X-Git-Url: http://git.imager.perl.org/imager.git/blobdiff_plain/7b48687067611400f4c7b37e6f22e532e9d90570..ea3099db176771d11c73784c81dd212985fdd24b:/Changes

diff --git a/Changes b/Changes
index 42cafa08..97c275a6 100644
--- a/Changes
+++ b/Changes
@@ -1,11 +1,360 @@
 Imager release history.  Older releases can be found in Changes.old
 
+Coverity finally finished a build, fix a few problems:
+
+High severity:
+
+ - reading a color-mapped TGA file with an id string would cause a
+   double-free if the palette was truncated. CID 185317.
+
+ - mixing scaling to sizes where the accumulator row, the working
+   output row or the working input row didn't fit into the address
+   space could result in memory leaks.  This can probably only be
+   reproduced on very wide floating-point sample images. CID 185318.
+
+ - convert an array style function parameter pointer to pointer style
+   to prevent confusing Coverity in the T1 bounding box implementation.
+   CID 185343.
+
+ - Similarly in the FT1 bounding box implementation. CID 185338.
+
+ - Similarly for the i_tt_rasterize() function in the FT1
+   implementation.  CID 185303.
+
+ - initialize a pointer to prevent Coverity complaining in polygon
+   drawing (it should always end up being set.) CID 185341.
+
+ - addi style makemap could potentially read one past the end of an
+   array. CID 185337.
+
+ - supplying a numeric hatch of 32 to Imager::Fill->new(hatch => ...)
+   would result in read beyond the end of the built-in hatch array.
+   Negative values (which Coverity didn't complain about) could also
+   cause problems.  CID 185331.
+
+ - the Imager::Color set_internal() interal method no longer
+   calls the over-complicated ICL_set_internal() (which is retained
+   only for the old API.)  Coverity complained that this leaked, but
+   this could only occur with an invalid (NULL pointer) color object.
+   CID 185323.
+
+ - the underlying implementation of the map() method could read before
+   the beginning on an allocated array if supplied with inconsistent
+   parameters, which Coverity complained about.  No Imager code calls
+   that function with inconsistent parameters, but a
+   belt-and-suspenders check was added. CID 185315.
+
+ - Coverity complained a call to i_getcolors(), used by the
+   implementation of the is_bilevel() method could leave the fetched
+   colors uninitialized.  Added a return value check. CID 185308.
+
+ - a numeric combining mode of 13 (eg. as a parameter to
+   Imager::Fill->new())could cause an invalid array read in
+   i_get_combine() due to a fencepost error in validating the combine
+   number.  CID 185299.
+
+
+
+ - avoid an unneeded EXTEND() call when the FT1 has_chars()
+   implementation returns 0. CID 185350.
+
+ - avoid accessing a possibly NULL map from MakeMapObject() in a
+   logging call. (GIF) CID 185296.
+
+ - gradgen() allocated the wrong amount of space (always too much) for
+   the color array.  CID 185291.
+
+ - avoid dead code in i_tt_glyph_names(). CID 185321.
+
+Imager 1.008 - 31 Dec 2018
+============
+
+ - moved EXIF handling from Imager::File::JPEG to core Imager
+   This allows file formats that store EXIF data as blobs similarly
+   to JPEG to re-use this code. (such as Imager::File::WEBP)
+
+ - added some more file extensions to image file type mappings
+
+ - added add_type_extensions() class method
+
+Imager 1.007 - 24 Nov 2018
+============
+
+ - add png_compression_level tag for writing PNG files.
+
+ - avoid flooring a second time in matrix transform interpolation.
+   https://rt.cpan.org/Ticket/Display.html?id=124001
+
+ - produce v2 metadata.
+   Includes change from the ticket and updates to sub-modules.
+   https://rt.cpan.org/Ticket/Display.html?id=127216
+
+ - improve error reporting for the polygon() method
+
+Imager 1.006 - 26 Aug 2017
+============
+
+ - the internal i_errors() function now correctly allocates the stack
+   space needed for its result.
+   https://rt.perl.org/rt3/Ticket/Display.html?id=131938
+
+ - t/100-base/020-color.t now uses Imager::Test's test functions
+   instead of its own.
+   https://rt.cpan.org/Ticket/Display.html?id=111993
+
+ - write_multi() now returns an error result (a false value) if called
+   with a non-(Imager image object).  Previously it would typically
+   crash.
+   https://rt.cpan.org/Ticket/Display.html?id=117878
+
+ - improve the documentation of the jpegquality parameter when
+   writing JPEG files.
+
+ - add code to mitigate CVE-2016-1238, Imager will no longer search the
+   default current directory entry in @INC when searching for file
+   format support modules.
+
