Version 1.6.28rc01 [January 3, 2017]
Fixed arm/aarch64 detection in CMakeLists.txt (Gianfranco Costamagna).
Added option to Cmake build allowing a custom location of zlib to be
specified in a scenario where libpng is being built as a subproject
alongside zlib by another project (Sam Serrels).
Changed png_ptr->options from a png_byte to png_uint_32, to accomodate
up to 16 options.
Version 1.6.28rc02 [January 4, 2017]
Added "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
Moved SSE2 optimization code into the main libpng source directory.
Configure libpng with "configure --enable-intel-sse" or compile
libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
Version 1.6.28rc03 [January 4, 2017]
Backed out the SSE optimization and last CMakeLists.txt to allow time for QA.
Version 1.6.28 [January 5, 2017]
No changes.
Gpick is an advanced color picker and palette editing tool.
Main features
* Magnification and mouse pointer control with keyboard.
* Automatic color name assignment.
* Export to following formats:
* Inkscape/Gimp Palette (*.gpl)
* Adobe Swatch Exchange (*.ase)
* Alias/WaveFront Material (*.mtl)
* Cascaded Style Sheet (*.css)
* Hyper Text Markup Language (*.html)
* Customizeable text file
* Import from following formats:
* Inkscape/Gimp Palette (*.gpl)
* Adobe Swatch Exchange (*.ase)
* Customizeable text file
* Oversampling with five falloff types:
* Multiple pixel values are averaged to help picking
colors from sources with noise, patterns and etc,
where each pixel is different and overall color is
produced by different amounts of particular color.
* Palette from image.
* Color scheme creation tools.
* Mix two or more colors using variable number of steps
and different mixing types.
* Lightness and/or saturation variations.
* Harmonious colors.
2016-12-18 7.0.4-0 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.4-0, GIT revision 19221:d5e8abc:20161218.
2016-12-14 7.0.4-0 Cristy <quetzlzacatenango@image...>
* Lazily evaluate the image storage class and colorspace to prevent cache
allocation when pinging an image.
* Do not close path for linejoins of round (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31039).
Version 1.6.27beta01 [November 2, 2016]
Restrict the new ADLER32-skipping to IDAT chunks. It broke iCCP chunk
handling: an erroneous iCCP chunk would throw a png_error and reject the
entire PNG image instead of rejecting just the iCCP chunk with a warning,
if built with zlib-1.2.8.1.
Version 1.6.27rc01 [December 27, 2016]
Control ADLER32 checking with new PNG_IGNORE_ADLER32 option.
Removed the use of a macro containing the pre-processor 'defined'
operator. It is unclear whether this is valid; a macro that
"generates" 'defined' is not permitted, but the use of the word
"generates" within the C90 standard seems to imply more than simple
substitution of an expression itself containing a well-formed defined
operation.
Added ARM support to CMakeLists.txt (Andreas Franek).
Version 1.6.27 [December 29, 2016]
Fixed a potential null pointer dereference in png_set_text_2() (bug report
and patch by Patrick Keshishian).
Changelog:
2.0.7:
we're proud to announce the seventh bugfix release for the 2.0 series of darktable, 2.0.7!
as always, please don't use the autogenerated tarball provided by github, but only our tar.xz. the checksum is:
a9226157404538183549079e3b8707c910fedbb669bd018106bdf584b88a1dab darktable-2.0.7.tar.xz
0b341f3f753ae0715799e422f84d8de8854d8b9956dc9ce5da6d5405586d1392 darktable-2.0.7.dmg
and the changelog as compared to 2.0.6 can be found below.
