pkgsrc.se | The NetBSD package collection

./graphics/gd, Graphics library for the dynamic creation of images

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2016Q2, Version: 2.2.3, Package name: gd-2.2.3, Maintainer: adam

gd is a graphics library. It allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and write out the result as a .PNG
file. This is particularly useful in World Wide Web applications,
where .PNG is one of the formats accepted for inline images by most
browsers.

gd is not a paint program. If you are looking for a paint program, you
are looking in the wrong place. If you are not a programmer, you are
looking in the wrong place.

gd does not provide for every possible desirable graphics operation.
It is not necessary or desirable for gd to become a kitchen-sink
graphics package, but incorporates most of the commonly requested
features for an 8-bit 2D package.

Required to run:
[fonts/fontconfig] [graphics/freetype2] [graphics/png] [graphics/tiff] [graphics/libwebp] [lang/perl5]

Master sites:

https://github.com/libgd/ (Download)

SHA1: 2f8cebec5afd6c83a3d5cb92f40ea4926b4daa98
RMD160: e6c29133c2ea33c8ba16571892d2798ef0f5afea
Filesize: 2113.43 KB

Version history: (Expand)

(2016-08-10) Updated to version: gd-2.2.3
(2016-07-07) Package has been reborn
(2016-07-06) Package added to pkgsrc.se, version gd-2.1.1nb3 (created)

CVS history: (Expand)

2016-08-10 20:12:37 by Benny Siegert | Files touched by this commit (11) | Package removed

Log message:
Pullup ticket #5080 - requested by sevan
graphics/gd: security fix

Revisions pulled up:
- graphics/gd/Makefile                                          1.111
- graphics/gd/buildlink3.mk                                     1.37
- graphics/gd/distinfo                                          1.41
- graphics/gd/options.mk                                        1.5
- graphics/gd/patches/patch-aa                                  deleted
- graphics/gd/patches/patch-ab                                  deleted
- graphics/gd/patches/patch-configure                           deleted
- graphics/gd/patches/patch-configure.ac                        deleted
- graphics/gd/patches/patch-src_gd__bmp.c                       deleted
- graphics/gd/patches/patch-src_gd__crop.c                      deleted
- graphics/gd/patches/patch-src_webpimg.c                       deleted

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Tue Aug  2 18:29:21 UTC 2016

   Modified Files:
           pkgsrc/graphics/gd: Makefile buildlink3.mk distinfo options.mk
   Removed Files:
           pkgsrc/graphics/gd/patches: patch-aa patch-ab patch-configure
               patch-configure.ac patch-src_gd__bmp.c patch-src_gd__crop.c
               patch-src_webpimg.c

   Log message:
   We welcome the 2.2.3 release around a month after 2.2.2 (we are getting \ 
consistent). Another important milestone in the GD 2.2 series.

   Security related fixes: This flaw is caused by loading data from external \ 
sources (file, custom ctx, etc) and are hard to validate before calling libgd \ 
APIs:
   * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
   * bug 247, A read out-of-bands was found in the parsing of TGA files \ 
(CVE-2016-6132)
   * also bug 247, Buffer over-read issue when parsing crafted TGA file \ 
(CVE-2016-6214)
   * bug 248, fix Out-Of-Bounds Read in read_image_tga

   Using application provided parameters, in these cases invalid data causes the \ 
issues:
   * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
   * fix php bug 72494, invalid color index not handled, can lead to crash ( \ 
CVE-2016-6128)
   * improve color check for CropThreshold

   Important update:
   * gdImageCopyResampled has been improved. Better handling of images with \ 
alpha channel, also brings libgd in sync with php's bundled gd.