+Imager 1.005 - 16 Apr 2016
+============
+
+It's now been ten years since I switched to the new Changes file in
+release 0.55.
+
+ - revert the ivdformat probes, they don't work as is and trying to
+   fix them is too much work for now.
+
+Imager 1.004_004 - 15 Apr 2016
+================
+
+ - test that the ivdformat from Config is correct and look for a valid
+   one if it isn't.
+   For the strange Win32 failures.
+
+ - fix a copy and paste error in pod in samples/samp-form.cgi
+
+Imager 1.004_003 - 23 Mar 2016
+================
+
+ - add some extra error reporting to the I/O layers tests, this might
+   help catch a failure seen on Win32.
+   http://cpantesters.org/cpan/report/99781689-6bf5-1014-897a-75cb4eee1325
+
+Imager 1.004_002 - 20 Mar 2016
+================
+
+ - don't use the seek() method on opened() handles in
+   t/200-file/400-basic.t.  In older versions of perl such handles are
+   only IO::Handle objects, not IO::File, and don't have a seek()
+   method.
+
+Imager 1.004_001 - 16 Mar 2016 (Birthday release - but not my birthday)
+================
+
+ - re-work the t/200-file/400-basic.t to correctly handle failures
+   It's custom ok() function didn't have a prototype and didn't use scalar().
+   This caused ok() to use the note instead of the value being tested when
+   the method called returned an empty list.  For an example of the problem
+   caused see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812093
+
+ - remove some noise from when Imager tried to work with bugs in old
+   versions of giflib.  I can't do much about the new bugs.
+
+ - the new autolevels filter (Imager 0.99) used an integer for the
+   sample scaling factor which caused the top output level to be too
+   low (depending on the scaling required.)  It now uses a double.
+   https://rt.cpan.org/Ticket/Display.html?id=111871
+
+ - the new autolevels filter had off-by-one errors calculating the
+   minimum and maximum luminance from the histogram.  This slightly
+   reduced the contrast of the output image.
+   https://rt.cpan.org/Ticket/Display.html?id=111871
+
+ - the new autolevels filter now uses a lookup table for 8-bit images
+   to avoid a floating point multiply for each sample.
+   https://rt.cpan.org/Ticket/Display.html?id=111871
+
+ - fixed several memory leaks detected by valgrind:
+
+   - addcolors() leaked the temporary array of colors supplied to the
+     internal API
+
+   - make_palette() leaked the temporary image array (not the images
+     themselves) passed to the internal API.
+
+   - combine()/i_combine() leaked its working row buffers
+
+   - getcolorusage()/i_get_anonymous_color_histo() leaked the sample
+     buffer if there were too many colors
+
+   - getcolorcount()/i_count_colors() leaked the sample buffer if
+     there were too many colors.
+
+   - the nearest_color filter (undocumented until I find a use for it)
+     leaked both temporaries passed to the API and internal buffers
+
+   - the internal process of upgrading a paletted image to a direct
+     color image would leak a context object reference count.
+
+   - a write failure when writing to a GIF file could leak memory.
+
+   - failing to write to a 1-bit/pixel ICO image could leak memory.
+
+ - Imager no longer deliberately leaks the context object from the
+   initial thread.  This was done to ensure there was always a context
+   object available, but the code that needed that now handles the
+   lack correctly,
+
+ - fixed some uninitialized memory usage detected by valgrind:
+
+   - rotate()/i_rotate_exact()/i_rotate_exact_bg()/i_matrix_transform()/
+     i_matrix_transform_bg() didn't initialize a working color value
+     if there was zero pixel coverage.
+
+   - i_ft2_cp() didn't initialize the complete color when producing an
+     intermediate image.  This caused uninitialized value usage when
+     logging the color.
+
+Imager 1.004 - 8 Nov 2015
+============
+
+ - Imager::Color::Table is now pre-loaded by the preload() method.
+   https://rt.cpan.org/Ticket/Display.html?id=104896
+
+ - fix an assertion triggered under perl 5.23.4.
+   Thanks to A. Sinan Unur for the report and the patch.
+
+ - Imager->new can now be used to read raw image files.
+   https://rt.cpan.org/Ticket/Display.html?id=106836
+   Thanks to Richard Kelsch for reporting this.
+
+ - deal with output changes from Pod::Spell
+   https://github.com/perl-pod/Pod-Spell/issues/21
+
+Imager 1.003 - 12 May 2015
+============
+
+ - update 1.002 release notes to include the center change for filled
+   circle drawing.
+
+ - flood_fill() would escape beyond a 4-connected space under some
+   circumstances.
