diff options
Diffstat (limited to 'www/ChangeLog-2017.html')
-rw-r--r-- | www/ChangeLog-2017.html | 864 |
1 files changed, 435 insertions, 429 deletions
diff --git a/www/ChangeLog-2017.html b/www/ChangeLog-2017.html index 557db66..af2d914 100644 --- a/www/ChangeLog-2017.html +++ b/www/ChangeLog-2017.html @@ -1,12 +1,14 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<!DOCTYPE html> +<html lang="en"> <head> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> -<meta name="generator" content="Docutils 0.16: http://docutils.sourceforge.net/" /> -<title>ChangeLog-2017.rst</title> -<link rel="stylesheet" href="docutils-articles.css" type="text/css" /> + <meta charset="utf-8"> + <meta content="en" name="language"> + <title></title> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <link media="screen" href="docutils-articles.css" type="text/css" rel="stylesheet"> + </head> + <body> <div class="banner"> @@ -19,6 +21,7 @@ </form> </div> + <div class="navmenu"> <ul> <li><a href="index.html">Home</a></li> @@ -32,34 +35,33 @@ <li><a href="reference.html">Reference</a></li> </ul> </div> -<div class="document"> - +<div class="document"> <p>2017-12-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>tests/rwfile.tap: Add tests for MIFF compressed sub-formats.</li> +<li><p>tests/rwfile.tap: Add tests for MIFF compressed sub-formats.</p></li> </ul> </blockquote> <p>2017-12-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/blob.c (OpenBlob): Zlib 1.2.8 does not accept an open +<li><p>magick/blob.c (OpenBlob): Zlib 1.2.8 does not accept an open mode of "w+b" or "wb+". It seems to be allergic to '+'. As a result, writing to ".gz" files was not working with Zlib 1.2.8. Note that "w+b" must be used in the normal case since the test -suite fails otherwise!</li> +suite fails otherwise!</p></li> </ul> </blockquote> <p>2017-12-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadMNGImage): Fix SourceForge issue #535 +<li><p>coders/png.c (ReadMNGImage): Fix SourceForge issue #535 "heap-buffer-overflow in ReadMNGImage". Problem was caused by accessing byte before testing that limit has been reached, rather than testing for limit before accessing the byte. This means that -it could only ever read one past the buffer allocation size.</li> -<li>coders/webp.c (WriteWEBPImage): Fix SourceForge issue #536 +it could only ever read one past the buffer allocation size.</p></li> +<li><p>coders/webp.c (WriteWEBPImage): Fix SourceForge issue #536 "stack-buffer-overflow in WriteWEBPImage". Due to a change to use WebPMemoryWriter as part of the EXIF and ICC profile support addition (enabled with libwebp 0.5.0), the progress indicator @@ -68,278 +70,278 @@ quite unfortunate since the progress indication is useful. The progress indication is temporarily disabled when the WebPMemoryWriter is in use until a solution is implemented. (ProgressCallback): Re-implement progress callback so that image -pointer is stored/retrieved as thread-specific data.</li> -<li>coders/png.c (ReadMNGImage): Fix SourceForge issue #537 "null +pointer is stored/retrieved as thread-specific data.</p></li> +<li><p>coders/png.c (ReadMNGImage): Fix SourceForge issue #537 "null pointer dereference in ReadMNGImage". DEFI chunk must be at least -2 bytes long.</li> -<li>coders/tiff.c (ReadNewsProfile): Fix SourceForge issue #533 +2 bytes long.</p></li> +<li><p>coders/tiff.c (ReadNewsProfile): Fix SourceForge issue #533 "heap-buffer-overflow on LocaleNCompare". LocaleNCompare() was -being allowed to read heap data beyond the allocated region.</li> +being allowed to read heap data beyond the allocated region.</p></li> </ul> </blockquote> <p>2017-12-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/shear.c (IntegralRotateImage): Assure that reported error +<li><p>magick/shear.c (IntegralRotateImage): Assure that reported error in rotate by 270 case does immediately terminate processing. Return a NULL Image pointer if there is a problem rather than a corrupted image. Fix is related to SourceForge issue #532 -"heap-buffer-overflow bug in ReadWPGImage".</li> -<li>magick/pixel_cache.c (AcquireCacheNexus): Add a check that the +"heap-buffer-overflow bug in ReadWPGImage".</p></li> +<li><p>magick/pixel_cache.c (AcquireCacheNexus): Add a check that the pixel cache is compatible with the image dimensions. Fix is related to SourceForge issue #532 "heap-buffer-overflow bug in -ReadWPGImage".</li> +ReadWPGImage".</p></li> </ul> </blockquote> <p>2017-12-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Fix SourceForge issue #530 +<li><p>coders/png.c (ReadOneJNGImage): Fix SourceForge issue #530 "heap-buffer-overflow in ReadOneJNGImage". In this case there is a read one byte beyond the oFFs chunk allocation size due to an -error in specifying an offset into the chunk.</li> -<li>coders/palm.c (ReadPALMImage): Fix SourceForge issue #529 +error in specifying an offset into the chunk.</p></li> +<li><p>coders/palm.c (ReadPALMImage): Fix SourceForge issue #529 "global-buffer-overflow in ReadPALMImage". This issue only occured in builds with QuantumDepth=8 due to the small range of -IndexPacket.</li> +IndexPacket.</p></li> </ul> </blockquote> <p>2017-12-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>PerlMagick/{Magick.pm, Magick.pm.in, Makefile.PL.in}: Only base -PerlMagick version on numeric portion of PACKAGE_VERSION.</li> +<li><p>PerlMagick/{Magick.pm, Magick.pm.in, Makefile.PL.in}: Only base +PerlMagick version on numeric portion of PACKAGE_VERSION.</p></li> </ul> </blockquote> <p>2017-12-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>www/index.rst: Update to 1.3.27.</li> -<li>www/Changes.rst: Add 1.3.27</li> -<li>version.sh: Update library versioning.</li> -<li>NEWS.txt: Update NEWS in preparation for releasing 1.3.27.</li> +<li><p>www/index.rst: Update to 1.3.27.</p></li> +<li><p>www/Changes.rst: Add 1.3.27</p></li> +<li><p>version.sh: Update library versioning.</p></li> +<li><p>NEWS.txt: Update NEWS in preparation for releasing 1.3.27.</p></li> </ul> </blockquote> <p>2017-12-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/dcm.c (DCM_ReadElement): Change size checks addressing +<li><p>coders/dcm.c (DCM_ReadElement): Change size checks addressing CVE-2017-12140 to be based on size_t rather than magick_off_t due -to apparent instability of the previous check across compilers.</li> +to apparent instability of the previous check across compilers.</p></li> </ul> </blockquote> <p>2017-12-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (WriteOnePNGImage): Fix heap read access outside of +<li><p>coders/png.c (WriteOnePNGImage): Fix heap read access outside of allocated PixelPacket array while testing pixels for opacity. Resolves SourceForge issue #526 "heap-buffer-overflow in -WriteOnePNGImage".</li> +WriteOnePNGImage".</p></li> </ul> </blockquote> <p>2017-12-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/pnm.c (WritePNMImage): Fix SourceForge bug #525 -"heap-buffer-overflow in MagickBitStreamMSBWrite".</li> +<li><p>coders/pnm.c (WritePNMImage): Fix SourceForge bug #525 +"heap-buffer-overflow in MagickBitStreamMSBWrite".</p></li> </ul> </blockquote> <p>2017-12-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/dcm.c (DCM_ReadElement): Eliminate huge memory allocation +<li><p>coders/dcm.c (DCM_ReadElement): Eliminate huge memory allocation based on bogus length value. Addresses CVE-2017-12140. Problem was -reported via email from Petr Gajdos on Tue, 5 Dec 2017.</li> +reported via email from Petr Gajdos on Tue, 5 Dec 2017.</p></li> </ul> </blockquote> <p>2017-12-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>Magick++/lib/Image.cpp (colorMap): Try to eliminate Coverity CID -172796 "Dereference after null check" which seems to be bogus.</li> -<li>coders/png.c (WriteOnePNGImage): Fix Coverity CID 168053 +<li><p>Magick++/lib/Image.cpp (colorMap): Try to eliminate Coverity CID +172796 "Dereference after null check" which seems to be bogus.</p></li> +<li><p>coders/png.c (WriteOnePNGImage): Fix Coverity CID 168053 "Dereference after null check". The check for null and the error report which attempted to use the null value was not needed at -all.</li> -<li>coders/cut.c (GetCutColors): Fix Coverity CID 10181: "Null -pointer dereferences". SetImagePixels() may return NULL.</li> -<li>coders/rgb.c (ReadRGBImage): Fix SourceForge issue #523 -"heap-buffer-overflow". Similar issue to cmyk.c.</li> -<li>coders/gray.c (ReadGRAYImage): Fix SourceForge issue #522 -"heap-buffer-overflow". Similar issue to cmyk.c.</li> -<li>coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #521 +all.</p></li> +<li><p>coders/cut.c (GetCutColors): Fix Coverity CID 10181: "Null +pointer dereferences". SetImagePixels() may return NULL.</p></li> +<li><p>coders/rgb.c (ReadRGBImage): Fix SourceForge issue #523 +"heap-buffer-overflow". Similar issue to cmyk.c.