simple"> 868 <li>coders/mat.c Matlab V4 attempt to read complex part of data.</li> 869 </ul> 870 </blockquote> 871 <p>2016-04-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 872 <blockquote> 873 <ul class="simple"> 874 <li>PerlMagick/t/features.pl.in: Provide a way that PerlMagick 875 feature tests can test if a feature is supported. Use it to make 876 the PSD test optional.</li> 877 <li>coders/Makefile.am: Only build PSD module if 878 ENABLE_BROKEN_CODERS is enabled.</li> 879 <li>magick/module.c (UnloadModule): Only invoke the module 880 unregister function if it is defined. The module register 881 function is not defined if either the register or unregister 882 functions were not found in the module which was loaded.</li> 883 </ul> 884 </blockquote> 885 <p>2016-04-02 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 886 <blockquote> 887 <ul class="simple"> 888 <li><dl class="first docutils"> 889 <dt>coders/mat.c Matlab V4 files are also rotated.</dt> 890 <dd>* PerlMagick/t/input_gray_lsb_double_V4.mat Demo Matlab V4 file.</dd> 891 </dl> 892 </li> 893 </ul> 894 </blockquote> 895 <p>2016-04-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 896 <blockquote> 897 <ul class="simple"> 898 <li>magick/magick.c (GetMagickInfo): Only declare that ExceptionInfo 899 argument is not used if modules are not supported.</li> 900 </ul> 901 </blockquote> 902 <p>2016-03-28 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 903 <blockquote> 904 <ul class="simple"> 905 <li>coders/mat.c Attempt to read Matlab V4 files.</li> 906 </ul> 907 </blockquote> 908 <p>2016-03-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 909 <blockquote> 910 <ul class="simple"> 911 <li>magick/image.c (DestroyImage): Simply return if image is NULL 912 since it is more user-friendly.</li> 913 <li>magick/shear.c (RotateImage): Fix Coverity issue 124519 914 "Logically dead code".</li> 915 <li>magick/effect.c (BlurImage): Fix Coverity issue 124520 916 "Dereference after null check".</li> 917 <li>coders/pdb.c (WritePDBImage): Fix SourceForge bug #360 918 "out-of-bounds read in utilities/gm+0x80fcc71) (PDB reader)".</li> 919 <li>coders/meta.c (convertHTMLcodes): Fix SourceForge bug #373 920 "out-of-bounds read in coders/meta.c:444:50" 921 (ReadMETAImage): Fix SourceForge bug #364 "out-of-bounds write in 922 coders/meta.c:1331:7".</li> 923 </ul> 924 </blockquote> 925 <p>2016-03-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 926 <blockquote> 927 <ul class="simple"> 928 <li>coders/sgi.c (ReadSGIImage): Fix SourceForge bug #366 929 "out-of-bounds write in coders/sgi.c:528:4" and bug #369 930 "out-of-bounds write in coders/sgi.c:535:4".</li> 931 <li>coders/rle.c (ReadRLEImage): Fix SourceForge bug #371 932 "out-of-bounds read in coders/rle.c:633:39".</li> 933 </ul> 934 </blockquote> 935 <p>2016-03-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 936 <blockquote> 937 <ul class="simple"> 938 <li>coders/dib.c (ReadDIBImage): Fix SourceForge bug #367 939 "out-of-bounds read in coders/dib.c:706:13" and bug #370 940 "out-of-bounds read in coders/dib.c:716:15".</li> 941 <li>coders/pict.c (ReadPICTImage): Fix SourceForge bug #365 942 "out-of-bounds read in magick/image.c:1305:3"</li> 943 <li>magick/utility.c (GetPageGeometry): Fix SourceForge bug #374 944 "out-of-bounds write in magick/utility.c:4355:7"</li> 945 </ul> 946 </blockquote> 947 <p>2016-03-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 948 <blockquote> 949 <ul class="simple"> 950 <li>coders/miff.c (ReadMIFFImage): Fix SourceForge bug #376 "SIGABRT 951 in magick/colorspace.c:1052".</li> 952 <li>magick/shear.c (RotateImage): Fix SourceForge bug #375 "SIGABRT 953 in magick/image.c:1230".</li> 954 <li>coders/sun.c (DecodeImage): Fix SourceForge bug #368 955 "out-of-bounds read in coders/sun.c:223:17" and bug #363 956 "out-of-bounds read in coders/sun.c:221:16".</li> 957 </ul> 958 </blockquote> 959 <p>2016-03-20 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 960 <blockquote> 961 <ul class="simple"> 962 <li>coders/svg.c (GetUserSpaceCoordinateValue): Fix stack buffer 963 overflow when reading file 'aaphrbkwwe.svg.-632425326915265752' 964 from CVE-2016-2317 problem files. Partial fix for SourceForge bug 965 #358 "CVE-2016-2317 - SVG heap/stack buffer overflows".