diff options
Diffstat (limited to 'www/Changelog.html')
| -rw-r--r-- | www/Changelog.html | 1546 |
1 files changed, 252 insertions, 1294 deletions
diff --git a/www/Changelog.html b/www/Changelog.html index 4b7f311..665cfef 100644 --- a/www/Changelog.html +++ b/www/Changelog.html @@ -3,8 +3,8 @@ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> -<meta name="generator" content="Docutils 0.13.1: http://docutils.sourceforge.net/" /> -<title></title> +<meta name="generator" content="Docutils 0.15.2: http://docutils.sourceforge.net/" /> +<title>Changelog.rst</title> <link rel="stylesheet" href="docutils-articles.css" type="text/css" /> </head> <body> @@ -35,1382 +35,340 @@ <div class="document"> -<p>2019-12-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>NEWS.txt: Updates in preparation for 1.3.34 release.</li> +<li>version.sh: Updates in preparation for the 1.3.35 release. +Merge changes for 1.3.35 into GraphicsMagick-1_3 branch.</li> +<li>www/INSTALL-windows.rst: Update Windows installation and build +documentation.</li> </ul> </blockquote> -<p>2019-12-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>NEWS.txt: Update with changes since the last GM release.</li> -<li>coders/png.c (png_read_raw_profile): Use size_t type to store -profile length and 'nibbles'. Use safer way to test for profile -buffer overflow. -(ReadOnePNGImage): Use size_t type to store 'ping_rowbytes', -'length', and 'row_offset'. Check png_pixels allocation for -arithemetic overflow when computing the required allocation size.</li> -<li>coders/tiff.c (WriteNewsProfile): Use size_t type to store -profile length.</li> -<li>coders/pict.c (WritePICTImage): Avoid 'alloc-size-larger-than' -warning from GCC when allocating row_bytes.</li> -</ul> -</blockquote> -<p>2019-12-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>tiff/libtiff/tiffconf.h: Add standard/common libtiff 'SUPPORT' -options which are used in full-fledged Autoconf/Cmake libtiff -builds but were missing from the Visual C template file. In -particular, WebP is now supported and JBIG is somewhat supported.</li> -<li>VisualMagick/jbig/libjbig/LIBRARY.txt (EXCLUDE): Remove -tstcodec85.c from JBIG library build.</li> -<li>VisualMagick/configure/configure.cpp: Add JBIG library to -include path when building libraries. Add WebP as a dependency -when building libtiff.</li> -</ul> -</blockquote> -<p>2019-12-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/nt_base.h ("C"): Assume that float versions of functions -became available in Visual Studio 2008.</li> -</ul> -</blockquote> -<p>2019-12-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/log.c (InitializeLogInfo): Using the compiled-in -defaults, always log to stderr by default, even under Microsoft -Windows. The logging output may then be diverted to -'win32eventlog' as soon as a log.mgk file is loaded if that is -desired. This should not be much of a problem because loading a -log.mgk file is the first thing that the library attempts to do. -This change is made due to users and developers being baffled at -not seeing any log output due to the log output going to the (very -unfriendly) Windows application log.</li> -<li>webp: libwebp is updated to the 1.0.3 release.</li> -</ul> -</blockquote> -<p>2019-12-15 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/nt_base.c Fix user only installation of Ghostscript.</li> -</ul> -</blockquote> -<p>2019-12-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>rungm.sh.in (DIRSEP): DIRSEP should always use Unix conventions for -Autotools-based builds.</li> -<li>magick/module.h ("C"): Eliminiate redundant and conflicting -ListModuleInfo() prototype.</li> -<li>coders/miff.c (ReadMIFFImage): Eliminate warnings in trace -statements.</li> -<li>coders/dib.c (DecodeImage): Eliminate warnings in trace -statements.</li> -<li>coders/bmp.c (DecodeImage): Eliminate warnings in trace -statements.</li> -<li>magick/studio.h (SupportMagickModules): Fix the preprocessor -logic controlling SupportMagickModules, which became broken for -GCC MinGW-based builds starting in the 1.3.29 release when a -"static" module loader was implemented. Due to an error in the -preprocessor logic, only the "modules" based build was working for -MinGW. Much thanks to Giovanni Remigi for making us aware of this -issue.</li> -</ul> -</blockquote> -<p>2019-12-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/pict.c (WritePICTImage): Throw a writer exception if the -PICT width limit is exceeded. Fixes SourceForge issue 617 -"heap-buffer-overflow in function EncodeImage of coders/pict.c".</li> -</ul> -</blockquote> -<p>2019-12-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>jbig: jbigkit is updated to 2.1 release.</li> -<li>libxml: libxml2 is updated to 2.9.10 release.</li> -<li>bzlib: bzip is updated to 1.0.8 release.</li> -<li>zlib: zlib is updated to 1.2.11 release.</li> -<li>png: libpng is updated to 1.6.37 release.</li> -</ul> -</blockquote> -<p>2019-12-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>lcms: lcms2 is updated to 2.9 release.</li> -<li>tiff: libtiff is updated to 4.1.0 release.</li> -</ul> -</blockquote> -<p>2019-11-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (DrawPatternPath): Don't leak memory if -fill_pattern or stroke_pattern of cloned draw_info are not null. -Fixes oss-fuzz issue 18948 "graphicsmagick:coder_MVG_fuzzer: -Indirect-leak in CloneImage". -(PrimitiveInfoRealloc): Clear freshly-allocated PrimitiveInfo -memory.</li> -</ul> -</blockquote> -<p>2019-11-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/attribute.c (GenerateEXIFAttribute): Fix oss-fuzz issue -17986 "graphicsmagick:coder_JPG_fuzzer: Heap-buffer-overflow in -GenerateEXIFAttribute". This problem likely only happens in -32-bit builds.</li> -</ul> -</blockquote> -<p>2019-11-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/png.c (ReadMNGImage): Only magnify the image if the -requested magnification methods are supported.</li> -</ul> -</blockquote> -<p>2019-11-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/compress.c (HuffmanDecodeImage): Fix signed overflow on -range check which leads to heap overflow in 32-bit -applications. Requires a relatively large file input compared with -typical fuzzer files (greater than a megabyte) to trigger. -Problem reported to the graphicsmagick-security mail address by -Justin Tripp on 2019-11-13. -(Ascii85Tuple): Fix thread safety issue by requiring caller to -pass in tuple buffer as an argument and having callers allocate -tuple buffer on the stack.</li> -</ul> -</blockquote> -<p>2019-11-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/bit_stream.c: Add restrict declarations to slightly -improve performance and decrease code size.</li> -<li>TclMagick/pkgIndex.tcl: Incorporate recommendations from third -problem noted in SourceForge issue #420 "TclMagick issues and -patch". This is supposed to help support using an uninstalled -GraphicsMagick and allow the installation path to contain a space.</li> -<li>wand/magick_wand.c (MagickClearException): Destroy any existing -exception info before re-initializing the exception info or else -there will be a memory leak.</li> -<li>TclMagick/generic/libttkcommon.c (myMagickError): Clear -exception from the Wand after it has been reported. Addresses the -fourth problem noted by SourceForge issue #420 "TclMagick issues -and patch". However, MagickClearException() already clears an -exception in the Wand, so a new function is not needed.</li> -<li>TclMagick/unix/m4/tcl.m4: Change hard-coded INSTALL path to -point to config/install-sh. Re-generated/updated Autotools stuff -by executing the genconf.sh script. Addresses the first problem -noted by SourceForge issue #420 "TclMagick issues and patch".</li> -</ul> -</blockquote> -<p>2019-11-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/pixel_cache.c (SetNexus): Eliminate warning about -possibly uninitialized variable from primordial GCC 3.4.3.</li> -<li>magick/render.c (ConvertPrimitiveToPath): Eliminate warning that -IsClosedSubPath might be used uninitialized.</li> -<li>magick/common.h ("MAGICK_FALLTHROUGH"): Added a -MAGICK_FALLTHROUGH macro to support the GCC/Clang fallthrough -attribute when the time comes again that it would be useful.</li> -</ul> -</blockquote> -<p>2019-10-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/pcx.c (ReadPCXImage): Verify that pixel region is not -negative. Assure that opacity channel is initialized to -opaqueOpacity. Update DirectClass representation while -PseudoClass representation is updated. Improve read performance -with uncompressed PCX.