X-Spam-Check-By:	sourceware.org
X-Mailer:	21.4 (patch 20) "Double Solitaire" XEmacs Lucid (via feedmail 10 I)
From:	"Dr. Volker Zell" <dr DOT volker DOT zell AT oracle DOT com>
Subject:	[ANNOUNCEMENT] Updated: gd-2.0.34-1/libgd2-2.0.34-1/libgd-devel-2.0.34-1
To:	cygwin AT cygwin DOT com
Date:	Fri, 06 Apr 2007 14:21:36 +0200
Message-Id:	<announce.82slbdy9pr.fsf@vzell-de.de.oracle.com>
MIME-Version:	1.0
Reply-To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id l36CQWaO013646

Hi

A new version of 'gd/libgd2/libgd-devel' has been uploaded to a server near you.


DESCRIPTION:
============
A graphics library for fast image creation.


CYGWIN NEWS:
============

* Update to latest upstream release.

* Cygwin specific patch (shared library support) applied upstream.

* Changed to cygport build framework.

gd NEWS
=======

This is the first release after moving the GD project to its new home: http://www.libgd.org

This release introduces a number of bug and security fixes. Upgrading is strongly recommended.

The most notable fixes are:

 * 32-bit multiplication overflow vulnerabilities along with a number of similar issues. These bugs come into play only when attempting to use images with extremely large dimensions.
 * Memory allocation errors that were not checked. This bug occurred when attempting to allocate an image larger than the available memory. The relevant function now fails gracefully.
 * Multiple issues in the GIF loader. Corrupt gif images would cause a segfault or infinite loop.
 * Malformed or empty PNG image also may have caused segfaults.
 * gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0)
 * Antialiased lines drawn on an images edge caused a segfault. This bug occurred when a line started or ended near the bounds of the image.
 * gdImageFill segfaulted when used with patterns or invalid arguments.
 * gdImageFilledEllipse did not respect transparency. 

Detailed news:
 
 * Initialize variables in tweenColorTest, fix cache
 * gdImageFill, multiple segfaults with patterns or invalid arguments
 * gdImageRectangle draws corners twice
 * GIF Output does use the transparent color with truecolor images
 * Multiple security issues in GIF loader
 * gdIimageCopy doen't use the alpha channel
 * Add autogen and and misc configure/makefile (Lars Hecking)
 * gdImageFilledEllipse does not respect transparency
 * gdImageCreateFromPng*  crashes with empty file
 * gdImageCreateFromPngCrx, initialize the signature buffer not the
   infile
 * leak in jinit_2pass_quantizer (gd_topal.c)
 * Added santiy checks for possible memory allocation errors
 * gdImageCreatePaletteFromTrueColor, later color allocations overwrite
   the palette colors (Rob Leslie)
 * Obscure error on Sun's compiler in entities.tcl
   (John Ellson/Graphviz)
 * gdImageCreate, invalid gdFree call when overflow2 fails
   HWB_Diff, invalid usage of abs instead of fabs
   (Nick Atty)
 * Fixed gdImageCopyMergeGray when used with a true color image
   transparency preservation in gdImageCopyRotated
 * Out of range checks in gdImageSetAAPixelColor
 * gdFontCacheSetup does not stop on error
 * Errors when gdImageStringFTEx is called with an empty string
   (Kevin Scaldeferri)
 * gdft.c, uninitialized variable "charmap" and avoid divide-by-zero
   (John Ellson/Graphviz)
 * DISABLE_THREADS to permit disabling of thread support
   (John Ellson/Graphviz)
 * dynamicGetbuf, sourceGetbuf must return 0 for errors and EOF
 * gdSeek declaration is wrong
 * Windows native makefile (Edin Kadribašić)
 * restores the ability to recognize and handle a font with
 * Adobe-specific character encoding. Added gdFTEX_Adobe_Custom.
 * Shared library support on cygwin (Dr. Volker Zell)
 * Pattern-fill works incorrectly if tile is created via
 * gdImageCreateTruecolor (Ethan Merritt)
 * malformed PNG image crashes  (CRC error)
 * reading some gif images creates infinite loop
 * gdImageFillToBorder crashes when used with alpha
 * possible Buffer overflow in the gdImageStringFTEx function
   in gdft.c (CVE-2007-0455) (Kees Cook)
 

INSTALLATION:
=============
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Save it and run setup, answer the questions and pick up
the above mentioned package from the 'Libs' category.


DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need
to find a mirror which has this update.

These mirrors already got the package, the others will probably have 
the latest version of this package fairly soon:

In the US

       ftp://mirrors.rcn.net/pub/sourceware/cygwin/ 

has reliable high bandwidth connections.


QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing
list is the appropriate place.


CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
=================================
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send
email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-YOU=YOURDOMAIN DOT COM AT cygwin DOT com


Enjoy
  Volker


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -