commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2020-08-14 09:30:37 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new.3399 (New) Package is "gd" Fri Aug 14 09:30:37 2020 rev:54 rq:825730 version:2.3.0 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2020-03-06 21:25:56.617504007 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new.3399/gd.changes 2020-08-14 09:30:54.172323810 +0200 @@ -1,0 +2,62 @@ +Sun Aug 9 20:39:07 UTC 2020 - Matthias Eliasson + +- Version update to 2.3.0: + ### Security + - Potential double-free in gdImage*Ptr(). (CVE-2019-6978) + - gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977) + - Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038) + - Double-free in gdImageBmp. (CVE-2018-1000222) + - Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553) + - Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711) + ### Fixed + - Fix #597: add codecov support + - Fix #596: gdTransformAffineCopy run error + - Fix #589: Install dependencies move to .travis.yml + - Fix #586: gdTransformAffineCopy() segfaults on palette images + - Fix #585: gdTransformAffineCopy() changes interpolation method + - Fix #584: gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent + - Fix #583: gdTransformAffineCopy() may use unitialized values + - Fix #533: Remove cmake modules + - Fix #539: Add RAQM support for cmake + - Fix #499: gdImageGifAnimAddPtr: heap corruption with 2 identical images + - Fix #486: gdImageCropAuto(…, GD_CROP_SIDES) crops left but not right + - Fix #485: auto cropping has insufficient precision + - Fix #479: Provide a suitable malloc function to liq + - Fix #474: libtiff link returns 404 HTTP code + - Fix #450: Failed to open 1 bit per pixel bitmap + - Fix #440: new_width & new_height exception handling + - Fix #432: gdImageCrop neglecting transparency + - Fix #420: Potential infinite loop in gdImageCreateFromGifCtx + - Fix #411: gd_gd.c format documentation appears to be incorrect + - Fix #369: Fix new_a init error in gdImageConvolution() + - Fix #351: gdImageFilledArc() doesn't properly draw pies + - Fix #338: Fatal and normal libjpeg/libpng errors not distinguishable + - Fix #169: Update var type to hold bigger w for ellipse + - Fix #164: update doc files install directory in CMakeLists.txt + - Correct some test depend errors + - Update cmake min version to 3.7 + - Delete libimagequant source code download action in CMakeLists.txt + - Improve msys support + - Fix some logic error in CMakeLists.txt + - Remove the following macro: HAVE_STDLIB_H, HAVE_STRING_H, HAVE_STDDEF_H, +HAVE_LIMITS_H, HAVE_ERRNO_H, AC_C_CONST + ### Added + - test cases for following API: gdImageCopyResized(), gdImageWebpEx(), +gdImageCreateFromGd2PartPtr(), gdImageCloneMatch(), +gdImageColorClosestHWB(), gdImageColorMatch(), gdImageStringUp(), +gdImageStringUp16(), gdImageString(), gdImageString16(), +gdImageCopyMergeGray(), gdImageCopyMerge() +- Drop CVE patches now fixed upstream: + - gd-CVE-2018-1000222.patch + - gd-CVE-2018-14553.patch + - gd-CVE-2018-5711.patch + - gd-CVE-2019-11038.patch + - gd-CVE-2019-6977.patch + - gd-CVE-2019-6978.patch +- Drop patch: libgd-config.patch since upstream have dropped libgd-config binary +- Run spec-cleaner + + Remove package groups + + use license macro + + use make macros + +--- Old: gd-CVE-2018-1000222.patch gd-CVE-2018-14553.patch gd-CVE-2018-5711.patch gd-CVE-2019-11038.patch gd-CVE-2019-6977.patch gd-CVE-2019-6978.patch libgd-2.2.5.tar.xz libgd-config.patch New: libgd-2.3.0.tar.xz Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.u5SWm7/_old 2020-08-14 09:30:55.876324683 +0200 +++ /var/tmp/diff_new_pack.u5SWm7/_new 2020-08-14 09:30:55.876324683 +0200 @@ -19,11 +19,10 @@ %define prjname libgd %define lname libgd3 Name: gd -Version:2.2.5 +Version:2.3.0 Release:0 Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT -Group: System/Libraries URL:https://libgd.github.io/ Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source1:baselibs.conf @@ -33,15 +32,6 @@ Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -Patch4: gd-CVE-2018-5711.patch -Patch5: libgd-config.patch -Patch6: gd-CVE-2018-1000222.patch -Patch7: gd-CVE-2019-6978.patch -Patch8:
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2020-03-06 21:25:47 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new.26092 (New) Package is "gd" Fri Mar 6 21:25:47 2020 rev:53 rq:781431 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2019-07-21 11:29:18.492828348 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new.26092/gd.changes 2020-03-06 21:25:56.617504007 +0100 @@ -1,0 +2,8 @@ +Wed Mar 4 10:11:14 UTC 2020 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() + + gd-CVE-2018-14553.patch + +--- New: gd-CVE-2018-14553.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.DiMFR7/_old 2020-03-06 21:25:57.773504647 +0100 +++ /var/tmp/diff_new_pack.DiMFR7/_new 2020-03-06 21:25:57.777504648 +0100 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT Group: System/Libraries -Url:https://libgd.github.io/ +URL:https://libgd.github.io/ Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source1:baselibs.conf # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) @@ -40,6 +40,8 @@ Patch8: gd-CVE-2019-6977.patch # CVE-2019-11038 [bsc#1140118] Patch9: gd-CVE-2019-11038.patch +# CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() +Patch10:gd-CVE-2018-14553.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -96,6 +98,7 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 chmod 644 COPYING %build ++ gd-CVE-2018-14553.patch ++ diff --git a/src/gd.c b/src/gd.c index 592a0286..d564d1f9 100644 --- a/src/gd.c +++ b/src/gd.c @@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { } } - if (src->styleLength > 0) { - dst->styleLength = src->styleLength; - dst->stylePos= src->stylePos; - for (i = 0; i < src->styleLength; i++) { - dst->style[i] = src->style[i]; - } - } - dst->interlace = src->interlace; dst->alphaBlendingFlag = src->alphaBlendingFlag; @@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { if (src->style) { gdImageSetStyle(dst, src->style, src->styleLength); + dst->stylePos = src->stylePos; } for (i = 0; i < gdMaxColors; i++) {
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2019-07-21 11:29:17 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new.4126 (New) Package is "gd" Sun Jul 21 11:29:17 2019 rev:52 rq:715653 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2019-06-02 15:17:15.430055563 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new.4126/gd.changes 2019-07-21 11:29:18.492828348 +0200 @@ -1,0 +2,8 @@ +Tue Jul 16 09:12:06 UTC 2019 - pgaj...@suse.com + +- security update +- added patches + CVE-2019-11038 [bsc#1140120] + + gd-CVE-2019-11038.patch + +--- New: gd-CVE-2019-11038.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.5K3aGW/_old 2019-07-21 11:29:18.976828266 +0200 +++ /var/tmp/diff_new_pack.5K3aGW/_new 2019-07-21 11:29:18.980828266 +0200 @@ -38,6 +38,8 @@ Patch6: gd-CVE-2018-1000222.patch Patch7: gd-CVE-2019-6978.patch Patch8: gd-CVE-2019-6977.patch +# CVE-2019-11038 [bsc#1140118] +Patch9: gd-CVE-2019-11038.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -93,6 +95,7 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 chmod 644 COPYING %build ++ gd-CVE-2019-11038.patch ++ diff --git a/src/gd_xbm.c b/src/gd_xbm.c index 4ca41acf..cf0545ef 100644 --- a/src/gd_xbm.c +++ b/src/gd_xbm.c @@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) } h[3] = ch; } - sscanf(h, "%x", ); + if (sscanf(h, "%x", ) != 1) { + gd_error("invalid XBM"); + gdImageDestroy(im); + return 0; + } for (bit = 1; bit <= max_bit; bit = bit << 1) { gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0); if (x == im->sx) {
