GraphicsMagick-1.3.28-bp151.4.2

- Add explicit buildrequires on: pkgconfig(libwebpmux),
  pkgconfig(libpng), pkgconfig(x11), pkgconfig(xext),
  pkgconfig(zlib), libjpeg-devel. all
  of them direct build dependencies but not included in
  the spec file

- update to 1.3.28:
  * Security Fixes:
    BMP: Fix non-terminal loop due to unexpected bit-field mask
    value (DOS opportunity).
    PALM: Fix heap buffer underflow in builds with QuantumDepth=8.
    SetNexus() Fix heap overwrite under certain conditions due to
    using a wrong destination buffer. This issue impacts all
    1.3.X releases.
    TIFF: Fix heap buffer read overflow in LocaleNCompare() when
    parsing NEWS profile.
  * Bug fixes:
    DescribeImage(): Eliminate possible use of null pointer.
    GIF: Fix memory leak of global colormap in error path.
    GZ: Writing to gzip files with the extension ".gz" was
    not working with Zlib 1.2.8.
    JNG: Fix buffer read overflow (a tiny fixed overflow of just
    one byte).
    JPEG: Promoting certain libjpeg warnings to errors caused
    much more problems than expected. The promotion of
    warnings to errors is removed. Claimed pixel dimensions
    are validated by file size before allocating memory for
    the pixels.
    IntegralRotateImage(): Assure that reported error in rotate by
    270 case does immediately terminate processing.
    MNG: Fix possible null pointer reference related to DEFI chunk
    parsing. Fix minor heap read overflow (constrained to just
    one byte) due to an ordering issue in a limit check. Fix
    memory leaks in error path.
    WebP: Fix stack buffer overflow in WriteWEBPImage() which
    occurs with libwebp 0.5.0 or newer due to a structure type
    change in the structure passed to the progress monitor
    callback.
    WPG: Memory leaks fixed.
  * API Updates:
    InterpolateViewColor(): This function now returns MagickPassFail
    (an unsigned int) rather than void so that errors can be
    efficiently reported.
    The magick/pixel_cache.h header is updated to add deprecation
    attributes such that code using GetPixels(), GetIndexes(),
    and GetOnePixel() will produce deprecation warnings for
    compilers which support them. These functions will not be
    removed in the 1.3.X release series and when they are
    removed, pre-processor macros will be added so a replacement
    function is used instead. There is a long-term objective to
    eliminate functionally-redundant pixel cache functions to
    only the ones with the best properties since this reduces
    maintenance and may reduce the depth of the call stack
    (improving performance).
  * removed unneded GraphicsMagick-release-date-missing-quote.patch

- update to 1.3.27:
  * New Features:
    . PNG: Implemented eXIf chunk support.
    . WEBP: Add support for EXIF and ICC metadata provided that at
    least libwebp 0.5.0 is used.
    . Magick++ Image autoOrient(): New Image method to auto-orient an
    image so it looks right-side up by default.
  * Behavior Changes:
    . PALM: PALM writer is disabled.
    . ThrowLoggedException(): Capture the first exception
    at ErrorException level or greater, or only capture exception
    if it is more severe than an already reported exception.
    . DestroyJNG(): This internal function is now declared static
    and is removed from shared library or DLL namespace.
  * lot of security and other bug fixes, see
    https://sourceforge.net/projects/graphicsmagick/files/graphicsmagick/1.3.27/
- added GraphicsMagick-release-date-missing-quote.patch

- builds for sle11

- fix perl bindings
  + GraphicsMagick-perl-linkage.patch from fedora
- turn on perl test suite

- Trim descriptions. Redo summaries and RPM groups.

- Drop patches not meintioned in the changelog ever:
  * GraphicsMagick-debian-fixed.patch
  * GraphicsMagick-include.patch
  * GraphicsMagick-perl-link.patch
  * The package builds just fine without them and there is no
    refference explaining it
- Convert the deps to pkgconfig variants where possible.

