1.3.28 (January 20, 2017)
=========================
Security Fixes:
* BMP: Fix non-terminal loop due to unexpected bit-field mask value
(DOS opportunity).
* PALM: Fix heap buffer underflow in builds with QuantumDepth=8.
* SetNexus() Fix heap overwrite under certain conditions due to using
a wrong destination buffer. This issue impacts all 1.3.X releases.
* TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
NEWS profile.
Bug fixes:
* DescribeImage(): Eliminate possible use of null pointer.
* GIF: Fix memory leak of global colormap in error path.
* GZ: Writing to gzip files with the extension ".gz" was not working
with Zlib 1.2.8.
* JNG: Fix buffer read overflow (a tiny fixed overflow of just one byte).
* JPEG: Promoting certain libjpeg warnings to errors caused much more
problems than expected. The promotion of warnings to errors is
removed. Claimed pixel dimensions are validated by file size before
allocating memory for the pixels.
* IntegralRotateImage(): Assure that reported error in rotate by 270
case does immediately terminate processing.
* MNG: Fix possible null pointer reference related to DEFI chunk
parsing. Fix minor heap read overflow (constrained to just one
byte) due to an ordering issue in a limit check. Fix memory leaks
in error path.
* WebP: Fix stack buffer overflow in WriteWEBPImage() which occurs
with libwebp 0.5.0 or newer due to a structure type change in the
structure passed to the progress monitor callback.
* WPG: Memory leaks fixed.
API Updates:
* InterpolateViewColor(): This function now returns MagickPassFail (an
unsigned int) rather than void so that errors can be efficiently
reported.
* The magick/pixel_cache.h header is updated to add deprecation
attributes such that code using GetPixels(), GetIndexes(), and
GetOnePixel() will produce deprecation warnings for compilers which
support them. These functions will not be removed in the 1.3.X
release series and when they are removed, pre-processor macros will
be added so a replacement function is used instead. There is a
long-term objective to eliminate functionally-redundant pixel cache
functions to only the ones with the best properties since this
reduces maintenance and may reduce the depth of the call stack
(improving performance).
Build Changes:
* PerlMagick: Sanitize PACKAGE_VERSION so that Perl is not confused by
any trailing alpha character.
* Improved symbol renaming due to adding --enable-symbol-prefix. Some
symbols (for static const strings) were not being included in the
renaming.
1.3.27:
Security Fixes:
* CMYK: Fix heap overwrites in raw CMYK writer. Fix heap overwrites
in raw CMYK reader (noticed when doing montage).
* GIF: Assure that global colormap is initialized.
* DescribeImage(): Fix possible heap write overflow when describing
visual image directory. Fix possible heap read overflow while
accessing heap data, and possible information disclosure while
describing the IPTC profile.
* DICOM: Fix huge memory allocation based on bogus length value (DOS
opportunity).
* DrawDashPolygon(): Fix heap out of bounds read in render code.
* GRAY: Fix heap overwrites in raw GRAY reader (noticed when doing
montage).
* JNG: Fix heap overruns. Fix assertions.
* JNG: Prevent a crash due to zero-length color_image while reading a
JNG image. (CVE-2017-11102). Reject JNG files with unreasonable
dimensions given the file size (avoid DOS).
* JNX: Fix DOS due to excessive memory allocations with corrupt file.
* JPEG: Do not allocate backing image pixels until a scanline has been
successfully read. Avoids DOS opportunity with suitably
manufactured file.
* MAP: Fix null pointer dereference or segmentation violation.
* MAT: Fix heap write overflow.
* MNG: Reject over-large (65k by 65k) image. Fix heap overwrites.
* PAM: Fix heap buffer overflow in PAM writer for 1 bit/sample + alpha.
* PICT: Fix excessive memory allocation due to malformed image file.
* PNG: Fix heap buffer overflow in PNG writer when promoting from
indexed PNG to RGBA.
* PNM: Fix DOS due to excessive memory allocations with corrupt file.
* RGB: Fix heap overwrite in raw RGB writer. Fix heap overwrites in
raw RGB reader (noticed when doing montage).
* RLE: Fix DOS opportunities due to false claims in image header. Fix
heap out of bounds read.
* SFW: Avoid possible heap write overflow.
* SUN: Fix heap read overflow. Fix DOS due to excessive memory
allocations with corrupt file.
* SVG: Fix heap write overflow.
* TIFF: Use heuristics to avoid DOS (excessive memory use) due to
false claims by input file. It is possible that this may reject
some valid files. Fix possible small heap overwrite beyond the
allocated scanline buffer due to the NumberOfObjectsInArray() macro
rounding up rather than down.
* UIL: Fix heap overwrite in writer.
* WPG: Fix DOS issues (memory, disk space, CPU time) due to
insufficient validations. Fix heap overwrites.
* XBM: Fix DOS issue where code remains stuck in loop and does not
return.
* XV 332 (PNM): Fix null pointer dereference due to malformed file.
* TracePSClippingPath()/TraceSVGClippingPath(): Fix heap out of bounds
read.
* Validate path entries in the MAGICK_CODER_MODULE_PATH and
MAGICK_FILTER_MODULE_PATH environment variables and convert all
paths to real paths if possible. This avoids possible use of
relative paths to load modules (a possible security issue), or the
possibility of adding a directory which was in the path, but
missing, and may improve efficiency by removing non-existent paths.
Bug fixes:
* AVS: Memory leaks eliminated.
* CINEON: Fix possible use of NULL pointer.
* CMYK: Memory leaks eliminated.
* CUT: Memory leaks eliminated. Fix possible use of NULL pointer.
* DCM: Fix possible use of NULL pointer.
* DrawImage(): Avoid "negative" strncpy(). This seems to be benign
with glibc but perhaps not with other implementations.
* DPX: Memory leaks eliminated.
* EMF: Fix possible use of NULL pointer.
* FindMagickModule(): Fix possible use of NULL pointer.
* FITS: Fix memory leak.
* GIF: Fix memory leak.
* HDF: Memory leaks eliminated.
* HISTOGRAM: Fix memory leak.
* JNG: Memory leaks eliminated. Memory use after free and double-free
issues eliminated. Error reporting fixes.
* Magick::Options::strokeDashArray(): Fix possible use of NULL pointer.
* MagickXFileBrowserWidget(): Fix possible use of NULL pointer.
* MAT: Memory leaks eliminated.
* MagickMapCloneMap(): Fix possible assertion failure.
* MNG: Memory use after free issues eliminated. Fix possible use of
NULL pointer. Fix memory leaks.
* MontageImageCommand(): Fix memory leaks.
* MPC: Fix memory leak in writer.
* MPEG: Fix memory leaks in writer.
* MTV: Memory leaks eliminated.
* NTRegistryKeyLookup(): Fix possible use of NULL pointer.
* NTGetTypeList(): Fix possible use of NULL pointer.
* PCD: Memory leaks eliminated.
* PCL: Fix null pointer dereference in PCL writer.
* PCX: Memory leaks eliminated.
* PALM: Fix possible use of NULL pointer. Fix memory leak.
* PICT: Memory leaks eliminated.
* PNG: Fix small (one-off) heap read overflow.
* PNM: Fix memory leaks.
* PS: Fix use of null pointer in error path.
* PWP: Fix possible use of null pointer.
* ReplaceImageColormap(): Throw an exception rather than assertion if
the input image is not colormapped.
* RGB: Fix memory leak.
* SegmentImage(): Fix possible use of NULL pointer.
* SetImageProfile(): Fix possible assertion failure.
* SGI: Check for EOF while reading SGI file header.
* SUN: Fix memory leak.
* TIFF: Fix possible use of NULL pointer. Fix memory leaks in writer.
* TIM: Fix memory leak.
* TOPOL: Fix possible use of NULL pointer. Fix memory leaks.
* VIFF: Fix memory leak.
* WEBP: Detect partial write to output file.
* WPG: Fix possible use of null pointer. Fix excessive use of disk
resources due to insufficient validations.
* WriteImage(): Restore use of GetBlobStatus() to test if an I/O error
was encountered while writing output file. This assures that I/O
failure in writers which do not themselves verify writes is assured
to be reported.
* WMF: Memory use after free issues eliminated.
* YUV: Fix memory leaks.
New Features:
* PNG: Implemented eXIf chunk support.
* WEBP: Add support for EXIF and ICC metadata provided that at least
libwebp 0.5.0 is used.
* Magick++ Image autoOrient(): New Image method to auto-orient an
image so it looks right-side up by default.
Windows Delegate Updates/Additions:
* Libtiff is updated to libtiff 4.0.9.
Build Changes:
* JPEG/PNG: The SETJMP_IS_THREAD_SAFE definition is used to determine
if setjmp/longjmp are thread safe. If these interfaces are thread
safe, then concurrent reads/writes are possible. This definition is
false for Solaris but true for Linux. JPEG and PNG will be fully
concurrent if this definition is enabled.
Behavior Changes:
* PALM: PALM writer is disabled.
* ThrowLoggedException(): Capture the first exception at
ErrorException level or greater, or only capture exception if it is
more severe than an already reported exception.
* DestroyJNG(): This internal function is now declared static and is
removed from shared library or DLL namespace.
Security Fixes:
---------------
DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799).
JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800).
META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
PCX: Fix denial of service issue.
RLE: Fix abnomally slow operation (denial of service issue) with intentionally corrupt colormapped file.
PICT: Fix possible buffer overflow vulnerability given suitably truncated input file.
PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
PNG: Avoid NULL dereference when MAGN chunk processing fails.
SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header.
SGI: Fix denial of service issues. Delay large memory allocations until file header has fully passed sanity checks.
TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335).
TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794).
WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997).
Bug fixes:
----------
DifferenceImage(): Fix Fix all-black difference image if an input file is colormapped.
EXIF orientation was not being properly detected for some files.
-frame: The import command -frame handling was improperly implemented and was using already freed data.
GIF: Fixes for "Excessive LZW string data" problem.
Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and PathSmoothCurvetoRel::operator().
PAM: Support writing GRAYSCALE PAM format.
PNG: Fix memory leaks.
SVG: Fixed a memory leak. Fixed a possible null pointer dereference.
TclMagick: Problem that TkMagick could not resolve functions from TclMagick under Linux is fixed.
TclMagick: Fix parser validatation in magickCmd() to avoid crash given a syntax error.
TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG library in state 0. (LibJpeg).").
TXT: Fixed memory leak.
XCF: Error checking is improved.
New Features:
-------------
EXIF rotation: Support is added such that the EXIF orientation tag is updated when the image is rotated.
MAT: Now support reading multiple images from Matlab V4 format.
Magick++: Orientation method now updates orientation in EXIF profile, if it exists.
Magick++: Added Image attribute method which accepts a 'char *' argument, and will remove the attribute if the value argument is NULL.
-orient: The -orient command line option now also updates the orientation in the EXIF profile, if it exists.
PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds of what JasPer supports).
Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), MagickSetImageOrientation(), MagickRemoveImageOption(), and MagickClearException().
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
1.3.25 (September 5, 2016)
==========================
Special Issues:
* None
Security Fixes:
* EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
overflow in EscapeParenthesis() used in the text annotation code.
