From ce2beac9559e36842b96477a144111cd82f542be Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Tue, 22 Jan 2019 18:39:01 +0100 Subject: [PATCH 01/56] Remove obsolete ldconfig scriptlets References: https://fedoraproject.org/wiki/Changes/RemoveObsoleteScriptlets Signed-off-by: Igor Gnatenko --- gd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/gd.spec b/gd.spec index 5d85e4c..ab9ebd4 100644 --- a/gd.spec +++ b/gd.spec @@ -144,9 +144,7 @@ make check grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig +%ldconfig_scriptlets %files From e3e957b2a790322b00194c222e46bc8c91c64989 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:17:44 +0100 Subject: [PATCH 02/56] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- gd.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/gd.spec b/gd.spec index ab9ebd4..39da689 100644 --- a/gd.spec +++ b/gd.spec @@ -10,7 +10,6 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.2.5 Release: 7%{?prever}%{?short}%{?dist} -Group: System Environment/Libraries License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -61,7 +60,6 @@ browsers. Note that gd is not a paint program. %package progs Requires: %{name}%{?_isa} = %{version}-%{release} Summary: Utility programs that use libgd -Group: Applications/Multimedia %description progs The gd-progs package includes utility programs supplied with gd, a @@ -70,7 +68,6 @@ graphics library for creating PNG and JPEG images. %package devel Summary: The development libraries and header files for gd -Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: freetype-devel%{?_isa} Requires: fontconfig-devel%{?_isa} From 63c4b6d2fcdaa41d5281b86084a17d352cb450c3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 31 Jan 2019 20:41:00 +0000 Subject: [PATCH 03/56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 39da689..61cd710 100644 --- a/gd.spec +++ b/gd.spec @@ -9,7 +9,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.2.5 -Release: 7%{?prever}%{?short}%{?dist} +Release: 8%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -161,6 +161,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jan 31 2019 Fedora Release Engineering - 2.2.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Fri Sep 07 2018 mskalick@redhat.com - 2.2.5-7 - Add missing requires to libimagequent-devel From 25560c12f9d695237d27bcb383ad7f436712eef8 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 25 Jul 2019 01:36:12 +0000 Subject: [PATCH 04/56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 61cd710..645a7ff 100644 --- a/gd.spec +++ b/gd.spec @@ -9,7 +9,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.2.5 -Release: 8%{?prever}%{?short}%{?dist} +Release: 9%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -161,6 +161,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jul 25 2019 Fedora Release Engineering - 2.2.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Thu Jan 31 2019 Fedora Release Engineering - 2.2.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 11a42338bde6312bd524ce5f0ef5709713b4597c Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Tue, 4 Jun 2019 11:04:25 +0200 Subject: [PATCH 05/56] Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() --- gd-2.2.5-heap-based-buffer-overflow.patch | 28 +++++++++++++++++++++++ gd.spec | 9 +++++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 gd-2.2.5-heap-based-buffer-overflow.patch diff --git a/gd-2.2.5-heap-based-buffer-overflow.patch b/gd-2.2.5-heap-based-buffer-overflow.patch new file mode 100644 index 0000000..ae795d0 --- /dev/null +++ b/gd-2.2.5-heap-based-buffer-overflow.patch @@ -0,0 +1,28 @@ +From 98b2e94e62d873acbcc6d968f1f97af9749fe021 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Tue, 4 Jun 2019 10:54:45 +0200 +Subject: [PATCH] heap based buffer overflow in + gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() + +--- + src/gd_color_match.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/gd_color_match.c b/src/gd_color_match.c +index f0842b6..a94a841 100755 +--- a/src/gd_color_match.c ++++ b/src/gd_color_match.c +@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2) + return -4; /* At least 1 color must be allocated */ + } + +- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); +- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); ++ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); ++ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); + + for (x=0; x < im1->sx; x++) { + for( y=0; ysy; y++ ) { +-- +2.17.1 + diff --git a/gd.spec b/gd.spec index 645a7ff..3383709 100644 --- a/gd.spec +++ b/gd.spec @@ -9,7 +9,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.2.5 -Release: 9%{?prever}%{?short}%{?dist} +Release: 10%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -25,6 +25,8 @@ Patch1: gd-2.1.0-multilib.patch Patch2: gd-2.2.5-upstream.patch # CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch +# CVE-2019-6977 +Patch4: gd-2.2.5-heap-based-buffer-overflow.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -90,6 +92,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %patch1 -p1 -b .mlib %patch2 -p1 -b .upstream %patch3 -p1 -b .gdImageBmpPtr-free +%patch4 -p1 : $(perl config/getver.pl) @@ -161,6 +164,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Fri Nov 01 2019 odubaj@redhat.com - 2.2.5-10 +- Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() +- Resolves: RHBZ#1678104 (CVE-2019-6977) + * Thu Jul 25 2019 Fedora Release Engineering - 2.2.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild From dc2735f5a8807dc8896cccf5f0d9f66ecea5c0dd Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Tue, 4 Jun 2019 13:44:57 +0200 Subject: [PATCH 06/56] Potential double-free in gdImage*Ptr() Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we must not call `gdDPExtractData()`; otherwise a double-free would happen. Since `gdImage*Ctx()` are void functions, and we can't change that for BC reasons, we're introducing static helpers which are used internally. We're adding a regression test for `gdImageJpegPtr()`, but not for `gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to trigger failure of the respective `gdImage*Ctx()` calls. This potential security issue has been reported by Solmaz Salimi (aka. Rooney). --- gd-2.2.5-potential-double-free.patch | 283 +++++++++++++++++++++++++++ gd.spec | 5 + 2 files changed, 288 insertions(+) create mode 100644 gd-2.2.5-potential-double-free.patch diff --git a/gd-2.2.5-potential-double-free.patch b/gd-2.2.5-potential-double-free.patch new file mode 100644 index 0000000..788a068 --- /dev/null +++ b/gd-2.2.5-potential-double-free.patch @@ -0,0 +1,283 @@ +From 4d9d8368d08c3a2be3ea4193b9314fffeddace52 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Tue, 4 Jun 2019 13:38:41 +0200 +Subject: [PATCH] Potential double-free in gdImage*Ptr() + +Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we +must not call `gdDPExtractData()`; otherwise a double-free would +happen. Since `gdImage*Ctx()` are void functions, and we can't change +that for BC reasons, we're introducing static helpers which are used +internally. + +We're adding a regression test for `gdImageJpegPtr()`, but not for +`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to +trigger failure of the respective `gdImage*Ctx()` calls. + +This potential security issue has been reported by Solmaz Salimi (aka. +Rooney). +--- + src/gd_gif_out.c | 19 +++++++++++++++---- + src/gd_jpeg.c | 20 ++++++++++++++++---- + src/gd_wbmp.c | 21 ++++++++++++++++++--- + tests/jpeg/CMakeLists.txt | 1 + + tests/jpeg/Makemodule.am | 3 ++- + tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++ + 6 files changed, 83 insertions(+), 12 deletions(-) + create mode 100644 tests/jpeg/jpeg_ptr_double_free.c + +diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c +index 6fe707d..4a05c09 100755 +--- a/src/gd_gif_out.c ++++ b/src/gd_gif_out.c +@@ -99,7 +99,7 @@ static void char_init(GifCtx *ctx); + static void char_out(int c, GifCtx *ctx); + static void flush_char(GifCtx *ctx); + +- ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); + + + /* +@@ -131,8 +131,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageGifCtx(im, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageGifCtx(im, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -220,6 +223,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile) + + */ + BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) ++{ ++ _gdImageGifCtx(im, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + { + gdImagePtr pim = 0, tim = im; + int interlace, BitsPerPixel; +@@ -231,7 +240,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + based temporary image. */ + pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); + if(!pim) { +- return; ++ return 1; + } + tim = pim; + } +@@ -247,6 +256,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + /* Destroy palette based temporary image. */ + gdImageDestroy( pim); + } ++ ++ return 0; + } + + +diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c +index 271ef46..bd8fc27 100755 +--- a/src/gd_jpeg.c ++++ b/src/gd_jpeg.c +@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo) + exit(99); + } + ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); ++ + /* + * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality + * QUALITY. If QUALITY is in the range 0-100, increasing values +@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageJpegCtx(im, out, quality); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageJpegCtx(im, out, quality)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -259,6 +264,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile); + + */ + BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) ++{ ++ _gdImageJpegCtx(im, outfile, quality); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + { + struct jpeg_compress_struct cinfo; + struct jpeg_error_mgr jerr; +@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row) { + gdFree(row); + } +- return; ++ return 1; + } + + cinfo.err->emit_message = jpeg_emit_message; +@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row == 0) { + gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n"); + jpeg_destroy_compress(&cinfo); +- return; ++ return 1; + } + + rowptr[0] = row; +@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + jpeg_finish_compress(&cinfo); + jpeg_destroy_compress(&cinfo); + gdFree(row); ++ return 0; + } + + +diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c +index 0028273..341ff6e 100755 +--- a/src/gd_wbmp.c ++++ b/src/gd_wbmp.c +@@ -88,6 +88,8 @@ int gd_getin(void *in) + return (gdGetC((gdIOCtx *)in)); + } + ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); ++ + /* + Function: gdImageWBMPCtx + +@@ -100,6 +102,12 @@ int gd_getin(void *in) + out - the stream where to write + */ + BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) ++{ ++ _gdImageWBMPCtx(image, fg, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + { + int x, y, pos; + Wbmp *wbmp; +@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + /* create the WBMP */ + if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) { + gd_error("Could not create WBMP\n"); +- return; ++ return 1; + } + + /* fill up the WBMP structure */ +@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + + /* write the WBMP to a gd file descriptor */ + if(writewbmp(wbmp, &gd_putout, out)) { ++ freewbmp(wbmp); + gd_error("Could not save WBMP\n"); ++ return 1; + } + + /* des submitted this bugfix: gdFree the memory. */ + freewbmp(wbmp); ++ ++ return 0; + } + + /* +@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageWBMPCtx(im, fg, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageWBMPCtx(im, fg, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt +index 19964b0..a8d8162 100755 +--- a/tests/jpeg/CMakeLists.txt ++++ b/tests/jpeg/CMakeLists.txt +@@ -2,6 +2,7 @@ IF(JPEG_FOUND) + LIST(APPEND TESTS_FILES + jpeg_empty_file + jpeg_im2im ++ jpeg_ptr_double_free + jpeg_null + ) + +diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am +index 7e5d317..b89e169 100755 +--- a/tests/jpeg/Makemodule.am ++++ b/tests/jpeg/Makemodule.am +@@ -2,7 +2,8 @@ if HAVE_LIBJPEG + libgd_test_programs += \ + jpeg/jpeg_empty_file \ + jpeg/jpeg_im2im \ +- jpeg/jpeg_null ++ jpeg/jpeg_null \ ++ jpeg/jpeg_ptr_double_free + + if HAVE_LIBPNG + libgd_test_programs += \ +diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c +new file mode 100644 +index 0000000..c80aeb6 +--- /dev/null ++++ b/tests/jpeg/jpeg_ptr_double_free.c +@@ -0,0 +1,31 @@ ++/** ++ * Test that failure to convert to JPEG returns NULL ++ * ++ * We are creating an image, set its width to zero, and pass this image to ++ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL. ++ * ++ * See also ++ */ ++ ++ ++#include "gd.h" ++#include "gdtest.h" ++ ++ ++int main() ++{ ++ gdImagePtr src, dst; ++ int size; ++ ++ src = gdImageCreateTrueColor(1, 10); ++ gdTestAssert(src != NULL); ++ ++ src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */ ++ ++ dst = gdImageJpegPtr(src, &size, 0); ++ gdTestAssert(dst == NULL); ++ ++ gdImageDestroy(src); ++ ++ return gdNumFailures(); ++} +\ No newline at end of file +-- +2.17.1 + diff --git a/gd.spec b/gd.spec index 3383709..3896ba0 100644 --- a/gd.spec +++ b/gd.spec @@ -27,6 +27,8 @@ Patch2: gd-2.2.5-upstream.patch Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch # CVE-2019-6977 Patch4: gd-2.2.5-heap-based-buffer-overflow.patch +# CVE-2019-6978 +Patch5: gd-2.2.5-potential-double-free.