Hello community, here is the log from the commit of package GraphicsMagick for openSUSE:Factory checked in at 2018-08-04 21:54:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old) and /work/SRC/openSUSE:Factory/.GraphicsMagick.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "GraphicsMagick" Sat Aug 4 21:54:44 2018 rev:66 rq:627347 version:1.3.30 Changes: -------- --- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes 2018-05-23 16:10:04.927828066 +0200 +++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new/GraphicsMagick.changes 2018-08-04 21:54:49.365436836 +0200 @@ -1,0 +2,52 @@ +Fri Aug 3 12:32:58 UTC 2018 - idon...@suse.com + +- update to 1.3.30: + * Security Fixes: + . GraphicsMagick is now participating in Google's oss-fuzz project due + to the contributions and assistance of Alex Gaynor. Since February 4 + 2018, 238 issues have been opened by oss-fuzz and 230 of those + issues have been resolved. The issues list is available at + https://bugs.chromium.org/p/oss-fuzz/issues/list under search term + "graphicsmagick". Issues are available for anyone to view and + duplicate if they have been in "Verified" status for 30 days, or if + they have been in "New" status for 90 days. There are too many + fixes to list here. Please consult the GraphicsMagick ChangeLog + file, Mercurial repository commit log, and the oss-fuzz issues list + for details. + . SVG/Rendering: Fix heap write overflow of PrimitiveInfo and + PointInfo arrays. This is another manefestation of CVE-2016-2317, + which should finally be fixed correctly due to active + detection/correction of pending overflow rather than using + estimation. + * Bug fixes: + . Many oss-fuzz fixes are bug fixes. + . Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog). + . MIFF: Detect end of file while reading image directory. + . SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog). + . The AlphaCompositePixel macro was producing wrong results when the + output alpha value was not 100% opaque. This is a regression + introduced in 1.3.29. + . TILE: Fix problem with tiling JPEG images because the size request + used by the TILE algorithm was also causing re-scaling in the JPEG + reader. The problem is solved by stripping the size request before + reading the image. + + * API Updates: + . The size of PrimitiveInfo (believed to be an internal/private + structure but in a header which is installed, has been increased to + store a 'flags' argument. This is intended to be an internal + interface but but may be detected as an ABI change. + + * Behavior Changes: + . JPEG: The JPEG reader now allows 3 warnings of any particular type + before giving up on reading and throwing an exception. This choice + was made after observing files which produce hundreds of warnings + and consume massive amounts of memory before reading the image data + has even started. It is currently unknown how many files which were + previously accepted will be rejected by default. The number of + allowed warnings may be adjusted using '-define + jpeg:max-warnings=<value>'. The default limit will be adjusted + based on reported user experiences and may be adjusted prior to + compilation via the MaxWarningCount definition in coders/jpeg.c. + +------------------------------------------------------------------- Old: ---- GraphicsMagick-1.3.29.tar.bz2 New: ---- GraphicsMagick-1.3.30.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ GraphicsMagick.spec ++++++ --- /var/tmp/diff_new_pack.IECHBv/_old 2018-08-04 21:54:50.057438131 +0200 +++ /var/tmp/diff_new_pack.IECHBv/_new 2018-08-04 21:54:50.057438131 +0200 @@ -27,13 +27,13 @@ %define pp_so_ver 12 %define wand_so_ver 2 Name: GraphicsMagick -Version: 1.3.29 +Version: 1.3.30 Release: 0 Summary: Viewer and Converter for Images License: MIT Group: Productivity/Graphics/Convertors Url: http://www.GraphicsMagick.org/ -Source: ftp://ftp.GraphicsMagick.org/pub/%{name}/%{base_version}/%{name}-%{version}.tar.bz2 +Source: ftp://ftp.GraphicsMagick.org/pub/%{name}/%{base_version}/%{name}-%{version}.tar.xz # following typemap file is needed for building PerlMagick with perl 5.16; # should be present in Graphics Magick 1.4.0 %if %{bindperl}