- Version update to 1.3.26:
  * DPX: Fix excessive use of memory (DOS issue) due to file header
    claiming large image dimensions but insufficient backing
    data. (CVE-2017-10799 bsc#1047054).
  * JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
  * MAT: Fix excessive use of memory (DOS issue) due to continuing
    processing with insufficient data and claimed large image
    size. Verify each file extent to make sure that it is within range
    of file size. (CVE-2017-10800 bsc#1047044).
  * META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
  * PCX: Fix denial of service issue.
  * RLE: Fix abnomally slow operation (denial of service issue) with
    intentionally corrupt colormapped file.
  * PICT: Fix possible buffer overflow vulnerability given suitably
    truncated input file.
  * PNG: Enforce spec requirement that the dimensions of the JPEG
    embedded in a JDAT chunk must match the JHDR dimensions
    (CVE-2016-9830).
  * PNG: Avoid NULL dereference when MAGN chunk processing fails.
  * SCT: Fix stack-buffer read overflow (underflow?) while reading SCT
    header.
  * SGI: Fix denial of service issues.  Delay large memory allocations
    until file header has fully passed sanity checks.
  * TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to
    have only 2 samples per pixel (CVE-2017-6335 bsc#1027255).
  * TIFF: Fix out of bounds read when reading RGB TIFF which claims to
    have only 1 sample per pixel (CVE-2017-10794).
  * WPG: Fix heap overflow (CVE-2016-7996).  Fix assertion crash
    (CVE-2016-7997).
  * DifferenceImage(): Fix Fix all-black difference image if an input
    file is colormapped.
  * EXIF orientation was not being properly detected for some files.
  * -frame: The `import` command -frame handling was improperly
    implemented and was using already freed data.
  * GIF: Fixes for "Excessive LZW string data" problem.
  * Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and
    PathSmoothCurvetoRel::operator().
  * PAM: Support writing GRAYSCALE PAM format.
  * PNG: Fix memory leaks.
  * SVG: Fixed a memory leak.  Fixed a possible null pointer dereference.
  * TclMagick: Problem that TkMagick could not resolve functions from
    TclMagick under Linux is fixed.
  * TclMagick: Fix parser validatation in magickCmd() to avoid crash
    given a syntax error.
  * TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG
    library in state 0. (LibJpeg).").
  * TXT: Fixed memory leak.
  * XCF: Error checking is improved.
  * EXIF rotation: Support is added such that the EXIF orientation tag
    is updated when the image is rotated.
  * MAT: Now support reading multiple images from Matlab V4 format.
  * Magick++: Orientation method now updates orientation in EXIF
    profile, if it exists.
  * Magick++: Added Image attribute method which accepts a 'char *'
    argument, and will remove the attribute if the value argument is
    NULL.
  * -orient: The -orient command line option now also updates the
    orientation in the EXIF profile, if it exists.
  * PGX: Support PGX JPEG 2000 format for reading and writing (within
    the bounds of what JasPer supports).
  * Wand API: Added MagickAutoOrientImage(),
    MagickGetImageOrientation(), MagickSetImageOrientation(),
    MagickRemoveImageOption(), and MagickClearException().
- Drop merged patch GraphicsMagick-CVE-2017-8350.patch

- complementary fix for CVE-2017-8350 [bsc#1036985 c13-c21]
  * GraphicsMagick-CVE-2017-8350.patch

- update to 1.3.25:
  * EscapeParenthesis(): I was notified by Gustavo Grieco of a heap
    overflow in EscapeParenthesis() used in the text annotation code.
    While not being able to reproduce the issue, the implementation of
    this function is completely redone.
  * Utah RLE: Reject truncated/absurd files which caused huge memory
    allocations and/or consumed huge CPU.  Problem was reported by
    Agostino Sarubbo based on testing with AFL.
  * SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
    the MVG rendering code (also impacts SVG).
  * TIFF: Fix heap buffer read overflow while copying sized TIFF
    attributes.  Problem was reported by Agostino Sarubbo based on
    testing with AFL.

- Build "gm" as position independend executable (PIE).

- updated to 1.3.24:
  * many security related changes (incl. CVE-2016-5118), see
    ChangeLog
- removed patches:
  * GraphicsMagick-CVE-2016-5118.patch
  * GraphicsMagick-upstream-delegates-safer.patch
  * GraphicsMagick-upstream-disable-mvg-ext.patch
  * GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
  * GraphicsMagick-upstream-image-sanity-check.patch

- security update:
  * CVE-2016-5118 [bsc#982178]
    + GraphicsMagick-CVE-2016-5118.patch

- Multiple security issues in GraphicsMagick/ImageMagick [boo#978061]
  (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717)
  * GraphicsMagick-upstream-delegates-safer.patch
  * GraphicsMagick-upstream-disable-mvg-ext.patch
  * GraphicsMagick-upstream-disable-tmp-magick-prefix.patch
  * GraphicsMagick-upstream-image-sanity-check.patch

- Update to version 1.3.23
  * See included NEWS.txt for details

- Update to version 1.3.22
  * See included NEWS.txt for details

- Update to version 1.3.21
  * See included NEWS.txt for details

- Move library configuration files to separated package

- Fix devel package dependencies

- Update to version 1.3.20
  * See included NEWS.txt for details
- Enable quantum depth in shared library names
- Enable bzip2, jbig, webp support
- Use LCMSv2