Overview
Request 627347 accepted
- update to 1.3.30:
* Security Fixes:
. GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 238 issues have been opened by oss-fuzz and 230 of those
issues have been resolved. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
. SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
PointInfo arrays. This is another manefestation of CVE-2016-2317,
which should finally be fixed correctly due to active
detection/correction of pending overflow rather than using
estimation.
* Bug fixes:
. Many oss-fuzz fixes are bug fixes.
. Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).
. MIFF: Detect end of file while reading image directory.
. SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).
. The AlphaCompositePixel macro was producing wrong results when the
output alpha value was not 100% opaque. This is a regression
introduced in 1.3.29.
. TILE: Fix problem with tiling JPEG images because the size request
used by the TILE algorithm was also causing re-scaling in the JPEG
reader. The problem is solved by stripping the size request before
reading the image. (forwarded request 627341 from namtrac)
Request History
pgajdos created request
- update to 1.3.30:
* Security Fixes:
. GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 238 issues have been opened by oss-fuzz and 230 of those
issues have been resolved. The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
. SVG/Rendering: Fix heap write overflow of PrimitiveInfo and
PointInfo arrays. This is another manefestation of CVE-2016-2317,
which should finally be fixed correctly due to active
detection/correction of pending overflow rather than using
estimation.
* Bug fixes:
. Many oss-fuzz fixes are bug fixes.
. Drawing/Rendering: Many more fixes by Gregory J Wolfe (see the ChangeLog).
. MIFF: Detect end of file while reading image directory.
. SVG: Many more fixes by Gregory J Wolfe (see the ChangeLog).
. The AlphaCompositePixel macro was producing wrong results when the
output alpha value was not 100% opaque. This is a regression
introduced in 1.3.29.
. TILE: Fix problem with tiling JPEG images because the size request
used by the TILE algorithm was also causing re-scaling in the JPEG
reader. The problem is solved by stripping the size request before
reading the image. (forwarded request 627341 from namtrac)
licensedigger accepted review
ok
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
staging-bot added openSUSE:Factory:Staging:adi:9 as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:9"
staging-bot accepted review
Picked openSUSE:Factory:Staging:adi:9
repo-checker accepted review
cycle and install check passed
namtrac accepted review
staging-bot accepted review
ready to accept
staging-bot approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory