Trusty is EOL
graphicsmagick (1.3.30+hg15796-1+ubuntu14.04.1+deb.sury.org+2) trusty; urgency=medium
* No-change backport to trusty
graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- WEBP: Fix compiler warnings regarding uninitialized structure members,
- ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit,
- ReadJPEGImage(): Make sure that JPEG pixels array is initialized in
case libjpeg fails to completely initialize it,
- WriteOnePNGImage(): Free png_pixels as soon as possible,
- ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid
subsequent heap read overflow,
- ReadMVGImage(): Don't assume that in-memory MVG blob is a
null-terminated C string,
- ReadMVGImage(): Don't allow MVG files to side-load a file as the
drawing primitive using '@' syntax,
- FileToBlob(): Use confirm access APIs to verify that read access is
allowed, and verify that file is a regular file,
- ExtractTokensBetweenPushPop() needs to always return a valid pointer
into the primitive string,
- DrawPolygonPrimitive(): Fix leak of polygon set when object is
completely outside image,
- SetNexus(): For requests one pixel tall, SetNexus() was wrongly using
pixels in-core rather than using a staging area for the case where the
nexus rows extend beyond the image raster boundary,
- ReadCINEONImage(): Quit immediately on EOF and detect short files,
- ReadMVGImage(): Fix memory leak,
- Add mechanism to approve embedded subformats in WPG,
- ReadXBMImage(): Add validations for row and column dimensions,
- MAT InsertComplexFloatRow(): Avoid signed overflow,
- InsertComplexFloatRow(): Try not to lose the previous intention while
avoiding signed overflow,
- XBMInteger(): Limit the number of hex digits parsed to avoid signed
integer overflow,
- MAT: More aggresive data corruption checking,
- MAT: Correctly check GetBlobSize(image) even for zipstreams inside
blob,
- MAT: Explicitly reject non-seekable streams,
- DrawImage(): Add missing error-reporting logic to return immediately
upon memory reallocation failure. Apply memory resource limits to
PrimitiveInfo array allocation,
- MagickAtoFChk(): Add additional validation checks for floating point
values. NAN and +/- INFINITY values also map to 0.0 ,
- ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified
prior to any comment, and that there is only one comment,
- ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid
possible heap write overflow,
- WPG: Fix intentional 64 bit file offset overflow,
- DrawImage(): Be more precise about error detection and reporting,
- TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a
one-byte stack write overflow,
- DrawImage(): Fix excessive memory consumption due to
SetImageAttribute() appending values,
- QuantumTransferMode(): CIE Log images with an alpha channel are not
supported,
- ConvertPrimitiveToPath(): Second attempt to prevent heap write
overflow of PathInfo array,
- ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder,
- MIFF and MPC, need to avoid leaking value allocation (day-old bug),
- ReadSFWImage(): Enforce that file is read using the JPEG reader,
- FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from
signed to unsigned and check for unsigned overflow,
- GenerateEXIFAttribute(): Eliminate undefined shift,
- TraceEllipse(): Detect arithmetic overflow when computing the number of
points to allocate for an ellipse,
- ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long,
- ReadJPEGImage(): Apply a default limit of 100 progressive scans before
the reader quits with an error.
* Update library symbols for this release.
graphicsmagick (1.3.30-1) unstable; urgency=high
* New upstream release, including many security fixes.
* Build with all hardening enabled.
graphicsmagick (1.3.29+hg15665-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- use of uninitialized value in IsMonochromeImage() ,
- divide by zero in GetPixelOpacity() ,
- write beyond array bounds in TraceStrokePolygon() ,
- use of uninitialized value in format8BIM() ,
- assertion failure in WriteBlob() ,
- out of bounds write in TraceEllipse() ,
- memory leak and use of uninitialized memory when handling eXIf chunk
in png_malloc() ,
- floating point exception in WriteTIFFImage() ,
- leak of Image when TIFFReadRGBAImage() reports failure,
- potentional leak when compressed object is corrupted,
- floating point exception in WriteTIFFImage() ,
- heap double free in Magick::BlobRef::~BlobRef() ,
- direct leak in TIFFClientOpen() ,
- indirect leak in CloneImage() ,
- direct leak in ReadOneJNGImage() ,
- heap buffer overflow in put1bitbwtile() ,
- use of uninitialized value in SyncImageCallBack() ,
- validate tile memory requests for TIFFReadRGBATile() .
* Remove profiles/sRGB Color Space Profile.ICM and
jp2/data/colorprofiles/srgb.icm for being non-free.
