Upstream Changelog:
Security
gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
double-free in gdImageWebPtr() (CVE-2016-6912)
potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Fixed
Fix#354: Signed Integer Overflow gd_io.c
Fix#340: System frozen
Fix OOB reads of the TGA decompression buffer
Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Fix potential unsigned underflow
Fix double-free in gdImageWebPtr()
Fix invalid read in gdImageCreateFromTiffPtr()
Fix OOB reads of the TGA decompression buffer
Fix#68: gif: buffer underflow reported by AddressSanitizer
Avoid potentially dangerous signed to unsigned conversion
Fix#304: test suite failure in gif/bug00006 [2.2.3]
Fix#329: GD_BILINEAR_FIXED gdImageScale() can cause black border
Fix#330: Integer overflow in gdImageScaleBilinearPalette()
Fix 321: Null pointer dereferences in gdImageRotateInterpolated
Fix whitespace and add missing comment block
Fix#319: gdImageRotateInterpolated can have wrong background color
Fix color quantization documentation
Fix#309: gdImageGd2() writes wrong chunk sizes on boundaries
Fix#307: GD_QUANT_NEUQUANT fails to unset trueColor flag
Fix#300: gdImageClone() assigns res_y = res_x
Fix#299: Regression regarding gdImageRectangle() with gdImageSetThickness()
Replace GNU old-style field designators with C89 compatible initializers
Fix#297: gdImageCrop() converts palette image to truecolor image
Fix#290: TGA RLE decoding is broken
Fix unnecessary non NULL checks
Fix#289: Passing unrecognized formats to gdImageGd2 results in corrupted files
Fix#280: gdImageWebpEx() quantization parameter is a misnomer
Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
Fix issue #276: Sometimes pixels are missing when storing images as BMPs
Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
Fix copy&paste error in gdImageScaleBicubicFixed()
Added
More documentation
Documentation on GD and GD2 formats
More tests
Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga
Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
* improve color check for CropThreshold
Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.
Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Changelog:
GD team proudly announces that the 2.1.1 version of GD Graphics Library
has been released. We have fixed some reported bugs and improved the build
scripts (cmake and configure). See the Changelog files for a full list
with details or CVEs.
This is a recommended update.
Technically this change should bump PKGREVISION (as it changes the
binary package ever so slightly for platforms where the ceill() didn't
cause a build failure) but I'm going to let it slide.
* gdColorMapLookup() answers the RGB values according to given color map
* Added support of variable resolution
* new filter gdImagePixelate()
* merged improvements that PHP GD team had made to GD Graphics Library
* bugfixes
* Fix valgrind error in gdImageFillTiled
* Add missing custom cmake macros
* Avoid signature buffer copy in gd_gif_c
* Race condition in gdImageStringFTEx
* Reading GIF images is not thread safe (static usage in private functions)
* GIF Local palette is read twice
* GIF, Use local frame dimension when possible instead of the logical screen size
* OpenVMS build support, see VMS/README.VMS for the details
* GIF, do not try to use the global colmap if it does not exist
* gdImageAALine draws axis lines with two pixels width
* TTF usage doesn't work properly on Netware
* gdImageArc CPU usage with large angles
* gdImageFilledRectangle regression fixed when used with reversed edges
* Possible infinite loop in libgd/gd_png.c, flaw found by Xavier Roche
* Fixed segfault when an invalid color index is present in a GIF image data
* Possible integer overflow in gdImageCreateTrueColor
* gdImageCreateXbm can crash if gdImageCreate fails
* 32-bit multiplication overflow vulnerabilities along with a number of similar
issues
* Memory allocation errors that were not checked
* Multiple issues in the GIF loader. Corrupt gif images would cause a segfault
or infinite loop
* Malformed or empty PNG image also may have caused segfaults
* gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0)
* Antialiased lines drawn on an images edge caused a segfault
* gdImageFill segfaulted when used with patterns or invalid arguments
* gdImageFilledEllipse did not respect transparency
"The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote
attackers to cause a denial of service (CPU consumption) via malformed
GIF data that causes an infinite loop."
Patch from Xavier Roche via Ubuntu.
* Windows build uses __stdcall calling convention
* Even more complete freetype version checking
* Binary transparency is now handled correctly in gdImageToPalette
* Correction in gdfontl.h
Changes 2.0.24:
* bgd.dll is now compatible with Visual BASIC
* Even more complete freetype version checking
* Binary transparency is now handled correctly in gdImageToPalette
* horizontal and vertical DPI hints can now be given to the freetype font
renderer via the gdFTStringExtra
* several autoconf problems have been addressed
* the current version of freetype is more precisely detected to prevent
FT_ENCODING_SYMBOL-related errors
* a significant bug in gdNewDynamicCtx was fixed
correcting problem with the built-in gd fonts on Unix
Changes 2.0.18:
introduced a conveniently precompiled DLL for Windows programmers
the default separator of alternative truetype font paths is now
a semicolon rather than a space
minor compilation and packaging problem fixed
Changes 2.0.16:
Adds polar coordinate transformation, text on a circle, thread safety
truetype font output, performance optimizations, correct compilation
with the latest versions of freetype, and many fixes
* Add support for FreeType2 (John Ellson ellson@lucent.com)
[not used in the package right now]
* Add support for finding in fonts in a builtin DEFAULT_FONTPATH, or in a path
from the GDFONTPATH environment variable.
* remove some unused symbols to reduce compiler warnings
* bugfix in size comparisons in gdImageCompare
* REXX now mentioned
* All memory allocation functions are now wrapped within the library; gdFree is
exported and recommended for freeing memory returned by the
gdImage(Something)Ptr family of functions.
Based on a package sent to tech-pkg by Adam Ciarcinski.