While not being able to reproduce the issue, the implementation of
this function is completely redone.
* Utah RLE: Reject truncated/absurd files which caused huge memory
allocations and/or consumed huge CPU. Problem was reported by
Agostino Sarubbo based on testing with AFL.
* SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
the MVG rendering code (also impacts SVG).
* TIFF: Fix heap buffer read overflow while copying sized TIFF
attributes. Problem was reported by Agostino Sarubbo based on
testing with AFL.
Bug fixes:
* GetToken(): Fix obscure bug (read beyond end of string buffer)
noticed while parsing a MVG file. This problem was reported by
Gustavo Grieco.
* MVG rendering: Fix undesired hard errors when some objects were
drawn outside of the image bounds. Requests to draw objects
entirely outside of the image should be silently ignored.
* MVG/SVG rendering: Fix gradient size sanity checks which were
causing gradient requests to fail. Due to a design weakness in that
gradient images allocate resources rather than being computations at
point of use, the maximum gradient image size is now hard-limited to
5000x5000 pixels until the design problem is fixed. Some SVG icons
(as small as 8x8 pixels) authored using Inkscape request absurdly
huge gradients. Gradient sizes as large as 20,000x20,000 have been
observed in SVG icon files delivered by packages on an Ubuntu Linux
system.
* SVG: Fix some memory leaks which occur on parsing error.
New Features:
* None
Feature improvements:
* ElapsedTime(): Use clock_gettime() (when available with default
linkage) to obtain elapsed time.
* DescribeImage(): Provide 6 digits of seconds precision in in elapsed
time output. Previously the resolution was rounded up to a full
second.
Windows Delegate Updates/Additions:
* webp: Updated bundled libwebp to release 0.5.1.
* libxml: Updated bundled libxml2 to release 2.9.4.
* lcms: Updated bundled lcms2 to release 2.8.
* png: Update bundled libpng to release 1.6.24.
Build Changes:
* OpenMP is properly configured for clang 3.8 using its own '-lomp'
rather than '-lgomp'.
Behavior Changes:
* SVG: Some SVG files may be rejected due to absurdly large gradient
requests.
* The 'identify' and 'info' functionality only shows the pixel read
rate if image was not read in 'ping' mode. Provide 6 digits of
seconds precision in in elapsed time output.
1.3.24 (May 30, 2016)
==========================
.. _`GCC bug 53967` : http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53967
Special Issues:
* A shell exploit (CVE-2016-5118) was discovered associated with a
filename syntax where file names starting with '|' are intepreted as
shell commands executed via popen(). Insufficient sanitization in
the SVG and MVG renderers allows such filenames to be passed through
from potentially untrusted files. There might be other ways for
untrusted inputs to produce such filenames. Due to this issue,
support for the feature is removed entirely.
* A shell exploit was discovered associated with the gnuplot delegate
and which is triggered by the 'gplt' entry in delegates.mgk. A
remote exploit is possible if the attacker can cause a provided SVG
or MVG file to be rendered (or the user opens a provided file). The
gnuplot program must be installed in order for the exploit to be
successful. It is strongly recommended to remove this entry in all
delegates.mgk files.
* Due to `GCC bug 53967`_, several key agorithms (e.g. convolution)
may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is
enabled for floating point math (`-mfpmath=sse`) if the GCC option
`-frename-registers` is used. Default 32-bit builds do not
experience the problem since they use '387 math. It is not clear in
what version of GCC this problem started but it was not noticed by
the developers until the GCC 4.6 timeframe. Other compilers do not
suffer from this bug. Please lobby the GCC project to fix this
embarrassing performance bug.
Security Fixes:
* BLOB: Remove support for reading input from a shell command, or
writing output to a shell command, by prefixing the specified
filename (containing the command) with a '|'. This feature provided
a remote shell execution opportunity.
* DIB: Fixed out of bounds reads. Added more header validations.
* JNG: File size limits are enforced.
* MAT: Fixed denial of service opportunity. Fix hang on corrupt deflate stream.
* META: Fixed out of bounds reads and writes.
* MIFF: Fixed thrown assertion.
* MSL: Ignore the file extension on MSL files. It is necessary to add
a "msl:" prefix to MSL files to read the as an image.
* MVG: No longer assume that files ending with extension ".mvg" are
MVG files. MVG parsing does more validity checking on its input.
Assure that enough PrimitiveInfo structures are allocated in advance
to support a given vector path (heap overflow problem).
* PCX: Fixed unreasonable memory allocation due to intentionally
corrupt file.
* PDB: Fixed a heap buffer overflow and out of bounds read.
* PICT: Fixed an out of bounds write.
* PS: Ghostscript is now always run with -dSAFER for safer execution.
* PSD: Fixed segmentation violations, heap buffer overflows, and out
of bounds writes.
* RLE: Fixed out of bounds reads and writes.
* ReadImages(): Fixed a possible infinite recursion due to a crafted input file.
* RotateImage(): Fixed thrown assertion.
* SGI: Fixed out of bounds writes.
* SUN: Fixed out of bounds reads and writes.
* SVG: Fixed heap and stack buffer overflows, as well as segmentation
violations (CVE-2016-2317 and CVE-2016-2318). Also fixed endless
loop, unexpectedly large memory allocation, divide by zero, and
recursion issues.
* TIFF: Fixed an assertion while reading. Fixed benign heap overflow.
* TMP: Adding a "tmp:" prefix to a filename no longer removes the file
since this seems dangerous.
* VIFF: Fix excessive memory allocation with intentionally corrupted input file.
* XCF: Fixed a heap buffer overflow.