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -93,6 +95,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %patch2 -p1 -b .upstream %patch3 -p1 -b .gdImageBmpPtr-free %patch4 -p1 +%patch5 -p1 : $(perl config/getver.pl) @@ -167,6 +170,8 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc * Fri Nov 01 2019 odubaj@redhat.com - 2.2.5-10 - Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() - Resolves: RHBZ#1678104 (CVE-2019-6977) +- Fixed potential double-free in gdImage*Ptr() +- Resolves: RHBZ#1671391 (CVE-2019-6978) * Thu Jul 25 2019 Fedora Release Engineering - 2.2.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild From 136a74b419c70b5a2982a096041639a72f62f746 Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Tue, 4 Jun 2019 11:04:25 +0200 Subject: [PATCH 07/56] Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() --- gd-2.2.5-heap-based-buffer-overflow.patch | 28 +++++++++++++++++++++++ gd.spec | 9 +++++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 gd-2.2.5-heap-based-buffer-overflow.patch diff --git a/gd-2.2.5-heap-based-buffer-overflow.patch b/gd-2.2.5-heap-based-buffer-overflow.patch new file mode 100644 index 0000000..ae795d0 --- /dev/null +++ b/gd-2.2.5-heap-based-buffer-overflow.patch @@ -0,0 +1,28 @@ +From 98b2e94e62d873acbcc6d968f1f97af9749fe021 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Tue, 4 Jun 2019 10:54:45 +0200 +Subject: [PATCH] heap based buffer overflow in + gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() + +--- + src/gd_color_match.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/gd_color_match.c b/src/gd_color_match.c +index f0842b6..a94a841 100755 +--- a/src/gd_color_match.c ++++ b/src/gd_color_match.c +@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2) + return -4; /* At least 1 color must be allocated */ + } + +- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); +- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); ++ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); ++ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); + + for (x=0; x < im1->sx; x++) { + for( y=0; ysy; y++ ) { +-- +2.17.1 + diff --git a/gd.spec b/gd.spec index 5d85e4c..73d0190 100644 --- a/gd.spec +++ b/gd.spec @@ -9,7 +9,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.2.5 -Release: 7%{?prever}%{?short}%{?dist} +Release: 8%{?prever}%{?short}%{?dist} Group: System Environment/Libraries License: MIT URL: http://libgd.github.io/ @@ -26,6 +26,8 @@ Patch1: gd-2.1.0-multilib.patch Patch2: gd-2.2.5-upstream.patch # CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch +# CVE-2019-6977 +Patch4: gd-2.2.5-heap-based-buffer-overflow.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -93,6 +95,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %patch1 -p1 -b .mlib %patch2 -p1 -b .upstream %patch3 -p1 -b .gdImageBmpPtr-free +%patch4 -p1 : $(perl config/getver.pl) @@ -166,6 +169,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Fri Nov 01 2019 odubaj@redhat.com - 2.2.5-8 +- Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() +- Resolves: RHBZ#1678104 (CVE-2019-6977) + * Fri Sep 07 2018 mskalick@redhat.com - 2.2.5-7 - Add missing requires to libimagequent-devel From 7dc8b58b70f7d0baa2e0625500d6401169beb82d Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Tue, 4 Jun 2019 13:44:57 +0200 Subject: [PATCH 08/56] Potential double-free in gdImage*Ptr() Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we must not call `gdDPExtractData()`; otherwise a double-free would happen. Since `gdImage*Ctx()` are void functions, and we can't change that for BC reasons, we're introducing static helpers which are used internally. We're adding a regression test for `gdImageJpegPtr()`, but not for `gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to trigger failure of the respective `gdImage*Ctx()` calls. This potential security issue has been reported by Solmaz Salimi (aka. Rooney). --- gd-2.2.5-potential-double-free.patch | 283 +++++++++++++++++++++++++++ gd.spec | 5 + 2 files changed, 288 insertions(+) create mode 100644 gd-2.2.5-potential-double-free.patch diff --git a/gd-2.2.5-potential-double-free.patch b/gd-2.2.5-potential-double-free.patch new file mode 100644 index 0000000..788a068 --- /dev/null +++ b/gd-2.2.5-potential-double-free.patch @@ -0,0 +1,283 @@ +From 4d9d8368d08c3a2be3ea4193b9314fffeddace52 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Tue, 4 Jun 2019 13:38:41 +0200 +Subject: [PATCH] Potential double-free in gdImage*Ptr() + +Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we +must not call `gdDPExtractData()`; otherwise a double-free would +happen. Since `gdImage*Ctx()` are void functions, and we can't change +that for BC reasons, we're introducing static helpers which are used +internally. + +We're adding a regression test for `gdImageJpegPtr()`, but not for +`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to +trigger failure of the respective `gdImage*Ctx()` calls. + +This potential security issue has been reported by Solmaz Salimi (aka. +Rooney). +--- + src/gd_gif_out.c | 19 +++++++++++++++---- + src/gd_jpeg.c | 20 ++++++++++++++++---- + src/gd_wbmp.c | 21 ++++++++++++++++++--- + tests/jpeg/CMakeLists.txt | 1 + + tests/jpeg/Makemodule.am | 3 ++- + tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++ + 6 files changed, 83 insertions(+), 12 deletions(-) + create mode 100644 tests/jpeg/jpeg_ptr_double_free.c + +diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c +index 6fe707d..4a05c09 100755 +--- a/src/gd_gif_out.c ++++ b/src/gd_gif_out.c +@@ -99,7 +99,7 @@ static void char_init(GifCtx *ctx); + static void char_out(int c, GifCtx *ctx); + static void flush_char(GifCtx *ctx); + +- ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); + + + /* +@@ -131,8 +131,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageGifCtx(im, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageGifCtx(im, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -220,6 +223,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile) + + */ + BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) ++{ ++ _gdImageGifCtx(im, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + { + gdImagePtr pim = 0, tim = im; + int interlace, BitsPerPixel; +@@ -231,7 +240,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + based temporary image. */ + pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); + if(!pim) { +- return; ++ return 1; + } + tim = pim; + } +@@ -247,6 +256,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + /* Destroy palette based temporary image. */ + gdImageDestroy( pim); + } ++ ++ return 0; + } + + +diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c +index 271ef46..bd8fc27 100755 +--- a/src/gd_jpeg.c ++++ b/src/gd_jpeg.c +@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo) + exit(99); + } + ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); ++ + /* + * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality + * QUALITY. If QUALITY is in the range 0-100, increasing values +@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageJpegCtx(im, out, quality); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageJpegCtx(im, out, quality)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -259,6 +264,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile); + + */ + BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) ++{ ++ _gdImageJpegCtx(im, outfile, quality); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + { + struct jpeg_compress_struct cinfo; + struct jpeg_error_mgr jerr; +@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row) { + gdFree(row); + } +- return; ++ return 1; + } + + cinfo.err->emit_message = jpeg_emit_message; +@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row == 0) { + gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n"); + jpeg_destroy_compress(&cinfo); +- return; ++ return 1; + } + + rowptr[0] = row; +@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + jpeg_finish_compress(&cinfo); + jpeg_destroy_compress(&cinfo); + gdFree(row); ++ return 0; + } + + +diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c +index 0028273..341ff6e 100755 +--- a/src/gd_wbmp.c ++++ b/src/gd_wbmp.c +@@ -88,6 +88,8 @@ int gd_getin(void *in) + return (gdGetC((gdIOCtx *)in)); + } + ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); ++ + /* + Function: gdImageWBMPCtx + +@@ -100,6 +102,12 @@ int gd_getin(void *in) + out - the stream where to write + */ + BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) ++{ ++ _gdImageWBMPCtx(image, fg, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + { + int x, y, pos; + Wbmp *wbmp; +@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + /* create the WBMP */ + if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) { + gd_error("Could not create WBMP\n"); +- return; ++ return 1; + } + + /* fill up the WBMP structure */ +@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + + /* write the WBMP to a gd file descriptor */ + if(writewbmp(wbmp, &gd_putout, out)) { ++ freewbmp(wbmp); + gd_error("Could not save WBMP\n"); ++ return 1; + } + + /* des submitted this bugfix: gdFree the memory. */ + freewbmp(wbmp); ++ ++ return 0; + } + + /* +@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageWBMPCtx(im, fg, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageWBMPCtx(im, fg, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt +index 19964b0..a8d8162 100755 +--- a/tests/jpeg/CMakeLists.txt ++++ b/tests/jpeg/CMakeLists.txt +@@ -2,6 +2,7 @@ IF(JPEG_FOUND) + LIST(APPEND TESTS_FILES + jpeg_empty_file + jpeg_im2im ++ jpeg_ptr_double_free + jpeg_null + ) + +diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am +index 7e5d317..b89e169 100755 +--- a/tests/jpeg/Makemodule.am ++++ b/tests/jpeg/Makemodule.am +@@ -2,7 +2,8 @@ if HAVE_LIBJPEG + libgd_test_programs += \ + jpeg/jpeg_empty_file \ + jpeg/jpeg_im2im \ +- jpeg/jpeg_null ++ jpeg/jpeg_null \ ++ jpeg/jpeg_ptr_double_free + + if HAVE_LIBPNG + libgd_test_programs += \ +diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c +new file mode 100644 +index 0000000..c80aeb6 +--- /dev/null ++++ b/tests/jpeg/jpeg_ptr_double_free.c +@@ -0,0 +1,31 @@ ++/** ++ * Test that failure to convert to JPEG returns NULL ++ * ++ * We are creating an image, set its width to zero, and pass this image to ++ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL. ++ * ++ * See also ++ */ ++ ++ ++#include "gd.h" ++#include "gdtest.h" ++ ++ ++int main() ++{ ++ gdImagePtr src, dst; ++ int size; ++ ++ src = gdImageCreateTrueColor(1, 10); ++ gdTestAssert(src != NULL); ++ ++ src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */ ++ ++ dst = gdImageJpegPtr(src, &size, 0); ++ gdTestAssert(dst == NULL); ++ ++ gdImageDestroy(src); ++ ++ return gdNumFailures(); ++} +\ No newline at end of file +-- +2.17.1 + diff --git a/gd.spec b/gd.spec index 73d0190..f375899 100644 --- a/gd.spec +++ b/gd.spec @@ -28,6 +28,8 @@ Patch2: gd-2.2.5-upstream.patch Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch # CVE-2019-6977 Patch4: gd-2.2.5-heap-based-buffer-overflow.patch +# CVE-2019-6978 +Patch5: gd-2.2.5-potential-double-free.