</li> -</ul> -</blockquote> -<p>2019-10-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/xpm.c (ReadXPMImage): Image properties are expected to -appear within the first 512 bytes of the XPM file header. fixes -oss-fuzz 18267 "graphicsmagick:coder_PICON_fuzzer: Timeout in -coder_PICON_fuzzer".</li> -</ul> -</blockquote> -<p>2019-10-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>configure.ac: Fix tcmalloc configuration report.</li> -</ul> -</blockquote> -<p>2019-10-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/wpg.c (ReadWPGImage): Implement subimage/subrange -support.</li> -<li>coders/mat.c (ReadMATImage, ReadMATImageV4): Implement -subimage/subrange support. Should resolve oss-fuzz 14999 -"graphicsmagick/coder_MAT_fuzzer: Out-of-memory in -graphicsmagick_coder_MAT_fuzzer".</li> -<li>coders/tiff.c (TIFFMapBlob): Fix compile problem if -LOG_TIFF_BLOB_IO is defined.</li> -<li>coders/wpg.c (ExtractPostscript): Improve performance. Avoid -temporary files if possible. Avoid additional memory allocations -if possible. Should address oss-fuzz issue 18173 -"graphicsmagick:enhance_fuzzer: Timeout in enhance_fuzzer" and -oss-fuzz issue 17714 "graphicsmagick:coder_WPG_fuzzer: Timeout in -coder_WPG_fuzzer".</li> -</ul> -</blockquote> -<p>2019-10-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/pnm.c (PNMInteger): Place a generous arbitrary limit on -the amount of PNM comment text to avoid denial of service -opportunity. Fixes oss-fuzz 18162 "Timeout · coder_PNM_fuzzer".</li> -</ul> -</blockquote> -<p>2019-10-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/dps.c (ReadDPSImage): Fix memory leak when OpenBlob() -reports failure. Same as ImageMagick CVE CVE-2019-16709.</li> -</ul> -</blockquote> -<p>2019-09-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/attribute.c (GenerateEXIFAttribute): Skip -unsupported/invalid format 0. Fixes oss-fuzz issue 17597 -"graphicsmagick:coder_SFW_fuzzer: Heap-buffer-overflow in -GenerateEXIFAttribute".</li> -</ul> -</blockquote> -<p>2019-09-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>fuzzing/oss-fuzz-build.sh: Change by Alex Gaynor so that the -correct oss-fuzz fuzzing engine should be used.</li> -</ul> -</blockquote> -<p>2019-09-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/static.c (OpenModule): Static module loader should use -upper-cased magick string when searching for a module alias. -Fixes SourceForge issue #613 "static module loader is still -case-sensitive".</li> -</ul> -</blockquote> -<p>2019-09-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>configure.ac: Report status of zstd (FaceBook Zstandard) -compression in configuration summary.</li> -</ul> -</blockquote> -<p>2019-09-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (TraceArcPath): Substitute a lineto command when -tracing arc is impossible. Fixes oss-fuzz 10765 -"graphicsmagick/coder_MVG_fuzzer: Divide-by-zero in TraceArcPath".</li> -</ul> -</blockquote> -<p>2019-09-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/png.c (png_read_raw_profile): Fix validation of raw -profile length. Fixes oss-fuzz 16906 -"graphicsmagick:coder_ICO_fuzzer: Out-of-memory in -graphicsmagick_coder_ICO_fuzzer".</li> -<li>coders/wpg.c (ReallocColormap): Avoid dereferencing a null -pointer if image->colormap is null. Fixes oss-fuzz 17004 -"graphicsmagick:coder_WPG_fuzzer: Null-dereference READ in -ReallocColormap".</li> -</ul> -</blockquote> -<p>2019-09-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/memory.c (MagickRealloc): Add a note that the behavior of -this function is as described for BSD reallocf(3), which is now -appearing in Linux's GNU libc and elsewhere.</li> -</ul> -</blockquote> -<p>2019-09-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>www/OpenMP.rst: Document the significant OpenMP speed-up which -may be obtained by using an alternate memory allocation library. -Currently 'tcmalloc', 'mtmalloc', and 'umem' are supported as +<li>NEWS.txt: Update with News since previous release.</li> +<li>magick/magick.c (InitializeMagickSignalHandlers): This private +implementation function is now a static function as it should have +been. +(InitializeMagickEx): New function which may be used in place of +InitializeMagick() to initialize GraphicsMagick. This +initialization function returns an error status value, may update +a passed ExceptionInfo structure with error information, and +provides an options parameter which supports simple bit-flags to +tailor initialization. The signal handler registrations are +skipped if the MAGICK_OPT_NO_SIGNAL_HANDER flag is set in the options.</li> -<li>www/INSTALL-unix.rst: Document new --with-tcmalloc option to -enable using Google gperftools tcmalloc library.</li> -<li>configure.ac: Add support for using Google gperftools tcmalloc -library via the --with-tcmalloc option.</li> -<li>scripts/rst2htmldeco.py: Port to Python 3 syntax and require at -least Python 2.6.</li> -<li>scripts/relpath.py: Port to Python 3 syntax and require -at least Python 2.6.</li> -<li>scripts/html_fragments.py: Port to Python 3 syntax and require -at least Python 2.6.</li> -<li>scripts/format_c_api_doc.py: Port to Python 3 syntax and require -at least Python 2.6.</li> -</ul> -</blockquote> -<p>2019-08-27 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>doc/GraphicsMagick.imdoc: Document gm utility exit status codes.</li> -</ul> -</blockquote> -<p>2019-08-25 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (PRIMITIVE_INFO_POINTS_MAX): SIZE_MAX apparently -rounds up by one when cast to a double on 64-bit systems. Due to -this, and in order to set more rational implementation limits, add -a PRIMITIVE_INFO_POINTS_MAX definition which computes and -constrains the maximum number of PrimitiveInfo entries allowed.</li> -</ul> -</blockquote> -<p>2019-08-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/attribute.c (GenerateEXIFAttribute): Check that we are -not being directed to read an IFD that we are already parsing and -quit in order to avoid a loop. Addresses oss-fuzz 15753 -"graphicsmagick/coder_JPEG_fuzzer: Timeout in -graphicsmagick_coder_JPEG_fuzzer" and 16068 -"graphicsmagick/coder_SFW_fuzzer: Timeout in -graphicsmagick_coder_SFW_fuzzer".</li> -<li>tests/{constitute.c, drawtest.c, rwblob.c, rwfile.c}: Eliminate -irritating GCC 9 "__builtin_strncpy' output may be truncated" -warnings due to copying MaxTextExtent-1 characters. Instead -request copying all of the characters and also assure that string -is still null terminated.</li> -<li>doc/environment.imdoc: Update documentation pertaining to HOME -and MAGICK_DEBUG environment variables.</li> -</ul> -</blockquote> -<p>2019-08-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/log.c (DestroyLogInfo): Only output text to terminate an -XML format log file if XML format is active.</li> -</ul> -</blockquote> -<p>2019-08-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (ExtractTokensBetweenPushPop): Previous fix for -non-terminal loop was broken by a last-minute untested edit. -Finally addresses oss-fuzz 15318 "graphicsmagick/coder_MVG_fuzzer: -Timeout in graphicsmagick_coder_MVG_fuzzer".</li> -</ul> -</blockquote> -<p>2019-08-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>fuzzing/utils.cc (MemoryResource): Lessen the memory limit used -for oss-fuzz testing in order to provide more headroom and margin -for error.</li> -<li>magick/render.c (TraceBezier): Detect arithmetic overflow and -return errors via normal error path rather than exiting. Fixes -oss-fuzz 16450 "graphicsmagick:coder_MVG_fuzzer: Unexpected-exit -in DefaultFatalErrorHandler". -(PrimitiveInfoRealloc): Implement more paranoid code related to -primitive allocation.</li> -</ul> -</blockquote> -<p>2019-08-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (DrawStrokePolygon): Handle case where -TraceStrokePolygon() returns NULL. Addresses oss-fuzz 15516 -"graphicsmagick/coder_MVG_fuzzer: ASSERT: primitive_info != -(PrimitiveInfo *) NULL". -(DrawDashPolygon): Handle case where DrawStrokePolygon() returns -MagickFail. Also needed to address oss-fuzz 15516, since otherwise -test-cases run for a very long time. -(ExtractTokensBetweenPushPop): Fix non-terminal parsing loop. -Addresses oss-fuzz 15318 "graphicsmagick/coder_MVG_fuzzer: Timeout -in graphicsmagick_coder_MVG_fuzzer".