ALT Linux repos
S: | 1.3.42-alt1 |
5.0: | 1.3.1-alt3 |
4.1: | 1.1.11-alt1 |
4.0: | 1.1.8-alt1 |
3.0: | |
+backports: | 1.1.7-alt5.0.M30 |
Group :: Graphics
RPM: GraphicsMagick
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
26 february 2008 Slava Dubrovskiy <dubrsl at altlinux.org> 1.1.11-alt1
- New version
- Bugs Fixed:
+ BMP: Support large files.
+ DIB: Support large files.
+ PNG: Fix depth handling with 16-bit PNG files in the Q8 build.
+ SUN: Properly report image depth.
+ TIFF: Endian option (-endian) now controls TIFF byte endian order
rather than bit fill order.
+ DCM, DIB, XBM, XCF, XWD: Eliminate integer overflow vulnerability (IDefense 09.19.07) (SA29094).
+ HSL colorspace transform: Avoid optimization bug noticed on Opteron with GCC.
+ HWB colorspace transform: Avoid optimization bug noticed on Opteron with GCC.
+ RGBTransformImage()/TransformRGBImage(): Was using HWB colorspace when HSL was requested.
+ Successfully reads files with names like 'file[123]'.
+ 'gm display': No longer rely on isatty() to determine if input is from a pipe
(use 'gm display -' to display an image read from a pipe). - Feature Improvements:
+ 'identify +ping' forces the pixels to be read (similar to GM 1.2).
+ 'gm -version' now indicates if build supports "Large Memory" (i.e. 64-bit).
+ TIFF: Use '-define tiff:fill-order={msb2lsb|lsb2msb}' to control TIFF bit fill order. - Performance Improvements:
+ No longer bogs down if a directory contains hundreds of thousands of
files and the filename looks like a wildcard specification.
- This is an emergency bug-fix release to fix a problem with image
rotation by 270 degrees. There are no other changes from the previous release.
- New version
- Bugs Fixed:
+ In mogrify command, don't remove file name based on random junk in memory.
+ Fixed memory leak when reading MPC files.
+ Fixed crash when writing MIFF format and depth is not expected 8/16/32/.
+ In mogrify command, don't leak memory in the case where the image file
contains multiple frames.
+ Fixed crash in PNG and JPEG coders when the image to be written is part of
an image list.
+ PNG reader errors are not properly reported to the user.
+ TIFF output can now be written to a pipe or other non-seekable destination.
+ Support writing PDF with CCITT compression. - Feature Improvements
+ Added a new 'benchmark' command which can be used to perform benchmarking
on any other command.
+ Image rotate in clockwise (90 degrees) or counter-clockwise (270 degrees)
direction is now 2-9X faster than before.
+ The -version option now includes a list of supported features.
- New version
- Removed patches from debian (in upstream)
- Security Fixes:
+ Shell command injection via delegates subsystem (CVE-2005-4601).
+ Insecure use of filenames as a "sprintf" specification (CVE-2006-0082).
+ EXIF IFD stack overflow vulnerability.
+ BMP format: Verify seek before proceeding.
+ DCM format: Buffer overflow prevention (CVE-2006-5456).
+ DCM format: Integer overflow prevention (CVE-2007-1797).
+ PALM format: Heap overflow prevention (CVE-2006-5456).
+ SGI format: Fixes for RLE decoding issue (CVE-2006-4144).
+ XCF format: Buffer overflow prevention, infinite loop prevention. - Bugs Fixed:
+ Typo when searching for HTMLDecodeDelegate.
+ Avoid crash if delegate program fails to return an image.
+ EXIF memory leak fixes.
+ Command parser memory leak fixes.
+ Deadlock fix for event log initialization.
+ Work with latest Ghostscript "GPL Ghostscript" under Windows.
+ 'gm import' now returns image of appropriate depth.
+ Fixed memory map resource managment.
+ Fixed includedir variable in pkg-config files.
+ Fixed validation of -affine argument.
+ Fixed bug where fseeko() and ftello() were not used when available.
+ Fixed issue when pread() and pwrite() prototypes are missing.
+ Fixed pixel cache issues when size_t is an unsigned type.
+ Fixed dcraw delegate options to work with modern dcraw.
+ Fixed -level argument parsing to allow embedded % characters.
+ Fix for segfault in InitializeMagick(NULL).
+ Fix for segfault in ModifyCache().
+ Fix for Wand MagickGetQuantumDepth() interface.
+ Fix for GrayscalePseudoClassImage() on 64-bit systems.
+ Fix for MagickReallocMemory memory leak under certain error conditions.
+ Validate BLOB access range.
+ ICON format: Segfault fix.
+ JPEG format: Fixed reading 12-bit grayscale JPEG.
+ MAT format: Stability improvements.
+ MIFF format: Handle a compression value of 'None'.
+ PCX format: Segfault fix. Heap overflow fix.
+ PDF format: Fixed writing with JPEG compression.
+ PICT format: Segfault fix.
+ PNG format: Fixed compile problem with some libpng versions. Segfault fix.
+ PNM format: Fixed scaling problem due to rounding error. Validate scaling.
+ PSD format: Fixed memory leak with layerd PSD files.
+ SGI format: Handle 16-bit SGI image files correctly.
+ SUN format: Segfault fix.
+ TIFF format: Secure error reporting. Finally support LZW under Windows.
+ WPG format: Fixed crash with clip-art WPG files.
+ XWD format: Fix for integer under/overflow. - Feature Improvements
+ CIN format: Implementation is entirely replaced.
+ MAT format: Support Byte and Word formats, as well as big/little endian.
+ WPG format: Support for CTM translation.
- Delete fonts-ttf-ms from BuildPreReq (#11385)
- Split of libraries, documents and imagemagick-compat packages
- Add GraphicsMagick.desktop
- Add GraphicsMagick-libpath.patch for fix link PerlMagick
- Add chrpath -r /usr/lib /usr/lib/perl5/vendor_perl/i386-linux/auto/Graphics/Magick/Magick.so
- Add graphicsmagick_1.1.7-11.diff.gz from Debian
+ config/delegates.mgk.in: Lose obsolete option -2 when calling dcraw
delegate. Fixes support for raw image data from digital cameras.
+ coders/png.c: Fix syntax errors in asm controlling code of PNG coder.
+ coders/dcm.c: Fix buffer overflow, thanks to M Joonas Pihlaja. (CVE-2006-5456)
+ coders/palm.c: Fix multiple heap overflows, thanks to M Joonas Pihlaja. (CVE-2006-5456)
+ coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
+ coders/sgi.c: Fix multiple heap overflow vulnerabilities in SGI coder due to - missing boundary checks in SGIDecode();
- missing validation of pixel depth field;
- integer overflow via large columns and rows fields (CVE-2006-4144)
- missing validation of chunk size fields (variable 'runlength') in
run-length encoded images.
+ coders/sgi.c: Check for bogus values of 'bytes_per_pixel' and 'depth'.
+ coders/sgi.c: Fix calculation of internal depth value.
+ magick/cache.c: Include definition of HAVE_PREAD before checking its
value. Now really pulls in proper declarations of pread() and pwrite().
+ coders/wpg.c: Fix segfault in WPG decoder.
+ tests/drawtest.c: Make sure filename strings do not run out of bounds.
+ magick/cache.c: Define as _XOPEN_SOURCE to pull in declarations for
Unix98 extensions pread() and pwrite().
+ magick/montage.c: Fix bogus modulation of brightness when creating
shadows around tiles in montage. Instead, drop constant grey shadow
like current ImageMagick.
+ PerlMagick/t/montage.t: Update reference signatures for montage test
cases with shadow according to above change.
+ magick/tempfile.c: Canonify relative paths before referring to
them in a symlink.
+ magick/{blob.c,command.c,image.c,log.c,utility.c,utility.h}:
FormatString() was called with unsanitized user input. Introduced
new helper function FormatStringNumeric() to allow a single numeric
format expansion. (This is a more complete fix for CAN-2005-0397
reported against ImageMagick.)
+ magick/attribute.c: Apply missing piece of fix for heap overflow in
EXIF parser from ImageMagick patch. (CAN-2004-0981)
+ configure.ac, configure: Fix typo that lead to an undefined delegate
for HTML conversion.
+ magick/constitute.c: Apply upstream fix for potential NULL pointer
dereference in ReadImage().
+ magick/{delegate.c,symbols.h,tempfile.h,tempfile.c}: When calling
external delegates, check filename against whitelist of safe
characters, and pass securely named symlink to delegate if check fails.
(CVE-2005-4601)
- Rebuild with new libjasper
- Fix russian filename in dialog "Open ..."
- Update BuildRequires
- Cleanup spec
- removed miff.4.gz & quantize.5.gz for compatibility with ImageMagick
- in GraphicsMagick-devel added dir /usr/include/GraphicsMagick
- in perl-GraphicsMagick added dir /usr/lib/perl5/vendor_perl/i386-linux/auto/Graphics/
- Compatibility with ImageMagick is cleaned (#9074)
- initial build