Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2020-08-14 09:30:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gd" Fri Aug 14 09:30:37 2020 rev:54 rq:825730 version:2.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gd/gd.changes 2020-03-06 21:25:56.617504007 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new.3399/gd.changes 2020-08-14 09:30:54.172323810 +0200 @@ -1,0 +2,62 @@ +Sun Aug 9 20:39:07 UTC 2020 - Matthias Eliasson <[email protected]> + +- Version update to 2.3.0: + ### Security + - Potential double-free in gdImage*Ptr(). (CVE-2019-6978) + - gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977) + - Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038) + - Double-free in gdImageBmp. (CVE-2018-1000222) + - Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553) + - Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711) + ### Fixed + - Fix #597: add codecov support + - Fix #596: gdTransformAffineCopy run error + - Fix #589: Install dependencies move to .travis.yml + - Fix #586: gdTransformAffineCopy() segfaults on palette images + - Fix #585: gdTransformAffineCopy() changes interpolation method + - Fix #584: gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent + - Fix #583: gdTransformAffineCopy() may use unitialized values + - Fix #533: Remove cmake modules + - Fix #539: Add RAQM support for cmake + - Fix #499: gdImageGifAnimAddPtr: heap corruption with 2 identical images + - Fix #486: gdImageCropAuto(…, GD_CROP_SIDES) crops left but not right + - Fix #485: auto cropping has insufficient precision + - Fix #479: Provide a suitable malloc function to liq + - Fix #474: libtiff link returns 404 HTTP code + - Fix #450: Failed to open 1 bit per pixel bitmap + - Fix #440: new_width & new_height exception handling + - Fix #432: gdImageCrop neglecting transparency + - Fix #420: Potential infinite loop in gdImageCreateFromGifCtx + - Fix #411: gd_gd.c format documentation appears to be incorrect + - Fix #369: Fix new_a init error in gdImageConvolution() + - Fix #351: gdImageFilledArc() doesn't properly draw pies + - Fix #338: Fatal and normal libjpeg/libpng errors not distinguishable + - Fix #169: Update var type to hold bigger w&h for ellipse + - Fix #164: update doc files install directory in CMakeLists.txt + - Correct some test depend errors + - Update cmake min version to 3.7 + - Delete libimagequant source code download action in CMakeLists.txt + - Improve msys support + - Fix some logic error in CMakeLists.txt + - Remove the following macro: HAVE_STDLIB_H, HAVE_STRING_H, HAVE_STDDEF_H, + HAVE_LIMITS_H, HAVE_ERRNO_H, AC_C_CONST + ### Added + - test cases for following API: gdImageCopyResized(), gdImageWebpEx(), + gdImageCreateFromGd2PartPtr(), gdImageCloneMatch(), + gdImageColorClosestHWB(), gdImageColorMatch(), gdImageStringUp(), + gdImageStringUp16(), gdImageString(), gdImageString16(), + gdImageCopyMergeGray(), gdImageCopyMerge() +- Drop CVE patches now fixed upstream: + - gd-CVE-2018-1000222.patch + - gd-CVE-2018-14553.patch + - gd-CVE-2018-5711.patch + - gd-CVE-2019-11038.patch + - gd-CVE-2019-6977.patch + - gd-CVE-2019-6978.patch +- Drop patch: libgd-config.patch since upstream have dropped libgd-config binary +- Run spec-cleaner + + Remove package groups + + use license macro + + use make macros + +------------------------------------------------------------------- Old: ---- gd-CVE-2018-1000222.patch gd-CVE-2018-14553.patch gd-CVE-2018-5711.patch gd-CVE-2019-11038.patch gd-CVE-2019-6977.patch gd-CVE-2019-6978.patch libgd-2.2.5.tar.xz libgd-config.patch New: ---- libgd-2.3.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gd.spec ++++++ --- /var/tmp/diff_new_pack.u5SWm7/_old 2020-08-14 09:30:55.876324683 +0200 +++ /var/tmp/diff_new_pack.u5SWm7/_new 2020-08-14 09:30:55.876324683 +0200 @@ -19,11 +19,10 @@ %define prjname libgd %define lname libgd3 Name: gd -Version: 2.2.5 +Version: 2.3.0 Release: 0 Summary: A Drawing Library for Programs That Use PNG and JPEG Output License: MIT -Group: System/Libraries URL: https://libgd.github.io/ Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source1: baselibs.conf @@ -33,15 +32,6 @@ Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -Patch4: gd-CVE-2018-5711.patch -Patch5: libgd-config.patch -Patch6: gd-CVE-2018-1000222.patch -Patch7: gd-CVE-2019-6978.patch -Patch8: gd-CVE-2019-6977.patch -# CVE-2019-11038 [bsc#1140118] -Patch9: gd-CVE-2019-11038.patch -# CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() -Patch10: gd-CVE-2018-14553.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -64,7 +54,6 @@ %package -n %{lname} Summary: A Drawing Library for Programs That Use PNG and JPEG Output # change order while installing a split library -Group: System/Libraries Obsoletes: gd < 2.2.3 Conflicts: gd < 2.2.3 @@ -76,7 +65,6 @@ %package devel Summary: Drawing Library for Programs with PNG and JPEG Output -Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} Requires: glibc-devel @@ -92,13 +80,6 @@ %patch1 %patch2 %patch3 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 chmod 644 COPYING %build @@ -125,7 +106,7 @@ --with-webp \ --with-zlib \ --disable-static -make %{?_smp_mflags} +%make_build %check %if !0%{?sle_version} || 0%{?sle_version} < 150000 @@ -137,7 +118,7 @@ %endif %endif export XFAIL_TESTS -make check %{?_smp_mflags} +%make_build check %install %make_install @@ -148,7 +129,7 @@ %postun -n %{lname} -p /sbin/ldconfig %files -%doc COPYING +%license COPYING %{_bindir}/annotate %{_bindir}/bdftogd %{_bindir}/gd2copypal @@ -163,12 +144,11 @@ %{_bindir}/webpng %files -n %{lname} -%doc COPYING +%license COPYING %{_libdir}/*.so.* %files devel -%doc COPYING -%{_bindir}/gdlib-config +%license COPYING %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/gdlib.pc ++++++ libgd-2.2.5.tar.xz -> libgd-2.3.0.tar.xz ++++++ ++++ 30150 lines of diff (skipped)