</p></li> +<li><p>coders/gray.c (ReadGRAYImage): Fix SourceForge issue #522 +"heap-buffer-overflow". Similar issue to cmyk.c.</p></li> +<li><p>coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #521 "heap-buffer-overflow". The requested tile must be within the bounds of the image. As it happens, 'montage' passes size and tile information which is useless for reading a raw image so it is -not possible to read raw CMYK using 'montage'.</li> +not possible to read raw CMYK using 'montage'.</p></li> </ul> </blockquote> <p>2017-12-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/pwp.c (ReadPWPImage): Eliminate dereference of null image +<li><p>coders/pwp.c (ReadPWPImage): Eliminate dereference of null image pointer. Addresses CVE-2017-11640. Also address access to uninitialized memory. Problem was reported via email from Petr -Gajdos on Wed, 29 Nov 2017.</li> +Gajdos on Wed, 29 Nov 2017.</p></li> </ul> </blockquote> <p>2017-11-22 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>coders/wpg.c Additional check for wrong bpp CVE-2017-14342.</li> +<li><p>coders/wpg.c Additional check for wrong bpp CVE-2017-14342.</p></li> </ul> </blockquote> <p>2017-11-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>Magick++/lib/Image.cpp (autoOrient): Add method to auto-orient +<li><p>Magick++/lib/Image.cpp (autoOrient): Add method to auto-orient an image so it looks right-side up by default. Based on patch by Przemysław Sobala submitted as SourceForge patch #53 "Add -Magick::Image::autoOrient() method to Magick++ library".</li> -<li>www/download.rst: Change "Czechoslovakian ftp mirror" to "Czech +Magick::Image::autoOrient() method to Magick++ library".</p></li> +<li><p>www/download.rst: Change "Czechoslovakian ftp mirror" to "Czech ftp mirror". Resolves SourceForge bug #520 "[web] Download sites: -non-existent country".</li> +non-existent country".</p></li> </ul> </blockquote> <p>2017-11-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/wpg.c (ReadWPGImage): Fix excessive use of disk resources +<li><p>coders/wpg.c (ReadWPGImage): Fix excessive use of disk resources due to unreasonable record length. Addresses CVE-2017-14341. Notified of this issue (with suggested patch) via email by Petr -Gajdos on Tue, 21 Nov 2017.</li> +Gajdos on Tue, 21 Nov 2017.</p></li> </ul> </blockquote> <p>2017-11-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>README.txt: Comprehensive white-space clean-up across +<li><p>README.txt: Comprehensive white-space clean-up across GraphicsMagick core source files. Hard TAB character is converted -to spaces. Trailing white-space garbage is stripped.</li> -<li>magick/colormap.c (MagickConstrainColormapIndex): Deprecate use +to spaces. Trailing white-space garbage is stripped.</p></li> +<li><p>magick/colormap.c (MagickConstrainColormapIndex): Deprecate use of MagickConstrainColormapIndex() and prefer use of VerifyColormapIndex() and VerifyColormapIndexWithColors() due to avoiding dependence on index type, allowing provision of colors other than image->colors, and capturing more useful source file -and line information.</li> -<li>coders/{rle.c, mat.c, xbm.c, sgi.c, png.c}: Eliminate size_t vs -unsigned 32 conversion warnings in WIN64 build.</li> +and line information.</p></li> +<li><p>coders/{rle.c, mat.c, xbm.c, sgi.c, png.c}: Eliminate size_t vs +unsigned 32 conversion warnings in WIN64 build.</p></li> </ul> </blockquote> <p>2017-11-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>tiff: Import libtiff 4.0.9.</li> +<li><p>tiff: Import libtiff 4.0.9.</p></li> </ul> </blockquote> <p>2017-11-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/bmp.c (DecodeImage): "Right-size" and "Right-type" +<li><p>coders/bmp.c (DecodeImage): "Right-size" and "Right-type" DecodeImage() variables and check for EOF at every point of the -way. Pass buffer size as an argument.</li> -<li>coders/dib.c (DecodeImage): "Right-size" and "Right-type" +way. Pass buffer size as an argument.</p></li> +<li><p>coders/dib.c (DecodeImage): "Right-size" and "Right-type" DecodeImage() variables and check for EOF at every point of the -way. Pass buffer size as an argument.</li> -<li>coders/bmp.c (_BMPInfo): "Right-size" BMPInfo members. The +way. Pass buffer size as an argument.</p></li> +<li><p>coders/bmp.c (_BMPInfo): "Right-size" BMPInfo members. The 'long' type is promoted to 64-bit on LP64 systems and the large -size is not needed.</li> +size is not needed.</p></li> </ul> </blockquote> <p>2017-11-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/webp.c: Incorporate patch by Jan Spitalnik to add EXIF +<li><p>coders/webp.c: Incorporate patch by Jan Spitalnik to add EXIF and ICC metadata support to the WebP coder. While WebP is still supported back to libwebp 0.1.99, the metadata support requires at least libwebp 0.5.0. Resolves SourceForge patch #52 "Add EXIF/ICC -metadata support to WebP coder".</li> -<li>coders/png.c (ReadOneJNGImage): Fix JNG memory leaks when JPEG +metadata support to WebP coder".</p></li> +<li><p>coders/png.c (ReadOneJNGImage): Fix JNG memory leaks when JPEG image fails to be read. (WriteOnePNGImage): Promotion of indexed PNG to RGBA lacked setting of image matte, resulting in undersized buffer allocation and heap overflow. Fixes SourceForge bug #453 "Heap overflow in -source-gra/coders/png.c".</li> +source-gra/coders/png.c".</p></li> </ul> </blockquote> <p>2017-11-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/sfw.c (SFWScan): Fix heap buffer overflow +<li><p>coders/sfw.c (SFWScan): Fix heap buffer overflow (CVE-2017-13134). Notified of problem via email (including a -patch) from Petr Gajdos on Mon, 6 Nov 2017.</li> +patch) from Petr Gajdos on Mon, 6 Nov 2017.</p></li> </ul> </blockquote> <p>2017-11-05 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>coders/wpg.c Wrong MaxMap check condition - fixed.</li> +<li><p>coders/wpg.c Wrong MaxMap check condition - fixed.</p></li> </ul> </blockquote> <p>2017-11-04 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>coders/wpg.c Check for InsertRow() return value.</li> +<li><p>coders/wpg.c Check for InsertRow() return value.</p></li> </ul> </blockquote> <p>2017-11-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/export.c: Add not-null check for indexes pointer where -needed.</li> -<li>magick/import.c: Add not-null check for indexes pointer with +<li><p>magick/export.c: Add not-null check for indexes pointer where +needed.</p></li> +<li><p>magick/import.c: Add not-null check for indexes pointer with associated exception report where the indexes pointer is needed. (ImportCMYKQuantumType): Was wrongly importing an opacity channel -in some cases. Would have crashed if these cases were ever used.</li> -<li>coders/wpg.c (ReadWPGImage): Assure that colormapped image is a +in some cases. Would have crashed if these cases were ever used.</p></li> +<li><p>coders/wpg.c (ReadWPGImage): Assure that colormapped image is a PseudoClass type with valid colormapped indexes. Fixes SourceForge bug 519 "Null Pointer Dereference (Write) with -malformed WPG Image".</li> -<li>coders/sfw.c (ReadSFWImage): Avoid possible heap overflow while +malformed WPG Image".</p></li> +<li><p>coders/sfw.c (ReadSFWImage): Avoid possible heap overflow while copying JFIF magic into buffer. Reject runt files. Fixes CVE-2017-12983. Notified of problem via email from Petr Gajdos on -Thu, 2 Nov 2017.</li> +Thu, 2 Nov 2017.</p></li> </ul> </blockquote> <p>2017-10-28 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/render.c (DrawImage): Fix SourceForge bug #517 "Push +<li><p>magick/render.c (DrawImage): Fix SourceForge bug #517 "Push operations in DrawImage can lead to negative strncpy when looking for pop". Interestingly, valgrind and ASAN only detected a problem with one of the test cases since exercised code which updated an array using the index. It appears that Linux strncpy() -simply ignores the bad request.</li> +simply ignores the bad request.</p></li> </ul> </blockquote> <p>2017-10-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Make sure that a reasonable -exception is reported to the user when there is a read failure.</li> +<li><p>coders/png.c (ReadOneJNGImage): Make sure that a reasonable +exception is reported to the user when there is a read failure.</p></li> </ul> </blockquote> <p>2017-10-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Reject JNG files with -unreasonable dimensions given the file size.</li> +<li><p>coders/png.c (ReadOneJNGImage): Reject JNG files with +unreasonable dimensions given the file size.</p></li> </ul> </blockquote> <p>2017-10-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Fix SourceForge bug #518 "Null +<li><p>coders/png.c (ReadOneJNGImage): Fix SourceForge bug #518 "Null pointer in". Also make sure that errors are reported properly due to problems with transferring JPEG scanlines. (ReadOneJNGImage): Add more checks for null value returned from -SetImagePixels().</li> +SetImagePixels().</p></li> </ul> </blockquote> <p>2017-10-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/describe.c (DescribeImage): Fix possible heap read +<li><p>magick/describe.c (DescribeImage): Fix possible heap read overflow while accessing heap data, and possible information disclosure while describing the IPTC profile. Report was provided via email from Maor Shwartz to the graphicsmagick-security mail @@ -358,256 +360,257 @@ and Terry Chia (Ayrx), reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Please note that this interface is usually (but not exclusively) used from within the command-line utility program, in which case the only harm -would be a program crash.</li> -<li>magick/constitute.c (WriteImage): Assure that the errno present -when the blob error status first occured is reported to the user.</li> -<li>magick/blob.c (GetBlobStatus): Blob error status is now updated +would be a program crash.</p></li> +<li><p>magick/constitute.c (WriteImage): Assure that the errno present +when the blob error status first occured is reported to the user.</p></li> +<li><p>magick/blob.c (GetBlobStatus): Blob error status is now updated immediately upon the first error reported. (GetBlobFirstErrno): Returns errno value when the first blob error -was reported. This is useful for error reporting.</li> +was reported. This is useful for error reporting.</p></li> </ul> </blockquote> <p>2017-10-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/constitute.c (WriteImage): Restore use of GetBlobStatus() +<li><p>magick/constitute.c (WriteImage): Restore use of GetBlobStatus() to test if an I/O error was encountered while writing output file. This assures that I/O failure in writers which do not themselves -verify writes is assured to be reported.</li> +verify writes is assured to be reported.</p></li> </ul> </blockquote> <p>2017-10-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/webp.c (WriterCallback): WebP writer now detects partial +<li><p>coders/webp.c (WriterCallback): WebP writer now detects partial write to output file. Patch by Przemysław Sobala from a posting -on Mon, 16 Oct 2017 via the graphicsmagick-help mailing list.</li> +on Mon, 16 Oct 2017 via the graphicsmagick-help mailing list.</p></li> </ul> </blockquote> <p>2017-10-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/command.c (MontageImageCommand): Fix memory leaks in +<li><p>magick/command.c (MontageImageCommand): Fix memory leaks in error return path. Only people doing leak testing or the few who -execute MontageImageCommand() as a function will care about this.</li> -<li>magick/studio.h (NumberOfObjectsInArray): The +execute MontageImageCommand() as a function will care about this.</p></li> +<li><p>magick/studio.h (NumberOfObjectsInArray): The NumberOfObjectsInArray() macro is used to compute the number of whole objects in an array. Instead it was rounding up, resulting in scrambling the heap beyond the allocation. Fixes CVE-2017-13737 "There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will -lead to a remote denial of service attack."</li> +lead to a remote denial of service attack."</p></li> </ul> </blockquote> <p>2017-10-09 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOnePNGImage): Suppress "comparison between -signed and unsigned integer expressions" warning.</li> -<li>coders/png.c (ReadJNGImage): Fix memory leak in SourceForge -Issue #469 "use after free in ReadJNGImage".</li> -<li>coders/png.c (ReadJNGImage): Fix memory leak in SourceForge -Issue #470 "Assert failure in writeblob".</li> +<li><p>coders/png.c (ReadOnePNGImage): Suppress "comparison between +signed and unsigned integer expressions" warning.</p></li> +<li><p>coders/png.c (ReadJNGImage): Fix memory leak in SourceForge +Issue #469 "use after free in ReadJNGImage".</p></li> +<li><p>coders/png.c (ReadJNGImage): Fix memory leak in SourceForge +Issue #470 "Assert failure in writeblob".</p></li> </ul> </blockquote> <p>2017-10-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>doc/options.imdoc: Fix SourceForge issue #444 "gm mogrify: Wrong -documentation for option -output-directory".</li> +<li><p>doc/options.imdoc: Fix SourceForge issue #444 "gm mogrify: Wrong +documentation for option -output-directory".</p></li> </ul> </blockquote> <p>2017-10-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/module.c (InitializeModuleSearchPath): Verify that any +<li><p>magick/module.c (InitializeModuleSearchPath): Verify that any component paths specified in MAGICK_CODER_MODULE_PATH and MAGICK_FILTER_MODULE_PATH exist before adding them to search paths actually used, and convert to real paths if possible. This avoids possible use of relative paths to load modules (a possible security issue) and may improve efficiency by removing -non-existent paths.</li> -<li>coders/yuv.c (ReadYUVImage): Fix leak of scanline upon Image +non-existent paths.</p></li> +<li><p>coders/yuv.c (ReadYUVImage): Fix leak of scanline upon Image allocation failure. Patch submitted by Petr Gajdos via email on -Fri, 6 Oct 2017.</li> +Fri, 6 Oct 2017.</p></li> </ul> </blockquote> <p>2017-09-13 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Attempt to fix SourceForge Issue #469 "use after +<li><p>coders/png.c: Attempt to fix SourceForge Issue #469 "use after free in ReadJNGImage". Note that this change was found to replace a use after free with a memory leak so the problem is not solved -yet.</li> +yet.</p></li> </ul> </blockquote> <p>2017-10-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/dcm.c (DCM_ReadNonNativeImages): Additional fix +<li><p>coders/dcm.c (DCM_ReadNonNativeImages): Additional fix (improvement) for SourceForge issue #512 "NULL Pointer Dereference -in DICOM Decoder".</li> +in DICOM Decoder".</p></li> </ul> </blockquote> <p>2017-10-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/dcm.c (ReadDCMImage): Fix SourceForge issue #512 "NULL -Pointer Dereference in DICOM Decoder".</li> -<li>coders/pict.c (ReadPICTImage): Fix SourceForge issue #511 -"Memory Allocation error due to malformed image file".</li> -<li>coders/pnm.c (WritePNMImage): Fix SourceForge issue #503 "memory -leak in WritePNMImage".</li> -<li>coders/png.c (ReadMNGImage): Fix SourceForge issue #501 "memory -leak in ReadMNGImage".</li> -<li>magick/segment.c (InitializeIntervalTree): Fix SourceForge issue +<li><p>coders/dcm.c (ReadDCMImage): Fix SourceForge issue #512 "NULL +Pointer Dereference in DICOM Decoder".</p></li> +<li><p>coders/pict.c (ReadPICTImage): Fix SourceForge issue #511 +"Memory Allocation error due to malformed image file".</p></li> +<li><p>coders/pnm.c (WritePNMImage): Fix SourceForge issue #503 "memory +leak in WritePNMImage".</p></li> +<li><p>coders/png.c (ReadMNGImage): Fix SourceForge issue #501 "memory +leak in ReadMNGImage".</p></li> +<li><p>magick/segment.c (InitializeIntervalTree): Fix SourceForge issue #507 "null pointer in segment.c" and issue #508 "null pointer in -segment.c".</li> -<li>coders/topol.c (ReadTOPOLImage): Fix SourceForge issue #510 -"null pointer and meory leak in topol.c".</li> -<li>magick/widget.c (MagickXFileBrowserWidget): Fix SourceForge -issue #506 "null pointer in widget.c".</li> -<li>coders/tiff.c (WriteTIFFImage): Fix SourceForge issue #509 -"Memory leak in tiff.c".</li> -<li>magick/module.c (FindMagickModule): Fix SourceForge issue #502 -"null pointer in module.c".</li> -<li>coders/avs.c (ReadAVSImage): Fix Coverity CID 184115 "Control -flow issues (DEADCODE)".</li> +segment.c".</p></li> +<li><p>coders/topol.c (ReadTOPOLImage): Fix SourceForge issue #510 +"null pointer and meory leak in topol.c".</p></li> +<li><p>magick/widget.c (MagickXFileBrowserWidget): Fix SourceForge +issue #506 "null pointer in widget.c".</p></li> +<li><p>coders/tiff.c (WriteTIFFImage): Fix SourceForge issue #509 +"Memory leak in tiff.c".</p></li> +<li><p>magick/module.c (FindMagickModule): Fix SourceForge issue #502 +"null pointer in module.c".</p></li> +<li><p>coders/avs.c (ReadAVSImage): Fix Coverity CID 184115 "Control +flow issues (DEADCODE)".</p></li> </ul> </blockquote> <p>2017-09-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/avs.c (ReadAVSImage): Fix SourceForge issue #499 "memory -leak in avs.c".</li> -<li>coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #498 -"memory leak in cmyk.c".</li> -<li>coders/cut.c (ReadCUTImage): Fix SourceForge issue #497 "memory -leak in cut.c".</li> -<li>coders/dpx.c (ReadDPXImage): Fix SourceForge issue #496 "memory -leak in dpx.c".</li> -<li>coders/hdf.c (ReadHDFImage): Fix SourceForge issue #495 "memory -leak in hdf.c".</li> -<li>coders/pcx.c (ReadPCXImage): Fix SourceForge issue #494 "memory -leak in pcx.c".