* Remove zlib/contrib/dotzlib/DotZLib.chm for no source available.
graphicsmagick (1.3.29-1) unstable; urgency=high
* New upstream release, including many security fixes.
* Remove previously backported security patches.
* Update library symbols for this release.
* Update debhelper level to 11 .
* Update Standards-Version to 4.1.4 .
graphicsmagick (1.3.28-2) unstable; urgency=high
* Backport security fixes:
- don't use rescale map if it was not allocated,
- validate number of colormap bits to avoid undefined shift behavior,
- defend against partial scanf() expression matching, resulting in benign
use of uninitialized data,
- don't use rescale map if it was not allocated,
- fix tile index overflow,
- reject XPM if it contains non-whitespace control characters,
- fix forged amount of frames 6755,
- validate header length and offset properties,
- fixed memory leak when tile overflows,
- fix forged amount of frames 7076,
- check for forged image that overflows file size,
- validate size request prior to allocation,
- validate that file size is sufficient for claimed image properties,
- fix signed integer overflow when computing pixels size,
- include number of FITS scenes in file size validations,
- allocate space for null termination and null terminate string,
- validate that samples per pixel is in valid range,
- check whether datablock is really read,
- verify that sufficient backing data exists before allocating memory to
read it,
- duplicate image check for data with fixed geometry,
- CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
changed while ticks_per_second is zero (closes: #894396),
- add checks for EOF,
- validate that PICT rectangles do not have zero dimensions,
- check image pixel limits before allocating memory for tile.
* Backport patch to redesign ReadBlobDwordLSB() to be more effective.
* Backport patch to destroy tile_image in ThrowPICTReaderException() macro
to simplify logic.
* Backport patch to remove shadowed tile_image variable which defeats new
ThrowPICTReaderException() implementation.
graphicsmagick (1.3.28-1) unstable; urgency=high
* New upstream release, fixing the following security issues among others:
- BMP: Fix non-terminal loop due to unexpected bit-field mask value
(DOS opportunity),
- PALM: Fix heap buffer underflow in builds with QuantumDepth=8,
- SetNexus() Fix heap overwrite under certain conditions due to using a
wrong destination buffer,
- TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
NEWS profile.
* Remove previously backported security patches.
graphicsmagick (1.3.27-4) unstable; urgency=high
* Fix CVE-2018-5685: infinite loop in ReadBMPImage() (closes: #887158).
* Fix memory leak of global colormap.
* Fix memory leak of chunk and mng_info in error path.
* Update Standards-Version to 4.1.3 .
graphicsmagick (1.3.27-3) unstable; urgency=high
* Fix heap-buffer-overflow on LocaleNCompare() .
* Add some assertions to verify that the image pointer provided by libwebp
is valid.
* Fix NULL pointer dereference in ReadMNGImage() .
* Fix CVE-2017-17913: stack-buffer-overflow in WriteWEBPImage() .
* Fix CVE-2017-17915: heap-buffer-overflow in ReadMNGImage() .
graphicsmagick (1.3.27-2) unstable; urgency=high
* Fix CVE-2017-17782: heap-based buffer over-read in ReadOneJNGImage()
(closes: #884905).
* Fix CVE-2017-17783: buffer over-read in ReadPALMImage() (closes: #884904).
graphicsmagick (1.3.27-1) unstable; urgency=medium
* New upstream release.
* Remove previously backported security patches.
* Update library symbols for this release.
* Add libwebp-dev dependency to libgraphicsmagick1-dev (closes: #863564).
* Update Standards-Version to 4.1.2 .
graphicsmagick (1.3.26-19) unstable; urgency=high
* Fix CVE-2017-16669: heap buffer overflow in AcquireCacheNexus()
(closes: #881391).
* Fix CVE-2017-13134: heap buffer overflow in SFWScan() (closes: #881524).
graphicsmagick (1.3.26-18) unstable; urgency=high
* Fix CVE-2017-16547: remote denial of service (negative strncpy and
application crash).
* Fix CVE-2017-16545: NULL pointer dereference (write) with malformed WPG
image.
graphicsmagick (1.3.26-17) unstable; urgency=high
* Fix CVE-2017-16353: heap read overflow vulnerability in DescribeImage() .
* Fix CVE-2017-16352: heap-based buffer overflow vulnerability in
DescribeImage() .
graphicsmagick (1.3.26-16) unstable; urgency=high
* Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG
scanlines (closes: #879999).
graphicsmagick (1.3.26-15) unstable; urgency=high
* Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).
graphicsmagick (1.3.26-14) unstable; urgency=high
* Fix CVE-2017-15277: assure that global colormap is fully initialized in
ReadGIFImage() .
* Fix memory leak in WriteGIFImage() .
* Fix CVE-2017-15238: use after free in ReadJNGImage() .
graphicsmagick (1.3.26-13) unstable; urgency=high
* Fix CVE-2017-14733: heap out of bounds read in ReadRLEImage() .
* Fix CVE-2017-14994: NULL pointer dereference in DICOM Decoder.
* Fix CVE-2017-14997: memory allocation error due to malformed image file.
* Update Standards-Version to 4.1.1 .
graphicsmagick (1.3.26-12) unstable; urgency=high
* Update upstream changelog for CVE-2017-14103 .
* Fix CVE-2017-14649: denial of service due to assertion failure in
AcquireImagePixels() (closes: #876460).
* Update Standards-Version to 4.1.0:
- change graphicsmagick-dbg priority to optional.
graphicsmagick (1.3.26-11) unstable; urgency=high
* Fix CVE-2017-14504: NULL pointer dereference triggered by malformed file.
graphicsmagick (1.3.26-10) unstable; urgency=high
* Fix CVE-2017-14314: heap-based buffer over-read in DrawDashPolygon() .
graphicsmagick (1.3.26-9) unstable; urgency=high
* Fix CVE-2017-14165: remote denial of service due to memory allocation
failure in magickmalloc (closes: #874724).
* Fix CVE-2017-14042: memory allocation failure in MagickRealloc()
(closes: #873538).
graphicsmagick (1.3.26-8) unstable; urgency=high
* Fix CVE-2017-13775: denial of service issue in ReadJNXImage() .
* Fix CVE-2017-13776 and CVE-2017-13777: denial of service issue in
ReadXBMImage() .
* Fix memory leak vulnerability in ReadJNGImage() which allow attackers to
cause a denial of service via a crafted file.
* Fix double-free after reading a malformed JNG.
* Fix CVE-2017-14103: the ReadJNGImage() and ReadOneJNGImage() functions do
not properly manage image pointers after certain error conditions, which
allows remote use-after-free attacks via a crafted file, related to a
ReadMNGImage() out-of-order CloseBlob() call. This vulnerability exists
because of an incomplete fix for CVE-2017-11403 .
* Fix CVE-2017-8350: crash while reading a malformed JNG file.
graphicsmagick (1.3.26-7) unstable; urgency=high
* Fix CVE-2017-13063: heap-based buffer overflow vulnerability in the
GetStyleTokens() function (closes: #873130).
* Fix CVE-2017-13064: another heap-based buffer overflow vulnerability in
the GetStyleTokens() function (closes: #873129).
* Fix CVE-2017-13065: NULL pointer dereference vulnerability in the
SVGStartElement() function (closes: #873119).
graphicsmagick (1.3.26-6) unstable; urgency=high
* Fix CVE-2017-12935: invalid memory read in the SetImageColorCallBack()
with large MNG images (closes: #872576).
* Fix CVE-2017-12936: use-after-free issue for data associated with
exception reporting in the ReadWMFImage() function (closes: #872575).
* Fix CVE-2017-12937: colormap heap-based buffer over-read in the
ReadSUNImage() function (closes: #872574).
graphicsmagick (1.3.26-5) unstable; urgency=medium
* Handle mangling change for conversion operators in GCC 7 (closes: #871306).
[ John Paul Adrian Glaubitz <email address hidden> ]
* Honor 'nocheck' in DEB_BUILD_OPTIONS (closes: #842787).
graphicsmagick (1.3.26-4) unstable; urgency=high
* Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function
(closes: #870157).
* Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function
(closes: #870149).
* Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if
input is not colormapped (closes: #870154, #870156).
* Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache
format (closes: #870155).
* Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage()
function (closes: #870153).
* Fix CVE-2017-11722: denial of service via a crafted file
(closes: #870158).
* Remove autotools-dev and dh-autoreconf build dependencies.
graphicsmagick (1.3.26-3) unstable; urgency=high
* Fix CVE-2017-11140: denial of service (resource consumption) via crafted
JPEG files.
* Fix apparent off-by-one error in MNG FRAM change_clipping processing.
* Fix out-of-order CloseBlob() and DestroyImageList() .
graphicsmagick (1.3.26-2) unstable; urgency=high
* Fix CVE-2017-11102: remote denial of service during JNG reading via a
zero-length color_image data structrure in ReadOneJNGImage (png.c)
(closes: #867746).
* Add new DestroyJNGInfo@Base and remove DestroyJNG@Base obsolete symbols.
graphicsmagick (1.3.26-1) unstable; urgency=high
* New upstream release, fixing the following security issues among others:
- META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
- WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash
(CVE-2016-7997).
- PNG: Enforce spec requirement that the dimensions of the JPEG embedded
in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
- TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to
have only 2 samples per pixel (CVE-2017-6335).
- JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
- TIFF: Fix out of bounds read when reading RGB TIFF which claims to have
only 1 sample per pixel (CVE-2017-10794) (closes: #867085).
- DPX: Fix excessive use of memory (DOS issue) due to file header claiming
large image dimensions but insufficient backing data. (CVE-2017-10799)
(closes: #867077).
- MAT: Fix excessive use of memory (DOS issue) due to continuing
processing with insufficient data and claimed large image size. Verify
each file extent to make sure that it is within range of file size.
(CVE-2017-10800) (closes: #867060).
* Remove previously backported security patches.
* Self-tests build hack no longer needed.
* Update library symbols for this release.
* Update Standards-Version to 4.0.0 and debhelper level to 10 .
graphicsmagick (1.3.25-8) unstable; urgency=high
* Backport security fix for out of bounds access when reading CMYKA tiff.
graphicsmagick (1.3.25-7) unstable; urgency=medium
* Add hack to build self-tests on mips* architectures.
graphicsmagick (1.3.25-6) unstable; urgency=high
* Fix CVE-2016-9830: memory allocation failure in MagickRealloc
(closes: #847072).
graphicsmagick (1.3.25-5) unstable; urgency=high
* Fix CVE-2016-8682: stack-based buffer overflow in ReadSCTImage (sct.c).
* Fix CVE-2016-8683: memory allocation failure in ReadPCXImage (pcx.c).
* Fix CVE-2016-8684: memory allocation failure in MagickMalloc (memory.c).
graphicsmagick (1.3.25-4) unstable; urgency=high
* Fix CVE-2016-7997: correctly flip image->blob and rotated_image->blob.
graphicsmagick (1.3.25-3) unstable; urgency=high
* Fix CVE-2016-7800: unsigned underflow leading to heap overflow when
parsing 8BIM chunk.
graphicsmagick (1.3.25-2) unstable; urgency=medium
* Compile magick/semaphore.c without optimization on ppc64el to prevent
Perl self-test segfaults (closes: #837719).
graphicsmagick (1.3.25-1) unstable; urgency=high
* New upstream release, with the following security updates:
- fix heap overflow in EscapeParenthesis() used in the text annotation
code,
- Utah RLE: Reject truncated/absurd files which caused huge memory
allocations and/or consumed huge CPU,
- SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
the MVG rendering code (also impacts SVG),
- TIFF: Fix heap buffer read overflow while copying sized TIFF attributes.
graphicsmagick (1.3.24+hg20160808-1) unstable; urgency=low
* New upstream, Mercurial snapshot release.
* Fixes DrawPrimitive() issue (closes: #829063).
graphicsmagick (1.3.24-2) unstable; urgency=low
* Backport upstream fix for DrawPrimitive() (closes: #829063).
graphicsmagick (1.3.24-1) unstable; urgency=high
* New upstream release, focusing on security fixes for the following image
formats:
- DIB: fix out of bound reads and add more header validations,
- JNG: file size limits are enforced,
- MATLAB: fix DoS and hang on corrupt deflate stream,
- META (Embedded Image Profiles): fix out of bounds reads and writes,
- MIFF (Magick): fix thrown assertion,
- CVE-2016-3716: Magick Scripting Language file processing is not done by
default but need to be prefixed with 'msl:',
- Magick Vector Graphics file processing is not done by default but need
to be prefixed with 'mvg:' and prevent head overflow problems,
- PCX: fix unreasonable memory allocation due to intentionally corrupt
file,
- PDB: fix heap buffer overflow and out of bounds read,
- PICT: fix out of bounds write,
- CVE-2016-3717: for PostScript files always run Ghostscript with -dSAFER
for safer execution,
- PSD: fix segmentation violations, heap buffer overflows and out of
bound writes,
- RLE: fix out of bounds reads and writes,
- ReadImages(): fix possible infinite recursion due to a crafted input
file,
- RotateImage(): fix thrown assertion,
- SGI: fix out of bounds writes,
- SUN: fix out of bounds reads and writes,
- SVG: fix CVE-2016-2317 and CVE-2016-2318, heap and stack buffer
overflows, as well as segmentation violations (closes: #814732);
also fix endless loop, unexpectedly large memory allocation, divide by
zero and recursion issues,
- TIFF: fix assertion while reading and fix benign heap overflow,
- VIFF: fix excessive memory allocation with intentonally corrupted
input file,
- XCF: fix heap buffer overflow,
- XPM: fix several heap buffer overflows and out of bound reads/writes;
also fix a case of excessive memory allocation,
- CVE-2016-5118: popen() shell vulnerability via filename that contains
'|', remove pipe support entirely (closes: #825800);
file names starting with a '|' character are no longer interpreted as
shell commands to be executed as input or output,
- default.mgk file has been pared down in order to reduce security
exposure,
- CVE-2016-3714: Gnuplot ('gplt' delegate) support for rendering these
files is removed since the format is inherently insecure,
- CVE-2016-3715: adding a 'tmp:' prefix to a filename no longer removes
the file since this seems dangerous,
- CVE-2016-3718: sanity check the image file path or URL before passing
it to ReadImage(),
- fix several Coverity issues like dereference after null check, multiple
resource leaks and logically dead code.
