github.com/kaydxh/golang@v0.0.131/pkg/gocv/cgo/third_path/graphics-magick/share/doc/GraphicsMagick/www/ChangeLog-2017.html (about) 1 <?xml version="1.0" encoding="utf-8" ?> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 4 <head> 5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 6 <meta name="generator" content="Docutils 0.15.2: http://docutils.sourceforge.net/" /> 7 <title>ChangeLog-2017.rst</title> 8 <link rel="stylesheet" href="docutils-articles.css" type="text/css" /> 9 </head> 10 <body> 11 12 <div class="banner"> 13 <img src="images/gm-107x76.png" alt="GraphicMagick logo" width="107" height="76" /> 14 <span class="title">GraphicsMagick</span> 15 <form action="http://www.google.com/search"> 16 <input type="hidden" name="domains" value="www.graphicsmagick.org" /> 17 <input type="hidden" name="sitesearch" value="www.graphicsmagick.org" /> 18 <span class="nowrap"><input type="text" name="q" size="25" maxlength="255" /> <input type="submit" name="sa" value="Search" /></span> 19 </form> 20 </div> 21 22 <div class="navmenu"> 23 <ul> 24 <li><a href="index.html">Home</a></li> 25 <li><a href="project.html">Project</a></li> 26 <li><a href="download.html">Download</a></li> 27 <li><a href="README.html">Install</a></li> 28 <li><a href="Hg.html">Source</a></li> 29 <li><a href="NEWS.html">News</a> </li> 30 <li><a href="utilities.html">Utilities</a></li> 31 <li><a href="programming.html">Programming</a></li> 32 <li><a href="reference.html">Reference</a></li> 33 </ul> 34 </div> 35 <div class="document"> 36 37 38 <p>2017-12-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 39 <blockquote> 40 <ul class="simple"> 41 <li>tests/rwfile.tap: Add tests for MIFF compressed sub-formats.</li> 42 </ul> 43 </blockquote> 44 <p>2017-12-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 45 <blockquote> 46 <ul class="simple"> 47 <li>magick/blob.c (OpenBlob): Zlib 1.2.8 does not accept an open 48 mode of "w+b" or "wb+". It seems to be allergic to '+'. As a 49 result, writing to ".gz" files was not working with Zlib 1.2.8. 50 Note that "w+b" must be used in the normal case since the test 51 suite fails otherwise!</li> 52 </ul> 53 </blockquote> 54 <p>2017-12-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 55 <blockquote> 56 <ul class="simple"> 57 <li>coders/png.c (ReadMNGImage): Fix SourceForge issue #535 58 "heap-buffer-overflow in ReadMNGImage". Problem was caused by 59 accessing byte before testing that limit has been reached, rather 60 than testing for limit before accessing the byte. This means that 61 it could only ever read one past the buffer allocation size.</li> 62 <li>coders/webp.c (WriteWEBPImage): Fix SourceForge issue #536 63 "stack-buffer-overflow in WriteWEBPImage". Due to a change to use 64 WebPMemoryWriter as part of the EXIF and ICC profile support 65 addition (enabled with libwebp 0.5.0), the progress indicator 66 callback is now passed a pointer to a wrong structure. This is 67 quite unfortunate since the progress indication is useful. The 68 progress indication is temporarily disabled when the 69 WebPMemoryWriter is in use until a solution is implemented. 70 (ProgressCallback): Re-implement progress callback so that image 71 pointer is stored/retrieved as thread-specific data.</li> 72 <li>coders/png.c (ReadMNGImage): Fix SourceForge issue #537 "null 73 pointer dereference in ReadMNGImage". DEFI chunk must be at least 74 2 bytes long.</li> 75 <li>coders/tiff.c (ReadNewsProfile): Fix SourceForge issue #533 76 "heap-buffer-overflow on LocaleNCompare". LocaleNCompare() was 77 being allowed to read heap data beyond the allocated region.</li> 78 </ul> 79 </blockquote> 80 <p>2017-12-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 81 <blockquote> 82 <ul class="simple"> 83 <li>magick/shear.c (IntegralRotateImage): Assure that reported error 84 in rotate by 270 case does immediately terminate processing. 85 Return a NULL Image pointer if there is a problem rather than a 86 corrupted image. Fix is related to SourceForge issue #532 87 "heap-buffer-overflow bug in ReadWPGImage".</li> 88 <li>magick/pixel_cache.c (AcquireCacheNexus): Add a check that the 89 pixel cache is compatible with the image dimensions. Fix is 90 related to SourceForge issue #532 "heap-buffer-overflow bug in 91 ReadWPGImage".</li> 92 </ul> 93 </blockquote> 94 <p>2017-12-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 95 <blockquote> 96 <ul class="simple"> 97 <li>coders/png.c (ReadOneJNGImage): Fix SourceForge issue #530 98 "heap-buffer-overflow in ReadOneJNGImage". In this case there is 99 a read one byte beyond the oFFs chunk allocation size due to an 100 error in specifying an offset into the chunk.</li> 101 <li>coders/palm.c (ReadPALMImage): Fix SourceForge issue #529 102 "global-buffer-overflow in ReadPALMImage". This issue only 103 occured in builds with QuantumDepth=8 due to the small range of 104 IndexPacket.</li> 105 </ul> 106 </blockquote> 107 <p>2017-12-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 108 <blockquote> 109 <ul class="simple"> 110 <li>PerlMagick/{Magick.pm, Magick.pm.in, Makefile.PL.in}: Only base 111 PerlMagick version on numeric portion of PACKAGE_VERSION.</li> 112 </ul> 113 </blockquote> 114 <p>2017-12-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 115 <blockquote> 116 <ul class="simple"> 117 <li>www/index.rst: Update to 1.3.27.</li> 118 <li>www/Changes.rst: Add 1.3.27</li> 119 <li>version.sh: Update library versioning.</li> 120 <li>NEWS.txt: Update NEWS in preparation for releasing 1.3.27.</li> 121 </ul> 122 </blockquote> 123 <p>2017-12-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 124 <blockquote> 125 <ul class="simple"> 126 <li>coders/dcm.c (DCM_ReadElement): Change size checks addressing 127 CVE-2017-12140 to be based on size_t rather than magick_off_t due 128 to apparent instability of the previous check across compilers.</li> 129 </ul> 130 </blockquote> 131 <p>2017-12-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 132 <blockquote> 133 <ul class="simple"> 134 <li>coders/png.c (WriteOnePNGImage): Fix heap read access outside of 135 allocated PixelPacket array while testing pixels for opacity. 136 Resolves SourceForge issue #526 "heap-buffer-overflow in 137 WriteOnePNGImage".</li> 138 </ul> 139 </blockquote> 140 <p>2017-12-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 141 <blockquote> 142 <ul class="simple"> 143 <li>coders/pnm.c (WritePNMImage): Fix SourceForge bug #525 144 "heap-buffer-overflow in MagickBitStreamMSBWrite".</li> 145 </ul> 146 </blockquote> 147 <p>2017-12-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 148 <blockquote> 149 <ul class="simple"> 150 <li>coders/dcm.c (DCM_ReadElement): Eliminate huge memory allocation 151 based on bogus length value. Addresses CVE-2017-12140. Problem was 152 reported via email from Petr Gajdos on Tue, 5 Dec 2017.</li> 153 </ul> 154 </blockquote> 155 <p>2017-12-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 156 <blockquote> 157 <ul class="simple"> 158 <li>Magick++/lib/Image.cpp (colorMap): Try to eliminate Coverity CID 159 172796 "Dereference after null check" which seems to be bogus.</li> 160 <li>coders/png.c (WriteOnePNGImage): Fix Coverity CID 168053 161 "Dereference after null check". The check for null and the error 162 report which attempted to use the null value was not needed at 163 all.