Age | Commit message (Collapse) | Author | Files | Lines |
|
Security
* Double-free in gdImagePngPtr(). (CVE-2017-6362)
* Buffer over-read into uninitialized memory. (CVE-2017-7890)
Fixed
* Fix 109: XBM reading fails with printed error
* Fix 338: Fatal and normal libjpeg/ibpng errors not distinguishable
* Fix 357: 2.2.4: Segfault in test suite
* Fix 386: gdImageGrayScale() may produce colors
* Fix 406: webpng -i removes the transparent color
* Fix Coverity 155475: Failure to restore alphaBlendingFlag
* Fix Coverity 155476: potential resource leak
* Fix several build issues and test failures
* Fix and reenable optimized support for reading 1 bps TIFFs
Added
* The native MSVC buildchain now supports libtiff and most executables
|
|
vulnerabilities. Still enabled by default, as before. Ok by wiz@.
Fixes PR pkg/52148 and adds tiff to PKG_SUGGESTED_OPTIONS.
|
|
|
|
Include limits.h to use INT_MAX.
|
|
Upstream Changelog:
Security
gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
double-free in gdImageWebPtr() (CVE-2016-6912)
potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Fixed
Fix #354: Signed Integer Overflow gd_io.c
Fix #340: System frozen
Fix OOB reads of the TGA decompression buffer
Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Fix potential unsigned underflow
Fix double-free in gdImageWebPtr()
Fix invalid read in gdImageCreateFromTiffPtr()
Fix OOB reads of the TGA decompression buffer
Fix #68: gif: buffer underflow reported by AddressSanitizer
Avoid potentially dangerous signed to unsigned conversion
Fix #304: test suite failure in gif/bug00006 [2.2.3]
Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border
Fix #330: Integer overflow in gdImageScaleBilinearPalette()
Fix 321: Null pointer dereferences in gdImageRotateInterpolated
Fix whitespace and add missing comment block
Fix #319: gdImageRotateInterpolated can have wrong background color
Fix color quantization documentation
Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag
Fix #300: gdImageClone() assigns res_y = res_x
Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()
Replace GNU old-style field designators with C89 compatible initializers
Fix #297: gdImageCrop() converts palette image to truecolor image
Fix #290: TGA RLE decoding is broken
Fix unnecessary non NULL checks
Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files
Fix #280: gdImageWebpEx() quantization parameter is a misnomer
Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
Fix issue #276: Sometimes pixels are missing when storing images as BMPs
Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
Fix copy&paste error in gdImageScaleBicubicFixed()
Added
More documentation
Documentation on GD and GD2 formats
More tests
|
|
Bump PKGREVISION.
|
|
|
|
|
|
consistent). Another important milestone in the GD 2.2 series.
Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga
Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
* improve color check for CropThreshold
Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.
|
|
|
|
Bump PKGREVISION.
|
|
|
|
Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
bump PKGREVISION
|
|
|
|
Changelog:
GD team proudly announces that the 2.1.1 version of GD Graphics Library
has been released. We have fixed some reported bugs and improved the build
scripts (cmake and configure). See the Changelog files for a full list
with details or CVEs.
This is a recommended update.
|
|
|
|
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
|
|
|
|
|
|
|
|
Based on patch by Thomas Orgis on pkgsrc-users.
|
|
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
|
|
Technically this change should bump PKGREVISION (as it changes the
binary package ever so slightly for platforms where the ceill() didn't
cause a build failure) but I'm going to let it slide.
|
|
|
|
|
|
|
|
use of HTTPS.
|
|
* gdColorMapLookup() answers the RGB values according to given color map
* Added support of variable resolution
* new filter gdImagePixelate()
* merged improvements that PHP GD team had made to GD Graphics Library
* bugfixes
|
|
Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.
|
|
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
|
|
|
|
|
|
are called p5-*.
I hope that's all of them.
|
|
|
|
|
|
support could not be switched off once enabled
(could make a difference for gnuplot but I couldn't find a testcase yet)
|
|
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
|
|
executable. If it does, it will override the Pkgsrc version, but fail to
configure, and fail to build in PNG support.
Bump PKGREVISION - previous revision may install for some without PNG APIs
intact.
|
|
Also add some patches to remove use of deprecated symbols and fix other
problems when looking for or compiling against libpng-1.4.x.
|
|
|
|
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
Bump PKGREVISION.
(This fix is for php5 only and I don't know about php4.)
|
|
|