diff --git a/.gitignore b/.gitignore index f5a85b8..fbe9aec 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ gd-2.0.35.tar.bz2 /libgd-2.1.0-725ba9de4005144d137d2a7a70f760068fc3d306.tgz /libgd-2.1.0.tar.xz /libgd-2.1.1.tar.xz +/libgd-2.2.1.tar.xz diff --git a/gd-2.1.1-libvpx.patch b/gd-2.1.1-libvpx.patch deleted file mode 100644 index c698972..0000000 --- a/gd-2.1.1-libvpx.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d41eb72cd4545c394578332e5c102dee69e02ee8 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Tue, 7 Apr 2015 13:11:03 +0200 -Subject: [PATCH] Fix build with latest libvpx 1.4.0 - -These new constants exist at least since 1.0.0 -Compatibility ones have been droped in 1.4.0 ---- - src/webpimg.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/webpimg.c b/src/webpimg.c -index cf73d64..e49fcc6 100644 ---- a/src/webpimg.c -+++ b/src/webpimg.c -@@ -711,14 +711,14 @@ static WebPResult VPXEncode(const uint8* Y, - codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0); - codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2); - -- vpx_img_wrap(&img, IMG_FMT_I420, -+ vpx_img_wrap(&img, VPX_IMG_FMT_I420, - y_width, y_height, 16, (uint8*)(Y)); -- img.planes[PLANE_Y] = (uint8*)(Y); -- img.planes[PLANE_U] = (uint8*)(U); -- img.planes[PLANE_V] = (uint8*)(V); -- img.stride[PLANE_Y] = y_stride; -- img.stride[PLANE_U] = uv_stride; -- img.stride[PLANE_V] = uv_stride; -+ img.planes[VPX_PLANE_Y] = (uint8*)(Y); -+ img.planes[VPX_PLANE_U] = (uint8*)(U); -+ img.planes[VPX_PLANE_V] = (uint8*)(V); -+ img.stride[VPX_PLANE_Y] = y_stride; -+ img.stride[VPX_PLANE_U] = uv_stride; -+ img.stride[VPX_PLANE_V] = uv_stride; - - res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY); - diff --git a/gd-2.2.1-fix-unused-variable-in-tests.patch b/gd-2.2.1-fix-unused-variable-in-tests.patch new file mode 100644 index 0000000..837bca8 --- /dev/null +++ b/gd-2.2.1-fix-unused-variable-in-tests.patch @@ -0,0 +1,22 @@ +From 7d0d9d2a4f8e48f19e1603c649d4f15d0b9736de Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= +Date: Fri, 20 May 2016 10:44:33 +0200 +Subject: [PATCH] Fix error: unused variable in tests/ + +--- + tests/gdimagesetpixel/gdeffectoverlay.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tests/gdimagesetpixel/gdeffectoverlay.c b/tests/gdimagesetpixel/gdeffectoverlay.c +index 5e42547..7f63e17 100644 +--- a/tests/gdimagesetpixel/gdeffectoverlay.c ++++ b/tests/gdimagesetpixel/gdeffectoverlay.c +@@ -5,8 +5,6 @@ int main() + { + gdImagePtr im; + int x, y, c; +- FILE *out; +- char path[1024]; + int r=0; + + diff --git a/gd-2.2.1-initialize-full_filename.patch b/gd-2.2.1-initialize-full_filename.patch new file mode 100644 index 0000000..93dfab5 --- /dev/null +++ b/gd-2.2.1-initialize-full_filename.patch @@ -0,0 +1,22 @@ +From a184630682c25e314979b459950ec6c81fa82a5f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= +Date: Fri, 20 May 2016 10:15:57 +0200 +Subject: [PATCH] Initialize full_filename in tests/gdimagefile/gdnametest.c + +--- + tests/gdimagefile/gdnametest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/gdimagefile/gdnametest.c b/tests/gdimagefile/gdnametest.c +index 2be648e..a339e69 100644 +--- a/tests/gdimagefile/gdnametest.c ++++ b/tests/gdimagefile/gdnametest.c +@@ -84,7 +84,7 @@ do_test() { + for (n = 0; names[n].nm; n++) { + gdImagePtr orig, copy; + int status; +- char *full_filename; ++ char *full_filename = NULL; + + /* Some image readers are buggy and crash the program so we + * skip them. Bug fixers should remove these from the list of diff --git a/gd-heap-overflow.patch b/gd-heap-overflow.patch deleted file mode 100644 index 92a37c5..0000000 --- a/gd-heap-overflow.