</li> 164 <li>coders/cut.c (GetCutColors): Fix Coverity CID 10181: "Null 165 pointer dereferences". SetImagePixels() may return NULL.</li> 166 <li>coders/rgb.c (ReadRGBImage): Fix SourceForge issue #523 167 "heap-buffer-overflow". Similar issue to cmyk.c.</li> 168 <li>coders/gray.c (ReadGRAYImage): Fix SourceForge issue #522 169 "heap-buffer-overflow". Similar issue to cmyk.c.</li> 170 <li>coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #521 171 "heap-buffer-overflow". The requested tile must be within the 172 bounds of the image. As it happens, 'montage' passes size and 173 tile information which is useless for reading a raw image so it is 174 not possible to read raw CMYK using 'montage'.</li> 175 </ul> 176 </blockquote> 177 <p>2017-12-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 178 <blockquote> 179 <ul class="simple"> 180 <li>coders/pwp.c (ReadPWPImage): Eliminate dereference of null image 181 pointer. Addresses CVE-2017-11640. Also address access to 182 uninitialized memory. Problem was reported via email from Petr 183 Gajdos on Wed, 29 Nov 2017.</li> 184 </ul> 185 </blockquote> 186 <p>2017-11-22 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 187 <blockquote> 188 <ul class="simple"> 189 <li>coders/wpg.c Additional check for wrong bpp CVE-2017-14342.</li> 190 </ul> 191 </blockquote> 192 <p>2017-11-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 193 <blockquote> 194 <ul class="simple"> 195 <li>Magick++/lib/Image.cpp (autoOrient): Add method to auto-orient 196 an image so it looks right-side up by default. Based on patch by 197 Przemysław Sobala submitted as SourceForge patch #53 "Add 198 Magick::Image::autoOrient() method to Magick++ library".</li> 199 <li>www/download.rst: Change "Czechoslovakian ftp mirror" to "Czech 200 ftp mirror". Resolves SourceForge bug #520 "[web] Download sites: 201 non-existent country".</li> 202 </ul> 203 </blockquote> 204 <p>2017-11-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 205 <blockquote> 206 <ul class="simple"> 207 <li>coders/wpg.c (ReadWPGImage): Fix excessive use of disk resources 208 due to unreasonable record length. Addresses CVE-2017-14341. 209 Notified of this issue (with suggested patch) via email by Petr 210 Gajdos on Tue, 21 Nov 2017.</li> 211 </ul> 212 </blockquote> 213 <p>2017-11-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 214 <blockquote> 215 <ul class="simple"> 216 <li>README.txt: Comprehensive white-space clean-up across 217 GraphicsMagick core source files. Hard TAB character is converted 218 to spaces. Trailing white-space garbage is stripped.</li> 219 <li>magick/colormap.c (MagickConstrainColormapIndex): Deprecate use 220 of MagickConstrainColormapIndex() and prefer use of 221 VerifyColormapIndex() and VerifyColormapIndexWithColors() due to 222 avoiding dependence on index type, allowing provision of colors 223 other than image->colors, and capturing more useful source file 224 and line information.</li> 225 <li>coders/{rle.c, mat.c, xbm.c, sgi.c, png.c}: Eliminate size_t vs 226 unsigned 32 conversion warnings in WIN64 build.</li> 227 </ul> 228 </blockquote> 229 <p>2017-11-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 230 <blockquote> 231 <ul class="simple"> 232 <li>tiff: Import libtiff 4.0.9.</li> 233 </ul> 234 </blockquote> 235 <p>2017-11-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 236 <blockquote> 237 <ul class="simple"> 238 <li>coders/bmp.c (DecodeImage): "Right-size" and "Right-type" 239 DecodeImage() variables and check for EOF at every point of the 240 way. Pass buffer size as an argument.</li> 241 <li>coders/dib.c (DecodeImage): "Right-size" and "Right-type" 242 DecodeImage() variables and check for EOF at every point of the 243 way. Pass buffer size as an argument.</li> 244 <li>coders/bmp.c (_BMPInfo): "Right-size" BMPInfo members. The 245 'long' type is promoted to 64-bit on LP64 systems and the large 246 size is not needed.</li> 247 </ul> 248 </blockquote> 249 <p>2017-11-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 250 <blockquote> 251 <ul class="simple"> 252 <li>coders/webp.c: Incorporate patch by Jan Spitalnik to add EXIF 253 and ICC metadata support to the WebP coder. While WebP is still 254 supported back to libwebp 0.1.99, the metadata support requires at 255 least libwebp 0.5.0. Resolves SourceForge patch #52 "Add EXIF/ICC 256 metadata support to WebP coder".</li> 257 <li>coders/png.c (ReadOneJNGImage): Fix JNG memory leaks when JPEG 258 image fails to be read. 259 (WriteOnePNGImage): Promotion of indexed PNG to RGBA lacked 260 setting of image matte, resulting in undersized buffer allocation 261 and heap overflow. Fixes SourceForge bug #453 "Heap overflow in 262 source-gra/coders/png.c".</li> 263 </ul> 264 </blockquote> 265 <p>2017-11-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 266 <blockquote> 267 <ul class="simple"> 268 <li>coders/sfw.c (SFWScan): Fix heap buffer overflow 269 (CVE-2017-13134). Notified of problem via email (including a 270 patch) from Petr Gajdos on Mon, 6 Nov 2017.</li> 271 </ul> 272 </blockquote> 273 <p>2017-11-05 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 274 <blockquote> 275 <ul class="simple"> 276 <li>coders/wpg.c Wrong MaxMap check condition - fixed.</li> 277 </ul> 278 </blockquote> 279 <p>2017-11-04 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 280 <blockquote> 281 <ul class="simple"> 282 <li>coders/wpg.c Check for InsertRow() return value.</li> 283 </ul> 284 </blockquote> 285 <p>2017-11-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 286 <blockquote> 287 <ul class="simple"> 288 <li>magick/export.c: Add not-null check for indexes pointer where 289 needed.</li> 290 <li>magick/import.c: Add not-null check for indexes pointer with 291 associated exception report where the indexes pointer is needed. 292 (ImportCMYKQuantumType): Was wrongly importing an opacity channel 293 in some cases. Would have crashed if these cases were ever used.</li> 294 <li>coders/wpg.c (ReadWPGImage): Assure that colormapped image is a 295 PseudoClass type with valid colormapped indexes. Fixes 296 SourceForge bug 519 "Null Pointer Dereference (Write) with 297 malformed WPG Image".</li> 298 <li>coders/sfw.c (ReadSFWImage): Avoid possible heap overflow while 299 copying JFIF magic into buffer. Reject runt files. Fixes 300 CVE-2017-12983. Notified of problem via email from Petr Gajdos on 301 Thu, 2 Nov 2017.</li> 302 </ul> 303 </blockquote> 304 <p>2017-10-28 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 305 <blockquote> 306 <ul class="simple"> 307 <li>magick/render.c (DrawImage): Fix SourceForge bug #517 "Push 308 operations in DrawImage can lead to negative strncpy when looking 309 for pop". Interestingly, valgrind and ASAN only detected a 310 problem with one of the test cases since exercised code which 311 updated an array using the index. It appears that Linux strncpy() 312 simply ignores the bad request.</li> 313 </ul> 314 </blockquote> 315 <p>2017-10-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 316 <blockquote> 317 <ul class="simple"> 318 <li>coders/png.c (ReadOneJNGImage): Make sure that a reasonable 319 exception is reported to the user when there is a read failure.</li> 320 </ul> 321 </blockquote> 322 <p>2017-10-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 323 <blockquote> 324 <ul class="simple"> 325 <li>coders/png.c (ReadOneJNGImage): Reject JNG files with 326 unreasonable dimensions given the file size.</li> 327 </ul> 328 </blockquote> 329 <p>2017-10-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 330 <blockquote> 331 <ul class="simple"> 332 <li>coders/png.c (ReadOneJNGImage): Fix SourceForge bug #518 "Null 333 pointer in". Also make sure that errors are reported properly due 334 to problems with transferring JPEG scanlines. 335 (ReadOneJNGImage): Add more checks for null value returned from 336 SetImagePixels().</li> 337 </ul> 338 </blockquote> 339 <p>2017-10-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 340 <blockquote> 341 <ul class="simple"> 342 <li>magick/describe.c (DescribeImage): Fix possible heap read 343 overflow while accessing heap data, and possible information 344 disclosure while describing the IPTC profile. Report was provided 345 via email from Maor Shwartz to the graphicsmagick-security mail 346 alias on Thu, 19 Oct 2017. Independent security researchers, 347 Jeremy Heng (@nn_amon) and Terry Chia (Ayrx), reported this 348 vulnerability to Beyond Security’s SecuriTeam Secure Disclosure 349 program. Please note that this interface is usually (but not 350 exclusively) used from within the command-line utility program, in 351 which case there is not much useful information which might be 352 disclosed. 353 (DescribeImage): Fix possible heap write overflow when describing 354 visual image directory. Report was provided via email from Maor 355 Shwartz to the graphicsmagick-security mail alias on Thu, 19 Oct 356 2017. Independent security researchers, Jeremy Heng (@nn_amon) 357 and Terry Chia (Ayrx), reported this vulnerability to Beyond 358 Security’s SecuriTeam Secure Disclosure program. Please note that 359 this interface is usually (but not exclusively) used from within 360 the command-line utility program, in which case the only harm 361 would be a program crash.</li> 362 <li>magick/constitute.c (WriteImage): Assure that the errno present 363 when the blob error status first occured is reported to the user.</li> 364 <li>magick/blob.c (GetBlobStatus): Blob error status is now updated 365 immediately upon the first error reported. 366 (GetBlobFirstErrno): Returns errno value when the first blob error 367 was reported. This is useful for error reporting.</li> 368 </ul> 369 </blockquote> 370 <p>2017-10-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 371 <blockquote> 372 <ul class="simple"> 373 <li>magick/constitute.c (WriteImage): Restore use of GetBlobStatus() 374 to test if an I/O error was encountered while writing output file. 375 This assures that I/O failure in writers which do not themselves 376 verify writes is assured to be reported.</li> 377 </ul> 378 </blockquote> 379 <p>2017-10-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 380 <blockquote> 381 <ul class="simple"> 382 <li>coders/webp.c (WriterCallback): WebP writer now detects partial 383 write to output file. Patch by Przemysław Sobala from a posting 384 on Mon, 16 Oct 2017 via the graphicsmagick-help mailing list.</li> 385 </ul> 386 </blockquote> 387 <p>2017-10-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 388 <blockquote> 389 <ul class="simple"> 390 <li>magick/command.c (MontageImageCommand): Fix memory leaks in 391 error return path. Only people doing leak testing or the few who 392 execute MontageImageCommand() as a function will care about this.</li> 393 <li>magick/studio.h (NumberOfObjectsInArray): The 394 NumberOfObjectsInArray() macro is used to compute the number of 395 whole objects in an array. Instead it was rounding up, resulting 396 in scrambling the heap beyond the allocation. Fixes 397 CVE-2017-13737 "There is an invalid free in the MagickFree 398 function in magick/memory.c in GraphicsMagick 1.3.26 that will 399 lead to a remote denial of service attack."</li> 400 </ul> 401 </blockquote> 402 <p>2017-10-09 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 403 <blockquote> 404 <ul class="simple"> 405 <li>coders/png.c (ReadOnePNGImage): Suppress "comparison between 406 signed and unsigned integer expressions" warning.</li> 407 <li>coders/png.c (ReadJNGImage): Fix memory leak in SourceForge 408 Issue #469 "use after free in ReadJNGImage".</li> 409 <li>coders/png.c (ReadJNGImage): Fix memory leak in SourceForge 410 Issue #470 "Assert failure in writeblob".</li> 411 </ul> 412 </blockquote> 413 <p>2017-10-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 414 <blockquote> 415 <ul class="simple"> 416 <li>doc/options.imdoc: Fix SourceForge issue #444 "gm mogrify: Wrong 417 documentation for option -output-directory".</li> 418 </ul> 419 </blockquote> 420 <p>2017-10-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 421 <blockquote> 422 <ul class="simple"> 423 <li>magick/module.c (InitializeModuleSearchPath): Verify that any 424 component paths specified in MAGICK_CODER_MODULE_PATH and 425 MAGICK_FILTER_MODULE_PATH exist before adding them to search paths 426 actually used, and convert to real paths if possible. This avoids 427 possible use of relative paths to load modules (a possible 428 security issue) and may improve efficiency by removing 429 non-existent paths.</li> 430 <li>coders/yuv.c (ReadYUVImage): Fix leak of scanline upon Image 431 allocation failure. Patch submitted by Petr Gajdos via email on 432 Fri, 6 Oct 2017.</li> 433 </ul> 434 </blockquote> 435 <p>2017-09-13 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 436 <blockquote> 437 <ul class="simple"> 438 <li>coders/png.c: Attempt to fix SourceForge Issue #469 "use after 439 free in ReadJNGImage". Note that this change was found to replace 440 a use after free with a memory leak so the problem is not solved 441 yet.</li> 442 </ul> 443 </blockquote> 444 <p>2017-10-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 445 <blockquote> 446 <ul class="simple"> 447 <li>coders/dcm.c (DCM_ReadNonNativeImages): Additional fix 448 (improvement) for SourceForge issue #512 "NULL Pointer Dereference 449 in DICOM Decoder".</li> 450 </ul> 451 </blockquote> 452 <p>2017-10-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 453 <blockquote> 454 <ul class="simple"> 455 <li>coders/dcm.c (ReadDCMImage): Fix SourceForge issue #512 "NULL 456 Pointer Dereference in DICOM Decoder".</li> 457 <li>coders/pict.c (ReadPICTImage): Fix SourceForge issue #511 458 "Memory Allocation error due to malformed image file".</li> 459 <li>coders/pnm.c (WritePNMImage): Fix SourceForge issue #503 "memory 460 leak in WritePNMImage".</li> 461 <li>coders/png.c (ReadMNGImage): Fix SourceForge issue #501 "memory 462 leak in ReadMNGImage".</li> 463 <li>magick/segment.c (InitializeIntervalTree): Fix SourceForge issue 464 #507 "null pointer in segment.c" and issue #508 "null pointer in 465 segment.c".</li> 466 <li>coders/topol.c (ReadTOPOLImage): Fix SourceForge issue #510 467 "null pointer and meory leak in topol.c".</li> 468 <li>magick/widget.c (MagickXFileBrowserWidget): Fix SourceForge 469 issue #506 "null pointer in widget.c".