Format: 1.8 Date: Mon, 24 Sep 2018 21:54:36 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: arm64 Version: 1.3.30+hg15796-1 Distribution: cosmic-proposed Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Laszlo Boszormenyi (GCS) Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - WEBP: Fix compiler warnings regarding uninitialized structure members, - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit, - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in case libjpeg fails to completely initialize it, - WriteOnePNGImage(): Free png_pixels as soon as possible, - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid subsequent heap read overflow, - ReadMVGImage(): Don't assume that in-memory MVG blob is a null-terminated C string, - ReadMVGImage(): Don't allow MVG files to side-load a file as the drawing primitive using '@' syntax, - FileToBlob(): Use confirm access APIs to verify that read access is allowed, and verify that file is a regular file, - ExtractTokensBetweenPushPop() needs to always return a valid pointer into the primitive string, - DrawPolygonPrimitive(): Fix leak of polygon set when object is completely outside image, - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using pixels in-core rather than using a staging area for the case where the nexus rows extend beyond the image raster boundary, - ReadCINEONImage(): Quit immediately on EOF and detect short files, - ReadMVGImage(): Fix memory leak, - Add mechanism to approve embedded subformats in WPG, - ReadXBMImage(): Add validations for row and column dimensions, - MAT InsertComplexFloatRow(): Avoid signed overflow, - InsertComplexFloatRow(): Try not to lose the previous intention while avoiding signed overflow, - XBMInteger(): Limit the number of hex digits parsed to avoid signed integer overflow, - MAT: More aggresive data corruption checking, - MAT: Correctly check GetBlobSize(image) even for zipstreams inside blob, - MAT: Explicitly reject non-seekable streams, - DrawImage(): Add missing error-reporting logic to return immediately upon memory reallocation failure. Apply memory resource limits to PrimitiveInfo array allocation, - MagickAtoFChk(): Add additional validation checks for floating point values. NAN and +/- INFINITY values also map to 0.0 , - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified prior to any comment, and that there is only one comment, - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid possible heap write overflow, - WPG: Fix intentional 64 bit file offset overflow, - DrawImage(): Be more precise about error detection and reporting, - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a one-byte stack write overflow, - DrawImage(): Fix excessive memory consumption due to SetImageAttribute() appending values, - QuantumTransferMode(): CIE Log images with an alpha channel are not supported, - ConvertPrimitiveToPath(): Second attempt to prevent heap write overflow of PathInfo array, - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder, - MIFF and MPC, need to avoid leaking value allocation (day-old bug), - ReadSFWImage(): Enforce that file is read using the JPEG reader, - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from signed to unsigned and check for unsigned overflow, - GenerateEXIFAttribute(): Eliminate undefined shift, - TraceEllipse(): Detect arithmetic overflow when computing the number of points to allocate for an ellipse, - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long, - ReadJPEGImage(): Apply a default limit of 100 progressive scans before the reader quits with an error. * Update library symbols for this release. Checksums-Sha1: a6602e7343594cafc5e0397391d866dfd48eb13e 3969888 graphicsmagick-dbg_1.3.30+hg15796-1_arm64.deb 510c3e6a74db1ebcc56b842f90421fd86a4ffe67 10892 graphicsmagick_1.3.30+hg15796-1_arm64.buildinfo a3821a00f0a4ecb606ca4233dfa7da056bfa1637 639068 graphicsmagick_1.3.30+hg15796-1_arm64.deb 9118a0408fb86b0461dbac23bde37dd39720fda0 48112 libgraphics-magick-perl_1.3.30+hg15796-1_arm64.deb 7dc19bff22dc1a2866dac8dc2adb9b06f3f63d92 93628 libgraphicsmagick++-q16-12_1.3.30+hg15796-1_arm64.deb 7641fea73b587a720827a866074ba1eb42234ecc 268724 libgraphicsmagick++1-dev_1.3.30+hg15796-1_arm64.deb af69a011ce9c202c43443abd1c6b28be1e3ae861 1009092 libgraphicsmagick-q16-3_1.3.30+hg15796-1_arm64.deb c94dc702aa494a60ffc12dde26a511d40a6408df 1307532 libgraphicsmagick1-dev_1.3.30+hg15796-1_arm64.deb Checksums-Sha256: b9cc4ca9a2990ad6768e96afe435b23b85a38c08a01dd38721b52bb3f0038da6 3969888 graphicsmagick-dbg_1.3.30+hg15796-1_arm64.deb da1c61bbe937c20c385782ec879c832a2f86ea778d2adebc58fd2db38803f29c 10892 graphicsmagick_1.3.30+hg15796-1_arm64.buildinfo 866e01dc62bb9c0db508ee87ca7366a40a5419afa977fa1aaecd64a8dd5b356c 639068 graphicsmagick_1.3.30+hg15796-1_arm64.deb 3bf6202faf68a28766b7df7b7f42614d5ed0d15bb16551c5d95ecdc7125440cc 48112 libgraphics-magick-perl_1.3.30+hg15796-1_arm64.deb 64f4275d492600ecb6cfc710f0e90561a8e7955a445c2855cc9f69e83b20f085 93628 libgraphicsmagick++-q16-12_1.3.30+hg15796-1_arm64.deb 8f6ebf71c56a7a9f8978cc5387c93a5e966585ab5092b739f52d930b8b378cb9 268724 libgraphicsmagick++1-dev_1.3.30+hg15796-1_arm64.deb 579bdbcdcf64c2438147b2b56157b6f4a98e5a46fc1b00027b6e577d72aeb060 1009092 libgraphicsmagick-q16-3_1.3.30+hg15796-1_arm64.deb 46dc9fc3ead847d6cef3dd8dc6522ec9b3e9f3cd811e8216f1cce1cf1d8b7718 1307532 libgraphicsmagick1-dev_1.3.30+hg15796-1_arm64.deb Files: da48cfc45a30abc695014b4af388abcf 3969888 debug optional graphicsmagick-dbg_1.3.30+hg15796-1_arm64.deb 116b28477c32a971567c0a0bb81d8f64 10892 graphics optional graphicsmagick_1.3.30+hg15796-1_arm64.buildinfo 59b69c0f9b88604b04b3dd1504b5ebc0 639068 graphics optional graphicsmagick_1.3.30+hg15796-1_arm64.deb a9c68fb826263ce37314edc9e8abb33c 48112 perl optional libgraphics-magick-perl_1.3.30+hg15796-1_arm64.deb 108efd68a2abc72789ab349dc42c3ff3 93628 libs optional libgraphicsmagick++-q16-12_1.3.30+hg15796-1_arm64.deb aafcf279a2cc4a327a8b676d7b24b650 268724 libdevel optional libgraphicsmagick++1-dev_1.3.30+hg15796-1_arm64.deb b1e4b3f3683f456b7333665309b6ad1f 1009092 libs optional libgraphicsmagick-q16-3_1.3.30+hg15796-1_arm64.deb 2cc6ea3597a43453902a27ede45e5556 1307532 libdevel optional libgraphicsmagick1-dev_1.3.30+hg15796-1_arm64.deb