1.77.0:
Here is the current status of CVE issues with leptonica; see
https://security-tracker.debian.org/tracker/source-package/leptonlib
* CVE-2018-7442: potential injection attack because '/' is allowed
in gplot rootdir.
Functions using this command have been disabled by default in the
distribution, starting with 1.76.0. As for the specific issue, it
is impossible to specify a general path without using the standard
directory subdivider '/'.
* CVE-2018-7186: number of characters not limited in fscanf or sscanf,
allowing possible attack with buffer overflow.
This has been fixed in 1.75.3.
* CVE-2018-3836: command injection vulnerability in gplotMakeOutput().
This has been fixed in 1.75.3, using stringCheckForChars() to block
rootnames containing any of: ;&|>"?*$()/<
* CVE-2017-18196: duplicated path components.
This was fixed in 1.75.3.
* CVE-2018-7441: hardcoded /tmp pathnames.
These are all wrapped in special debug functions that are not
enabled by default in the distribution, starting with 1.76.0.
* CVE-2018-7247: input 'rootname' can overflow a buffer.
This was fixed in 1.76.0, using snprintf().
* CVE-2018-7440: command injection in gplotMakeOutput using $(command).
Fixed in 1.75.3, which blocks '$' as well as 11 other characters.
Wrapped the few 'system' calls in an extra layer of debug code.
More coverity scan fixes; defects are about 1 per 10,000 source lines.
New regression tests: numa1_reg, numa2_reg, lowaccess_reg,
pixmem_reg.
New non-regression test programs: histoduptest
Juergen Buchmueller is working on Lua bindings. He typedef'd l_ok
and used it in 1100 functions that return a success/failure status.
He also helped clean up remaining issues in the doxygen-generated
documentation.
Using a packed struct for bmp headers to avoid crash on
some big-endians.
Fixed a bug in the prototype parser for xtractprotos that was
surfaced by a typedef declaration for the bmp headers.
Cleaned up IOS guards to avoid compiling a system(3) call on IOS.
Renamed autobuild --> autogen.sh
Added some basic pixa functions for rotation and translation.
Added an iterative method to find rectangular coverings for
arbitrary connected components.
Converted two tests to reg tests running in alltests_reg:
ptra1_reg, ptra2_reg
Enabled read/write for standard jpeg compressed tiff images.
Enabled reading for the old (deprecated) jpeg-encoded tiffs.
Fix range selectors for pixa, pixaa, boxa, boxaa, pta:
Now, last = -1 goes to the end.
When reading tiff --> pix, insert IMAGEDESCRIPTION into text field.
Converted iotest to reg test iomisc_reg; added to alltests_reg
Converted rasterop_reg into a standard regression test; added
to alltests_reg.
Converted boxa2_reg and fhmtauto_reg into standard regression tests;
added to alltests_reg.
Split boxa sequence functions out of boxfunc4.c, into a new boxfunc5.c.
Simplified bmp header and made reading more clearly endian
agnostic (Juergen Buchmueller)
New boxa3_reg regression test. This tests sequences of boxes
by two new boxfunctions in boxfunc5.c.
New bootnumgen4.c for more digit templates.
Rename prog/recog_bootnum.c --> prog/recog_bootname1.c
New in prog: recog_bootnum2.c, recog_bootnum3.c, recogtest7.c
Fixed uninitialized data in pixCentroid() on 1 bpp pix.
New reg test: bytea_reg.c. (removed byteatest.c)
Fixed bug in non-transcoding pdf generation from 1 bpp png.
Added LGTM to static analyzers that run over the library.
1.4.1:
- Make graph, edge, node attributes order deterministic
- Fix string formatting after catching error
1.4.0:
- Installation of pydot in conda env on Windows directly supported
- Fixed comparing of SHA hash in regression tests (which fail now)
1.3.0:
- Dropped Python 2.6 support
- Move errno from os to builtin.
