Format: 1.8 Date: Mon, 24 Sep 2018 21:54:36 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: armhf Version: 1.3.30+hg15796-1 Distribution: cosmic-proposed Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Laszlo Boszormenyi (GCS) Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - WEBP: Fix compiler warnings regarding uninitialized structure members, - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit, - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in case libjpeg fails to completely initialize it, - WriteOnePNGImage(): Free png_pixels as soon as possible, - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid subsequent heap read overflow, - ReadMVGImage(): Don't assume that in-memory MVG blob is a null-terminated C string, - ReadMVGImage(): Don't allow MVG files to side-load a file as the drawing primitive using '@' syntax, - FileToBlob(): Use confirm access APIs to verify that read access is allowed, and verify that file is a regular file, - ExtractTokensBetweenPushPop() needs to always return a valid pointer into the primitive string, - DrawPolygonPrimitive(): Fix leak of polygon set when object is completely outside image, - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using pixels in-core rather than using a staging area for the case where the nexus rows extend beyond the image raster boundary, - ReadCINEONImage(): Quit immediately on EOF and detect short files, - ReadMVGImage(): Fix memory leak, - Add mechanism to approve embedded subformats in WPG, - ReadXBMImage(): Add validations for row and column dimensions, - MAT InsertComplexFloatRow(): Avoid signed overflow, - InsertComplexFloatRow(): Try not to lose the previous intention while avoiding signed overflow, - XBMInteger(): Limit the number of hex digits parsed to avoid signed integer overflow, - MAT: More aggresive data corruption checking, - MAT: Correctly check GetBlobSize(image) even for zipstreams inside blob, - MAT: Explicitly reject non-seekable streams, - DrawImage(): Add missing error-reporting logic to return immediately upon memory reallocation failure. Apply memory resource limits to PrimitiveInfo array allocation, - MagickAtoFChk(): Add additional validation checks for floating point values. NAN and +/- INFINITY values also map to 0.0 , - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified prior to any comment, and that there is only one comment, - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid possible heap write overflow, - WPG: Fix intentional 64 bit file offset overflow, - DrawImage(): Be more precise about error detection and reporting, - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a one-byte stack write overflow, - DrawImage(): Fix excessive memory consumption due to SetImageAttribute() appending values, - QuantumTransferMode(): CIE Log images with an alpha channel are not supported, - ConvertPrimitiveToPath(): Second attempt to prevent heap write overflow of PathInfo array, - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder, - MIFF and MPC, need to avoid leaking value allocation (day-old bug), - ReadSFWImage(): Enforce that file is read using the JPEG reader, - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from signed to unsigned and check for unsigned overflow, - GenerateEXIFAttribute(): Eliminate undefined shift, - TraceEllipse(): Detect arithmetic overflow when computing the number of points to allocate for an ellipse, - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long, - ReadJPEGImage(): Apply a default limit of 100 progressive scans before the reader quits with an error. * Update library symbols for this release. Checksums-Sha1: 52b9de960f892b19e1c0c3996265083bdb44fffb 3936060 graphicsmagick-dbg_1.3.30+hg15796-1_armhf.deb bb59cbba758583681efa12e4d033beb72bc1834e 10839 graphicsmagick_1.3.30+hg15796-1_armhf.buildinfo f6c8575a25e891e384e98ea0a3924a8e7a48c562 639384 graphicsmagick_1.3.30+hg15796-1_armhf.deb eda2a5f54dcebc1032d9051079d7d8d5057745b6 49276 libgraphics-magick-perl_1.3.30+hg15796-1_armhf.deb 1857236354a33a34b7aaa288650826764c5aaef8 84400 libgraphicsmagick++-q16-12_1.3.30+hg15796-1_armhf.deb 79bab84b19f84761c36d9440d12c7f7f63a92a85 255696 libgraphicsmagick++1-dev_1.3.30+hg15796-1_armhf.deb d07120191edc68b680f4d0f826e6f49002f99526 1040088 libgraphicsmagick-q16-3_1.3.30+hg15796-1_armhf.deb 78bcd7b9d76c17ed10fb6cb6d61e7912817124e1 1301748 libgraphicsmagick1-dev_1.3.30+hg15796-1_armhf.deb Checksums-Sha256: 0f0e70aafed6173e53652b454fe821329bce946244eb917f672da6052d8d2087 3936060 graphicsmagick-dbg_1.3.30+hg15796-1_armhf.deb a9d48f956237344a2ad739c884dbf713ea4eb9cca3acfaa5b81205e0e7398517 10839 graphicsmagick_1.3.30+hg15796-1_armhf.buildinfo d0fd5ecc4b44bc7c02c1d98c6aa958eab880ff62e4c39579836eb8adf5149e49 639384 graphicsmagick_1.3.30+hg15796-1_armhf.deb fa35aaf6a4a761fba276f45fd7c6fdc15752e045b4f2453b9a45495a3493cc35 49276 libgraphics-magick-perl_1.3.30+hg15796-1_armhf.deb 1895a78961bc8b17a2929459b6f8271cf5a425bc8ad2faff913da7ad28e185ea 84400 libgraphicsmagick++-q16-12_1.3.30+hg15796-1_armhf.deb f2e1243dfe12d14ad56be81a98dfe4ed1c30c5a67f0993aab27c94079fa11ce4 255696 libgraphicsmagick++1-dev_1.3.30+hg15796-1_armhf.deb c96ea1a9441beaee55ad4ba6d9f4b7ad78aa37e411bbb13acc9866f72e163f23 1040088 libgraphicsmagick-q16-3_1.3.30+hg15796-1_armhf.deb ac669962172d1185e2a1fd08d5dc679feb131e6b29e6cd32f707547e8c95f766 1301748 libgraphicsmagick1-dev_1.3.30+hg15796-1_armhf.deb Files: 735c1cac5b7bb82c385fa8e7ed7184b0 3936060 debug optional graphicsmagick-dbg_1.3.30+hg15796-1_armhf.deb d274107a1066ef73fd94675390a228a8 10839 graphics optional graphicsmagick_1.3.30+hg15796-1_armhf.buildinfo 0012b228b3b7d29d477c84b9568bf55a 639384 graphics optional graphicsmagick_1.3.30+hg15796-1_armhf.deb e00665e832ae7ce7aee2a6ecf6e82354 49276 perl optional libgraphics-magick-perl_1.3.30+hg15796-1_armhf.deb 273100c8f211f28c5e56200380a0e000 84400 libs optional libgraphicsmagick++-q16-12_1.3.30+hg15796-1_armhf.deb 4d0c1c12ae2796f21619ef4338685512 255696 libdevel optional libgraphicsmagick++1-dev_1.3.30+hg15796-1_armhf.deb 2dab522226e12300910d8917dfebbc3f 1040088 libs optional libgraphicsmagick-q16-3_1.3.30+hg15796-1_armhf.deb 06c63535d7ef489effcac487e204ab4b 1301748 libdevel optional libgraphicsmagick1-dev_1.3.30+hg15796-1_armhf.deb