- drop JPEG2000 support [bsc#1144240]

• Files Changed
• Browse Source

- Cleanup BuildRequires:
  * Remove ghostscript-library (support removed  upstream)
  * Use ghostscript-mini (sufficient for path and feature detection)
    instead of full ghostscript (implicitly added by ghostscript-library)
  * Remove ghostscript-fonts-other (unused). (forwarded request 715549 from StefanBruens)

• Files Changed
• Browse Source

- version update to 1.3.32
  New Features:
    * Added support for writing the Braille image format (by Samuel
      Thibault).
    * WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use
      sharp (and slow) RGB->YUV conversion") via `-define
      webp:use-sharp-yuv=true`.
    * The version command output now reports the OpenMP specification
      number rather than just the integer version identifier.
  API Updates:
    * ReallocateImageColormap() added to re-allocate an existing colormap.
    * Some improperly-exposed globals are now static as they should have
      been.
    * The 'benchmark' command now shows 6 digits (microseconds) of elapsed
      time indication.
    * The 'time' command now shows 6 digits (microseconds) of elapsed time
      indication.
    * The logging facility now shows 6 digits (microseconds) of time
      resolulution
    * Dcraw: When QuantumDepth is greater than 8, pass -6 option to dcraw
      so that it returns a 16-bit/sample image.
    * Dcraw: If Dcraw supports TIFF format, then request TIFF format in
      order to be able to acquire more metatdata.
    * Scale algorithm: Eliminate artifacts when scaling an image with
      semi-transparent pixels.
    * Library metrics: The number of shared library relocations and the
      amount of initialized data has been signficantly reduced by
      following recommendations from Ulrich Drepper's document `How To
      Write Shared Libraries <https://akkadia.org/drepper/dsohowto.pdf>`_.
  (Security) Bug Fixes:

• Files Changed
• Browse Source

Add sanity check to prevent re-enablement of ghostscript support in GM (bsc#1122792) (forwarded request 668292 from mgerstner)

• Files Changed
• Browse Source

- update to 1.3.31:
  Special Issues:
  * Firmware and operating system updates to address the Spectre
    vulnerability (and possibly to some extent the Meltdown
    vulnerability) have substantially penalized GraphicsMagick's OpenMP
    performance.  Performance is reduced even with GCC 7 and 8's
    improved optimizers. There does not appear to be anything we can do
    about this.
  
  Security Fixes:
  * GraphicsMagick is now participating in Google's oss-fuzz project due
    to the contributions and assistance of Alex Gaynor.
 
  Bug fixes:
  * See above note about oss-fuzz fixes.
  * CINEON: Fix unexpected hang on a crafted Cineon image.  SourceForge
    issue 571.
  * Drawing recursion is limited to 100 and may be tuned via the
    MAX_DRAWIMAGE_RECURSION pre-processor definition.
  * Fix reading MIFF files using legacy keyword 'color-profile' for ICC
    color profile as was used by ImageMagick 4.2.9.
  * Fix reading/writing files when 'magick' is specified in lower case.
    This bug was a regression in 1.3.30.
  
  New Features:
  * TIFF: Support Zstd compression in TIFF.  This requires libtiff
    4.0.10 or later.
  * TIFF: Support WebP compression in TIFF.  This requires libtiff
    4.0.10 or later.
  API Updates:

• Files Changed
• Browse Source

- disable PS, PS2, PS3 and PDF coders by default, remove gs calls 
  from delegates.mgk [bsc#1105592]
  + GraphicsMagick-disable-insecure-coders.patch

• Files Changed
• Browse Source

- update to 1.3.30:
  * Security Fixes:
    . GraphicsMagick is now participating in Google's oss-fuzz project due
      to the contributions and assistance of Alex Gaynor. Since February 4
      2018, 238 issues have been opened by oss-fuzz and 230 of those
      issues have been resolved.  The issues list is available at
      https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
      "graphicsmagick".  Issues are available for anyone to view and
      duplicate if they have been in "Verified" status for 30 days, or if
      they have been in "New" status for 90 days.  There are too many
      fixes to list here.  Please consult the GraphicsMagick ChangeLog
      file, Mercurial repository commit log, and the oss-fuzz issues list
      for details.
    . SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
      PointInfo arrays.  This is another manefestation of CVE-2016-2317,
      which should finally be fixed correctly due to active
      detection/correction of pending overflow rather than using
      estimation.
  * Bug fixes:
    . Many oss-fuzz fixes are bug fixes.
    . Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).
    . MIFF: Detect end of file while reading image directory.
    . SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).
    . The AlphaCompositePixel macro was producing wrong results when the
      output alpha value was not 100% opaque. This is a regression
      introduced in 1.3.29.
    . TILE: Fix problem with tiling JPEG images because the size request
      used by the TILE algorithm was also causing re-scaling in the JPEG
      reader.  The problem is solved by stripping the size request before
      reading the image. (forwarded request 627341 from namtrac)

• Files Changed
• Browse Source

- update to 1.3.29:
  * Security Fixes:
    . GraphicsMagick is now participating in Google's oss-fuzz project 
    . JNG: Require that the embedded JPEG image have the same dimensions
      as the JNG image as provided by JHDR. Avoids a heap write overflow.
    . MNG: Arbitrarily limit the number of loops which may be requested by
      the MNG LOOP chunk to 512 loops, and provide the '-define
      mng:maximum-loops=value' option in case the user wants to change the
      limit.  This fixes a denial of service caused by large LOOP
      specifications.
  * Bug fixes:
    . DICOM: Pre/post rescale functions are temporarily disabled (until
      the implementation is fixed).
    . JPEG: Fix regression in last release in which reading some JPEG
      files produces the error "Improper call to JPEG library in state
      201".
    . ICON: Some DIB-based Windows ICON files were reported as corrupt to
      an unexpectedly missing opacity mask image.
    . In-memory Blob I/O: Don't implicitly increase the allocation size
      due to seek offsets.
    . MNG: Detect and handle failure to allocate global PLTE. Fix divide
      by zero.
    . DrawGetStrokeDashArray(): Check for failure to allocate memory.
    . BlobToImage(): Now produces useful exception reports to cover the
      cases where 'magick' was not set and the file format could not be
      deduced from its header.
  * API Updates:
    . Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(),
      MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap()
      based on contributions by Troy Patteson.

• Files Changed
• Browse Source

- Add explicit buildrequires on: pkgconfig(libwebpmux), 
  pkgconfig(libpng), pkgconfig(x11), pkgconfig(xext), 
  pkgconfig(zlib), libjpeg-devel. all
  of them direct build dependencies but not included in 
  the spec file (forwarded request 578443 from elvigia)

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- update to 1.3.27:
  * New Features:
    . PNG: Implemented eXIf chunk support.
    . WEBP: Add support for EXIF and ICC metadata provided that at 
         least libwebp 0.5.0 is used.
    . Magick++ Image autoOrient(): New Image method to auto-orient an 
         image so it looks right-side up by default.
   * Behavior Changes:
    . PALM: PALM writer is disabled.
    . ThrowLoggedException(): Capture the first exception 
      at ErrorException level or greater, or only capture exception 
      if it is more severe than an already reported exception.
    . DestroyJNG(): This internal function is now declared static 
      and is removed from shared library or DLL namespace.
  * lot of security and other bug fixes, see
    https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/1.3.27/
- added GraphicsMagick-release-date-missing-quote.patch

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- fix perl bindings
  + GraphicsMagick-perl-linkage.patch from fedora
- turn on perl test suite

• Files Changed
• Browse Source

1

• Files Changed
• Browse Source

- Drop patches not meintioned in the changelog ever:
  * GraphicsMagick-debian-fixed.patch
  * GraphicsMagick-include.patch
  * GraphicsMagick-perl-link.patch
  * The package builds just fine without them and there is no
    refference explaining it
- Convert the deps to pkgconfig variants where possible.

- Version update to 1.3.26:
  * DPX: Fix excessive use of memory (DOS issue) due to file header
    claiming large image dimensions but insufficient backing
    data. (CVE-2017-10799 bsc#1047054).
  * JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
  * MAT: Fix excessive use of memory (DOS issue) due to continuing
    processing with insufficient data and claimed large image
    size. Verify each file extent to make sure that it is within range
    of file size. (CVE-2017-10800 bsc#1047044).
  * META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
  * PCX: Fix denial of service issue.
  * RLE: Fix abnomally slow operation (denial of service issue) with
    intentionally corrupt colormapped file.
  * PICT: Fix possible buffer overflow vulnerability given suitably
    truncated input file.
  * PNG: Enforce spec requirement that the dimensions of the JPEG
    embedded in a JDAT chunk must match the JHDR dimensions
    (CVE-2016-9830).
  * PNG: Avoid NULL dereference when MAGN chunk processing fails.
  * SCT: Fix stack-buffer read overflow (underflow?) while reading SCT
    header.
  * SGI: Fix denial of service issues.  Delay large memory allocations (forwarded request 511776 from scarabeus_iv)

• Files Changed
• Browse Source

- complementary fix for CVE-2017-8350 [bsc#1036985 c13-c21]
  * GraphicsMagick-CVE-2017-8350.patch

• Files Changed
• Browse Source

- update to 1.3.25:
   * EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
     overflow in EscapeParenthesis() used in the text annotation code.
     While not being able to reproduce the issue, the implementation of
     this function is completely redone.
   * Utah RLE: Reject truncated/absurd files which caused huge memory
     allocations and/or consumed huge CPU.  Problem was reported by
     Agostino Sarubbo based on testing with AFL.
   * SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
     the MVG rendering code (also impacts SVG).
   * TIFF: Fix heap buffer read overflow while copying sized TIFF
     attributes.  Problem was reported by Agostino Sarubbo based on
     testing with AFL.

• Files Changed
• Browse Source

- Build "gm" as position independend executable (PIE). (forwarded request 404225 from msmeissn)

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- security update:
  * CVE-2016-5118 [bsc#982178]
    + GraphicsMagick-CVE-2016-5118.patch

• Files Changed
• Browse Source