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2019-06-02 15:17:14 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new.5148 (New) Package is "gd" Sun Jun 2 15:17:14 2019 rev:51 rq:706509 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2019-02-08 13:45:41.970829607 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new.5148/gd.changes 2019-06-02 15:17:15.430055563 +0200 @@ -1,0 +2,5 @@ +Thu May 30 13:02:38 UTC 2019 - pgaj...@suse.com + +- change order while installing splitted library [bsc#1136574] + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.hhUAoq/_old 2019-06-02 15:17:16.158055248 +0200 +++ /var/tmp/diff_new_pack.hhUAoq/_new 2019-06-02 15:17:16.158055248 +0200 @@ -59,7 +59,10 @@ %package -n %{lname} Summary:A Drawing Library for Programs That Use PNG and JPEG Output +# change order while installing a split library Group: System/Libraries +Obsoletes: gd < 2.2.3 +Conflicts: gd < 2.2.3 %description -n %{lname} Gd allows your code to quickly draw images complete with lines, arcs,
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2019-02-08 13:45:40 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new.28833 (New) Package is "gd" Fri Feb 8 13:45:40 2019 rev:50 rq:671007 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2018-12-27 00:23:53.791932482 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new.28833/gd.changes 2019-02-08 13:45:41.970829607 +0100 @@ -1,0 +2,9 @@ +Thu Jan 31 11:23:17 UTC 2019 - Petr Gajdos + +- security update + * CVE-2019-6978 [bsc#1123522] ++ gd-CVE-2019-6978.patch + * CVE-2019-6977 [bsc#1123361] ++ gd-CVE-2019-6977.patch + +--- New: gd-CVE-2019-6977.patch gd-CVE-2019-6978.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.kNEaVR/_old 2019-02-08 13:45:42.706829380 +0100 +++ /var/tmp/diff_new_pack.kNEaVR/_new 2019-02-08 13:45:42.714829377 +0100 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -36,6 +36,8 @@ Patch4: gd-CVE-2018-5711.patch Patch5: libgd-config.patch Patch6: gd-CVE-2018-1000222.patch +Patch7: gd-CVE-2019-6978.patch +Patch8: gd-CVE-2019-6977.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -86,6 +88,8 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 chmod 644 COPYING %build ++ gd-CVE-2019-6977.patch ++ Index: libgd-2.2.5/src/gd_color_match.c === --- libgd-2.2.5.orig/src/gd_color_match.c 2019-01-31 12:56:44.944336318 +0100 +++ libgd-2.2.5/src/gd_color_match.c2019-01-31 12:58:11.368836899 +0100 @@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm return -4; /* At least 1 color must be allocated */ } - buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); - memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); + buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); + memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); for (x=0; x < im1->sx; x++) { for( y=0; ysy; y++ ) { ++ gd-CVE-2019-6978.patch ++ Index: libgd-2.2.5/src/gd_gif_out.c === --- libgd-2.2.5.orig/src/gd_gif_out.c 2017-08-30 13:05:54.0 +0200 +++ libgd-2.2.5/src/gd_gif_out.c2019-01-31 09:47:44.703693790 +0100 @@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx); static void char_out(int c, GifCtx *ctx); static void flush_char(GifCtx *ctx); +static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); @@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImag void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); if (out == NULL) return NULL; - gdImageGifCtx(im, out); - rv = gdDPExtractData(out, size); + if (!_gdImageGifCtx(im, out)) { + rv = gdDPExtractData(out, size); + } else { + rv = NULL; + } out->gd_free(out); return rv; } @@ -221,6 +225,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr */ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) { + _gdImageGifCtx(im, out); +} + +/* returns 0 on success, 1 on failure */ +static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) +{ gdImagePtr pim = 0, tim = im; int interlace, BitsPerPixel; interlace = im->interlace; @@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP based temporary image. */ pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); if(!pim) { - return; + return 1; } tim = pim; } @@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP /* Destroy palette based temporary image. */ gdImageDestroy( pim); } + + return 0; } Index: libgd-2.2.5/src/gd_jpeg.c
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2018-12-27 00:23:52 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new.28833 (New) Package is "gd" Thu Dec 27 00:23:52 2018 rev:49 rq:657872 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2018-09-11 17:13:25.207768737 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new.28833/gd.changes 2018-12-27 00:23:53.791932482 +0100 @@ -1,0 +2,5 @@ +Thu Dec 13 16:24:15 UTC 2018 - meiss...@suse.com + +- add gd-devel as baselibs, for building 32bit libaries on 64bit + +--- Other differences: -- ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.1Xe4a1/_old 2018-12-27 00:23:54.255932104 +0100 +++ /var/tmp/diff_new_pack.1Xe4a1/_new 2018-12-27 00:23:54.255932104 +0100 @@ -1 +1,5 @@ libgd3 +gd-devel + requires -gd- + requires "libgd3- = " +
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2018-09-11 17:13:21 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Tue Sep 11 17:13:21 2018 rev:48 rq:631813 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2018-01-26 13:34:28.327383444 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2018-09-11 17:13:25.207768737 +0200 @@ -1,0 +2,14 @@ +Mon Aug 27 13:45:14 UTC 2018 - pgaj...@suse.com + +- security update: + * CVE-2018-1000222 [bsc#1105434] ++ gd-CVE-2018-1000222.patch + +--- +Tue Mar 13 13:31:37 UTC 2018 - crrodrig...@opensuse.org + +- libgd-config.patch: do not inject false dependencies into + packages, GD does not need extra libs to be used. + this also allows us to clean up -devel package dependencies. + +--- New: gd-CVE-2018-1000222.patch libgd-config.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.uQjaa5/_old 2018-09-11 17:13:25.739767914 +0200 +++ /var/tmp/diff_new_pack.uQjaa5/_new 2018-09-11 17:13:25.743767907 +0200 @@ -34,6 +34,8 @@ # could be upstreamed Patch3: gd-aliasing.patch Patch4: gd-CVE-2018-5711.patch +Patch5: libgd-config.patch +Patch6: gd-CVE-2018-1000222.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -43,9 +45,6 @@ BuildRequires: pkgconfig(freetype2) BuildRequires: pkgconfig(libtiff-4) BuildRequires: pkgconfig(libwebp) -BuildRequires: pkgconfig(x11) -BuildRequires: pkgconfig(xau) -BuildRequires: pkgconfig(xdmcp) BuildRequires: pkgconfig(xpm) Provides: gdlib = %{version} Obsoletes: gdlib < %{version} @@ -71,15 +70,6 @@ Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} Requires: glibc-devel -Requires: libjpeg-devel -Requires: libpng-devel -Requires: pkgconfig(libtiff-4) -Requires: pkgconfig(libwebp) -Requires: pkgconfig(libwebpdecoder) -Requires: pkgconfig(libwebpdemux) -Requires: pkgconfig(libwebpmux) -Requires: pkgconfig(vpx) -Requires: pkgconfig(zlib) %description devel gd allows code to quickly draw images complete with lines, arcs, text, @@ -94,6 +84,8 @@ %patch2 %patch3 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 chmod 644 COPYING %build ++ gd-CVE-2018-1000222.patch ++ diff --git a/src/gd_bmp.c b/src/gd_bmp.c index bde0b9d3..78f40d9a 100644 --- a/src/gd_bmp.c +++ b/src/gd_bmp.c @@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); +static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); + #define BMP_DEBUG(s) static int gdBMPPutWord(gdIOCtx *out, int w) @@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); if (out == NULL) return NULL; - gdImageBmpCtx(im, out, compression); - rv = gdDPExtractData(out, size); + if (!_gdImageBmpCtx(im, out, compression)) + rv = gdDPExtractData(out, size); + else + rv = NULL; out->gd_free(out); return rv; } @@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) compression - whether to apply RLE or not. */ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) +{ + _gdImageBmpCtx(im, out, compression); +} + +static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) { int bitmap_size = 0, info_size, total_size, padding; int i, row, xpos, pixel; @@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; FILE *tmpfile_for_compression = NULL; gdIOCtxPtr out_original = NULL; + int ret = 1; /* No compression if its true colour or we don't support seek */ if (im->trueColor) { @@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) out_original = NULL; } + ret = 0; cleanup: if (tmpfile_for_compression) { #ifdef _WIN32 @@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im,
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2018-01-26 13:34:27 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Fri Jan 26 13:34:27 2018 rev:47 rq:568192 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2017-09-08 20:39:24.448831014 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2018-01-26 13:34:28.327383444 +0100 @@ -1,0 +2,7 @@ +Mon Jan 22 14:58:51 UTC 2018 - pgaj...@suse.com + +- security update: + * CVE-2018-5711 [bsc#1076391] ++ gd-CVE-2018-5711.patch + +--- New: gd-CVE-2018-5711.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.be3Rf3/_old 2018-01-26 13:34:29.267339540 +0100 +++ /var/tmp/diff_new_pack.be3Rf3/_new 2018-01-26 13:34:29.275339166 +0100 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,6 +33,7 @@ Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch +Patch4: gd-CVE-2018-5711.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -92,6 +93,7 @@ %patch1 %patch2 %patch3 +%patch4 -p1 chmod 644 COPYING %build ++ gd-CVE-2018-5711.patch ++ Index: libgd-2.2.5/src/gd_gif_in.c === --- libgd-2.2.5.orig/src/gd_gif_in.c2018-01-22 15:19:35.417382486 +0100 +++ libgd-2.2.5/src/gd_gif_in.c 2018-01-22 15:21:28.683291084 +0100 @@ -335,11 +335,6 @@ terminated: return 0; } - if(!im->colorsTotal) { - gdImageDestroy(im); - return 0; - } - /* Check for open colors at the end, so * we can reduce colorsTotal and ultimately * BitsPerPixel */ @@ -351,6 +346,11 @@ terminated: } } + if(!im->colorsTotal) { + gdImageDestroy(im); + return 0; + } + return im; } @@ -447,7 +447,7 @@ static int GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) { int i, j, ret; - unsigned char count; + int count; if(flag) { scd->curbit = 0;
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2017-09-08 20:39:23 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Fri Sep 8 20:39:23 2017 rev:46 rq:521156 version:2.2.5 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2017-08-24 18:26:33.323835498 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2017-09-08 20:39:24.448831014 +0200 @@ -1,0 +2,25 @@ +Tue Sep 5 13:49:20 UTC 2017 - pgaj...@suse.com + +- Version update to 2.2.5: + ### Security + - Double-free in gdImagePngPtr(). (CVE-2017-6362) + - Buffer over-read into uninitialized memory. (CVE-2017-7890) + + ### Fixed + - Fix #109: XBM reading fails with printed error + - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable + - Fix #357: 2.2.4: Segfault in test suite + - Fix #386: gdImageGrayScale() may produce colors + - Fix #406: webpng -i removes the transparent color + - Fix Coverity #155475: Failure to restore alphaBlendingFlag + - Fix Coverity #155476: potential resource leak + - Fix several build issues and test failures + - Fix and reenable optimized support for reading 1 bps TIFFs + + ### Added + - The native MSVC buildchain now supports libtiff and most executables +- removed patches (upstreamed): + . gd-freetype.patch + . gd-rounding.patch + +--- Old: gd-freetype.patch gd-rounding.patch libgd-2.2.4.tar.xz New: libgd-2.2.5.tar.xz Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.P4a25A/_old 2017-09-08 20:39:25.592670189 +0200 +++ /var/tmp/diff_new_pack.P4a25A/_new 2017-09-08 20:39:25.596669627 +0200 @@ -19,7 +19,7 @@ %define prjname libgd %define lname libgd3 Name: gd -Version:2.2.4 +Version:2.2.5 Release:0 Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT @@ -33,10 +33,6 @@ Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -# PATCH-FIX-UPSTREAM: build with newer freetype -Patch4: gd-freetype.patch -# PATCH-FIX-UPSTREAM: fix testfailure on 32b platforms -Patch5: gd-rounding.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -96,8 +92,7 @@ %patch1 %patch2 %patch3 -%patch4 -p1 -%patch5 -p1 +chmod 644 COPYING %build # ADDITIONAL CFLAGS ARE NEEDED TO FIX TEST FAILURES IN CASE OF i586, BUT HARMLESS TO APPLY GENERALLY FOR ALL ix86 ++ libgd-2.2.4.tar.xz -> libgd-2.2.5.tar.xz ++ 12043 lines of diff (skipped)
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2017-08-24 18:26:32 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Thu Aug 24 18:26:32 2017 rev:45 rq:517003 version:2.2.4 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2017-08-10 13:43:25.518694184 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2017-08-24 18:26:33.323835498 +0200 @@ -1,0 +2,5 @@ +Tue Aug 15 09:19:05 UTC 2017 - lnus...@suse.de + +- Don't fail gdimagegrayscale/basic on SLE15 (boo#1053825) + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.2IXfeP/_old 2017-08-24 18:26:34.447677162 +0200 +++ /var/tmp/diff_new_pack.2IXfeP/_new 2017-08-24 18:26:34.451676598 +0200 @@ -126,10 +126,14 @@ make %{?_smp_mflags} %check +%if !0%{?sle_version} || 0%{?sle_version} < 15 +# on SLE15 we have --with-arch-32=x86_64 so the test actually +# passes boo#1053825 %ifarch %{ix86} # See https://github.com/libgd/libgd/issues/359 XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS" %endif +%endif export XFAIL_TESTS make check %{?_smp_mflags}
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2017-08-10 13:43:23 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Thu Aug 10 13:43:23 2017 rev:44 rq:511835 version:2.2.4 Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2016-12-13 19:32:31.237931443 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2017-08-10 13:43:25.518694184 +0200 @@ -1,0 +2,25 @@ +Fri Jul 21 11:29:06 UTC 2017 - tchva...@suse.com + +- Add patch gd-rounding.patch +- Set again the cflags so other archs do not fail testsuite + +--- +Fri Jul 7 10:54:11 UTC 2017 - tchva...@suse.com + +- Version update to 2.2.4: + * gdImageCreate() doesn't check for oversized images and as such is prone +to DoS vulnerabilities. (CVE-2016-9317) bsc#1022283 + * double-free in gdImageWebPtr() (CVE-2016-6912) bsc#1022284 + * potential unsigned underflow in gd_interpolation.c (CVE-2016-10166) +bsc#1022263 + * DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) +bsc#1022264 + * Signed Integer Overflow gd_io.c (CVE-2016-10168) bsc#1022265 +- Remove patches merged/obsoleted by upstream: + * gd-config.patch + * gd-disable-freetype27-failed-tests.patch + * gd-test-unintialized-var.patch +- Add patch gd-freetype.patch taking patch from upstream for + freetype 2.7 + +--- Old: gd-config.patch gd-disable-freetype27-failed-tests.patch gd-test-unintialized-var.patch libgd-2.2.3.tar.xz New: gd-freetype.patch gd-rounding.patch libgd-2.2.4.tar.xz Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.YuPG2i/_old 2017-08-10 13:43:26.842507831 +0200 +++ /var/tmp/diff_new_pack.YuPG2i/_new 2017-08-10 13:43:26.854506142 +0200 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,11 +17,9 @@ %define prjname libgd - %define lname libgd3 - Name: gd -Version:2.2.3 +Version:2.2.4 Release:0 Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT @@ -29,35 +27,31 @@ Url:https://libgd.github.io/ Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source1:baselibs.conf -# to be upstreamed, gdlib-config --libs to return the same as pkg-config --libs gdlib -Patch0: gd-config.patch # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) Patch1: gd-fontpath.patch # could be upstreamed, but not in this form (need ac check for attribute format printf, etc.) Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -# PATCH-FIX-UPSTREAM gd-disable-freetype27-failed-tests.patch gh#libgd/libgd#302 badshah...