</li> -</ul> -</blockquote> -<p>2019-08-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/memory.h (MagickMallocAlignedArray): Add function -attributes for added value and to quench GCC 9 warning with -special build options enabled.</li> -<li>magick/deprecate.h (AcquireMemory): Add more function attributes -to quench GCC 9 warning with special build options enabled.</li> -<li>magick/attribute.c (GenerateEXIFAttribute): Fix compilation -warning in 32-bit build.</li> -<li>coders/dpx.c (AttributeToString): Eliminate annoying warnings -from GCC 9, although the code was correct.</li> -<li>coders/msl.c (MSLStartElement): Fix defective opacity percentage -code revealed by GCC 9 warning.</li> -</ul> -</blockquote> -<p>2019-08-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/png.c (ReadMNGImage): Skip coalescing layers if there is -only one layer. Fixes oss-fuzz 16274 -"graphicsmagick/coder_MNG_fuzzer: Unexpected-exit in -DefaultFatalErrorHandler".</li> -</ul> -</blockquote> -<p>2019-08-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/png.c (ReadPNGImage): Post-processing to convert the -image type in the PNG reader based on a specified magick prefix -string is now disabled. This can (and should) be done after the -image has been returned. Fixes oss-fuzz 16386 -"graphicsmagick:coder_PNG8_fuzzer: Timeout in -graphicsmagick_coder_PNG8_fuzzer".</li> -</ul> -</blockquote> -<p>2019-07-20 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>NEWS.txt: Updates in preparation for 1.3.33 release.</li> -</ul> -</blockquote> -<p>2019-07-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>NEWS.txt: Updated NEWS to reflect updates since last release.</li> -</ul> -</blockquote> -<p>2019-07-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/png.c (WriteOnePNGImage): Fix saving to palette when -image has an alpha channel but no color is marked as transparent. -Patch submitted by Przemysław Sobala via SourceForge patch #61 -"WriteOnePNGImage(): Fix saving to palette when image has an alpha -channel but no color is marked as transparent".</li> -<li>doc/options.imdoc (characters): Fix -format documentation to -reflect that '%r' returns the image type. Patch submitted by -Przemysław Sobala via SourceForge patch #60 "Fix documentation -typo".</li> -</ul> -</blockquote> -<p>2019-07-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/tempfile.c (AcquireTemporaryFileDescriptor): Fix -compilation under Cygwin. Patch by Marco Atzeri and submitted via -email to the graphicsmagick-help mailing list on Fri, 5 Jul 2019.</li> -</ul> -</blockquote> -<p>2019-06-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/attribute.c (GenerateEXIFAttribute): Added range checks -and tracing. Fixes oss-fuzz 14998 -"graphicsmagick/coder_JPEG_fuzzer: Heap-buffer-overflow in -Read32s". This is a tiny read overflow.</li> -<li>coders/miff.c (ReadMIFFImage): Similar fix as to mpc.c</li> -<li>coders/mpc.c (ReadMPCImage): Fix faulty signed overflow logic -for profiles[i].length which still allowed overflow. Fixes -oss-fuzz issue 15190 "graphicsmagick/coder_MPC_fuzzer: -Out-of-memory in graphicsmagick_coder_MPC_fuzzer".</li> -<li>doc/options.imdoc: Add notes about security hazards due to -commands which support a <a class="reference external" href="mailto:'%40filename">'<span>@</span>filename</a>' syntax.</li> -<li>www/security.rst: Add notes about security hazards due to -commands which support a <a class="reference external" href="mailto:'%40filename">'<span>@</span>filename</a>' syntax.</li> -</ul> -</blockquote> -<p>2019-06-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (DrawImage): Assure that 'token' is initialized. -Fixes oss-fuzz issue 14897 "graphicsmagick/coder_MVG_fuzzer: -Use-of-uninitialized-value in DrawImage".</li> -<li>magick/animate.c (MagickXAnimateImages): Fix memory leak of -scene_info.pixels.</li> -<li>magick/display.c (MagickXDisplayImage): Fix heap overwrite of -windows->image.name and windows->image.icon_name buffers. It -appears that the code assumed that CloneString() would always -allocated a string at least MaxTextExtent in size. I assume that -this issue has existed for a very long time since CloneString() -was re-written many years ago.</li> -<li>coders/caption.c (ReadCAPTIONImage): The CAPTION reader did not -appear to work at all any more. Now it works again, but still not -very well.</li> -<li>magick/command.c: Re-implement '@' file inclusion support for --comment, -draw, -format, and -label which was removed for the -1.3.32 release. Note that arguments from untrusted sources will -still need to be sanitized to detect attempts to subvert this -feature to access file data, but this feature has always been -supported by GraphicsMagick and it originated early in the -development of ImageMagick.</li> -</ul> -</blockquote> -<p>2019-06-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/utility.c (MagickStrlCat, MagickStrlCpy): Add debug -checks enabled by MAGICK_STRL_CHECK.</li> -<li>magick/montage.c (MontageImages): Fix wrong length argument to -strlcat() when building montage directory, which could allow heap -overwrite.</li> -<li>coders/png.c (RegisterPNGImage): Pass correct size value to -strlcat(). Under Apple's OS X (and possibly other targets) -strlcat() writes bytes beyond what it needs to (but within the -range it is allowed to) causing a crash due to the wrong limit -value. Fixes SourceForge issue #609 <cite>gm identify foo.png</cite> crashes -on macOS (v 1.3.32).</li> -<li>www/Changes.rst: Update ChangeLog links due to new year, and -1.3.32 release.</li> -</ul> -</blockquote> -<p>2019-06-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/bmp.c (WriteBMPImage): Detect arithmetic overflow of -image_size. Add more tracing. Reduce compilation warnings. -(EncodeImage): Reduce compilation warnings. -(WriteBMPImage): Assure that chromaticity uses double-precision -for multiply before casting to unsigned integer.</li> -<li>coders/wpg.c (ReallocColormap): Reduce compilation warnings.</li> -<li>coders/braille.c (WriteBRAILLEImage): Reduce compilation -warnings.</li> -<li>coders/dib.c (WriteDIBImage): Detect arithmetic overflow of -image_size. Reduce compilation warnings. -(EncodeImage): Reduce compilation warnings.</li> -<li>coders/locale.c (WriteLOCALEImage): Reduce compilation warnings.</li> -</ul> -</blockquote> -<p>2019-06-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>Makefile.am (dist-zstd): Use the maximum possible compression -level (22) when creating a Zstd-compressed tarball to get close to -lzip/xz compression levels.</li> -<li>coders/tiff.c (ReadTIFFImage): Fix typo in initialization of -'tile' pointer variable.</li> -<li>version.sh: Updates in preparation for 1.3.32 release.</li> -</ul> -</blockquote> -<p>2019-06-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>Makefile.am (release): Add a release target to make it easier to -produce and sign the release files. Add a zstd-compressed output -tarball just because we can.</li> -</ul> -</blockquote> -<p>2019-06-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (DrawImage): Fix typo when initializing -number_coordinates. Somehow GCC and clang let this typo slip by.</li> </ul> </blockquote> -<p>2019-06-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/dib.c (ReadDIBImage): Preserve PseudoClass opaque -representation if ICO mask is opaque, otherwise return a -DirectClass image.</li> +<li>magick/magick.c (MagickToMime): Add a MIME translation for +"jpg". Issue reported by Pro Turm.</li> </ul> </blockquote> -<p>2019-06-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/render.c (DrawImage): Detect an error in TracePath() and -quit rather than forging on.</li> +<li>www/INSTALL-windows.rst: Add quoting to avoid losing backslashes +in Windows paths.</li> </ul> </blockquote> -<p>2019-06-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/render.c (DrawImage): Terminate drawing if -DrawCompositeMask() reports failure. Fixes oss-fuzz 12373 -"graphicsmagick/coder_MVG_fuzzer: Timeout in -graphicsmagick_coder_MVG_fuzzer". -(TracePath): Terminate path parsing upon first parsing error.</li> +<li>magick/common.h: Add missing unsupported handling for some +recently added GCC/Clang attributes.</li> +<li>magick/: Move all remaining private implementation code in +public headers which is guarded by MAGICK_IMPLEMENTATION into +private headers, which are never installed.