</li> -<li>coders/pcd.c (ReadPCDImage): Fix SourceForge issue #493 "memory -leak in ReadPCDImage".</li> -<li>coders/histogram.c (WriteHISTOGRAMImage): Fix SourceForge issue -#492 "memory leak in WriteHISTOGRAMImage".</li> -<li>coders/gif.c (WriteGIFImage): Fix SourceForge issue #491 "memory -leak in WriteGIFImage".</li> -<li>coders/fits.c (WriteFITSImage): Fix SourceForge issue #490 -"memory leak in WriteFITSImage".</li> -<li>coders/palm.c (WritePALMImage): Fix SourceForge issue #489 -"memory leak in WritePALMImage".</li> -<li>coders/rgb.c (ReadRGBImage): Fix SourceForge issue #488 "Memory -leak in rgb.c".</li> -<li>coders/palm.c (ReadPALMImage): Fix SourceForge issue #487 "NULL -pointer dereference in ReadPALMImage".</li> -<li>Magick++/lib/Options.cpp (strokeDashArray): Fix SourceForge +<li><p>coders/avs.c (ReadAVSImage): Fix SourceForge issue #499 "memory +leak in avs.c".</p></li> +<li><p>coders/cmyk.c (ReadCMYKImage): Fix SourceForge issue #498 +"memory leak in cmyk.c".</p></li> +<li><p>coders/cut.c (ReadCUTImage): Fix SourceForge issue #497 "memory +leak in cut.c".</p></li> +<li><p>coders/dpx.c (ReadDPXImage): Fix SourceForge issue #496 "memory +leak in dpx.c".</p></li> +<li><p>coders/hdf.c (ReadHDFImage): Fix SourceForge issue #495 "memory +leak in hdf.c".</p></li> +<li><p>coders/pcx.c (ReadPCXImage): Fix SourceForge issue #494 "memory +leak in pcx.c".</p></li> +<li><p>coders/pcd.c (ReadPCDImage): Fix SourceForge issue #493 "memory +leak in ReadPCDImage".</p></li> +<li><p>coders/histogram.c (WriteHISTOGRAMImage): Fix SourceForge issue +#492 "memory leak in WriteHISTOGRAMImage".</p></li> +<li><p>coders/gif.c (WriteGIFImage): Fix SourceForge issue #491 "memory +leak in WriteGIFImage".</p></li> +<li><p>coders/fits.c (WriteFITSImage): Fix SourceForge issue #490 +"memory leak in WriteFITSImage".</p></li> +<li><p>coders/palm.c (WritePALMImage): Fix SourceForge issue #489 +"memory leak in WritePALMImage".</p></li> +<li><p>coders/rgb.c (ReadRGBImage): Fix SourceForge issue #488 "Memory +leak in rgb.c".</p></li> +<li><p>coders/palm.c (ReadPALMImage): Fix SourceForge issue #487 "NULL +pointer dereference in ReadPALMImage".</p></li> +<li><p>Magick++/lib/Options.cpp (strokeDashArray): Fix SourceForge issue #486 "NULL pointer dereference in -Magick::Options::strokeDashArray".</li> -<li>magick/nt_feature.c (NTGetTypeList): Fix SourceForge issue #485 -"NULL pointer dereference in NTGetTypeList".</li> -<li>coders/sun.c (ReadSUNImage): Fix SourceForge issue #484 "Memory -leak in sun.c".</li> -<li>coders/tim.c (ReadTIMImage): Fix SourceForge issue #483 "Memory -leak in tim.c".</li> -<li>magick/nt_base.c (NTRegistryKeyLookup): Fix SourceForge issue -#482 "NULL pointer dereference in NTRegistryKeyLookup".</li> -<li>coders/viff.c (ReadVIFFImage): Fix SourceForge issue #481 -"Memory leak in viff.c".</li> -<li>magick/profile.c (SetImageProfile): Fix SourceForge issue #480 -"assertion failure in MagickMapAllocateMap".</li> -<li>coders/yuv.c (ReadYUVImage): Fix SourceForge issue #478 "Memory -leak in yuv.c".</li> -<li>magick/map.c (MagickMapCloneMap): Fix SourceForge issue #477 -"assertion failure in MagickMapIterateNext".</li> -<li>coders/emf.c (ReadEnhMetaFile): Fix SourceForge issue #475 "NULL -pointer dereference in ReadEnhMetaFile".</li> -<li>coders/cineon.c (ReadCINEONImage): Fix SourceForge issue #473 -"NULL pointer dereference in ReadCINEONImage"</li> -<li>coders/tiff.c (TIFFIgnoreTags): Fix SourceForge issue #476 "NULL -Pointer in tiff.c".</li> +Magick::Options::strokeDashArray".</p></li> +<li><p>magick/nt_feature.c (NTGetTypeList): Fix SourceForge issue #485 +"NULL pointer dereference in NTGetTypeList".</p></li> +<li><p>coders/sun.c (ReadSUNImage): Fix SourceForge issue #484 "Memory +leak in sun.c".</p></li> +<li><p>coders/tim.c (ReadTIMImage): Fix SourceForge issue #483 "Memory +leak in tim.c".</p></li> +<li><p>magick/nt_base.c (NTRegistryKeyLookup): Fix SourceForge issue +#482 "NULL pointer dereference in NTRegistryKeyLookup".</p></li> +<li><p>coders/viff.c (ReadVIFFImage): Fix SourceForge issue #481 +"Memory leak in viff.c".</p></li> +<li><p>magick/profile.c (SetImageProfile): Fix SourceForge issue #480 +"assertion failure in MagickMapAllocateMap".</p></li> +<li><p>coders/yuv.c (ReadYUVImage): Fix SourceForge issue #478 "Memory +leak in yuv.c".</p></li> +<li><p>magick/map.c (MagickMapCloneMap): Fix SourceForge issue #477 +"assertion failure in MagickMapIterateNext".</p></li> +<li><p>coders/emf.c (ReadEnhMetaFile): Fix SourceForge issue #475 "NULL +pointer dereference in ReadEnhMetaFile".</p></li> +<li><p>coders/cineon.c (ReadCINEONImage): Fix SourceForge issue #473 +"NULL pointer dereference in ReadCINEONImage"</p></li> +<li><p>coders/tiff.c (TIFFIgnoreTags): Fix SourceForge issue #476 "NULL +Pointer in tiff.c".</p></li> </ul> </blockquote> <p>2017-09-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/blob.c (GetConfigureBlob): Fix SourceForge issue #472 -"NULL Pointer in GetConfigureBlob".</li> +<li><p>magick/blob.c (GetConfigureBlob): Fix SourceForge issue #472 +"NULL Pointer in GetConfigureBlob".</p></li> </ul> </blockquote> <p>2017-09-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/rle.c (ReadRLEImage): Fix SourceForge issue #458 "Heap -out of bounds read in ReadRLEImage()".</li> +<li><p>coders/rle.c (ReadRLEImage): Fix SourceForge issue #458 "Heap +out of bounds read in ReadRLEImage()".</p></li> </ul> </blockquote> <p>2017-09-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/sgi.c (ReadSGIImage): Check for EOF while reading SGI +<li><p>coders/sgi.c (ReadSGIImage): Check for EOF while reading SGI file header. Issue was brought to our attention by Petr Gajdos -via email on Fri, 1 Sep 2017.</li> +via email on Fri, 1 Sep 2017.</p></li> </ul> </blockquote> <p>2017-09-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/tiff.c (ReadTIFFImage): Allow a single scanline, strip, +<li><p>coders/tiff.c (ReadTIFFImage): Allow a single scanline, strip, tile, to be 1000X larger than the input file in order to not cause problems for extremely compressible images or tile sizes much -larger than the pixel dimensions.</li> +larger than the pixel dimensions.</p></li> </ul> </blockquote> <p>2017-09-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/symbols.h, wand/wand_symbols.h: Update C library symbols +<li><p>magick/symbols.h, wand/wand_symbols.h: Update C library symbols which should be prefixed with 'Gm'. However, GM will not move Magick++ namespace because of the ImageMagick version. Resolves SourceForge issue #468 "--enable-symbol-prefix does not prevent -clashes with libMagick++ or libMagickWand?"</li> -<li>coders/png.c (DestroyJNG): DestroyJNG should be a static +clashes with libMagick++ or libMagickWand?"</p></li> +<li><p>coders/png.c (DestroyJNG): DestroyJNG should be a static function. Was wrongly exposed as DestroyJNGInfo in 1.3.26. This is not a public function and was not intended to be part of the -ABI.</li> -<li>coders/tiff.c (ReadTIFFImage): Limit scanline, strip, and tile +ABI.</p></li> +<li><p>coders/tiff.c (ReadTIFFImage): Limit scanline, strip, and tile memory allocations based on file size multiplied by a maximum compression ratio. Fixes SourceForge issues #460, #461, #462, -#463, #464 "allocation failure in ReadTIFFImage".</li> -<li>coders/pnm.c (ReadPNMImage): Require that XV 332 format have 256 +#463, #464 "allocation failure in ReadTIFFImage".</p></li> +<li><p>coders/pnm.c (ReadPNMImage): Require that XV 332 format have 256 colors. Fixes SourceForge issue #465 "NULL Pointer Dereference triggered by malformed file". In our own testing the test case -produced an assertion failure because assertions were enabled.</li> -<li>magick/colormap.c (AllocateImageColormap): Use unsigned array -index.</li> +produced an assertion failure because assertions were enabled.</p></li> +<li><p>magick/colormap.c (AllocateImageColormap): Use unsigned array +index.</p></li> </ul> </blockquote> <p>2017-09-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/mat.c (ReadMATImage): Fix CVE-2016-10070, which is a heap +<li><p>coders/mat.c (ReadMATImage): Fix CVE-2016-10070, which is a heap overflow in the MAT reader due to an under-sized memory allocation. Based on private email from Petr Gajdos on Mon, 11 -Sep 2017.</li> +Sep 2017.</p></li> </ul> </blockquote> <p>2017-09-13 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Check MemoryResource before allocating -ping_pixel array.</li> +<li><p>coders/png.c: Check MemoryResource before allocating +ping_pixel array.</p></li> </ul> </blockquote> <p>2017-09-11 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li><dl class="first docutils"> +<li><dl class="simple"> <dt>magick/shear.c: Possible evil loop might waste CPU for long time</dt> -<dd>without any reason.</dd> +<dd><p>without any reason.</p> +</dd> </dl> </li> </ul> @@ -615,138 +618,138 @@ ping_pixel array.</li> <p>2017-09-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/render.c (DrawImage): Fix SourceForge issue #448 "Heap +<li><p>magick/render.c (DrawImage): Fix SourceForge issue #448 "Heap out of bounds read in DrawDashPolygon()". Problem was reported by -Kamil Frankowicz on August 28, 2017.</li> -<li>coders/uil.c (WriteUILImage): Fix crash in UIL writer when +Kamil Frankowicz on August 28, 2017.</p></li> +<li><p>coders/uil.c (WriteUILImage): Fix crash in UIL writer when writing image containing transparency. Issue was reported by -LCatro via email on 18 Jul 2017.</li> -<li>coders/wpg.c (InsertRow): Fix crash which occurs if image is not +LCatro via email on 18 Jul 2017.</p></li> +<li><p>coders/wpg.c (InsertRow): Fix crash which occurs if image is not PseudoClass but a PseudoColor scanline is needed. Resolves -SourceForge issue #449 "Null pointer dereference in InsertRow()".</li> -<li>coders/rle.c (ReadRLEImage): Impose image dimension limits +SourceForge issue #449 "Null pointer dereference in InsertRow()".</p></li> +<li><p>coders/rle.c (ReadRLEImage): Impose image dimension limits according to Utah RLE specification. Cap number of planes handled internally at 4. Remove non-standard multi-frame extension, which -did not work anyway.</li> +did not work anyway.</p></li> </ul> </blockquote> <p>2017-09-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadJNGImage): Complete fixing CVE-2017-8350 crash -while reading a malformed JNG file.</li> -<li>coders/{html.c, map.c, plasma.c, png.c, psd.c, rle.c, stegano.c, +<li><p>coders/png.c (ReadJNGImage): Complete fixing CVE-2017-8350 crash +while reading a malformed JNG file.</p></li> +<li><p>coders/{html.c, map.c, plasma.c, png.c, psd.c, rle.c, stegano.c, uil.c}: Downgrade claimed coder stability level for HTML, SHTML, -MAP, FRACTAL, PLASMA, JNG, MNG, RLE, STEGANO, and UIL formats.</li> +MAP, FRACTAL, PLASMA, JNG, MNG, RLE, STEGANO, and UIL formats.</p></li> </ul> </blockquote> <p>2017-09-08 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadJNGImage): More efforts toward fixing -CVE-2017-8350 while reading a malformed JNG file.</li> +<li><p>coders/png.c (ReadJNGImage): More efforts toward fixing +CVE-2017-8350 while reading a malformed JNG file.</p></li> </ul> </blockquote> <p>2017-09-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/error.c (ThrowLoggedException): Capture the first +<li><p>magick/error.c (ThrowLoggedException): Capture the first exception at ErrorException level or greater, or only capture exception if it is more severe than an already reported exception. This should help lead to better error reports since the first -error is usually the most significant.</li> -<li>coders/png.c (ReadJNGImage): Add "improper header" exception -reporting.</li> +error is usually the most significant.</p></li> +<li><p>coders/png.c (ReadJNGImage): Add "improper header" exception +reporting.</p></li> </ul> </blockquote> <p>2017-09-01 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadJNGImage): Efforts toward fixing CVE-2017-8350 -while reading a malformed JNG file.</li> +<li><p>coders/png.c (ReadJNGImage): Efforts toward fixing CVE-2017-8350 +while reading a malformed JNG file.</p></li> </ul> </blockquote> <p>2017-08-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/wpg.c (ReadWPGImage): Patch submitted by Petr Gajdos to +<li><p>coders/wpg.c (ReadWPGImage): Patch submitted by Petr Gajdos to check that .Width and .Height are greater than zero before they are assigned to image->columns and image->rows respectively (CVE-2014-9815). (ReadWPGImage): Do more validations on WPG_Palette.StartIndex and -WPG_Palette.NumOfEntries.</li> +WPG_Palette.NumOfEntries.</p></li> </ul> </blockquote> <p>2017-08-29 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #440 +<li><p>coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #440 "use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403)" and SourceForge issue #438 "heap use after free -in CloseBlob".</li> -<li>coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #439 -"assertion failure in magick/pixel_cache.c"</li> +in CloseBlob".</p></li> +<li><p>coders/png.c (ReadOneJNGImage): Fix for SourceForge issue #439 +"assertion failure in magick/pixel_cache.c"</p></li> </ul> </blockquote> <p>2017-08-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/mpeg.c (WriteMPEGImage): Fix MPEG writer memory leak. +<li><p>coders/mpeg.c (WriteMPEGImage): Fix MPEG writer memory leak. Only the first image in the coalesce image list was being freed. -Problem was reported by LCatro via email on July 15, 2017.</li> -<li>magick/attribute.c (TracePSClippingPath, TraceSVGClippingPath): +Problem was reported by LCatro via email on July 15, 2017.</p></li> +<li><p>magick/attribute.c (TracePSClippingPath, TraceSVGClippingPath): Fix SourceForge bug #447 "Heap out of bounds read in -ReadMSBShort()".</li> +ReadMSBShort()".</p></li> </ul> </blockquote> <p>2017-08-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/xbm.c (ReadXBMImage): Fix two denial of service (DOS) +<li><p>coders/xbm.c (ReadXBMImage): Fix two denial of service (DOS) issues in ReadXBMImage() which result in the reader not returning. Problem was reported via email on Wed Aug 23 2017 by -Xiaohei and Wangchu from Alibaba Security Team.</li> -<li>coders/jnx.c (ReadJNXImage): Fix denial of service (DOS) issue +Xiaohei and Wangchu from Alibaba Security Team.</p></li> +<li><p>coders/jnx.c (ReadJNXImage): Fix denial of service (DOS) issue in ReadJNXImage() whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. Problem was reported via email on Wed Aug -23 2017 by Xiaohei and Wangchu from Alibaba Security Team.</li> +23 2017 by Xiaohei and Wangchu from Alibaba Security Team.</p></li> </ul> </blockquote> <p>2017-08-14 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneMNGImage): Deal with invalid (too large) -length of MNG chunks (bug #446).</li> +<li><p>coders/png.c (ReadOneMNGImage): Deal with invalid (too large) +length of MNG chunks (bug #446).</p></li> </ul> </blockquote> <p>2017-08-20 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/pnm.c (ReadPNMImage): Verify that sufficient file data +<li><p>coders/pnm.c (ReadPNMImage): Verify that sufficient file data exists to support what the file header requires before allocating memory for it. Fixes problem reported by Agostino Sarubbo via email on Wed, 12 Jul 2017 and reported yet again via SourceForge -bug #441 "memory allocation failure in MagickRealloc".</li> +bug #441 "memory allocation failure in MagickRealloc".</p></li> </ul> </blockquote> <p>2017-08-20 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>coders/mat.c: Fix SourceForge bug #433 "memory leak in +<li><p>coders/mat.c: Fix SourceForge bug #433 "memory leak in ReadMATImage". Credit for discovering and reporting the problem -is "ADLab of Venustech".</li> -<li>coders/sun.c (ReadSUNImage): Fix failure to allocate memory due +is "ADLab of Venustech".</p></li> +<li><p>coders/sun.c (ReadSUNImage): Fix failure to allocate memory due to inadequate file data to support claimed image width and height. First notified by email from Agostino Sarubbo on 14 Jul 2017 and then again as SourceForge bug #442 "memory allocation failure in -magickmalloc".</li> +magickmalloc".</p></li> </ul> </blockquote> <p>2017-08-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/svg.c (GetStyleTokens): Fix SourceForge bugs 434 "heap +<li><p>coders/svg.c (GetStyleTokens): Fix SourceForge bugs 434 "heap buffer overflow in GetStyleTokens", 435 "null pointer dereference_in_SVGStartElement", and 436 "heap buffer overflow in GetStyleTokens" which all originated from a heap buffer overflow @@ -754,535 +757,538 @@ in GetStyleStokens(), or inconsistent initialization. Now the implementation truncates parsing for poorly-formed input (to avoid buffer overflow) while still correctly parsing well-formed input. The reproducers and problem reports are attributed to "ADLab of -Venustech".</li> +Venustech".</p></li> </ul> </blockquote> <p>2017-08-14 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Fixed double-free after -reading a malformed JNG (Issue #438).</li> +<li><p>coders/png.c (ReadOneJNGImage): Fixed double-free after +reading a malformed JNG (Issue #438).</p></li> </ul> </blockquote> <p>2017-08-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/pcd.c (ReadPCDImage): Fix memory leak on return path due +<li><p>coders/pcd.c (ReadPCDImage): Fix memory leak on return path due to corrupted header. Patch included in email on 14 Aug 2017 by -Petr Gajdos (ImageMagick CVE CVE-2017-8351).</li> +Petr Gajdos (ImageMagick CVE CVE-2017-8351).</p></li> </ul> </blockquote> <p>2017-08-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/gif.c (ReadGIFImage): Assure that global colormap is -initialized.