The old distfile is no longer available upstream, and no one uploaded one :(
2018-12-02 7.0.8-16 Cristy <quetzlzacatenango@image...>
* Add support for -clahe clip limit with percentages (e.g. -clahe 2x2+128+3%)
* Check for modulo underflow.
* Change SVG default DPI to 96 from 90 to meet recommendation of SVG2 & CSS.
Version 1.6.36 [December 1, 2018]
Optimized png_do_expand_palette for ARM processors.
Improved performance by around 10-22% on a recent ARM Chromebook.
(Contributed by Richard Townsend, ARM Holdings)
Fixed manipulation of machine-specific optimization options.
(Contributed by Vicki Pfau)
Used memcpy instead of manual pointer arithmetic on Intel SSE2.
(Contributed by Samuel Williams)
Fixed build errors with MSVC on ARM64.
(Contributed by Zhijie Liang)
Fixed detection of libm in CMakeLists.
(Contributed by Cameron Cawley)
Fixed incorrect creation of pkg-config file in CMakeLists.
(Contributed by Kyle Bentley)
Fixed the CMake build on Windows MSYS by avoiding symlinks.
Fixed a build warning on OpenBSD.
(Contributed by Theo Buehler)
Fixed various typos in comments.
(Contributed by "luz.paz")
Raised the minimum required CMake version from 3.0.2 to 3.1.
Removed yet more of the vestigial support for pre-ANSI C compilers.
Removed ancient makefiles for ancient systems that have been broken
across all previous libpng-1.6.x versions.
Removed the Y2K compliance statement and the export control
information.
Applied various code style and documentation fixes.
1.18.0 - 2018-11-04
-------------------
Build:
* Dropped Python 3.3 support
* meson build requires meson >=0.47 (was >=0.46)
* Fix various build warnings with GCC8
* meson: Don't link against libpython on non-Windows systems :pr:`120`
* meson: Improve support for Visual Studio builds
:pr:`121` (:user:`Chun-wei Fan <fanc999>`)
* setup.py: Support specifying custom ``--pkgconfigdir``
:pr:`127` (:user:`Michał Górny <mgorny>`)
Fixes:
* docs: Remove a broken link :pr:`124` (:user:`Nik Nyby <nikolas@gnu.org>`)
* typing: Add missing annotations for __enter__/__exit__ :pr:`126`
New API:
Some are only available when building with newer cairo versions, see the
linked API docs for details.
* :data:`CAIRO_VERSION`, :data:`CAIRO_VERSION_STRING`,
:data:`CAIRO_VERSION_MAJOR`, :data:`CAIRO_VERSION_MINOR`,
:data:`CAIRO_VERSION_MICRO`
* :attr:`Status.TAG_ERROR`, :attr:`Status.FREETYPE_ERROR`,
:attr:`Status.PNG_ERROR`, :attr:`Status.WIN32_GDI_ERROR`
* :class:`SVGUnit`, :class:`PDFMetadata`, :class:`PDFOutlineFlags`
* :meth:`FontOptions.set_variations`, :meth:`FontOptions.get_variations`
* :meth:`Context.tag_begin`, :meth:`Context.tag_end`,
:data:`TAG_DEST`, :data:`TAG_LINK`
* :meth:`PDFSurface.set_page_label`, :meth:`PDFSurface.set_metadata`,
:meth:`PDFSurface.set_thumbnail_size`, :meth:`PDFSurface.add_outline`,
:data:`PDF_OUTLINE_ROOT`
* :meth:`SVGSurface.set_document_unit`, :meth:`SVGSurface.get_document_unit`
* :data:`MIME_TYPE_CCITT_FAX`, :data:`MIME_TYPE_CCITT_FAX_PARAMS`,
:data:`MIME_TYPE_EPS`, :data:`MIME_TYPE_EPS_PARAMS`,
:data:`MIME_TYPE_JBIG2`, :data:`MIME_TYPE_JBIG2_GLOBAL`,
:data:`MIME_TYPE_JBIG2_GLOBAL_ID`
18.2.1 Release Notes / September 21, 2018
Mesa 18.2.1 is a bug fix release which fixes bugs found since the 18.2.0
release.
18.2.2 Release Notes / October 5, 2018
Mesa 18.2.2 is a bug fix release which fixes bugs found since the 18.2.1
release.
18.2.3 Release Notes / October 19, 2018
Mesa 18.2.3 is a bug fix release which fixes bugs found since the 18.2.2
release.
18.2.4 Release Notes / October 31, 2018
Mesa 18.2.4 is a bug fix release which fixes bugs found since the 18.2.3
release.
18.2.5 Release Notes / November 15, 2018
Mesa 18.2.5 is a bug fix release which fixes bugs found since the 18.2.4
release.
papirus-folders is a bash script that allows changing the color of
folders in graphics/papirus-icon-theme and its forks (which are based
on version 20171007 and newer).
pkgsrc changes:
- Remove lround patches: lround is no longer used
- Remove #ifndef blocks to rip out XShm support. Unfortunately
the logic is much more convoluted now and #ifndef parts of the code
no longer scale.
Please note that this can break support on Interix!
Changes:
1.5.1
*****
Kim Woelders (13):
- Fix build without HAVE_X11_SHM_FD (T6752)
- XPM loader: Fix potential use of uninitialized value (T6746)
- BMP loader: Fix infinite loop with invalid bmp images (T6749)
- PNM loader: Simplify (fixing ASCII format parsing issues T6751)
- BMP loader: Fix warnings found with -O3
- Maximum image dimension should be 32767, not 32766
- PNG loader: Correct various error handling cases
- Add missing const to imlib_apply_filter() script argument
- Warning fixes in imlib2_... programs
- imlib2_view: Limit window dimensions to 32767
- grab.c: Fix gcc8 warning
- imlib2_conv.c: Fix gcc8 warning
- 1.5.1.
1.5.0
*****
Alexander Volkov (3):
- put a check for shared memory inside __imlib_ShmGetXImage()
- introduce __imlib_ShmDestroyXImage() instead of __imlib_ShmDetach()
- Add support for MIT-SHM FD-passing
Kim Woelders (19):
- XPM loader: Fix incorrect image invalidation.
- Make some more functions static.
- Introduce __imlib_LoadImageData()
- Remove redundant CAST_IMAGE()
- imlib2_grab: Always use imlib_create_scaled_image_from_drawable() to grab image
- imlib_create_scaled_image_from_drawable(): speed up 1:1 case
- imlib_create_scaled_image_from_drawable(): Drop shape handling if unshaped
- Indent
- Autofoo cosmetics
- Strip trailing whitespace, cosmetics
- Fix potential OOB memory access if border elements are negative
- Fix potential OOB memory access if border sizes exceed image dimensions
- Introduce IMLIB2_SHM_OPT to enable overriding/testing SHM modes
- Add IMLIB2_XIMAGE_CACHE_COUNT to enable testing the ximage cache
- Refactor the XImage cache
- Add imlib_get_cache_used()
- Expose XImage cache control functions
- Drop -Waggregate-return
- 1.5.0.
Version 0.10.1
--------------
Fix broken renderer argument in pipe() method and function.
Version 0.10
------------
Add format argument to Graph/Digraph.render(). This follows stand-alone
render() function and mirrors the Graph/Digraph.pipe() method (usually,
format is set on the instance).
Add renderer and formatter arguments to Graph/Digraph.render() and
pipe() methods, as well as stand-alone render() and pipe() functions.
Adapta is an adaptive GTK+ 2 and GTK+ 3 theme based on Material Design
guidelines. This package also includes Adapta window manager themes for
Xfce, MATE, and Openbox.
Note: The Adapta authors strongly recommend using either the Roboto or
Noto fonts with Adapta.
