Hello community,

here is the log from the commit of package gd for openSUSE:Factory checked in 
at 2017-08-10 13:43:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gd (Old)
 and      /work/SRC/openSUSE:Factory/.gd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gd"

Thu Aug 10 13:43:23 2017 rev:44 rq:511835 version:2.2.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/gd/gd.changes    2016-12-13 19:32:31.237931443 
+0100
+++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes       2017-08-10 
13:43:25.518694184 +0200
@@ -1,0 +2,25 @@
+Fri Jul 21 11:29:06 UTC 2017 - tchva...@suse.com
+
+- Add patch gd-rounding.patch
+- Set again the cflags so other archs do not fail testsuite
+
+-------------------------------------------------------------------
+Fri Jul  7 10:54:11 UTC 2017 - tchva...@suse.com
+
+- Version update to 2.2.4:
+  * gdImageCreate() doesn't check for oversized images and as such is prone
+    to DoS vulnerabilities. (CVE-2016-9317) bsc#1022283
+  * double-free in gdImageWebPtr() (CVE-2016-6912) bsc#1022284
+  * potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
+    bsc#1022263
+  * DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
+    bsc#1022264
+  * Signed Integer Overflow gd_io.c (CVE-2016-10168) bsc#1022265
+- Remove patches merged/obsoleted by upstream:
+  * gd-config.patch
+  * gd-disable-freetype27-failed-tests.patch
+  * gd-test-unintialized-var.patch
+- Add patch gd-freetype.patch taking patch from upstream for
+  freetype 2.7
+
+-------------------------------------------------------------------

Old:
----
  gd-config.patch
  gd-disable-freetype27-failed-tests.patch
  gd-test-unintialized-var.patch
  libgd-2.2.3.tar.xz

New:
----
  gd-freetype.patch
  gd-rounding.patch
  libgd-2.2.4.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gd.spec ++++++
--- /var/tmp/diff_new_pack.YuPG2i/_old  2017-08-10 13:43:26.842507831 +0200
+++ /var/tmp/diff_new_pack.YuPG2i/_new  2017-08-10 13:43:26.854506142 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package gd
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,11 +17,9 @@
 
 
 %define prjname libgd
-
 %define lname libgd3
-
 Name:           gd
-Version:        2.2.3
+Version:        2.2.4
 Release:        0
 Summary:        A Drawing Library for Programs That Use PNG and JPEG Output
 License:        MIT
@@ -29,35 +27,31 @@
 Url:            https://libgd.github.io/
 Source:         
https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz
 Source1:        baselibs.conf
-# to be upstreamed, gdlib-config --libs to return the same as pkg-config 
--libs gdlib
-Patch0:         gd-config.patch
 # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 
font dir)
 Patch1:         gd-fontpath.patch
 # could be upstreamed, but not in this form (need ac check for attribute 
format printf, etc.)
 Patch2:         gd-format.patch
 # could be upstreamed
 Patch3:         gd-aliasing.patch
-# PATCH-FIX-UPSTREAM gd-disable-freetype27-failed-tests.patch 
gh#libgd/libgd#302 badshah...@gmail.com -- Disable for now tests failing 
against freetype >= 2.7 for being too exact.
-Patch5:         gd-disable-freetype27-failed-tests.patch
-# PATCH-FIX-UPSTREAM gd-test-unintialized-var.patch badshah...@gmail.com -- 
Initialise a variable in tests/gd2/gd2_read.c to 0 to prevent it from failing 
to compile with -Werror (only causes problems in no ix86 arch surprisingly); 
patch sent upstream
-Patch6:         gd-test-unintialized-var.patch
-BuildRequires:  autoconf
-BuildRequires:  automake
-BuildRequires:  fontconfig-devel
-BuildRequires:  freetype2-devel
+# PATCH-FIX-UPSTREAM: build with newer freetype
+Patch4:         gd-freetype.patch
+# PATCH-FIX-UPSTREAM: fix testfailure on 32b platforms
+Patch5:         gd-rounding.patch
+# needed for tests
+BuildRequires:  dejavu
 BuildRequires:  libjpeg-devel
 BuildRequires:  libpng-devel
-BuildRequires:  libtiff-devel
-BuildRequires:  libtool
-BuildRequires:  libwebp-devel
-BuildRequires:  pkg-config
-BuildRequires:  xorg-x11-libX11-devel
-BuildRequires:  xorg-x11-libXau-devel
-BuildRequires:  xorg-x11-libXdmcp-devel
-BuildRequires:  xorg-x11-libXpm-devel
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(fontconfig)
+BuildRequires:  pkgconfig(freetype2)
+BuildRequires:  pkgconfig(libtiff-4)
+BuildRequires:  pkgconfig(libwebp)
+BuildRequires:  pkgconfig(x11)
+BuildRequires:  pkgconfig(xau)
+BuildRequires:  pkgconfig(xdmcp)
+BuildRequires:  pkgconfig(xpm)
 Provides:       gdlib = %{version}
 Obsoletes:      gdlib < %{version}
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 Gd allows your code to quickly draw images complete with lines, arcs,
@@ -65,11 +59,11 @@
 and flood fills. It outputs PNG, JPEG, and WBMP (for wireless devices)
 and is supported by PHP.
 