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -96,6 +98,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %patch2 -p1 -b .upstream %patch3 -p1 -b .gdImageBmpPtr-free %patch4 -p1 +%patch5 -p1 : $(perl config/getver.pl) @@ -172,6 +175,8 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc * Fri Nov 01 2019 odubaj@redhat.com - 2.2.5-8 - Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() - Resolves: RHBZ#1678104 (CVE-2019-6977) +- Fixed potential double-free in gdImage*Ptr() +- Resolves: RHBZ#1671391 (CVE-2019-6978) * Fri Sep 07 2018 mskalick@redhat.com - 2.2.5-7 - Add missing requires to libimagequent-devel From 1f04fea86ee7c52412e88ea1c4a455a34cc22917 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 19:41:50 +0000 Subject: [PATCH 09/56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 3896ba0..1160299 100644 --- a/gd.spec +++ b/gd.spec @@ -9,7 +9,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.2.5 -Release: 10%{?prever}%{?short}%{?dist} +Release: 11%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -167,6 +167,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 2.2.5-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Fri Nov 01 2019 odubaj@redhat.com - 2.2.5-10 - Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() - Resolves: RHBZ#1678104 (CVE-2019-6977) From d7d041cd25a7869e3a6b41a2711b83de806523eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Janu=C5=A1?= Date: Fri, 31 Jan 2020 09:31:42 +0100 Subject: [PATCH 10/56] Add patch(gd-2.2.5-null-pointer.patch) - fix Null pointer reference in gdImageClone (gdImagePtr src) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1599032 --- gd-2.2.5-null-pointer.patch | 74 +++++++++++++++++++++++++++++++++++++ gd.spec | 9 ++++- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 gd-2.2.5-null-pointer.patch diff --git a/gd-2.2.5-null-pointer.patch b/gd-2.2.5-null-pointer.patch new file mode 100644 index 0000000..afa18d9 --- /dev/null +++ b/gd-2.2.5-null-pointer.patch @@ -0,0 +1,74 @@ +From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= +Date: Fri, 20 Dec 2019 12:03:33 -0300 +Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone() + +--- + src/gd.c | 9 +-------- + tests/gdimageclone/style.c | 30 ++++++++++++++++++++++++++++++ + 5 files changed, 35 insertions(+), 9 deletions(-) + create mode 100644 tests/gdimageclone/style.c + +diff --git a/src/gd.c b/src/gd.c +index 592a0286..d564d1f9 100644 +--- a/src/gd.c ++++ b/src/gd.c +@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + } + } + +- if (src->styleLength > 0) { +- dst->styleLength = src->styleLength; +- dst->stylePos = src->stylePos; +- for (i = 0; i < src->styleLength; i++) { +- dst->style[i] = src->style[i]; +- } +- } +- + dst->interlace = src->interlace; + + dst->alphaBlendingFlag = src->alphaBlendingFlag; +@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + + if (src->style) { + gdImageSetStyle(dst, src->style, src->styleLength); ++ dst->stylePos = src->stylePos; + } + + for (i = 0; i < gdMaxColors; i++) { +diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c +new file mode 100644 +index 00000000..c2b246ed +--- /dev/null ++++ b/tests/gdimageclone/style.c +@@ -0,0 +1,30 @@ ++/** ++ * Cloning an image should exactly reproduce all style related data ++ */ ++ ++ ++#include ++#include "gd.h" ++#include "gdtest.h" ++ ++ ++int main() ++{ ++ gdImagePtr im, clone; ++ int style[] = {0, 0, 0}; ++ ++ im = gdImageCreate(8, 8); ++ gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0])); ++ ++ clone = gdImageClone(im); ++ gdTestAssert(clone != NULL); ++ ++ gdTestAssert(clone->styleLength == im->styleLength); ++ gdTestAssert(clone->stylePos == im->stylePos); ++ gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0]))); ++ ++ gdImageDestroy(clone); ++ gdImageDestroy(im); ++ ++ return gdNumFailures(); ++} diff --git a/gd.spec b/gd.spec index 1160299..2db9311 100644 --- a/gd.spec +++ b/gd.spec @@ -9,7 +9,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.2.5 -Release: 11%{?prever}%{?short}%{?dist} +Release: 12%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -29,6 +29,8 @@ Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch Patch4: gd-2.2.5-heap-based-buffer-overflow.patch # CVE-2019-6978 Patch5: gd-2.2.5-potential-double-free.patch +# NULL POINTER REFERENCE - https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f +Patch6: gd-2.2.5-null-pointer.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -96,6 +98,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %patch3 -p1 -b .gdImageBmpPtr-free %patch4 -p1 %patch5 -p1 +%patch6 -p1 : $(perl config/getver.pl) @@ -167,6 +170,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Fri Jan 31 2020 Filip Januš - 2.2.5-12 +- Add patch(gd-2.2.5-null-pointer.patch) - fix Null pointer reference in gdImageClone (gdImagePtr src) +- Resolves: #1599032 + * Tue Jan 28 2020 Fedora Release Engineering - 2.2.5-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 28c4276c701b97f88922c83cf9404e34f9730922 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 24 Mar 2020 10:04:07 +0100 Subject: [PATCH 11/56] update to 2.3.0 add dependency on libraqm remove gdlib-config --- .gitignore | 1 + gd-2.1.0-multilib.patch | 33 --- gd-2.2.5-gdImageBmpPtr-double-free.patch | 73 ------ gd-2.2.5-heap-based-buffer-overflow.patch | 28 --- gd-2.2.5-null-pointer.patch | 74 ------ gd-2.2.5-potential-double-free.patch | 283 ---------------------- gd-2.2.5-upstream.patch | 62 ----- gd.spec | 57 ++--- getlib.sh | 42 ++++ sources | 2 +- 10 files changed, 73 insertions(+), 582 deletions(-) delete mode 100644 gd-2.1.0-multilib.patch delete mode 100644 gd-2.2.5-gdImageBmpPtr-double-free.patch delete mode 100644 gd-2.2.5-heap-based-buffer-overflow.patch delete mode 100644 gd-2.2.5-null-pointer.patch delete mode 100644 gd-2.2.5-potential-double-free.patch delete mode 100644 gd-2.2.5-upstream.patch create mode 100644 getlib.sh diff --git a/.gitignore b/.gitignore index c063891..0a16c45 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ gd-2.0.35.tar.bz2 /libgd-2.2.3.tar.xz /libgd-2.2.4.tar.xz /libgd-2.2.5.tar.xz +/libgd-2.3.0.tar.xz diff --git a/gd-2.1.0-multilib.patch b/gd-2.1.0-multilib.patch deleted file mode 100644 index c4fdc63..0000000 --- a/gd-2.1.0-multilib.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -up gd-2.1.0/config/gdlib-config.in.multilib gd-2.1.0/config/gdlib-config.in ---- gd-2.1.0/config/gdlib-config.in.multilib 2013-04-21 16:58:17.820010758 +0200 -+++ gd-2.1.0/config/gdlib-config.in 2013-04-21 16:59:27.896317922 +0200 -@@ -7,9 +7,10 @@ - # installation directories - prefix=@prefix@ - exec_prefix=@exec_prefix@ --libdir=@libdir@ -+libdir=`pkg-config gdlib --variable=libdir` - includedir=@includedir@ - bindir=@bindir@ -+ldflags=`pkg-config gdlib --variable=ldflags` - - usage() - { -@@ -68,7 +69,7 @@ while test $# -gt 0; do - echo @GDLIB_REVISION@ - ;; - --ldflags) -- echo @LDFLAGS@ -+ echo $ldflags - ;; - --libs) - echo -lgd @LIBS@ @LIBICONV@ -@@ -83,7 +84,7 @@ while test $# -gt 0; do - echo "GD library @VERSION@" - echo "includedir: $includedir" - echo "cflags: -I@includedir@" -- echo "ldflags: @LDFLAGS@" -+ echo "ldflags: $ldflags" - echo "libs: @LIBS@ @LIBICONV@" - echo "libdir: $libdir" - echo "features: @FEATURES@" diff --git a/gd-2.2.5-gdImageBmpPtr-double-free.patch b/gd-2.2.5-gdImageBmpPtr-double-free.patch deleted file mode 100644 index 80f9712..0000000 --- a/gd-2.2.5-gdImageBmpPtr-double-free.patch +++ /dev/null @@ -1,73 +0,0 @@ -From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Sat, 14 Jul 2018 13:54:08 -0400 -Subject: [PATCH] bmp: check return value in gdImageBmpPtr - -Closes #447. ---- - src/gd_bmp.c | 17 ++++++++++++++--- - 1 file changed, 14 insertions(+), 3 deletions(-) - -diff --git a/src/gd_bmp.c b/src/gd_bmp.c -index bde0b9d3..78f40d9a 100644 ---- a/src/gd_bmp.c -+++ b/src/gd_bmp.c -@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp - static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); - static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); - -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); -+ - #define BMP_DEBUG(s) - - static int gdBMPPutWord(gdIOCtx *out, int w) -@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageBmpCtx(im, out, compression); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageBmpCtx(im, out, compression)) -+ rv = gdDPExtractData(out, size); -+ else -+ rv = NULL; - out->gd_free(out); - return rv; - } -@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) - compression - whether to apply RLE or not. - */ - BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) -+{ -+ _gdImageBmpCtx(im, out, compression); -+} -+ -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - { - int bitmap_size = 0, info_size, total_size, padding; - int i, row, xpos, pixel; -@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; - FILE *tmpfile_for_compression = NULL; - gdIOCtxPtr out_original = NULL; -+ int ret = 1; - - /* No compression if its true colour or we don't support seek */ - if (im->trueColor) { -@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - out_original = NULL; - } - -+ ret = 0; - cleanup: - if (tmpfile_for_compression) { - #ifdef _WIN32 -@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - if (out_original) { - out_original->gd_free(out_original); - } -- return; -+ return ret; - } - - static int compress_row(unsigned char *row, int length) diff --git a/gd-2.2.5-heap-based-buffer-overflow.patch b/gd-2.2.5-heap-based-buffer-overflow.patch deleted file mode 100644 index ae795d0..0000000 --- a/gd-2.2.5-heap-based-buffer-overflow.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 98b2e94e62d873acbcc6d968f1f97af9749fe021 Mon Sep 17 00:00:00 2001 -From: Ondrej Dubaj -Date: Tue, 4 Jun 2019 10:54:45 +0200 -Subject: [PATCH] heap based buffer overflow in - gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() - ---- - src/gd_color_match.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/gd_color_match.c b/src/gd_color_match.c -index f0842b6..a94a841 100755 ---- a/src/gd_color_match.c -+++ b/src/gd_color_match.c -@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2) - return -4; /* At least 1 color must be allocated */ - } - -- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); -- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); -+ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); -+ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); - - for (x=0; x < im1->sx; x++) { - for( y=0; ysy; y++ ) { --- -2.17.1 - diff --git a/gd-2.2.5-null-pointer.patch b/gd-2.2.5-null-pointer.patch deleted file mode 100644 index afa18d9..0000000 --- a/gd-2.2.5-null-pointer.patch +++ /dev/null @@ -1,74 +0,0 @@ -From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= -Date: Fri, 20 Dec 2019 12:03:33 -0300 -Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone() - ---- - src/gd.c | 9 +-------- - tests/gdimageclone/style.c | 30 ++++++++++++++++++++++++++++++ - 5 files changed, 35 insertions(+), 9 deletions(-) - create mode 100644 tests/gdimageclone/style.c - -diff --git a/src/gd.c b/src/gd.c -index 592a0286..d564d1f9 100644 ---- a/src/gd.c -+++ b/src/gd.c -@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { - } - } - -- if (src->styleLength > 0) { -- dst->styleLength = src->styleLength; -- dst->stylePos = src->stylePos; -- for (i = 0; i < src->styleLength; i++) { -- dst->style[i] = src->style[i]; -- } -- } -- - dst->interlace = src->interlace; - - dst->alphaBlendingFlag = src->alphaBlendingFlag; -@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { - - if (src->style) { - gdImageSetStyle(dst, src->style, src->styleLength); -+ dst->stylePos = src->stylePos; - } - - for (i = 0; i < gdMaxColors; i++) { -diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c -new file mode 100644 -index 00000000..c2b246ed ---- /dev/null -+++ b/tests/gdimageclone/style.c -@@ -0,0 +1,30 @@ -+/** -+ * Cloning an image should exactly reproduce all style related data -+ */ -+ -+ -+#include -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+int main() -+{ -+ gdImagePtr im, clone; -+ int style[] = {0, 0, 0}; -+ -+ im = gdImageCreate(8, 8); -+ gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0])); -+ -+ clone = gdImageClone(im); -+ gdTestAssert(clone != NULL); -+ -+ gdTestAssert(clone->styleLength == im->styleLength); -+ gdTestAssert(clone->stylePos == im->stylePos); -+ gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0]))); -+ -+ gdImageDestroy(clone); -+ gdImageDestroy(im); -+ -+ return gdNumFailures(); -+} diff --git a/gd-2.2.5-potential-double-free.patch b/gd-2.2.5-potential-double-free.patch deleted file mode 100644 index 788a068..0000000 --- a/gd-2.2.5-potential-double-free.patch +++ /dev/null @@ -1,283 +0,0 @@ -From 4d9d8368d08c3a2be3ea4193b9314fffeddace52 Mon Sep 17 00:00:00 