libgd/CHANGELOG.md

# Change Log
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).

## [2.3.1] - 2021-01-30

### Fixed

- Fix potential integer overflow detected by oss-fuzz
- Fix #615 using libraqm
- Fix #303: gdlib.pc: use Requires instead of Libs (#537)
- Fixed #472: Adjusting CMakeLists.txt (#582)
- Fix #615: gdImageStringFT() fails for empty strings as of libgd 2.3.0 (#633)
- Fix typo but preserve BC
- Compute average in gdGuessBackgroundColorFromCorners properly (#483)
- CMakeLists.txt: zlib is enabled implicitly
- src/config.h.cmake: replace #cmakedefine01 with #define in macro ENABLE_GD_FOORMATS (#622)
- gdlib.pc: use prefixes for pkgconfig file
- cmake: remove required host includes (#617)
- Move initial declaration out of `for` loop
- distribute getlib script
- Make gd_nnquant.c less likely to introduce duplicate definitions (#601)
- webp: support pkg-config file
- gd_io: replace internal Putchar with gdPutC
- gd_io: trim unused Putword function

### Added

- Add REQUIRED to FIND_PACKAGE(ZLIB)
- README: add some libraries info (#631)
- VMS/README.VMS: Add dropping support information (#614)

## [2.3.0] - 2020-03-22

### Security

- Potential double-free in gdImage*Ptr(). (CVE-2019-6978)
- gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977)
- Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038)
- Double-free in gdImageBmp. (CVE-2018-1000222)
- Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553)
- Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711)

### Fixed

* Fix #597: add codecov support

- Fix #596: gdTransformAffineCopy run error

- Fix #589: Install dependencies move to .travis.yml

- Fix #586: gdTransformAffineCopy() segfaults on palette images
- Fix #585: gdTransformAffineCopy() changes interpolation method
- Fix #584: gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent
- Fix #583: gdTransformAffineCopy() may use unitialized values
- Fix #533: Remove cmake modules
- Fix #539: Add RAQM support for cmake
- Fix #499: gdImageGifAnimAddPtr: heap corruption with 2 identical images
- Fix #486: gdImageCropAuto(…, GD_CROP_SIDES) crops left but not right
- Fix #485: auto cropping has insufficient precision
- Fix #479: Provide a suitable malloc function to liq
- Fix #474: libtiff link returns 404 HTTP code
- Fix #450: Failed to open 1 bit per pixel bitmap
- Fix #440: new_width & new_height exception handling
- Fix #432: gdImageCrop neglecting transparency
- Fix #420: Potential infinite loop in gdImageCreateFromGifCtx
- Fix #411: gd_gd.c format documentation appears to be incorrect
- Fix #369: Fix new_a init error in gdImageConvolution()
- Fix #351: gdImageFilledArc() doesn't properly draw pies
- Fix #338: Fatal and normal libjpeg/libpng errors not distinguishable
- Fix #169: Update var type to hold bigger w&h for ellipse
- Fix #164: update doc files install directory in CMakeLists.txt
- Correct some test depend errors
- Update cmake min version to 3.7
- Delete libimagequant source code download action in CMakeLists.txt
- Improve msys support
- Fix some logic error in CMakeLists.txt
- Remove the following macro: HAVE_STDLIB_H, HAVE_STRING_H, HAVE_STDDEF_H, HAVE_LIMITS_H, HAVE_ERRNO_H, AC_C_CONST

### Added

- test cases for following API: gdImageCopyResized(), gdImageWebpEx(), gdImageCreateFromGd2PartPtr(),  gdImageCloneMatch(), gdImageColorClosestHWB(), gdImageColorMatch(), gdImageStringUp(), gdImageStringUp16(), gdImageString(), gdImageString16(), gdImageCopyMergeGray(), gdImageCopyMerge()

## [2.2.5] - 2017-08-30

### Security
- Double-free in gdImagePngPtr(). (CVE-2017-6362)
- Buffer over-read into uninitialized memory. (CVE-2017-7890)

### Fixed
- Fix #109: XBM reading fails with printed error
- Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable
- Fix #357: 2.2.4: Segfault in test suite
- Fix #386: gdImageGrayScale() may produce colors
- Fix #406: webpng -i removes the transparent color
- Fix Coverity #155475: Failure to restore alphaBlendingFlag
- Fix Coverity #155476: potential resource leak
- Fix several build issues and test failures
- Fix and reenable optimized support for reading 1 bps TIFFs

### Added
- The native MSVC buildchain now supports libtiff and most executables

## [2.2.4] - 2017-01-18

### Security
- gdImageCreate() doesn't check for oversized images and as such is
  prone to DoS vulnerabilities. (CVE-2016-9317)
- double-free in gdImageWebPtr() (CVE-2016-6912)
- potential unsigned underflow in gd_interpolation.c
- DOS vulnerability in gdImageCreateFromGd2Ctx()

### Fixed
- Fix #354: Signed Integer Overflow gd_io.c
- Fix #340: System frozen
- Fix OOB reads of the TGA decompression buffer
- Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
- Fix potential unsigned underflow
- Fix double-free in gdImageWebPtr()
- Fix invalid read in gdImageCreateFromTiffPtr()
- Fix OOB reads of the TGA decompression buffer
- Fix #68: gif: buffer underflow reported by AddressSanitizer
- Avoid potentially dangerous signed to unsigned conversion
- Fix #304: test suite failure in gif/bug00006 [2.2.3]
- Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border
- Fix #330: Integer overflow in gdImageScaleBilinearPalette()
- Fix 321: Null pointer dereferences in gdImageRotateInterpolated
- Fix whitespace and add missing comment block
- Fix #319: gdImageRotateInterpolated can have wrong background color
- Fix color quantization documentation
- Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
- Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag
- Fix #300: gdImageClone() assigns res_y = res_x
- Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()
- Replace GNU old-style field designators with C89 compatible initializers
- Fix #297: gdImageCrop() converts palette image to truecolor image
- Fix #290: TGA RLE decoding is broken
- Fix unnecessary non NULL checks
- Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files
- Fix #280: gdImageWebpEx() `quantization` parameter is a misnomer
- Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
- Fix issue #276: Sometimes pixels are missing when storing images as BMPs
- Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
- Fix copy&paste error in gdImageScaleBicubicFixed()

### Added
- More documentation
- Documentation on GD and GD2 formats
- More tests
Add http://keepachangelog.com/ based changelog for 2.2.4 (MarkDown based) 2017-01-05 02:59:59 -08:00			`# Change Log`
			`All notable changes to this project will be documented in this file.`

			`The format is based on [Keep a Changelog](http://keepachangelog.com/)`
			`and this project adheres to [Semantic Versioning](http://semver.org/).`

release-2.3.1 (#668) 2021-01-29 23:16:05 -08:00			`## [2.3.1] - 2021-01-30`

			`### Fixed`

			`- Fix potential integer overflow detected by oss-fuzz`
			`- Fix #615 using libraqm`
			`- Fix #303: gdlib.pc: use Requires instead of Libs (#537)`
			`- Fixed #472: Adjusting CMakeLists.txt (#582)`
			`- Fix #615: gdImageStringFT() fails for empty strings as of libgd 2.3.0 (#633)`
			`- Fix typo but preserve BC`
			`- Compute average in gdGuessBackgroundColorFromCorners properly (#483)`
			`- CMakeLists.txt: zlib is enabled implicitly`
			`- src/config.h.cmake: replace #cmakedefine01 with #define in macro ENABLE_GD_FOORMATS (#622)`
			`- gdlib.pc: use prefixes for pkgconfig file`
			`- cmake: remove required host includes (#617)`
			- Move initial declaration out of `for` loop
			`- distribute getlib script`
			`- Make gd_nnquant.c less likely to introduce duplicate definitions (#601)`
			`- webp: support pkg-config file`
			`- gd_io: replace internal Putchar with gdPutC`
			`- gd_io: trim unused Putword function`

			`### Added`

			`- Add REQUIRED to FIND_PACKAGE(ZLIB)`
			`- README: add some libraries info (#631)`
			`- VMS/README.VMS: Add dropping support information (#614)`

CHANGELOG.md: Update release date 2020-03-22 02:48:54 -07:00			`## [2.3.0] - 2020-03-22`
Update CHNAGELOG.md 2020-03-21 00:38:12 -07:00
			`### Security`

			`- Potential double-free in gdImage*Ptr(). (CVE-2019-6978)`
			`- gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977)`
			`- Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038)`
			`- Double-free in gdImageBmp. (CVE-2018-1000222)`
			`- Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553)`
			`- Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711)`