@gmail.com -- Disable for now tests failing against freetype >= 2.7 for being too exact. -Patch5: gd-disable-freetype27-failed-tests.patch -# PATCH-FIX-UPSTREAM gd-test-unintialized-var.patch badshah...@gmail.com -- Initialise a variable in tests/gd2/gd2_read.c to 0 to prevent it from failing to compile with -Werror (only causes problems in no ix86 arch surprisingly); patch sent upstream -Patch6: gd-test-unintialized-var.patch -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: fontconfig-devel -BuildRequires: freetype2-devel +# PATCH-FIX-UPSTREAM: build with newer freetype +Patch4: gd-freetype.patch +# PATCH-FIX-UPSTREAM: fix testfailure on 32b platforms +Patch5: gd-rounding.patch +# needed for tests +BuildRequires: dejavu BuildRequires: libjpeg-devel BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libtool -BuildRequires: libwebp-devel -BuildRequires: pkg-config -BuildRequires: xorg-x11-libX11-devel -BuildRequires: xorg-x11-libXau-devel -BuildRequires: xorg-x11-libXdmcp-devel -BuildRequires: xorg-x11-libXpm-devel +BuildRequires: pkgconfig +BuildRequires: pkgconfig(fontconfig) +BuildRequires: pkgconfig(freetype2) +BuildRequires: pkgconfig(libtiff-4) +BuildRequires: pkgconfig(libwebp) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xau) +BuildRequires: pkgconfig(xdmcp) +BuildRequires: pkgconfig(xpm) Provides: gdlib = %{version} Obsoletes: gdlib < %{version} -BuildRoot:
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2016-10-10 16:18:18 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2016-08-26 23:14:33.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2016-10-10 16:18:18.0 +0200 @@ -1,0 +2,51 @@ +Fri Sep 30 14:59:25 UTC 2016 - badshah...@gmail.com + +- Update to version 2.2.3: + + Security fixes: +- Php bug#72339, Integer Overflow in _gd2GetHeader + (CVE-2016-5766) +- Issue gh/libgd/libgd#247: A read out-of-bands was found in + the parsing of TGA files (CVE-2016-6132) +- Issue gh/libgd/libgd#247: Buffer over-read issue when + parsing crafted TGA file (CVE-2016-6214) +- Issue gh/libgd/libgd#248: fix Out-Of-Bounds Read in + read_image_tga +- Integer overflow error within _gdContributionsAlloc() + (CVE-2016-6207) +- Fix php bug#72494, invalid color index not handled, can lead + to crash (CVE-2016-6128) + + Improve color check for CropThreshold + + gdImageCopyResampled has been improved. Better handling of +images with alpha channel, also brings libgd in sync with +php's bundled gd. +- Drop patches: + + gd-CVE-2016-5116.patch: upstreamed + + gd-CVE-2016-6132.patch: upstreamed + + gd-CVE-2016-6214.patch: upstreamed + + gd-CVE-2016-6905.patch: upstreamed + + gd-libvpx.patch: vpx support dropped. +- Add BuildRequires for automake and autoconf since + gd-disable-freetype27-failed-tests.patch touches makefiles. +- Drop getver.pl from source: included in upstream tarball. +- Add "-msse -mfpmath=sse" to CFLAGS to fix tests on ix86 + architectures. +- Add "-ffp-contract=off" to CFLAGS for non-ix86 arch (ppc, arm) + to fix a test: see gh#libgd/libgd#278. +- Add gd-test-unintialized-var.patch to fix an uninitialised + variable in tests/gd2/gd2_read.c to prevent it from compiling + with -Werror (only causes problems in no ix86 arch + surprisingly); patch sent upstream. +- Rebase gd-disable-freetype27-failed-tests.patch for updated + version. +- Update URL and Source to project's new github URL's. + +--- +Thu Sep 29 14:06:53 UTC 2016 - badshah...@gmail.com + +- Add gd-disable-freetype27-failed-tests.patch: Disable for now + tests failing against freetype >= 2.7 for being too exact + (gh#libgd/libgd#302). The failures have been understood by + upstream to be due to minor differences between test images and + those generated when freeetype >= 2.7 is used to build gd. + +--- Old: gd-CVE-2016-5116.patch gd-CVE-2016-6132.patch gd-CVE-2016-6214.patch gd-CVE-2016-6905.patch gd-libvpx.patch getver.pl libgd-2.1.1.tar.xz New: gd-disable-freetype27-failed-tests.patch gd-test-unintialized-var.patch libgd-2.2.3.tar.xz Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.PJI6yq/_old 2016-10-10 16:18:20.0 +0200 +++ /var/tmp/diff_new_pack.PJI6yq/_new 2016-10-10 16:18:20.0 +0200 @@ -21,15 +21,14 @@ %define lname libgd3 Name: gd -Version:2.1.1 +Version:2.2.3 Release:0 Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT Group: System/Libraries -Url:http://libgd.bitbucket.org/ -Source: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}.tar.xz +Url:https://libgd.github.io/ +Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source1:baselibs.conf -Source2:getver.pl # to be upstreamed, gdlib-config --libs to return the same as pkg-config --libs gdlib Patch0: gd-config.patch # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) @@ -38,19 +37,18 @@ Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -# could be upstreamed -Patch4: gd-libvpx.patch -Patch5: gd-CVE-2016-5116.patch -Patch6: gd-CVE-2016-6132.patch -Patch7: gd-CVE-2016-6214.patch -Patch8: gd-CVE-2016-6905.patch +# PATCH-FIX-UPSTREAM gd-disable-freetype27-failed-tests.patch gh#libgd/libgd#302 badshah...@gmail.com -- Disable for now tests failing against freetype >= 2.7 for being too exact. +Patch5: gd-disable-freetype27-failed-tests.patch +# PATCH-FIX-UPSTREAM gd-test-unintialized-var.patch badshah...@gmail.com -- Initialise a variable in tests/gd2/gd2_read.c to 0 to prevent it
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2016-08-26 23:14:31 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2016-06-03 16:36:03.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2016-08-26 23:14:33.0 +0200 @@ -1,0 +2,11 @@ +Tue Aug 23 11:16:25 UTC 2016 - pgaj...@suse.com + +- security update: + * CVE-2016-6132 [bsc#987577] ++ gd-CVE-2016-6132.patch + * CVE-2016-6214 [bsc#991436] ++ gd-CVE-2016-6214.patch + * CVE-2016-6905 [bsc#995034] ++ gd-CVE-2016-6905.patch + +--- New: gd-CVE-2016-6132.patch gd-CVE-2016-6214.patch gd-CVE-2016-6905.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.SBx55Y/_old 2016-08-26 23:14:34.0 +0200 +++ /var/tmp/diff_new_pack.SBx55Y/_new 2016-08-26 23:14:34.0 +0200 @@ -41,6 +41,9 @@ # could be upstreamed Patch4: gd-libvpx.patch Patch5: gd-CVE-2016-5116.patch +Patch6: gd-CVE-2016-6132.patch +Patch7: gd-CVE-2016-6214.patch +Patch8: gd-CVE-2016-6905.patch BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: libjpeg-devel @@ -98,6 +101,9 @@ %patch3 %patch4 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build # this file is errorneously forgotten from the tarball ++ gd-CVE-2016-6132.patch ++ >From 921e590565deb033acafcfa9063b4563200b14b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?=Date: Tue, 12 Jul 2016 11:24:09 +0200 Subject: [PATCH] Fix #247, A read out-of-bands was found in the parsing of TGA files --- src/gd_tga.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/gd_tga.c b/src/gd_tga.c index ef20f86..07f3c86 100644 --- a/src/gd_tga.c +++ b/src/gd_tga.c @@ -237,7 +237,10 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) return -1; } - gdGetBuf(conversion_buffer, image_block_size, ctx); + if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { + gdFree(conversion_buffer); + return -1; + } while (buffer_caret < image_block_size) { tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret]; @@ -261,7 +264,11 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) return -1; } - gdGetBuf( conversion_buffer, image_block_size, ctx ); + if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { + gdFree(conversion_buffer); + gdFree(decompression_buffer); + return -1; + } buffer_caret = 0; ++ gd-CVE-2016-6214.patch ++ >From 10ef1dca63d62433fda13309b4a228782db823f7 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Tue, 12 Jul 2016 19:23:13 +0200 Subject: [PATCH] Unsupported TGA bpp/alphabit combinations should error gracefully Currently, only 24bpp without alphabits and 32bpp with 8 alphabits are really supported. All other combinations will be rejected with a warning. --- src/gd_tga.c | 16 ++-- tests/tga/.gitignore | 1 + tests/tga/CMakeLists.txt | 1 + tests/tga/Makemodule.am | 4 +++- tests/tga/bug00247a.c| 19 +++ tests/tga/bug00247a.tga | Bin 0 -> 36 bytes 6 files changed, 30 insertions(+), 11 deletions(-) create mode 100644 tests/tga/bug00247a.c create mode 100644 tests/tga/bug00247a.tga diff --git a/src/gd_tga.c b/src/gd_tga.c index 20fe2d2..b4f8fa6 100644 --- a/src/gd_tga.c +++ b/src/gd_tga.c @@ -99,7 +99,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromTgaCtx(gdIOCtx* ctx) if (tga->bits == TGA_BPP_24) { *tpix = gdTrueColor(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret]); bitmap_caret += 3; - } else if (tga->bits == TGA_BPP_32 || tga->alphabits) { + } else if (tga->bits == TGA_BPP_32 && tga->alphabits) { register int a = tga->bitmap[bitmap_caret + 3]; *tpix = gdTrueColorAlpha(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret], gdAlphaMax - (a >> 1)); @@ -159,16 +159,12 @@ int