2001 -From: Ondrej Dubaj -Date: Tue, 4 Jun 2019 13:38:41 +0200 -Subject: [PATCH] Potential double-free in gdImage*Ptr() - -Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we -must not call `gdDPExtractData()`; otherwise a double-free would -happen. Since `gdImage*Ctx()` are void functions, and we can't change -that for BC reasons, we're introducing static helpers which are used -internally. - -We're adding a regression test for `gdImageJpegPtr()`, but not for -`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to -trigger failure of the respective `gdImage*Ctx()` calls. - -This potential security issue has been reported by Solmaz Salimi (aka. -Rooney). ---- - src/gd_gif_out.c | 19 +++++++++++++++---- - src/gd_jpeg.c | 20 ++++++++++++++++---- - src/gd_wbmp.c | 21 ++++++++++++++++++--- - tests/jpeg/CMakeLists.txt | 1 + - tests/jpeg/Makemodule.am | 3 ++- - tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++ - 6 files changed, 83 insertions(+), 12 deletions(-) - create mode 100644 tests/jpeg/jpeg_ptr_double_free.c - -diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c -index 6fe707d..4a05c09 100755 ---- a/src/gd_gif_out.c -+++ b/src/gd_gif_out.c -@@ -99,7 +99,7 @@ static void char_init(GifCtx *ctx); - static void char_out(int c, GifCtx *ctx); - static void flush_char(GifCtx *ctx); - -- -+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); - - - /* -@@ -131,8 +131,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageGifCtx(im, out); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageGifCtx(im, out)) { -+ rv = gdDPExtractData(out, size); -+ } else { -+ rv = NULL; -+ } - out->gd_free(out); - return rv; - } -@@ -220,6 +223,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile) - - */ - BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) -+{ -+ _gdImageGifCtx(im, out); -+} -+ -+/* returns 0 on success, 1 on failure */ -+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) - { - gdImagePtr pim = 0, tim = im; - int interlace, BitsPerPixel; -@@ -231,7 +240,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) - based temporary image. */ - pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); - if(!pim) { -- return; -+ return 1; - } - tim = pim; - } -@@ -247,6 +256,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) - /* Destroy palette based temporary image. */ - gdImageDestroy( pim); - } -+ -+ return 0; - } - - -diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c -index 271ef46..bd8fc27 100755 ---- a/src/gd_jpeg.c -+++ b/src/gd_jpeg.c -@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo) - exit(99); - } - -+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); -+ - /* - * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality - * QUALITY. If QUALITY is in the range 0-100, increasing values -@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageJpegCtx(im, out, quality); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageJpegCtx(im, out, quality)) { -+ rv = gdDPExtractData(out, size); -+ } else { -+ rv = NULL; -+ } - out->gd_free(out); - return rv; - } -@@ -259,6 +264,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile); - - */ - BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) -+{ -+ _gdImageJpegCtx(im, outfile, quality); -+} -+ -+/* returns 0 on success, 1 on failure */ -+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - { - struct jpeg_compress_struct cinfo; - struct jpeg_error_mgr jerr; -@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - if(row) { - gdFree(row); - } -- return; -+ return 1; - } - - cinfo.err->emit_message = jpeg_emit_message; -@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - if(row == 0) { - gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n"); - jpeg_destroy_compress(&cinfo); -- return; -+ return 1; - } - - rowptr[0] = row; -@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - jpeg_finish_compress(&cinfo); - jpeg_destroy_compress(&cinfo); - gdFree(row); -+ return 0; - } - - -diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c -index 0028273..341ff6e 100755 ---- a/src/gd_wbmp.c -+++ b/src/gd_wbmp.c -@@ -88,6 +88,8 @@ int gd_getin(void *in) - return (gdGetC((gdIOCtx *)in)); - } - -+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); -+ - /* - Function: gdImageWBMPCtx - -@@ -100,6 +102,12 @@ int gd_getin(void *in) - out - the stream where to write - */ - BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) -+{ -+ _gdImageWBMPCtx(image, fg, out); -+} -+ -+/* returns 0 on success, 1 on failure */ -+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) - { - int x, y, pos; - Wbmp *wbmp; -@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) - /* create the WBMP */ - if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) { - gd_error("Could not create WBMP\n"); -- return; -+ return 1; - } - - /* fill up the WBMP structure */ -@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) - - /* write the WBMP to a gd file descriptor */ - if(writewbmp(wbmp, &gd_putout, out)) { -+ freewbmp(wbmp); - gd_error("Could not save WBMP\n"); -+ return 1; - } - - /* des submitted this bugfix: gdFree the memory. */ - freewbmp(wbmp); -+ -+ return 0; - } - - /* -@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageWBMPCtx(im, fg, out); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageWBMPCtx(im, fg, out)) { -+ rv = gdDPExtractData(out, size); -+ } else { -+ rv = NULL; -+ } - out->gd_free(out); - return rv; - } -diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt -index 19964b0..a8d8162 100755 ---- a/tests/jpeg/CMakeLists.txt -+++ b/tests/jpeg/CMakeLists.txt -@@ -2,6 +2,7 @@ IF(JPEG_FOUND) - LIST(APPEND TESTS_FILES - jpeg_empty_file - jpeg_im2im -+ jpeg_ptr_double_free - jpeg_null - ) - -diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am -index 7e5d317..b89e169 100755 ---- a/tests/jpeg/Makemodule.am -+++ b/tests/jpeg/Makemodule.am -@@ -2,7 +2,8 @@ if HAVE_LIBJPEG - libgd_test_programs += \ - jpeg/jpeg_empty_file \ - jpeg/jpeg_im2im \ -- jpeg/jpeg_null -+ jpeg/jpeg_null \ -+ jpeg/jpeg_ptr_double_free - - if HAVE_LIBPNG - libgd_test_programs += \ -diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c -new file mode 100644 -index 0000000..c80aeb6 ---- /dev/null -+++ b/tests/jpeg/jpeg_ptr_double_free.c -@@ -0,0 +1,31 @@ -+/** -+ * Test that failure to convert to JPEG returns NULL -+ * -+ * We are creating an image, set its width to zero, and pass this image to -+ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL. -+ * -+ * See also -+ */ -+ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+int main() -+{ -+ gdImagePtr src, dst; -+ int size; -+ -+ src = gdImageCreateTrueColor(1, 10); -+ gdTestAssert(src != NULL); -+ -+ src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */ -+ -+ dst = gdImageJpegPtr(src, &size, 0); -+ gdTestAssert(dst == NULL); -+ -+ gdImageDestroy(src); -+ -+ return gdNumFailures(); -+} -\ No newline at end of file --- -2.17.1 - diff --git a/gd-2.2.5-upstream.patch b/gd-2.2.5-upstream.patch deleted file mode 100644 index 0bc1bcb..0000000 --- a/gd-2.2.5-upstream.patch +++ /dev/null @@ -1,62 +0,0 @@ -From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Wed, 29 Nov 2017 19:37:38 +0100 -Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx - -Due to a signedness confusion in `GetCode_` a corrupt GIF file can -trigger an infinite loop. Furthermore we make sure that a GIF without -any palette entries is treated as invalid *after* open palette entries -have been removed. - -CVE-2018-5711 - -See also https://bugs.php.net/bug.php?id=75571. ---- - src/gd_gif_in.c | 12 ++++++------ - tests/gif/.gitignore | 1 + - tests/gif/CMakeLists.txt | 1 + - tests/gif/Makemodule.am | 2 ++ - tests/gif/php_bug_75571.c | 28 ++++++++++++++++++++++++++++ - tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes - 6 files changed, 38 insertions(+), 6 deletions(-) - create mode 100644 tests/gif/php_bug_75571.c - create mode 100644 tests/gif/php_bug_75571.gif - -diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c -index daf26e79..0a8bd717 100644 ---- a/src/gd_gif_in.c -+++ b/src/gd_gif_in.c -@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) - return 0; - } - -- if(!im->colorsTotal) { -- gdImageDestroy(im); -- return 0; -- } -- - /* Check for open colors at the end, so - * we can reduce colorsTotal and ultimately - * BitsPerPixel */ -@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) - } - } - -+ if(!im->colorsTotal) { -+ gdImageDestroy(im); -+ return 0; -+ } -+ - return im; - } - -@@ -447,7 +447,7 @@ static int - GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) - { - int i, j, ret; -- unsigned char count; -+ int count; - - if(flag) { - scd->curbit = 0; - diff --git a/gd.spec b/gd.spec index 2db9311..5444151 100644 --- a/gd.spec +++ b/gd.spec @@ -1,15 +1,11 @@ -# requested by https://bugzilla.redhat.com/1468338 -# this break gdimagefile/gdnametest: -# gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.gif -# gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.GIF -# FAIL gdimagefile/gdnametest (exit status: 2) -%global with_liq 0 +%global with_liq 1 +%global with_raqm 1 Summary: A graphics library for quick creation of PNG or JPEG images Name: gd -Version: 2.2.5 -Release: 12%{?prever}%{?short}%{?dist} +Version: 2.3.0 +Release: 1%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -19,18 +15,9 @@ Source0: libgd-%{version}-%{commit}.tgz %else Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/libgd-%{version}.tar.xz %endif +# Missing, temporary workaround, fixed upstream for next version +Source1: https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh -Patch1: gd-2.1.0-multilib.patch -# CVE-2018-5711 - https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04 -Patch2: gd-2.2.5-upstream.patch -# CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 -Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch -# CVE-2019-6977 -Patch4: gd-2.2.5-heap-based-buffer-overflow.patch -# CVE-2019-6978 -Patch5: gd-2.2.5-potential-double-free.patch -# NULL POINTER REFERENCE - https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f -Patch6: gd-2.2.5-null-pointer.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -42,6 +29,9 @@ BuildRequires: libwebp-devel %if %{with_liq} BuildRequires: libimagequant-devel %endif +%if %{with_raqm} +BuildRequires: libraqm-devel +%endif BuildRequires: libX11-devel BuildRequires: libXpm-devel BuildRequires: zlib-devel @@ -51,7 +41,6 @@ BuildRequires: perl-interpreter BuildRequires: perl-generators # for fontconfig/basic test BuildRequires: liberation-sans-fonts -BuildRequires: libimagequant-devel %description @@ -84,7 +73,13 @@ Requires: libwebp-devel%{?_isa} Requires: libX11-devel%{?_isa} Requires: libXpm-devel%{?_isa} Requires: zlib-devel%{?_isa} +%if %{with_liq} Requires: libimagequant-devel%{?_isa} +%endif +%if %{with_raqm} +Requires: libraqm-devel +%endif + %description devel The gd-devel package contains the development libraries and header @@ -93,12 +88,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} -%patch1 -p1 -b .mlib -%patch2 -p1 -b .upstream -%patch3 -p1 -b .gdImageBmpPtr-free -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 +install -m 0755 %{SOURCE1} config/ : $(perl config/getver.pl) @@ -143,6 +133,14 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a %check +# minor diff in size +XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox" +%ifarch s390x +XFAIL_TESTS="gdimagestring16/gdimagestring16 gdimagestringup16/gdimagestringup16 $XFAIL_TESTS" +%endif + +export XFAIL_TESTS + : Upstream test suite make check @@ -160,16 +158,19 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %files progs %{_bindir}/* -%exclude %{_bindir}/gdlib-config %files devel -%{_bindir}/gdlib-config %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/gdlib.pc %changelog +* Tue Mar 24 2020 Remi Collet - 2.3.0-1 +- update to 2.3.0 +- add dependency on libraqm +- remove gdlib-config + * Fri Jan 31 2020 Filip Januš - 2.2.5-12 - Add patch(gd-2.2.5-null-pointer.patch) - fix Null pointer reference in gdImageClone (gdImagePtr src) - Resolves: #1599032 diff --git a/getlib.sh b/getlib.sh new file mode 100644 index 0000000..4835cf6 --- /dev/null +++ b/getlib.