+   Added many more flood_fill() tests.
+   https://rt.cpan.org/Ticket/Display.html?id=103786
+
+Imager 1.002 - 3 Apr 2015
+============
+
+ - drawing anti-aliased filled circles is now 10 to 50 times faster
+   depending on the size of the circle.
+   This also changed the center from being the center of the pixel to
+   being the top left of the pixel to match the filled arcs drawn by
+   arc().
+   https://rt.cpan.org/Ticket/Display.html?id=101682
+
+ - enhancements to polygon filling:
+
+   - added a mode parameter to control how overlapping regions behave
+
+   - added a polypolygon() method to fill more than one polygon at a
+     time
+
+   - polygon filling is now exposed through the API.
+
+ - added colormodel(), alphachannel() and colorchannels() methods.
+   These were added for two reasons:
+
+    - a future version of Imager may allow the number of channels in
+      an image to not directly represent the color model of an image.
+      eg. a greyscale TIFF image with multiple alpha channels.
+
+    - a future version of Imager may allow an image to be read without
+      translation, for example a TIFF file that contains measurements
+      from an instrument.  Currently Imager transforms the samples into
+      the range 0.0 ... 1.0 which may means the user has to translate
+      the value back.
+
+      An untranslated image would be unusable as image data, so
+      colormodel() would return "unknown" in this case.
+
+      Similarly a CMYK image might be returned as an "unknown" color
+      model image, if the caller chooses to disable translation to
+      RGB.
+
+Imager 1.001 - 2 Jan 2015
+============
+
+ - both Imager and perl 5.21.3 define my_strerror(), prevent a conflict
+   Thanks to Slaven Rezic for the report and the patch.
+   https://rt.cpan.org/Public/Bug/Display.html?id=98234
+
+ - GIF: clean-up a test file if the test for the giflib 4.2.0 file
+   version bug fails.
+
+ - fix Imager::Matrix2d::rotate()'s centre point handling
+   https://rt.cpan.org/Public/Bug/Display.html?id=99959
+
+ - ICO: don't apply the icon mask to images with an alpha channel by
+   default
+   https://rt.cpan.org/Public/Bug/Display.html?id=99507
+
+ - make verbose probing output more verbose
+
+ - use Imager::Probe to probe for freetype 1.x
+   https://rt.cpan.org/Ticket/Display.html?id=100502
+
+ - The --enable and --disable parameters to the top-level Makefile.PL
+   work again.
+
+ - update the bundled/modified Devel::CheckLib to handle the gcc-4
+   symlink on Cygwin
+
+Imager 1.000 - 28 Jul 2014
+============
+
+There's nothing special about Imager 1.000, it's just another release.
+
+ - fix the skip check for the iolayer qr// buffer test
+
+ - improve error reporting for the iolayer test failing on a small
+   number of Win32 CPAN testers
+
+Imager 0.99_02 - 21 Jul 2014
+==============
+
+ - Imager::Filter::Mandelbrot (and dynfilt/mandelbrot.c) - initialize
+   the blue channel in the generated palette, and allow each color
+   component to be in the range 100..255 instead of just 100..254.
+   Thanks to Ralf Neubauer.
+   https://rt.cpan.org/Ticket/Display.html?id=97086
+
+ - revert "improved the XS for i_io_read() and i_io_raw_read()"
+   This caused problems with older perls and didn't provide much of a
+   performance improvement.
+
+ - support Inline 0.57 and later.
+   Inline 0.57 changed the "with" interface.
+   https://rt.cpan.org/Ticket/Display.html?id=97108
+
+ - don't define our own MAXINT macro, it conflicts with windows header
+   files and in a few places it was the wrong value to use anyway.
+   https://rt.cpan.org/Ticket/Display.html?id=96425
+
+Imager 0.99_01 - 29 Jun 2014
+==============
+
  - GIF: add support for giflib 5.1.0, which added error code pointer
    parameters to EGifCloseFile() and DGifCloseFile().
    https://rt.cpan.org/Ticket/Display.html?id=96756
 
  - GIF: avoid a double-free when do_write() fails.
 
+ - fix SV type probing to work on perl before 5.12.  Broken in 0.99.
+   https://rt.cpan.org/Ticket/Display.html?id=96761
+
+ - PNG: skip the benign error test before libpng 1.6.0, since the
+   error we're testing didn't exist before 1.6.0.
+   https://rt.cpan.org/Ticket/Display.html?id=94717 (continued)
+
 Imager 0.99 - 25 Jun 2014
 ===========
 
@@ -354,7 +703,7 @@ Enhancements:
 
  - avoid static variables when capturing IPTC data from JPEG files
 
- - match Imager::Font;:T1's error message translations to those from
+ - match Imager::Font::T1's error message translations to those from
    later versions of T1Lib.
 
  - for libtiff versions that support extended warning handlers (3.8.0