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2016-06-03 16:36:01 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2016-03-09 19:01:17.0 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2016-06-03 16:36:03.0 +0200 @@ -1,0 +2,7 @@ +Mon May 30 13:17:18 UTC 2016 - pgaj...@suse.com + +- security update: + * CVE-2016-5116 [bsc#982176] ++ gd-CVE-2016-5116.patch + +--- New: gd-CVE-2016-5116.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.a5tkwR/_old 2016-06-03 16:36:04.0 +0200 +++ /var/tmp/diff_new_pack.a5tkwR/_new 2016-06-03 16:36:04.0 +0200 @@ -40,6 +40,7 @@ Patch3: gd-aliasing.patch # could be upstreamed Patch4: gd-libvpx.patch +Patch5: gd-CVE-2016-5116.patch BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: libjpeg-devel @@ -96,6 +97,7 @@ %patch2 %patch3 %patch4 +%patch5 -p1 %build # this file is errorneously forgotten from the tarball ++ gd-CVE-2016-5116.patch ++ >From 4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 Mon Sep 17 00:00:00 2001 From: Mike FrysingerDate: Sat, 14 May 2016 01:38:18 -0400 Subject: [PATCH] xbm: avoid stack overflow (read) with large names #211 We use the name passed in to printf into a local stack buffer which is limited to 4000 bytes. So given a large enough value, lots of stack data is leaked. Rewrite the code to do simple memory copies with most of the strings to avoid that issue, and only use stack buffer for small numbers of constant size. This closes #211. --- src/gd_xbm.c | 34 +++--- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/src/gd_xbm.c b/src/gd_xbm.c index 74d839b..d28fdfc 100644 --- a/src/gd_xbm.c +++ b/src/gd_xbm.c @@ -180,7 +180,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) /* {{{ gdCtxPrintf */ static void gdCtxPrintf(gdIOCtx * out, const char *format, ...) { - char buf[4096]; + char buf[1024]; int len; va_list args; @@ -191,6 +191,9 @@ static void gdCtxPrintf(gdIOCtx * out, const char *format, ...) } /* }}} */ +/* The compiler will optimize strlen(constant) to a constant number. */ +#define gdCtxPuts(out, s) out->putBuf(out, s, strlen(s)) + /* {{{ gdImageXbmCtx */ BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOCtx * out) { @@ -215,9 +218,26 @@ BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOC } } - gdCtxPrintf(out, "#define %s_width %d\n", name, gdImageSX(image)); - gdCtxPrintf(out, "#define %s_height %d\n", name, gdImageSY(image)); - gdCtxPrintf(out, "static unsigned char %s_bits[] = {\n ", name); + /* Since "name" comes from the user, run it through a direct puts. +* Trying to printf it into a local buffer means we'd need a large +* or dynamic buffer to hold it all. */ + + /* #define _width 1234 */ + gdCtxPuts(out, "#define "); + gdCtxPuts(out, name); + gdCtxPuts(out, "_width "); + gdCtxPrintf(out, "%d\n", gdImageSX(image)); + + /* #define _height 1234 */ + gdCtxPuts(out, "#define "); + gdCtxPuts(out, name); + gdCtxPuts(out, "_height "); + gdCtxPrintf(out, "%d\n", gdImageSY(image)); + + /* static unsigned char _bits[] = {\n */ + gdCtxPuts(out, "static unsigned char "); + gdCtxPuts(out, name); + gdCtxPuts(out, "_bits[] = {\n "); free(name); @@ -234,9 +254,9 @@ BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOC if ((b == 128) || (x == sx && y == sy)) { b = 1; if (p) { - gdCtxPrintf(out, ", "); + gdCtxPuts(out, ", "); if (!(p%12)) { - gdCtxPrintf(out, "\n "); + gdCtxPuts(out, "\n "); p = 12; } } @@ -248,6 +268,6 @@ BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOC } } } - gdCtxPrintf(out, "};\n"); + gdCtxPuts(out, "};\n"); } /* }}} */
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2016-03-09 19:01:16 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is "gd" Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2015-05-18 23:01:47.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2016-03-09 19:01:17.0 +0100 @@ -1,0 +2,5 @@ +Tue Mar 1 15:32:40 UTC 2016 - pgaj...@suse.com + +- add missing config/getver.pl [bsc#965190] + +--- New: getver.pl Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.OrIQwU/_old 2016-03-09 19:01:19.0 +0100 +++ /var/tmp/diff_new_pack.OrIQwU/_new 2016-03-09 19:01:19.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,7 @@ Url:http://libgd.bitbucket.org/ Source: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}.tar.xz Source1:baselibs.conf +Source2:getver.pl # to be upstreamed, gdlib-config --libs to return the same as pkg-config --libs gdlib Patch0: gd-config.patch # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) @@ -97,6 +98,10 @@ %patch4 %build +# this file is errorneously forgotten from the tarball +# remove in next release to 2.1.1 +cp %{SOURCE2} config/getver.pl +perl config/getver.pl autoreconf -fiv # without-x -- useless switch which just mangles cflags %configure \ ++ getver.pl ++ #!/usr/bin/env perl # Simple script to extract the version number parts from src/gd.h. If # called with the middle word of the version macro, it prints the # value of that macro. If called with no argument, it outputs a # human-readable version string. This must be run in the project # root. It is used by configure.ac and docs/naturaldocs/run_docs.sh. use strict; my $key = shift; my @version_parts = (); open FH, ") { next unless m{version605b5d1778}; next unless /^#define\s+GD_([A-Z0-9]+)_VERSION+\s+(\S+)/; my ($lk, $lv) = ($1, $2); if ($lk eq $key) { chomp $lv; $lv =~ s/"//g; print $lv; # no newline exit(0);# success! } push @version_parts, $lv if (!$key); } close(FH); if (scalar @version_parts == 4) { my $result = join(".", @version_parts[0..2]); $result .= $version_parts[3]; $result =~ s/"//g; print $result; exit(0); } exit(1);# failure
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2015-05-18 23:01:46 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2015-03-05 18:15:53.0 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2015-05-18 23:01:47.0 +0200 @@ -1,0 +2,6 @@ +Tue May 12 14:11:33 UTC 2015 - joerg.loren...@ki.tng.de + +- Added patch gd-libvpx.patch to enable build against libvpx = 1.4, + new VPX_ prefixed namespaces are available since libvpx = 0.9.1. + +--- New: gd-libvpx.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.r7ysWc/_old 2015-05-18 23:01:49.0 +0200 +++ /var/tmp/diff_new_pack.r7ysWc/_new 2015-05-18 23:01:49.0 +0200 @@ -37,6 +37,8 @@ Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch +# could be upstreamed +Patch4: gd-libvpx.patch BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: libjpeg-devel @@ -92,6 +94,7 @@ %patch1 %patch2 %patch3 +%patch4 %build autoreconf -fiv ++ gd-libvpx.patch ++ --- src/webpimg.c.orig 2015-01-06 10:16:03.0 +0100 +++ src/webpimg.c 2015-05-12 15:02:50.784722900 +0200 @@ -711,14 +711,14 @@ codec_ctl(enc, VP8E_SET_STATIC_THRESHOLD, 0); codec_ctl(enc, VP8E_SET_TOKEN_PARTITIONS, 2); -vpx_img_wrap(img, IMG_FMT_I420, +vpx_img_wrap(img, VPX_IMG_FMT_I420, y_width, y_height, 16, (uint8*)(Y)); -img.planes[PLANE_Y] = (uint8*)(Y); -img.planes[PLANE_U] = (uint8*)(U); -img.planes[PLANE_V] = (uint8*)(V); -img.stride[PLANE_Y] = y_stride; -img.stride[PLANE_U] = uv_stride; -img.stride[PLANE_V] = uv_stride; +img.planes[VPX_PLANE_Y] = (uint8*)(Y); +img.planes[VPX_PLANE_U] = (uint8*)(U); +img.planes[VPX_PLANE_V] = (uint8*)(V); +img.stride[VPX_PLANE_Y] = y_stride; +img.stride[VPX_PLANE_U] = uv_stride; +img.stride[VPX_PLANE_V] = uv_stride; res = vpx_codec_encode(enc, img, 0, 1, 0, VPX_DL_BEST_QUALITY);
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2015-03-05 15:38:39 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2014-08-29 17:42:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2015-03-05 18:15:53.0 +0100 @@ -1,0 +2,11 @@ +Sat Feb 28 08:44:08 UTC 2015 - mplus...@suse.com + +- Cleanup spec file with spec-cleaner +- No longer needed patches + * gd-2.1.0-CVE-2014-2497.patch + * gd-autoconf.patch +- Update to 2.1.1 + * changelog provided only as commit log (see Changelog) + * fix for CVE-2014-2497 + +--- Old: gd-2.1.0-CVE-2014-2497.patch gd-autoconf.patch libgd-2.1.0.tar.xz New: libgd-2.1.1.tar.xz Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.osnZwW/_old 2015-03-05 18:15:54.0 +0100 +++ /var/tmp/diff_new_pack.osnZwW/_new 2015-03-05 18:15:54.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define lname libgd3 Name: gd -Version:2.1.0 +Version:2.1.1 Release:0 Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT @@ -37,9 +37,6 @@ Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -# could be upstreamed? -Patch4: gd-autoconf.patch -Patch5: gd-2.1.0-CVE-2014-2497.patch BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: libjpeg-devel @@ -95,8 +92,6 @@ %patch1 %patch2 %patch3 -%patch4 -p1 -%patch5 %build autoreconf -fiv ++ gd-aliasing.patch ++ --- /var/tmp/diff_new_pack.osnZwW/_old 2015-03-05 18:15:54.0 +0100 +++ /var/tmp/diff_new_pack.osnZwW/_new 2015-03-05 18:15:54.0 +0100 @@ -1,8 +1,8 @@ Index: src/fontwheeltest.c === src/fontwheeltest.c.orig 2013-12-18 11:49:47.041577398 +0100 -+++ src/fontwheeltest.c2013-12-18 11:53:52.575496376 +0100 -@@ -32,6 +32,8 @@ +--- src/fontwheeltest.c.orig src/fontwheeltest.c +@@ -32,6 +32,8 @@ dowheel (gdImagePtr im, int color, char doerr (err, --); for (curang = 0.0; curang 360.0; curang += angle) { @@ -11,7 +11,7 @@ curangrads = DEGTORAD(curang); x0 = x + cos (curangrads) * offset; y0 = y - sin (curangrads) * offset; -@@ -47,7 +49,15 @@ +@@ -47,7 +49,15 @@ dowheel (gdImagePtr im, int color, char if (cp) doerr (err, cp); ++ libgd-2.1.0.tar.xz - libgd-2.1.1.tar.xz ++ 33138 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2014-08-29 17:42:14 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2014-06-30 21:50:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2014-08-29 17:42:21.0 +0200 @@ -1,0 +2,5 @@ +Tue Aug 26 05:58:53 UTC 2014 - jeng...@inai.de + +- Resolve build failure with automake-1.14 + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.TKvfCy/_old 2014-08-29 17:42:23.0 +0200 +++ /var/tmp/diff_new_pack.TKvfCy/_new 2014-08-29 17:42:23.0 +0200 @@ -95,7 +95,7 @@ %patch1 %patch2 %patch3 -%patch4 +%patch4 -p1 %patch5 %build ++ gd-autoconf.patch ++ --- /var/tmp/diff_new_pack.TKvfCy/_old 2014-08-29 17:42:23.0 +0200 +++ /var/tmp/diff_new_pack.TKvfCy/_new 2014-08-29 17:42:23.0 +0200 @@ -1,8 +1,21 @@ -Index: configure.ac +--- + configure.ac |5 - + 1 file changed, 4 insertions(+), 1 deletion(-) + +Index: libgd-2.1.0/configure.ac === configure.ac.orig 2013-12-18 12:58:25.906977199 +0100 -+++ configure.ac 2013-12-18 12:59:36.671840317 +0100 -@@ -53,6 +53,9 @@ +--- libgd-2.1.0.orig/configure.ac libgd-2.1.0/configure.ac +@@ -45,7 +45,7 @@ AC_SUBST(GDLIB_AGE) + FEATURES=GD_GIF GD_GIFANIM GD_OPENPOLYGON + AC_SUBST(FEATURES) + +-AM_INIT_AUTOMAKE([foreign dist-bzip2 dist-xz -Wall -Werror]) ++AM_INIT_AUTOMAKE([foreign dist-bzip2 dist-xz -Wall]) + AC_CONFIG_HEADERS([src/config.h:src/config.hin]) + + dnl newer automake wants this, but we still want to work with older +@@ -53,6 +53,9 @@ m4_ifndef([AM_PROG_AR],[m4_define([AM_PR AM_PROG_AR AC_PROG_CC_STDC -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2014-06-30 21:42:46 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2014-04-23 20:35:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2014-06-30 21:42:47.0 +0200 @@ -1,0 +2,5 @@ +Fri Jun 27 12:05:59 UTC 2014 - meiss...@suse.com + +- split out libgd3, so libgd2 could be installed in parallel. + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.fFwzDw/_old 2014-06-30 21:42:48.0 +0200 +++ /var/tmp/diff_new_pack.fFwzDw/_new 2014-06-30 21:42:48.0 +0200 @@ -17,6 +17,9 @@ %define prjname libgd + +%define lname libgd3 + Name: gd Version:2.1.0 Release:0 @@ -59,10 +62,20 @@ and flood fills. It outputs PNG, JPEG, and WBMP (for wireless devices) and is supported by PHP. +%package -n %lname +Summary:A Drawing Library for Programs That Use PNG and JPEG Output +Group: System/Libraries + +%description -n %lname +Gd allows your code to quickly draw images complete with lines, arcs, +text, and multiple colors. It supports cut and paste from other images +and flood fills. It outputs PNG, JPEG, and WBMP (for wireless devices) +and is supported by PHP. + %package devel Summary:Drawing Library for Programs with PNG and JPEG Output Group: Development/Libraries/C and C++ -Requires: %{name} = %{version} +Requires: %lname = %{version} Requires: glibc-devel Requires: libpng-devel Requires: libtiff-devel @@ -106,9 +119,9 @@ make DESTDIR=%{buildroot} install %{?_smp_mflags} find %{buildroot} -type f -name *.la -delete -print -%post -p /sbin/ldconfig +%post -n %lname -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig %files %defattr(-,root,root) @@ -125,10 +138,15 @@ %{_bindir}/pngtogd %{_bindir}/pngtogd2 %{_bindir}/webpng + +%files -n %lname +%defattr(-,root,root) +%doc COPYING %{_libdir}/*.so.* %files devel %defattr(-,root,root) +%doc COPYING %{_bindir}/gdlib-config %{_includedir}/* %{_libdir}/*.so ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.fFwzDw/_old 2014-06-30 21:42:48.0 +0200 +++ /var/tmp/diff_new_pack.fFwzDw/_new 2014-06-30 21:42:48.0 +0200 @@ -1 +1 @@ -gd +libgd3 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2014-04-23 20:35:45 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2014-04-14 06:43:13.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2014-04-23 20:35:50.0 +0200 @@ -1,0 +2,5 @@ +Thu Apr 17 17:51:34 UTC 2014 - tchva...@suse.com + +- Add tiff and vpx to the devel deps as it is in .pc file. + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.ZLDwbm/_old 2014-04-23 20:35:51.0 +0200 +++ /var/tmp/diff_new_pack.ZLDwbm/_new 2014-04-23 20:35:51.0 +0200 @@ -65,6 +65,8 @@ Requires: %{name} = %{version} Requires: glibc-devel Requires: libpng-devel +Requires: libtiff-devel +Requires: libvpx-devel Requires: zlib-devel %description devel -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2014-04-14 06:43:12 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2014-04-09 13:01:05.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2014-04-14 06:43:13.0 +0200 @@ -1,0 +2,5 @@ +Thu Apr 10 07:08:18 UTC 2014 - pgaj...@suse.com + +- build against libtiff and libvpx + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.plG52T/_old 2014-04-14 06:43:13.0 +0200 +++ /var/tmp/diff_new_pack.plG52T/_new 2014-04-14 06:43:13.0 +0200 @@ -41,7 +41,9 @@ BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel +BuildRequires: libtiff-devel BuildRequires: libtool +BuildRequires: libvpx-devel BuildRequires: pkg-config BuildRequires: xorg-x11-libX11-devel BuildRequires: xorg-x11-libXau-devel -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2014-04-09 13:01:03 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2013-12-30 09:52:09.0 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2014-04-09 13:01:05.0 +0200 @@ -1,0 +2,6 @@ +Fri Apr 4 12:21:22 UTC 2014 - pgaj...@suse.com + +- fixed NULL ptr deref in GD XPM decoder [bnc#868624] + * CVE-2014-2497.patch + +--- New: gd-2.1.0-CVE-2014-2497.