* Update library symbols for this release.
graphicsmagick (1.3.23-3) unstable; urgency=low
* Remove JasPer JPEG-2000 codec support build dependency and remove its
symbols from the libgraphicsmagick-q16-3 library (closes: #818199).
* Update Standards-Version to 3.9.8 .
graphicsmagick (1.3.23-2) unstable; urgency=low
* Add previously transient gsfonts build dependency (closes: #815736).
graphicsmagick (1.3.23-1) unstable; urgency=medium
* New upstream release.
graphicsmagick (1.3.22-2) unstable; urgency=low
* Transition libgraphicsmagick++-q16-11 to libgraphicsmagick++-q16-12
(closes: #803958).
* Conflict and replace version 1.3.22-1 of libgraphicsmagick++-q16-11 .
graphicsmagick (1.3.22-1) unstable; urgency=low
* New upstream release.
* Update libgraphicsmagick-q16-3 symbols file.
* Update watch file.
graphicsmagick (1.3.21-4) unstable; urgency=low
* Change C library name to ending with -q16 for QuantumDepth=16 ABI change
and compile shared library to include the QuantumDepth value
(closes: #796310).
* Remove breaks on pdf2djvu.
* Make rebuildable (closes: #796307).
[ Jakub Wilk <email address hidden> ]
* Remove obsolete conflicts/replaces on libgraphicsmagick.
* Version conflicts/replaces on libgraphicsmagick3.
* No longer need to pass -l and -L switches to dh_shlibdeps.
graphicsmagick (1.3.21-3) unstable; urgency=medium
* libgraphicsmagick++3 and libgraphicsmagick++11 are co-installable
(closes: #795099).
* libgraphicsmagick1-dev needs recent libgraphicsmagick++1-dev
(closes: #795102).
* Fix images symlink for development packages (closes: #795172).
* libgraphicsmagick3 breaks old versions of pdf2djvu .
graphicsmagick (1.3.21-2) unstable; urgency=medium
* Upload to unstable for GCC 5 transition.
* Enable WebP support (closes: #789745).
* Make rebuildable.
graphicsmagick (1.3.21-1) experimental; urgency=high
* New upstream release, including many security fixes.
* Start transition from libgraphicsmagick++3 to libgraphicsmagick++11 .
* Update libgraphicsmagick3 symbols.
graphicsmagick (1.3.20-4) experimental; urgency=low
* Test build with QuantumDepth 16 (closes: #557879).
* Update Standards-Version to 3.9.6 .
graphicsmagick (1.3.20-3) unstable; urgency=medium
* Use upstream fix for AnnotateImage() return value (closes: #759956).
graphicsmagick (1.3.20-2) unstable; urgency=medium
* Change binary libtiff4-dev dependency to libtiff-dev as well
(closes: #759595).
* Version perl build dependency to 5.20 or later.
graphicsmagick (1.3.20-1) unstable; urgency=medium
* New upstream release (closes: #710716).
* Use GraphicsMagick-1.3.20-CVE-2014-1947.patch from Fedora to fix
CVE-2014-1947.
* Add homepage field.
* Disable update_freetype.h_location.patch , upstream solved freetype
detection.
* Sync with Ubuntu.
[ Matthias Klose <email address hidden> ]
* Build-depend/depend on libtiff-dev rather than libtiff4-dev.
* Build-depend/depend on lcms2.
* Build using dh-autoreconf.
* Fix link error building the demo and test files.
[ Bart Martens <email address hidden> ]
* Add watch file.
-- Ondřej Surý <email address hidden> Tue, 16 Oct 2018 05:28:16 +0000