Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libGraphicsMagick++-Q16-12-1.3.35-3.4.1 RPM for armv7hl

From OpenSuSE Ports Leap 15.5 for armv7hl

Name: libGraphicsMagick++-Q16-12 Distribution: openSUSE Step 15
Version: 1.3.35 Vendor: openSUSE
Release: 3.4.1 Build date: Tue Oct 18 00:13:34 2022
Group: System/Libraries Build host: armbuild22
Size: 378660 Source RPM: GraphicsMagick-1.3.35-3.4.1.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.GraphicsMagick.org/
Summary: C++ interface for the GraphisMagick image conversion library
GraphicsMagick provides an image manipulation and translation utility
and library. It can read and write over 88 image formats, including
JPEG, TIFF, WMF, SVG, PNG, PNM, GIF, andPhoto CD. It also allows to
resize, rotate, sharpen, color reduce, or add special effects to an
image and to save the result to any supported format. GraphicsMagick
may be used to create animated or transparent .gifs, to composite
images, and to create thumbnail images.

This subpackage contains C++ interface to GraphicsMagick library.

Provides

Requires

License

MIT

Changelog

* Tue Apr 12 2022 pgajdos@suse.com
  - security update
  - added patches
    fix CVE-2022-1270 [bsc#1198351], Heap buffer overflow when parsing MIFF
    + GraphicsMagick-CVE-2022-1270.patch
* Tue Aug 25 2020 callumjfarmer13@gmail.com
  - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Tue Jun 02 2020 pgajdos@suse.com
  - security update
  - added patches
    fix CVE-2020-12672 [bsc#1171271], heap-based buffer overflow in ReadMNGImage in coders/png.c.
    + GraphicsMagick-CVE-2020-12672.patch
* Wed Mar 25 2020 pgajdos@suse.com
  - version update to 1.3.35
    Special Issues:
    * It has been discovered that the 'ICU' library (a perhaps 30MB C++
      library) which is now often a libxml2 dependendency causes huge
      process initialization overhead.  This is noticed as unexpected
      slowness when GraphicsMagick utilities are used to process small to
      medium sized files.  The time to initialize the 'ICU' library is
      often longer than the time that GraphicsMagick would otherwise
      require to read the input file, process the image, and write the
      output file.  If the 'ICU' dependency can not be avoided, then make
      sure to use the modules build so there is only impact for file
      formats which require libxml2.  Please lobby the 'ICU' library
      developers to change their implementation to avoid long start-up
      times due to merely linking with the library.
    Security Fixes:
    * GraphicsMagick is now participating in Google's oss-fuzz project due
      to the contributions and assistance of Alex Gaynor. Since February 4
      2018, 398 issues have been opened by oss-fuzz (some of which were
      benign build issues) and 11 issues remain open.
      The issues list is available at
      https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
      "graphicsmagick".  Issues are available for anyone to view and
      duplicate if they have been in "Verified" status for 30 days, or if
      they have been in "New" status for 90 days.  There are too many
      fixes to list here.  Please consult the GraphicsMagick ChangeLog
      file, Mercurial repository commit log, and the oss-fuzz issues list
      for details.
    Bug fixes:
    * Fix broken definition of ResourceInfinity which resulted in that
      GetMagickResource() would return -1 rather than the maximum range
      value for the return type as documented. (problem added by the
      1.3.32 release).
    * ModifyCache(): Re-open the pixel cache if the cache rows/columns do
      not match the owning image rows/columns.
    * Fix DisplayImages() return status.  The return status was inverted.
    * HISTOGRAM: Histogram once again includes the histogram as a text
      comment.  This became broken by previous security fixes.
    * PICT: Fixed heap buffer overuns reported multiple sources.
    * JNG: Detect when JPEG encoder has failed and throw an exception.
    * MVG/DrawImage(): Performs even more parsing validations.
    * Clang static analyzer fixes: A great many fixes were made based on
      problem reports by the Clang static analyzer.
    * Visual Studio static analyzer fixes: A great many fixes were made
      based on problem reports by the Visual Studio 2019 static analyzer.
      Many of these may improve the robustness of 64-bit code.
    New Features:
    * GRADIENT/GradientImage(): Improved accuracy of gradient levels as
      well as dramaticaly improving performance.  Output PseudoClass
      images if we can.  Add support for using the image 'gravity'
      attribute as well as the "gradient:direction" definition to produce
      gradient vector directions corresponding to SouthGravity (the
      previously-existing default), NorthGravity, WestGravity,
      EastGravity, NorthWestGravity, NorthEastGravity, SouthWestGravity,
      and SouthEastGravity.
    API Updates:
    * InitializeMagickEx(): New function which may be used in place of
      InitializeMagick() to initialize GraphicsMagick.  This
      initialization function returns an error status value, may update a
      passed ExceptionInfo structure with error information, and provides
      an options parameter which supports simple bit-flags to tailor
      initialization.  The signal handler registrations are skipped if the
      MAGICK_OPT_NO_SIGNAL_HANDER flag is set in the options.
    Feature improvements:
    * Replace use of non-reentrant legacy POSIX functions with reentrant
      equivalents.
    * Timing of image reads should now be very accurate.  The timer was
      sometimes not stopped as soon as it should be.
    * PICT: The PICT reader is working pretty good now.  It handles all
      the PICT image files I have available to me.
    Behavior Changes:
    * POSIX Signals: Use the normal termination signal handler for SIGXCPU
      and SIGXFSZ so that ulimit or setrlimit(2) may be used to apply CPU
      (RLIMIT_CPU) and output file size (RLIMIT_FSIZE) limits with the
      normal cleanup, and without dumping core. Note that any output files
      currently being written may be truncated and files being written by
      external programs (e.g. Ghostscript) might be left behind unless
      they are to a temporary file assigned by GraphicsMagick.
    * Some private string and integer constants were removed from the
      apparent library ABI.  Some private functions were marked static and
      removed from the apparent library ABI.  This is mentioned because
      someone is sure to notice and be concerned about it.
    * The remaining private content in installed header files was moved
      into -private.h header files which are not installed.  This should
      not be cause for concern but is mentiond because someone is sure to
      notice and be concerned about it.
* Mon Jan 06 2020 stefan.bruens@rwth-aachen.de
  - Remove xorg-x11-fonts runtime Requires, gm display no longer
    fails when it is missing (see boo#619103).
  - Cleanup, replace $RPM_OPT_FLAGS with %optflags
* Sat Jan 04 2020 suse+build@de-korte.org
  - Revert the change to relinquish resources used by OpenMP on all
    devices. There are concerns upstream that this might break
    applications that use OpenMP too and suddenly find their threads
    closed (remove GraphicsMagick-wait-for-threads-close.patch)
* Thu Jan 02 2020 suse+build@de-korte.org
  - Due to a broken check, it wasn't noticed the typemap file is
    already provided in the source archive (removed typemap)
* Sun Dec 29 2019 suse+build@de-korte.org
  - Relinquish resources used by OpenMP on all devices (GCC >= 9)
    + GraphicsMagick-wait-for-threads-close.patch
  - Set configure options to what is actually build
* Fri Dec 27 2019 suse+build@de-korte.org
  - version update to 1.3.34
    * DPS: Eliminate a memory leak.
    * Debug Trace: Only output text to terminate an XML format log file
      if XML format is active.
    * EXIF Parser: Detect non-terminal parsing and report an error.
    * EXIF Parser: Eliminate heap buffer overflows.
    * HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.
    * MAT: Implement subimage/subrange support.
    * MVG: Address non-terminal loops, excessive run-time, thrown
      assertions, divide-by-zero, heap overflow, and memory leaks.
    * OpenModule(): Now properly case-insensitive, as it used to be.
    * PCX: Verify that pixel region is not negative. Assure that opacity
      channel is initialized to opaqueOpacity. Update DirectClass
      representation while PseudoClass representation is updated.
      Improve read performance with uncompressed PCX.
    * PICT: Fix heap overflow in PICT writer.
    * PNG: Fix validation of raw profile length.
    * PNG: Skip coalescing layers if there is only one layer.
    * PNM: Fix denial of service opportunity by limiting the length of
      PNM comment text.
    * WPG: Avoid Avoid dereferencing a null pointer.
    * WPG: Implement subimage/subrange support.
    * WPG: Improve performance when reading an embedded image.
    * Wand library: In MagickClearException(), destroy any existing
      exception info before re-initializing the exception info or else
      there will be a memory leak.
    * XPM: Rquire that image properties appear in the first 512 bytes
      of the XPM file header.
    * Compliles clean using GCC 9.
    * Python scripts related to the build (enabled by --enable-maintainer-mode)
      are now compatible with Python 3.
    * Now supports using Google gperftools tcmalloc library for the memory
      allocator. This improves performance for certain repetitive work-loads
      and heavily-threaded algorithms.
    * Configure now reports the status of zstd (FaceBook Zstandard)
      compression in its configuration summary.
    * TclMagick: Address many issues mentioned by SourceForge issue #420
      "TclMagick issues and patch".
    * PNG: Post-processing to convert the image type in the PNG reader based
      on a specified magick prefix string is now disabled. This can (and
      should) be done after the image has been returned.
    * Trace Logging: The compiled-in logging default is always to stderr,
      which may be over-ridden using log.mgk as soon as it is loaded.
* Tue Oct 08 2019 pgajdos@suse.com
  - version update to 1.3.33
    * It has been discovered that the 'ICU' library (a perhaps 30MB C++
      library) which is now often a libxml2 dependendency causes huge
      process initialization overhead.  This is noticed as unexpected
      slowness when GraphicsMagick utilities are used to process small to
      medium sized files.  The time to initialize is often longer than the
      time to read the input file, process the image, and write the output
      file.  If the 'ICU' dependency can not be avoided, then make sure to
      use the modules build.  Please lobby the 'ICU' library developers to
      change their implementation to avoid long start-up times due to
      merely linking with the library.
    * GraphicsMagick is now participating in Google's oss-fuzz project due
      to the contributions and assistance of Alex Gaynor. Since February 4
      2018, 353 issues have been opened by oss-fuzz and 338 of those
      issues have been resolved.  The issues list is available at
      https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
      "graphicsmagick".  Issues are available for anyone to view and
      duplicate if they have been in "Verified" status for 30 days, or if
      they have been in "New" status for 90 days.  There are too many
      fixes to list here.  Please consult the GraphicsMagick ChangeLog
      file, Mercurial repository commit log, and the oss-fuzz issues list
      for details.
    * Documentation has been added regarding security hazards due to
      commands which support a '@filename' syntax.
    * MontageImages(): Fix wrong length argument to strlcat() when
      building montage directory, which could allow heap overwrite.
    * PNG: Pass correct size value to strlcat() in module registration
      code.  This bug is noticed to cause problems for Apple's OS X and
      Linux Alpine with musl libc.  This fixes a regression introduced by
      the 1.3.32 release.
    * Re-implement command-line utility `'@'` file inclusion support for
      `-comment`, `-draw`, `-format`, and `-label` which was removed for
      the 1.3.32 release.  The new implementation is isolated to
      command-line utility implementation code rather than being deeply
      embedded in the library and exposed in other usage contexts.  This
      fixes a regression introduced by the 1.3.32 release.
    * CAPTION: The The CAPTION reader did not appear to work at all any
      more.  Now it works again, but still not very well.
    * MagickXDisplayImage(): Fix heap overwrite of windows->image.name and
      windows->image.icon_name buffers.  This bug has surely existed since
      early GraphicsMagick releases.
    * MagickXAnimateImages(): Fix memory leak of scene_info.pixels.
    * AcquireTemporaryFileDescriptor(): Fix compilation under Cygwin. This
      fixes a regression introduced by the 1.3.32 release.
    * PNG: Fix saving to palette when mage has an alpha channel but no
      color is marked as transparent.
    * Compilation warnings in the Visual Studio WIN64 build due to the
      'long' type being only 32-bits have been addressed.
* Wed Aug 21 2019 pgajdos@suse.com
  - drop JPEG2000 support [bsc#1144240]
* Mon Jul 15 2019 stefan.bruens@rwth-aachen.de
  - Cleanup BuildRequires:
    * Remove ghostscript-library (support removed  upstream)
    * Use ghostscript-mini (sufficient for path and feature detection)
      instead of full ghostscript (implicitly added by ghostscript-library)
    * Remove ghostscript-fonts-other (unused).
* Tue Jun 18 2019 pgajdos@suse.com
  - version update to 1.3.32
    New Features:
    * Added support for writing the Braille image format (by Samuel
      Thibault).
    * WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use
      sharp (and slow) RGB->YUV conversion") via `-define
      webp:use-sharp-yuv=true`.
    * The version command output now reports the OpenMP specification
      number rather than just the integer version identifier.
    API Updates:
    * ReallocateImageColormap() added to re-allocate an existing colormap.
    * Some improperly-exposed globals are now static as they should have
      been.
    * The 'benchmark' command now shows 6 digits (microseconds) of elapsed
      time indication.
    * The 'time' command now shows 6 digits (microseconds) of elapsed time
      indication.
    * The logging facility now shows 6 digits (microseconds) of time
      resolulution
    * Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw
      so that it returns a 16-bit/sample image.
    * Dcraw: If Dcraw supports TIFF format, then request TIFF format in
      order to be able to acquire more metatdata.
    * Scale algorithm: Eliminate artifacts when scaling an image with
      semi-transparent pixels.
    * Library metrics: The number of shared library relocations and the
      amount of initialized data has been signficantly reduced by
      following recommendations from Ulrich Drepper's document `How To
      Write Shared Libraries <https://akkadia.org/drepper/dsohowto.pdf>`_.
    (Security) Bug Fixes:
    * see NEWS.txt
    * fixes [bsc#1138425]
* Wed Dec 19 2018 pgajdos@suse.com
  - asan_build: build ASAN included
  - debug_build: build more suitable for debugging
* Wed Dec 19 2018 pgajdos@suse.com
  - update to 1.3.31:
    Special Issues:
    * Firmware and operating system updates to address the Spectre
      vulnerability (and possibly to some extent the Meltdown
      vulnerability) have substantially penalized GraphicsMagick's OpenMP
      performance.  Performance is reduced even with GCC 7 and 8's
      improved optimizers. There does not appear to be anything we can do
      about this.
    Security Fixes:
    * GraphicsMagick is now participating in Google's oss-fuzz project due
      to the contributions and assistance of Alex Gaynor.
    Bug fixes:
    * See above note about oss-fuzz fixes.
    * CINEON: Fix unexpected hang on a crafted Cineon image.  SourceForge
      issue 571.
    * Drawing recursion is limited to 100 and may be tuned via the
      MAX_DRAWIMAGE_RECURSION pre-processor definition.
    * Fix reading MIFF files using legacy keyword 'color-profile' for ICC
      color profile as was used by ImageMagick 4.2.9.
    * Fix reading/writing files when 'magick' is specified in lower case.
      This bug was a regression in 1.3.30.
    New Features:
    * TIFF: Support Zstd compression in TIFF.  This requires libtiff
      4.0.10 or later.
    * TIFF: Support WebP compression in TIFF.  This requires libtiff
      4.0.10 or later.
    API Updates:
    * MagickMonitor() is marked as deprecated.
  - see NEWS.txt for more details
* Wed Aug 22 2018 pgajdos@suse.com
  - disable PS, PS2, PS3 and PDF coders by default, remove gs calls
    from delegates.mgk [bsc#1105592]
    + GraphicsMagick-disable-insecure-coders.patch
* Fri Aug 03 2018 idonmez@suse.com
  - update to 1.3.30:
    * Security Fixes:
      . GraphicsMagick is now participating in Google's oss-fuzz project due
      to the contributions and assistance of Alex Gaynor. Since February 4
      2018, 238 issues have been opened by oss-fuzz and 230 of those
      issues have been resolved.  The issues list is available at
      https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
      "graphicsmagick".  Issues are available for anyone to view and
      duplicate if they have been in "Verified" status for 30 days, or if
      they have been in "New" status for 90 days.  There are too many
      fixes to list here.  Please consult the GraphicsMagick ChangeLog
      file, Mercurial repository commit log, and the oss-fuzz issues list
      for details.
      . SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
      PointInfo arrays.  This is another manefestation of CVE-2016-2317,
      which should finally be fixed correctly due to active
      detection/correction of pending overflow rather than using
      estimation.
    * Bug fixes:
      . Many oss-fuzz fixes are bug fixes.
      . Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).
      . MIFF: Detect end of file while reading image directory.
      . SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).
      . The AlphaCompositePixel macro was producing wrong results when the
      output alpha value was not 100% opaque. This is a regression
      introduced in 1.3.29.
      . TILE: Fix problem with tiling JPEG images because the size request
      used by the TILE algorithm was also causing re-scaling in the JPEG
      reader.  The problem is solved by stripping the size request before
      reading the image.
    * API Updates:
      . The size of PrimitiveInfo (believed to be an internal/private
      structure but in a header which is installed, has been increased to
      store a 'flags' argument. This is intended to be an internal
      interface but but may be detected as an ABI change.