* XPM: Fixed several heap buffer overflows, and out of bound
reads/writes. Also fixed a case of excessive memory allocation.
* delegate.mgk: The default delegate.mgk file has been pared down in
order to reduce security exposure.
* gnuplot ('gplt' delegate in delegates.mgk): Support for rendering
gnuplot files is removed since the format is inherently insecure.
* File names: File names starting with a '|' character are no longer
interpreted as shell commands to be executed as input or output.
Bug fixes:
* BMP: Fix reading 24-bit Microsoft BMP which claims to have a
colormap.
* FILE: `file://` URLs are properly supported now (they never worked
before).
* JP2: It is now possible to write lossless JPEG 2000 "JP2" format.
* SVG: Support font-size "medium".
New Features:
* Blob I/O C APIs: Added signed versions of short and long Read/Write
functions.
* FILE: `file://` URLs are properly supported now (they never worked
before).
* MAT: Matlab V4 is now partially supported.
* Magick++: Added double-precision xResolution() and yResolution()
methods to support setting the horizontal and vertical resolution
with double floating point precision.
* Mogrify now supports a -preserve-timestamp option to preserve file
access and modification timestamps.
Feature improvements:
Windows Delegate Updates/Additions:
* Updated bundled libpng to release 1.6.19.
* Updated bundled libwebp to release 0.4.4.
* Update bundled libxml2 to release 2.9.3.
* Update bundled freetype to release 2.6.2.
Build Changes:
* Added ``--enable-broken-coders`` configure option to enable file
format support which may be broken or cause security issues. The
PSD format is now classified as "broken" (until it is fixed).
Behavior Changes:
* PSD format is not included in the build by default.
* Files ending with ".mvg" and ".msl" are not assumed to be image
files by default.
* File names starting with '|' are no longer treated as shell
commands.
* Gnuplot and POV delegate support is removed from the default
delegate.mgk file.
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
Special Issues:
* Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.
Security Fixes:
* ScaleImage(): While not strictly a security issue, requesting to scale an image while retaining the original number of rows will lead to a program crash or memory corruption due to double-free.
Bug fixes:
* ScaleImage(): Fix problem with new width/height match original (regression added by 1.3.22).
* ScaleImage(): Fix double-free when new rows matches original rows (regression added by 1.3.22).
* MinGW build fix related to eliminating a sleep() macro which conflicts with a MinGW-provided inline sleep() function.
* PNG: Issue a warning instead of an error when attempting to read a PNG file containing a zero-length profile. This allows the file to be read.
* identify: Fix problem in that identify -format "%A" (to test if transparency is supported in image) does not always produce the correct results.
Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Special Issues:
* Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.
* Magick++: Any libraries or applications using Magick++ should be rebuilt in order to use this new release. Libraries and applications will be able to continue to use prior versions of Magick++ without being re-built, while benefiting from updated C libraries, provided that the system supports library versioning.
Security Fixes:
* General Coverity fixes. Some might have security consequences.
* Ghostscript options concatenation is more secure against buffer overflow.
* Windows: Built-in random number generator is now salted using CryptGenRandom(). This improves the robustness of the temporary file allocator.
Bug fixes:
* ...
Security Fixes:
---------------
Annotate: Some requestable text-subsitution attributes caused a crash.
All formats: Image dimensions are checked to assure that they are within limits before proceeding to read the image.
BMP: Fix hang (endless loop) for certain files.
DCM: Fix crash as well as small heap over-write.
DPX: Fix crash due to DPX file reporting more elements than it has.
MNG: Validate MHDR chunk length to avoid huge memory allocation and DOS.
PCX: Fix for CVE-2014-8355. Validate file header in order to avoid buffer overun later.
PDB: Detect arithmetic overflows when calculating buffer sizes. Fix crash in writer when image width is not even multiple of 16. Fix buffer overrun with 2 and 4-bit PDB image files.
PNM: Validate PGM, PPM, and PAM header MaxValue parameter to avoid crash on poorly-formed input.
PNG: Impose a 10-million limit on dimensions when reading a PNG file to avoid denial of service.
PSD: Avoid problems caused by huge PSD colormap size.
PSD: Fix small stack over-write if more than 99 layers are written to PSD format.
PSD: Returns immediately if pixel limit was exceeded.
RLE: URT RLE reader is now more robust with errant files.
SUN: Header validation is now made fully robust, and arithmetic overflows in buffer-size calculations are detected to avoid heap overwrite.
TIFF: Fix crashes for photometrics which may delivery one or three samples per pixel (was assuming always three).
VIFF: Fixes to prevent buffer overflow. Validate colormap indexes.
Windows delegates: Fix unexpected argument splitting when invoking an external delegate program via delegates.mgk.
WPG: Fix use of NULL pointers. Fix buffer overflows.
XPM: Detect truncated row and quit with error rather than over-running a buffer.
XWD: Improve header validation. Added to UnstableCoderClass since the reader for this format should not be entrusted with untrustworthy input.
Bug fixes:
----------
CIN: Fix problem with text attribute values which are not NULL terminated. Validate sizes claimed by Cineon header.
Coverity: Fixes for many issues detected by Coverity scan (see ChangeLog).
DPX: Fix problem with text attribute values which are not NULL terminated.
DPX: Fix severe corruption of little-endian 32-bit packed output. Corruption was severe enough that it would have been noticed immediately.
Delegates: Fix possible memory leaks when invoking external application.
FITS: Properly validate values provided by file header.
GIF: Fix use of uninitialized data.
JBIG: Fix memory leaks.
JNG: Fix double-free error in error path.
JPEG: Verify the number of output components before attempting to decode the image.
Magick++: Image resolutionUnits() was not always returning correct value.
Magick++: Locking has not been working properly since the code was written in 1998. Apparently the issue has not been significant enough to cause run-time issues.
ICO: Windows icon reader is now much more robust.
MIFF: Reader now quits with an error if zip or bzip2 stream is corrupted.
MAT: Fix memory leaks.
PALM: Reader now reads various input formats (up to version 2) correctly whereas it was crashing or otherwise malfunctioning before. More work remains, particularly in the writer.
PCX: Eliminate memory leaks in error paths.
PDB: In PDB writer, void possible under-allocation due to arthimetic overflow when allocating packets.
PICT: Fix PICT reader crash with corrupted file.
PNG: Fix double-free error in error path.
PNG: Fixed handling of transparency when writing indexed PNG.
PNG: Avoid reading beyond the end of a tEXt keyword.
PSD: Fix error when reading PSDs files which have no layers.
RLA: Fix possible crash due to file header.
Signal Handling: Signal handling is now more robust and handles SIGSEGV and other critical signals. The sole purpose of the default signal handling is to remove any temporary files and quit. An informative message is printed for signals other than SIGINT.
SUN: Sun raster reader was not completely robust. Now it is.
SWF: Fix pixel cache access errors in 'ping' mode.
Text annotation: An empty text string is no longer treated as an error.
Text annotation: Fix regression added in 1.3.19 which caused spurious drawing errors to be produced while rendering with text when all of the text is off the left-hand side of the image.
TIFF: Fix unreliable reading JBIG compressed files by forcing use of strip reader rather than sometimes using scanline reader (which libtiff's JBIG codec does not support).
TIFF: Fix reading or writing planar min-is-white or min-is-black images with an associated alpha channel.
WebP: WebP writer now writes truely lossless output when requested.
identify / GetImageStatistics(): Failed to compute statistics for the Black channel of CMYK image files.
VICAR: Fix problem with continuing to "read" data when there is no more data left to read.
WMF: Fix memory leaks.
WPG: Fix potential DOS due to long reads during an error condition.
XPM: Avoid strncpy() of overlapping memory. Fixed memory leaks in error paths. Fixed bad memory access caused by empty file.
New Features:
-------------
compose: Supports composite operator names similar to the major *Magick brand, without losing any any compatibility with previous naming.
ICO: Windows ICO reader now supports reading PNG-encoded files.
Magick++ Geometry: New methods limitPixels() and fillArea() to support '@' and '^' geometry qualifiers. This enancement breaks the ABI due to previous use of inline methods and no place to put the new flags.
Magick++ Image::extent(): New method to place image on sized canvas of constant color using gravity.
Magick++ Image::formatExpression(): New method format a string based on a format similar to command-line -format.
Magick++ Image::resize(): New method to resize image specifying geometry, filter, and blur.
Magick++ STL extentImage: New New function object to invoke image extent method.
Magick++ Image::quiet(). New method which blocks (ignores) warning exceptions when passed a 'true' argument.
Resource limits: Added support for image Width and Height limits. Default image Width and Height limits are based on the range of a 32-bit signed integer, even for 64-bit builds which may have sufficient numeric range to image an entire galaxy. Limits may be increased as desired.
TIFF: Use define tiff:ignore-tags to ignore tags in 'corrupted' files with unknown and invalid tags. Use to read TIFF files which otherwise can not be read due to errors.
TIFF: Use '-define tiff:report-warnings=true' to enable that warnings reported by libtiff are thrown as warning exceptions so that they may be caught or will be reported at the gm command-line.
Windows Exceptions: A handler is registered (due to calling InitializeMagick()) to capture Windows Exceptions in a similar manner to the existing POSIX signal handler. If an application is using the library and wants to provide it own Windows exception handling, then it should make any changes after invoking InitializeMagick().
Windows Delegate Updates/Additions:
-----------------------------------
PNG: Update bundled libpng to 1.6.16. Resolves known security issues.
FreeType: Update bundled Freetype to 2.5.4. Resolves known security issues.
WebP: Update bundled WebP to 0.4.2 release.
WebP is auto-linked in Visual Studio.
Build Changes:
WebP is not included in the build when building with Visual Studio 6 (1998 vintage compiler!) since it requires more modern C.
Behavior Changes:
-----------------
AVI: Support for this format is removed since the implementation was worthless.
TIFF: Now uses YCbCr encoding when JPEG compression is requested for an RGB image.
Special Issues:
Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug. Please lobby the GCC project to fix this embarrassing performance bug.
Bug fixes:
Compilation: No longer undefine __attribute__ since this may be used by system or compiler headers and cause problems.
BMP: Alpha channel from BMP3 format was inverted.
PNG: Fix round-trip repeatability issue (due to rounding algorithm) with modern versions of libpng. Prefer the less accurate method which does not alter the image.
PNG: Fix some memory leaks in error-handling paths.
PNM: Scaling of alpha in sub-ranged pixels is fixed.
Wand API: Removed development debug fprintf which causes each drawing primitive to be printed to stderr.
PS, PS2, PS3, PDF: Only use resolution from image or -density if units was properly specified. Without units, resolution is worthless.
PS, PS2, PS3, PDF: Use resolution from image if it appears to be valid.
WebP: Fix inverted return status which caused failure to be reported instead of success.
Rotation clipping/shearing errors for short wide images at some angles is fixed.
-geometry: Deal with resize geometry missing width or height (e.g. '640x' or 'x480') by substituting the missing value with one which preserves the image aspect ratio. This has been documented to be supported since almost the dawn of GraphicsMagick but was not actually supported until now.
-geometry: Support '>' and '<' qualifiers with '@' qualifier to specify if image should be resized if larger or lesser than given area specification.
New Features:
Wand API: MagickSetImageGravity() - New function to set image gravity.
Wand API: MagickGetImageGravity() - New function to get image gravity.
Wand API: MagickSetImageMatte() - New function to set the image matte channel enable flag.
Wand API: MagickGetImageMatte() - New function to read the image matte channel enable flag.
Wand API: MagickSetImageGeometry() - New function to set the image geometry string.
Wand API: MagickGetImageGeometry() - New function to get the image geometry string.
Wand API: MagickOperatorImageChannel() - New function to apply an operator to an image channel.
Magick++ API: New Image::thumbnail() method for fast image resizing, particularly to make thumbnails.
Core C API: Added SetLogMethod() to allow an application/library to specify a function to be called for logging.
Clang/LLVM: Provide support for clang/llvm attribute and builtin specifiers similar to that provided for GCC.
OpenMP: OpenMP native locking and thread specific data is supported via a configuration option (is not the default). This offers a "pure" OpenMP compilation mode. No real value for this compilation mode has been observed yet but it seems worthy to support.
Coders: Added BrokenCoderClass to mark coders which often malfunction or are not very useful in their current condition.
Composition: Added HardLight composition operator, which is now used by PSD and XCF formats, and available via command line, Magick++ API, PerlMagick API, and Wand API.
Composition: Added ScreenCompositePixels composition operator.
Composition: Added missing Photoshop separable compositing operations, Overlay, Exclusion, ColorBurn, ColorDodge, SoftLight, LinearBurn, LinearDodge, LinearLight, VividLight, PinLight, HardMix.
+set: Command line utilities now support +set to remove an existing image attribute.
-format: Support additional format specifiers 'g', 'A', 'C', 'D', 'G', 'H', 'M', 'O', 'P', 'Q', 'T', 'U', 'W', 'X', and '@', similar to the major brand.
-operator: New quantum operators ThresholdBlackNegateQuantumOp and ThresholdWhiteNegateQuantumOp These correspond to -operator "Threshold-Black-Negate" and "Threshold-White-Negate".
TIFF: Now support setting the TIFF "Software" tag for users who do not want to admit to using GraphicsMagick.
WebP: All of the WebP encoder encoder options are now supported by -define arguments.
Feature improvements:
Pixel interpolation quality is greatly improved, with minimal impact on performance. Pixel interpolation now also works well given an alpha channel.
WebP: WebP support is now prepared to compile with most WebP library versions and supports all features except for those pertaining to "RIFF" container support.
Performance Improvements:
Non-integral image rotation performance has been improved by about 40%, with lower memory usage as well.
GradientImage: Update image is_grayscale and is_monochrome flags based on gradient color properties.
Windows Delegate Updates/Additions:
PNG: Libpng 1.6.12 - June 12, 2014.
JPEG: libjpeg 9a of January 19, 2014.
FreeType: FreeType 2.5.3 of March 6, 2014.
WebP: webp 0.4.0 of January 20, 2013.
zlib: zlib 1.2.8 of April 28, 2013.
Build Changes:
--without-threads no longer disables use of OpenMP. Use the already existing option --disable-openmp to disable OpenMP.
Makefiles: Include paths are now exceedingly pedantic to make sure that only the required directories are included.
VisualMagick configure: Improve configure program so that it is possible to select QuantumDepth, OpenMP, and 64-bit build via configure dialog boxes as well as options on the command line. Also automatically detects and deals with similarly named files in subdirectories so that WebP support can now build successfully.
Behavior Changes:
MultiplyCompositePixels: Multiply composition now uses SVG interpretation of how alpha should be handled. No longer does a simple multiply of alpha channel.
Composition: The Difference, Darken, Lighten, and HardLight composition operators were modified to support alpha in their computations.
PNG: Using -optimize no longer triggers palette and depth optimizations since their implementations have been problematic.
mail, add -frename-registers to CFLAGS when building with GCC 4.* on x86_64
to work around GCC bug 53967 and gain a 2-3X speedup in certain sections.
Bump PKGREVISION.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
Security Fixes:
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed. This crash could be used to cause denial of service.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile". This crash could be used to cause denial of service.
Bug fixes:
Build: Fix cross-compilation for MinGW64 on Linux build machine.
Build: configure FreeType test no longer insists that <freetype/freetype.h> can be included.
CMS profile: Only delete the CMS transform if it is non-null. Fixes assersion observed when lcms returned a null profile and GraphicsMagick attempted to deallocate it.
Drawing: Improve error handling logic so that drawing returns quickly on pixel access errors rather than plowing on ahead. This avoids problems with SVGs which take seemingly forever to render.
Drawing via C/C++ APIs: BevelJoin no longer causes a MVG parsing error.
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed.
OpenMP: Revert use of omp_set_dynamic() since it caused performance issues when using GCC's GOMP implementation and the number of threads to use is specified.
EXIF profile: Support the SubjectArea EXIF tag.
MIFF writer: PseudoClass format was written incorrectly for depth greater than 8.
MIFF writer: RLE compressed format used inverted alpha from the other subformats and contrary to the MIFF specification.
MIFF reader: Fixes Fixes to be able to read MIFF written by ImageMagick 6.X, including DirectClass grayscale images (except for RLE compressed).
Mosaic: Fixed unsigned underflow problem with -mosaic when page offset is negative and exceeds image width or height, resulting in assertions, out of memory errors, or pixel cache limit errors.
PDF: Consistently initialize Image page width and height to image width and height. While general to all of GraphicsMagick, this change is to assure that the PDF writer computes page dimensioning consistently. PDF page dimensioning was wrong if the image had been resized with -geometry "100%".
PAM: Fix MAXVAL scaling when reading PAM images. PAM was only working correctly for images with 256 or 64k levels.
PNM: PGM "P2" format writer wrote bad output for 8-bit depth.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile".
PNG: Q8 GM build now correctly reads 16-bit PNG files.
TIFF writer: Try to avoid writing more than 32k strips per image by increasing rows-per-strip since some programs fail to read images with more than 32k strips per image.
TIM reader: PSX TIM reports 8-bit depth (rather than 16).
TTF font rendering: Improve FreeType rendering error logic so that rendering returns immediately on pixel access errors rather than plowing on ahead.
TTF font rendering: Support rendering UTF-8 up to 21-bit code points. Was only supporting 16-bit code points.
Wand API: DrawSetStrokeDashArray() / DrawGetStrokeDashArray(), fix failure to work properly due to this code path never being tested.
Windows Ghostscript: 64-bit GraphicsMagick no longer requires both 32-bit and 64-bit builds of Ghostscript to be installed in order to read Postscript and PDF formats.
XPM reader: Reported depth now depends on the colormap rather than always claiming to be 16-bit.
New Features:
JPEG: Add support for writing 'XMP' profile.
PNM: As a simple non-standard extension to the standard PNM and PAM formats, support writing and reading 32-bit sample depth. Writing such files is only supported by the Q32 build although they may be read by any build.
WebP: Now supports reading and writing Google's WebP format. This feature is not currently supported by the Windows Visual Studio build.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Special Issues:
Due to GCC bug 53967, several key agorithms (e.g. convolution) may execute much faster (e.g. 2-3X) for x86-64 and/or when SSE is enabled for floating point math (-mfpmath=sse) if the GCC option -frename-registers is used. Default 32-bit builds do not experience the problem since they use '387 math. It is not clear in what version of GCC this problem started but it was not noticed by the developers until the GCC 4.6 timeframe. Other compilers do not suffer from this bug.
Security Fixes:
None.
Bug fixes:
Fixed bug with format substitutions if input string ends with a single '%'.
BMP: Fixed an old bug with decoding chromaticity primaries.
PNG: Fixed reading of interlaced images. Fix reading of sub-8-bit palette and grayscale images. Some PNG sub-formats were written incorrectly. Fix crash in PNG8 writer if image colors happened to be non-zero but image was not actually colormapped.
PNG: Configure script now also searches for libpng versions 16 and 17.
TIFF: Fix a crash which was noticed when writing RGBA separated (planar) format.
--enable-symbol-prefix was not prefixing all of the C symbols. Some core C library functions were not prefixed. This option applies to the Wand library API as well now.
C API: When input is from a user-provided file descriptor, the file position is restored after reading the file header bytes. Previously the file position was rewound to the beginning of the file. This allows reading embedded image data from the current offset in a file, and allows continuing to use the stream after GraphicsMagick has returned the image.
C API: It is now possible to invoke CloseBlob() multiple times.
display: Display was supposed to respond to +/-usePixmap, but was not. It was responding to +/-use_pixmap. Now it responds to both.
Windows/VisualMagick: Fix building GraphicsMagick with Intel ICC compiler driven by Visual Studio Professional 2012.
Windows: Avoid a crash and produce a useful diagnostic if Ghostscript is needed but not yet installed.
New Features:
GM utility: New 'batch' command was contributed by Kenneth Xu which supports executing any number of other GM utility sub-commands in a single invokation in a sort of "batch" script. Input may be piped from standard input, from a specified file, or from a 'GM >' command prompt. This utilities front-end allows any other program/script to drive 'gm' using a co-process model and speeds up execution by eliminating utility start-up/shut-down time.
WIN64 (64-bit Windows): Windows 64-bit is now officially supported.
convert/mogrify: Now support -auto-orient to automatically rotate the image upright for viewing based on its current orientation setting. Also support -orient to support setting the current image orientation. Please note that the orientation property of EXIF profiles is not yet updated so the EXIF profile will be wrong after using -auto-orient.
C API: AutoOrientImage(), new New function to automatically orient the image so that it is upright for normal viewing.
Wand API: MagickGetImagePage()/MagickSetImagePage(), new functions to support getting and setting the image page size and offsets.
PNG: Added PNG48 and PNG64 support. Added PNG00 support (png encoder that inherits its color-type and bit-depth from the input, if the input was a PNG datastream).
Feature improvements:
GraphicsMagick TAP tests may now be run stand-alone using Perl's 'prove' TAP test driver.
Performance Improvements:
Detection of glob specifications in file names is more efficient.
Windows Delegate Updates:
None.
Behavior Changes:
ltdl: Libltdl is no longer bundled. Libltdl must be previously installed on the system in order to build the modules configuration.
AppendImages() now converts subsequent images to the colorspace of the first image, and no longer converts the first image to RGB. Instead, it is assumed the user knows what she is doing.
SetImageColorRegion() no longer automatically converts the image to RGB. The user is responsible for assuring that the provided color is in the same colorspace as the image.
Security Fixes:
* PNG: Fix for CVE-2012-3438. The Magick_png_malloc function in
coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper
variable type for the allocation size, which might allow remote
attackers to cause a denial of service (crash) via a crafted PNG
file that triggers incorrect memory allocation.
* Automake (derived): Fix for CVE-2012-3386: The "make distcheck"
rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants
world-writable permissions to the extraction directory, which
introduces a race condition that allows local users to execute
arbitrary code via unspecified vectors.
Bug fixes:
* PNG: Reading sub-8-bit palette images is fixed (images looked
stretched).
* SVG: Fixed bug which allowed MVG and SVG files with long vector
paths to crash the software.
* SVG: Ignore XML headers rather than rendering them as text.
* MVG/SVG/WMF/-draw: It is now possible to draw a plain ','
character.
* WMF: Fixed a bug which caused wrong centered-text placement.
* import: Return status was inverted.
* configure: Don't force that liblzma is used just because libtiff
is used.
New Features:
* The configure script now supports a --enable-quantum-library-names
option to enable that shared library name includes quantum depth
to allow shared libraries with different quantum depths to
co-exist in same directory (only one can be used for development).
* JNX: Support is added for reading the Garmin proprietary Image
Format.
* BMP: Support an alpha channel in uncompressed 32-bit BMP.
Feature improvements:
* -lat: The adaptive threshold algorithm is replaced with a new
algorithm which scales linearly (rather than quadratically) with
area size.
* Tests: Test suite is re-written to use TAP-based tests.
* GIF: Reader tries to be better at detecting and reporting
failures.
Performance Improvements:
* -lat: Adaptive threshold is much faster with large area sizes.
Windows Delegate Updates:
* Dcraw 9.16 is now included in the build (with JPEG and JPEG2000
support).
* Libxml2 is updated to the 2.9.0 release.
* Libtiff is updated to the 4.0.3 release.
* Lcms2 is updated to the 2.4 release.
* Libpng is updated to the 1.5.13 release.
Behavior Changes:
* Loading modules is only supported for the modules build.
Previously any build using shared libraries could load modules.
* Bundled libltdl is now configured as 'installable' rather than
'convenience'.
* -enhance: Only filter based on color channels (ignore opacity).
* BrowseDelegate: Web browser (for viewing help information) now
defaults to 'xdg-open', but if it is not found, then configure
will search for firefox, google-chrome, mozilla (in that order).
libXext/buildlink3.mk, now that it is included there.
Leave the places where its API version is set or variables from it
are used directly (about 3 packages).
1.3.16 (June 24, 2012)
==========================
Security Fixes:
* Don't translate 'comment' and 'label' attributes if the request is
made while a file is being read. Only translate such attributes
if they come from the command line or API user.
Bug fixes:
* SWT: SWT reader suffered from a number of implementation errors
which caused it not to work any more. Works again.
* XBM: Fix memory leak observed when reading file in 'ping' mode.
* Support -trim on images which use a consistent (single color)
transparent background. In this case, trim is done based on
opacity rather than foreground color.
* Include <sys/types.h> in order to assure that 'size_t' and
'ssize_t' are declared. This is necessary since
MagickExtentImage() uses these types as part of its definition.
* +repage was not working because parser was insisting that it
should include an argument.
* -units was scaling existing resolution the wrong way around
(i.e. multiplying rather than dividing).
* PerlMagick: Fix compilation with Perl 5.16.
* PingBlob(): PingBlob was not working for all cases. Is now based
on BlobToImage() for assured reliability.
New Features:
None
Feature improvements:
* MAT: Animated movies inside 4D matrices are loaded now.
* PDF: File base name is used as the document title.
* PNG: Fix issues observed specifically with libpng 1.5.10.
Performance Improvements:
* Pixel iterators should be more efficient now if the image uses a
file-backed cache.
* Motion blur algorithm does scale well as cores are added so
include OpenMP support for it by default.
Windows Delegate Updates:
* JPEG: Updated to IJG 8d release.
* PNG: Updated to 1.5.11 release
* TIFF: Updated to 4.0.2 release.
* Zlib: Updated to 1.2.7 release.
* libxml2: Updated to 2.8.0 release.
Behavior Changes:
None
1.3.15 (April 28, 2012)
==========================
Security Fixes:
* Libpng in Windows build is updated to 1.5.10 release. Provides a
fix for CVE-2011-3048.
Bug fixes:
* PNG - fixed problem with bit depth when the encoder decides to
write RGBA instead of indexed PNG.
* Fixed some temporary file leaks which were caused by the temporary
file name being automatically extended to include a scene number,
and therefore fail to be deleted.
New Features:
* Added '+noise random' and '-operator noise-random' to 'convert'
and 'mogrify'. This modulates the existing image data with
uniformely random noise.
* Added -strip option in composite, convert, mogrify, and montage to
remove all profiles and text attributes from the image.
* Added -repage option to composite, convert, mogrify, and montage
subcommands to reset or adjust the current image page offsets
based on a provided geometry specification.
* New C function StripImage() to remove all profiles and text
attributes from the image.
* New C function ResetImagePage() to adjust the current image page
canvas and position based on a relative page specification.
* C functions GenerateDifferentialNoise(), AddNoiseImageChannel(),
QuantumOperatorRegionImage(), AddNoiseImage() updated to support
RandomNoise enumeration.
* New C++ Image method strip(), and unary function stripImage() to
remove all profiles and text attributes from the image.
* XCF format now respects image subimage and subrange members so
that returned image layers may be selected.
* The INFO coder (e.g. output file "info:-") now respects the
-format option so that its output may be adjusted identically to
how -format works for 'identify'.
* TclMagick now supports Random noise.
Feature improvements:
* C function ThumbnailImage() now allows the user to override the
filter used, but still defaults to using the box filter.
Performance Improvements:
* None
Behavior Changes:
* No longer add a printf-style scene formatting specification to
filenames which do not have one and no longer automatically
operate in 'adjoin' mode in such cases. If multiple numbered
files are intended to be output, then add +adjoin to the command
line and use an output filename specification similar to
"image-%d.jpg". Output files are now completely specified and
predictable but this may break some existing usages which
anticipate the automatic file numbering.
