Next | Query returned 166 messages, browsing 41 to 50 | Previous

History of commit frequency

CVS Commit History:


   2020-01-08 13:11:36 by Nia Alarie | Files touched by this commit (4) | Package updated
Log message:
GraphicsMagick: Update to 1.3.34

1.3.34 (December 24, 2019)
==========================

Special Issues:

* It has been discovered that the 'ICU' library (a perhaps 30MB C++
  library) which is now often a libxml2 dependendency causes huge
  process initialization overhead.  This is noticed as unexpected
  slowness when GraphicsMagick utilities are used to process small to
  medium sized files.  The time to initialize the 'ICU' library is
  often longer than the time that GraphicsMagick would otherwise
  require to read the input file, process the image, and write the
  output file.  If the 'ICU' dependency can not be avoided, then make
  sure to use the modules build so there is only impact for file
  formats which require libxml2.  Please lobby the 'ICU' library
  developers to change their implementation to avoid long start-up
  times due to merely linking with the library.

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 386 issues have been opened by oss-fuzz (some of which were
  benign build issues) and 376 of those issues have been resolved.
  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

Bug fixes:

* DPS: Eliminate a memory leak.

* Debug Trace: Only output text to terminate an XML format log file if
  XML format is active.

* EXIF Parser: Detect non-terminal parsing and report an error.

* EXIF Parser: Eliminate heap buffer overflows.

* HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.

* MAT: Implement subimage/subrange support.

* MVG: Address non-terminal loops, excessive run-time, thrown
  assertions, divide-by-zero, heap overflow, and memory leaks.

* OpenModule(): Now properly case-insensitive, as it used to be.

* PCX: Verify that pixel region is not negative. Assure that opacity
  channel is initialized to opaqueOpacity.  Update DirectClass
  representation while PseudoClass representation is updated.  Improve
  read performance with uncompressed PCX.

* PICT: Fix heap overflow in PICT writer.

* PNG: Fix validation of raw profile length.

* PNG: Skip coalescing layers if there is only one layer.

* PNM: Fix denial of service opportunity by limiting the length of PNM
  comment text.

* WPG: Avoid Avoid dereferencing a null pointer.

* WPG: Implement subimage/subrange support.

* WPG: Improve performance when reading an embedded image.

* Wand library: In MagickClearException(), destroy any existing
  exception info before re-initializing the exception info or else
  there will be a memory leak.

* XPM: Rquire that image properties appear in the first 512 bytes of
  the XPM file header.

New Features:

* Visual Studio build supports JBIG and WebP compression in TIFF format.

API Updates:

* None

Feature improvements:

* Compliles clean using GCC 9.

Windows Delegate Updates/Additions:

* bzlib: bzip is updated to 1.0.8 release.

* jbig: jbigkit is updated to 2.1 release.

* lcms: lcms2 is updated to 2.9 release.

* libxml: libxml2 is updated to 2.9.10 release.

* png: libpng is updated to 1.6.37 release.

* tiff: libtiff is updated to 4.1.0 release.

* webp: libwebp is updated to the 1.0.3 release.

* zlib: zlib is updated to 1.2.11 release.

* TIFF: Now also supports reading JBIG-compressed TIFF, and
  reading/writing WebP-compressed TIFF.  A number of libtiff feature
  options which are now commonly enabled were disabled and are now
  enabled by default.

Build Changes:

* MinGW: Static and shared library builds were not working.  Only the
  modules build was actually working!

* Python scripts related to the build (enabled by
  --enable-maintainer-mode) are now compatible with Python 3.

* Now supports using Google gperftools tcmalloc library for the memory
  allocator.  This improves performance for certain repetitive
  work-loads and heavily-threaded algorithms.

* Configure now reports the status of zstd (FaceBook Zstandard)
  compression in its configuration summary.

* TclMagick: Address many issues mentioned by SourceForge issue #420
  "TclMagick issues and patch".

Behavior Changes:

* PNG: Post-processing to convert the image type in the PNG reader
  based on a specified magick prefix string is now disabled.  This can
  (and should) be done after the image has been returned.

* Trace Logging: The compiled-in logging default is always to stderr,
  which may be over-ridden using log.mgk as soon as it is loaded.

* Windows Build: Search registry key HKEY_CURRENT_USER as well as
  HKEY_LOCAL_MACHINE when searching for Ghostscript.  By following the
  procedure documented in SourceForge bug 615 "GhostScript
  installation check", this allows for local user installations
  without "administrator" privileges.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557)
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-08-08 22:56:40 by Nia Alarie | Files touched by this commit (4)
Log message:
{p5-}GraphicsMagick: Update to 1.3.33

1.3.33 (July 20, 2019)
==========================

Special Issues:

* It has been discovered that the 'ICU' library (a perhaps 30MB C++
  library) which is now often a libxml2 dependendency causes huge
  process initialization overhead.  This is noticed as unexpected
  slowness when GraphicsMagick utilities are used to process small to
  medium sized files.  The time to initialize is often longer than the
  time to read the input file, process the image, and write the output
  file.  If the 'ICU' dependency can not be avoided, then make sure to
  use the modules build.  Please lobby the 'ICU' library developers to
  change their implementation to avoid long start-up times due to
  merely linking with the library.

Security Fixes:

* GraphicsMagick is now participating in Google's oss-fuzz project due
  to the contributions and assistance of Alex Gaynor. Since February 4
  2018, 353 issues have been opened by oss-fuzz and 338 of those
  issues have been resolved.  The issues list is available at
  https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
  "graphicsmagick".  Issues are available for anyone to view and
  duplicate if they have been in "Verified" status for 30 days, or if
  they have been in "New" status for 90 days.  There are too many
  fixes to list here.  Please consult the GraphicsMagick ChangeLog
  file, Mercurial repository commit log, and the oss-fuzz issues list
  for details.

* Documentation has been added regarding security hazards due to
  commands which support a '@filename' syntax.

* MontageImages(): Fix wrong length argument to strlcat() when
  building montage directory, which could allow heap overwrite.

Bug fixes:

* PNG: Pass correct size value to strlcat() in module registration
  code.  This bug is noticed to cause problems for Apple's OS X and
  Linux Alpine with musl libc.  This fixes a regression introduced by
  the 1.3.32 release.

* Re-implement command-line utility `'@'` file inclusion support for
  `-comment`, `-draw`, `-format`, and `-label` which was removed for
  the 1.3.32 release.  The new implementation is isolated to
  command-line utility implementation code rather than being deeply
  embedded in the library and exposed in other usage contexts.  This
  fixes a regression introduced by the 1.3.32 release.

* CAPTION: The The CAPTION reader did not appear to work at all any
  more.  Now it works again, but still not very well.

* MagickXDisplayImage(): Fix heap overwrite of windows->image.name and
  windows->image.icon_name buffers.  This bug has surely existed since
  early GraphicsMagick releases.

* MagickXAnimateImages(): Fix memory leak of scene_info.pixels.

* AcquireTemporaryFileDescriptor(): Fix compilation under Cygwin. This
  fixes a regression introduced by the 1.3.32 release.

* PNG: Fix saving to palette when mage has an alpha channel but no
  color is marked as transparent.

* Compilation warnings in the Visual Studio WIN64 build due to the
  'long' type being only 32-bits have been addressed.

New Features:

* None

API Updates:

* None

Feature improvements:

* None

Windows Delegate Updates/Additions:

* None

Build Changes:

* None

Behavior Changes:

* Support for `'@'` file inclusion support for `-comment`, `-draw`,
  `-format`, and `-label` has been restored.
   2019-07-22 00:26:08 by Thomas Klausner | Files touched by this commit (1256)
Log message:
*: recursive bump for gdk-pixbuf2-2.38.1
   2019-07-21 00:46:59 by Thomas Klausner | Files touched by this commit (595)
Log message:
*: recursive bump for nettle 3.5.1
   2019-07-16 21:31:16 by Nia Alarie | Files touched by this commit (2)
Log message:
GraphicsMagick: Disable jp2 support by default

Re-enable it with the 'jasper' option.

Part of the process of trying to minimize the potential impact of a
vulnerable jasper.

Bump PKGREVISION
   2019-06-18 15:30:53 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
{p5-}GraphicsMagick: updated to 1.3.32

1.3.32:

Special Issues:

It has been discovered that the 'ICU' library (a perhaps 30MB C++ library) which \ 
is now often a libxml2 dependendency causes huge process initialization \ 
overhead. This is noticed as unexpected slowness when GraphicsMagick utilities \ 
are used to process small to medium sized files. The time to initialize is often \ 
longer than the time to read the input file, process the image, and write the \ 
output file. If the 'ICU' dependency can not be avoided, then make sure to use \ 
the modules build. Please lobby the 'ICU' library developers to change their \ 
implementation to avoid long start-up times due to merely linking with the \ 
library.
Security Fixes:

GraphicsMagick is now participating in Google's oss-fuzz project due to the \ 
contributions and assistance of Alex Gaynor. Since February 4 2018, 343 issues \ 
have been opened by oss-fuzz and 331 of those issues have been resolved. The \ 
issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list \ 
under search term "graphicsmagick". Issues are available for anyone to \ 
view and duplicate if they have been in "Verified" status for 30 days, \ 
or if they have been in "New" status for 90 days. There are too many \ 
fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial \ 
repository commit log, and the oss-fuzz issues list for details.
BMP reader: Fix heap overflow in 32-bit build due to arithmetic overflow. Only \ 
happens if limits are changed from defaults.
BMP reader/writer: Improve buffer-size calculations to guard against buffer \ 
overflows.
DIB reader: Reject files which claim more than 8-bits per pixel but also claim \ 
to be colormapped.
DIB reader/writer: Improve buffer-size calculations to guard against buffer \ 
overflows.
MIFF reader: Detect end of file while reading RLE packets.
MIFF reader: Fix heap overflow (for some files using RLE compression) caused by \ 
a typo in the code.
MAT writer: Added missing error handling to avoid heap overflow.
MNG reader: Fixed a small heap buffer overflow.
SVG reader: Fixed a stack buffer overflow.
TGA writer: Fix heap overflow when image rows/columns are larger than 65535.
TIFF reader: Rationalize tile width/height to reject large tile sizes which are \ 
much larger than the image dimensions.
TIFF reader: Apply memory resource limits to strip and tile allocations.
WMF reader: Fixed a division by zero problem.
XWD reader: Many heap buffer overflows and uses of uninitialized data were fixed.
Pixel cache: Now apply resource limits to pixel nexus allocations using the same \ 
limits (total pixels, width, height, memory) as applied to the whole image since \ 
some requests are directly influenced by the input file. More tests are added \ 
for arithmetic overflow. Care was taken to minimize performance impact due to \ 
the many extra checks.

Bug fixes:

See above note about oss-fuzz fixes.
Fixed include order of magick/api.h vs wand/wand_symbols.h.
WriteImage(): Eliminate use of just-freed memory in clone_info->magick when \ 
throwing exception due to no support for format.
Magick++/lib/Magick++/Drawable.h: Fix use of clang diagnostic syntax.
DIB: Preserve PseudoClass opaque representation if ICO mask is opaque.
JPEG reader: Restore ability to access detailed image properties while in 'ping' \ 
mode.
JPEG reader: Base test for "Unreasonable dimensions" on original JPEG \ 
dimensions and not the scaled dimensions.
JPEG reader: Allow input files to have a compression ratio as high as 2500. \ 
Extremely compressed files were being rejected.
FreeType renderer: Fixed a memory leak.
PDF writer: Fixed a memory leak.
PDF writer: Fixed a thread safety problem.
PICT reader: Fix a thread safety problem.
Exception reporting: Throwing an exception was not thread safe. Now it is.
Exception reporting: Handle the case where some passed character strings refer \ 
to existing exception character strings.
Command-line parser now does not attempt to read a list of filenames from a file \ 
in '@name' syntax if the path '@name' exists. Previously it would attempt to \ 
read a list of file names from 'name' even if '@name' did exist.
Rendering: Short-circuit path parsing and return and error immediately if an \ 
error occurs.

New Features:

Added support for writing the Braille image format (by Samuel Thibault).
WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use sharp \ 
(and slow) RGB->YUV conversion") via -define webp:use-sharp-yuv=true.
The version command output now reports the OpenMP specification number rather \ 
than just the integer version identifier.

API Updates:

ReallocateImageColormap() added to re-allocate an existing colormap.
Some improperly-exposed globals are now static as they should have been.
   2019-04-01 11:21:23 by David Brownlee | Files touched by this commit (2)
Log message:
Fix build of GraphicsMagick with ghostscript disabled

(No change to default build)
   2019-03-18 17:17:51 by Greg Troxel | Files touched by this commit (56)
Log message:
Recursive bump for ghostscript default change
   2018-11-22 17:09:23 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
GraphicsMagick: commit missing patch, fix buildlink.mk

Next | Query returned 166 messages, browsing 41 to 50 | Previous