-%package -n %lname
+%package -n %{lname}
 Summary:        A Drawing Library for Programs That Use PNG and JPEG Output
 Group:          System/Libraries
 
-%description -n %lname
+%description -n %{lname}
 Gd allows your code to quickly draw images complete with lines, arcs,
 text, and multiple colors. It supports cut and paste from other images
 and flood fills. It outputs PNG, JPEG, and WBMP (for wireless devices)
@@ -78,13 +72,17 @@
 %package devel
 Summary:        Drawing Library for Programs with PNG and JPEG Output
 Group:          Development/Libraries/C and C++
-Requires:       %lname = %{version}
+Requires:       %{lname} = %{version}
 Requires:       glibc-devel
+Requires:       libjpeg-devel
 Requires:       libpng-devel
-Requires:       libtiff-devel
-Requires:       libvpx-devel
-Requires:       libwebp-devel
-Requires:       zlib-devel
+Requires:       pkgconfig(libtiff-4)
+Requires:       pkgconfig(libwebp)
+Requires:       pkgconfig(libwebpdecoder)
+Requires:       pkgconfig(libwebpdemux)
+Requires:       pkgconfig(libwebpmux)
+Requires:       pkgconfig(vpx)
+Requires:       pkgconfig(zlib)
 
 %description devel
 gd allows code to quickly draw images complete with lines, arcs, text,
@@ -95,53 +93,56 @@
 
 %prep
 %setup -q -n %{prjname}-%{version}
-%patch0
 %patch1
 %patch2
 %patch3
+%patch4 -p1
 %patch5 -p1
-%patch6 -p1
 
 %build
-autoreconf -fiv
-
 # ADDITIONAL CFLAGS ARE NEEDED TO FIX TEST FAILURES IN CASE OF i586, BUT 
HARMLESS TO APPLY GENERALLY FOR ALL ix86
 %ifarch %{ix86}
-export CFLAGS="%optflags -msse -mfpmath=sse"
+export CFLAGS="%{optflags} -msse -mfpmath=sse"
 %else
 %ifnarch x86_64
-export CFLAGS="%optflags -ffp-contract=off"
+export CFLAGS="%{optflags} -ffp-contract=off"
 %endif
 %endif
 
 # without-x -- useless switch which just mangles cflags
 %configure \
+       --disable-silent-rules \
+       --disable-werror \
+       --without-liq \
        --without-x \
        --with-fontconfig \
        --with-freetype \
        --with-jpeg \
        --with-png \
        --with-xpm \
-       --disable-static \
-       --with-pic
-
+       --with-webp \
+       --with-zlib \
+       --disable-static
 make %{?_smp_mflags}
 
 %check
+%ifarch %{ix86}
+# See https://github.com/libgd/libgd/issues/359
+XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS"
+%endif
+export XFAIL_TESTS
 make check %{?_smp_mflags}
 
 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+%make_install
 
 find %{buildroot} -type f -name "*.la" -delete -print
 
-%post -n %lname -p /sbin/ldconfig
-
-%postun -n %lname -p /sbin/ldconfig
+%post -n %{lname} -p /sbin/ldconfig
+%postun -n %{lname} -p /sbin/ldconfig
 