</li> </ul> </blockquote> -<p>2019-06-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/txt.c (ReadTXTImage): Use real a new-line character as -line delimiter rather than 'n' string.</li> -<li>magick/annotate.c (AnnotateImage): No longer implicitly call -TranslateText() since this is not suitable for most use-cases and -causes additional performance impact. The API user can perform -such translations in advance on the text string using -TranslateText() if need be. No longer call StringToList() to -split strings into an array of strings since this can lead to -unexpected results, and a custom-splitter is more efficient.</li> +<li>coders/tiff.c (WriteTIFFImage): Evidence suggests that large +strip sizes improve performance by reducing the number of I/Os. +The defaults suggested by libtiff are way to small for today's +images and computers. Default TIFF strip sizes so that each +uncompressed strip consumes up to 1MiB of memory, or 4MiB for FAX +oriented codecs, or based on LZMA compression level when using +LZMA compression. The default size may be adjusted via the +TIFF_BYTES_PER_STRIP preprocessor definition.</li> </ul> </blockquote> -<p>2019-06-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-09 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>magick/render.c (DrawImage): Only support <a class="reference external" href="mailto:'%40filename">'<span>@</span>filename</a>' syntax to -read drawing primitive from a file if we are not already drawing.</li> -<li>magick/utility.c (TranslateTextEx): Remove support for reading -from a file using <a class="reference external" href="mailto:'%40filename">'<span>@</span>filename</a>' syntax due to security concerns. -Problem was reported to us by "Battle Furry" via the -GraphicsMagick security mail alias on June 6, 2019.</li> +<li>coders/wpg.c ZeroFillMissing data will never been triggered when +y>=image->rows.</li> </ul> </blockquote> -<p>2019-06-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/utility.c (SetClientFilename): Reduce initialized data -some more.</li> +<li>magick/render.c (DrawImage): Limit pattern dimensions by +LONG_MAX rather than ULONG_MAX since this seems more likely to +avoid arithmetic overflows later on.</li> </ul> </blockquote> -<p>2019-06-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-09 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>magick/nt_base.c: Search for n019003l.pfb (the "Helvetica"-like -font) rather than fonts.dir since fonts.dir is not present in all -URW font collections.</li> -<li>NEWS.txt: Update news.</li> +<li>coders/wpg.c Check for exception in image.</li> </ul> </blockquote> -<p>2019-06-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/logo.c: Tidy logo image definitions, and logo image -output.</li> +<li>magick/command.c (VersionCommand): Add Google perftools tcmalloc +to the available feature support.</li> +<li>www/INSTALL-unix.rst: Include some information about building +with MSYS2.</li> +<li>coders/png.c (ReadOnePNGImage): Eliminate compilation warnings +about signed/unsigned comparisons.</li> +<li>magick/image.c: Remove private global string constants, and one +private global unsigned long constant, from the library ABI. +Since the global constants were declared via a private header and +only used within the GraphicsMagick build, removing these does not +impact the public ABI. The globals removed are BackgroundColor, +BorderColor, DefaultTileFrame, DefaultTileGeometry, +DefaultTileLabel, ForegroundColor, HighlightColor, MatteColor, +PSDensityGeometry, PSPageGeometry, and DefaultCompressionQuality.</li> </ul> </blockquote> -<p>2019-05-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/mat.c: Make more data const.</li> +<li>magick/render.c (DrawImage): Apply draconian pattern +specification offset and dimension validations. Hopefully there +is no impact to usability. If so please report it as a bug. +Fixes oss-fuzz 20586 "graphicsmagick:coder_MVG_fuzzer: +Integer-overflow in DrawPolygonPrimitive".</li> +<li>coders/svg.c (ReadSVGImage): Fix dereference of NULL pointer +when stopping image timer.</li> </ul> </blockquote> -<p>2019-05-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/animate.c: Reduce initialized static allocations.</li> -<li>magick/display.c: Reduce initialized static allocations.</li> -<li>magick/widget.c (MagickSplitNDLTextToList): Add static -implementation function.</li> +<li>coders/pict.c (DecodeImage): Allocate extra scanline memory to +allow small RLE overrun. Fixes oss-fuzz 20271 +"graphicsmagick:coder_PICT_fuzzer: Heap-buffer-overflow in +ExpandBuffer" and 20272 "graphicsmagick:coder_PICT_fuzzer: +Heap-buffer-overflow in DecodeImage".</li> +<li>PerlMagick/t/wmf/read.t: Update WMF reference images. Relax +test requirements for ski.wmf.</li> +<li>locale/C.mgk: Correct error message associated with +"UnsupportedNumberOfRows". Patch was submitted by Thorsten +Alteholz via private email on 2020-02-05.</li> </ul> </blockquote> -<p>2019-05-20 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/webp.c (RegisterWEBPImage): Use sprintf to format version -since snprintf is not available in old Visual Studio.</li> +<li>coders/topol.c: Include magick/magick_endian.h.</li> </ul> </blockquote> -<p>2019-05-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-02-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/dcm.c: Make more data const.</li> -<li>www/INSTALL-unix.rst: Add documentation for how to install URW -fonts from various package management systems.</li> +<li>magick, coders, wand: Added copious casts to avoid possible +integer overflows in the Microsoft Windows 64-bit build, where +sizeof(long) < sizeof(size_t).</li> </ul> </blockquote> -<p>2019-05-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-01-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>www/authors.rst: Add authorship attribution to Samuel Thibault -for contributing support for the Braille image format.</li> -<li>coders/braille.c: Add support for Braille image format by Samuel -Thibault. Patch submitted via SourceForge patch #59 "Add braille -image format support.</li> +<li>magick/render.h ("PrimitiveInfo"): Change PrimitiveInfo +coordinates from type 'unsigned long' to 'size_t'.</li> </ul> </blockquote> -<p>2019-05-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-01-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/tempfile.c: Make more data const.</li> -<li>magick/signature.c: Make more data const.</li> -<li>magick/quantize.c: Make more data const.</li> -<li>magick/attribute.c: Make more data const.</li> -<li>coders/png.c: Make more data const.</li> -<li>coders/mpeg.c: Make more data const.</li> -<li>coders/wmf.c: Make more data const.</li> -<li>coders/tile.c: Make more data const.</li> +<li>magick/gradient.c (GradientImage): Warnings reduction, plus note +about incorrect diagonal gradients math.</li> </ul> </blockquote> -<p>2019-05-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-01-20 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> <blockquote> <ul class="simple"> -<li>magick/enum_strings.c: Make more data const.</li> +<li>VisualMagickconfigureconfigure.cpp Option /arch:SSE2 is +available only for 32 bit build.</li> </ul> </blockquote> -<p>2019-05-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-01-19 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/magick.c: Make more data const.</li> -<li>magick/type.c (GetTypeInfoByFamily): Make more data const.</li> -<li>magick/unix_port.c (MagickGetMMUPageSize): Decrease initialized -data.</li> -<li>magick/utility.c (GetPageGeometry): Make more data const.</li> -<li>coders/pdf.c (WritePDFImage): Allocate working buffer on stack -and pass as argument to EscapeParenthesis() to eliminate a thread -safety problem and also reduce BSS size.</li> -<li>coders/webp.c (RegisterWEBPImage): Fix compiler warning.</li> -<li>coders/jbig.c (RegisterJBIGImage): Make more data const.</li> -<li>coders/pict.c (DecodeImage): Allocate output buffer used by -ExpandBuffer() on the stack rather than as static data private to -ExpandBuffer(). Eliminates a thread safety problem and also -reduces BSS size.</li> -<li>coders/webp.c (RegisterWEBPImage): Reduce BSS size.</li> +<li>coders/pcd.c (DecodeImage): Assure that pcd_length gets +initialized with something.</li> +<li>Magick++/lib/Options.cpp (strokeDashArray): Add needless check +for _drawInfo->dash_pattern null in order to make static analysis +happy.</li> +<li>magick/render.c (DestroyPolygonInfo): Make sure to not +dereference a null edges pointer.</li> +<li>coders/pdb.c (WritePDBImage): Make sure that null comment value +is not dereferenced.</li> +<li>coders/vid.c (ReadVIDImage): Make sure that +ThrowVIDReaderException does not dereference a null pointer.</li> +<li>magick/quantize.c (ClassifyImageColors): Fix error handling so a +null pointer won't be consumed after a memory allocation failure. +Changed the location of some variable declarations and added some +comments.</li> </ul> </blockquote> -<p>2019-05-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-01-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/jp2.c: Make more data const.</li> -<li>coders/wmf.c: Make more data const.</li> -<li>coders/ps.c (WritePSImage): Make more data const.</li> -<li>coders/ps2.c (WritePS2Image): Make more data const.</li> -</ul> -</blockquote> -<p>2019-05-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/static.c: Revert to previous 'name' storage. Callback -functions in structure block being properly const.</li> -<li>coders/xpm.c: Make more data const.</li> -<li>coders/pnm.c: Make more data const.</li> -<li>coders/palm.c: Make more data const.</li> -<li>coders/meta.c: Make more data const.</li> -<li>coders/dcraw.c: Make more data const.</li> -<li>magick/command.c: Fix compilation problem when HasX11 is not -defined.</li> -</ul> -</blockquote> -<p>2019-05-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/command.c: Make more data const.</li> -</ul> -</blockquote> -<p>2019-05-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/webp.c (RegisterWEBPImage): Make more data const.</li> -<li>coders/svg.c (RegisterSVGImage): Reduce BSS size.</li> -<li>coders/miff.c (RegisterMIFFImage): Fix version reporting.</li> -<li>coders/ttf.c (RegisterTTFImage): Fixed reporting of FreeType -version.</li> -<li>coders/tiff.c (RegisterTIFFImage): Reduce BSS size.</li> -<li>coders/sfw.c (ReadSFWImage): Make SFW static data completely -const.</li> -<li>coders/ps3.c: Make PS3 static data completely const.</li> -<li>coders/pict.c: Make PICT static data completely const.</li> -<li>magick/error.c (ThrowException, ThrowLoggedException): Handle -the case where some passed character strings refer to existing -exception character strings. Fixes SourceForge issue #603 -"heap-use-after-free in function ThrowLoggedException of -magick/error.c". -(CatchException): Restructure so there is one return point.</li> -<li>coders/miff.c (ImportRLEPixels): Fix heap overflow caused by a -typo in the code. Also fix undefined behavior caused by large -left shifts of an unsigned char. Fixes SourceForge issue #608 -"heap-buffer-overflow in ImportRLEPixels of coders/miff.c.</li> -</ul> -</blockquote> -<p>2019-05-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/bmp.c (ReadBMPImage): Fix subrange/scene handling in -'ping' mode so it is like the other formats. Only the first frame -was being enumerated while in 'ping' mode.</li> -</ul> -</blockquote> -<p>2019-05-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>NEWS.txt: Update news.</li> -<li>magick/utility.c (ExpandFilenames): Only expand <a class="reference external" href="mailto:'%40filename">'<span>@</span>filename</a>' to a -list of arguments read from 'filename' if the path <a class="reference external" href="mailto:'%40filename">'<span>@</span>filename</a>' -does not exist. This fix is made based on an email posting to the -'graphicsmagick-help' mailing list at SourceForge by "Test User" -on Tue, 7 May 2019.</li> -</ul> -</blockquote> -<p>2019-05-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/colorspace.c: Reorder initialization of colorspace tables -for a possible performance improvement.</li> -<li>magick/fx.c (WaveImage): Use float for sin map.</li> -<li>configure.ac: Test for float versions of math functions.</li> -<li>magick/gem.c (GenerateDifferentialNoise): Use float versions of -math functions when available.</li> -</ul> -</blockquote> -<p>2019-05-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>www/INSTALL-unix.rst: Expanded configure documentation for ---with-modules. Added specific configure documentation for ---with-umem and --with-mtmalloc, which may be useful on -Solaris-derived systems.</li> -</ul> -</blockquote> -<p>2019-04-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/command.c (VersionCommand): Show OpenMP specification -version corresponding to version enumeration.</li> -<li>magick/locale.c (GetLocaleMessageFromTag): Eliminate clang -warning about comparison with a constant value.</li> -<li>magick/log.c (InitializeLogInfo): Initialize LogInfo log_configured.</li> -</ul> -</blockquote> -<p>2019-04-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/magic.c (struct): Ajust StaticMagic definition to be more -const-friendly.</li> -<li>magick/color_lookup.c (struct): Adjust StaticColors definition -to be more const-friendly.</li> -<li>magick/attribute.c: Ajust tag_table definition to be more -const-friendly.</li> -<li>magick/log.c: Allocate LogInfo from heap as we used to do.</li> -<li>magick/locale.c (GetLocaleMessageFromTag): Adaptations to locale -coder output changes.</li> -<li>coders/locale.c (WriteLOCALEImage): Adjust locale coder output -to be more const.</li> -</ul> -</blockquote> -<p>2019-04-20 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/color_lookup.c: Make built-in color tables fully const.</li> -<li>magick/animate.c: Use MagickXTextViewWidgetNDL() to display help -text.</li> -<li>magick/display.c: Use MagickXTextViewWidgetNDL() to display help -text.</li> -<li>magick/widget.c (MagickXTextViewWidgetNDL): New private function -to display multi-line null-delimited text in an X11 widget.</li> -<li>coders/xwd.c (ReadXWDImage): Added even more XWD header -validation logic. Addresses problems noted by email from Hongxu -Chen to the graphicsmagick-security mail alias on Fri, 19 Apr 2019 -and Sat, 20 Apr 2019 and entitled "Multiple crashes (FPE and -invalid read) when processing XWD files".</li> -</ul> -</blockquote> -<p>2019-04-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/xwd.c (ReadXWDImage): Added even more XWD header -validation logic. Addresses problems noted by email from Hongxu -Chen to the graphicsmagick-security mail alias on Wed, 17 Apr 2019 -and entitled "Multiple crashes (FPE and invalid read) when -processing XWD files". Also addresses additional issues noted -that an attacker could request to allocate an arbitrary amount of -memory based on ncolors and the claimed header size.</li> -</ul> -</blockquote> -<p>2019-04-14 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/xwd.c (ReadXWDImage): Add more XWD header validation -logic. Addresses problems noted by email from Hongxu Chen to the -graphicsmagick-security mail alias on Sun, 14 Apr 2019 and -entitled "Multiple crashes (FPE and invalid read) when processing -XWD files".</li> -</ul> -</blockquote> -<p>2019-04-13 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/pdb.c (WritePDBImage): Assure that input scanline is -cleared in order to cover up some decoder bug. May fix 14215 -"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in -WritePDBImage", which I have not been able to reproduce.</li> -<li>magick/render.c (DrawPrimitive): Check primitive point x/y -values for NaN. -(DrawImage): Fix oss-fuzz issue 14173 -"graphicsmagick/coder_MVG_fuzzer: Integer-overflow in DrawImage".</li> -<li>magick/pixel_cache.c (SetNexus): Fix oss-fuzz issue 14208 -"graphicsmagick/coder_MVG_fuzzer: Integer-overflow in SetNexus".</li> -</ul> -</blockquote> -<p>2019-04-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/display.c: Add even more const declarations.</li> -<li>coders/mat.c (WriteMATLABImage): Add completely missing error -handling. Fixes SourceForge issue #604 "heap-buffer-overflow in -function WriteMATLABImage of coders/mat.c".</li> -</ul> -</blockquote> -<p>2019-04-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/pdb.c (WritePDBImage): Fix SourceForge issue #605 -"heap-buffer-overflow in function WritePDBImage of coders/pdb.c".</li> -<li>magick/widget.c: Add many const declarations.</li> -<li>magick/display.c: Incorporate and eliminate display.h. Add many -const declarations.</li> -<li>magick/animate.c: Incorporate and eliminate animate.h. Add many -const declarations.</li> -</ul> -</blockquote> -<p>2019-04-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/wmf.c (ReadWMFImage): Reject WMF files with an empty -bounding box. Fixes SourceForge issue #606 "Division by Zero in -coders/wmf.c".</li> -</ul> -</blockquote> -<p>2019-04-07 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/nt_base.c Fix a problem of finding ghostscript fonts. -Variable "font_dir" was useless and thus removed. No need to copy -text multiple times. Use const char gs_font_dir[] instead of -pointer.</li> -</ul> -</blockquote> -<p>2019-04-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/xwd.c (ReadXWDImage): Perform more header validations and -a file size validation in order to reject files with bogus -headers. -(WriteXWDImage): Fix SourceForge issue #599 -"heap_buffer_overflow_WRITE in function WriteXWDImage of -coders/xwd.c".</li> -</ul> -</blockquote> -<p>2019-04-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/svg.c (SVGStartElement): Fix stack buffer overflow while -parsing quoted font family value. Fixes SourceForge issue #600 -"stack-buffer-overflow in function SVGStartElement of -coders/svg.c".</li> -<li>coders/miff.c (ReadMIFFImage): Detect end of file while reading -RLE packets. Fixes SourceForge issue #598 "heap-buffer-overflow -in function ReadMIFFImage of coders/miff.c".</li> -</ul> -</blockquote> -<p>2019-04-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/xwd.c (ReadXWDImage): Fix heap buffer overflow while -reading DirectClass XWD file. Fixes SourceForge issue #597 -"heap-buffer-overflow in function ReadXWDImage of coders/xwd.c".</li> -</ul> -</blockquote> -<p>2019-04-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/png.c (ReadMNGImage): Fix small buffer overflow (one -PixelPacket) of image colormap. Fixes SourceForge issue #596 -"heap-buffer-overflow in function CloneImage of magick/image.c".</li> -<li>magick/colormap.c (ReallocateImageColormap): New function to -reallocate an image colormap.</li> -<li>coders/logo.c: Make more static data const.</li> -<li>magick/module_aliases.h: Make more static data const.</li> -<li>magick/static.c: Make more static data const.</li> -</ul> -</blockquote> -<p>2019-04-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/log.c (LogMagickEventList): Log elapsed time with -microsecond precision.</li> -</ul> -</blockquote> -<p>2019-03-31 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/mpc.c (ReadMPCImage): Deal with a profile length of zero, -or an irrationally large profile length. Fixes SourceForge issue -#601 "memory leak in function ReadMPCImage of coders/mpc.c ".</li> -<li>magick/xwindow.c (MagickXGetWindowInfo): Deal with the unlikely -case that the memory allocation for window->segment_info -fails. Fixes SourceForge #595 "use allocate memory before null -check" as pertains to magick/xwindow.c.</li> -<li>magick/segment.c (Classify): Add check for memory allocation -failure when allocating cluster array. Fixes SourceForge #595 "use -allocate memory before null check" as pertains to -magick/segment.c.</li> -<li>coders/pdb.c (ReadPDBImage): Fix use of allocated memory before -null check. Fixes SourceForge #595 "use allocate memory before -null check" as pertains to coders/pdb.c.</li> -</ul> -</blockquote> -<p>2019-03-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/pixel_cache.c (AllocateThreadViewSet): Simplify the image -view model by adding NexusInfo to the View structure (rather than -referencing it via a pointer) to lessen the number of required -per-thread allocations and to improve locality of reference.</li> -</ul> -</blockquote> -<p>2019-03-22 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/wpg.c (WPG1_Palette): Change to a static declaration.</li> -<li>coders/dcm.c: dicom_info array is now fully in the data segment.</li> -</ul> -</blockquote> -<p>2019-03-18 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>configure.ac: Add support for using the Solaris mtmalloc -library. This is primarily for testing or as an alternative to -Solaris umem. -Stop using posix_memalign() until it is uniformly more mature and -reliably quick.</li> -</ul> -</blockquote> -<p>2019-03-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/pixel_cache.c (SetNexus): Smallest staging-area -allocation is cache line size so declare it as such.</li> -<li>magick/fx.c: Functions in the fx module which return a new Image -should return a null Image if an exception was thrown. Also, -assure that user has an opportunity to see the exception which was -thrown.</li> -<li>magick/error.c (ThrowLoggedException): Throwing an exception is -now thread-safe.</li> -<li>magick/pixel_cache-private.h: Moved pixel cache private -definitions to private header.</li> -</ul> -</blockquote> -<p>2019-03-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/pixel_cache.c (SetNexus): Pass x, y, columns, and rows -rather than a pointer to RectangleInfo. This should be easier to -inline on modern CPUs.</li> -</ul> -</blockquote> -<p>2019-03-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/pixel_cache.c (SetNexus): Cache resource limits in -CacheInfo rather than repeatedly calling into the resource code in -order to lessen the overhead of performing resource limit checks -on the pixel cache views.</li> -<li>magick/resource.c (AcquireMagickResource): Use a lock for each -resource in order to lessen contention. Return a maximum 64-bit -integer value if the resource has not been limited. Previously -returned -1 in this case but this was not documented.</li> -</ul> -</blockquote> -<p>2019-03-07 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/import.c (ImportViewPixelArea): If range between max and -min is less than MagickEpsilon, produce a black image rather than -throwing an exception.</li> -<li>coders/mat.c (ReadMATImage): Fix memory leak on unexpected end -of file. Fixes oss-fuzz 13556 "graphicsmagick/coder_MAT_fuzzer: -Direct-leak in ReadMATImage". (Credit to OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-03-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/mat.c (ReadMATImage): Quit if image scanlines are not -fully populated due to exception. Fixes oss-fuzz 13530 -"graphicsmagick/coder_MAT_fuzzer: Use-of-uninitialized-value in -InsertComplexFloatRow". (Credit to OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-03-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/txt.c (ReadTXTImage): Don't start new line if x_max < -x_min. Avoids calling SetImagePixels() with a width of zero. -Related to oss-fuzz 13521 "graphicsmagick/coder_TEXT_fuzzer: -Floating-point-exception in SetNexus". (Credit to OSS-Fuzz)</li> -<li>magick/pixel_cache.c (SetNexus): Report error for empty region -rather than crashing due to divide by zero exception. This is a -new bug due to yesterday's changes. Fixes oss-fuzz 13521 -"graphicsmagick/coder_TEXT_fuzzer: Floating-point-exception in -SetNexus". (Credit to OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-03-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>design/pixel-cache.dot: Update design dot diagram to remove -IsNexusInCore and add CompositeCacheNexus.</li> -<li>magick/pixel_cache.c (SetNexus): Apply resource limits to pixel -nexus allocations using the same limits (total pixels, width, -height, memory) as applied to the whole image since some requests -are directly influenced by the input file. Add yet more tests for -arithmetic overflow. Whole source module is re-arranged so that -static functions are in order of dependency so that forward -prototype declarations are no longer needed. Fixes oss-fuzz 13210 -"graphicsmagick/coder_MVG_fuzzer: Integer-overflow in -SetNexus". (Credit to OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-03-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/pixel_cache.c (OpenCache): Use unsigned 64-bit value to -store CacheInfo offset and length as well as for the total pixels -calculation. Add some more arithmetic overflow detections.</li> -<li>coders/topol.c (ReadTOPOLImage): Report a corrupt image -exception "Unexpected end-of-file" if reader encounters end of -file while reading header rows. Addresses oss-fuzz 7981 -"graphicsmagick/coder_TOPOL_fuzzer: Use-of-uninitialized-value in -InsertRow". (Credit to OSS-Fuzz)</li> -<li>coders/mat.c (ReadMATImage): Report a corrupt image exception -"Unexpected end-of-file" if reader encounters end of file while -reading scanlines. Also added some helpful traces. Hopefully -addresses oss-fuzz 13445 "graphicsmagick/coder_MAT_fuzzer: -Use-of-uninitialized-value in IsGrayImage". (Credit to OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-02-26 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/image.h ("C"): Include as "magick/image-private.h" as the -other headers are. -("C"): Include "magick/image-private.h" inside the protective -MAGICK_IMPLEMENTATION guard, as it should have been. This error -broke the oss-fuzz build.</li> -</ul> -</blockquote> -<p>2019-02-24 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/image-private.h (_ImageExtra): Put ImageExtra definition -in a private header file so that its definition may be accessed -directly by library internals. Add some accessor macros to -provide access and update code to use them.</li> -<li>coders/wpg.c (ReallocColormap): Make sure that there is not a -heap overwrite if the number of colors has been reduced. Thanks -to Jaroslav Fojtik for giving me a heads up about this.</li> -</ul> -</blockquote> -<p>2019-02-23 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/monitor.c (MagickMonitorActive): Add new private function -to test if a progress monitor is active. Update all progress -monitor code in loops to use this information, while also updating -code to hopefully address concerns expressed by Hongxu Chen about -data races on the graphicsmagick-bugs mailing list starting on -February 6, 2019.</li> -</ul> -</blockquote> -<p>2019-02-21 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/mpc.c (ReadMPCImage): Tally directory length to avoid -death by strlen().</li> -<li>coders/miff.c (ReadMIFFImage): Tally directory length to avoid -death by strlen(). Fixes oss-fuzz 13190 -"graphicsmagick/coder_MIFF_fuzzer: Timeout in -graphicsmagick_coder_MIFF_fuzzer". (Credit to OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-02-17 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/svg.c (ReadSVGImage): Don't call xmlCleanupParser() -in module code since this may cause other libxml users to fail.</li> -<li>coders/msl.c (ProcessMSLScript): Don't call xmlCleanupParser() -in module code since this may cause other libxml users to fail.</li> -<li>magick/render.c (DrawDashPolygon): (DrawDashPolygon): Don't read -beyond end of dash pattern array. This is a second instance of -issue identified by SourceForge issue #591. Fixes oss-fuzz 13160 -"graphicsmagick/coder_MVG_fuzzer: Heap-buffer-overflow in -DrawDashPolygon". The earlier attempt to fix this problem today -broke dash patterns entirely. (Credit to OSS-Fuzz)</li> -<li>magick/annotate.c (RenderFreetype): Eliminate memory leak of -GlyphInfo.image (type FT_Glyph) while rendering some FreeType -fonts such as the one we use now in the Magick++ test suite.</li> -</ul> -</blockquote> -<p>2019-02-16 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/render.c (DrawDashPolygon): Avoid reading one beyond -length of dash pattern array, which is terminated by value 0.0. -Fixes SourceForge issue #591 "Heap buffer overflow in -DrawDashPolygon when parsing SVG images". -(DrawPrimitive): Add arithmetic overflow checks when converting -computed coordinates from 'double' to 'long'. -(DrawImage): Don't destroy draw_info in graphic_context when -draw_info has not been allocated yet. Problem reported via email -by Sami Supperi on Thu, 14 Feb 2019.</li> -<li>coders/jpeg.c (ReadJPEGImage): JPEG files are observed to -provide compression ratios as high as 2500 so allow for that. -Also, the test for "Unreasonable dimensions" delivered yesterday -was flawed since magick_rows and magick_columns are only set if a -desired image size was provided. Fixes SourceForge issue 592 -"Non-malicious JPEG file fails with "Unreasonable dimensions"".</li> -<li>coders/tiff.c (ReadTIFFImage): Only disassociate alpha channel -for images where photometic is PHOTOMETRIC_RGB. Fixes oss-fuzz -13115 "graphicsmagick/coder_PTIF_fuzzer: -Use-of-uninitialized-value in DisassociateAlphaRegion". (Credit to -OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-02-15 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/jpeg.c (ReadJPEGImage): Base test for "Unreasonable -dimensions" on original JPEG dimensions and not the scaled -dimensions. Fixes SourceForge issue 593 "gm convert: Insufficient -image data in file when hinting input image".</li> -</ul> -</blockquote> -<p>2019-02-13 Troy Patteson <<a class="reference external" href="mailto:troyp%40ieee.org">troyp<span>@</span>ieee<span>.</span>org</a>></p> -<blockquote> -<ul class="simple"> -<li>PerlMagick/Magick.xs (Mogrify): Add decorate argument to Annotate.</li> -<li>PerlMagick/Magick.xs (Mogrify): Remove reference to undefined -Annotate argument.</li> -</ul> -</blockquote> -<p>2019-02-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/tiff.c (ReadTIFFImage): For planar TIFF, make sure that -pixels are initialized in case some planes are missing. Fixes -oss-fuzz 13046 "graphicsmagick/coder_PTIF_fuzzer: -Use-of-uninitialized-value in DisassociateAlphaRegion". (Credit to -OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-02-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/pdf.c (WritePDFImage): Make sure to free 'xref' before -returning. Similar to ImageMagick CVE-2019-7397 "In ImageMagick -before 7.0.8-25, several memory leaks exist in WritePDFImage in -coders/pdf.c.". Thanks to Petr Gajdos for bringing this issue to -our attention.</li> -</ul> -</blockquote> -<p>2019-02-10 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/wpg.c (ReadWPGImage): Use a different way to reallocate -the colormap which preserves existing content, but also updates -image->colors and assures that added palette entries are +<li>coders/caption.c (ReadCAPTIONImage): Assure that metrics are initialized.</li> -<li>coders/png.c (ReadMNGImage): Bound maximum loop iterations by -subrange as a primitive means of limiting resource consumption. -This should finally resolve oss-fuzz 12738 -"graphicsmagick/enhance_fuzzer: Out-of-memory in -graphicsmagick_enhance_fuzzer". (Credit to OSS-Fuzz)</li> -<li>coders/tiff.c (ReadTIFFImage): Assure that opacity channel is -initialized in the RGBAStrippedMethod case. Convert -'CorruptImageError' encountered while testing for more frames to -'CorruptImageWarning' so we return the frames already read. -Second try at fixing oss-fuzz 11896 -"graphicsmagick/coder_PTIF_fuzzer: Use-of-uninitialized-value in -VerticalFilter".</li> -<li>coders/dpx.c (AttributeToString): Eliminate clang -"-Wstring-plus-int" warning observed in oss-fuzz build.</li> -<li>coders/cineon.c (AttributeToString): Eliminate clang -"-Wstring-plus-int" warning observed in oss-fuzz build.</li> -</ul> -</blockquote> -<p>2019-02-09 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/pict.c (DecodeImage): Avoide a one-byte over-read of -pixels heap allocation. The cause of the over-read is not yet -understood. Fixes oss-fuzz 12019 -"graphicsmagick/coder_PICT_fuzzer: Heap-buffer-overflow in -ExpandBuffer". (Credit to OSS-Fuzz)</li> -<li>coders/wpg.c (ReadWPGImage): Assure that all colormap entries -are initialized. Fixes oss-fuzz 12614 -"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in -EnhanceImage". (Credit to OSS-Fuzz)</li> -<li>coders/tiff.c (ReadTIFFImage): Make sure that image is in -DirectClass mode and ignore any claimed colormap when the image is -read using the RGBAStrippedMethod, RGBATiledMethod, or -RGBAPuntMethod cases. Fixes oss-fuzz 12195 -"graphicsmagick/coder_PTIF_fuzzer: Use-of-uninitialized-value in -ExportGrayQuantumType". (Credit to OSS-Fuzz)</li> -<li>coders/miff.c (ReadMIFFImage): Improve pixel buffer calculations -to defend against overflow. Assure that zlib and bzlib decode the -expected number of bytes for a pixel row. Fixes oss-fuzz issue -12448 "graphicsmagick/coder_MIFF_fuzzer: -Use-of-uninitialized-value in RGBTransformPackets". (Credit to -OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-02-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/png.c (ReadMNGImage): Quit processing and report error -upon failure to insert MNG background layer. Fixes oss-fuzz 12738 -"graphicsmagick/enhance_fuzzer: Out-of-memory in -graphicsmagick_enhance_fuzzer". (Credit to OSS-Fuzz)</li> -</ul> -</blockquote> -<p>2019-02-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>coders/dib.c (ReadDIBImage, WriteDIBImage): Improve buffer-size -calculations to guard against buffer overflows. The reader -version was not as complete as it should have been, whereas the -writer version did not guard against arithmetic overflow at all.