</li> 966 <li>magick/utility.c (MagickGetToken): New private function to 967 replace GetToken(). The new function accepts a token buffer 968 length argument. GetToken() is modified to assume a token buffer 969 length 'MaxTextExtent'. All code using GetToken() is updated to 970 use MagickGetToken().</li> 971 <li>coders/svg.c: Fix heap buffer overflow when reading file 972 "aaphrbkwwe.svg.4495884156523242589" from CVE-2016-2317 problem 973 files. Partial fix for SourceForge bug #358 "CVE-2016-2317 - SVG 974 heap/stack buffer overflows".</li> 975 </ul> 976 </blockquote> 977 <p>2016-03-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 978 <blockquote> 979 <ul class="simple"> 980 <li>coders/psd.c (ReadPSDImage): Fix SourceForge bug #341 981 "out-of-bounds read in coders/psd.c:1435". 982 (WriteWhiteBackground): Fix SourceForge bug #350 "SEGV in 983 coders/psd.c:1685". 984 (DecodeImage): Fix SourceForge bug #351 "heap-buffer-overflow in 985 coders/psd.c:142". 986 (ReadPSDImage): Fix SourceForge bug #342 "out-of-bounds write in 987 coders/psd.c:892"</li> 988 <li>coders/xcf.c (load_tile): Fix SourceForge bug #337 989 "heap-buffer-overflow in coders/xcf.c:373".</li> 990 <li>coders/pict.c (WritePICTImage): Fix SourceForge bug #340 991 "out-of-bounds write in coders/pict.c:1929".</li> 992 <li>coders/pdb.c (WritePDBImage): Fix SourceForge bug #348 993 "heap-buffer-overflow in coders/pdb.c:949:26".</li> 994 <li>coders/xpm.c (ReadXPMImage): Fix SourceForge bug #334 995 "heap-buffer-overflow in coders/xpm.c:150".</li> 996 </ul> 997 </blockquote> 998 <p>2016-03-09 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 999 <blockquote> 1000 <ul class="simple"> 1001 <li>coders/mat.c Fixed huge image limitation.</li> 1002 </ul> 1003 </blockquote> 1004 <p>2016-03-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1005 <blockquote> 1006 <ul class="simple"> 1007 <li>coders/sun.c (WriteSUNImage): Fix SourceForge bug #343 1008 "out-of-bounds write in coders/sun.c:962".</li> 1009 <li>coders/rle.c (ReadRLEImage): Fix SourceForge bug #344 1010 "out-of-bounds write in coders/rle.c:524".</li> 1011 <li>coders/xpm.c (ReadXPMImage): Fix SourceForge bug #335 1012 "out-of-bounds read in coders/xpm.c:154 ".</li> 1013 </ul> 1014 </blockquote> 1015 <p>2016-03-06 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1016 <blockquote> 1017 <ul class="simple"> 1018 <li>doc/options.imdoc (-extent): Revised the example to 1019 clarify the interaction of -gravity with the "geometry" offsets.</li> 1020 </ul> 1021 </blockquote> 1022 <p>2016-03-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1023 <blockquote> 1024 <ul class="simple"> 1025 <li>configure.ac: Add support for --enable-broken-coders which 1026 determines if broken or hazardous file format support should be 1027 enabled in the build. Currently Adobe Photoshop (PSD) format is 1028 included in this category.</li> 1029 <li>Rotate Changelog for new year. Update documentation copyrights 1030 for new year.</li> 1031 </ul> 1032 </blockquote> 1033 <p>2016-03-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1034 <blockquote> 1035 <ul class="simple"> 1036 <li>tiff/libtiff/tif_config.h (HAVE_SNPRINTF): Define HAVE_SNPRINTF 1037 when using Microsoft Visual C++ 14 (Visual Studio 2015) or later. 1038 This is based on advice by Pablo Elpuro.</li> 1039 </ul> 1040 </blockquote> 1041 <p>2016-02-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1042 <blockquote> 1043 <ul class="simple"> 1044 <li>Magick++/lib/Image.cpp (xResolution): New method to support 1045 setting the horizontal resolution with double precision. 1046 (yResolution): New method to support setting the vertical 1047 resolution with double precision.</li> 1048 <li>www/Hg.rst: Document the ssh public keys for the server hosting 1049 the development Mercurial repository.</li> 1050 </ul> 1051 </blockquote> 1052 <p>2016-02-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1053 <blockquote> 1054 <ul class="simple"> 1055 <li>coders/xpm.c (ReadXPMImage): Fix SourceForge bug #333 1056 heap-buffer-overflow in coders/xpm.c:409.</li> 1057 </ul> 1058 </blockquote> 1059 </div> 1060 </body> 1061 </html>