2022-05-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* www/Magick++/Image.rst: Update getIndexes() and getConstIndexes() documention to mention that the selected region is defined by a prior getPixels(), getConstPixels(), or setPixels() call. This is inspired by private email from Miro Kropáček on May 8, 2022.

* coders/jpeg.c (WriteJPEGImage): Change "arithmetic" to "arithmetic-coding" in order to match ImageMagick's previously existing syntax.

* coders/png.c (ReadOnePNGImage): Assure that entire image list is freed. Addresses oss-fuzz 46997 "graphicsmagick:coder_MNG_fuzzer: Indirect-leak in MagickMallocCleared". This is a new issue due to incrementally seeking the complete correct error-handling cleanup.

2022-05-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* doc/options.imdoc: Add documentation for -define jpeg:arithmetic.

2022-04-30 Fojtik Jaroslav <JaFojtik@yandex.com>

* coders/jpeg.c: Optionally enable arithmetic coder in JPG images. gm convert -define jpeg:arithmetic=true testimg.jpg arith.jpg

2022-04-27 Fojtik Jaroslav <JaFojtik@yandex.com>

* jpeg/: Update aged JPG library to version 9d.

2022-04-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/ps.c (ReadPSImage): Assure that 'bounds' structure is initialized.

* coders/ept.c (ReadEPTImage): Assure that 'bounds' structure is initialized.

* magick/log.c (IsEventLogged): New function to report if a particular event will be logged. Us this as much as possible throughout the software to replace use of IsEventLogging().

* coders/png.c (ReadMNGImage): Address oss-fuzz 46913 "graphicsmagick:coder_WPG_fuzzer: Indirect-leak in MagickMallocCleared" which was partially pre-existing and partially due to a botched fix for oss-fuzz 46843.

2022-04-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/png.c (ReadMNGImage): Address oss-fuzz 46843 "graphicsmagick:enhance_fuzzer: Heap-use-after-free in CloseBlob".

2022-04-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/{msl.c, svg.c, url.c}: When __MINGW32__ is defined, then only define _MSC_VER if it is not already defined. Also define _MSC_VER with a somewhat useful value. This change is prompted by a posting by "LM" to the graphicsmagick-core list on April 17, 2022.

2022-04-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/png.c (ReadOnePNGImage): Make sure that ping_num_trans is initialized. Fixes oss-fuzz 46760 "Use-of-uninitialized-value - ReadOnePNGImage".

2022-04-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* magick/blob.c (OpenBlob): Allocate setvbuf() buffer externally rather than implicitly. I am hoping that the several oss-fuzz reports about using uninitalized memory from glibc's _IO_file_doallocate() go away.

2022-04-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/heif.c (RegisterHEIFImage): Support reading AVIF via libheif if it supports decoding AVIF.

2022-04-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* www/index.rst: Update the Coverity Analysis Metrics.

* magick/display.c (MagickXAnnotateEditImage): Quiet Coverity 376901 "Identical code for different branches (IDENTICAL_BRANCHES)".

* coders/svg.c (ReadSVGImage): Default to not allowing external entity substitution. Quiets Coverity 376905 "unsafe_xml_parse_config (UNSAFE_XML_PARSE_CONFIG)".

* coders/msl.c (ProcessMSLScript): Default to not allowing external entity substitution. Quiets Coverity 376913 "unsafe_xml_parse_config (UNSAFE_XML_PARSE_CONFIG)".

* magick/error.c (ThrowLoggedException): Silence Coverity 376912 "Dereference after null check (FORWARD_NULL)".

* coders/jp2.c (ReadJP2Image): Silence Coverity 264883 "Division or modulo by float zero (DIVIDE_BY_ZERO)". (ReadJP2Image): Fix Coverity 376911 "Improper use of negative value (NEGATIVE_RETURNS)".

* magick/xwindow.c (MagickXMakeMagnifyImage): Fix Coverity 376906 "Division or modulo by zero (DIVIDE_BY_ZERO)".

* magick/resize.c (ScaleImage): Fix Coverity 376908 "Resource leak (RESOURCE_LEAK)".

* magick/locale.c (GetLocaleMessageFromTag): Fix Coverity 376907 "Out-of-bounds read (OVERRUN)".

* magick/render.c (DrawPrimitive): Fix Coverity 376904 "Out-of-bounds access (OVERRUN)".

2022-03-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* version.sh: Prepare for 1.3.38 release.

* Makefile.am (release, snapshot): Generate SHA-256 checksums as a by-product of 'make snapshot' or 'make release'.

* www/download.rst: Add documentation regaring SHA-256 checksums.

* NEWS.txt: Update the news again.

* coders/miff.c (ReadMIFFImage): Validate claimed bzip2-compressed row length prior to reading data into fixed size buffer. Addresses SourceForge bug #664 "[bug]Heap buffer overflow when parsing MIFF". This severe bug only impacts builds with BZLIB support.

2022-03-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jxl.c (ReadJXLImage): Added patch from Tobias Mark to optimize EOF detection if the input file size is known. Avoids waiting for ReadBlob() to report EOF.

