GD v2.3.0 Release Notes

Release Date: 2020-03-22 // over 1 year ago
  • ๐Ÿ”’ Security

    • ๐Ÿ†“ Potential double-free in gdImage*Ptr(). (CVE-2019-6978)
    • gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977)
    • Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038)
    • ๐Ÿ†“ Double-free in gdImageBmp. (CVE-2018-1000222)
    • ๐Ÿ‘ฏ Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553)
    • Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix #597: add codecov support

    • ๐Ÿ›  Fix #596: gdTransformAffineCopy run error

    • ๐Ÿ›  Fix #589: Install dependencies move to .travis.yml

    • ๐Ÿ›  Fix #586: gdTransformAffineCopy() segfaults on palette images

    • ๐Ÿ›  Fix #585: gdTransformAffineCopy() changes interpolation method

    • ๐Ÿ›  Fix #584: gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent

    • ๐Ÿ›  Fix #583: gdTransformAffineCopy() may use unitialized values

    • ๐Ÿ›  Fix #533: Remove cmake modules

    • ๐Ÿ›  Fix #539: Add RAQM support for cmake

    • ๐Ÿ›  Fix #499: gdImageGifAnimAddPtr: heap corruption with 2 identical images

    • Fix #486: gdImageCropAuto(โ€ฆ, GD_CROP_SIDES) crops left but not right

    • ๐Ÿ›  Fix #485: auto cropping has insufficient precision

    • ๐Ÿ›  Fix #479: Provide a suitable malloc function to liq

    • ๐Ÿ›  Fix #474: libtiff link returns 404 HTTP code

    • ๐Ÿ›  Fix #450: Failed to open 1 bit per pixel bitmap

    • Fix #440: new_width & new_height exception handling

    • ๐Ÿ›  Fix #432: gdImageCrop neglecting transparency

    • ๐Ÿ›  Fix #420: Potential infinite loop in gdImageCreateFromGifCtx

    • ๐Ÿ›  Fix #411: gd_gd.c format documentation appears to be incorrect

    • ๐Ÿ›  Fix #369: Fix new_a init error in gdImageConvolution()

    • ๐Ÿ›  Fix #351: gdImageFilledArc() doesn't properly draw pies

    • ๐Ÿ›  Fix #338: Fatal and normal libjpeg/libpng errors not distinguishable

    • ๐Ÿ›  Fix #169: Update var type to hold bigger w&h for ellipse

    • ๐Ÿ›  Fix #164: update doc files install directory in CMakeLists.txt

    • โœ… Correct some test depend errors

    • โšก๏ธ Update cmake min version to 3.7

    • โœ‚ Delete libimagequant source code download action in CMakeLists.txt

    • ๐Ÿ‘Œ Improve msys support

    • ๐Ÿ›  Fix some logic error in CMakeLists.txt


    โž• Added

    • โœ… test cases for following API: gdImageCopyResized(), gdImageWebpEx(), gdImageCreateFromGd2PartPtr(), gdImageCloneMatch(), gdImageColorClosestHWB(), gdImageColorMatch(), gdImageStringUp(), gdImageStringUp16(), gdImageString(), gdImageString16(), gdImageCopyMergeGray(), gdImageCopyMerge()

Previous changes from v2.2.5

  • ๐Ÿ”’ Security

    • ๐Ÿ†“ Double-free in gdImagePngPtr(). (CVE-2017-6362)
    • Buffer over-read into uninitialized memory. (CVE-2017-7890)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix #109: XBM reading fails with printed error
    • ๐Ÿ›  Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable
    • ๐Ÿ›  Fix #357: 2.2.4: Segfault in test suite
    • ๐Ÿ›  Fix #386: gdImageGrayScale() may produce colors
    • ๐Ÿ›  Fix #406: webpng -i removes the transparent color
    • ๐Ÿ›  Fix Coverity #155475: Failure to restore alphaBlendingFlag
    • ๐Ÿ›  Fix Coverity #155476: potential resource leak
    • ๐Ÿ›  Fix several build issues and test failures
    • ๐Ÿ›  Fix and reenable optimized support for reading 1 bps TIFFs

    โž• Added

    • ๐Ÿ— The native MSVC buildchain now supports libtiff and most executables