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.lwTyn3/_old 2014-04-09 13:01:05.0 +0200 +++ /var/tmp/diff_new_pack.lwTyn3/_new 2014-04-09 13:01:05.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,6 +36,7 @@ Patch3: gd-aliasing.patch # could be upstreamed? Patch4: gd-autoconf.patch +Patch5: gd-2.1.0-CVE-2014-2497.patch BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: libjpeg-devel @@ -78,6 +79,7 @@ %patch2 %patch3 %patch4 +%patch5 %build autoreconf -fiv ++ gd-2.1.0-CVE-2014-2497.patch ++ Description: Patch to fix PHP bug 66901. Author: Andres Mejia mej...@amazon.com Forwarded: no Index: src/gdxpm.c === --- src/gdxpm.c.orig2014-04-04 12:56:02.570160501 +0200 +++ src/gdxpm.c 2014-04-04 13:01:24.031976322 +0200 @@ -62,6 +62,14 @@ for(i = 0; i number; i++) { char *c_color = image.colorTable[i].c_color; +if (!image.colorTable[i].c_color) +{ +/* unsupported color key or color key not defined */ +gdImageDestroy(im); +gdFree(colors); +im = 0; +goto done; +} if(strcmp(c_color, None) == 0) { colors[i] = gdImageGetTransparent(im); if(colors[i] == -1) colors[i] = gdImageColorAllocate(im, 0, 0, 0); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2013-12-30 09:52:08 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2013-12-26 17:36:50.0 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2013-12-30 09:52:09.0 +0100 @@ -1,0 +2,6 @@ +Fri Dec 27 07:42:11 UTC 2013 - tchva...@suse.com + +- Cleanup herethere to parallelize everything +- Remove bogus cmake dependency + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.u4ORS3/_old 2013-12-30 09:52:10.0 +0100 +++ /var/tmp/diff_new_pack.u4ORS3/_new 2013-12-30 09:52:10.0 +0100 @@ -17,27 +17,13 @@ %define prjname libgd - Name: gd -BuildRequires: cmake -BuildRequires: fontconfig-devel -BuildRequires: freetype2-devel -BuildRequires: libjpeg-devel -BuildRequires: libpng-devel -BuildRequires: libtool -BuildRequires: pkg-config -BuildRequires: xorg-x11-libX11-devel -BuildRequires: xorg-x11-libXau-devel -BuildRequires: xorg-x11-libXdmcp-devel -BuildRequires: xorg-x11-libXpm-devel -Provides: gdlib -Obsoletes: gdlib Version:2.1.0 Release:0 -Url:http://libgd.bitbucket.org/ Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT Group: System/Libraries +Url:http://libgd.bitbucket.org/ Source: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}.tar.xz Source1:baselibs.conf # to be upstreamed, gdlib-config --libs to return the same as pkg-config --libs gdlib @@ -50,6 +36,18 @@ Patch3: gd-aliasing.patch # could be upstreamed? Patch4: gd-autoconf.patch +BuildRequires: fontconfig-devel +BuildRequires: freetype2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: libtool +BuildRequires: pkg-config +BuildRequires: xorg-x11-libX11-devel +BuildRequires: xorg-x11-libXau-devel +BuildRequires: xorg-x11-libXdmcp-devel +BuildRequires: xorg-x11-libXpm-devel +Provides: gdlib = %{version} +Obsoletes: gdlib %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -59,10 +57,10 @@ and is supported by PHP. %package devel -Requires: %{name} = %{version} -Requires: glibc-devel Summary:Drawing Library for Programs with PNG and JPEG Output Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} +Requires: glibc-devel Requires: libpng-devel Requires: zlib-devel @@ -73,8 +71,6 @@ useful in World Wide Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. - - %prep %setup -q -n %{prjname}-%{version} %patch0 @@ -82,22 +78,27 @@ %patch2 %patch3 %patch4 + %build autoreconf -fiv +# without-x -- useless switch which just mangles cflags %configure \ + --without-x \ + --with-fontconfig \ --with-freetype \ --with-jpeg \ - --with-png=%{?_sysroot}/%_prefix \ + --with-png \ --with-xpm \ --disable-static \ --with-pic make %{?_smp_mflags} %check -make check +make check %{?_smp_mflags} %install -make install DESTDIR=$RPM_BUILD_ROOT +make DESTDIR=%{buildroot} install %{?_smp_mflags} +find %{buildroot} -type f -name *.la -delete -print %post -p /sbin/ldconfig @@ -106,18 +107,18 @@ %files %defattr(-,root,root) %doc COPYING NEWS examples -/usr/bin/annotate -/usr/bin/bdftogd -/usr/bin/gd2copypal -/usr/bin/gd2togif -/usr/bin/gd2topng -/usr/bin/gdcmpgif -/usr/bin/gdparttopng -/usr/bin/gdtopng -/usr/bin/giftogd2 -/usr/bin/pngtogd -/usr/bin/pngtogd2 -/usr/bin/webpng +%{_bindir}/annotate +%{_bindir}/bdftogd +%{_bindir}/gd2copypal +%{_bindir}/gd2togif +%{_bindir}/gd2topng +%{_bindir}/gdcmpgif +%{_bindir}/gdparttopng +%{_bindir}/gdtopng +%{_bindir}/giftogd2 +%{_bindir}/pngtogd +%{_bindir}/pngtogd2 +%{_bindir}/webpng %{_libdir}/*.so.* %files devel @@ -126,6 +127,5 @@ %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/gdlib.pc -%exclude %{_libdir}/*.la %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2013-12-26 17:36:49 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2013-02-04 20:12:24.0 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2013-12-26 17:36:50.0 +0100 @@ -1,0 +2,8 @@ +Tue Dec 17 14:30:38 UTC 2013 - pgaj...@suse.com + +- updated to 2.1.0 +- removed warn.patch (not needed) +- removed ppc64.patch (upstreamed) +- removed gd-png_check_sig.patch (upstreamed) + +--- Old: gd-2.0.36.RC1-ppc64.patch gd-2.0.36.RC1.tar.bz2 gd-2.0.36RC1-config.patch gd-2.0.36RC1-warn.patch gd-png_check_sig.patch New: gd-config.patch libgd-2.1.0.tar.xz Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.ThsNnv/_old 2013-12-26 17:36:51.0 +0100 +++ /var/tmp/diff_new_pack.ThsNnv/_new 2013-12-26 17:36:51.0 +0100 @@ -16,48 +16,47 @@ # +%define prjname libgd + Name: gd +BuildRequires: cmake BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libtool +BuildRequires: pkg-config BuildRequires: xorg-x11-libX11-devel BuildRequires: xorg-x11-libXau-devel BuildRequires: xorg-x11-libXdmcp-devel BuildRequires: xorg-x11-libXpm-devel Provides: gdlib Obsoletes: gdlib -Version:2.0.36.RC1 +Version:2.1.0 Release:0 -Url:http://www.libgd.org/ +Url:http://libgd.bitbucket.org/ Summary:A Drawing Library for Programs That Use PNG and JPEG Output License:MIT Group: System/Libraries -Source: gd-%{version}.tar.bz2 +Source: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}.tar.xz Source1:baselibs.conf -Patch0: gd-2.0.36RC1-warn.patch -#Patch1: gd-CAN-2004-0941.patch +# to be upstreamed, gdlib-config --libs to return the same as pkg-config --libs gdlib +Patch0: gd-config.patch +# might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) +Patch1: gd-fontpath.patch +# could be upstreamed, but not in this form (need ac check for attribute format printf, etc.) Patch2: gd-format.patch +# could be upstreamed Patch3: gd-aliasing.patch -Patch6: gd-fontpath.patch -Patch7: gd-2.0.36RC1-config.patch -Patch8: gd-2.0.36.RC1-ppc64.patch -Patch9: gd-png_check_sig.patch -Patch10:gd-autoconf.patch +# could be upstreamed? +Patch4: gd-autoconf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Gd allows your code to quickly draw images complete with lines, arcs, text, and multiple colors. It supports cut and paste from other images and flood fills. It outputs PNG, JPEG, and WBMP (for wireless devices) -and is supported by PHP4. - - - -Authors: - -Thomas Boutell bout...@boutell.com +and is supported by PHP. %package devel Requires: %{name} = %{version} @@ -76,20 +75,13 @@ -Authors: - -Thomas Boutell bout...@boutell.com - %prep -%setup -q -#%patch0 -%patch2 -p1 +%setup -q -n %{prjname}-%{version} +%patch0 +%patch1 +%patch2 %patch3 -%patch6 -%patch7 -%patch8 -%patch9 -%patch10 +%patch4 %build autoreconf -fiv %configure \ @@ -102,21 +94,7 @@ make %{?_smp_mflags} %check -export MALLOC_CHECK_=2 MALLOC_PERTURB_=$((${RANDOM:-256} % 256)) -#run test programs -cp test/gdtest_wbmp_to_png.png gdtest.png -./gdtest gdtest.png 21 |tee gdtest.log -grep ERROR gdtest.log exit 1 -./gdtest demoin.png 21 |tee gdtest.log -# wbmp test fails on color image, this is OK -grep -v gdtest.png, gdtest.wbmp.*ERROR gdtest.log | grep ERROR exit 1 -./gddemo -# The following would require xorg-x11-fonts-scalable which we do not like to have as requirement -# so disable it. -#for f in `find /usr/share/fonts/truetype /usr/X11R6/lib/X11/fonts/truetype -name *.ttf` ; do -#./gdtestft $f -#done -unset MALLOC_CHECK_ MALLOC_PERTURB_ +make check %install make install DESTDIR=$RPM_BUILD_ROOT @@ -127,7 +105,7 @@ %files %defattr(-,root,root) -%doc COPYING README* index.html +%doc COPYING NEWS examples /usr/bin/annotate /usr/bin/bdftogd /usr/bin/gd2copypal @@ -147,6 +125,7 @@ %{_bindir}/gdlib-config %{_includedir}/* %{_libdir}/*.so +%{_libdir}/pkgconfig/gdlib.pc %exclude %{_libdir}/*.la %changelog ++ gd-aliasing.patch ++ --- /var/tmp/diff_new_pack.ThsNnv/_old 2013-12-26 17:36:51.0 +0100 +++
