[SECURITY] Fedora 32 Update: gd-2.3.0-1.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-e795f92d79 2020-03-31 00:15:07.171396 -------------------------------------------------------------------------------- Name : gd Product : Fedora 32 Version : 2.3.0 Release : 1.fc32 URL : http://libgd.github.io/ Summary : A graphics library for quick creation of PNG or JPEG images Description : The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program. -------------------------------------------------------------------------------- Update Information: **Version 2.3.0** - 2020-03-22 **Security** - Potential double-free in gdImage*Ptr(). (CVE-2019-6978) - gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977) - Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038) - Double-free in gdImageBmp. (CVE-2018-1000222) - Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553) - Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711) **Fixed** * Fix #597: add codecov support - Fix #596: gdTransformAffineCopy run error - Fix #589: Install dependencies move to .travis.yml - Fix #586: gdTransformAffineCopy() segfaults on palette images - Fix #585: gdTransformAffineCopy() changes interpolation method - Fix #584: gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent - Fix #583: gdTransformAffineCopy() may use unitialized values - Fix #533: Remove cmake modules - Fix #539: Add RAQM support for cmake - Fix #499: gdImageGifAnimAddPtr: heap corruption with 2 identical images - Fix #486: gdImageCropAuto(���, GD_CROP_SIDES) crops left but not right - Fix #485: auto cropping has insufficient precision - Fix #479: Provide a suitable malloc function to liq - Fix #474: libtiff link returns 404 HTTP code - Fix #450: Failed to open 1 bit per pixel bitmap - Fix #440: new_width & new_height exception handling - Fix #432: gdImageCrop neglecting transparency - Fix #420: Potential infinite loop in gdImageCreateFromGifCtx - Fix #411: gd_gd.c format documentation appears to be incorrect - Fix #369: Fix new_a init error in gdImageConvolution() - Fix #351: gdImageFilledArc() doesn't properly draw pies - Fix #338: Fatal and normal libjpeg/libpng errors not distinguishable - Fix #169: Update var type to hold bigger w&h for ellipse - Fix #164: update doc files install directory in CMakeLists.txt - Correct some test depend errors - Update cmake min version to 3.7 - Delete libimagequant source code download action in CMakeLists.txt - Improve msys support - Fix some logic error in CMakeLists.txt - Remove the following macro: HAVE_STDLIB_H, HAVE_STRING_H, HAVE_STDDEF_H, HAVE_LIMITS_H, HAVE_ERRNO_H, AC_C_CONST ----- **Notice:** * fix for CVE-2018-5711, CVE-2018-1000222, CVE-2019-6977, CVE-2019-6978, and CVE-2018-14553 were already applied in previous packages. * gdlib-config command have been dropped -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2020 Remi Collet <remi(a)remirepo.net&gt; - 2.3.0-1 - update to 2.3.0 - add dependency on libraqm - remove gdlib-config -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-e795f92d79' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------