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 6f28461..a50b33d 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, - if (gdGetInt (&cidx[i].size, in) != 1) { - goto fail2; - }; -+ if (cidx[i].offset < 0 || cidx[i].size < 0) -+ goto fail2; - }; - *chunkIdx = cidx; - }; -diff --git a/tests/Makefile.am b/tests/Makefile.am -index ed2c35b..b582266 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -129,7 +129,8 @@ endif - - if HAVE_LIBZ - check_PROGRAMS += \ -- gd2/gd2_null -+ gd2/gd2_null \ -+ gd2/gd2_read_corrupt - endif - - if HAVE_LIBPNG -diff --git a/tests/gd2/gd2_read_corrupt.c b/tests/gd2/gd2_read_corrupt.c -new file mode 100644 -index 0000000..11f6a67 ---- /dev/null -+++ b/tests/gd2/gd2_read_corrupt.c -@@ -0,0 +1,25 @@ -+/* Just try to read the invalid gd2 image & not crash. */ -+#include "gd.h" -+#include -+#include -+#include "gdtest.h" -+ -+int main() -+{ -+ gdImagePtr im; -+ FILE *fp; -+ char path[1024]; -+ -+ /* Read the corrupt image. */ -+ sprintf(path, "%s/gd2/invalid_neg_size.gd2", GDTEST_TOP_DIR); -+ fp = fopen(path, "rb"); -+ if (!fp) { -+ printf("failed, cannot open file\n"); -+ return 1; -+ } -+ im = gdImageCreateFromGd2(fp); -+ fclose(fp); -+ -+ /* Should have failed & rejected it. */ -+ return im == NULL ? 0 : 1; -+} - diff --git a/gd.spec b/gd.spec index 8a38f54..dd3eeda 100644 --- a/gd.spec +++ b/gd.spec @@ -4,17 +4,17 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd -Version: 2.1.1 -Release: 7%{?prever}%{?short}%{?dist} +Version: 2.2.1 +Release: 1%{?prever}%{?short}%{?dist} Group: System Environment/Libraries License: MIT -URL: http://libgd.bitbucket.org/ +URL: http://libgd.github.io/ %if 0%{?commit:1} -# git clone git@bitbucket.org:libgd/gd-libgd.git; cd gd-libgd -# git archive --format=tgz --output=libgd-2.1.0-$(git rev-parse master).tgz --prefix=libgd-2.1.0/ master +# git clone https://github.com/libgd/libgd.git; cd gd-libgd +# git archive --format=tgz --output=libgd-%{version}-%{commit}.tgz --prefix=libgd-%{version}/ master Source0: libgd-%{version}-%{commit}.tgz %else -Source0: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}%{?prever:-%{prever}}.tar.xz +Source0: https://github.com/libgd/libgd/releases/download/gd-2.2.1/libgd-2.2.1.tar.xz %endif # Missing in official archive, need for autoreconf Source2: getver.pl @@ -22,8 +22,8 @@ Source2: getver.pl Source3: invalid_neg_size.gd2 Patch1: gd-2.1.0-multilib.patch -Patch2: gd-2.1.1-libvpx.patch -Patch3: gd-heap-overflow.patch +Patch2: gd-2.2.1-initialize-full_filename.patch +Patch3: gd-2.2.1-fix-unused-variable-in-tests.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -31,7 +31,7 @@ BuildRequires: gettext-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel -BuildRequires: libvpx-devel +BuildRequires: libwebp-devel BuildRequires: libX11-devel BuildRequires: libXpm-devel BuildRequires: zlib-devel @@ -68,7 +68,7 @@ Requires: fontconfig-devel%{?_isa} Requires: libjpeg-devel%{?_isa} Requires: libpng-devel%{?_isa} Requires: libtiff-devel%{?_isa} -Requires: libvpx-devel%{?_isa} +Requires: libwebp-devel%{?_isa} Requires: libX11-devel%{?_isa} Requires: libXpm-devel%{?_isa} Requires: zlib-devel%{?_isa} @@ -81,8 +81,8 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} %patch1 -p1 -b .mlib -%patch2 -p1 -b .vpx -%patch3 -p1 +%patch2 -p1 -b .full_filename +%patch3 -p1 -b .unused-variable # Workaround for missing file cp %{SOURCE2} config/getver.pl @@ -108,7 +108,6 @@ CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\ /usr/share/fonts/liberation\"'" %configure \ - --with-vpx=%{_prefix} \ --with-tiff=%{_prefix} \ --disable-rpath make %{?_smp_mflags} @@ -153,6 +152,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %changelog +* Fri May 27 2016 Marek Skalicky - 2.2.1-1 +- Upgrade to 2.2.1 release +- Upstream moved to github.com + * Thu Apr 28 2016 Marek Skalicky - 2.1.1-7 - Fixed heap overflow (CVE-2016-3074) diff --git a/sources b/sources index e60efe5..19470cd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9076f3abd1f9815d106da36467ea15bc libgd-2.1.1.tar.xz +4d3d5b6c77c4875861af1bc663441efd libgd-2.2.1.tar.xz