 %files
-%defattr(-,root,root)
-%doc COPYING NEWS examples
+%doc COPYING
 %{_bindir}/annotate
 %{_bindir}/bdftogd
 %{_bindir}/gd2copypal
@@ -155,13 +156,11 @@
 %{_bindir}/pngtogd2
 %{_bindir}/webpng
 
-%files -n %lname
-%defattr(-,root,root)
+%files -n %{lname}
 %doc COPYING
 %{_libdir}/*.so.*
 
 %files devel
-%defattr(-,root,root)
 %doc COPYING
 %{_bindir}/gdlib-config
 %{_includedir}/*

++++++ gd-freetype.patch ++++++
>From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecke...@gmx.de>
Date: Sun, 29 Jan 2017 17:07:50 +0100
Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7

Actually, the test failures are not necessarily related to freetype
2.7, but rather are caused by subpixel hinting which is enabled by
default in freetype 2.7. Subpixel hinting is, however, already
available in freetype 2.5 and in versions having the "Infinality"
patch.

To get the expected results in all environments, we have to disable
subpixel hinting, what is easily done by setting a respective
environment variable.

See also:
* https://www.freetype.org/freetype2/docs/subpixel-hinting.html
* https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html
---
 tests/freetype/bug00132.c                    | 3 +++
 tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c
index 713dd2d0..42ed5b17 100644
--- a/tests/freetype/bug00132.c
+++ b/tests/freetype/bug00132.c
@@ -11,6 +11,9 @@ int main()
        char *path;
        char *ret = NULL;
 
+       /* disable subpixel hinting */
+       putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
+
        im = gdImageCreateTrueColor(50, 30);
 
        if (!im) {
diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c 
b/tests/gdimagestringft/gdimagestringft_bbox.c
index 0161ec81..1596a9e7 100644
--- a/tests/gdimagestringft/gdimagestringft_bbox.c
+++ b/tests/gdimagestringft/gdimagestringft_bbox.c
@@ -38,6 +38,9 @@ int main()
        int error = 0;
        FILE *fp;
 
+       /* disable subpixel hinting */
+       putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
+
        path = gdTestFilePath("freetype/DejaVuSans.ttf");
        im = gdImageCreate(800, 800);
        gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for 
background color */
++++++ gd-rounding.patch ++++++
>From b7b66ea1ea9191b5bf1c2fdc9c7915c9ba69c4bb Mon Sep 17 00:00:00 2001
From: Remi Collet <fed...@famillecollet.com>
Date: Fri, 22 Jul 2016 08:14:12 +0200
Subject: [PATCH] Fix gd2/gd2_read.c:8:6: error: 'error' may be used
 uninitialized in this function [-Werror=maybe-uninitialized]

Also report about any error, not only the last one.

(cherry picked from commit 2b3dd57a6ccb2940f2e9119ae04e14362e2a1f61)
---
 tests/gd2/gd2_read.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/tests/gd2/gd2_read.c b/tests/gd2/gd2_read.c
index 94fe069f..8ce8bd15 100644
--- a/tests/gd2/gd2_read.c
+++ b/tests/gd2/gd2_read.c
@@ -5,7 +5,7 @@
 
 int main(int argc, char *argv[])
 {
-       int error, i = 0;
+       int error = 0, i = 0;
        gdImagePtr im, exp;
        FILE *fp;
        char *path[] = {
@@ -40,8 +40,6 @@ int main(int argc, char *argv[])
                                gdTestErrorMsg("image %s differs from expected 
result\n", path[i]);
                                gdImageDestroy(im);
                                error = 1;
-                       } else {
-                               error = 0;
                        }
                        if (exp) {
                                gdImageDestroy(exp);
@@ -52,8 +50,6 @@ int main(int argc, char *argv[])
                                gdTestErrorMsg("image %s should have failed to 
be loaded\n", path[i]);
                                gdImageDestroy(im);
                                error = 1;
-                       } else {
-                               error = 0;
                        }
                }
                i++;
++++++ libgd-2.2.3.tar.xz -> libgd-2.2.4.tar.xz ++++++
++++ 41869 lines of diff (skipped)


Reply via email to