</li> 470 <li>coders/tiff.c (WriteTIFFImage): Fix SourceForge issue #509 471 "Memory leak in tiff.c".</li> 472 <li>magick/module.c (FindMagickModule): Fix SourceForge issue #502 473 "null pointer in module.c".</li> 474 <li>coders/avs.c (ReadAVSImage): Fix Coverity CID 184115 "Control 475 flow issues (DEADCODE)".</li> 476 </ul> 477 </blockquote> 478 <p>2017-09-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 479 <blockquote> 480 <ul class="simple"> 481 <li>coders/avs.c (ReadAVSImage): Fix SourceForge issue #499 "memory 482 leak in avs.c".</li> 483 <li>coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #498 484 "memory leak in cmyk.c".</li> 485 <li>coders/cut.c (ReadCUTImage): Fix SourceForge issue #497 "memory 486 leak in cut.c".</li> 487 <li>coders/dpx.c (ReadDPXImage): Fix SourceForge issue #496 "memory 488 leak in dpx.c".</li> 489 <li>coders/hdf.c (ReadHDFImage): Fix SourceForge issue #495 "memory 490 leak in hdf.c".</li> 491 <li>coders/pcx.c (ReadPCXImage): Fix SourceForge issue #494 "memory 492 leak in pcx.c".</li> 493 <li>coders/pcd.c (ReadPCDImage): Fix SourceForge issue #493 "memory 494 leak in ReadPCDImage".</li> 495 <li>coders/histogram.c (WriteHISTOGRAMImage): Fix SourceForge issue 496 #492 "memory leak in WriteHISTOGRAMImage".</li> 497 <li>coders/gif.c (WriteGIFImage): Fix SourceForge issue #491 "memory 498 leak in WriteGIFImage".</li> 499 <li>coders/fits.c (WriteFITSImage): Fix SourceForge issue #490 500 "memory leak in WriteFITSImage".</li> 501 <li>coders/palm.c (WritePALMImage): Fix SourceForge issue #489 502 "memory leak in WritePALMImage".</li> 503 <li>coders/rgb.c (ReadRGBImage): Fix SourceForge issue #488 "Memory 504 leak in rgb.c".</li> 505 <li>coders/palm.c (ReadPALMImage): Fix SourceForge issue #487 "NULL 506 pointer dereference in ReadPALMImage".</li> 507 <li>Magick++/lib/Options.cpp (strokeDashArray): Fix SourceForge 508 issue #486 "NULL pointer dereference in 509 Magick::Options::strokeDashArray".</li> 510 <li>magick/nt_feature.c (NTGetTypeList): Fix SourceForge issue #485 511 "NULL pointer dereference in NTGetTypeList".</li> 512 <li>coders/sun.c (ReadSUNImage): Fix SourceForge issue #484 "Memory 513 leak in sun.c".</li> 514 <li>coders/tim.c (ReadTIMImage): Fix SourceForge issue #483 "Memory 515 leak in tim.c".</li> 516 <li>magick/nt_base.c (NTRegistryKeyLookup): Fix SourceForge issue 517 #482 "NULL pointer dereference in NTRegistryKeyLookup".</li> 518 <li>coders/viff.c (ReadVIFFImage): Fix SourceForge issue #481 519 "Memory leak in viff.c".</li> 520 <li>magick/profile.c (SetImageProfile): Fix SourceForge issue #480 521 "assertion failure in MagickMapAllocateMap".</li> 522 <li>coders/yuv.c (ReadYUVImage): Fix SourceForge issue #478 "Memory 523 leak in yuv.c".</li> 524 <li>magick/map.c (MagickMapCloneMap): Fix SourceForge issue #477 525 "assertion failure in MagickMapIterateNext".</li> 526 <li>coders/emf.c (ReadEnhMetaFile): Fix SourceForge issue #475 "NULL 527 pointer dereference in ReadEnhMetaFile".</li> 528 <li>coders/cineon.c (ReadCINEONImage): Fix SourceForge issue #473 529 "NULL pointer dereference in ReadCINEONImage"</li> 530 <li>coders/tiff.c (TIFFIgnoreTags): Fix SourceForge issue #476 "NULL 531 Pointer in tiff.c".</li> 532 </ul> 533 </blockquote> 534 <p>2017-09-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 535 <blockquote> 536 <ul class="simple"> 537 <li>magick/blob.c (GetConfigureBlob): Fix SourceForge issue #472 538 "NULL Pointer in GetConfigureBlob".</li> 539 </ul> 540 </blockquote> 541 <p>2017-09-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 542 <blockquote> 543 <ul class="simple"> 544 <li>coders/rle.c (ReadRLEImage): Fix SourceForge issue #458 "Heap 545 out of bounds read in ReadRLEImage()".</li> 546 </ul> 547 </blockquote> 548 <p>2017-09-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 549 <blockquote> 550 <ul class="simple"> 551 <li>coders/sgi.c (ReadSGIImage): Check for EOF while reading SGI 552 file header. Issue was brought to our attention by Petr Gajdos 553 via email on Fri, 1 Sep 2017.</li> 554 </ul> 555 </blockquote> 556 <p>2017-09-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 557 <blockquote> 558 <ul class="simple"> 559 <li>coders/tiff.c (ReadTIFFImage): Allow a single scanline, strip, 560 tile, to be 1000X larger than the input file in order to not cause 561 problems for extremely compressible images or tile sizes much 562 larger than the pixel dimensions.</li> 563 </ul> 564 </blockquote> 565 <p>2017-09-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 566 <blockquote> 567 <ul class="simple"> 568 <li>magick/symbols.h, wand/wand_symbols.h: Update C library symbols 569 which should be prefixed with 'Gm'. However, GM will not move 570 Magick++ namespace because of the ImageMagick version. Resolves 571 SourceForge issue #468 "--enable-symbol-prefix does not prevent 572 clashes with libMagick++ or libMagickWand?"</li> 573 <li>coders/png.c (DestroyJNG): DestroyJNG should be a static 574 function. Was wrongly exposed as DestroyJNGInfo in 1.3.26. This 575 is not a public function and was not intended to be part of the 576 ABI.</li> 577 <li>coders/tiff.c (ReadTIFFImage): Limit scanline, strip, and tile 578 memory allocations based on file size multiplied by a maximum 579 compression ratio. Fixes SourceForge issues #460, #461, #462, 580 #463, #464 "allocation failure in ReadTIFFImage".</li> 581 <li>coders/pnm.c (ReadPNMImage): Require that XV 332 format have 256 582 colors. Fixes SourceForge issue #465 "NULL Pointer Dereference 583 triggered by malformed file". In our own testing the test case 584 produced an assertion failure because assertions were enabled.</li> 585 <li>magick/colormap.c (AllocateImageColormap): Use unsigned array 586 index.</li> 587 </ul> 588 </blockquote> 589 <p>2017-09-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 590 <blockquote> 591 <ul class="simple"> 592 <li>coders/mat.c (ReadMATImage): Fix CVE-2016-10070, which is a heap 593 overflow in the MAT reader due to an under-sized memory 594 allocation. Based on private email from Petr Gajdos on Mon, 11 595 Sep 2017.</li> 596 </ul> 597 </blockquote> 598 <p>2017-09-13 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 599 <blockquote> 600 <ul class="simple"> 601 <li>coders/png.c: Check MemoryResource before allocating 602 ping_pixel array.</li> 603 </ul> 604 </blockquote> 605 <p>2017-09-11 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 606 <blockquote> 607 <ul class="simple"> 608 <li><dl class="first docutils"> 609 <dt>magick/shear.c: Possible evil loop might waste CPU for long time</dt> 610 <dd>without any reason.</dd> 611 </dl> 612 </li> 613 </ul> 614 </blockquote> 615 <p>2017-09-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 616 <blockquote> 617 <ul class="simple"> 618 <li>magick/render.c (DrawImage): Fix SourceForge issue #448 "Heap 619 out of bounds read in DrawDashPolygon()". Problem was reported by 620 Kamil Frankowicz on August 28, 2017.</li> 621 <li>coders/uil.c (WriteUILImage): Fix crash in UIL writer when 622 writing image containing transparency. Issue was reported by 623 LCatro via email on 18 Jul 2017.</li> 624 <li>coders/wpg.c (InsertRow): Fix crash which occurs if image is not 625 PseudoClass but a PseudoColor scanline is needed. Resolves 626 SourceForge issue #449 "Null pointer dereference in InsertRow()".</li> 627 <li>coders/rle.c (ReadRLEImage): Impose image dimension limits 628 according to Utah RLE specification. Cap number of planes handled 629 internally at 4. Remove non-standard multi-frame extension, which 630 did not work anyway.</li> 631 </ul> 632 </blockquote> 633 <p>2017-09-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 634 <blockquote> 635 <ul class="simple"> 636 <li>coders/png.c (ReadJNGImage): Complete fixing CVE-2017-8350 crash 637 while reading a malformed JNG file.</li> 638 <li>coders/{html.c, map.c, plasma.c, png.c, psd.c, rle.c, stegano.c, 639 uil.c}: Downgrade claimed coder stability level for HTML, SHTML, 640 MAP, FRACTAL, PLASMA, JNG, MNG, RLE, STEGANO, and UIL formats.</li> 641 </ul> 642 </blockquote> 643 <p>2017-09-08 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 644 <blockquote> 645 <ul class="simple"> 646 <li>coders/png.c (ReadJNGImage): More efforts toward fixing 647 CVE-2017-8350 while reading a malformed JNG file.</li> 648 </ul> 649 </blockquote> 650 <p>2017-09-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 651 <blockquote> 652 <ul class="simple"> 653 <li>magick/error.c (ThrowLoggedException): Capture the first 654 exception at ErrorException level or greater, or only capture 655 exception if it is more severe than an already reported exception. 656 This should help lead to better error reports since the first 657 error is usually the most significant.</li> 658 <li>coders/png.c (ReadJNGImage): Add "improper header" exception 659 reporting.</li> 660 </ul> 661 </blockquote> 662 <p>2017-09-01 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 663 <blockquote> 664 <ul class="simple"> 665 <li>coders/png.c (ReadJNGImage): Efforts toward fixing CVE-2017-8350 666 while reading a malformed JNG file.</li> 667 </ul> 668 </blockquote> 669 <p>2017-08-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 670 <blockquote> 671 <ul class="simple"> 672 <li>coders/wpg.c (ReadWPGImage): Patch submitted by Petr Gajdos to 673 check that .Width and .Height are greater than zero before they 674 are assigned to image->columns and image->rows respectively 675 (CVE-2014-9815). 676 (ReadWPGImage): Do more validations on WPG_Palette.StartIndex and 677 WPG_Palette.NumOfEntries.</li> 678 </ul> 679 </blockquote> 680 <p>2017-08-29 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 681 <blockquote> 682 <ul class="simple"> 683 <li>coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #440 684 "use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR 685 CVE-2017-11403)" and SourceForge issue #438 "heap use after free 686 in CloseBlob".</li> 687 <li>coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #439 688 "assertion failure in magick/pixel_cache.c"</li> 689 </ul> 690 </blockquote> 691 <p>2017-08-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 692 <blockquote> 693 <ul class="simple"> 694 <li>coders/mpeg.c (WriteMPEGImage): Fix MPEG writer memory leak. 695 Only the first image in the coalesce image list was being freed. 696 Problem was reported by LCatro via email on July 15, 2017.</li> 697 <li>magick/attribute.c (TracePSClippingPath, TraceSVGClippingPath): 698 Fix SourceForge bug #447 "Heap out of bounds read in 699 ReadMSBShort()".</li> 700 </ul> 701 </blockquote> 702 <p>2017-08-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 703 <blockquote> 704 <ul class="simple"> 705 <li>coders/xbm.c (ReadXBMImage): Fix two denial of service (DOS) 706 issues in ReadXBMImage() which result in the reader not 707 returning. Problem was reported via email on Wed Aug 23 2017 by 708 Xiaohei and Wangchu from Alibaba Security Team.</li> 709 <li>coders/jnx.c (ReadJNXImage): Fix denial of service (DOS) issue 710 in ReadJNXImage() whereby large amounts of CPU and memory 711 resources may be consumed although the file itself does not 712 support the requests. Problem was reported via email on Wed Aug 713 23 2017 by Xiaohei and Wangchu from Alibaba Security Team.</li> 714 </ul> 715 </blockquote> 716 <p>2017-08-14 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 717 <blockquote> 718 <ul class="simple"> 719 <li>coders/png.c (ReadOneMNGImage): Deal with invalid (too large) 720 length of MNG chunks (bug #446).</li> 721 </ul> 722 </blockquote> 723 <p>2017-08-20 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 724 <blockquote> 725 <ul class="simple"> 726 <li>coders/pnm.c (ReadPNMImage): Verify that sufficient file data 727 exists to support what the file header requires before allocating 728 memory for it. Fixes problem reported by Agostino Sarubbo via 729 email on Wed, 12 Jul 2017 and reported yet again via SourceForge 730 bug #441 "memory allocation failure in MagickRealloc".</li> 731 </ul> 732 </blockquote> 733 <p>2017-08-20 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 734 <blockquote> 735 <ul class="simple"> 736 <li>coders/mat.c: Fix SourceForge bug #433 "memory leak in 737 ReadMATImage". Credit for discovering and reporting the problem 738 is "ADLab of Venustech".</li> 739 <li>coders/sun.c (ReadSUNImage): Fix failure to allocate memory due 740 to inadequate file data to support claimed image width and height. 741 First notified by email from Agostino Sarubbo on 14 Jul 2017 and 742 then again as SourceForge bug #442 "memory allocation failure in 743 magickmalloc".</li> 744 </ul> 745 </blockquote> 746 <p>2017-08-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 747 <blockquote> 748 <ul class="simple"> 749 <li>coders/svg.c (GetStyleTokens): Fix SourceForge bugs 434 "heap 750 buffer overflow in GetStyleTokens", 435 "null pointer 751 dereference_in_SVGStartElement", and 436 "heap buffer overflow in 752 GetStyleTokens" which all originated from a heap buffer overflow 753 in GetStyleStokens(), or inconsistent initialization. Now the 754 implementation truncates parsing for poorly-formed input (to avoid 755 buffer overflow) while still correctly parsing well-formed input. 756 The reproducers and problem reports are attributed to "ADLab of 757 Venustech".</li> 758 </ul> 759 </blockquote> 760 <p>2017-08-14 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 761 <blockquote> 762 <ul class="simple"> 763 <li>coders/png.c (ReadOneJNGImage): Fixed double-free after 764 reading a malformed JNG (Issue #438).</li> 765 </ul> 766 </blockquote> 767 <p>2017-08-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 768 <blockquote> 769 <ul class="simple"> 770 <li>coders/pcd.c (ReadPCDImage): Fix memory leak on return path due 771 to corrupted header. Patch included in email on 14 Aug 2017 by 772 Petr Gajdos (ImageMagick CVE CVE-2017-8351).</li> 773 </ul> 774 </blockquote> 775 <p>2017-08-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 776 <blockquote> 777 <ul class="simple"> 778 <li>coders/gif.c (ReadGIFImage): Assure that global colormap is 779 initialized.</li> 780 <li>coders/pict.c (ReadPICTImage): Fix memory leaks in error return 781 path. ImageMagick CVE CVE-2017-8353. Patch by Petr Gajdos.</li> 782 </ul> 783 </blockquote> 784 <p>2017-08-11 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 785 <blockquote> 786 <ul class="simple"> 787 <li>tests/rwblob.c and rwfile.c: Write the reason for FAIL in 788 test-suite.log.</li> 789 <li>magick/image.h: Revised table of image orientations to show 790 Exif ImageOrientation values (which happen to be the same as 791 the enum values 1 to 8).</li> 792 <li>coders/png.c: ReadJNGIMage(): fix memory leak (Issue 431).</li> 793 </ul> 794 </blockquote> 795 <p>2017-08-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 796 <blockquote> 797 <ul class="simple"> 798 <li>coders/mtv.c (ReadMTVImage): Fix memory leak in error return 799 path upon unexpected EOF (ImageMagick CVE-2017-9142). Problem was 800 brought to our attention via email from Petr Gajdos on Wed, 9 Aug 801 2017. Also changed pixel cache access functions used to assure 802 delivery of exception to the user.</li> 803 </ul> 804 </blockquote> 805 <p>2017-08-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 806 <blockquote> 807 <ul class="simple"> 808 <li>configure.ac (SETJMP_IS_THREAD_SAFE): Decide if setjmp/longjmp 809 are thread safe based on host OS. Assume that these interfaces 810 are thread safe by default. Declared not to be thread safe under 811 Solaris. Declaring these interfaces to be thread safe increases 812 available concurrency for coders which use setjmp/longjmp for 813 error recovery (e.g. PNG and JPEG).</li> 814 </ul> 815 </blockquote> 816 <p>2017-08-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 817 <blockquote> 818 <ul class="simple"> 819 <li>coders/jpeg.c (RegisterJPEGImage): Add support for the 820 SETJMP_IS_THREAD_SAFE preprocessor definition (already used by 821 coders/png.c) to indicate if setjmp/longjmp are thread safe on 822 this platform and that it is safe for multiple encoders/decoders 823 to be active at one time.</li> 824 </ul> 825 </blockquote> 826 <p>2017-07-31 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 827 <blockquote> 828 <ul class="simple"> 829 <li>coders/sun.c: Fix heap read overflow while indexing into 830 colormap. Problem was reported via email on 17 Jul 2017 by 831 Agostino Sarubbo.</li> 832 </ul> 833 </blockquote> 834 <p>2017-07-31 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 835 <blockquote> 836 <ul class="simple"> 837 <li>coders/png.c (ReadMNGImage): Stop a leak when rejecting a 838 MNG image with dimensions that are too large.</li> 839 </ul> 840 </blockquote> 841 <p>2017-07-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 842 <blockquote> 843 <ul class="simple"> 844 <li>coders/wmf.c (ReadWMFImage): Eliminate use of already freed heap 845 data in error reporting path. Problem was reported via email by 846 Agostino Sarubbo on Fri, 14 Jul 2017</li> 847 </ul> 848 </blockquote> 849 <p>2017-07-25 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 850 <blockquote> 851 <ul class="simple"> 852 <li>coders/png.c (ReadMNGImage) Free chunk allocation that remains 853 after attempting to read a truncated file.</li> 854 <li>coders/png.c: Removed some redundant checks for chunk length 855 before MagickFreeMemory(chunk), which is safe to call with a 856 NULL argument.</li> 857 <li>coders/png.c: Fixed writer bug due to missing brackets; a Log 858 statement should have been inside the "i" loop but instead was 859 using i++ left over from the loop. Bug report by L. Catro.</li> 860 <li>coders/png.c: Reject a MNG with dimensions greater than 65k 861 by 65k.</li> 862 <li>coders/png.c (WriteOnePNGImage): Return without crashing if 863 WriteOnePNGImage is passed a NULL image. Fixes CVE-2017-11522.</li> 864 </ul> 865 </blockquote> 866 <p>2017-07-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 867 <blockquote> 868 <ul class="simple"> 869 <li>coders/pcl.c (WritePCLImage): Fix null pointer dereference in 870 PCL writer when writing monochrome images. Problem was reported 871 by LCatro via email on July 18.</li> 872 <li>magick/pixel_cache.c (PersistCache): Fix memory leak while 873 writing a MPC file. Problem was reported by LCatro via email on 874 July 18.</li> 875 <li>coders/map.c (WriteMAPImage): Fix null pointer dereference or 876 segmentation violation in the MAP writer if the input image is not 877 already colormapped. Problem was reported by LCatro via email on 878 July 18.</li> 879 <li>coders/gray.c (WriteGRAYImage): Improve tracing and tidy up.</li> 880 <li>coders/rgb.c (WriteRGBImage): Fix heap overwrite in raw RGB 881 writer (all output subformats) given a multiframe sequence using 882 different widths. Problem was reported by LCatro via email on 883 July 18.</li> 884 <li>coders/cmyk.c (WriteCMYKImage): Fix heap overwrite in raw CMYK 885 writer (all output subformats) given a multiframe sequence using 886 different widths. Also fix wrong output of CMYKA (and vice-versa) 887 when CMYK was intended. Problem was reported by LCatro via email 888 on July 18.</li> 889 <li>coders/palm.c: Disable the PALM writer since the writer is a 890 work in progress and still has implementation problems. Perhaps 891 no one in the world remains who cares about the undocumented PALM 892 format. Resolves heap overflow and assertion issues reported by 893 LCatro via emails on July 11th, and 12th, 2017.</li> 894 <li>magick/colormap.c (ReplaceImageColormap): Throw an exception 895 rather than assertion if the input image is not colormapped.</li> 896 </ul> 897 </blockquote> 898 <p>2017-07-13 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 899 <blockquote> 900 <ul class="simple"> 901 <li>coders/png.c: Implemented eXIf chunk support.</li> 902 </ul> 903 </blockquote> 904 <p>2017-07-12 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 905 <blockquote> 906 <ul class="simple"> 907 <li>coders/png.c: Fix typecast of left shifts (patch by Bob F)</li> 908 </ul> 909 </blockquote> 910 <p>2017-07-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 911 <blockquote> 912 <ul class="simple"> 913 <li>coders/ps.c (ReadPSImage): Fix reference to constant NULL image 914 argument which is dereferenced to pass an exception to 915 MagickMonitorFormatted(). Problem was reported by Agostino 916 Sarubbo via email on Wed, 12 Jul 2017.</li> 917 </ul> 918 </blockquote> 919 <p>2017-07-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 920 <blockquote> 921 <ul class="simple"> 922 <li>magick/blob.c: Add casts to fix undefined behavior in left 923 shifts. Issue was reported by Agostino Sarubbo via email on Mon, 924 10 Jul 2017.</li> 925 </ul> 926 </blockquote> 927 <p>2017-07-10 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 928 <blockquote> 929 <ul class="simple"> 930 <li>coders/png.c (ReadOneJNGImage): Ignore out-of-bounds MOVE 931 and CLIP object_id's.</li> 932 <li>coders/png.c (ReadMNGImage): Fix apparent off-by-one error 933 in MNG FRAM change_clipping processing.</li> 934 <li>coders/png.c (ReadMNGImage): Fix out-of-order CloseBlob() 935 and DestroyImageList() that caused a use-after-free crash. 936 Fixes CVE-2017-11403. This bug was discovered by Agostino Sarubbo.</li> 937 </ul> 938 </blockquote> 939 <p>2017-07-08 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 940 <blockquote> 941 <ul class="simple"> 942 <li>coders/png.c (ReadOneJngImage): Revised double-free fix.</li> 943 </ul> 944 </blockquote> 945 <p>2017-07-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 946 <blockquote> 947 <ul class="simple"> 948 <li>coders/png.c (ReadOneJNGImage): Fix double-frees caused by 949 commit on 2017-07-06.</li> 950 <li>coders/jpeg.c (ReadJPEGImage): Defer creating pixel cache until 951 after successfully reading first scanline. Classify some serious 952 libjpeg reported "warnings" as errors and quit processing 953 scanlines immediately upon first error so that corrupt JPEG does 954 not consume excessive resources. Resolves excessive resource 955 consumption issue reported for two JPEG files provided via email 956 by LCatro on Tue, 4 Jul 2017.</li> 957 </ul> 958 </blockquote> 959 <p>2017-07-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 960 <blockquote> 961 <ul class="simple"> 962 <li>coders/png.c (ReadOneJNGImage): Remove spurious 'n' from log 963 statement.</li> 964 </ul> 965 </blockquote> 966 <p>2017-07-06 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 967 <blockquote> 968 <ul class="simple"> 969 <li>coders/png.c: Consolidate JNG cleanup into a new DestroyJNG() 970 function.</li> 971 </ul> 972 </blockquote> 973 <p>2017-07-05 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 974 <blockquote> 975 <ul class="simple"> 976 <li>coders/png.c: prevent a crash due to zero-length color_image 977 while reading a JNG image. (CVE-2017-11102)</li> 978 </ul> 979 </blockquote> 980 <p>2017-07-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 981 <blockquote> 982 <ul class="simple"> 983 <li>NEWS.txt: Make sure is up to date.</li> 984 <li>www/index.rst: Update for 1.3.26 release.</li> 985 <li>version.sh: Update library versioning for 1.3.26 release.</li> 986 <li>magick/command.c (BatchCommand): Add ferror() checks around 987 batch input loop.</li> 988 </ul> 989 </blockquote> 990 <p>2017-07-03 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 991 <blockquote> 992 <ul class="simple"> 993 <li>coders/png.c: Reject a PNG file if the file size is too small 994 (less than 61 bytes). Reject a JNG file if it is too small (less 995 than 147 bytes).</li> 996 <li>coders/jpeg.c: Reject a JPEG file if the file size is too small 997 (less than 107 bytes).</li> 998 </ul> 999 </blockquote> 1000 <p>2017-07-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1001 <blockquote> 1002 <ul class="simple"> 1003 <li>coders/dpx.c (ReadDPXImage): Compute required file size and 1004 verify that sufficient data exists in file before allocating 1005 memory to decode the image data. Resolves problem with DPX file 1006 with valid header (but a huge claimed image width) provided 1007 provided via email on Thu, 29 Jun 2017 by LCatro. This issue has 1008 been assigned CVE-2017-10799.</li> 1009 </ul> 1010 </blockquote> 1011 <p>2016-07-02 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 1012 <blockquote> 1013 <ul class="simple"> 1014 <li>coders/mat.c Check whether reported object size overflows file size.</li> 1015 </ul> 1016 </blockquote> 1017 <p>2016-07-01 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> 1018 <blockquote> 1019 <ul class="simple"> 1020 <li>coders/mat.c Safety check for forged and or corrupted data. 1021 This issue has been assigned CVE-2017-10800.</li> 1022 </ul> 1023 </blockquote> 1024 <p>2017-07-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1025 <blockquote> 1026 <ul class="simple"> 1027 <li>coders/tiff.c ("QuantumTransferMode"): Use a generalized method 1028 to enforce that buffer overflow can not happen while importing 1029 pixels. Resolves problem with RGB TIFF claiming only one sample 1030 per pixel provided via email on Thu, 29 Jun 2017 by LCatro. This 1031 issue has been assigned CVE-2017-10794.</li> 1032 </ul> 1033 </blockquote> 1034 <p>2017-06-29 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1035 <blockquote> 1036 <ul class="simple"> 1037 <li>magick/command.c: Convert bare 'unsigned int' to MagickPassFail 1038 where suitable to make intentions clear. Convert True/False to 1039 MagickTrue/MagickFalse or MagickPass/MagickFail according to 1040 purpose. This is a continuation of a gradual migration and does 1041 not represent an API change.</li> 1042 </ul> 1043 </blockquote> 1044 <p>2017-06-25 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1045 <blockquote> 1046 <ul class="simple"> 1047 <li>coders/png.c: Avoid NULL dereference when MAGN chunk processing 1048 fails (<a class="reference external" href="https://sourceforge.net/p/graphicsmagick/bugs/426/">https://sourceforge.net/p/graphicsmagick/bugs/426/</a>). Expand 1049 TABs.</li> 1050 </ul> 1051 </blockquote> 1052 <p>2017-06-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1053 <blockquote> 1054 <ul class="simple"> 1055 <li>NEWS.txt: Update NEWS with changes since the previous release.</li> 1056 <li>www/programming.rst: Switch the Lua link to 1057 <a class="reference external" href="https://github.com/arcapos/luagraphicsmagick">https://github.com/arcapos/luagraphicsmagick</a>, which is a more 1058 complete and direct interface from Lua to GraphicsMagick's Wand 1059 API.</li> 1060 </ul> 1061 </blockquote> 1062 <p>2017-06-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1063 <blockquote> 1064 <ul class="simple"> 1065 <li>VisualMagick/installer/gm-foo-dll.iss: Remove PerlMagick from 1066 the slim Inno Setup installer builder and remove mention of 1067 PerlMagick from the installer documentation.</li> 1068 <li>TclMagick/generic/TclMagick.c (magickCmd): Resolve SourceForge 1069 patch #51 "TclMagick: memory access error; possible segfault". 1070 (newMagickObj): Fix formatting of pointer value so it is 64-bit 1071 safe. Resolves SourceForge patch #50 "TclMagick: 64-bit 1072 portability issue".</li> 1073 <li>coders/pict.c (ReadPICTImage): Avoid possible use of negative 1074 value when indexing array, which would cause buffer overflow. 1075 Resolves SourceForge issue #427 "One possible buffer overflow 1076 vulnerability in 1077 GraphicsMagick-1.3.25/coders/pict.c:ReadPICTImage()".</li> 1078 </ul> 1079 </blockquote> 1080 <p>2017-06-22 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1081 <blockquote> 1082 <ul class="simple"> 1083 <li>coders/png.c: Stop memory leak when reading invalid JNG image. 1084 Fixes CVE-2017-8350.</li> 1085 </ul> 1086 </blockquote> 1087 <p>2017-06-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1088 <blockquote> 1089 <ul class="simple"> 1090 <li>coders/png.c: Fix lcms2.h inclusion logic.</li> 1091 <li>wand/magick_wand.c (MagickSetImageOrientation): Eliminate use of 1092 snprintf, which is not supported by older Visual Studio.</li> 1093 </ul> 1094 </blockquote> 1095 <p>2017-06-09 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1096 <blockquote> 1097 <ul class="simple"> 1098 <li>coders/png.c: Accept exIf chunks whose data segment 1099 erroneously begins with "Exif00".</li> 1100 </ul> 1101 </blockquote> 1102 <p>2017-06-01 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1103 <blockquote> 1104 <ul class="simple"> 1105 <li>coders/png.c: Removed experimental zxIF chunk support. That 1106 proposal is dead.</li> 1107 </ul> 1108 </blockquote> 1109 <p>2017-05-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1110 <blockquote> 1111 <ul class="simple"> 1112 <li>config/log.mgk: Added documentation suggested by SourceForge 1113 issue #419 "Consider a small patch to log.mgk".</li> 1114 <li>www/Changes.rst: Add missing link to most recent changes.