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +GETVER="${0%/*}/getver.pl" +GDLIB_MAJOR=$("${GETVER}" MAJOR) +GDLIB_MINOR=$("${GETVER}" MINOR) +GDLIB_REVISION=$("${GETVER}" RELEASE) + +# Dynamic library version information +# See http://www.gnu.org/software/libtool/manual/libtool.html#Updating-version-info + +GDLIB_LT_CURRENT=3 +# This is the version where the soname (current above) changes. We use it +# to reset the revision base back to zero. It's a bit of a pain, but some +# systems restrict the revision range below to [0..255] (like OS X). +GDLIB_PREV_MAJOR=2 +GDLIB_PREV_MINOR=2 +# This isn't 100% correct, but it tends to be a close enough approximation +# for how we manage the codebase. It's rare to do a release that doesn't +# modify the library since this project is centered around the library. +GDLIB_LT_REVISION=$(( ((GDLIB_MAJOR - GDLIB_PREV_MAJOR) << 6) | ((GDLIB_MINOR - GDLIB_PREV_MINOR) << 3) | GDLIB_REVISION )) +GDLIB_LT_AGE=0 + +# The first three fields we feed into libtool and the OS target determines how +# they get used. The last two fields we feed into cmake. We use the same rules +# as Linux SONAME versioning in libtool, but cmake should handle it for us. +case $1 in +CURRENT) + printf '%s' "${GDLIB_LT_CURRENT}" + ;; +REVISION) + printf '%s' "${GDLIB_LT_REVISION}" + ;; +AGE) + printf '%s' "${GDLIB_LT_AGE}" + ;; +VERSION) + printf '%s' "$(( GDLIB_LT_CURRENT - GDLIB_LT_AGE )).${GDLIB_LT_AGE}.${GDLIB_LT_REVISION}" + ;; +SONAME) + printf '%s' "$(( GDLIB_LT_CURRENT - GDLIB_LT_AGE ))" + ;; +esac diff --git a/sources b/sources index 541711d..7b35316 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libgd-2.2.5.tar.xz) = 946675b0a9dbecdee3dda927d496a35d6b5b071d3252a82cd649db0d959a82fcc65ce067ec34d07eed0e0497cd92cc0d93803609a4854f42d284e950764044d0 +SHA512 (libgd-2.3.0.tar.xz) = 5b201d22560e147a3d5471010b898ad0268c3a2453b870d1267b6ba92e540cf9f75099336c1ab08217e41827ac86fe04525726bf29ad117e5dcbaef9a8d0622a From 7479fbab78d5c0377deee05af337a6d7440410e7 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 24 Mar 2020 10:15:12 +0100 Subject: [PATCH 12/56] add missing BR on perl(FindBin) --- gd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/gd.spec b/gd.spec index 5444151..1e6c22d 100644 --- a/gd.spec +++ b/gd.spec @@ -39,6 +39,7 @@ BuildRequires: pkgconfig BuildRequires: libtool BuildRequires: perl-interpreter BuildRequires: perl-generators +BuildRequires: perl(FindBin) # for fontconfig/basic test BuildRequires: liberation-sans-fonts From e869ce049e063e26f6941aaa30cf07d9fbe72ca9 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 15 Jul 2020 10:10:25 +0200 Subject: [PATCH 13/56] fix gdImageStringFT() fails for empty strings https://github.com/libgd/libgd/issues/615 --- gd-bug615.patch | 188 ++++++++++++++++++++++++++++++++++++++++++++++++ gd.spec | 8 ++- 2 files changed, 195 insertions(+), 1 deletion(-) create mode 100644 gd-bug615.patch diff --git a/gd-bug615.patch b/gd-bug615.patch new file mode 100644 index 0000000..74192e8 --- /dev/null +++ b/gd-bug615.patch @@ -0,0 +1,188 @@ +From 3dd0e308cbd2c24fde2fc9e9b707181252a2de95 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" +Date: Tue, 5 May 2020 12:02:45 +0200 +Subject: [PATCH] Fix #615: gdImageStringFT() fails for empty strings as of + libgd 2.3.0 (#633) + +We change the return type of `textLayout()` to `ssize_t`, and signal +failure by returning `-1`, so that laying out an empty string is no +longer handled as failure. We make sure that no overflow occurs, +assuming that all `int` values can be fully represented as `ssize_t`. +--- + src/gdft.c | 18 +++++++++--------- + tests/gdimagestringft/.gitignore | 1 + + tests/gdimagestringft/CMakeLists.txt | 1 + + tests/gdimagestringft/Makemodule.am | 1 + + tests/gdimagestringft/bug00615.c | 25 +++++++++++++++++++++++++ + 5 files changed, 37 insertions(+), 9 deletions(-) + create mode 100644 tests/gdimagestringft/bug00615.c + +diff --git a/src/gdft.c b/src/gdft.c +index b483b383..186eefff 100644 +--- a/src/gdft.c ++++ b/src/gdft.c +@@ -441,7 +441,7 @@ typedef struct { + uint32_t cluster; + } glyphInfo; + +-static size_t ++static ssize_t + textLayout(uint32_t *text, int len, + FT_Face face, gdFTStringExtraPtr strex, + glyphInfo **glyph_info) +@@ -459,19 +459,19 @@ textLayout(uint32_t *text, int len, + !raqm_set_par_direction (rq, RAQM_DIRECTION_DEFAULT) || + !raqm_layout (rq)) { + raqm_destroy (rq); +- return 0; ++ return -1; + } + + glyphs = raqm_get_glyphs (rq, &count); + if (!glyphs) { + raqm_destroy (rq); +- return 0; ++ return -1; + } + + info = (glyphInfo*) gdMalloc (sizeof (glyphInfo) * count); + if (!info) { + raqm_destroy (rq); +- return 0; ++ return -1; + } + + for (i = 0; i < count; i++) { +@@ -489,7 +489,7 @@ textLayout(uint32_t *text, int len, + FT_Error err; + info = (glyphInfo*) gdMalloc (sizeof (glyphInfo) * len); + if (!info) { +- return 0; ++ return -1; + } + for (count = 0; count < len; count++) { + /* Convert character code to glyph index */ +@@ -508,7 +508,7 @@ textLayout(uint32_t *text, int len, + err = FT_Load_Glyph (face, glyph_index, FT_LOAD_DEFAULT); + if (err) { + gdFree (info); +- return 0; ++ return -1; + } + info[count].index = glyph_index; + info[count].x_offset = 0; +@@ -527,7 +527,7 @@ textLayout(uint32_t *text, int len, + #endif + + *glyph_info = info; +- return count; ++ return count <= SSIZE_MAX ? count : -1; + } + + /********************************************************************/ +@@ -1108,7 +1108,7 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c + char *tmpstr = 0; + uint32_t *text; + glyphInfo *info = NULL; +- size_t count; ++ ssize_t count; + int render = (im && (im->trueColor || (fg <= 255 && fg >= -255))); + FT_BitmapGlyph bm; + /* 2.0.13: Bob Ostermann: don't force autohint, that's just for testing +@@ -1409,7 +1409,7 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c + + count = textLayout (text , i, face, strex, &info); + +- if (!count) { ++ if (count < 0) { + gdFree (text); + gdFree (tmpstr); + gdCacheDelete (tc_cache); +diff --git a/tests/gdimagestringft/CMakeLists.txt b/tests/gdimagestringft/CMakeLists.txt +index f46b9006..42868a27 100644 +--- a/tests/gdimagestringft/CMakeLists.txt ++++ b/tests/gdimagestringft/CMakeLists.txt +@@ -1,5 +1,6 @@ + IF(FREETYPE_FOUND) + LIST(APPEND TESTS_FILES ++ bug00615 + gdimagestringft_bbox + ) + ENDIF(FREETYPE_FOUND) +diff --git a/tests/gdimagestringft/Makemodule.am b/tests/gdimagestringft/Makemodule.am +index 0dfe26fb..a62081f4 100644 +--- a/tests/gdimagestringft/Makemodule.am ++++ b/tests/gdimagestringft/Makemodule.am +@@ -1,5 +1,6 @@ + if HAVE_LIBFREETYPE + libgd_test_programs += \ ++ gdimagestringft/bug00615 \ + gdimagestringft/gdimagestringft_bbox + endif + +diff --git a/tests/gdimagestringft/bug00615.c b/tests/gdimagestringft/bug00615.c +new file mode 100644 +index 00000000..0da51dae +--- /dev/null ++++ b/tests/gdimagestringft/bug00615.c +@@ -0,0 +1,25 @@ ++/** ++ * Test that rendering an empty string does not fail ++ * ++ * Rendering an empty string with gdImageStringFT() is not supposed to fail; ++ * it is just a no-op. ++ * ++ * See ++ */ ++ ++#include "gd.h" ++#include "gdtest.h" ++ ++int main() ++{ ++ gdImagePtr im = gdImageCreate(100, 100); ++ ++ int rect[8]; ++ int fg = gdImageColorAllocate(im, 255, 255, 255); ++ char *path = gdTestFilePath("freetype/DejaVuSans.ttf"); ++ char *res = gdImageStringFT(im, rect, fg, path, 12, 0, 10, 10, ""); ++ ++ gdTestAssert(res == NULL); ++ ++ return gdNumFailures(); ++} +From 0be6aec0fe11dce8b8a5674eea5ee23bc700042e Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Wed, 15 Jul 2020 08:56:08 +0200 +Subject: [PATCH] Fix #615 using libraqm and avoid unneeded free + +--- + src/gdft.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/gdft.c b/src/gdft.c +index 186eefff..7eb97077 100644 +--- a/src/gdft.c ++++ b/src/gdft.c +@@ -449,6 +449,10 @@ textLayout(uint32_t *text, int len, + size_t count; + glyphInfo *info; + ++ if (!len) { ++ return 0; ++ } ++ + #ifdef HAVE_LIBRAQM + size_t i; + raqm_glyph_t *glyphs; +@@ -1566,7 +1570,9 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c + } + + gdFree(text); +- gdFree(info); ++ if (info) { ++ gdFree(info); ++ } + + /* Save the (unkerned) advance from the last character in the xshow vector */ + if (strex && (strex->flags & gdFTEX_XSHOW) && strex->xshow) { diff --git a/gd.spec b/gd.spec index 1e6c22d..b63ca84 100644 --- a/gd.spec +++ b/gd.spec @@ -5,7 +5,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.0 -Release: 1%{?prever}%{?short}%{?dist} +Release: 2%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -18,6 +18,7 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/li # Missing, temporary workaround, fixed upstream for next version Source1: https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh +Patch0: gd-bug615.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -89,6 +90,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} +%patch0 -p1 install -m 0755 %{SOURCE1} config/ : $(perl config/getver.pl) @@ -167,6 +169,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Jul 15 2020 Remi Collet - 2.3.0-2 +- fix gdImageStringFT() fails for empty strings + https://github.com/libgd/libgd/issues/615 + * Tue Mar 24 2020 Remi Collet - 2.3.0-1 - update to 2.3.0 - add dependency on libraqm From f186cb693f72143c37652382ba83f31148c159fc Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 27 Jul 2020 18:21:49 +0000 Subject: [PATCH 14/56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index b63ca84..3041471 100644 --- a/gd.spec +++ b/gd.spec @@ -5,7 +5,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.0 -Release: 2%{?prever}%{?short}%{?dist} +Release: 3%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -169,6 +169,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Jul 27 2020 Fedora Release Engineering - 2.3.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jul 15 2020 Remi Collet - 2.3.0-2 - fix gdImageStringFT() fails for empty strings https://github.com/libgd/libgd/issues/615 From 9c9e4af18401dfb94aa2c170b0f9b18a2a6f9128 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Fri, 18 Dec 2020 23:09:31 +0000 Subject: [PATCH 15/56] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- gd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/gd.spec b/gd.spec index 3041471..7e5d22a 100644 --- a/gd.spec +++ b/gd.spec @@ -43,6 +43,7 @@ BuildRequires: perl-generators BuildRequires: perl(FindBin) # for fontconfig/basic test BuildRequires: liberation-sans-fonts +BuildRequires: make %description From 974781a4184ec0ddc1eccaa3d99b22a44168fb24 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 06:27:05 +0000 Subject: [PATCH 16/56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 7e5d22a..da16bae 100644 --- a/gd.spec +++ b/gd.spec @@ -5,7 +5,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.0 -Release: 3%{?prever}%{?short}%{?dist} +Release: 4%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -170,6 +170,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 2.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Mon Jul 27 2020 Fedora Release Engineering - 2.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 0d13b891d69fe9e128a121e430f10e0ce2908e97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Janu=C5=A1?= Date: Thu, 4 Feb 2021 09:22:55 +0100 Subject: [PATCH 17/56] Upstream released new version --- .gitignore | 1 + gd-bug615.patch | 188 ------------------------------------------------ gd.spec | 16 ++--- sources | 2 +- 4 files changed, 10 insertions(+), 197 deletions(-) delete mode 100644 gd-bug615.patch diff --git a/.gitignore b/.gitignore index 0a16c45..06c7b99 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ gd-2.0.35.tar.bz2 /libgd-2.2.4.tar.xz /libgd-2.2.5.tar.xz /libgd-2.3.0.tar.xz +/libgd-2.3.1.tar.xz diff --git a/gd-bug615.patch b/gd-bug615.patch deleted file mode 100644 index 74192e8..0000000 --- a/gd-bug615.