</li> -<li>coders/pict.c (ReadPICTImage): Fix memory leaks in error return -path. ImageMagick CVE CVE-2017-8353. Patch by Petr Gajdos.</li> +<li><p>coders/gif.c (ReadGIFImage): Assure that global colormap is +initialized.</p></li> +<li><p>coders/pict.c (ReadPICTImage): Fix memory leaks in error return +path. ImageMagick CVE CVE-2017-8353. Patch by Petr Gajdos.</p></li> </ul> </blockquote> <p>2017-08-11 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>tests/rwblob.c and rwfile.c: Write the reason for FAIL in -test-suite.log.</li> -<li>magick/image.h: Revised table of image orientations to show +<li><p>tests/rwblob.c and rwfile.c: Write the reason for FAIL in +test-suite.log.</p></li> +<li><p>magick/image.h: Revised table of image orientations to show Exif ImageOrientation values (which happen to be the same as -the enum values 1 to 8).</li> -<li>coders/png.c: ReadJNGIMage(): fix memory leak (Issue 431).</li> +the enum values 1 to 8).</p></li> +<li><p>coders/png.c: ReadJNGIMage(): fix memory leak (Issue 431).</p></li> </ul> </blockquote> <p>2017-08-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/mtv.c (ReadMTVImage): Fix memory leak in error return +<li><p>coders/mtv.c (ReadMTVImage): Fix memory leak in error return path upon unexpected EOF (ImageMagick CVE-2017-9142). Problem was brought to our attention via email from Petr Gajdos on Wed, 9 Aug 2017. Also changed pixel cache access functions used to assure -delivery of exception to the user.</li> +delivery of exception to the user.</p></li> </ul> </blockquote> <p>2017-08-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>configure.ac (SETJMP_IS_THREAD_SAFE): Decide if setjmp/longjmp +<li><p>configure.ac (SETJMP_IS_THREAD_SAFE): Decide if setjmp/longjmp are thread safe based on host OS. Assume that these interfaces are thread safe by default. Declared not to be thread safe under Solaris. Declaring these interfaces to be thread safe increases available concurrency for coders which use setjmp/longjmp for -error recovery (e.g. PNG and JPEG).</li> +error recovery (e.g. PNG and JPEG).</p></li> </ul> </blockquote> <p>2017-08-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/jpeg.c (RegisterJPEGImage): Add support for the +<li><p>coders/jpeg.c (RegisterJPEGImage): Add support for the SETJMP_IS_THREAD_SAFE preprocessor definition (already used by coders/png.c) to indicate if setjmp/longjmp are thread safe on this platform and that it is safe for multiple encoders/decoders -to be active at one time.</li> +to be active at one time.</p></li> </ul> </blockquote> <p>2017-07-31 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/sun.c: Fix heap read overflow while indexing into +<li><p>coders/sun.c: Fix heap read overflow while indexing into colormap. Problem was reported via email on 17 Jul 2017 by -Agostino Sarubbo.</li> +Agostino Sarubbo.</p></li> </ul> </blockquote> <p>2017-07-31 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadMNGImage): Stop a leak when rejecting a -MNG image with dimensions that are too large.</li> +<li><p>coders/png.c (ReadMNGImage): Stop a leak when rejecting a +MNG image with dimensions that are too large.</p></li> </ul> </blockquote> <p>2017-07-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/wmf.c (ReadWMFImage): Eliminate use of already freed heap +<li><p>coders/wmf.c (ReadWMFImage): Eliminate use of already freed heap data in error reporting path. Problem was reported via email by -Agostino Sarubbo on Fri, 14 Jul 2017</li> +Agostino Sarubbo on Fri, 14 Jul 2017</p></li> </ul> </blockquote> <p>2017-07-25 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadMNGImage) Free chunk allocation that remains -after attempting to read a truncated file.</li> -<li>coders/png.c: Removed some redundant checks for chunk length +<li><p>coders/png.c (ReadMNGImage) Free chunk allocation that remains +after attempting to read a truncated file.</p></li> +<li><p>coders/png.c: Removed some redundant checks for chunk length before MagickFreeMemory(chunk), which is safe to call with a -NULL argument.</li> -<li>coders/png.c: Fixed writer bug due to missing brackets; a Log +NULL argument.</p></li> +<li><p>coders/png.c: Fixed writer bug due to missing brackets; a Log statement should have been inside the "i" loop but instead was -using i++ left over from the loop. Bug report by L. Catro.</li> -<li>coders/png.c: Reject a MNG with dimensions greater than 65k -by 65k.</li> -<li>coders/png.c (WriteOnePNGImage): Return without crashing if -WriteOnePNGImage is passed a NULL image. Fixes CVE-2017-11522.</li> +using i++ left over from the loop. Bug report by L. Catro.</p></li> +<li><p>coders/png.c: Reject a MNG with dimensions greater than 65k +by 65k.</p></li> +<li><p>coders/png.c (WriteOnePNGImage): Return without crashing if +WriteOnePNGImage is passed a NULL image. Fixes CVE-2017-11522.</p></li> </ul> </blockquote> <p>2017-07-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/pcl.c (WritePCLImage): Fix null pointer dereference in +<li><p>coders/pcl.c (WritePCLImage): Fix null pointer dereference in PCL writer when writing monochrome images. Problem was reported -by LCatro via email on July 18.</li> -<li>magick/pixel_cache.c (PersistCache): Fix memory leak while +by LCatro via email on July 18.</p></li> +<li><p>magick/pixel_cache.c (PersistCache): Fix memory leak while writing a MPC file. Problem was reported by LCatro via email on -July 18.</li> -<li>coders/map.c (WriteMAPImage): Fix null pointer dereference or +July 18.</p></li> +<li><p>coders/map.c (WriteMAPImage): Fix null pointer dereference or segmentation violation in the MAP writer if the input image is not already colormapped. Problem was reported by LCatro via email on -July 18.</li> -<li>coders/gray.c (WriteGRAYImage): Improve tracing and tidy up.</li> -<li>coders/rgb.c (WriteRGBImage): Fix heap overwrite in raw RGB +July 18.</p></li> +<li><p>coders/gray.c (WriteGRAYImage): Improve tracing and tidy up.</p></li> +<li><p>coders/rgb.c (WriteRGBImage): Fix heap overwrite in raw RGB writer (all output subformats) given a multiframe sequence using different widths. Problem was reported by LCatro via email on -July 18.</li> -<li>coders/cmyk.c (WriteCMYKImage): Fix heap overwrite in raw CMYK +July 18.</p></li> +<li><p>coders/cmyk.c (WriteCMYKImage): Fix heap overwrite in raw CMYK writer (all output subformats) given a multiframe sequence using different widths. Also fix wrong output of CMYKA (and vice-versa) when CMYK was intended. Problem was reported by LCatro via email -on July 18.</li> -<li>coders/palm.c: Disable the PALM writer since the writer is a +on July 18.</p></li> +<li><p>coders/palm.c: Disable the PALM writer since the writer is a work in progress and still has implementation problems. Perhaps no one in the world remains who cares about the undocumented PALM format. Resolves heap overflow and assertion issues reported by -LCatro via emails on July 11th, and 12th, 2017.</li> -<li>magick/colormap.c (ReplaceImageColormap): Throw an exception -rather than assertion if the input image is not colormapped.</li> +LCatro via emails on July 11th, and 12th, 2017.</p></li> +<li><p>magick/colormap.c (ReplaceImageColormap): Throw an exception +rather than assertion if the input image is not colormapped.</p></li> </ul> </blockquote> <p>2017-07-13 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Implemented eXIf chunk support.</li> +<li><p>coders/png.c: Implemented eXIf chunk support.</p></li> </ul> </blockquote> <p>2017-07-12 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Fix typecast of left shifts (patch by Bob F)</li> +<li><p>coders/png.c: Fix typecast of left shifts (patch by Bob F)</p></li> </ul> </blockquote> <p>2017-07-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/ps.c (ReadPSImage): Fix reference to constant NULL image +<li><p>coders/ps.c (ReadPSImage): Fix reference to constant NULL image argument which is dereferenced to pass an exception to MagickMonitorFormatted(). Problem was reported by Agostino -Sarubbo via email on Wed, 12 Jul 2017.</li> +Sarubbo via email on Wed, 12 Jul 2017.</p></li> </ul> </blockquote> <p>2017-07-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/blob.c: Add casts to fix undefined behavior in left +<li><p>magick/blob.c: Add casts to fix undefined behavior in left shifts. Issue was reported by Agostino Sarubbo via email on Mon, -10 Jul 2017.</li> +10 Jul 2017.</p></li> </ul> </blockquote> <p>2017-07-10 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Ignore out-of-bounds MOVE -and CLIP object_id's.</li> -<li>coders/png.c (ReadMNGImage): Fix apparent off-by-one error -in MNG FRAM change_clipping processing.</li> -<li>coders/png.c (ReadMNGImage): Fix out-of-order CloseBlob() +<li><p>coders/png.c (ReadOneJNGImage): Ignore out-of-bounds MOVE +and CLIP object_id's.</p></li> +<li><p>coders/png.c (ReadMNGImage): Fix apparent off-by-one error +in MNG FRAM change_clipping processing.