Security
* Double-free in gdImagePngPtr(). (CVE-2017-6362)
* Buffer over-read into uninitialized memory. (CVE-2017-7890)
Fixed
* Fix 109: XBM reading fails with printed error
* Fix 338: Fatal and normal libjpeg/ibpng errors not distinguishable
* Fix 357: 2.2.4: Segfault in test suite
* Fix 386: gdImageGrayScale() may produce colors
* Fix 406: webpng -i removes the transparent color
* Fix Coverity 155475: Failure to restore alphaBlendingFlag
* Fix Coverity 155476: potential resource leak
* Fix several build issues and test failures
* Fix and reenable optimized support for reading 1 bps TIFFs
Added
* The native MSVC buildchain now supports libtiff and most executables
Upstream Changelog:
Security
gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
double-free in gdImageWebPtr() (CVE-2016-6912)
potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Fixed
Fix#354: Signed Integer Overflow gd_io.c
Fix#340: System frozen
Fix OOB reads of the TGA decompression buffer
Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Fix potential unsigned underflow
Fix double-free in gdImageWebPtr()
Fix invalid read in gdImageCreateFromTiffPtr()
Fix OOB reads of the TGA decompression buffer
Fix#68: gif: buffer underflow reported by AddressSanitizer
Avoid potentially dangerous signed to unsigned conversion
Fix#304: test suite failure in gif/bug00006 [2.2.3]
Fix#329: GD_BILINEAR_FIXED gdImageScale() can cause black border
Fix#330: Integer overflow in gdImageScaleBilinearPalette()
Fix 321: Null pointer dereferences in gdImageRotateInterpolated
Fix whitespace and add missing comment block
Fix#319: gdImageRotateInterpolated can have wrong background color
Fix color quantization documentation
Fix#309: gdImageGd2() writes wrong chunk sizes on boundaries
Fix#307: GD_QUANT_NEUQUANT fails to unset trueColor flag
Fix#300: gdImageClone() assigns res_y = res_x
Fix#299: Regression regarding gdImageRectangle() with gdImageSetThickness()
Replace GNU old-style field designators with C89 compatible initializers
Fix#297: gdImageCrop() converts palette image to truecolor image
Fix#290: TGA RLE decoding is broken
Fix unnecessary non NULL checks
Fix#289: Passing unrecognized formats to gdImageGd2 results in corrupted files
Fix#280: gdImageWebpEx() quantization parameter is a misnomer
Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
Fix issue #276: Sometimes pixels are missing when storing images as BMPs
Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
Fix copy&paste error in gdImageScaleBicubicFixed()
Added
More documentation
Documentation on GD and GD2 formats
More tests
Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga
Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
* improve color check for CropThreshold
Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.
Changelog:
GD team proudly announces that the 2.1.1 version of GD Graphics Library
has been released. We have fixed some reported bugs and improved the build
scripts (cmake and configure). See the Changelog files for a full list
with details or CVEs.
This is a recommended update.
Technically this change should bump PKGREVISION (as it changes the
binary package ever so slightly for platforms where the ceill() didn't
cause a build failure) but I'm going to let it slide.
* gdColorMapLookup() answers the RGB values according to given color map
* Added support of variable resolution
* new filter gdImagePixelate()
* merged improvements that PHP GD team had made to GD Graphics Library
* bugfixes
* Fix valgrind error in gdImageFillTiled
* Add missing custom cmake macros
* Avoid signature buffer copy in gd_gif_c
* Race condition in gdImageStringFTEx
* Reading GIF images is not thread safe (static usage in private functions)
* GIF Local palette is read twice
* GIF, Use local frame dimension when possible instead of the logical screen size
* OpenVMS build support, see VMS/README.VMS for the details
* GIF, do not try to use the global colmap if it does not exist
* gdImageAALine draws axis lines with two pixels width
* TTF usage doesn't work properly on Netware
* gdImageArc CPU usage with large angles
* gdImageFilledRectangle regression fixed when used with reversed edges
* Possible infinite loop in libgd/gd_png.c, flaw found by Xavier Roche
* Fixed segfault when an invalid color index is present in a GIF image data
* Possible integer overflow in gdImageCreateTrueColor
* gdImageCreateXbm can crash if gdImageCreate fails
* 32-bit multiplication overflow vulnerabilities along with a number of similar
issues
* Memory allocation errors that were not checked
* Multiple issues in the GIF loader. Corrupt gif images would cause a segfault
or infinite loop
* Malformed or empty PNG image also may have caused segfaults
* gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0)
* Antialiased lines drawn on an images edge caused a segfault
* gdImageFill segfaulted when used with patterns or invalid arguments
* gdImageFilledEllipse did not respect transparency
"The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote
attackers to cause a denial of service (CPU consumption) via malformed
GIF data that causes an infinite loop."
