Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2017-03-03 16:26:32 by Benny Siegert | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #5221 - requested by spz
graphics/gd: security fix

Revisions pulled up:
- graphics/gd/Makefile                                          1.113
- graphics/gd/distinfo                                          1.43
- graphics/gd/patches/patch-src_gd__webp.c                      deleted

---
   Module Name:    pkgsrc
   Committed By:   spz
   Date:           Sat Feb  4 23:05:52 UTC 2017

   Modified Files:
           pkgsrc/graphics/gd: Makefile distinfo
   Removed Files:
           pkgsrc/graphics/gd/patches: patch-src_gd__webp.c

   Log message:
   update of gd to 2.2.4.

   Upstream Changelog:
   Security

       gdImageCreate() doesn't check for oversized images and as such is prone \ 
to DoS vulnerabilities. (CVE-2016-9317)
       double-free in gdImageWebPtr() (CVE-2016-6912)
       potential unsigned underflow in gd_interpolation.c
       DOS vulnerability in gdImageCreateFromGd2Ctx()

   Fixed

       Fix #354: Signed Integer Overflow gd_io.c
       Fix #340: System frozen
       Fix OOB reads of the TGA decompression buffer
       Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
       Fix potential unsigned underflow
       Fix double-free in gdImageWebPtr()
       Fix invalid read in gdImageCreateFromTiffPtr()
       Fix OOB reads of the TGA decompression buffer
       Fix #68: gif: buffer underflow reported by AddressSanitizer
       Avoid potentially dangerous signed to unsigned conversion
       Fix #304: test suite failure in gif/bug00006 [2.2.3]
       Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border
       Fix #330: Integer overflow in gdImageScaleBilinearPalette()
       Fix 321: Null pointer dereferences in gdImageRotateInterpolated
       Fix whitespace and add missing comment block
       Fix #319: gdImageRotateInterpolated can have wrong background color
       Fix color quantization documentation
       Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
       Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag
       Fix #300: gdImageClone() assigns res_y = res_x
       Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()
       Replace GNU old-style field designators with C89 compatible initializers
       Fix #297: gdImageCrop() converts palette image to truecolor image
       Fix #290: TGA RLE decoding is broken
       Fix unnecessary non NULL checks
       Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted \ 
files
       Fix #280: gdImageWebpEx() quantization parameter is a misnomer
       Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
       Fix issue #276: Sometimes pixels are missing when storing images as BMPs
       Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
       Fix copy&paste error in gdImageScaleBicubicFixed()

   Added

       More documentation
       Documentation on GD and GD2 formats
       More tests

Next | Query returned 1 messages, browsing 1 to 10 | previous