</li> 1115 </ul> 1116 </blockquote> 1117 <p>2017-05-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1118 <blockquote> 1119 <ul class="simple"> 1120 <li>www/Magick++/Image.rst: Improve documentation for Magick++ 1121 Image::iccColorProfile() and Image::renderingIntent().</li> 1122 </ul> 1123 </blockquote> 1124 <p>2017-05-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1125 <blockquote> 1126 <ul class="simple"> 1127 <li>tiff: Update to libtiff 4.0.8.</li> 1128 </ul> 1129 </blockquote> 1130 <p>2017-03-19 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1131 <blockquote> 1132 <ul class="simple"> 1133 <li>coders/png.c: Quieted a new Coverity complaint about a potential 1134 text buffer overrun.</li> 1135 </ul> 1136 </blockquote> 1137 <p>2017-03-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1138 <blockquote> 1139 <ul class="simple"> 1140 <li>magick/image.c (SetImageInfo): Ignore empty magic prefix 1141 specification and do not remove colon character from start of 1142 filename. Resolves SourceForge bug #415 "Inconsistent Behavior w/ 1143 input_file Parameter".</li> 1144 </ul> 1145 </blockquote> 1146 <p>2017-03-18 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1147 <blockquote> 1148 <ul class="simple"> 1149 <li>coders/png.c: Added new private orNT PNG chunk, to 1150 preserve image->orientation when it is defined and not 1151 the default TopLeft.</li> 1152 <li>coders/jpeg.c: Mention image->orientation in the log when 1153 writing a JPEG.</li> 1154 </ul> 1155 </blockquote> 1156 <p>2017-03-15 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1157 <blockquote> 1158 <ul class="simple"> 1159 <li>coders/png.c (WriteOnePNGImage): Add version info about 1160 gm, libpng, zlib, and lcms to the PNG debug log.</li> 1161 </ul> 1162 </blockquote> 1163 <p>2017-03-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1164 <blockquote> 1165 <ul class="simple"> 1166 <li>magick/command.c (ImportImageCommand): Fix handling of -frame 1167 options. Option handling was incorrect due to option checking the 1168 frame option after it had been freed. Checking the frame dash 1169 option before freeing the argument solves the problem. From patch 1170 provided by Victor Ananjevsky as SourceForge patch #49 "-frame 1171 doesn't work in gm import".</li> 1172 <li>Magick++/lib/Image.cpp (attribute): Added Image attribute method 1173 which accepts a 'char *' argument, and will remove the attribute 1174 if the value argument is NULL. From patch provided by "Gints" as 1175 SourceForge patch #46 "C++ api - method to clear/remove 1176 attribute".</li> 1177 <li>VisualMagick/configure/configure.cpp (InitInstance): Applied 1178 patch by Paul McConkey to allow the quantum command line argument 1179 to set the default value in the wizard drop list. This allows 1180 setting the quantum depth when the /nowizard argument was 1181 supplied. Resolves SourceForge patch #48 "When running from the 1182 command line configure.exe does not use the quantum argument". 1183 The provided configure.exe still needs to be rebuilt to 1184 incorporate this change.</li> 1185 <li>magick/command.c (MogrifyImage): The -orient command now also 1186 updates the orientation in the EXIF profile, if it exists.</li> 1187 <li>Magick++/lib/Image.cpp (orientation): Update orientation in EXIF 1188 profile, if it exists.</li> 1189 </ul> 1190 </blockquote> 1191 <p>2017-03-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1192 <blockquote> 1193 <ul class="simple"> 1194 <li>coders/jp2.c: Support PGX JPEG 2000 format for reading and 1195 writing (within the bounds of what JasPer supports).</li> 1196 </ul> 1197 </blockquote> 1198 <p>2017-02-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1199 <blockquote> 1200 <ul class="simple"> 1201 <li>coders/tiff.c (QuantumTransferMode): Fix out of bounds read when 1202 reading CMYKA TIFF which claims to have only 2 samples per pixel. 1203 Problem was reported via email on February 15, 2017 by Valon 1204 Chu. This issue was assigned CVE-2017-6335.</li> 1205 </ul> 1206 </blockquote> 1207 <p>2017-01-29 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1208 <blockquote> 1209 <ul class="simple"> 1210 <li>doc/options.imdoc (-geometry): Geometry documentation changes 1211 suggested by Jon Wong.</li> 1212 </ul> 1213 </blockquote> 1214 <p>2017-01-26 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1215 <blockquote> 1216 <ul class="simple"> 1217 <li>coders/png.c: Added support for a proposed new PNG chunk 1218 (zxIf, read-only) that is currently being discussed on the 1219 png-mng-misc at lists.sourceforge.net mailing list. Enable 1220 exIf and zxIf with CPPFLAGS="-DexIf_SUPPORTED -DxzIf_SUPPORTED". 1221 If exIf is enabled, only the uncompressed exIF chunk will be 1222 written and the hex-encoded zTXt chunk containing the raw Exif 1223 profile won't be written.</li> 1224 </ul> 1225 </blockquote> 1226 <p>2017-01-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1227 <blockquote> 1228 <ul class="simple"> 1229 <li>coders/msl.c (MSLStartElement): Change test for NULL image 1230 pointer to before it is used rather than after it is used. 1231 Problem reported by Petr Gajdos on 2017-01-25.</li> 1232 </ul> 1233 </blockquote> 1234 <p>2017-01-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1235 <blockquote> 1236 <ul class="simple"> 1237 <li>TclMagick/unix/m4/tcl.m4: Update tcl.m4 to TEA 3.10. File 1238 supplied by Massimo Manghi.</li> 1239 </ul> 1240 </blockquote> 1241 <p>2017-01-21 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1242 <blockquote> 1243 <ul class="simple"> 1244 <li>coders/png.c: Added support for a proposed new PNG 1245 chunk (exIf read-write, eXIf read-only) that is currently 1246 being discussed on the png-mng-misc at lists.sourceforge.net 1247 mailing list.</li> 1248 </ul> 1249 </blockquote> 1250 <p>2017-01-21 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1251 <blockquote> 1252 <ul class="simple"> 1253 <li>coders/png.c: Added read_user_chunk_callback() function 1254 and used it to implement a private PNG caNv (canvas) chunk 1255 for remembering the original dimensions and offsets when an 1256 image is cropped. Previously we used the oFFs chunk for this 1257 purpose, but this had potential conflicts with other applications 1258 that also use the oFFs chunk.</li> 1259 </ul> 1260 </blockquote> 1261 <p>2017-01-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1262 <blockquote> 1263 <ul class="simple"> 1264 <li>TclMagick/Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Applied 1265 patch by Massimo Manghi to set AM_DISTCHECK_CONFIGURE_FLAGS so 1266 that 'make distcheck' remembers configuration options, and also to 1267 uninstall pkgIndex.tcl.</li> 1268 <li>magick/image.c (SetImageEx): Use PixelIterateMonoSet() for 1269 possibly improved efficiency.</li> 1270 <li>magick/pixel_iterator.c (PixelIterateMonoSet): New pixel 1271 iterator intended for use when initializing image pixels, without 1272 regard to existing values.</li> 1273 </ul> 1274 </blockquote> 1275 <p>2017-01-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> 1276 <blockquote> 1277 <ul class="simple"> 1278 <li>Copyright.txt: Bump copyright years and rotate ChangeLog.</li> 1279 </ul> 1280 </blockquote> 1281 </div> 1282 </body> 1283 </html>