</p></li> +<li><p>coders/png.c (ReadMNGImage): Fix out-of-order CloseBlob() and DestroyImageList() that caused a use-after-free crash. -Fixes CVE-2017-11403. This bug was discovered by Agostino Sarubbo.</li> +Fixes CVE-2017-11403. This bug was discovered by Agostino Sarubbo.</p></li> </ul> </blockquote> <p>2017-07-08 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJngImage): Revised double-free fix.</li> +<li><p>coders/png.c (ReadOneJngImage): Revised double-free fix.</p></li> </ul> </blockquote> <p>2017-07-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Fix double-frees caused by -commit on 2017-07-06.</li> -<li>coders/jpeg.c (ReadJPEGImage): Defer creating pixel cache until +<li><p>coders/png.c (ReadOneJNGImage): Fix double-frees caused by +commit on 2017-07-06.</p></li> +<li><p>coders/jpeg.c (ReadJPEGImage): Defer creating pixel cache until after successfully reading first scanline. Classify some serious libjpeg reported "warnings" as errors and quit processing scanlines immediately upon first error so that corrupt JPEG does not consume excessive resources. Resolves excessive resource consumption issue reported for two JPEG files provided via email -by LCatro on Tue, 4 Jul 2017.</li> +by LCatro on Tue, 4 Jul 2017.</p></li> </ul> </blockquote> <p>2017-07-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (ReadOneJNGImage): Remove spurious 'n' from log -statement.</li> +<li><p>coders/png.c (ReadOneJNGImage): Remove spurious 'n' from log +statement.</p></li> </ul> </blockquote> <p>2017-07-06 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Consolidate JNG cleanup into a new DestroyJNG() -function.</li> +<li><p>coders/png.c: Consolidate JNG cleanup into a new DestroyJNG() +function.</p></li> </ul> </blockquote> <p>2017-07-05 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: prevent a crash due to zero-length color_image -while reading a JNG image. (CVE-2017-11102)</li> +<li><p>coders/png.c: prevent a crash due to zero-length color_image +while reading a JNG image. (CVE-2017-11102)</p></li> </ul> </blockquote> <p>2017-07-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>NEWS.txt: Make sure is up to date.</li> -<li>www/index.rst: Update for 1.3.26 release.</li> -<li>version.sh: Update library versioning for 1.3.26 release.</li> -<li>magick/command.c (BatchCommand): Add ferror() checks around -batch input loop.</li> +<li><p>NEWS.txt: Make sure is up to date.</p></li> +<li><p>www/index.rst: Update for 1.3.26 release.</p></li> +<li><p>version.sh: Update library versioning for 1.3.26 release.</p></li> +<li><p>magick/command.c (BatchCommand): Add ferror() checks around +batch input loop.</p></li> </ul> </blockquote> <p>2017-07-03 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Reject a PNG file if the file size is too small +<li><p>coders/png.c: Reject a PNG file if the file size is too small (less than 61 bytes). Reject a JNG file if it is too small (less -than 147 bytes).</li> -<li>coders/jpeg.c: Reject a JPEG file if the file size is too small -(less than 107 bytes).</li> +than 147 bytes).</p></li> +<li><p>coders/jpeg.c: Reject a JPEG file if the file size is too small +(less than 107 bytes).</p></li> </ul> </blockquote> <p>2017-07-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/dpx.c (ReadDPXImage): Compute required file size and +<li><p>coders/dpx.c (ReadDPXImage): Compute required file size and verify that sufficient data exists in file before allocating memory to decode the image data. Resolves problem with DPX file with valid header (but a huge claimed image width) provided provided via email on Thu, 29 Jun 2017 by LCatro. This issue has -been assigned CVE-2017-10799.</li> +been assigned CVE-2017-10799.</p></li> </ul> </blockquote> <p>2016-07-02 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>coders/mat.c Check whether reported object size overflows file size.</li> +<li><p>coders/mat.c Check whether reported object size overflows file size.</p></li> </ul> </blockquote> <p>2016-07-01 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>coders/mat.c Safety check for forged and or corrupted data. -This issue has been assigned CVE-2017-10800.</li> +<li><p>coders/mat.c Safety check for forged and or corrupted data. +This issue has been assigned CVE-2017-10800.</p></li> </ul> </blockquote> <p>2017-07-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/tiff.c ("QuantumTransferMode"): Use a generalized method +<li><p>coders/tiff.c ("QuantumTransferMode"): Use a generalized method to enforce that buffer overflow can not happen while importing pixels. Resolves problem with RGB TIFF claiming only one sample per pixel provided via email on Thu, 29 Jun 2017 by LCatro. This -issue has been assigned CVE-2017-10794.</li> +issue has been assigned CVE-2017-10794.</p></li> </ul> </blockquote> <p>2017-06-29 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/command.c: Convert bare 'unsigned int' to MagickPassFail +<li><p>magick/command.c: Convert bare 'unsigned int' to MagickPassFail where suitable to make intentions clear. Convert True/False to MagickTrue/MagickFalse or MagickPass/MagickFail according to purpose. This is a continuation of a gradual migration and does -not represent an API change.</li> +not represent an API change.</p></li> </ul> </blockquote> <p>2017-06-25 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Avoid NULL dereference when MAGN chunk processing +<li><p>coders/png.c: Avoid NULL dereference when MAGN chunk processing fails (<a class="reference external" href="https://sourceforge.net/p/graphicsmagick/bugs/426/">https://sourceforge.net/p/graphicsmagick/bugs/426/</a>). Expand -TABs.</li> +TABs.</p></li> </ul> </blockquote> <p>2017-06-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>NEWS.txt: Update NEWS with changes since the previous release.</li> -<li>www/programming.rst: Switch the Lua link to +<li><p>NEWS.txt: Update NEWS with changes since the previous release.</p></li> +<li><p>www/programming.rst: Switch the Lua link to <a class="reference external" href="https://github.com/arcapos/luagraphicsmagick">https://github.com/arcapos/luagraphicsmagick</a>, which is a more complete and direct interface from Lua to GraphicsMagick's Wand -API.</li> +API.</p></li> </ul> </blockquote> <p>2017-06-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>VisualMagick/installer/gm-foo-dll.iss: Remove PerlMagick from +<li><p>VisualMagick/installer/gm-foo-dll.iss: Remove PerlMagick from the slim Inno Setup installer builder and remove mention of -PerlMagick from the installer documentation.</li> -<li>TclMagick/generic/TclMagick.c (magickCmd): Resolve SourceForge +PerlMagick from the installer documentation.</p></li> +<li><p>TclMagick/generic/TclMagick.c (magickCmd): Resolve SourceForge patch #51 "TclMagick: memory access error; possible segfault". (newMagickObj): Fix formatting of pointer value so it is 64-bit safe. Resolves SourceForge patch #50 "TclMagick: 64-bit -portability issue".</li> -<li>coders/pict.c (ReadPICTImage): Avoid possible use of negative +portability issue".</p></li> +<li><p>coders/pict.c (ReadPICTImage): Avoid possible use of negative value when indexing array, which would cause buffer overflow. Resolves SourceForge issue #427 "One possible buffer overflow vulnerability in -GraphicsMagick-1.3.25/coders/pict.c:ReadPICTImage()".</li> +GraphicsMagick-1.3.25/coders/pict.c:ReadPICTImage()".</p></li> </ul> </blockquote> <p>2017-06-22 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Stop memory leak when reading invalid JNG image. -Fixes CVE-2017-8350.</li> +<li><p>coders/png.c: Stop memory leak when reading invalid JNG image. +Fixes CVE-2017-8350.</p></li> </ul> </blockquote> <p>2017-06-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Fix lcms2.h inclusion logic.</li> -<li>wand/magick_wand.c (MagickSetImageOrientation): Eliminate use of -snprintf, which is not supported by older Visual Studio.</li> +<li><p>coders/png.c: Fix lcms2.h inclusion logic.</p></li> +<li><p>wand/magick_wand.c (MagickSetImageOrientation): Eliminate use of +snprintf, which is not supported by older Visual Studio.</p></li> </ul> </blockquote> <p>2017-06-09 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Accept exIf chunks whose data segment -erroneously begins with "Exif00".</li> +<li><p>coders/png.c: Accept exIf chunks whose data segment +erroneously begins with "Exif00".</p></li> </ul> </blockquote> <p>2017-06-01 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Removed experimental zxIF chunk support. That -proposal is dead.</li> +<li><p>coders/png.c: Removed experimental zxIF chunk support. That +proposal is dead.</p></li> </ul> </blockquote> <p>2017-05-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>config/log.mgk: Added documentation suggested by SourceForge -issue #419 "Consider a small patch to log.mgk".