2018-02-25 15:34:22 by Roland Illig | Files touched by this commit (3) |
Log message:
graphics/gd: fix undefined behavior in ctype functions
|
2017-09-04 08:20:45 by Adam Ciarcinski | Files touched by this commit (5) |
Log message:
Changes 2.2.5:
Security
* Double-free in gdImagePngPtr(). (CVE-2017-6362)
* Buffer over-read into uninitialized memory. (CVE-2017-7890)
Fixed
* Fix 109: XBM reading fails with printed error
* Fix 338: Fatal and normal libjpeg/ibpng errors not distinguishable
* Fix 357: 2.2.4: Segfault in test suite
* Fix 386: gdImageGrayScale() may produce colors
* Fix 406: webpng -i removes the transparent color
* Fix Coverity 155475: Failure to restore alphaBlendingFlag
* Fix Coverity 155476: potential resource leak
* Fix several build issues and test failures
* Fix and reenable optimized support for reading 1 bps TIFFs
Added
* The native MSVC buildchain now supports libtiff and most executables
|
2017-04-15 17:50:42 by Kimmo Suominen | Files touched by this commit (3) |
Log message:
Make tiff option when building gd, as tiff has many long-standing
vulnerabilities. Still enabled by default, as before. Ok by wiz@.
Fixes PR pkg/52148 and adds tiff to PKG_SUGGESTED_OPTIONS.
|
2017-02-28 16:20:12 by Ryo ONODERA | Files touched by this commit (208) |
Log message:
Recursive revbump from graphics/libwebp
|
2017-02-09 04:27:30 by Min Sik Kim | Files touched by this commit (2) |
Log message:
Make gd build on Darwin
Include limits.h to use INT_MAX.
|
2017-02-05 00:05:52 by S.P.Zeidler | Files touched by this commit (3) | |
Log message:
update of gd to 2.2.4.
Upstream Changelog:
Security
gdImageCreate() doesn't check for oversized images and as such is prone to \
DoS vulnerabilities. (CVE-2016-9317)
double-free in gdImageWebPtr() (CVE-2016-6912)
potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Fixed
Fix #354: Signed Integer Overflow gd_io.c
Fix #340: System frozen
Fix OOB reads of the TGA decompression buffer
Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Fix potential unsigned underflow
Fix double-free in gdImageWebPtr()
Fix invalid read in gdImageCreateFromTiffPtr()
Fix OOB reads of the TGA decompression buffer
Fix #68: gif: buffer underflow reported by AddressSanitizer
Avoid potentially dangerous signed to unsigned conversion
Fix #304: test suite failure in gif/bug00006 [2.2.3]
Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border
Fix #330: Integer overflow in gdImageScaleBilinearPalette()
Fix 321: Null pointer dereferences in gdImageRotateInterpolated
Fix whitespace and add missing comment block
Fix #319: gdImageRotateInterpolated can have wrong background color
Fix color quantization documentation
Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag
Fix #300: gdImageClone() assigns res_y = res_x
Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()
Replace GNU old-style field designators with C89 compatible initializers
Fix #297: gdImageCrop() converts palette image to truecolor image
Fix #290: TGA RLE decoding is broken
Fix unnecessary non NULL checks
Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files
Fix #280: gdImageWebpEx() quantization parameter is a misnomer
Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
Fix issue #276: Sometimes pixels are missing when storing images as BMPs
Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
Fix copy&paste error in gdImageScaleBicubicFixed()
Added
More documentation
Documentation on GD and GD2 formats
More tests
|
2016-10-05 05:10:31 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Add fix for CVE-2016-7568.
Bump PKGREVISION.
|
2016-08-03 13:06:50 by Thomas Klausner | Files touched by this commit (1) |
Log message:
Fix unresolvable dependency.
|
2016-08-03 12:23:40 by Adam Ciarcinski | Files touched by this commit (1248) | |
Log message:
Revbump after graphics/gd update
|
2016-08-02 20:29:21 by Adam Ciarcinski | Files touched by this commit (11) | |
Log message:
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting \
consistent). Another important milestone in the GD 2.2 series.
Security related fixes: This flaw is caused by loading data from external \
sources (file, custom ctx, etc) and are hard to validate before calling libgd \
APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga
Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( \
CVE-2016-6128)
* improve color check for CropThreshold
Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha \
channel, also brings libgd in sync with php's bundled gd.
|