    * Behavior Changes:
      . JPEG: The JPEG reader now allows 3 warnings of any particular type
      before giving up on reading and throwing an exception.  This choice
      was made after observing files which produce hundreds of warnings
      and consume massive amounts of memory before reading the image data
      has even started.  It is currently unknown how many files which were
      previously accepted will be rejected by default.  The number of
      allowed warnings may be adjusted using '-define
      jpeg:max-warnings=<value>'.  The default limit will be adjusted
      based on reported user experiences and may be adjusted prior to
      compilation via the MaxWarningCount definition in coders/jpeg.c.
* Wed May 23 2018 pgajdos@suse.com
  - update to 1.3.29:
    * Security Fixes:
      . GraphicsMagick is now participating in Google's oss-fuzz project
      . JNG: Require that the embedded JPEG image have the same dimensions
      as the JNG image as provided by JHDR. Avoids a heap write overflow.
      . MNG: Arbitrarily limit the number of loops which may be requested by
      the MNG LOOP chunk to 512 loops, and provide the '-define
      mng:maximum-loops=value' option in case the user wants to change the
      limit.  This fixes a denial of service caused by large LOOP
      specifications.
    * Bug fixes:
      . DICOM: Pre/post rescale functions are temporarily disabled (until
      the implementation is fixed).
      . JPEG: Fix regression in last release in which reading some JPEG
      files produces the error "Improper call to JPEG library in state
      201".
      . ICON: Some DIB-based Windows ICON files were reported as corrupt to
      an unexpectedly missing opacity mask image.
      . In-memory Blob I/O: Don't implicitly increase the allocation size
      due to seek offsets.
      . MNG: Detect and handle failure to allocate global PLTE. Fix divide
      by zero.
      . DrawGetStrokeDashArray(): Check for failure to allocate memory.
      . BlobToImage(): Now produces useful exception reports to cover the
      cases where 'magick' was not set and the file format could not be
      deduced from its header.
    * API Updates:
      . Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(),
      MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap()
      based on contributions by Troy Patteson.
      . New structure ImageExtra added and Image 'clip_mask' member is
      replaced by 'extra' which points to private ImageExtra allocation.
      The ImageGetClipMask() function now provides access to the clip mask
      image.
      . New structure DrawInfoExtra and DrawInfo 'clip_path' is replaced by
      'extra' which points to private DrawInfoExtra allocation.  The
      DrawInfoGetClipPath() function now provides access to the clip path.
      . New core library functions: GetImageCompositeMask(),
      CompositeMaskImage(), CompositePathImage(), SetImageCompositeMask(),
      ImageGetClipMask(), ImageGetCompositeMask(), DrawInfoGetClipPath(),
      DrawInfoGetCompositePath()
      . Deprecated core library functions: RegisterStaticModules(),
      UnregisterStaticModules().
    * Feature improvements:
      . Static modules (in static library or shared library without
      dynamically loadable modules) are now lazy-loaded using the same
      external interface as the lazy-loader for dynamic modules.  This
      results in more similarity between the builds and reduces the fixed
      initialization overhead by only initializing the modules which are
      used.
      . SVG: The quality of SVG support has been significantly improved due
      to the efforts of Greg Wolfe.
      . FreeType/TTF rendering: Rendering fixes for opacity.
* Tue Feb 20 2018 crrodriguez@opensuse.org
  - Add explicit buildrequires on: pkgconfig(libwebpmux),
    pkgconfig(libpng), pkgconfig(x11), pkgconfig(xext),
    pkgconfig(zlib), libjpeg-devel. all
    of them direct build dependencies but not included in
    the spec file
* Wed Jan 24 2018 pgajdos@suse.com
  - update to 1.3.28:
    * Security Fixes:
      BMP: Fix non-terminal loop due to unexpected bit-field mask
      value (DOS opportunity).
      PALM: Fix heap buffer underflow in builds with QuantumDepth=8.
      SetNexus() Fix heap overwrite under certain conditions due to
      using a wrong destination buffer. This issue impacts all
      1.3.X releases.
      TIFF: Fix heap buffer read overflow in LocaleNCompare() when
      parsing NEWS profile.
    * Bug fixes:
      DescribeImage(): Eliminate possible use of null pointer.
      GIF: Fix memory leak of global colormap in error path.
      GZ: Writing to gzip files with the extension ".gz" was
      not working with Zlib 1.2.8.
      JNG: Fix buffer read overflow (a tiny fixed overflow of just
      one byte).
      JPEG: Promoting certain libjpeg warnings to errors caused
      much more problems than expected. The promotion of
      warnings to errors is removed. Claimed pixel dimensions
      are validated by file size before allocating memory for
      the pixels.
      IntegralRotateImage(): Assure that reported error in rotate by
      270 case does immediately terminate processing.
      MNG: Fix possible null pointer reference related to DEFI chunk
      parsing. Fix minor heap read overflow (constrained to just
      one byte) due to an ordering issue in a limit check. Fix
      memory leaks in error path.
      WebP: Fix stack buffer overflow in WriteWEBPImage() which
      occurs with libwebp 0.5.0 or newer due to a structure type
      change in the structure passed to the progress monitor
      callback.
      WPG: Memory leaks fixed.
    * API Updates:
      InterpolateViewColor(): This function now returns MagickPassFail
      (an unsigned int) rather than void so that errors can be
      efficiently reported.
      The magick/pixel_cache.h header is updated to add deprecation
      attributes such that code using GetPixels(), GetIndexes(),
      and GetOnePixel() will produce deprecation warnings for
      compilers which support them. These functions will not be
      removed in the 1.3.X release series and when they are
      removed, pre-processor macros will be added so a replacement
      function is used instead. There is a long-term objective to
      eliminate functionally-redundant pixel cache functions to
      only the ones with the best properties since this reduces
      maintenance and may reduce the depth of the call stack
      (improving performance).
    * removed unneded GraphicsMagick-release-date-missing-quote.patch
* Wed Jan 10 2018 pgajdos@suse.com
  - update to 1.3.27:
    * New Features:
      . PNG: Implemented eXIf chunk support.
      . WEBP: Add support for EXIF and ICC metadata provided that at
      least libwebp 0.5.0 is used.
      . Magick++ Image autoOrient(): New Image method to auto-orient an
      image so it looks right-side up by default.
    * Behavior Changes:
      . PALM: PALM writer is disabled.
      . ThrowLoggedException(): Capture the first exception
      at ErrorException level or greater, or only capture exception
      if it is more severe than an already reported exception.
      . DestroyJNG(): This internal function is now declared static
      and is removed from shared library or DLL namespace.
    * lot of security and other bug fixes, see
      https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/1.3.27/
  - added GraphicsMagick-release-date-missing-quote.patch
* Tue Sep 19 2017 pgajdos@suse.com
  - builds for sle11
* Mon Sep 11 2017 pgajdos@suse.com
  - fix perl bindings
    + GraphicsMagick-perl-linkage.patch from fedora
  - turn on perl test suite
* Mon Jul 24 2017 jengelh@inai.de
  - Trim descriptions. Redo summaries and RPM groups.
* Fri Jul 21 2017 tchvatal@suse.com
  - Drop patches not meintioned in the changelog ever:
    * GraphicsMagick-debian-fixed.patch
    * GraphicsMagick-include.patch
    * GraphicsMagick-perl-link.patch
    * The package builds just fine without them and there is no
      refference explaining it
  - Convert the deps to pkgconfig variants where possible.
* Fri Jul 21 2017 tchvatal@suse.com
  - Version update to 1.3.26:
    * DPX: Fix excessive use of memory (DOS issue) due to file header
      claiming large image dimensions but insufficient backing
      data. (CVE-2017-10799 bsc#1047054).
    * JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
    * MAT: Fix excessive use of memory (DOS issue) due to continuing
      processing with insufficient data and claimed large image
      size. Verify each file extent to make sure that it is within range
      of file size. (CVE-2017-10800 bsc#1047044).
    * META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
    * PCX: Fix denial of service issue.
    * RLE: Fix abnomally slow operation (denial of service issue) with
      intentionally corrupt colormapped file.
    * PICT: Fix possible buffer overflow vulnerability given suitably
      truncated input file.
    * PNG: Enforce spec requirement that the dimensions of the JPEG
      embedded in a JDAT chunk must match the JHDR dimensions
      (CVE-2016-9830).
    * PNG: Avoid NULL dereference when MAGN chunk processing fails.
    * SCT: Fix stack-buffer read overflow (underflow?) while reading SCT
      header.
    * SGI: Fix denial of service issues.  Delay large memory allocations
      until file header has fully passed sanity checks.
    * TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to
      have only 2 samples per pixel (CVE-2017-6335 bsc#1027255).
    * TIFF: Fix out of bounds read when reading RGB TIFF which claims to
      have only 1 sample per pixel (CVE-2017-10794).
    * WPG: Fix heap overflow (CVE-2016-7996).  Fix assertion crash
      (CVE-2016-7997).
    * DifferenceImage(): Fix Fix all-black difference image if an input
      file is colormapped.
    * EXIF orientation was not being properly detected for some files.
    * -frame: The `import` command -frame handling was improperly
      implemented and was using already freed data.
    * GIF: Fixes for "Excessive LZW string data" problem.
    * Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and
      PathSmoothCurvetoRel::operator().
    * PAM: Support writing GRAYSCALE PAM format.
    * PNG: Fix memory leaks.
    * SVG: Fixed a memory leak.  Fixed a possible null pointer dereference.
    * TclMagick: Problem that TkMagick could not resolve functions from
      TclMagick under Linux is fixed.
    * TclMagick: Fix parser validatation in magickCmd() to avoid crash
      given a syntax error.
    * TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG
      library in state 0. (LibJpeg).").
    * TXT: Fixed memory leak.
    * XCF: Error checking is improved.
    * EXIF rotation: Support is added such that the EXIF orientation tag
      is updated when the image is rotated.
    * MAT: Now support reading multiple images from Matlab V4 format.
    * Magick++: Orientation method now updates orientation in EXIF
      profile, if it exists.
    * Magick++: Added Image attribute method which accepts a 'char *'
      argument, and will remove the attribute if the value argument is
      NULL.
    * -orient: The -orient command line option now also updates the
      orientation in the EXIF profile, if it exists.
    * PGX: Support PGX JPEG 2000 format for reading and writing (within
      the bounds of what JasPer supports).
    * Wand API: Added MagickAutoOrientImage(),
      MagickGetImageOrientation(), MagickSetImageOrientation(),
      MagickRemoveImageOption(), and MagickClearException().
  - Drop merged patch GraphicsMagick-CVE-2017-8350.patch
* Mon Jun 26 2017 pgajdos@suse.com
  - complementary fix for CVE-2017-8350 [bsc#1036985 c13-c21]
    * GraphicsMagick-CVE-2017-8350.patch
* Mon Sep 26 2016 pgajdos@suse.com
  - update to 1.3.25:
    * EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
      overflow in EscapeParenthesis() used in the text annotation code.
      While not being able to reproduce the issue, the implementation of
      this function is completely redone.
    * Utah RLE: Reject truncated/absurd files which caused huge memory
      allocations and/or consumed huge CPU.  Problem was reported by
      Agostino Sarubbo based on testing with AFL.
    * SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
      the MVG rendering code (also impacts SVG).
    * TIFF: Fix heap buffer read overflow while copying sized TIFF
      attributes.  Problem was reported by Agostino Sarubbo based on
      testing with AFL.
* Thu Jun 23 2016 meissner@suse.com
  - Build "gm" as position independend executable (PIE).
* Mon Jun 06 2016 pgajdos@suse.com
  - updated to 1.3.24:
    * many security related changes (incl. CVE-2016-5118), see
      ChangeLog
  - removed patches:
    * GraphicsMagick-CVE-2016-5118.patch
    * GraphicsMagick-upstream-delegates-safer.patch
    * GraphicsMagick-upstream-disable-mvg-ext.patch
    * GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
    * GraphicsMagick-upstream-image-sanity-check.patch
* Mon May 30 2016 pgajdos@suse.com
  - security update:
    * CVE-2016-5118 [bsc#982178]
      + GraphicsMagick-CVE-2016-5118.patch
* Mon May 09 2016 sflees@suse.de
  - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061]
    (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717)
    * GraphicsMagick-upstream-delegates-safer.patch
    * GraphicsMagick-upstream-disable-mvg-ext.patch
    * GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
    * GraphicsMagick-upstream-image-sanity-check.patch
* Sun Nov 08 2015 dmitry_r@opensuse.org
  - Update to version 1.3.23
    * See included NEWS.txt for details
* Mon Oct 05 2015 dmitry_r@opensuse.org
  - Update to version 1.3.22
    * See included NEWS.txt for details
* Sat Mar 21 2015 dmitry_r@opensuse.org
  - Update to version 1.3.21
    * See included NEWS.txt for details

Files

/usr/lib/libGraphicsMagick++-Q16.so.12
/usr/lib/libGraphicsMagick++-Q16.so.12.4.3


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:42:22 2024