</li> -<li>www/Changes.rst: Add missing link to most recent changes.</li> +<li><p>config/log.mgk: Added documentation suggested by SourceForge +issue #419 "Consider a small patch to log.mgk".</p></li> +<li><p>www/Changes.rst: Add missing link to most recent changes.</p></li> </ul> </blockquote> <p>2017-05-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>www/Magick++/Image.rst: Improve documentation for Magick++ -Image::iccColorProfile() and Image::renderingIntent().</li> +<li><p>www/Magick++/Image.rst: Improve documentation for Magick++ +Image::iccColorProfile() and Image::renderingIntent().</p></li> </ul> </blockquote> <p>2017-05-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>tiff: Update to libtiff 4.0.8.</li> +<li><p>tiff: Update to libtiff 4.0.8.</p></li> </ul> </blockquote> <p>2017-03-19 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Quieted a new Coverity complaint about a potential -text buffer overrun.</li> +<li><p>coders/png.c: Quieted a new Coverity complaint about a potential +text buffer overrun.</p></li> </ul> </blockquote> <p>2017-03-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/image.c (SetImageInfo): Ignore empty magic prefix +<li><p>magick/image.c (SetImageInfo): Ignore empty magic prefix specification and do not remove colon character from start of filename. Resolves SourceForge bug #415 "Inconsistent Behavior w/ -input_file Parameter".</li> +input_file Parameter".</p></li> </ul> </blockquote> <p>2017-03-18 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Added new private orNT PNG chunk, to +<li><p>coders/png.c: Added new private orNT PNG chunk, to preserve image->orientation when it is defined and not -the default TopLeft.</li> -<li>coders/jpeg.c: Mention image->orientation in the log when -writing a JPEG.</li> +the default TopLeft.</p></li> +<li><p>coders/jpeg.c: Mention image->orientation in the log when +writing a JPEG.</p></li> </ul> </blockquote> <p>2017-03-15 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c (WriteOnePNGImage): Add version info about -gm, libpng, zlib, and lcms to the PNG debug log.</li> +<li><p>coders/png.c (WriteOnePNGImage): Add version info about +gm, libpng, zlib, and lcms to the PNG debug log.</p></li> </ul> </blockquote> <p>2017-03-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/command.c (ImportImageCommand): Fix handling of -frame +<li><p>magick/command.c (ImportImageCommand): Fix handling of -frame options. Option handling was incorrect due to option checking the frame option after it had been freed. Checking the frame dash option before freeing the argument solves the problem. From patch provided by Victor Ananjevsky as SourceForge patch #49 "-frame -doesn't work in gm import".</li> -<li>Magick++/lib/Image.cpp (attribute): Added Image attribute method +doesn't work in gm import".</p></li> +<li><p>Magick++/lib/Image.cpp (attribute): Added Image attribute method which accepts a 'char *' argument, and will remove the attribute if the value argument is NULL. From patch provided by "Gints" as SourceForge patch #46 "C++ api - method to clear/remove -attribute".</li> -<li>VisualMagick/configure/configure.cpp (InitInstance): Applied +attribute".</p></li> +<li><p>VisualMagick/configure/configure.cpp (InitInstance): Applied patch by Paul McConkey to allow the quantum command line argument to set the default value in the wizard drop list. This allows setting the quantum depth when the /nowizard argument was supplied. Resolves SourceForge patch #48 "When running from the command line configure.exe does not use the quantum argument". The provided configure.exe still needs to be rebuilt to -incorporate this change.</li> -<li>magick/command.c (MogrifyImage): The -orient command now also -updates the orientation in the EXIF profile, if it exists.</li> -<li>Magick++/lib/Image.cpp (orientation): Update orientation in EXIF -profile, if it exists.</li> +incorporate this change.</p></li> +<li><p>magick/command.c (MogrifyImage): The -orient command now also +updates the orientation in the EXIF profile, if it exists.</p></li> +<li><p>Magick++/lib/Image.cpp (orientation): Update orientation in EXIF +profile, if it exists.</p></li> </ul> </blockquote> <p>2017-03-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/jp2.c: Support PGX JPEG 2000 format for reading and -writing (within the bounds of what JasPer supports).</li> +<li><p>coders/jp2.c: Support PGX JPEG 2000 format for reading and +writing (within the bounds of what JasPer supports).</p></li> </ul> </blockquote> <p>2017-02-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/tiff.c (QuantumTransferMode): Fix out of bounds read when +<li><p>coders/tiff.c (QuantumTransferMode): Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel. Problem was reported via email on February 15, 2017 by Valon -Chu. This issue was assigned CVE-2017-6335.</li> +Chu. This issue was assigned CVE-2017-6335.</p></li> </ul> </blockquote> <p>2017-01-29 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>doc/options.imdoc (-geometry): Geometry documentation changes -suggested by Jon Wong.</li> +<li><p>doc/options.imdoc (-geometry): Geometry documentation changes +suggested by Jon Wong.</p></li> </ul> </blockquote> <p>2017-01-26 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Added support for a proposed new PNG chunk +<li><p>coders/png.c: Added support for a proposed new PNG chunk (zxIf, read-only) that is currently being discussed on the png-mng-misc at lists.sourceforge.net mailing list. Enable exIf and zxIf with CPPFLAGS="-DexIf_SUPPORTED -DxzIf_SUPPORTED". If exIf is enabled, only the uncompressed exIF chunk will be written and the hex-encoded zTXt chunk containing the raw Exif -profile won't be written.</li> +profile won't be written.</p></li> </ul> </blockquote> <p>2017-01-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/msl.c (MSLStartElement): Change test for NULL image +<li><p>coders/msl.c (MSLStartElement): Change test for NULL image pointer to before it is used rather than after it is used. -Problem reported by Petr Gajdos on 2017-01-25.</li> +Problem reported by Petr Gajdos on 2017-01-25.</p></li> </ul> </blockquote> <p>2017-01-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>TclMagick/unix/m4/tcl.m4: Update tcl.m4 to TEA 3.10. File -supplied by Massimo Manghi.</li> +<li><p>TclMagick/unix/m4/tcl.m4: Update tcl.m4 to TEA 3.10. File +supplied by Massimo Manghi.</p></li> </ul> </blockquote> <p>2017-01-21 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Added support for a proposed new PNG +<li><p>coders/png.c: Added support for a proposed new PNG chunk (exIf read-write, eXIf read-only) that is currently being discussed on the png-mng-misc at lists.sourceforge.net -mailing list.</li> +mailing list.</p></li> </ul> </blockquote> <p>2017-01-21 Glenn Randers-Pehrson <<a class="reference external" href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/png.c: Added read_user_chunk_callback() function +<li><p>coders/png.c: Added read_user_chunk_callback() function and used it to implement a private PNG caNv (canvas) chunk for remembering the original dimensions and offsets when an image is cropped. Previously we used the oFFs chunk for this purpose, but this had potential conflicts with other applications -that also use the oFFs chunk.</li> +that also use the oFFs chunk.</p></li> </ul> </blockquote> <p>2017-01-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>TclMagick/Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Applied +<li><p>TclMagick/Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Applied patch by Massimo Manghi to set AM_DISTCHECK_CONFIGURE_FLAGS so that 'make distcheck' remembers configuration options, and also to -uninstall pkgIndex.tcl.</li> -<li>magick/image.c (SetImageEx): Use PixelIterateMonoSet() for -possibly improved efficiency.</li> -<li>magick/pixel_iterator.c (PixelIterateMonoSet): New pixel +uninstall pkgIndex.tcl.</p></li> +<li><p>magick/image.c (SetImageEx): Use PixelIterateMonoSet() for +possibly improved efficiency.</p></li> +<li><p>magick/pixel_iterator.c (PixelIterateMonoSet): New pixel iterator intended for use when initializing image pixels, without -regard to existing values.</li> +regard to existing values.</p></li> </ul> </blockquote> <p>2017-01-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>Copyright.txt: Bump copyright years and rotate ChangeLog.</li> +<li><p>Copyright.txt: Bump copyright years and rotate ChangeLog.</p></li> </ul> </blockquote> </div> + <hr class="docutils"> <div class="document"> - <p><a href="Copyright.html">Copyright</a> © GraphicsMagick Group 2002 - 2022<!--SPONSOR_LOGO--></p> + <p><a href="Copyright.html">Copyright</a> © GraphicsMagick Group 2002 - 2023<!--SPONSOR_LOGO--></p> +</div> + </div> </body> </html> |