graphicsmagick 1.3.30+hg15796-1 source package in Ubuntu

Changelog

graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - WEBP: Fix compiler warnings regarding uninitialized structure members,
    - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit,
    - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in
      case libjpeg fails to completely initialize it,
    - WriteOnePNGImage(): Free png_pixels as soon as possible,
    - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid
      subsequent heap read overflow,
    - ReadMVGImage(): Don't assume that in-memory MVG blob is a
      null-terminated C string,
    - ReadMVGImage(): Don't allow MVG files to side-load a file as the
      drawing primitive using '@' syntax,
    - FileToBlob(): Use confirm access APIs to verify that read access is
      allowed, and verify that file is a regular file,
    - ExtractTokensBetweenPushPop() needs to always return a valid pointer
      into the primitive string,
    - DrawPolygonPrimitive(): Fix leak of polygon set when object is
      completely outside image,
    - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using
      pixels in-core rather than using a staging area for the case where the
      nexus rows extend beyond the image raster boundary,
    - ReadCINEONImage(): Quit immediately on EOF and detect short files,
    - ReadMVGImage(): Fix memory leak,
    - Add mechanism to approve embedded subformats in WPG,
    - ReadXBMImage(): Add validations for row and column dimensions,
    - MAT InsertComplexFloatRow(): Avoid signed overflow,
    - InsertComplexFloatRow(): Try not to lose the previous intention while
      avoiding signed overflow,
    - XBMInteger(): Limit the number of hex digits parsed to avoid signed
      integer overflow,
    - MAT: More aggresive data corruption checking,
    - MAT: Correctly check GetBlobSize(image) even for zipstreams inside
      blob,
    - MAT: Explicitly reject non-seekable streams,
    - DrawImage(): Add missing error-reporting logic to return immediately
      upon memory reallocation failure. Apply memory resource limits to
      PrimitiveInfo array allocation,
    - MagickAtoFChk(): Add additional validation checks for floating point
      values. NAN and +/- INFINITY values also map to 0.0 ,
    - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified
      prior to any comment, and that there is only one comment,
    - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid
      possible heap write overflow,
    - WPG: Fix intentional 64 bit file offset overflow,
    - DrawImage(): Be more precise about error detection and reporting,
    - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a
      one-byte stack write overflow,
    - DrawImage(): Fix excessive memory consumption due to
      SetImageAttribute() appending values,
    - QuantumTransferMode(): CIE Log images with an alpha channel are not
      supported,
    - ConvertPrimitiveToPath(): Second attempt to prevent heap write
      overflow of PathInfo array,
    - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder,
    - MIFF and MPC, need to avoid leaking value allocation (day-old bug),
    - ReadSFWImage(): Enforce that file is read using the JPEG reader,
    - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from
      signed to unsigned and check for unsigned overflow,
    - GenerateEXIFAttribute(): Eliminate undefined shift,
    - TraceEllipse(): Detect arithmetic overflow when computing the number of
      points to allocate for an ellipse,
    - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long,
    - ReadJPEGImage(): Apply a default limit of 100 progressive scans before
      the reader quits with an error.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 24 Sep 2018 21:54:36 +0000