</li> -<li>coders/bmp.c (ReadBMPImage, WriteBMPImage): Improve buffer-size -calculations to guard against buffer overflows. This is a -follow-on fix to the previous fix submitted for SourceForge issue -#582 "heap-buffer-overflow in ReadBMPImage of bmp.c" which is now -also identified as CVE-2018-20185.</li> -<li>www/Hg.rst: Updates to reflect current usage and availability.</li> -<li>www/authors.rst: Promote Troy Patteson to the active contributor -category.</li> -</ul> -</blockquote> -<p>2019-02-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> -<blockquote> -<ul class="simple"> -<li>magick/version.h.in: Rotate ChangeLog and update copyright -statements for the new year.</li> +<li>magick/pixel_cache.c (DestroyThreadViewSet): Check if views +pointer is not null before destroying views.</li> +<li>coders/xpm.c (ReadXPMImage): Properly detect the case where the +XPM colormap is not fully initialized.</li> +<li>coders/pict.c (DecodeImage): Fix heap buffer over-reads. Fixes +oss-fuzz issue 20053 "graphicsmagick:coder_PICT_fuzzer: +Heap-buffer-overflow in ExpandBuffer" and oss-fuzz issue 20048 +"graphicsmagick:coder_PICT_fuzzer: Heap-buffer-overflow in +DecodeImage". Both of these oss-fuzz issues appeared due to +recent changes since the last release.</li> +<li>coders/meta.c (WriteMETAImage): Assure that 'iptc_offset' is +initialized and valid.</li> +<li>coders/jpeg.c (ReadJPEGImage): Assure that evaluating the +embedded profile length does not suffer from undefined behavior.</li> </ul> </blockquote> -<p>2019-01-30 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-01-12 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>coders/webp.c (WriteWEBPImage): Patch by Przemysław Sobala to -support WebP 'use_sharp_yuv' option ("if needed, use sharp (and -slow) RGB->YUV conversion") via <cite>-define webp:use-sharp-yuv=true</cite>.</li> +<li>magick/render.c (DrawImage): Add more MVG parser validations.</li> </ul> </blockquote> -<p>2019-01-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<p>2020-01-11 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> <blockquote> <ul class="simple"> -<li>magick/pixel_cache.c (SetNexus): Merge IsNexusInCore() -implementation code into SetNexus() and add check for if -cache_info->pixels is null. Fixes SourceForge issue #588 "Bug in -IsNexusInCore()".</li> -<li>configure.ac (DcrawExtraOptions): Request TIFF output from dcraw -if build supports TIFF format in order to obtain more metadata. -This allows obtaining some metadata from standard TIFF tags -(e.g. camera make, model, and dcraw version), and any attached ICC -profile, but not specifically EXIF data since we don't support -extracting EXIF data from TIFF yet. Inspired by SourceForge issue -589 "Identify lack of data (no Exif) in RAW formats".</li> +<li>coders/histogram.c (WriteHISTOGRAMImage): Histogram coder was +relying on the previously removed '@' file inclusion feature to +insert the histogram comment text. Write a PseudoClass MIFF image +with RLE compression. Fixes SourceForge issue #622 "Histogram +produces incorrect color table attribute ".</li> +<li>magick/pixel_cache.c (ModifyCache): Re-open the pixel cache if +the cache rows/columns do not match the owning image rows/columns.</li> +<li>magick/transform.c (TransformImage): TransformImage now returns +a MagickPassFail return status value rather than void.</li> +<li>coders/pict.c (ReadPICTImage): Fix some over-strict validations +which were preventing some PICT files which were previously read +successfully from being accepted. Fix problems which occurred when +the clipping rectangle changed the image size. Improve reading +embedded JPEG blobs. Now successfully reads all raster PICT files +I have available.</li> +</ul> +</blockquote> +<p>2020-01-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<blockquote> +<ul class="simple"> +<li>coders/pict.c (ReadPICTImage): Be more strict about PICT +rectangle by treating rectangle dimensions as if they are a 16-bit +signed type and not allowing negative values. Avoid GCC warnings +which sprung up similar to "warning: comparison is always false +due to limited range of data type".</li> +</ul> +</blockquote> +<p>2020-01-05 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<blockquote> +<ul class="simple"> +<li>coders/sfw.c (ReadSFWImage): Restore a DestroyImage() statement +which was accidentally deleted by recent edits. Fixes oss-fuzz +"Issue 19819 in oss-fuzz: graphicsmagick:coder_SFW_fuzzer: +Indirect-leak in AllocateImage".</li> +<li>coders/png.c (WriteOneJNGImage): Detect when JPEG encoder has +failed, and throw exception. Fix image dimension limit +validations. Stop discarding exception report. Fixes SourceForge +bug #621 "Assertion in WriteBlob at magick/blob.c:4937" which was +reported by Suhwan Song.</li> +<li>coders/pict.c (WritePICTImage): Eliminating small buffer overrun +when run-length encoding pixels. Fixes SourceForge bug #620 +"heap-buffer-overflow in EncodeImage at coders/pict.c:1114" which +was reported by Suhwan Song.</li> +<li>coders/logo.c (ReadLOGOImage): PATTERN error handling was +incomplete. Add appropriate error handling. +(ReadLOGOImage): Switch to using ConstituteTextureImage() rather +than TextureImage() since it is more appropriate for this purpose. +(ReadLOGOImage): Oops! Accidental change of behavior. When size +is not supplied, simply return the pattern image.</li> +</ul> +</blockquote> +<p>2020-01-04 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<blockquote> +<ul class="simple"> +<li>coders/*.c (ReadFOOImage): Stop image timer just before +returning from reader so that reported timings are correct when +used in the future.</li> +</ul> +</blockquote> +<p>2020-01-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<blockquote> +<ul class="simple"> +<li>magick/timer.c (StartTimer): Expose previously existing +StartTimer() function. +(StopTimer): Expose previously existing StartTimer() function.</li> +<li>magick/constitute.c (WriteImage): Don't over-write time-stamp +when output is to INFO format.</li> +</ul> +</blockquote> +<p>2020-01-03 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p> +<blockquote> +<ul class="simple"> +<li>VisualMagickconfigureconfigure.exe: Should not depend on mfcr90.dll. +It is too bad when end user cannot run this tool because of missing DLL.</li> +<li>VisualMagickconfigureconfigure.cpp Make speed optimisation as default +option.</li> +<li>VisualMagickconfigureconfigure.vcproj Give different filename to debug +build to avoid accidental committing debug build to repository.</li> +</ul> +</blockquote> +<p>2020-01-01 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> +<blockquote> +<ul class="simple"> +<li>coders/dpx.c (GenerateDPXTimeStamp): Use reentrant localtime_r() +function if it is available.</li> +<li>magick/log.c (LogMagickEventList): Use reentrant +localtime_r() function if it is available.</li> +<li>coders/cineon.c (GenerateCineonTimeStamp): Use reentrant +localtime_r() function if it is available.</li> +<li>coders/mat.c (WriteMATLABImage): Use reentrant localtime_r() +function if it is available.</li> +<li>coders/pdf.c (WritePDFImage): Use reentrant localtime_r() +function if it is available.</li> +<li>coders/ps.c (WritePSImage): Use reentrant ctime_r() function +if it is available.</li> +<li>coders/ps2.c (WritePS2Image): Use reentrant ctime_r() function +if it is available.</li> +<li>coders/ps3.c (WritePS3Image): Use reentrant ctime_r() function +if it is available.</li> +<li>configure.ac: Test for getpwnam_r().</li> +<li>magick/utility.c (ExpandFilename): Use reentrant getpwnam_r() +function if it is available.</li> +<li>magick/magick.c (InitializeMagickSignalHandlers): Use the normal +termination signal handler for SIGXCPU and SIGXFSZ so that ulimit +or setrlimit(2) may be used to apply CPU (RLIMIT_CPU) and output +file size (RLIMIT_FSIZE) limits with the normal cleanup, and +without dumping core. Note that any output files currently being +written may be truncated and files being written by external +programs (e.g. Ghostscript) might be left behind unless they are +to a temporary file assigned by GraphicsMagick.</li> +<li>coders/xpm.c (ReadXPMImage): Promote a color-lookup +warning to an error.</li> +<li>coders/xc.c (ReadXCImage): Promote a color-lookup +warning to an error.</li> +<li>coders/null.c (ReadNULLImage): Promote a color-lookup +warning to an error.</li> +<li>Makefile.am: Rotate ChangeLogs for the new year.</li> +<li>coders/gradient.c (ReadGRADIENTImage): Promote a color-lookup +warning to an error.</li> </ul> </blockquote> </div> |