New Features
Filter-out some EXIF tags when exporting. Helps keep metadata size below max limit of ~64Kb
Support the new Canon EOS 80D {m,s}RAW format
Always show rendering intent selector in lighttable view
Clear elevation when clearing geo data in map view
Temperature module, invert module: add SSE vectorization for X-Trans
Temperature module: add keyboard shortcuts for presets
Bugfixes
Rawspeed: fixes for building with libjpeg (as opposed to libjpeg-turbo)
OpenCL: always use blocking memory transfer host<->device
OpenCL: remove bogus static keyword in extended.cl
Fix crash with missing configured display profile
Histogram: always show aperture with one digit after dot
Show if OpenEXR is supported in --version
Rawspeed: use a non-deprecated way of getting OSX version
Don't show bogus message about local copy when trying to delete physically deleted image
Base Support (newly added or small fixes)
Canon EOS 100D
Canon EOS 300D
Canon EOS 6D
Canon EOS 700D
Canon EOS 80D (sRaw1, sRaw2)
Canon PowerShot A720 IS (dng)
Fujifilm FinePix S100FS
Nikon D3400 (12bit-compressed)
Panasonic DMC-FZ300 (4:3)
Panasonic DMC-G8 (4:3)
Panasonic DMC-G80 (4:3)
Panasonic DMC-GX80 (4:3)
Panasonic DMC-GX85 (4:3)
Pentax K-70
Base Support (fixes, was broken in 2.0.6, apologies for inconvenience)
Nikon 1 AW1
Nikon 1 J1 (12bit-compressed)
Nikon 1 J2 (12bit-compressed)
Nikon 1 J3
Nikon 1 J4
Nikon 1 S1 (12bit-compressed)
Nikon 1 S2
Nikon 1 V1 (12bit-compressed)
Nikon 1 V2
Nikon Coolpix A (14bit-compressed)
Nikon Coolpix P330 (12bit-compressed)
Nikon Coolpix P6000
Nikon Coolpix P7000
Nikon Coolpix P7100
Nikon Coolpix P7700 (12bit-compressed)
Nikon Coolpix P7800 (12bit-compressed)
Nikon D1
Nikon D3 (12bit-compressed, 12bit-uncompressed)
Nikon D3000 (12bit-compressed)
Nikon D3100
Nikon D3200 (12bit-compressed)
Nikon D3S (12bit-compressed, 12bit-uncompressed)
Nikon D4 (12bit-compressed, 12bit-uncompressed)
Nikon D5 (12bit-compressed, 12bit-uncompressed)
Nikon D50
Nikon D5100
Nikon D5200
Nikon D600 (12bit-compressed)
Nikon D610 (12bit-compressed)
Nikon D70
Nikon D7000
Nikon D70s
Nikon D7100 (12bit-compressed)
Nikon E5400
Nikon E5700 (12bit-uncompressed)
We were unable to bring back these 4 cameras, because we have no samples.
If anyone reading this owns such a camera, please do consider providing samples.
Nikon E8400
Nikon E8800
Nikon D3X (12-bit)
Nikon Df (12-bit)
White Balance Presets
Pentax K-70
Noise Profiles
Sony DSC-RX10
Translations Updates
Catalan
German
This integrates most of the patches we had applied in pkgsrc.
The changes are in ChangeLog, and are not well summarized anywhere
I can find, sorry...
OK from adam@
Release 1.14.8 (2016-12-07 Bryce Harrington <bryce@osg.samsung.com>)
========================================================================
Bugfix release rolling up backported fixes for the past year.
For a complete log of changes since 1.14.6, please see:
http://cairographics.org/releases/ChangeLog.cairo-1.14.8
Features
--------
None
API Changes
-----------
None
Dependency Changes
------------------
None
Performance Optimizations
-------------------------
None
Bug Fixes
---------
* Fix "invalidfont" error on some printers when printing PDFs with
embedded fonts that have glyphs (such as spaces) with
num_contours == 0. (Bug #79897)
* Fix deadlock when destruction of a scaled font indirectly triggers
destruction of a second scaled font, causing the global cache to be
locked twice. (Bug #93891)
* Fix X errors reported to applications when shmdt() is called before
the Attach request is processed, due to missing xcb and xlib calls.
* Fix random failure in record-paint-alpha-clip-mast test case, caused
by an incorrect assumption that a deferred clear can be skipped.
(Bug #84330)
* Fix crash when dealing with an XShmGetImage() failure, caused by a
double free in _get_image_surface(). (Bug #91967)
* Fix build issue when using non-GNU strings utility. (Bug #88639)
* Cleanup debugging text sent to stdout instead of log. (Bug #95227)
1.12.2 (stable):
* Remove new API that was not meant to be added in 1.12.1.
1.12.1 (stable):
* C++11: Use nullptr instead of 0.
* C++11: Use override keyword on destructors.
* C++11: Make operator bool() explicit.
