Format: 1.8 Date: Mon, 24 Sep 2018 21:54:36 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: ppc64el Version: 1.3.30+hg15796-1 Distribution: cosmic-proposed Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Laszlo Boszormenyi (GCS) Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - WEBP: Fix compiler warnings regarding uninitialized structure members, - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit, - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in case libjpeg fails to completely initialize it, - WriteOnePNGImage(): Free png_pixels as soon as possible, - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid subsequent heap read overflow, - ReadMVGImage(): Don't assume that in-memory MVG blob is a null-terminated C string, - ReadMVGImage(): Don't allow MVG files to side-load a file as the drawing primitive using '@' syntax, - FileToBlob(): Use confirm access APIs to verify that read access is allowed, and verify that file is a regular file, - ExtractTokensBetweenPushPop() needs to always return a valid pointer into the primitive string, - DrawPolygonPrimitive(): Fix leak of polygon set when object is completely outside image, - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using pixels in-core rather than using a staging area for the case where the nexus rows extend beyond the image raster boundary, - ReadCINEONImage(): Quit immediately on EOF and detect short files, - ReadMVGImage(): Fix memory leak, - Add mechanism to approve embedded subformats in WPG, - ReadXBMImage(): Add validations for row and column dimensions, - MAT InsertComplexFloatRow(): Avoid signed overflow, - InsertComplexFloatRow(): Try not to lose the previous intention while avoiding signed overflow, - XBMInteger(): Limit the number of hex digits parsed to avoid signed integer overflow, - MAT: More aggresive data corruption checking, - MAT: Correctly check GetBlobSize(image) even for zipstreams inside blob, - MAT: Explicitly reject non-seekable streams, - DrawImage(): Add missing error-reporting logic to return immediately upon memory reallocation failure. Apply memory resource limits to PrimitiveInfo array allocation, - MagickAtoFChk(): Add additional validation checks for floating point values. NAN and +/- INFINITY values also map to 0.0 , - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified prior to any comment, and that there is only one comment, - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid possible heap write overflow, - WPG: Fix intentional 64 bit file offset overflow, - DrawImage(): Be more precise about error detection and reporting, - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a one-byte stack write overflow, - DrawImage(): Fix excessive memory consumption due to SetImageAttribute() appending values, - QuantumTransferMode(): CIE Log images with an alpha channel are not supported, - ConvertPrimitiveToPath(): Second attempt to prevent heap write overflow of PathInfo array, - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder, - MIFF and MPC, need to avoid leaking value allocation (day-old bug), - ReadSFWImage(): Enforce that file is read using the JPEG reader, - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from signed to unsigned and check for unsigned overflow, - GenerateEXIFAttribute(): Eliminate undefined shift, - TraceEllipse(): Detect arithmetic overflow when computing the number of points to allocate for an ellipse, - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long, - ReadJPEGImage(): Apply a default limit of 100 progressive scans before the reader quits with an error. * Update library symbols for this release. Checksums-Sha1: 82996acff8beec7c9dbca4799adc99106b6662d7 4497528 graphicsmagick-dbg_1.3.30+hg15796-1_ppc64el.deb df20a4c52f74c9a9d738c009a9e65774e344da3b 10979 graphicsmagick_1.3.30+hg15796-1_ppc64el.buildinfo 2822bf3f8715177c8a012b6b7f8e3c5539926920 639412 graphicsmagick_1.3.30+hg15796-1_ppc64el.deb 6b6e71848b502ff792f0e908dae333908d894ec4 54728 libgraphics-magick-perl_1.3.30+hg15796-1_ppc64el.deb f68318f39a0e512cd9fce166edcf5ed73d43c8ec 107360 libgraphicsmagick++-q16-12_1.3.30+hg15796-1_ppc64el.deb aece519253e6313612818378d6a36711858aa658 285552 libgraphicsmagick++1-dev_1.3.30+hg15796-1_ppc64el.deb e7b133c481d42e42ff650e7bdf97e16dae14aa78 1306136 libgraphicsmagick-q16-3_1.3.30+hg15796-1_ppc64el.deb 48695bfa58985fc2096f75c885c36fd932426573 1640612 libgraphicsmagick1-dev_1.3.30+hg15796-1_ppc64el.deb Checksums-Sha256: b23eb3d6a69344d7ab6c15764ef2e8419cd69c22221f071394fbbff42e7b5db9 4497528 graphicsmagick-dbg_1.3.30+hg15796-1_ppc64el.deb 52023cfdd3d75242180cc241f31f4a00be439d5dca2d2df9014685d55a8fc300 10979 graphicsmagick_1.3.30+hg15796-1_ppc64el.buildinfo 745cac182360d45b2e5ca5b7d556e24828c304b765dec37085969c8df8b40769 639412 graphicsmagick_1.3.30+hg15796-1_ppc64el.deb 85a2b29328f97c17d3d5eed36f8c30204d6876dd0c3d92b504a856c131a611b0 54728 libgraphics-magick-perl_1.3.30+hg15796-1_ppc64el.deb cc43a3cc270b375ea531a2317e66589afe7206571bb5fee6b804bc3656cd4ced 107360 libgraphicsmagick++-q16-12_1.3.30+hg15796-1_ppc64el.deb 542fe13e0b43106d7f0bdb6b67d8fe0fcc753f7eef2c095205ebcaa52408a95d 285552 libgraphicsmagick++1-dev_1.3.30+hg15796-1_ppc64el.deb a43a9c6d8ec9e3d656db4330d699e543e0c49725e58ea0146bb316f55bc47916 1306136 libgraphicsmagick-q16-3_1.3.30+hg15796-1_ppc64el.deb 92e7e08a296bf490d8e131f8dc9f340a9448f2cb139d644c9ce20debbd4e38c1 1640612 libgraphicsmagick1-dev_1.3.30+hg15796-1_ppc64el.deb Files: bfe9a8475e1c458924577de37a853d84 4497528 debug optional graphicsmagick-dbg_1.3.30+hg15796-1_ppc64el.deb 4bcfddaed82283ad0e7e805fb657c18f 10979 graphics optional graphicsmagick_1.3.30+hg15796-1_ppc64el.buildinfo a7a2250fa46fe309e2d2ef1ddb235f98 639412 graphics optional graphicsmagick_1.3.30+hg15796-1_ppc64el.deb f2dad1e718693b9f0bfb487769807261 54728 perl optional libgraphics-magick-perl_1.3.30+hg15796-1_ppc64el.deb 3b915e0b396cd9d17c32c8c8d2d7a953 107360 libs optional libgraphicsmagick++-q16-12_1.3.30+hg15796-1_ppc64el.deb 3b26393dbf9b386d401a11e137a74322 285552 libdevel optional libgraphicsmagick++1-dev_1.3.30+hg15796-1_ppc64el.deb 4ef8328f585dec7838642236b39f15ae 1306136 libs optional libgraphicsmagick-q16-3_1.3.30+hg15796-1_ppc64el.deb ea08ffcc3f8fb7a2d39b8f4dd5e956ca 1640612 libdevel optional libgraphicsmagick1-dev_1.3.30+hg15796-1_ppc64el.deb