2022-03-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* Magick++/lib/Magick++/Include.h: Support 'ReadResource'.

2022-03-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jxl.c: Added some debug logging instrumentation so we can see the information the JXL reader is provided by libjxl.

* configure.ac: JXL is working well enough to enable it by default.

2022-03-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jxl.c (WriteJXLImage): Call JxlEncoderCloseInput() so that encoder output is not corrupt. JXL passes testsuite tests now!

* magick/command.c (CompareImageCommand): Add -auto-orient support to 'compare'. This tries to assure that the two images are right side up before comparing.

2022-03-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jxl.c (WriteJXLImage): Work to update JXL writer code to compile clean with libjxl v0.7.0. Still not working!

2022-02-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/heif.c (ReadHEIFImage): Pass decode options to heif_decode_image(). Include rough implementation of progress monitor support but leave it disabled since libheif does not currently invoke the callbacks.

* coders/jpeg.c (ReadJPEGImage): Store embedded profiles in image, even if in 'ping' mode. This addresses a problem discovered when interfacing with minimagick (Debian bug #1006374 "graphicsmagick breaks ruby-mini-magick").

* coders/url.c (ReadURLImage): Deal with libxml2 not offering HTTP or FTP capabilities. It seems that support for FTP has now been removed by default.

2022-02-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* README.txt: Recomend using JasPer 3.0.0 (or later).

* VisualMagick/magick/magick_config.h.in: Disable building with bundled JasPer sources by default since the bundled sources are archaic.

* coders/jp2.c: Fix compilation with JasPer 3.0.0 (which is now released).

2022-02-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* magick/fx.c (ColorizeImagePixelsCB): Apply clipping and rounding to handle out of range values and provide the most accurate result. Addresses SourceForge bug #662 "Broken -colorize".

2022-01-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jp2.c (ReadJP2Image): Jasper 3.0.0 hid the functions we were using so switch back to using jas_image_decode(), but in a more secure way than before.

2022-01-28 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* www/download.rst: Document how to retrieve the PGP signing key from a key server.

2022-01-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jp2.c (ReadJP2Image): Always use ThrowJP2ReaderException(). Should address oss-fuzz Issue 43979: "graphicsmagick:enhance_fuzzer: ASSERT: jas_get_ctx() == jas_global.ctx".

2022-01-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* utilities/tests: Write compressed MIFF files to reduce disk space usage.

* magick/command.c (CompareImageCommand): Support '-compress' option.

* coders/mpc.c: Fix warnings from GCC 11.

* coders/miff.c: Fix warnings from GCC 11.

2022-01-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jp2.c: Adaptations to work with Jasper 3.0.0's jas_init_library() and other related functions. Add missing jas_cleanup_thread(). Do not request a higher memory limit than JasPer's own limit in order to avoid a warning.

2022-01-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/miff.c (ReadMIFFImage): Do not proceed to next image in sequence unless the character read is the expected 'i' character. Inspired by GraphicsMagick bug #659 "Can not escape $0 in a batch command".

* coders/heif.c (ReadHEIFImage): Take row stride into account when reading pixel rows. Add support for 'ping' mode. Add header magic detection. Add module aliases. Add useful traces.

2022-01-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/jxl.c: Added preliminary JPEG XL support written by Tobias Mark. From Code Merge Request #14: "Added (basic) jpeg-xl support". The writer is not working properly at this time.

* www/formats.rst: Add HEIF to the list of supported formats.

* README.txt: Expand the text regarding support for HEIF/HVEC support.

2022-01-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* coders/heif.c: HEIF reader written by Tobias Mark. From SourceForge Code Merge Request #15: "Added minimal heif support".

* magick/blob.c (ReadBlobStream): Fix EOF logic similar to ReadBlob. Addresses oss-fuzz 43617 "graphicsmagick:coder_P7_fuzzer: Use-of-uninitialized-value in WritePNMImage".

2022-01-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* magick/blob.c (ReadBlob): Fix EOF logic. Addresses oss-fuzz 43490 "graphicsmagick:coder_PNM_fuzzer: Use-of-uninitialized-value in SyncImageCallBack".

* coders/pnm.c (ReadPNMImage): Make sure that we don't lose the image exception.

2022-01-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* magick/blob.c: Throw a user-friendly exception when the read limit has been exceeded.

* coders/jpeg.c: Add tracing and fallback for longjmp().

* coders/pict.c (DecodeImage): Assure that the claimed scanline length is within the bounds of the scanline allocation to avoid possible heap overflow.

2022-01-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* magick/blob.c: Make sure that read resource limiting can support very large files.

2022-01-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* magick/resource.c: Add support for setting a read resource limit via the MAGICK_LIMIT_READ environment variable, or similar to '-limit read 5mb'.

* magick/resource.h: Added a ReadResource limit, which is a limit on how many uncompressed file bytes may be read while decoding an input file.

2022-01-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

* ChangeLog.2021: Rotate ChangeLog for 2022. Happy New Year!

Copyright © GraphicsMagick Group 2002 - 2022