Some part of the revbump script obviously did the wrong thing here and
replaced ${RUBY_PKGPREFIX} with whatever it expands to on the developer's
local machine.
[It is worth building packages with PKG_DEVELOPER=yes set before committing
updates.]
GraphicsMagick 1.3.31 added PKG_CONFIG, PKG_CONFIG_PATH, and presumably
PKG_CONFIG_LIBDIR to its build system, which then appear in the output
of "gm version". Ignore the WRKDIR which appears listed there.
Changelog:
Overview of Changes from GIMP 2.10.6 to GIMP 2.10.8
===================================================
Core:
- Use adaptive chunk size in GimpProjection when rendering the
projection asynchronously, rather than using a fixed chunk size.
This provides a better trade-off between throughput and
responsiveness dynamically, based on how fast the processing is.
Tools:
- In all selection tools, show error on attempt to
subtract-from/intersect-with empty selection.
- Fix text along path not working with vertical text.
- Fix Text tool's frame position when undoing a move operation.
- Streamline Text tool's drawing blocking/unblocking logic.
- When moving a text layer using the text tool (through alt+drag),
don't change the layer's box mode to "fixed", which is unnecessary,
since the layer's size isn't affected.
- Transform and deformation operations now maintain color for fully
transparent pixels, making unerase and curves manipulation of alpha
channel more reliable.
- All transform tools now apply changes when you save or export/overwrite
an image without pressing Enter first to confirm changes.
- Heal, Dodge/Burn, Smudge, and Convolve tools now adjust the processed
buffer and mask_buffer regions according to the changes made to the
application region, as calculated by intersecting it with the
drawable and mask extents. This fixes wrong application position
when painting on a drawable whose origin is above/to the left of the
image's origin, and there's a selection active.
Plug-ins:
- Port all plug-ins to the new iterator API in GEGL.
- Improve automatic detection of HEIC/HEIF files.
- Improve RawTherapee discovery by looking up registry key (should
become useful with RawTherapee 5.5 and more).
Usability:
- Compatibility information in the Save dialog is now more understandable.
The minimum GIMP version for the XCF file is always written down when it
is GIMP 2.8 or over. The list of features warranting the minimum version
is now listed in an expander container rather than as tooltip, which
makes it more discoverable. The warning on compression is now displayed
as its own text under the checkbox and not as additional text to the
minimum GIMP version label.
CLI:
- New self-explanatory --enable-win32-debug-console CLI option
Debugging:
- New GimpBacktrace API provides an interface for creating and
traversing multi-threaded backtraces, as well as querying symbol
information. Backends are available for Linux and Windows.
- Performance log recording now available in the Dashboard dock.
The log contains a series of samples of the dashboard variables,
as well as the full program backtrace, when available. As such,
it essentially acts as a built-in profiler, which allows us to
correlate program execution with the information available
through the Dashboard.
- New performance-log-expand.py tool decodes a delta-encoded
performance log by expanding the deltas, producing a log where
each sample (and other relevant elements) contain complete
information. The structure of expanded logs is identical to that
of delta-encoded logs, the expanded log simply has no deltas.
- New performance-log-resolve.py tool resolves symbol information
in backtraces. The logs produced by GIMP only specify the program
counter at each stack frame, providing an address-map to map
program-counter addresses to actual symbols separately. This tool
looks up each program-counter address in the address map,
incorporating the relevant symbol information directly into the
backtrace.
- New performance-log-deduce.py tool that statistically deduces the
correct thread states based on backtrace address frequency, fixing
local inaccuracies.
- New performance-log-viewer.py tool that is a viewer for GIMP
performance logs, with a sample-selection area at the top and an
information area at the bottom. The sample-selection area visualizes
the sampled variables and markers using a simultaneous set of plots,
and displays the currently selected samples. The information area
shows global information stored in the log, as well as information
specific to the currently selected samples, including variable listing
and statistics, full backtrace, and profile/call-graph information.