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2013-02-04 20:12:13 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd, Maintainer is mvysko...@suse.com Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2012-02-15 16:15:50.0 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2013-02-04 20:12:24.0 +0100 @@ -1,0 +2,6 @@ +Sun Feb 3 14:57:17 UTC 2013 - crrodrig...@opensuse.org + +- gd-autoconf.patch fix up compile file so gd can handle + large files on 32 bit + +--- New: gd-autoconf.patch Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.iNfTNm/_old 2013-02-04 20:12:28.0 +0100 +++ /var/tmp/diff_new_pack.iNfTNm/_new 2013-02-04 20:12:28.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: gd BuildRequires: fontconfig-devel BuildRequires: freetype2-devel @@ -43,6 +44,7 @@ Patch7: gd-2.0.36RC1-config.patch Patch8: gd-2.0.36.RC1-ppc64.patch Patch9: gd-png_check_sig.patch +Patch10:gd-autoconf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -58,10 +60,12 @@ Thomas Boutell bout...@boutell.com %package devel -Requires: %{name} = %{version} glibc-devel +Requires: %{name} = %{version} +Requires: glibc-devel Summary:Drawing Library for Programs with PNG and JPEG Output Group: Development/Libraries/C and C++ -Requires: zlib-devel libpng-devel +Requires: libpng-devel +Requires: zlib-devel %description devel gd allows code to quickly draw images complete with lines, arcs, text, @@ -85,11 +89,9 @@ %patch7 %patch8 %patch9 - +%patch10 %build autoreconf -fiv -export CFLAGS=%optflags -export CPPFLAGS=%{optflags} %configure \ --with-freetype \ --with-jpeg \ ++ gd-autoconf.patch ++ --- configure.ac.orig +++ configure.ac @@ -40,8 +40,9 @@ esac AC_MSG_RESULT([$os_cygwin]) AC_SUBST([XTRA_LDFLAGS]) -AC_PROG_CC -AM_PROG_CC_STDC +AC_PROG_CC_STDC +AC_USE_SYSTEM_EXTENSIONS +AC_SYS_LARGEFILE AC_PROG_INSTALL AC_PROG_LIBTOOL AC_PROG_LN_S --- Makefile.am.orig +++ Makefile.am @@ -3,6 +3,8 @@ AUTOMAKE_OPTIONS = foreign 1.7 ACLOCAL_AMFLAGS = -I config +AM_CPPFLAGS = -include $(top_builddir)/config.h + SUBDIRS = config test bin_PROGRAMS = annotate gdparttopng gdtopng gd2copypal gd2topng pngtogd pngtogd2 webpng gd2togif gdcmpgif giftogd2 @@ -19,7 +21,7 @@ lib_LTLIBRARIES = libgd.la libgd_la_SOURCES = gd.c gdfx.c gd_security.c gd_gd.c gd_gd2.c gd_io.c gd_io_dp.c gd_gif_in.c gd_gif_out.c gd_io_file.c gd_io_ss.c gd_jpeg.c gd_png.c gd_ss.c gd_topal.c gd_wbmp.c gdcache.c gdfontg.c gdfontl.c gdfontmb.c gdfonts.c gdfontt.c gdft.c gdhelpers.c gdhelpers.h gdkanji.c gdtables.c gdxpm.c jisx0208.h wbmp.c wbmp.h -libgd_la_LDFLAGS = -version-info 2:0:0 $(XTRA_LDFLAGS) +libgd_la_LDFLAGS = -no-undefined -version-info 2:0:0 $(XTRA_LDFLAGS) libgd_la_LIBADD = $(LTLIBICONV) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2012-02-15 16:14:49 Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) Package is gd, Maintainer is mvysko...@suse.com Changes: --- /work/SRC/openSUSE:Factory/gd/gd.changes2011-10-06 16:02:41.0 +0200 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2012-02-15 16:15:50.0 +0100 @@ -1,0 +2,8 @@ +Sun Feb 5 16:31:39 UTC 2012 - jeng...@medozas.de + +- Remove redundant tags/sections +- Parallel build with %_smp_mflags +- Remove pointless INSTALL file from rpm package + (it's just the default autotools INSTALL blurb) + +--- Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.fHCUld/_old 2012-02-15 16:15:51.0 +0100 +++ /var/tmp/diff_new_pack.fHCUld/_new 2012-02-15 16:15:51.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,21 +15,24 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - - Name: gd -BuildRequires: fontconfig-devel freetype2-devel libjpeg-devel libpng-devel xorg-x11-libX11-devel xorg-x11-libXau-devel xorg-x11-libXdmcp-devel xorg-x11-libXpm-devel +BuildRequires: fontconfig-devel +BuildRequires: freetype2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel BuildRequires: libtool -License:MIT -Group: System/Libraries +BuildRequires: xorg-x11-libX11-devel +BuildRequires: xorg-x11-libXau-devel +BuildRequires: xorg-x11-libXdmcp-devel +BuildRequires: xorg-x11-libXpm-devel Provides: gdlib Obsoletes: gdlib -AutoReqProv:on Version:2.0.36.RC1 -Release:65 +Release:0 Url:http://www.libgd.org/ Summary:A Drawing Library for Programs That Use PNG and JPEG Output +License:MIT +Group: System/Libraries Source: gd-%{version}.tar.bz2 Source1:baselibs.conf Patch0: gd-2.0.36RC1-warn.patch @@ -56,7 +59,6 @@ %package devel Requires: %{name} = %{version} glibc-devel -License:MIT Summary:Drawing Library for Programs with PNG and JPEG Output Group: Development/Libraries/C and C++ Requires: zlib-devel libpng-devel @@ -86,16 +88,16 @@ %build autoreconf -fiv -export CFLAGS=$RPM_OPT_FLAGS +export CFLAGS=%optflags export CPPFLAGS=%{optflags} %configure \ --with-freetype \ --with-jpeg \ - --with-png=%{?_sysroot}/usr \ + --with-png=%{?_sysroot}/%_prefix \ --with-xpm \ --disable-static \ --with-pic -%{__make} %{?jobs:-j%jobs} +make %{?_smp_mflags} %check export MALLOC_CHECK_=2 MALLOC_PERTURB_=$((${RANDOM:-256} % 256)) @@ -117,16 +119,13 @@ %install make install DESTDIR=$RPM_BUILD_ROOT -%clean -rm -rf $RPM_BUILD_ROOT - %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root) -%doc COPYING INSTALL README* index.html +%doc COPYING README* index.html /usr/bin/annotate /usr/bin/bdftogd /usr/bin/gd2copypal -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at Thu Oct 6 16:02:42 CEST 2011. --- openSUSE:Factory/gd/gd.changes 2011-10-03 09:19:23.0 +0200 +++ gd/gd.changes 2011-10-05 14:06:35.0 +0200 @@ -1,0 +2,5 @@ +Wed Oct 5 12:05:47 UTC 2011 - u...@suse.com + +- cross-build fix: use libpng from sysroot + +--- calling whatdependson for head-i586 Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.8L1zni/_old 2011-10-06 16:02:39.0 +0200 +++ /var/tmp/diff_new_pack.8L1zni/_new 2011-10-06 16:02:39.0 +0200 @@ -91,7 +91,7 @@ %configure \ --with-freetype \ --with-jpeg \ - --with-png \ + --with-png=%{?_sysroot}/usr \ --with-xpm \ --disable-static \ --with-pic continue with q... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gd for openSUSE:Factory
Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at Wed Jun 15 09:07:23 CEST 2011. --- gd/gd.changes 2010-04-06 18:28:23.0 +0200 +++ /mounts/work_src_done/STABLE/gd/gd.changes 2011-06-14 17:00:56.0 +0200 @@ -1,0 +2,5 @@ +Tue Jun 14 15:00:32 UTC 2011 - a...@suse.de + +- Devel package needs zlib-devel and libpng-devel. + +--- calling whatdependson for head-i586 Other differences: -- ++ gd.spec ++ --- /var/tmp/diff_new_pack.X6pQ25/_old 2011-06-15 08:56:44.0 +0200 +++ /var/tmp/diff_new_pack.X6pQ25/_new 2011-06-15 08:56:44.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package gd (Version 2.0.36.RC1) +# spec file for package gd # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Obsoletes: gdlib AutoReqProv:on Version:2.0.36.RC1 -Release:54 +Release:65 Url:http://www.libgd.org/ Summary:A Drawing Library for Programs That Use PNG and JPEG Output Source: gd-%{version}.tar.bz2 @@ -58,6 +58,7 @@ License:MIT Summary:Drawing Library for Programs with PNG and JPEG Output Group: Development/Libraries/C and C++ +Requires: zlib-devel libpng-devel %description devel gd allows code to quickly draw images complete with lines, arcs, text, Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org