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 3dd0e308cbd2c24fde2fc9e9b707181252a2de95 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Tue, 5 May 2020 12:02:45 +0200 -Subject: [PATCH] Fix #615: gdImageStringFT() fails for empty strings as of - libgd 2.3.0 (#633) - -We change the return type of `textLayout()` to `ssize_t`, and signal -failure by returning `-1`, so that laying out an empty string is no -longer handled as failure. We make sure that no overflow occurs, -assuming that all `int` values can be fully represented as `ssize_t`. ---- - src/gdft.c | 18 +++++++++--------- - tests/gdimagestringft/.gitignore | 1 + - tests/gdimagestringft/CMakeLists.txt | 1 + - tests/gdimagestringft/Makemodule.am | 1 + - tests/gdimagestringft/bug00615.c | 25 +++++++++++++++++++++++++ - 5 files changed, 37 insertions(+), 9 deletions(-) - create mode 100644 tests/gdimagestringft/bug00615.c - -diff --git a/src/gdft.c b/src/gdft.c -index b483b383..186eefff 100644 ---- a/src/gdft.c -+++ b/src/gdft.c -@@ -441,7 +441,7 @@ typedef struct { - uint32_t cluster; - } glyphInfo; - --static size_t -+static ssize_t - textLayout(uint32_t *text, int len, - FT_Face face, gdFTStringExtraPtr strex, - glyphInfo **glyph_info) -@@ -459,19 +459,19 @@ textLayout(uint32_t *text, int len, - !raqm_set_par_direction (rq, RAQM_DIRECTION_DEFAULT) || - !raqm_layout (rq)) { - raqm_destroy (rq); -- return 0; -+ return -1; - } - - glyphs = raqm_get_glyphs (rq, &count); - if (!glyphs) { - raqm_destroy (rq); -- return 0; -+ return -1; - } - - info = (glyphInfo*) gdMalloc (sizeof (glyphInfo) * count); - if (!info) { - raqm_destroy (rq); -- return 0; -+ return -1; - } - - for (i = 0; i < count; i++) { -@@ -489,7 +489,7 @@ textLayout(uint32_t *text, int len, - FT_Error err; - info = (glyphInfo*) gdMalloc (sizeof (glyphInfo) * len); - if (!info) { -- return 0; -+ return -1; - } - for (count = 0; count < len; count++) { - /* Convert character code to glyph index */ -@@ -508,7 +508,7 @@ textLayout(uint32_t *text, int len, - err = FT_Load_Glyph (face, glyph_index, FT_LOAD_DEFAULT); - if (err) { - gdFree (info); -- return 0; -+ return -1; - } - info[count].index = glyph_index; - info[count].x_offset = 0; -@@ -527,7 +527,7 @@ textLayout(uint32_t *text, int len, - #endif - - *glyph_info = info; -- return count; -+ return count <= SSIZE_MAX ? count : -1; - } - - /********************************************************************/ -@@ -1108,7 +1108,7 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c - char *tmpstr = 0; - uint32_t *text; - glyphInfo *info = NULL; -- size_t count; -+ ssize_t count; - int render = (im && (im->trueColor || (fg <= 255 && fg >= -255))); - FT_BitmapGlyph bm; - /* 2.0.13: Bob Ostermann: don't force autohint, that's just for testing -@@ -1409,7 +1409,7 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c - - count = textLayout (text , i, face, strex, &info); - -- if (!count) { -+ if (count < 0) { - gdFree (text); - gdFree (tmpstr); - gdCacheDelete (tc_cache); -diff --git a/tests/gdimagestringft/CMakeLists.txt b/tests/gdimagestringft/CMakeLists.txt -index f46b9006..42868a27 100644 ---- a/tests/gdimagestringft/CMakeLists.txt -+++ b/tests/gdimagestringft/CMakeLists.txt -@@ -1,5 +1,6 @@ - IF(FREETYPE_FOUND) - LIST(APPEND TESTS_FILES -+ bug00615 - gdimagestringft_bbox - ) - ENDIF(FREETYPE_FOUND) -diff --git a/tests/gdimagestringft/Makemodule.am b/tests/gdimagestringft/Makemodule.am -index 0dfe26fb..a62081f4 100644 ---- a/tests/gdimagestringft/Makemodule.am -+++ b/tests/gdimagestringft/Makemodule.am -@@ -1,5 +1,6 @@ - if HAVE_LIBFREETYPE - libgd_test_programs += \ -+ gdimagestringft/bug00615 \ - gdimagestringft/gdimagestringft_bbox - endif - -diff --git a/tests/gdimagestringft/bug00615.c b/tests/gdimagestringft/bug00615.c -new file mode 100644 -index 00000000..0da51dae ---- /dev/null -+++ b/tests/gdimagestringft/bug00615.c -@@ -0,0 +1,25 @@ -+/** -+ * Test that rendering an empty string does not fail -+ * -+ * Rendering an empty string with gdImageStringFT() is not supposed to fail; -+ * it is just a no-op. -+ * -+ * See -+ */ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+int main() -+{ -+ gdImagePtr im = gdImageCreate(100, 100); -+ -+ int rect[8]; -+ int fg = gdImageColorAllocate(im, 255, 255, 255); -+ char *path = gdTestFilePath("freetype/DejaVuSans.ttf"); -+ char *res = gdImageStringFT(im, rect, fg, path, 12, 0, 10, 10, ""); -+ -+ gdTestAssert(res == NULL); -+ -+ return gdNumFailures(); -+} -From 0be6aec0fe11dce8b8a5674eea5ee23bc700042e Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Wed, 15 Jul 2020 08:56:08 +0200 -Subject: [PATCH] Fix #615 using libraqm and avoid unneeded free - ---- - src/gdft.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/gdft.c b/src/gdft.c -index 186eefff..7eb97077 100644 ---- a/src/gdft.c -+++ b/src/gdft.c -@@ -449,6 +449,10 @@ textLayout(uint32_t *text, int len, - size_t count; - glyphInfo *info; - -+ if (!len) { -+ return 0; -+ } -+ - #ifdef HAVE_LIBRAQM - size_t i; - raqm_glyph_t *glyphs; -@@ -1566,7 +1570,9 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c - } - - gdFree(text); -- gdFree(info); -+ if (info) { -+ gdFree(info); -+ } - - /* Save the (unkerned) advance from the last character in the xshow vector */ - if (strex && (strex->flags & gdFTEX_XSHOW) && strex->xshow) { diff --git a/gd.spec b/gd.spec index da16bae..b19861e 100644 --- a/gd.spec +++ b/gd.spec @@ -4,8 +4,8 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd -Version: 2.3.0 -Release: 4%{?prever}%{?short}%{?dist} +Version: 2.3.1 +Release: 1%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -18,8 +18,6 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/li # Missing, temporary workaround, fixed upstream for next version Source1: https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh -Patch0: gd-bug615.patch - BuildRequires: freetype-devel BuildRequires: fontconfig-devel BuildRequires: gettext-devel @@ -91,7 +89,6 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} -%patch0 -p1 install -m 0755 %{SOURCE1} config/ : $(perl config/getver.pl) @@ -139,9 +136,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a %check # minor diff in size XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox" -%ifarch s390x -XFAIL_TESTS="gdimagestring16/gdimagestring16 gdimagestringup16/gdimagestringup16 $XFAIL_TESTS" -%endif export XFAIL_TESTS @@ -170,6 +164,12 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Feb 3 2021 Filip Januš - 2.3.1-1 +- Upstream released new version 2.3.1 +- patch bug615 is no more needed - fixed by upstream in release +- gdimagestring16/gdimagestring16 gdimagestringup16/gdimagestringup16 passed on + x390s - XFAIL_TEST definition for x390s is no more necessary + * Tue Jan 26 2021 Fedora Release Engineering - 2.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index 7b35316..d9cd306 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libgd-2.3.0.tar.xz) = 5b201d22560e147a3d5471010b898ad0268c3a2453b870d1267b6ba92e540cf9f75099336c1ab08217e41827ac86fe04525726bf29ad117e5dcbaef9a8d0622a +SHA512 (libgd-2.3.1.tar.xz) = 0b96406a1d62129d7d63f78fc4558062c223a3bfbf9719be86362fd922b72b5dac294524dd1b0a996a4a7a709ee9d2dfc790ee32564add70adad41d044a0ed80 From ed50b51c04bd303fc5043b1bfb63aa53a90a7f17 Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Mon, 8 Mar 2021 08:46:53 +0100 Subject: [PATCH 18/56] rebase to version 2.3.2 --- .gitignore | 1 + gd.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 06c7b99..fd789a9 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ gd-2.0.35.tar.bz2 /libgd-2.2.5.tar.xz /libgd-2.3.0.tar.xz /libgd-2.3.1.tar.xz +/libgd-2.3.2.tar.xz diff --git a/gd.spec b/gd.spec index b19861e..54321ba 100644 --- a/gd.spec +++ b/gd.spec @@ -4,7 +4,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd -Version: 2.3.1 +Version: 2.3.2 Release: 1%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ @@ -164,6 +164,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Mar 08 2021 Ondrej Dubaj - 2.3.2-1 +- rebase to version 2.3.2 + * Wed Feb 3 2021 Filip Januš - 2.3.1-1 - Upstream released new version 2.3.1 - patch bug615 is no more needed - fixed by upstream in release diff --git a/sources b/sources index d9cd306..a6d5c0b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libgd-2.3.1.tar.xz) = 0b96406a1d62129d7d63f78fc4558062c223a3bfbf9719be86362fd922b72b5dac294524dd1b0a996a4a7a709ee9d2dfc790ee32564add70adad41d044a0ed80 +SHA512 (libgd-2.3.2.tar.xz) = a31c6dbb64e7b725b63f3b400f7bebc289e2d776bdca0595af23006841660dc93a56c2247b98f8a584438a826f9e9ff0bea17d0b3900e48e281580b1308794d2 From 3147fefdfdd062b964b06efc7149e7453900ca6a Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 8 Mar 2021 15:21:47 +0100 Subject: [PATCH 19/56] enable avif support use bcond --- gd.spec | 36 +++++++++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/gd.spec b/gd.spec index 54321ba..f216b7a 100644 --- a/gd.spec +++ b/gd.spec @@ -1,11 +1,17 @@ -%global with_liq 1 -%global with_raqm 1 +# Enabled by default +%bcond_without liq +%bcond_without raqm +%bcond_without avif + +# Not available in Fedora, only in rpmfusion +# Also see https://github.com/libgd/libgd/issues/678 segfault +%bcond_with heif Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 1%{?prever}%{?short}%{?dist} +Release: 2%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -25,12 +31,18 @@ BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel BuildRequires: libwebp-devel -%if %{with_liq} +%if %{with liq} BuildRequires: libimagequant-devel %endif -%if %{with_raqm} +%if %{with raqm} BuildRequires: libraqm-devel %endif +%if %{with avif} +BuildRequires: libavif-devel +%endif +%if %{with heif} +BuildRequires: libheif-devel +%endif BuildRequires: libX11-devel BuildRequires: libXpm-devel BuildRequires: zlib-devel @@ -74,12 +86,18 @@ Requires: libwebp-devel%{?_isa} Requires: libX11-devel%{?_isa} Requires: libXpm-devel%{?_isa} Requires: zlib-devel%{?_isa} -%if %{with_liq} +%if %{with liq} Requires: libimagequant-devel%{?_isa} %endif -%if %{with_raqm} +%if %{with raqm} Requires: libraqm-devel %endif +%if %{with avif} +Requires: libavif-devel +%endif +%if %{with heif} +Requires: libheif-devel +%endif %description devel @@ -164,6 +182,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Mar 8 2021 Remi Collet - 2.3.2-2 +- enable avif support +- use bcond + * Mon Mar 08 2021 Ondrej Dubaj - 2.3.2-1 - rebase to version 2.3.2 From b81dacf96690c269f5f09b495121cde547050c95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Janu=C5=A1?= Date: Wed, 17 Mar 2021 11:04:22 +0100 Subject: [PATCH 20/56] Add condition if fedora for packages not available in RHEL --- gd.spec | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/gd.spec b/gd.spec index f216b7a..a144825 100644 --- a/gd.spec +++ b/gd.spec @@ -1,8 +1,13 @@ +%if 0%{?rhel} +%bcond_with liq +%bcond_with raqm +%bcond_with avif +%else # Enabled by default %bcond_without liq %bcond_without raqm %bcond_without avif - +%endif # Not available in Fedora, only in rpmfusion # Also see https://github.com/libgd/libgd/issues/678 segfault %bcond_with heif @@ -11,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 2%{?prever}%{?short}%{?dist} +Release: 3%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -21,8 +26,6 @@ Source0: libgd-%{version}-%{commit}.tgz %else Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/libgd-%{version}.tar.xz %endif -# Missing, temporary workaround, fixed upstream for next version -Source1: https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -107,7 +110,6 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} -install -m 0755 %{SOURCE1} config/ : $(perl config/getver.pl) @@ -153,9 +155,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a %check # minor diff in size +%if %{with raqm} XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox" - export XFAIL_TESTS +%endif : Upstream test suite make check @@ -182,6 +185,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Mar 17 2021 Filip Januš - 2.3.2-3 +- Add condition if fedora for packages not available in RHEL + * Mon Mar 8 2021 Remi Collet - 2.3.2-2 - enable avif support - use bcond From d79d40c91884b00eda7586e049a2fd60870bde59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Mon, 29 Mar 2021 23:25:31 +0200 Subject: [PATCH 21/56] Rebuild for libavif soname bump --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index a144825..9015c92 100644 --- a/gd.spec +++ b/gd.spec @@ -16,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 3%{?prever}%{?short}%{?dist} +Release: 4%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -185,6 +185,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Mar 29 2021 Robert-André Mauchin - 2.3.2-4 +- Rebuild for libavif soname bump + * Wed Mar 17 2021 Filip Januš - 2.3.2-3 - Add condition if fedora for packages not available in RHEL From 5bdcbb1ca5fdb5ed821a9e5568e4b4bebcbe3e7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Sun, 23 May 2021 20:40:52 +0200 Subject: [PATCH 22/56] Rebuild for libavif soname bump --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 9015c92..1367a04 100644 --- a/gd.spec +++ b/gd.spec @@ -16,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 4%{?prever}%{?short}%{?dist} +Release: 5%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -185,6 +185,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Sun May 23 2021 Robert-André Mauchin - 2.3.2-5 +- Rebuild for libavif soname bump + * Mon Mar 29 2021 Robert-André Mauchin - 2.3.2-4 - Rebuild for libavif soname bump From 36135175c4af8a5d8ad01d7c2466670001fa90e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Mon, 19 Jul 2021 22:39:29 +0200 Subject: [PATCH 23/56] Rebuild for libavif soname bump --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 1367a04..887ad2c 100644 --- a/gd.spec +++ b/gd.spec @@ -16,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 5%{?prever}%{?short}%{?dist} +Release: 6%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -185,6 +185,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Jul 19 2021 Robert-André Mauchin - 2.3.2-6 +- Rebuild for libavif soname bump + * Sun May 23 2021 Robert-André Mauchin - 2.3.2-5 - Rebuild for libavif soname bump From 9ee1cda69e2ffa92fbda4d2f5762ee38afdc849f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 23:53:31 +0000 Subject: [PATCH 24/56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 887ad2c..729c740 100644 --- a/gd.spec +++ b/gd.spec @@ -16,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 6%{?prever}%{?short}%{?dist} +Release: 7%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -185,6 +185,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Jul 21 2021 Fedora Release Engineering - 2.3.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Mon Jul 19 2021 Robert-André Mauchin - 2.3.2-6 - Rebuild for libavif soname bump From 87692e31f63a324ceeafcd400f71cd1768909788 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Thu, 22 Jul 2021 08:53:28 +0200 Subject: [PATCH 25/56] Rebuild for libavif soname bump --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 729c740..73bac9a 100644 --- a/gd.spec +++ b/gd.spec @@ -16,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 7%{?prever}%{?short}%{?dist} +Release: 8%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -185,6 +185,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jul 22 2021 Robert-André Mauchin - 2.3.2-8 +- Rebuild for libavif soname bump + * Wed Jul 21 2021 Fedora Release Engineering - 2.3.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From d1b1741b85e60f1d728c42d1ce075b9b88331ebe Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Tue, 27 Jul 2021 19:14:28 +0200 Subject: [PATCH 26/56] Rebuild again for libavif soname bump --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 73bac9a..3ec515b 100644 --- a/gd.spec +++ b/gd.spec @@ -16,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.2 -Release: 8%{?prever}%{?short}%{?dist} +Release: 9%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -185,6 +185,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Tue Jul 27 2021 Florian Weimer - 2.3.2-9 +- Rebuild again for libavif soname bump + * Thu Jul 22 2021 Robert-André Mauchin - 2.3.2-8 - Rebuild for libavif soname bump From 929b9853b064584a0ecdd3dd025901a728ef2d75 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 13 Sep 2021 15:21:00 +0200 Subject: [PATCH 27/56] update to 2.3.3 open https://github.com/libgd/libgd/pull/766 missing macros open https://github.com/libgd/libgd/pull/767 missing headers --- .gitignore | 1 + gd.spec | 16 ++++++++++++-- libgd-flip.patch | 50 ++++++++++++++++++++++++++++++++++++++++++++ libgd-iostream.patch | 35 +++++++++++++++++++++++++++++++ sources | 2 +- 5 files changed, 101 insertions(+), 3 deletions(-) create mode 100644 libgd-flip.patch create mode 100644 libgd-iostream.patch diff --git a/.gitignore b/.gitignore index fd789a9..b95fae7 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ gd-2.0.35.tar.bz2 /libgd-2.3.0.tar.xz /libgd-2.3.1.tar.xz /libgd-2.3.2.tar.xz +/libgd-2.3.3.tar.xz diff --git a/gd.spec b/gd.spec index 3ec515b..8af6af3 100644 --- a/gd.spec +++ b/gd.spec @@ -15,8 +15,8 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd -Version: 2.3.2 -Release: 9%{?prever}%{?short}%{?dist} +Version: 2.3.3 +Release: 1%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -27,6 +27,11 @@ Source0: libgd-%{version}-%{commit}.tgz Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/libgd-%{version}.tar.xz %endif +# Needed by PHP see https://github.com/libgd/libgd/pull/766 +Patch0: libgd-flip.patch +# Missing header see https://github.com/libgd/libgd/pull/766 +Patch1: libgd-iostream.patch + BuildRequires: freetype-devel BuildRequires: fontconfig-devel BuildRequires: gettext-devel @@ -110,6 +115,8 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} +%patch0 -p1 +%patch1 -p1 : $(perl config/getver.pl) @@ -185,6 +192,11 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Sep 13 2021 Remi Collet - 2.3.3-1 +- update to 2.3.3 +- open https://github.com/libgd/libgd/pull/766 missing macros +- open https://github.com/libgd/libgd/pull/767 missing headers + * Tue Jul 27 2021 Florian Weimer - 2.3.2-9 - Rebuild again for libavif soname bump diff --git a/libgd-flip.patch b/libgd-flip.patch new file mode 100644 index 0000000..4fa964f --- /dev/null +++ b/libgd-flip.patch @@ -0,0 +1,50 @@ +From f4bc1f5c26925548662946ed7cfa473c190a104a Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Mon, 13 Sep 2021 14:57:52 +0200 +Subject: [PATCH 1/2] Revert "Fix #318, these macros are not used as planed, we + have separate functions for each" + +This reverts commit bdc281eadb1d58d5c0c7bbc1125ee4674256df08. +--- + src/gd.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/gd.h b/src/gd.h +index 30560395..1ad9e637 100644 +--- a/src/gd.h ++++ b/src/gd.h +@@ -1604,6 +1604,11 @@ BGD_DECLARE(void) gdImageFlipHorizontal(gdImagePtr im); + BGD_DECLARE(void) gdImageFlipVertical(gdImagePtr im); + BGD_DECLARE(void) gdImageFlipBoth(gdImagePtr im); + ++#define GD_FLIP_HORINZONTAL 1 /* typo, kept for BC */ ++#define GD_FLIP_HORIZONTAL 1 ++#define GD_FLIP_VERTICAL 2 ++#define GD_FLIP_BOTH 3 ++ + /** + * Group: Crop + * + +From e47c619d792455aad23708d2ec2947455394427e Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Mon, 13 Sep 2021 14:59:47 +0200 +Subject: [PATCH 2/2] add comment to not remove these macros + +--- + src/gd.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/gd.h b/src/gd.h +index 1ad9e637..71f5a89c 100644 +--- a/src/gd.h ++++ b/src/gd.h +@@ -1604,6 +1604,8 @@ BGD_DECLARE(void) gdImageFlipHorizontal(gdImagePtr im); + BGD_DECLARE(void) gdImageFlipVertical(gdImagePtr im); + BGD_DECLARE(void) gdImageFlipBoth(gdImagePtr im); + ++/* Macros still used in gd extension up to PHP 8.0 ++ so please keep these unused macros for now */ + #define GD_FLIP_HORINZONTAL 1 /* typo, kept for BC */ + #define GD_FLIP_HORIZONTAL 1 + #define GD_FLIP_VERTICAL 2 diff --git a/libgd-iostream.patch b/libgd-iostream.patch new file mode 100644 index 0000000..c80b3ec --- /dev/null +++ b/libgd-iostream.patch @@ -0,0 +1,35 @@ +From 01bcbdcae35b90de082012e639094c711a7aa2b3 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Mon, 13 Sep 2021 15:05:18 +0200 +Subject: [PATCH] install missing header, used by gdpp.h + +--- + src/CMakeLists.txt | 1 + + src/Makefile.am | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 3839bc78..c1eea100 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -194,6 +194,7 @@ install(FILES + gdfontt.h + gdfx.h + gdpp.h ++ gd_io_stream.h + DESTINATION include) + + CONFIGURE_FILE(../config/gdlib.pc.cmake gdlib.pc @ONLY) +diff --git a/src/Makefile.am b/src/Makefile.am +index dbe9243c..c8c779f1 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -52,7 +52,7 @@ EXTRA_DIST = \ + msinttypes/inttypes.h \ + msinttypes/stdint.h + +-include_HEADERS = gd.h gdfx.h gd_io.h gdcache.h gdfontg.h gdfontl.h gdfontmb.h gdfonts.h gdfontt.h gd_color_map.h gd_errors.h gdpp.h ++include_HEADERS = gd.h gdfx.h gd_io.h gdcache.h gdfontg.h gdfontl.h gdfontmb.h gdfonts.h gdfontt.h gd_color_map.h gd_errors.h gdpp.h gd_io_stream.h + + lib_LTLIBRARIES = libgd.la + diff --git a/sources b/sources index a6d5c0b..4bad33c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libgd-2.3.2.tar.xz) = a31c6dbb64e7b725b63f3b400f7bebc289e2d776bdca0595af23006841660dc93a56c2247b98f8a584438a826f9e9ff0bea17d0b3900e48e281580b1308794d2 +SHA512 (libgd-2.3.3.tar.xz) = aa49d4381d604a4360d556419d603df2ffd689a6dcc10f8e5e1d158ddaa3ab89912f6077ca77da4e370055074007971cf6d356ec9bf26dcf39bcff3208bc7e6c From d5127de01fe3a948cf2ab7cbd3f03af7f74dd3ae Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 13 Sep 2021 15:28:11 +0200 Subject: [PATCH 28/56] Workaround to https://github.com/libgd/libgd/issues/763 --- gd.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gd.spec b/gd.spec index 8af6af3..5c8349a 100644 --- a/gd.spec +++ b/gd.spec @@ -167,6 +167,9 @@ XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox" export XFAIL_TESTS %endif +# Workaround to https://github.com/libgd/libgd/issues/763 +export TMPDIR=/tmp + : Upstream test suite make check From e8921493d7ddfd07189b9d19b030212a4f3c9f4d Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 13 Sep 2021 15:39:17 +0200 Subject: [PATCH 29/56] all tests pass now --- gd.spec | 6 ------ 1 file changed, 6 deletions(-) diff --git a/gd.spec b/gd.spec index 5c8349a..328d846 100644 --- a/gd.spec +++ b/gd.spec @@ -161,12 +161,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a %check -# minor diff in size -%if %{with raqm} -XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox" -export XFAIL_TESTS -%endif - # Workaround to https://github.com/libgd/libgd/issues/763 export TMPDIR=/tmp From 73bca05a7eec01ff87ec629209827d51023825d5 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Mon, 20 Sep 2021 14:29:33 +0100 Subject: [PATCH 30/56] Explicitly enable gd/gd2 formats, wanted by perl bindings (#2005916) --- gd.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 328d846..33f64f3 100644 --- a/gd.spec +++ b/gd.spec @@ -16,7 +16,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 1%{?prever}%{?short}%{?dist} +Release: 2%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -149,6 +149,7 @@ export CFLAGS="$CFLAGS -ffp-contract=off" %endif %configure \ + --enable-gd-formats \ --with-tiff=%{_prefix} \ --disable-rpath make %{?_smp_mflags} @@ -189,6 +190,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Sep 20 2021 Paul Howarth - 2.3.3-2 +- Explicitly enable gd/gd2 formats, wanted by perl bindings (#2005916) + * Mon Sep 13 2021 Remi Collet - 2.3.3-1 - update to 2.3.3 - open https://github.com/libgd/libgd/pull/766 missing macros From 0e79f9e82b49739a1d9b446c6a9518943578def4 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 19 Nov 2021 09:09:33 +0100 Subject: [PATCH 31/56] disable libraqm usage, see #2022957 --- gd.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/gd.spec b/gd.spec index 33f64f3..26de3c4 100644 --- a/gd.spec +++ b/gd.spec @@ -5,9 +5,11 @@ %else # Enabled by default %bcond_without liq -%bcond_without raqm %bcond_without avif %endif +# disabled as breaks vertical text +# See https://bugzilla.redhat.com/2022957 +%bcond_with raqm # Not available in Fedora, only in rpmfusion # Also see https://github.com/libgd/libgd/issues/678 segfault %bcond_with heif @@ -16,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 2%{?prever}%{?short}%{?dist} +Release: 3%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -190,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Sep 13 2021 Remi Collet - 2.3.3-3 +- disable libraqm usage, see #2022957 + * Mon Sep 20 2021 Paul Howarth - 2.3.3-2 - Explicitly enable gd/gd2 formats, wanted by perl bindings (#2005916) From b94a8608fa36d8fe79a5bc97d7981d0121cfc71a Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 19 Nov 2021 09:10:47 +0100 Subject: [PATCH 32/56] fix date --- gd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 26de3c4..93f4ac3 100644 --- a/gd.spec +++ b/gd.spec @@ -192,7 +192,7 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog -* Mon Sep 13 2021 Remi Collet - 2.3.3-3 +* Fri Nov 19 2021 Remi Collet - 2.3.3-3 - disable libraqm usage, see #2022957 * Mon Sep 20 2021 Paul Howarth - 2.3.3-2 From 108109b5e00d0e9d78672b3b3db6e77169e0dbf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Mon, 29 Nov 2021 17:54:31 +0100 Subject: [PATCH 33/56] Rebuild for libavif soname bump --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 93f4ac3..f863f3d 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 3%{?prever}%{?short}%{?dist} +Release: 4%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Mon Nov 29 2021 Robert-André Mauchin - 2.3.3-4 +- Rebuild for libavif soname bump + * Fri Nov 19 2021 Remi Collet - 2.3.3-3 - disable libraqm usage, see #2022957 From 8606558b1a2dcc5a74daf511bb42913273e362e7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 20 Jan 2022 04:01:44 +0000 Subject: [PATCH 34/56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index f863f3d..9bb9a52 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 4%{?prever}%{?short}%{?dist} +Release: 5%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jan 20 2022 Fedora Release Engineering - 2.3.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Mon Nov 29 2021 Robert-André Mauchin - 2.3.3-4 - Rebuild for libavif soname bump From d33cb816a61950a92eb2d87426f9a5f1d7a706ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Wed, 22 Jun 2022 16:38:43 +0200 Subject: [PATCH 35/56] Rebuild for new libavif From 9b3b0202ea9fbe47ada73e249c3721472fd42ff0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 21 Jul 2022 04:14:05 +0000 Subject: [PATCH 36/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 9bb9a52..e00679f 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 5%{?prever}%{?short}%{?dist} +Release: 6%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jul 21 2022 Fedora Release Engineering - 2.3.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Thu Jan 20 2022 Fedora Release Engineering - 2.3.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 7d55f74d25a02034f3a1c31801a6b32ca0d8a691 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Sun, 23 Oct 2022 19:59:25 +0200 Subject: [PATCH 37/56] Rebuild for new libavif --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index e00679f..fc03794 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 6%{?prever}%{?short}%{?dist} +Release: 7%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Sun Oct 23 2022 Robert-André Mauchin - 2.3.3-7 +- Rebuild for new libavif + * Thu Jul 21 2022 Fedora Release Engineering - 2.3.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From d027ecf8df4423140aa965110dca20a0c8b7fabf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Sun, 23 Oct 2022 21:21:59 +0200 Subject: [PATCH 38/56] Rebuild for new libavif --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index fc03794..73e8279 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 7%{?prever}%{?short}%{?dist} +Release: 8%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Sun Oct 23 2022 Robert-André Mauchin - 2.3.3-8 +- Rebuild for new libavif + * Sun Oct 23 2022 Robert-André Mauchin - 2.3.3-7 - Rebuild for new libavif From 7218bb5984af9dc9c543fe9eb833669a5456b781 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Thu, 1 Dec 2022 18:07:01 +0100 Subject: [PATCH 39/56] Rebuild for new libavif --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 73e8279..934b958 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 8%{?prever}%{?short}%{?dist} +Release: 9%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Dec 01 2022 Kalev Lember - 2.3.3-9 +- Rebuild for new libavif + * Sun Oct 23 2022 Robert-André Mauchin - 2.3.3-8 - Rebuild for new libavif From 3de2885b1fb80b988c6719c8df80fc5164be06a5 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 04:28:55 +0000 Subject: [PATCH 40/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 934b958..7cb30ae 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 9%{?prever}%{?short}%{?dist} +Release: 10%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 2.3.3-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Thu Dec 01 2022 Kalev Lember - 2.3.3-9 - Rebuild for new libavif From d5f9f168fc8f374f2042c89764d1223cbefc4b75 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Sat, 4 Mar 2023 06:22:26 +0100 Subject: [PATCH 41/56] Rebuild (libimagequant) --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 7cb30ae..b2e23f2 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 10%{?prever}%{?short}%{?dist} +Release: 11%{?prever}%{?short}%{?dist} License: MIT URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Sat Mar 04 2023 Sandro Mani - 2.3.3-11 +- Rebuild (libimagequant) + * Thu Jan 19 2023 Fedora Release Engineering - 2.3.3-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 3a56a132c6aca9beb18b60ced4cb1514ea79724a Mon Sep 17 00:00:00 2001 From: Filip Janus Date: Mon, 6 Mar 2023 09:39:32 +0100 Subject: [PATCH 42/56] migrated to SPDX license From f6d849bb1558db8c31b98a763b9278c125c3ffbe Mon Sep 17 00:00:00 2001 From: Filip Janus Date: Mon, 6 Mar 2023 10:03:17 +0100 Subject: [PATCH 43/56] Fix licence to GD https://spdx.org/licenses/GD.html --- gd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index b2e23f2..22e738e 100644 --- a/gd.spec +++ b/gd.spec @@ -19,7 +19,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 Release: 11%{?prever}%{?short}%{?dist} -License: MIT +License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} # git clone https://github.com/libgd/libgd.git; cd gd-libgd From fb21de21861d8596106dcb9010a0d46b13e2f095 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 28 Jun 2023 16:16:50 -0400 Subject: [PATCH 44/56] Fix build with -march=x86-64-v3 While it hasn't been necessary for x86_64 baseline, setting -march=x86-64-v3 (as in ELN) triggers test failures in gdimagecopyresampled/bug00201 and gdimagegrayscale/basic. Adding -ffp-contract=off as on most other arches avoids that. --- gd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 22e738e..9c0f666 100644 --- a/gd.spec +++ b/gd.spec @@ -145,7 +145,7 @@ CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\ CFLAGS="$CFLAGS -msse -mfpmath=sse" %endif -%ifarch aarch64 ppc64 ppc64le s390 s390x +%ifarch aarch64 ppc64 ppc64le s390 s390x x86_64 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1359680 export CFLAGS="$CFLAGS -ffp-contract=off" %endif From e6c68b14f1f69dc44243b70be0849fb35d72ede1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 20:54:17 +0000 Subject: [PATCH 45/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 9c0f666..057d8b4 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 11%{?prever}%{?short}%{?dist} +Release: 12%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 2.3.3-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Sat Mar 04 2023 Sandro Mani - 2.3.3-11 - Rebuild (libimagequant) From 85c16c5f541595f2f2cac0d0841b4f73381b155f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 20:22:52 +0000 Subject: [PATCH 46/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 057d8b4..1382f27 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 12%{?prever}%{?short}%{?dist} +Release: 13%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 2.3.3-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Wed Jul 19 2023 Fedora Release Engineering - 2.3.3-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From ff7dcbb625abd47a90644807d0dab74dd3fb649f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jan 2024 12:37:27 +0000 Subject: [PATCH 47/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 1382f27..ac033cf 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 13%{?prever}%{?short}%{?dist} +Release: 14%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Jan 24 2024 Fedora Release Engineering - 2.3.3-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 2.3.3-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From d6e08362f428258bbaf36bf71941cc592f27e6bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Wed, 31 Jan 2024 16:25:44 +0100 Subject: [PATCH 48/56] Rebuilt for libavif 1.0.3 --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index ac033cf..7083c0f 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 14%{?prever}%{?short}%{?dist} +Release: 15%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Jan 31 2024 František Zatloukal - 2.3.3-15 +- Rebuilt for libavif 1.0.3 + * Wed Jan 24 2024 Fedora Release Engineering - 2.3.3-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 91aa2f072ab6e6069945b901b3147831fd3f1624 Mon Sep 17 00:00:00 2001 From: David Abdurachmanov Date: Wed, 13 Dec 2023 15:25:50 +0200 Subject: [PATCH 49/56] Enable -ffp-contract=off for riscv64 Signed-off-by: David Abdurachmanov --- gd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 7083c0f..0afbaa4 100644 --- a/gd.spec +++ b/gd.spec @@ -145,7 +145,7 @@ CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\ CFLAGS="$CFLAGS -msse -mfpmath=sse" %endif -%ifarch aarch64 ppc64 ppc64le s390 s390x x86_64 +%ifarch aarch64 ppc64 ppc64le s390 s390x x86_64 riscv64 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1359680 export CFLAGS="$CFLAGS -ffp-contract=off" %endif From 868a48cf0df340fc4a7658ffd07e56be22fbf145 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 6 Mar 2024 12:03:19 +0000 Subject: [PATCH 50/56] Bump and rebuild package (for riscv64) --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 0afbaa4..a7410b3 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 15%{?prever}%{?short}%{?dist} +Release: 16%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Mar 06 2024 Richard W.M. Jones - 2.3.3-16 +- Bump and rebuild package (for riscv64) + * Wed Jan 31 2024 František Zatloukal - 2.3.3-15 - Rebuilt for libavif 1.0.3 From 28a7ac481ea19989414b6d011d1b1555d866d3e1 Mon Sep 17 00:00:00 2001 From: Software Management Team Date: Thu, 30 May 2024 12:46:46 +0200 Subject: [PATCH 51/56] Eliminate use of obsolete %patchN syntax (#2283636) --- gd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gd.spec b/gd.spec index a7410b3..0a3561f 100644 --- a/gd.spec +++ b/gd.spec @@ -117,8 +117,8 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} -%patch0 -p1 -%patch1 -p1 +%patch -P0 -p1 +%patch -P1 -p1 : $(perl config/getver.pl) From c47b15e0da109b8157b6562d51e8fe1b6d510c26 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 18 Jul 2024 00:17:00 +0000 Subject: [PATCH 52/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 0a3561f..5a7ba28 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 16%{?prever}%{?short}%{?dist} +Release: 17%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jul 18 2024 Fedora Release Engineering - 2.3.3-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Wed Mar 06 2024 Richard W.M. Jones - 2.3.3-16 - Bump and rebuild package (for riscv64) From fee8c1495e82652ab6b9b1201180ba0b99773181 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 19:35:32 +0000 Subject: [PATCH 53/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 5a7ba28..4d25aca 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 17%{?prever}%{?short}%{?dist} +Release: 18%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 2.3.3-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Thu Jul 18 2024 Fedora Release Engineering - 2.3.3-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 21929bf17b0dc1489a83cbba54093ecc1809c7a2 Mon Sep 17 00:00:00 2001 From: Filip Janus Date: Sun, 2 Feb 2025 21:54:39 +0000 Subject: [PATCH 54/56] gcc now uses std=gnu23 Use std=gnu17 to avoid errors --- gd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index 4d25aca..eb5f0ce 100644 --- a/gd.spec +++ b/gd.spec @@ -133,7 +133,7 @@ fi %build # Provide a correct default font search path -CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\ +CFLAGS="-std=gnu17 $RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\ /usr/share/fonts/bitstream-vera:\ /usr/share/fonts/dejavu:\ /usr/share/fonts/default/Type1:\ From a641c09bbc2be46de2bf3b35d4603c694e638aef Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 21:10:43 +0000 Subject: [PATCH 55/56] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index eb5f0ce..dbfedeb 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 18%{?prever}%{?short}%{?dist} +Release: 19%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 2.3.3-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Thu Jan 16 2025 Fedora Release Engineering - 2.3.3-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 773db4a7db9fac7962543c0913bf74d33d1d1f4e Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Tue, 9 Sep 2025 22:25:59 +0200 Subject: [PATCH 56/56] Rebuild (libimagequant) --- gd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gd.spec b/gd.spec index dbfedeb..7f22720 100644 --- a/gd.spec +++ b/gd.spec @@ -18,7 +18,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.3.3 -Release: 19%{?prever}%{?short}%{?dist} +Release: 20%{?prever}%{?short}%{?dist} License: GD URL: http://libgd.github.io/ %if 0%{?commit:1} @@ -192,6 +192,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Tue Sep 09 2025 Sandro Mani - 2.3.3-20 +- Rebuild (libimagequant) + * Wed Jul 23 2025 Fedora Release Engineering - 2.3.3-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild