- version update to 1.3.43
  Bug fixes:
  * JBIG: Add support for 'width', 'height', and 'pixels', resource
    limits.  Your mileage may vary.
  * WPG: Many fixes based on oss-fuzz testing.
  * Ghostscript: When invoking Ghostscript, re-direct Ghostscript stdout
    to stderr to avoid output corruption when GM stdout is redirected to
    a file.
  New Features:
  * File write limit: Add support for a per-file write limit (-limit
    write or MAGICK_LIMIT_WRITE).  This imposes a limit on the number of
    uncompressed bytes written.  The behavior when the limit is hit is
    similar to an unexpected write error, as if the disk is full.
  * Resource limit highwater: Resource highwater values are maintained
    for successful resource requests and final values are traced
    via -debug resource' at the end of program execution.  These values
    may be used to understand the most restrictive resource limits which
    may be applied while still achieving successful operation.
  * BMP: Support BI_PNG compression (PNG inside BMP).
  * BMP: Support reading 64 bits-per-pixel.
  * BMP: Support reading 48 bits-per-pixel.
  * HEIF: Call heif_init() and heif_deinit() if they are
    available. Support setting image width limit.
  * HRZ: Added support for Slow scan TV format.
  * JPEG: Added support for reading and writing lossy or lossless 12
    bits, and lossless 16-bits using libjpeg-turbo-3.0
  * JXL: Improve JXL reader/writer exception information.
  * TIFF: Remove miniswhite/minisblack prohibitions when using Group3
    and Group4 compression in order to allow using inverted photometric
    from the standard.

• Files Changed
• Browse Source

- ghostscript-fonts-std: relax to recommends [bsc#1216604]

• Files Changed
• Browse Source

- Have libGraphicsMagick3-config require ghostscript-fonts-std
  (boo#1216604). (forwarded request 1120507 from dimstar)

• Files Changed
• Browse Source

- version update to 1.3.42
Bug fixes:
  * TIFF: Default the alpha channel to type EXTRASAMPLE_UNASSALPHA(2).
  * BMP: Many fixes for reading esoteric BMP sub-formats.
  * TranslateTextEx(): Revert change so now a NULL pointer is returned
    when given an empty string.  Some algorithms (e.g. montage) were
    depending on this!.
  * PAM: Fix reading comments.
  * PNG: Added Add missing module aliases "PNG00", "PNG48", "PNG64", so
    it is again possible to request these subformats directly.
  * TIFF: For common formats with the required number of channels, but
    one is an 'unspecified' channel, promote unspecified alpha to
    unassociated alpha so that the alpha channel is not ignored.
  * "Magick" command line emulation: Eliminate duplicate utility name
    output in error messages
New Features:
* BMP: Added the ability to read and write BMP using JPEG compression.
  Use '-define bmp:allow-jpeg' to allow use of JPEG compression.
* BMP: Added support for BI_ALPHABITFIELDS compression
* BMP: Added support for reading BMP with PNG compression.
- modified patches
  % GraphicsMagick-disable-insecure-coders.patch (refreshed)
- deleted patches
  - strlcpy-wrong-sizing.patch (upstreamed)

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

Revert: https://bugzilla.opensuse.org/show_bug.cgi?id=1214831

• Files Changed
• Browse Source

- fix regression in 1.3.41
  https://sourceforge.net/p/graphicsmagick/bugs/722/
- added patches
  fix 17179:91afa18a6161
  + GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch
  fix 17180:bb42cd90ce6f
  + GraphicsMagick-name-key-return-input-file-base-name.patch

- version update to 1.3.41
  Bug fixes:
  * Blob: Immediately reject attempts to write blobs to formats which
    can not support blobs.
  * TranslateTextEx(): An empty string argument should return an empty
    string rather than a NULL string.
  * SetImageAttribute(): Fix bounds issue when concatenating string.
  * JPEG: Do not set image resolution if the values provided are outside
    of the valid range.
  * Fixes for NaN when reading formats based on floating point.
  * HEIF: Fix reading images with rotation/transformation.
  * BMP: Do not decode primaries or gamma unless colorspace is
    LCS_CALIBRATED_RGB.  Add/correct bmp_info.size "biSize" logic which
    decides if header chunks are present (or invalid).
  * MNG: Fixes for resizing using X_method 5.
  * GM command (convert, montage, mogrify): Many command-line parser
    fixes/checks for invalid command line syntax which causes unexpected
    behavior, or core dumps.
  
  * TopoL: Given that a writer is now provided, issues found in the
    reader (and writer) due to continual fuzz-testing have been fixed,
    as encountered.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- clean up old conditionals

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- version update to 1.3.39
  Special Issues:
  * GraphicsMagick really does need some additional productive
    volunteers.  For several years now, the burden has entirely been on
    me (Bob Friesenhahn).  I have been sheparding the project for 20
    years already (and contributed to ImageMagick and GraphicsMagick
    combined for 26 years already).  It is not reasonable to expect
    someone with a full time job (and expecting to retire in a few
    years) to do all of the work.
  Security Fixes:
  * GraphicsMagick is participating in Google's oss-fuzz project since
    February 4 2018 due to the contributions and assistance of Alex
    Gaynor and Paul Kehrer. The issues list is available at
    https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
    "graphicsmagick".  Issues are available for anyone to view and
    duplicate if they have been in "Verified" status for 30 days, or if
    they have been in "New" status for 90 days.  Please consult the
    GraphicsMagick ChangeLog file, Mercurial repository commit log, and
    the oss-fuzz issues list for details.
  Security Fixes:
  * oss-fuzz: Several security fixes originating from oss-fuzz testing.
  * ALL: Replace strcpy() with strlcpy(), replace strcat() with
    strlcat(), replace sprintf() with snprintf().  Prefer using bounded
    string functions.  This change is made for the purpose of increasing
    safety than to address any existing demonstrated concern.
  Bug fixes:
  * Coverity: Several fixes for issues found by Coverity to reduce the
    number of reported issues back down to zero.
  * Clang Analyzer 12: Fix most discovered issues.
  * PNG: Fix possible use of uninitialized 'ping_num_trans' value in
    ReadOnePNGImage().
  * MinGW: Eliminate overwrite of existing _MSC_VER value in MinGW compile.
  * MNG: Fix heap-use-after-free in CloseBlob.
  * MNG: Fix indirect leak in MagickMallocCleared().
  * PS: Assure that 'bounds' structure is initialized.
  * EPT: Assure that 'bounds' structure is initialized.
  * HEIF: If heif_image_handle_get_metadata_size() returns 0, then
    carrying on with reading image data.
  * configure.ac: Fix Bashism in maintainer-mode check.
  * TGA: Remove a defective validation of comment length, which blocked
    reading some sample TGA files from the "Encyclopedia Of Graphics
    File Formats" book.  Monochromatic bilevel TGA can now be read and
    written.  TGA "Footers" are now read and used when logging as well
    as converted to Image attributes.
  * WebP: Add configure.ac updates to check for libsharpyuv so that
    builds with the development version work again.
  * Visual Studio Build (VisualMagick): Fix project file generation.
    Improve portability of code for configure.exe.
  * Fixed mixed encoding (non-UTF-8) errors in text and source files.
  * DrawPrimitive(): Fix composition using "0,0" for image size.  This
    became broken in GraphicsMagick 1.3.36.
  * Blob API: Fixed SEEK_END validation.  SEEK_END was not used before,
    but now it is.
  New Features:
  * AVIF: Support reading AVIF via libheif if it supports decoding AVIF
    (still no writer support).
  * LOG: Added function IsEventLogged() to report if a particular event
    will be logged.  Us this as much as possible throughout the software
    to replace use of IsEventLogging().  This avoids a possible
    performance hit if any logging is enabled at all and logging
    statements are executed which are filtered and produce no output.
  * FITS: Support storing multiple scenes in one file (non-standard
    extension).
  * JPEG: Optionally enable arithmetic coder in JPG images using
    '-define jpeg:arithmetic-coding=true'.
  * JPEG: Add support for reading deep gray images.
  * HEIF: Support reading ICC color profiles.
  * Produce ASCII armored ".asc" format GPG signature files.
  * Support reading directly from .bz2, .gz, .svgz, and .Z files
    (without creating a temporary file), if possible.
  API Updates:
  * Magick++: Provide a version of Image::colorMapSize() which is a
    'const' method.  Continue to provide the non-const version in order
    to avoid an ABI change.  The compiler should choose the appropriate
    version.
  Feature improvements:
  * HTML documentation generation based on Docutils is significantly
    updated and improved.
  * PerlMagick: Added more sample input files and changed many reader
    tests to use hash signature rather than comparison to reduce the
    distribution size.
  * Blob: The ReadBlobString() function has been re-written to perform
    better when reading from files.
  * JXL: The JXL coder is updated to compile with what will likely
    become JXL 0.8.0.  Support for 16-bit 'short' samples, 16-bit
    'float' samples, and 32-bit float samples added.  Support for
    reading and writing ICC, EXIF, and XMP profiles added.
  * MIME: GM "magick" to MIME mappings have been added for apng, avif,
    bmp, ico, and webp (regardless of if they are supported).
  * XPM: The XPM reader performance is dramatically improved and is
    observed to be 32x faster when reading a medium-sized XPM file
    (e.g. the GraphicsMagick logo).
  * XPM: Support reading "deep" images with more pallete entries than
    the maximum colormap size.
  Windows Delegate Updates/Additions:
  * Update bundled libjasper to version 1.900.26. Please note that 4.0.0
    is the latest version at this time and fixes a great many security
    and stability issues which are present in 1.900.26.
  * Update bundled libjpeg to version 9e.
  * Update bundled libtiff to version 4.5.0.
  Build Changes:
  * MSVC: Added porting function to emulate C'99 snprintf for MSVC older
    than 2015.
  * MSVC: Successfully compiles using Visual Studio 2008 and 2019.
    Compiles successfully using Visual Studio 2022 if optimization is
    disabled (otherwise there is an internal compiler error in effect.c).
- Enable JPEG-XL on Tumbleweed. (forwarded request 1056878 from munix9)

• Files Changed
• Browse Source

- version update to 1.3.38
  Special Issues:
  * The FTP site ftp.graphicsmagick.org is now shut down due to a lack
    of bandwith, extremely abusive users (including from Google and
    customers of Amazon Web Services), and a lack of support from the
    user community.  Another factor is that FTP support has been removed
    from popular web browsers.  This is very unfortunate since the site
    served multiple usages, including providing a lot of historical data
    (e.g. related to PNG) which may not be available elsewhere.
  * GraphicsMagick really does need some additional productive
    volunteers.  For several years now, the burden has entirely been on
    me (Bob Friesenhahn).  I have been sheparding the project for 20
    years already (and contributed to ImageMagick and GraphicsMagick
    combined for 26 years already).  It is not reasonable to expect
    someone with a full time job (and expecting to retire in a few
    years) to do all of the work.
  Security Fixes:
  * GraphicsMagick is participating in Google's oss-fuzz project due to
    the contributions and assistance of Alex Gaynor. Since February 4
    2018, ??? issues have been opened by oss-fuzz and ?? issues remain
    open.  The issues list is available at
    https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
    "graphicsmagick".  Issues are available for anyone to view and
    duplicate if they have been in "Verified" status for 30 days, or if
    they have been in "New" status for 90 days.  Please consult the
    GraphicsMagick ChangeLog file, Mercurial repository commit log, and
    the oss-fuzz issues list for details.
  Bug fixes:
  * Documentation: Generator scripts in 'doc' directory now produce
    similar results using GNU sed and Solaris/Illumos sed and don't

• Files Changed
• Browse Source

- version update to 1.3.37
  * bug fix release, see NEWS.txt
- modified patches
  % GraphicsMagick-disable-insecure-coders.patch (refreshed)
- added sources
  + GraphicsMagick-1.3.37.tar.xz.sig

• Files Changed
• Browse Source

- version update to 1.3.36
  Security Fixes:
    * fix issues found by oss-fuzz project
    * WPG: Fixes for heap buffer overflow.
  Bug fixes:
    * ConstituteImage(): Set image depth appropriately based on the
      storage size specified by StorageType and QuantumDepth.
    * GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme
      fuzz values could produce an image with negative width.
    * ImageToFile(): Improve error handling to avoid possible deferred
      deletion of temporary files, causing unexpected excessive use of
      temporary file space.
    * JNG: Add validations for alpha compression method values and use
      this information to enforce decoding using the appropriate
      sub-format (rather than auto-detecting the format).  Also, address
      memory leaks which may occur if the sub-decoder does something other
      than was expected.
    * MagickCondSignal(): Improvements to conditional signal handler
      registration (which avoids over-riding signal handlers previously
      registered by an API user).
    * ModifyCache(): Fix memory leak.
    * ReadCacheIndexes(): Don't blunder into accessing a null pointer if
      the using code has ignored a previous error report bubled-up from
      SetNexus().
    * MNG: When doing image scaling and the image width or height is 1
      then always use simple pixel replication as per the MNG
      specification.
    * MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing
      to eliminate a class of malign behavior.
    * MVG: Place an aribrary limit on stroke dash polygon unit maximum

• Files Changed
• Browse Source

- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) (forwarded request 829123 from gmbr3)

• Files Changed
• Browse Source

- security update
- added patches
  fix CVE-2020-12672 [bsc#1171271], heap-based buffer overflow in ReadMNGImage in coders/png.c.
  + GraphicsMagick-CVE-2020-12672.patch

• Files Changed
• Browse Source

- version update to 1.3.35
  Special Issues:
  * It has been discovered that the 'ICU' library (a perhaps 30MB C++
    library) which is now often a libxml2 dependendency causes huge
    process initialization overhead.  This is noticed as unexpected
    slowness when GraphicsMagick utilities are used to process small to
    medium sized files.  The time to initialize the 'ICU' library is
    often longer than the time that GraphicsMagick would otherwise
    require to read the input file, process the image, and write the
    output file.  If the 'ICU' dependency can not be avoided, then make
    sure to use the modules build so there is only impact for file
    formats which require libxml2.  Please lobby the 'ICU' library
    developers to change their implementation to avoid long start-up
    times due to merely linking with the library.
  Security Fixes:
  * GraphicsMagick is now participating in Google's oss-fuzz project due
    to the contributions and assistance of Alex Gaynor. Since February 4
    2018, 398 issues have been opened by oss-fuzz (some of which were
    benign build issues) and 11 issues remain open.
    The issues list is available at
    https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
    "graphicsmagick".  Issues are available for anyone to view and
    duplicate if they have been in "Verified" status for 30 days, or if
    they have been in "New" status for 90 days.  There are too many
    fixes to list here.  Please consult the GraphicsMagick ChangeLog
    file, Mercurial repository commit log, and the oss-fuzz issues list
    for details.
  Bug fixes:
  * Fix broken definition of ResourceInfinity which resulted in that
    GetMagickResource() would return -1 rather than the maximum range

• Files Changed
• Browse Source

- Remove xorg-x11-fonts runtime Requires, gm display no longer
  fails when it is missing (see boo#619103).
- Cleanup, replace $RPM_OPT_FLAGS with %optflags (forwarded request 761285 from StefanBruens)

• Files Changed
• Browse Source

- Due to a broken check, it wasn't noticed the typemap file is
  already provided in the source archive (removed typemap) (forwarded request 760488 from adkorte)

• Files Changed
• Browse Source

- version update to 1.3.33
  * It has been discovered that the 'ICU' library (a perhaps 30MB C++
    library) which is now often a libxml2 dependendency causes huge
    process initialization overhead.  This is noticed as unexpected
    slowness when GraphicsMagick utilities are used to process small to
    medium sized files.  The time to initialize is often longer than the
    time to read the input file, process the image, and write the output
    file.  If the 'ICU' dependency can not be avoided, then make sure to
    use the modules build.  Please lobby the 'ICU' library developers to
    change their implementation to avoid long start-up times due to
    merely linking with the library.
  * GraphicsMagick is now participating in Google's oss-fuzz project due
    to the contributions and assistance of Alex Gaynor. Since February 4
    2018, 353 issues have been opened by oss-fuzz and 338 of those
    issues have been resolved.  The issues list is available at
    https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
    "graphicsmagick".  Issues are available for anyone to view and
    duplicate if they have been in "Verified" status for 30 days, or if
    they have been in "New" status for 90 days.  There are too many
    fixes to list here.  Please consult the GraphicsMagick ChangeLog
    file, Mercurial repository commit log, and the oss-fuzz issues list
    for details.
  * Documentation has been added regarding security hazards due to
    commands which support a '@filename' syntax.
  * MontageImages(): Fix wrong length argument to strlcat() when
    building montage directory, which could allow heap overwrite.
  * PNG: Pass correct size value to strlcat() in module registration
    code.  This bug is noticed to cause problems for Apple's OS X and
    Linux Alpine with musl libc.  This fixes a regression introduced by
    the 1.3.32 release.

• Files Changed
• Browse Source