This is the mail archive of the cygwin-announce mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Updated: gd-2.0.34-1/libgd2-2.0.34-1/libgd-devel-2.0.34-1


Hi

A new version of 'gd/libgd2/libgd-devel' has been uploaded to a server near you.


DESCRIPTION:
============
A graphics library for fast image creation.


CYGWIN NEWS:
============

* Update to latest upstream release.

* Cygwin specific patch (shared library support) applied upstream.

* Changed to cygport build framework.

gd NEWS
=======

This is the first release after moving the GD project to its new home: http://www.libgd.org

This release introduces a number of bug and security fixes. Upgrading is strongly recommended.

The most notable fixes are:

 * 32-bit multiplication overflow vulnerabilities along with a number of similar issues. These bugs come into play only when attempting to use images with extremely large dimensions.
 * Memory allocation errors that were not checked. This bug occurred when attempting to allocate an image larger than the available memory. The relevant function now fails gracefully.
 * Multiple issues in the GIF loader. Corrupt gif images would cause a segfault or infinite loop.
 * Malformed or empty PNG image also may have caused segfaults.
 * gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0)
 * Antialiased lines drawn on an images edge caused a segfault. This bug occurred when a line started or ended near the bounds of the image.
 * gdImageFill segfaulted when used with patterns or invalid arguments.
 * gdImageFilledEllipse did not respect transparency. 

Detailed news:
 
 * Initialize variables in tweenColorTest, fix cache
 * gdImageFill, multiple segfaults with patterns or invalid arguments
 * gdImageRectangle draws corners twice
 * GIF Output does use the transparent color with truecolor images
 * Multiple security issues in GIF loader
 * gdIimageCopy doen't use the alpha channel
 * Add autogen and and misc configure/makefile (Lars Hecking)
 * gdImageFilledEllipse does not respect transparency
 * gdImageCreateFromPng*  crashes with empty file
 * gdImageCreateFromPngCrx, initialize the signature buffer not the
   infile
 * leak in jinit_2pass_quantizer (gd_topal.c)
 * Added santiy checks for possible memory allocation errors
 * gdImageCreatePaletteFromTrueColor, later color allocations overwrite
   the palette colors (Rob Leslie)
 * Obscure error on Sun's compiler in entities.tcl
   (John Ellson/Graphviz)
 * gdImageCreate, invalid gdFree call when overflow2 fails
   HWB_Diff, invalid usage of abs instead of fabs
   (Nick Atty)
 * Fixed gdImageCopyMergeGray when used with a true color image
   transparency preservation in gdImageCopyRotated
 * Out of range checks in gdImageSetAAPixelColor
 * gdFontCacheSetup does not stop on error
 * Errors when gdImageStringFTEx is called with an empty string
   (Kevin Scaldeferri)
 * gdft.c, uninitialized variable "charmap" and avoid divide-by-zero
   (John Ellson/Graphviz)
 * DISABLE_THREADS to permit disabling of thread support
   (John Ellson/Graphviz)
 * dynamicGetbuf, sourceGetbuf must return 0 for errors and EOF
 * gdSeek declaration is wrong
 * Windows native makefile (Edin Kadribašić)
 * restores the ability to recognize and handle a font with
 * Adobe-specific character encoding. Added gdFTEX_Adobe_Custom.
 * Shared library support on cygwin (Dr. Volker Zell)
 * Pattern-fill works incorrectly if tile is created via
 * gdImageCreateTruecolor (Ethan Merritt)
 * malformed PNG image crashes  (CRC error)
 * reading some gif images creates infinite loop
 * gdImageFillToBorder crashes when used with alpha
 * possible Buffer overflow in the gdImageStringFTEx function
   in gdft.c (CVE-2007-0455) (Kees Cook)
 

INSTALLATION:
=============
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Save it and run setup, answer the questions and pick up
the above mentioned package from the 'Libs' category.


DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need
to find a mirror which has this update.

These mirrors already got the package, the others will probably have 
the latest version of this package fairly soon:

In the US

       ftp://mirrors.rcn.net/pub/sourceware/cygwin/ 

has reliable high bandwidth connections.


QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing
list is the appropriate place.


CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
=================================
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send
email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-YOU=YOURDOMAIN.COM@cygwin.com


Enjoy
  Volker


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]