Translations:
- Updated translations: Danish, Dutch, Finnish, German, Hungarian,
Italian, Polish, Portuguese (Brazil), Spanish, Swedish, Ukrainian.
Changelog:
GEGL-0.4.12 2018-10-23
GeglBuffer
~~~~~~~~~~
Fix fix of scaled blitting, the fix from last release introduced scaling
artifacts for all formats that are non-8bit.
Contributions to this relase
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ell, Øyvind Kolås and Rodrigo Lledó
GEGL-0.4.10 2018-10-16
----------------------
GeglBuffer
~~~~~~~~~~
Fix integer overflow issues for u32 blit scaling code paths.
Reduced memory clearing overhead for temporary buffers during blit.
Round alpha component during u8 bilinear/box filtering (this caused artifacts
on OSX through interaction without unknown platform differences in
libc/compilter/graphics stack)
gegl_buffer_dup now matches source buffer abyss, shift and tile-size more
closely.
Added GEGL_TILE_COPY command for backends, for more efficient buffer
duplication/copies.
New GeglBufferIterator API.
Move type-generic scaling algorithms to GeglBuffer folder, move opencl
integration bits out of buffer.
Operations
~~~~~~~~~~
gif-load: new operation for decoding GIF images/animations, with frame delay
exposed as an out-property.
exr-save: do not hard-code a version name space
long-shadow: add 'Fading (fixed length)' style with a new user-defined
'Midpoint' parameter
maniuk06: use double precision, permitting to work on larger images.
watershed-transform: improved description
unsharp-mask: permit std-dev radius of up to 1500px (from 300).
Updated all operations to use new iterator API
Contributors to this release
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Alexandre Prokoudine, Anders Jonsson, Debarshi Ray, Ell, Hussam Al-Tayeb, Marco
Ciampa, Massimo Valentini, Øyvind Kolås, Piotr Drąg, Rodrigo Lledó and Tim
Sabsch.
Changelog:
2018-10-05 babl-0.1.60 </dt><dd>
Improved thread safety, acceleration for R'G'B'A u8 -> cairo-ARGB32 conversion.
</dd><dt>
2018-10-05 babl-0.1.58 </dt><dd>
Preserve color of transparent pixels in conversion to premultiplied alpha,
Added single precision code-paths for faster fallback/reference conversions.
New BABL_ICC_INTENT_PERFORMANCE bitflag for combining with intent as bitflags,
use of matrix+trc when relative colorimetric CLUT is present. New color model
and formats, CIE xyY.
CHANGES IN 5.2.5
NEW "set pm3d depthorder base" sorts pm3d quadrangles by projecting to z=0
NEW "set jitter vertical" displaces y coordinate rather than x coordinate
NEW array size can be determined automatically from the initializer
CHANGE place titles along x axis in plots with columnstacked histograms
CHANGE equivalent slope constraint for mcs splines at both ends of the range
CHANGE treat imaginary values plotted from a using spec as UNDEFINED (NaN)
CHANGE allow "reset" between plots in a multiplot layout
CHANGE Deprecate linux and vgagl terminals (to be removed in 5.3)
CHANGE placement of axis and tic labels in 3D projections on to xz or yz plane
CHANGE default to ./configure --without-wx-multithreading
FIX parametric function plots did not work with logscale x (regression in 5.2.0-4)
FIX polar mode "set trange" was assumed to use radians, now it tracks "set angle"
FIX clip polar grid lines and ticks to x/y range limits
FIX clipping of plot "with lines" when axes are nonlinear (regression from 5.0)
FIX clipping of all elements in finanacebars/candlesticks/boxplots
FIX clipping of 3D splot "with labels"
FIX strange interaction of "noautoscale" with blank data lines
FIX alignment of boxed text to center for eps/cairolatex
FIX incompatibility of "pm3d depthorder" and rgb color taken from data column
FIX aqua terminal font changes in enhanced text mode
version 1.0.1
This is a binary compatible release.
* lossless encoder speedups
* big-endian fix for alpha decoding
* gif2webp fix for loop count=65535 transcode
* further security related hardening in libwebp & libwebpmux
* miscellaneous bug & build fixes
Bump PKGREVISION to nb3. Despite only 35 minutes passed between the
PKGREVISION++ and PKGREVISION-- at least a bulk builder catched it leading to
failures of building x11/gtk3. Bump it to nb3 in order to be on the safest
side.
Thanks to <jperkin> and <joerg>! (Possible further regressions are mine though!)
1.3.31:
Special Issues:
Firmware and operating system updates to address the Spectre vulnerability (and possibly to some extent the Meltdown vulnerability) have substantially penalized GraphicsMagick's OpenMP performance. Performance is reduced even with GCC 7 and 8's improved optimizers. There does not appear to be anything we can do about this.
Security Fixes:
GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 292 issues have been opened by oss-fuzz and 279 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.
Bug fixes:
See above note about oss-fuzz fixes.
CINEON: Fix unexpected hang on a crafted Cineon image. SourceForge issue 571.
Drawing recursion is limited to 100 and may be tuned via the MAX_DRAWIMAGE_RECURSION pre-processor definition.
Fix reading MIFF files using legacy keyword 'color-profile' for ICC color profile as was used by ImageMagick 4.2.9.
Fix reading/writing files when 'magick' is specified in lower case. This bug was a regression in 1.3.30.
New Features:
TIFF: Support Zstd compression in TIFF. This requires libtiff 4.0.10 or later.
TIFF: Support WebP compression in TIFF. This requires libtiff 4.0.10 or later.
API Updates:
MagickMonitor() is marked as deprecated. Code should not be using this function any more.
Feature improvements:
The progress monitor callbacks (registered using MagickMonitor() or MagickMonitorFormatted()) are serialized via a common semaphore rather than via critical sections in OpenMP loops. OpenMP loops are updated to use OpenMP 'atomic' and 'flush' to update shared loop variables rather than using a OpenMP 'critical' construct, reducing contention. Performance on some targets is observed to have been improved by this change.
Build Changes:
There was already a 'compare' command installed with the '--enable-magick-compat' configure option was used but it did not function. Now it functions. There was no compare command in ImageMagick 5.5.2 and this compare command is only roughly similar to a compare command in some subsequent ImageMagick release.
Removed Remove Ghostscript library support (--with-gslib) from configure script. The 'HasGS' pre-processor defines which were enabled by this remain in the source code so it is still possible to use this library if absolutely necessary (e.g. CPPFLAGS=-DHasGS LIBS=-lgs).
No longer explicitly link with the OpenMP library when it will be supplied already due to CFLAGS.
Behavior Changes:
JPEG: Libjpeg-turbo is allowed 1/5th the memory resource limit provided for Graphicsmagick via the cinfo->mem->max_memory_to_use option, which is part of the IJG JPEG API/ABI, but usually not supported there. This feature works for libjpeg-turbo 1.5.2 and later. Limiting the memory usage is useful since libjpeg-turbo may otherwise consume arbitrary amounts of memory even before Graphicsmagick is informed of the image dimensions.
JPEG: The maximum number of JPEG progressive scans is limited to 50. Otherwise some technically valid files could be read for almost forever.
Papirus is a free and open source SVG icon theme, based on Paper Icon
Set with a lot of new icons and a few extras, like Hardcode-Tray support,
KDE colorscheme support, Folder Color support, and others.
The Papirus icon theme is available in four variants:
* Papirus
* Papirus Dark
* Papirus Light
* ePapirus (for elementary OS and Pantheon Desktop)
Package imaging provides basic image processing functions (resize,
rotate, crop, brightness/contrast adjustments, etc.).
All the image processing functions provided by the package accept
any image type that implements image.Image interface as an input,
and return a new image of *image.NRGBA type (32bit RGBA colors,
not premultiplied by alpha).
