We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series.

Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga

Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
* improve color check for CropThreshold

Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.

1 files changed, 2 insertions, 10 deletions

diff --git a/graphics/gd/options.mk b/graphics/gd/options.mk
index 063b162b2b8..df703e21f23 100644
--- a/graphics/gd/options.mk
+++ b/graphics/gd/options.mk
@@ -1,8 +1,7 @@
-# $NetBSD: options.mk,v 1.4 2015/07/04 16:18:35 joerg Exp $
+# $NetBSD: options.mk,v 1.5 2016/08/02 18:29:21 adam Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.gd
-PKG_SUPPORTED_OPTIONS=	libvpx x11
-PKG_SUGGESTED_OPTIONS=	libvpx
+PKG_SUPPORTED_OPTIONS=	x11
 
 .include "../../mk/bsd.options.mk"
 
@@ -13,10 +12,3 @@ CONFIGURE_ARGS+=	--with-xpm=${BUILDLINK_PREFIX.libXpm}
 .else
 CONFIGURE_ARGS+=	--without-xpm
 .endif
-
-.if !empty(PKG_OPTIONS:Mlibvpx)
-.include "../../multimedia/libvpx/buildlink3.mk"
-CONFIGURE_ARGS+=	--with-vpx=${BUILDLINK_PREFIX.libvpx}
-.else
-CONFIGURE_ARGS+=	--without-vpx
-.endif