Next | Query returned 147 messages, browsing 31 to 40 | Previous

History of commit frequency

CVS Commit History:


   2018-02-25 15:34:22 by Roland Illig | Files touched by this commit (3)
Log message:
graphics/gd: fix undefined behavior in ctype functions
   2017-09-04 08:20:45 by Adam Ciarcinski | Files touched by this commit (5)
Log message:
Changes 2.2.5:

Security
* Double-free in gdImagePngPtr(). (CVE-2017-6362)
* Buffer over-read into uninitialized memory. (CVE-2017-7890)

Fixed
* Fix 109: XBM reading fails with printed error
* Fix 338: Fatal and normal libjpeg/ibpng errors not distinguishable
* Fix 357: 2.2.4: Segfault in test suite
* Fix 386: gdImageGrayScale() may produce colors
* Fix 406: webpng -i removes the transparent color
* Fix Coverity 155475: Failure to restore alphaBlendingFlag
* Fix Coverity 155476: potential resource leak
* Fix several build issues and test failures
* Fix and reenable optimized support for reading 1 bps TIFFs

Added
* The native MSVC buildchain now supports libtiff and most executables
   2017-04-15 17:50:42 by Kimmo Suominen | Files touched by this commit (3)
Log message:
Make tiff option when building gd, as tiff has many long-standing
vulnerabilities. Still enabled by default, as before. Ok by wiz@.

Fixes PR pkg/52148 and adds tiff to PKG_SUGGESTED_OPTIONS.
   2017-02-28 16:20:12 by Ryo ONODERA | Files touched by this commit (208)
Log message:
Recursive revbump from graphics/libwebp
   2017-02-09 04:27:30 by Min Sik Kim | Files touched by this commit (2)
Log message:
Make gd build on Darwin

Include limits.h to use INT_MAX.
   2017-02-05 00:05:52 by S.P.Zeidler | Files touched by this commit (3) | Package updated
Log message:
update of gd to 2.2.4.

Upstream Changelog:
Security

    gdImageCreate() doesn't check for oversized images and as such is prone to \ 
DoS vulnerabilities. (CVE-2016-9317)
    double-free in gdImageWebPtr() (CVE-2016-6912)
    potential unsigned underflow in gd_interpolation.c
    DOS vulnerability in gdImageCreateFromGd2Ctx()

Fixed

    Fix #354: Signed Integer Overflow gd_io.c
    Fix #340: System frozen
    Fix OOB reads of the TGA decompression buffer
    Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
    Fix potential unsigned underflow
    Fix double-free in gdImageWebPtr()
    Fix invalid read in gdImageCreateFromTiffPtr()
    Fix OOB reads of the TGA decompression buffer
    Fix #68: gif: buffer underflow reported by AddressSanitizer
    Avoid potentially dangerous signed to unsigned conversion
    Fix #304: test suite failure in gif/bug00006 [2.2.3]
    Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border
    Fix #330: Integer overflow in gdImageScaleBilinearPalette()
    Fix 321: Null pointer dereferences in gdImageRotateInterpolated
    Fix whitespace and add missing comment block
    Fix #319: gdImageRotateInterpolated can have wrong background color
    Fix color quantization documentation
    Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
    Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag
    Fix #300: gdImageClone() assigns res_y = res_x
    Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()
    Replace GNU old-style field designators with C89 compatible initializers
    Fix #297: gdImageCrop() converts palette image to truecolor image
    Fix #290: TGA RLE decoding is broken
    Fix unnecessary non NULL checks
    Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files
    Fix #280: gdImageWebpEx() quantization parameter is a misnomer
    Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
    Fix issue #276: Sometimes pixels are missing when storing images as BMPs
    Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
    Fix copy&paste error in gdImageScaleBicubicFixed()

Added

    More documentation
    Documentation on GD and GD2 formats
    More tests
   2016-10-05 05:10:31 by Takahiro Kambe | Files touched by this commit (3)
Log message:
Add fix for CVE-2016-7568.

Bump PKGREVISION.
   2016-08-03 13:06:50 by Thomas Klausner | Files touched by this commit (1)
Log message:
Fix unresolvable dependency.
   2016-08-03 12:23:40 by Adam Ciarcinski | Files touched by this commit (1248) | Package updated
Log message:
Revbump after graphics/gd update
   2016-08-02 20:29:21 by Adam Ciarcinski | Files touched by this commit (11) | Package removed
Log message:
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting \ 
consistent). Another important milestone in the GD 2.2 series.

Security related fixes: This flaw is caused by loading data from external \ 
sources (file, custom ctx, etc) and are hard to validate before calling libgd \ 
APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga

Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( \ 
CVE-2016-6128)
* improve color check for CropThreshold

Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha \ 
channel, also brings libgd in sync with php's bundled gd.

Next | Query returned 147 messages, browsing 31 to 40 | Previous