			`### Fixed`

			`* Fix #597: add codecov support`

			`- Fix #596: gdTransformAffineCopy run error`

			`- Fix #589: Install dependencies move to .travis.yml`

			`- Fix #586: gdTransformAffineCopy() segfaults on palette images`
			`- Fix #585: gdTransformAffineCopy() changes interpolation method`
			`- Fix #584: gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent`
			`- Fix #583: gdTransformAffineCopy() may use unitialized values`
			`- Fix #533: Remove cmake modules`
			`- Fix #539: Add RAQM support for cmake`
			`- Fix #499: gdImageGifAnimAddPtr: heap corruption with 2 identical images`
			`- Fix #486: gdImageCropAuto(…, GD_CROP_SIDES) crops left but not right`
			`- Fix #485: auto cropping has insufficient precision`
			`- Fix #479: Provide a suitable malloc function to liq`
			`- Fix #474: libtiff link returns 404 HTTP code`
			`- Fix #450: Failed to open 1 bit per pixel bitmap`
			`- Fix #440: new_width & new_height exception handling`
			`- Fix #432: gdImageCrop neglecting transparency`
			`- Fix #420: Potential infinite loop in gdImageCreateFromGifCtx`
			`- Fix #411: gd_gd.c format documentation appears to be incorrect`
			`- Fix #369: Fix new_a init error in gdImageConvolution()`
			`- Fix #351: gdImageFilledArc() doesn't properly draw pies`
			`- Fix #338: Fatal and normal libjpeg/libpng errors not distinguishable`
			`- Fix #169: Update var type to hold bigger w&h for ellipse`
			`- Fix #164: update doc files install directory in CMakeLists.txt`
			`- Correct some test depend errors`
			`- Update cmake min version to 3.7`
			`- Delete libimagequant source code download action in CMakeLists.txt`
			`- Improve msys support`
			`- Fix some logic error in CMakeLists.txt`
			`- Remove the following macro: HAVE_STDLIB_H, HAVE_STRING_H, HAVE_STDDEF_H, HAVE_LIMITS_H, HAVE_ERRNO_H, AC_C_CONST`

			`### Added`

			`- test cases for following API: gdImageCopyResized(), gdImageWebpEx(), gdImageCreateFromGd2PartPtr(), gdImageCloneMatch(), gdImageColorClosestHWB(), gdImageColorMatch(), gdImageStringUp(), gdImageStringUp16(), gdImageString(), gdImageString16(), gdImageCopyMergeGray(), gdImageCopyMerge()`

			`## [2.2.5] - 2017-08-30`

			`### Security`
			`- Double-free in gdImagePngPtr(). (CVE-2017-6362)`
			`- Buffer over-read into uninitialized memory. (CVE-2017-7890)`

			`### Fixed`
			`- Fix #109: XBM reading fails with printed error`
			`- Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable`
			`- Fix #357: 2.2.4: Segfault in test suite`
			`- Fix #386: gdImageGrayScale() may produce colors`
			`- Fix #406: webpng -i removes the transparent color`
			`- Fix Coverity #155475: Failure to restore alphaBlendingFlag`
			`- Fix Coverity #155476: potential resource leak`
			`- Fix several build issues and test failures`
			`- Fix and reenable optimized support for reading 1 bps TIFFs`

			`### Added`
			`- The native MSVC buildchain now supports libtiff and most executables`

			`## [2.2.4] - 2017-01-18`

			`### Security`
			`- gdImageCreate() doesn't check for oversized images and as such is`
			`prone to DoS vulnerabilities. (CVE-2016-9317)`
			`- double-free in gdImageWebPtr() (CVE-2016-6912)`
			`- potential unsigned underflow in gd_interpolation.c`
			`- DOS vulnerability in gdImageCreateFromGd2Ctx()`
Add http://keepachangelog.com/ based changelog for 2.2.4 (MarkDown based) 2017-01-05 02:59:59 -08:00
			`### Fixed`
			`- Fix #354: Signed Integer Overflow gd_io.c`
			`- Fix #340: System frozen`
			`- Fix OOB reads of the TGA decompression buffer`
			`- Fix DOS vulnerability in gdImageCreateFromGd2Ctx()`
			`- Fix potential unsigned underflow`
			`- Fix double-free in gdImageWebPtr()`
			`- Fix invalid read in gdImageCreateFromTiffPtr()`
			`- Fix OOB reads of the TGA decompression buffer`
			`- Fix #68: gif: buffer underflow reported by AddressSanitizer`
			`- Avoid potentially dangerous signed to unsigned conversion`
			`- Fix #304: test suite failure in gif/bug00006 [2.2.3]`
			`- Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border`
			`- Fix #330: Integer overflow in gdImageScaleBilinearPalette()`
			`- Fix 321: Null pointer dereferences in gdImageRotateInterpolated`
			`- Fix whitespace and add missing comment block`
			`- Fix #319: gdImageRotateInterpolated can have wrong background color`
			`- Fix color quantization documentation`
			`- Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries`
			`- Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag`
			`- Fix #300: gdImageClone() assigns res_y = res_x`
			`- Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()`
			`- Replace GNU old-style field designators with C89 compatible initializers`
			`- Fix #297: gdImageCrop() converts palette image to truecolor image`
			`- Fix #290: TGA RLE decoding is broken`
			`- Fix unnecessary non NULL checks`
			`- Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files`
			- Fix #280: gdImageWebpEx() `quantization` parameter is a misnomer
			`- Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()`
			`- Fix issue #276: Sometimes pixels are missing when storing images as BMPs`
			`- Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts`
			`- Fix copy&paste error in gdImageScaleBicubicFixed()`

			`### Added`
			`- More documentation`
			`- Documentation on GD and GD2 formats`
			`- More tests`