(Murray Cumming)
Nov. 24, 2016 - Version 10.36 (production release)
- Added 3D Studio MAX files to the list of supported file types
- Decode more Sony tags (thanks Jos Roost)
- Decode a couple more FlashPix tags
- Minor changes to some of the new IPTC Extension tags
- Fixed problem reading some FlashPix (Windows Compound Binary Format) files
Nov. 21, 2016 - Version 10.35
- Fixed bug in Windows version introduced in 10.32 which could cause ExifTool
to exit with an error if the -lang option was used
Nov. 21, 2016 - Version 10.34
- Added support for new IPTC Extension version 1.3 + video metadata XMP tags
- Added missing print conversion for PreviewDateTime
- Decode a few new FujiFilm tags (thanks Zilvinas Brobliauskas)
- Enhanced MWG date/time tags to support new EXIF time offsets
- Patched loophole in WriteMode which would allow creation of new metadata
files when creation of new groups was disallowed
- Fixed problem where some EXIF date/time tags may not shifted when shifting
all date/time tags with "-time:all-=VAL" for ExifTool version 10.28-10.33 or
when the MWG feature was used
Nov. 11, 2016 - Version 10.33
- Windows EXE version is 32-bit again, and packaged with Perl 5.24.0
- Fixed encoding problem with EXIF:Copyright when writing MWG tags using an
alternate EXIF charset
Nov. 9, 2016 - Version 10.32
- WARNING: The Windows EXE version for this release is 64-bit (and packaged
with Perl 5.22.2 instead of 5.24.0)
- Time::Piece may now be used as an alternative to POSIX::strptime for parsing
date/time values when writing, and is included in the Windows package
- Added a number of new XMP tags (thanks StarGeek)
- Added support for a few new Sony cameras (thanks Jos Roost)
- Added new Nikon LensID (thanks Tanel)
- Decode a new Nikon tag (thanks Warren Hatch)
- Decode FLIF encoding type
- Decode a new Samsung tag (thanks Klaus Homeister)
- Ignore -filter option for a tag if it returns an undefined value
Oct. 19, 2016 - Version 10.31
- Added write support for FLIF images
- Added support for animated PNG images
- Added a few new SamsungModelID values
- Added a new Canon LensType
- Added a new Sony/Minolta LensType (thanks Jos Roost)
- Decode more Samsung tags (thanks Klaus Homeister and Sreerag Raghavan)
- Decode more Nikon tags (thanks Warren Hatch)
- Changed "TAG does not exist" warning when writing to "TAG is not supported"
- Fixed problem importing information from CSV or JSON databases for files
with special characters in their name
Oct. 13, 2016 - Version 10.30
- Added read support for FLIF images
- Added a couple of new Minolta/Sony LensType values (thanks Jos Roost)
- Added a new SonyModelID (thanks LibRaw and Jos Roost)
- Added a new digiKam XMP tag
- Decode a new Apple tag (thanks Neal Krawetz)
- Decode a few new FujiFilm tags (thanks Chris Schucker)
- Decode more Nikon D5 custom settings (thanks Warren Hatch)
- Decode a couple more Samsung tags (thanks Klaus Homeister)
- Improved decoding of Nikon D500/D5 ShotInfo information
- Enhanced -ver option to output system information when -v is added
- Minor change to parsing of -@ argfile (comment lines may may no longer have
spaces before the "#")
- Patched Jpeg2000 reader to read bad UUID-EXIF boxes
- Lowered priority of unknown XMP tags when reading
- Fixed problem in new xmp2exif.args date/time arguments introduced in 10.28
- Fixed potential "Use of uninitialized value" warning when decoding
compressed PNG iTXt chunk
Oct. 5, 2016 - Version 10.29
- Added a couple of new Sony LensType values (thanks LibRaw)
- Decode a few new Sony tags
- Decode a few new FLIR tags
- Decode some new Nikon D5 tags (thanks Warren Hatch)
- Decode a new Apple tag
- Enhanced -geotag option to allow tagging from KML placemarks with a TimeSpan
- Enhanced -d option (and API DateFormat option) to perform inverse date/time
conversion when writing if the POSIX::strptime module is available. If
POSIX::strptime is not available then the behaviour is like older versions
(ie. the date/time is not converted) unless the API StrictDate option is set
in which case a warning is issued and the tag is not written
Sept. 27, 2016 - Version 10.28 - "EXIF 2.31"
- Added support for new EXIF 2.31 tags
- Added some new Canon LensType values (thanks Norbert Wasser for one)
- Added a new Olympus LensType (thanks LibRaw and Niels Kristian Bech Jensen)
- Added a new Sony LensType and SonyModelID (thanks Jos Roost)
- Added a new Pentax LensType
- Added fotoware.config and bibble.config files to the distribution
- Made Composite SubSecDateTimeOriginal, SubSecCreateDate and SubSecModifyDate
tags writable, and expanded to include new EXIF 2.31 time zone tags
- Fixed problem writing user-defined structured tag elements with a dot (.) in
their tag ID
Sept. 23, 2016 - Version 10.27
- Added a new CanonModelID (thanks LibRaw)
- Added a new Sony LensType (thanks Jos Roost)
- Added a few new NikonLensID's (thanks Yang You and Robert Rottmerhusen)
- Added a couple of new Olympus LensType values (thanks LibRaw and Niels
Kristian Bech Jensen)
- Added a new Olympus CameraType
- Decode some Canon 80D, 750D, 760D and 1200D CameraInfo tags
- Changed writing of some ExposureTime and ExposureCompensation tags to allow
the exact numerator and denominator of the stored rational value to be
