2019-02-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/jpeg.c (ReadJPEGImage): Base test for "Unreasonable
	dimensions" on original JPEG dimensions and not the scaled
	dimensions.  Fixes SourceForge issue 593 "gm convert: Insufficient
	image data in file when hinting input image".

2019-02-13  Troy Patteson  <troyp@ieee.org>

	* PerlMagick/Magick.xs (Mogrify): Add decorate argument to Annotate.

	* PerlMagick/Magick.xs (Mogrify): Remove reference to undefined
	Annotate argument.

2019-02-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (ReadTIFFImage): For planar TIFF, make sure that
	pixels are initialized in case some planes are missing.  Fixes
	oss-fuzz 13046 "graphicsmagick/coder_PTIF_fuzzer:
	Use-of-uninitialized-value in DisassociateAlphaRegion". (Credit to
	OSS-Fuzz)

2019-02-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pdf.c (WritePDFImage): Make sure to free 'xref' before
	returning.  Similar to ImageMagick CVE-2019-7397 "In ImageMagick
	before 7.0.8-25, several memory leaks exist in WritePDFImage in
	coders/pdf.c.".  Thanks to Petr Gajdos for bringing this issue to
	our attention.

2019-02-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/wpg.c (ReadWPGImage): Use a different way to reallocate
	the colormap which preserves existing content, but also updates
	image->colors and assures that added palette entries are
	initialized.

	* coders/png.c (ReadMNGImage): Bound maximum loop iterations by
	subrange as a primitive means of limiting resource consumption.
	This should finally resolve oss-fuzz 12738
	"graphicsmagick/enhance_fuzzer: Out-of-memory in
	graphicsmagick_enhance_fuzzer". (Credit to OSS-Fuzz)

	* coders/tiff.c (ReadTIFFImage): Assure that opacity channel is
	initialized in the RGBAStrippedMethod case.  Convert
	'CorruptImageError' encountered while testing for more frames to
	'CorruptImageWarning' so we return the frames already read.
	Second try at fixing oss-fuzz 11896
	"graphicsmagick/coder_PTIF_fuzzer: Use-of-uninitialized-value in
	VerticalFilter".

	* coders/dpx.c (AttributeToString): Eliminate clang
	"-Wstring-plus-int" warning observed in oss-fuzz build.

	* coders/cineon.c (AttributeToString): Eliminate clang
	"-Wstring-plus-int" warning observed in oss-fuzz build.

2019-02-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pict.c (DecodeImage): Avoide a one-byte over-read of
	pixels heap allocation.  The cause of the over-read is not yet
	understood.  Fixes oss-fuzz 12019
	"graphicsmagick/coder_PICT_fuzzer: Heap-buffer-overflow in
	ExpandBuffer". (Credit to OSS-Fuzz)

	* coders/wpg.c (ReadWPGImage): Assure that all colormap entries
	are initialized.  Fixes oss-fuzz 12614
	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
	EnhanceImage". (Credit to OSS-Fuzz)

	* coders/tiff.c (ReadTIFFImage): Make sure that image is in
	DirectClass mode and ignore any claimed colormap when the image is
	read using the RGBAStrippedMethod, RGBATiledMethod, or
	RGBAPuntMethod cases.  Fixes oss-fuzz 12195
	"graphicsmagick/coder_PTIF_fuzzer: Use-of-uninitialized-value in
	ExportGrayQuantumType". (Credit to OSS-Fuzz)

	* coders/miff.c (ReadMIFFImage): Improve pixel buffer calculations
	to defend against overflow.  Assure that zlib and bzlib decode the
	expected number of bytes for a pixel row.  Fixes oss-fuzz issue
	12448 "graphicsmagick/coder_MIFF_fuzzer:
	Use-of-uninitialized-value in RGBTransformPackets". (Credit to
	OSS-Fuzz)

2019-02-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadMNGImage): Quit processing and report error
	upon failure to insert MNG background layer.  Fixes oss-fuzz 12738
	"graphicsmagick/enhance_fuzzer: Out-of-memory in
	graphicsmagick_enhance_fuzzer". (Credit to OSS-Fuzz)

2019-02-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dib.c (ReadDIBImage, WriteDIBImage): Improve buffer-size
	calculations to guard against buffer overflows.  The reader
	version was not as complete as it should have been, whereas the
	writer version did not guard against arithmetic overflow at all.

	* coders/bmp.c (ReadBMPImage, WriteBMPImage): Improve buffer-size
	calculations to guard against buffer overflows.  This is a
	follow-on fix to the previous fix submitted for SourceForge issue
	#582 "heap-buffer-overflow in ReadBMPImage of bmp.c" which is now
	also identified as CVE-2018-20185.

	* www/Hg.rst: Updates to reflect current usage and availability.

	* www/authors.rst: Promote Troy Patteson to the active contributor
	category.

2019-02-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/version.h.in: Rotate ChangeLog and update copyright
	statements for the new year.

2019-01-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/webp.c (WriteWEBPImage): Patch by Przemysław Sobala to
	support WebP 'use_sharp_yuv' option ("if needed, use sharp (and
	slow) RGB->YUV conversion") via `-define webp:use-sharp-yuv=true`.

2019-01-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/pixel_cache.c (SetNexus): Merge IsNexusInCore()
	implementation code into SetNexus() and add check for if
	cache_info->pixels is null.  Fixes SourceForge issue #588 "Bug in
	IsNexusInCore()".

	* configure.ac (DcrawExtraOptions): Request TIFF output from dcraw
	if build supports TIFF format in order to obtain more metadata.
	This allows obtaining some metadata from standard TIFF tags
	(e.g. camera make, model, and dcraw version), and any attached ICC
	profile, but not specifically EXIF data since we don't support
	extracting EXIF data from TIFF yet. Inspired by SourceForge issue
	589 "Identify lack of data (no Exif) in RAW formats".