Patch from Xavier Roche via Ubuntu.
* Add support for FreeType2 (John Ellson ellson@lucent.com)
[not used in the package right now]
* Add support for finding in fonts in a builtin DEFAULT_FONTPATH, or in a path
from the GDFONTPATH environment variable.
* remove some unused symbols to reduce compiler warnings
* bugfix in size comparisons in gdImageCompare
* REXX now mentioned
* All memory allocation functions are now wrapped within the library; gdFree is
exported and recommended for freeing memory returned by the
gdImage(Something)Ptr family of functions.
Based on a package sent to tech-pkg by Adam Ciarcinski.
* Build process no longer uses configure.
* Change DESCR to reflect that gd makes PNG, not GIF, files.
* Version library at 1.7. Fixes PR#????
Changes from version 1.6.3:
--------------------------
What's new in version 1.7.3?
Another attempt at Makefile fixes to permit linking with all libraries
required on platforms with order- dependent linkers. Perhaps it will
work this time.
What's new in version 1.7.2?
An uninitialized-pointer bug in gdtestttf.c was corrected. This bug
caused crashes at the end of each call to gdImageStringTTF on some
platforms. Thanks to Wolfgang Haefelinger.
Documentation fixes. Thanks to Dohn Arms.
Makefile fixes to permit linking with all libraries required on
platforms with order- dependent linkers.
What's new in version 1.7.1?
A minor buglet in the Makefile was corrected, as well as an inaccurate
error message in gdtestttf.c. Thanks to Masahito Yamaga.
What's new in version 1.7?
Version 1.7 contains the following changes:
* Japanese language support for the TrueType functions. Thanks to
Masahito Yamaga.
* autoconf and configure have been removed, in favor of a carefully
designed Makefile which produces and properly installs the library
and the binaries. System-dependent variables are at the top of the
Makefile for easy modification. I'm sorry, folks, but autoconf
generated _many, many confused email messages_ from people who
didn't have things where autoconf expected to find them. I am not
an autoconf/automake wizard, and gd is a simple, very compact
library which does not need to be a shared library. I _did_ make
many improvements over the old gd 1.3 Makefile, which were
directly inspired by the autoconf version found in the 1.6 series
(thanks to John Ellson).
* Completely ANSI C compliant, according to the -pedantic-errors
flag of gcc. Several pieces of not-quite-ANSI-C code were causing
problems for those with non-gcc compilers.
* gdttf.c patched to allow the use of Windows symbol fonts, when
present (thanks to Joseph Peppin).
* extern "C" wrappers added to gd.h and the font header files for
the convenience of C++ programmers. bdftogd was also modified to
automatically insert these wrappers into future font header files.
Thanks to John Lindal.
* Compiles correctly on platforms that don't define SEEK_SET. Thanks
to Robert Bonomi.
* Loads Xpm images via the gdImageCreateFromXpm function, if the Xpm
library is available. Thanks to Caolan McNamara.
Jim Spath.
Changes from previous version include:
+ Version 1.6.3 corrects a memory leak in gd_png.c. This leak caused a
significant amount of memory to be allocated and not freed when
writing a PNG image.
+ Version 1.6.2 from John Ellson adds two new functions:
gdImageStringTTF gdImageColorResolve
+ Version 1.6.1 incorporates superior PNG reading and writing code
from Greg Roelofs, with minor modifications by Tom Boutell.
+ Version 1.6 features the following changes:
Support for 8-bit palette PNG images has been added. Support for GIF
has been removed. This step was taken to completely avoid the legal
controversy regarding the LZW compression algorithm used in GIF.
Unisys holds a patent which is relevant to LZW compression. PNG is a
superior image format in any case. Now that PNG is supported by both
Microsoft Internet Explorer and Netscape (in their recent releases),
we highly recommend that GD users upgrade in order to get
well-compressed images in a format which is legally unemcumbered.
+ Version 1.5 featured the following changes:
New GD2 format
Re-arranged source files
Extended I/O capabilities.
Better support for Lincoln Stein's Perl Module
Added functions
+ Version 1.4 features the following changes:
Fixed polygon fill routine (again)
Support for alternate data sources
Support for alternate data destinations
More tolerant when reading GIFs