specified
- Fixed Timecode printout in -v3 output for M2TS videos (thanks Ken Neighbors)
- Fixed some problems with the new "-progress:TITLE" feature
- Fixed problem where "_exiftool_tmp" file could be left around after a failed
write attempt
- Fixed potential "isn't numeric" runtime error when reading a PDF file with
the -ee option
Sept. 15, 2016 - Version 10.26
- Added read support for GSpherical metadata in MP4 videos
- Added a few new XMP-xmpMM tags and a new XMP-crs tag
- Added some new Minolta/Sony lenses (thanks Jos Roost)
- Added two new CanonModelID's (thanks Norbert Wasser and Laurent Clevy)
- Added two new Canon LensType's (thanks Norbert Wasser)
- Decode a number of Nikon D610 custom settings (thanks Tor)
- Removed a questionable Samsung tag
- Marked TestName tag as "Unsafe" for writing
- Enhanced -progress option with ability to set console window title
- Changed behaviour of %C to increment for each processed file as documented
(was incrementing for each output file created)
- Patched to recreate XMP in the standard location of PNG images when deleting
certain non-standard XMP as a group and recreating in one step
- Fixed runtime warning when writing 0 to MinoltaRaw ISOSetting
- Fixed problem writing SRW images from some newer Samsung models
Aug. 3, 2016 - Version 10.25
- Added a new Pentax PictureMode (thanks Louis Granboulan)
- Added a new Nikon LensID (thanks LibRaw)
- Decode a new Samsung tag (thanks LibRaw)
- Decode a few more Canon tags (thanks Anton Reiser)
- Removed "Avoid" flag for XMP-crs:ColorTemperature
- Changed the format of a number of XMP-GPano tags from integer to real
- Fixed incorrect tag ID's for some obscure Island Graphics EXIF tags
- Fixed decoding of some UTF-8 DNG tags which may be stored in BYTE format
July 27, 2016 - Version 10.24
- Added support for DJI Phantom maker notes
- Added a few more XMP-crs tags
- Added ability to write DNG OpcodeList tags
- Added a new Sony/Minolta LensType (thanks Jos Roost)
- Added a few new FujiFilm Saturation values
- Added a new FujiFlashMode value and fixed an incorrect Italian translation
(thanks Massimo Sanna, ApolloOne)
- Decode more Pentax tags (thanks Louis Granboulan)
- Changed -config option to search the current directory first for the config
file (patches problem introduced in ExifTool 10.21 for Windows where the
working directory might not be searched when using the -config option)
- Changed print conversion of ProcessingTime to show 3 significant digits
- Fixed bug decoding PanasonicRaw DistortionInfo in DNG images
July 14, 2016 - Version 10.23
- Added read support for Ogg Opus audio files
- Added ability to geotag only GPS date/time if no position information is
available by setting Geotag to "DATETIMEONLY" (all caps)
- Added "-charset RIFF" option
- Added a new Sony LensType (thanks Jos Roost)
- Decode a number of new Canon tags (thanks Kai Harrekilde-Petersen)
- Changed handling of special characters in RIFF-format files (eg. AVI, WAV)
- Changed MIME type of OGG files to audio/ogg (was audio/x-ogg)
- Minor change to wording of new Nikon D80 Rotation tag for consistency
- API Changes:
- Added CharsetRIFF option
July 7, 2016 - Version 10.22
- Added read support for BPG images
- Minor changes to a few of the new Nikon tags
- Fixed problem in Windows version where not all 10.21 updates were included
in the release
June 29, 2016 - Version 10.21
- WARNING: The Windows EXE package for this release was built on Windows 10
using Perl 5.24 instead of Windows XP and Perl 5.8 -- please watch for
problems and report anything that you find
- Added a new Minolta/Sony LensType (thanks LibRaw)
- Added a new element to the XMP Colorant structure
- Added a new Pentax lens (thanks Louis Granboulan)
- Decode Nikon D5/D500 AF information (thanks Michael Tapes for samples)
- Decode a number of new Olympus tags (thanks Daniel Pollock)
- Decode a number of new Nikon tags (thanks Warren Hatch)
- Decode Pentax K-1 AF points (thanks Louis Granboulan)
- Extract a new DPX tag
- Patched to avoid writing an empty structure field for an undefined value
Version 3.20.5
--------------
* Some smaller code improvements
Bug fixes:
#772162, When deleting ALL images, the last one stays in preview (F. Riemann)
New and updated translations:
- David King [en_GB]
- Daniel Mustieles [es]
- gogo [hr]
- Hannie Dumoleyn [nl]
- Piotr DrÄg [pl]
- Matej UrbanÄiÄ [sl]
MAJOR CHANGES:
• The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr
are completely removed from the distribution. These tools were written in
the late 1980s and early 1990s for test and demonstration purposes. In some
cases the tools were never updated to support updates to the file format,
or the file formats are now rarely used. In all cases these tools increased
the libtiff security and maintenance exposure beyond the value offered by
the tool.
CHANGES IN LIBTIFF:
• libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not dereference NULL
pointer when values of tags with TIFF_SETGET_C16_ASCII /
TIFF_SETGET_C32_ASCII access are 0-byte arrays. Fixes http://
bugzilla.maptools.org/show_bug.cgi?id=2593 (regression introduced by
previous fix done on 2016-11-11 for CVE-2016-9297). Reported by Henri Salo.
Assigned as CVE-2016-9448
• libtiff/tif_aux.c: fix crash in TIFFVGetFieldDefaulted() when requesting
Predictor tag and that the zip/lzw codec is not configured. Fixes http://
bugzilla.maptools.org/show_bug.cgi?id=2591
• libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make sure that values of
tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are null
terminated, to avoid potential read outside buffer in _TIFFPrintField().
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2590
• libtiff/tif_dirread.c: reject images with OJPEG compression that have no
TileOffsets/StripOffsets tag, when OJPEG compression is disabled. Prevent
null pointer dereference in TIFFReadRawStrip1() and other functions that
expect td_stripbytecount to be non NULL. Fixes http://bugzilla.maptools.org
/show_bug.cgi?id=2585
• libtiff/tif_strip.c: make TIFFNumberOfStrips() return the td->td_nstrips
value when it is non-zero, instead of recomputing it. This is needed in
TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read outsize of
array in tiffsplit (or other utilities using TIFFNumberOfStrips()). Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2587 (CVE-2016-9273)
• libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime
checks to avoid assertions in debug mode, or buffer overflows in release
mode. Can happen when dealing with unusual tile size like YCbCr with
subsampling. Reported as MSVR 35105 by Axel Souchet & Vishal Chauhan from
the MSRC Vulnerabilities & Mitigations
• libtiff/tif_dir.c: discard values of SMinSampleValue and SMaxSampleValue
when they have been read and the value of SamplesPerPixel is changed
afterwards (like when reading a OJPEG compressed image with a missing
SamplesPerPixel tag, and whose photometric is RGB or YCbCr, forcing
SamplesPerPixel being 3). Otherwise when rewriting the directory (for
example with tiffset, we will expect 3 values whereas the array had been
allocated with just one), thus causing a out of bound read access. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127,
duplicate: CVE-2016-3658)
• libtiff/tif_dirwrite.c: avoid null pointer dereference on td_stripoffset
when writing directory, if FIELD_STRIPOFFSETS was artificially set for a
hack case in OJPEG case. Fixes http://bugzilla.maptools.org/show_bug.cgi?id
=2500 (CVE-2014-8127, duplicate: CVE-2016-3658)
• libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to read floating
point images.
• libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample
requirements of floating point predictor (3). Fixes CVE-2016-3622 "Divide
By Zero in the tiff2rgba tool."
• libtiff/tif_pixarlog.c: fix out-of-bounds write vulnerabilities in heap
allocated buffers. Reported as MSVR 35094. Discovered by Axel Souchet and
Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
• libtiff/tif_write.c: fix issue in error code path of TIFFFlushData1() that
didn't reset the tif_rawcc and tif_rawcp members. I'm not completely sure
if that could happen in practice outside of the odd behaviour of
t2p_seekproc() of tiff2pdf). The report points that a better fix could be
to check the return value of TIFFFlushData1() in places where it isn't done
currently, but it seems this patch is enough. Reported as MSVR 35095.
Discovered by Axel Souchet & Vishal Chauhan & Suha Can from the MSRC
Vulnerabilities & Mitigations team.
• libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode if more
input samples are provided than expected by PixarLogSetupEncode. Idea based
on libtiff-CVE-2016-3990.patch from libtiff-4.0.3-25.el7_2.src.rpm by
Nikola Forro, but with different and simpler check. (bugzilla #2544)
• libtiff/tif_read.c: Fix out-of-bounds read on memory-mapped files in
TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond
tmsize_t max value (reported by Mathias Svensson)
• libtiff/tif_read.c: make TIFFReadEncodedStrip() and TIFFReadEncodedTile()
directly use user provided buffer when no compression (and other
conditions) to save a memcpy()
• libtiff/tif_write.c: make TIFFWriteEncodedStrip() and TIFFWriteEncodedTile
() directly use user provided buffer when no compression to save a memcpy
().
• libtiff/tif_luv.c: validate that for COMPRESSION_SGILOG and
PHOTOMETRIC_LOGL, there is only one sample per pixel. Avoid potential
invalid memory write on corrupted/unexpected images when using the
TIFFRGBAImageBegin() interface (reported by Clay Wood)
• libtiff/tif_pixarlog.c: fix potential buffer write overrun in
PixarLogDecode() on corrupted/unexpected images (reported by Mathias
Svensson) (CVE-2016-5875)
• libtiff/libtiff.def: Added _TIFFMultiply32 and _TIFFMultiply64 to
libtiff.def
• libtiff/tif_config.vc.h (HAVE_SNPRINTF): Add a '1' to the HAVE_SNPRINTF
definition.
• libtiff/tif_config.vc.h (HAVE_SNPRINTF): Applied patch by Edward Lam to
define HAVE_SNPRINTF for Visual Studio 2015.
• libtiff/tif_dirread.c: when compiled with DEFER_STRILE_LOAD, fix
regression, introduced on 2014-12-23, when reading a one-strip file without
a StripByteCounts tag. GDAL #6490
• libtiff/*: upstream typo fixes (mostly contributed by Kurt Schwehr) coming
from GDAL internal libtiff
• libtiff/tif_fax3.h: make Param member of TIFFFaxTabEnt structure a uint16
to reduce size of the binary.
• libtiff/tif_read.c, tif_dirread.c: fix indentation issues raised by GCC 6
-Wmisleading-indentation
• libtiff/tif_pixarlog.c: avoid zlib error messages to pass a NULL string to
%s formatter, which is undefined behaviour in sprintf().
• libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif (bugzilla #
2508)
• libtiff/tif_luv.c: fix potential out-of-bound writes in decode functions in
non debug builds by replacing assert()s by regular if checks (bugzilla #
2522). Fix potential out-of-bound reads in case of short input data.
• libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage interface
in case of unsupported values of SamplesPerPixel/ExtraSamples for LogLUV /
CIELab. Add explicit call to TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix
CVE-2015-8665 reported by limingxing and CVE-2015-8683 reported by zzf of
Alibaba.
• libtiff/tif_dirread.c: workaround false positive warning of Clang Static
Analyzer about null pointer dereference in TIFFCheckDirOffset().
• libtiff/tif_fax3.c: remove dead assignment in Fax3PutEOLgdal(). Found by
Clang Static Analyzer
• libtiff/tif_dirwrite.c: fix truncation to 32 bit of file offsets in
TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory
offsets on a even offset (affects BigTIFF). This was a regression of the
changeset of 2015-10-19.
• libtiff/tif_write.c: TIFFWriteEncodedStrip() and TIFFWriteEncodedTile()
should return -1 in case of failure of tif_encodestrip() as documented
• libtiff/tif_dumpmode.c: DumpModeEncode() should return 0 in case of failure
so that the above mentionned functions detect the error.
• libtiff/*.c: fix MSVC warnings related to cast shortening and assignment
within conditional expression
• libtiff/*.c: fix clang -Wshorten-64-to-32 warnings
• libtiff/tif_dirread.c: prevent reading ColorMap or TransferFunction if
BitsPerPixel > 24, so as to avoid huge memory allocation and file read
attempts
• libtiff/tif_dirread.c: remove duplicated assignment (reported by Clang
static analyzer)
• libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_compress.c, libtiff/
tif_jpeg_12.c: suppress warnings about 'no previous declaration/prototype'
• libtiff/tiffiop.h, libtiff/tif_dirwrite.c: suffix constants by U to fix
'warning: negative integer implicitly converted to unsigned type' warning
(part of -Wconversion)
• libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_getimage.c, libtiff/
tif_print.c: fix -Wshadow warnings (only in libtiff/)
CHANGES IN THE TOOLS:
• tools/Makefile.am: The libtiff tools bmp2tiff, gif2tiff, ras2tiff,
sgi2tiff, sgisv, and ycbcr are completely removed from the distribution.
The libtiff tools rgb2ycbcr and thumbnail are only built in the build tree
for testing. Old files are put in new 'archive' subdirectory of the source
repository, but not in distribution archives. These changes are made in
order to lessen the maintenance burden.
• tools/tiff2pdf.c: avoid undefined behaviour related to overlapping of
source and destination buffer in memcpy() call in t2p_sample_rgbaa_to_rgb()
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2577
• tools/tiff2pdf.c: fix potential integer overflows on 32 bit builds in
t2p_read_tiff_size() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=
2576
• tools/fax2tiff.c: fix segfault when specifying -r without argument. Patch
by Yuriy M. Kaminskiy. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=
2572
• tools/tiffinfo.c: fix out-of-bound read on some tiled images. (http://
bugzilla.maptools.org/show_bug.cgi?id=2517)
• tools/tiffcrop.c: fix multiple uint32 overflows in
writeBufferToSeparateStrips(), writeBufferToContigTiles() and
writeBufferToSeparateTiles() that could cause heap buffer overflows.
Reported by Henri Salo from Nixu Corporation. Fixes http://
bugzilla.maptools.org/show_bug.cgi?id=2592
• tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes in
readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet &
Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
• tools/tiff2pdf.c: fix write buffer overflow of 2 bytes on JPEG compressed
images. Reported by Tyler Bohan of Cisco Talos as TALOS-CAN-0187 /
CVE-2016-5652. Also prevents writing 2 extra uninitialized bytes to the
file stream.
• tools/tiffcp.c: fix out-of-bounds write on tiled images with odd tile width
vs image width. Reported as MSVR 35103 by Axel Souchet and Vishal Chauhan
from the MSRC Vulnerabilities & Mitigations team.
• tools/tiff2pdf.c: fix read -largely- outsize of buffer in
t2p_readwrite_pdf_image_tile(), causing crash, when reading a JPEG
compressed image with TIFFTAG_JPEGTABLES length being one. Reported as MSVR
35101 by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
Mitigations team.
• tools/tiffcp.c: fix read of undefined variable in case of missing required
tags. Found on test case of MSVR 35100.
• tools/tiffcrop.c: fix read of undefined buffer in
readContigStripsIntoBuffer() due to uint16 overflow. Probably not a
security issue but I can be wrong. Reported as MSVR 35100 by Axel Souchet
from the MSRC Vulnerabilities & Mitigations team.
• tools/tiffcrop.c: fix various out-of-bounds write vulnerabilities in heap
or stack allocated buffers. Reported as MSVR 35093, MSVR 35096 and MSVR
35097. Discovered by Axel Souchet and Vishal Chauhan from the MSRC
Vulnerabilities & Mitigations team.
• tools/tiff2pdf.c: fix out-of-bounds write vulnerabilities in heap allocate
buffer in t2p_process_jpeg_strip(). Reported as MSVR 35098. Discovered by
Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities & Mitigations
team.
• tools/tiff2bw.c: fix weight computation that could result of color value
overflow (no security implication). Fix bugzilla #2550. Patch by Frank
Freudenberg.
• tools/rgb2ycbcr.c: validate values of -v and -h parameters to avoid
potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
• tools/tiffcrop.c: Fix out-of-bounds write in loadImage(). From patch
libtiff-CVE-2016-3991.patch from libtiff-4.0.3-25.el7_2.src.rpm by Nikola
Forro (bugzilla #2543)
• tools/tiff2rgba.c: Fix integer overflow in size of allocated buffer, when
-b mode is enabled, that could result in out-of-bounds write. Based
initially on patch tiff-CVE-2016-3945.patch from
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for invalid
tests that rejected valid files. (bugzilla #2545)
• tools/tiffcrop.c: Avoid access outside of stack allocated array on a tiled
separate TIFF with more than 8 samples per pixel. Reported by Kaixiang
Zhang of the Cloud Security Team, Qihoo 360 (CVE-2016-5321 / CVE-2016-5323
, bugzilla #2558 / #2559)
• tools/tiffdump.c: fix a few misaligned 64-bit reads warned by -fsanitize
• tools/tiffdump.c (ReadDirectory): Remove uint32 cast to _TIFFmalloc()
argument which resulted in Coverity report. Added more mutiplication
overflow checks.
Upstream changes:
(from https://github.com/ruby-gnome2/ruby-gnome2/blob/3.1.0/NEWS)
== Ruby-GNOME2 3.10.0: 2016-11-12
=== Changes
* Improvements
* update README.
[Patch by cedlemo]
* fix format in README.
* use pthread version of MinGW in build-windows.sh.
* improve main Rakefile.
* windows : update bundled versions.
* Fixes
* fix path in gem:windows:push in main Rakefile.
* fix markup in NEWS file.
* use Win32 thread again in build-windows.sh.
* libmount is required for GLib on Linux.
* install libgtk-3-dev explicitly.
==== All
==== Ruby/GIO2
* Improvements
* make (({Gio::SettingsSchemaSource#list_schemas})) Rubyish.
* make (({Gio::Settings#set_value})) Rubyish.
* support array like API for (({Gio::Settings})).
* (({Gio::ActionMap#add_action})) accepts :state
* simplify, load (({Gio::File})) with GObject-Introspection loader.
* simplify (({Gio::ContentType})) implementation.
* Fixes
* add missing required argument in test-settings-schema-source.rb.
* add version check in Gio tests.
* increase required version.
* fix typo in action-map.rb.
[Path by cedlemo]
==== Ruby/GLIB2
* Improvements
* New implementation of GRClosure with new APIS:
* RGClosureCallData
* RGClosureCallFunc
* rbgobj_set_signal_call_func()
* rbgobj_get_signal_call_func()
* g_rclosure_new_call()
* support exit_application error message when no backtrace.
* improve rbg_scan_options() performance
* show all backtrace on GLib log.
[GitHub#935][Suggested by Matijs van Zuijlen]
* Fixes
* windows:
* Fix indent in windows-binary-build-task.rb.
* Export glib2_binary_base_dir.
* Remove needless "windows_" in methods name in windows-binary-build-task.rb.
* add a debug argument for make command.
* add GNOME2::Rake::WindowsBinaryBuildTask#binary_base_dir
* fix a bug that SIGUSR1 breaks main loop.
[GitHub#933][Reported by Vegard Sandengen]
* fix error messages typo
[Patch by dai-vr]
* fix typo in rbgutil.c.
[Patch by Kazuhiro NISHIYAMA]
* fix style in rbglib_messages.c
* remove needless check in rbglib_messages.c and extconf.rb
==== Ruby/GStreamer
* Improvements
* Fixes
* fix text_color_example.rb demo.
[Patch by cedlemo]
==== Ruby/GObjectIntrospection
* Improvements
* support GVariant string array to Ruby
[Patch by Konstantinos Natsakis]
* use g_variant_iter_init () to reduce dynamic memory allocation
* support omitting allow-null arguments in middle of arguments
* improve performance in callable-info.rb.
* reduce needless method calls.
* simplify invoke arguments in rb-gi-method-info.c, it improves performance.
* support "can_be_" as predicate prefix.
* improve performance calling a method. It catches data from info.
* add GI.load shortcut for fast load.
* Fixes
* use short for 16bit Integer.
* accept Array of numbers for gint8/guint8 array
* wrong condition in function info arguments management.
* use suitable type macros in ruby to C code from rb-gi-argument.c.
* assign temporary Ruby object to local variable to guard from GC.
* fix name conflict in rb-gi-argument.c.
[Reported by kitone]
* touch unrefed object in rb-gi-argument.c.
* support array of UTF-8.
* fill from last omitted arguments in function arguments loader.
* add a missing all required case check in function arguments loader.
* use rbg_variant_to_ruby in rb-gi-argument.c.
* define unlock_gvl as info method.
* fix typo in rb-gi-function-info.c.
* don't fill missing arguments when given N arguments is less.
* sink created GObject based object by default.
* fix wrong default argument fill condition.
* fix limit when loading arguments infos.
[GitHub#895][Reported by cedlemo]
* fix libffi return value handling.
[GitHub#758][Reported by Mamoru TASAKA]
* do not try to run a gtk demo when the user provide a bad demo name.
[Patch by cedlemo]
* focus on the related line in the TreeView when running demo from command line.
[Patch by cedlemo]
* do nothing for void type return type.
[GitHub#952][Reported by cedlemo]
* return value is return type is void but pointer.
* windows : update patch support-external-g-ir-scanner.diff.
==== Ruby/GDK
* Improvements
* make (({Gdk::EventFocus#in})) rubyish.
* add init hook as Gdk.on_init
* Fixes
* backport a patch to fix build error.
==== Ruby/GdkPixbuf2
* Improvements
* support loading from file.
* Fixes
* fix dependency in Rakefile.
[GitHub#862][Reported by Mamoru TASAKA]
* add missing gio2 dependency in tests.
* add missing variable in tests.
* omit a test that failed by float error on i386
[GitHub#898][Reported by Mamoru TASAKA]
==== Ruby/GTK3
* Improvements
* support for (({Gtk::SpinButton::input})) signal.
[GitHub#855][Reported cedlemo]
* new gtk demo spinbutton.
[Patch by cedlemo]
* add demo search_entry.rb
[Patch by cedlemo]
* update gtk demos to use class form instead of module form.
[Patches by cedlemo]
* add listbox gtk demo.
[Patch by cedlemo]
* update editable_cells demo.
[Patch by cedlemo]
* add glarea demo.
[Patch by cedlemo]
* update transparent demo.
[Patch by Arjun Menon]
* update theming_style_classes demo.
[Patch by Arjun Menon]
* update textscroll demo.
[Patch by Arjun Menon]
* update stack demo.
[Patch by Arjun Menon]
* update spinbutton demo.
[Patch by Arjun Menon]
* create (({Gtk::TreeModel#create_filter})) as an alias of #filter_new.
* Fixes
* load demos as classes instead of modules in main.rb.
[Patch by cedlemo]
* enable Gtk::Rc deprecation.
* fix treemodelfilter sample issue.
* force LC_NUMERIC to C when gtk3 is initialized.
[Patch by cedlemo]
==== Ruby/WebKitGTK
* Improvements
* Fixes
* windows :
* update dependencies in Rakefile and patches.
* use Ubuntu 16.04 as build environment.
* install jsmin
==== Ruby/WebKit2GTK
* Improvements
* Fixes
* windows :
* update Rakefile and patches.
* support auto latest version detection.
==== Ruby/ClutterGdk
* Improvements
* Fixes
* add init hook as Clutter.on_init.
* add Clutter and Gdk integration API.
==== Ruby/ClutterGtk
* Improvements
* add clutter-gdk dependency.
* Fixes
* window-test.rb sample : use icons only included in the default theme.
* remove needless pack method usage in test.rb sample.
* follow improved API in event.rb sample.
==== Ruby/ClutterGdk
* Improvements
* create a GObject-Introspection loader.
[Patch by cedlemo]
* Fixes
* update description in README and in Rakefile.
* remove needless code in Rakefile.
* remove needless code in GObject-Introspection loader. ClutterGdk is part of Clutter.
==== Ruby/GStreamer
* Improvements
* add (({Gst::Bin#each})).
[GitHub#927][Reported by cedlemo]
* add only_gstreamer_version method.
* Fixes
* use post_load in order to use require_libraries.
==== Ruby/Pango
* Fixes
* pango windows: remove needless patch.
==== Thanks
* Arjun Menon
* cedlemo
* dai-vr
* Kazuhiro NISHIYAMA
* kitone
* Konstantinos Natsakis
* Mamoru TASAKA
* Matijs van Zuijlen
* Vegard Sandengen
