OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gd?expand=0&rev=5

2007-07-10 12:34:15 +00:00 · 2007-07-10 12:34:15 +00:00 · b9a6e5a681
commit b9a6e5a681
parent 38bd119cba
7 changed files with 63 additions and 36 deletions
--- a/gd-2.0.34.tar.bz2
+++ b/gd-2.0.34.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:66baa531a860ca3e071d47eec7c0823c534a8a4dadf4cba6d17eeb6d4159d22f
-size 1135372
--- a/gd-2.0.35-warn.patch
+++ b/gd-2.0.35-warn.patch
--- a/gd-2.0.35.tar.bz2
+++ b/gd-2.0.35.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bf222490749d2a9a9ac3593b01eb55aed98461ff81202414707f61b42aa300f9
+size 1212730
--- a/gd-png-loop-CVE-2007-2756.patch
+++ b/gd-png-loop-CVE-2007-2756.patch
@ -1,15 +0,0 @@
--- gd_png.c	1 Apr 2007 20:41:01 -0000	1.21.2.1
-+++ gd_png.c	16 May 2007 19:06:11 -0000
-@@ -81,7 +81,11 @@ gdPngErrorHandler (png_structp png_ptr, 
- static void
- gdPngReadData (png_structp png_ptr, png_bytep data, png_size_t length)
- {
-  gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
-+  int check;
-+  check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
-+  if (check != length) {
-+    png_error(png_ptr, "Read Error: truncated data");
-+  }
- }
- 
- static void
--- a/gd-security.patch
+++ b/gd-security.patch
@ -1,22 +1,13 @@
 --- gd.c
 +++ gd.c
-@@ -147,6 +151,7 @@
+@@ -147,6 +147,7 @@
   }
-   memset (im, 0, sizeof (gdImage));
+ 
   if (overflow2(sizeof (int *), sy)) {
 +    gdFree(im);
     return 0;
   }
-   im->tpixels = (int **) gdMalloc (sizeof (int *) * sy);
-@@ -2757,6 +2762,8 @@
-     }
-   bytes = (w * h / 8) + 1;
-   im = gdImageCreate (w, h);
-+  if (!im)
-+    return NULL;
-   gdImageColorAllocate (im, 255, 255, 255);
-   gdImageColorAllocate (im, 0, 0, 0);
-   x = 0;
+ 
 --- gd_gd.c
 +++ gd_gd.c
@@ -149,6 +149,8 @@
--- a/gd.changes
+++ b/gd.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Mon Jul  9 09:09:51 CEST 2007 - anosek@suse.cz
+
+- updated to version 2.0.35
+  * Fix valgrind error in gdImageFillTiled (Nuno Lopes)
+  * Add missing custom cmake macros (required for the tests suite)
+  * Avoid signature buffer copy  in gd_gif_c (Nuno Lopes)
+  * Race condition in gdImageStringFTEx (Antony Dogval, Pierre
+    Scott MacVicar)
+  * Reading GIF images is not thread safe (static usage in private
+    functions) (Roman Nemecek, Nuno Lopes, Pierre)
+  * GIF Local palette is read twice
+  * GIF, Use local frame dimension when possible instead of the
+    logical screen size (Pierre)
+  * GIF, do not try to use the global colmap if it does not exist
+    (Nuno Lopes, Pierre)
+  * gdImageAALine draws axis lines with two pixels width (Pierre)
+  * gdImageArc CPU usage with large angles (Pierre)
+  * gdImageFilledRectangle regression fixed when used with reversed
+    edges (Pierre)
+  * Possible infinite loop in libgd/gd_png.c, flaw found by Xavier
+    Roche (Pierre)
+  * Fixed segfault when an invalid color index is present in a GIF
+    image data, reported by Elliot <wccode at gmail dot com> (Pierre)
+  * Possible integer overflow in gdImageCreateTrueColor (Pierre)
+    gdImageCreateXbm can crash if gdImageCreate fails (Pierre)
+- dropped obsolete patches (png-loop-CVE-2007-2756.patch)
+
 -------------------------------------------------------------------
 Tue May 29 17:16:32 CEST 2007 - nadvornik@suse.cz

--- a/gd.spec
+++ b/gd.spec
@ -1,5 +1,5 @@
 #
-# spec file for package gd (Version 2.0.34)
+# spec file for package gd (Version 2.0.35)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@ -16,9 +16,9 @@ License:        X11/MIT
 Group:          System/Libraries
 Obsoletes:      gdlib 
 Autoreqprov:    on
-Version:        2.0.34
-Release:        21
-URL:            http://www.boutell.com/gd/
+Version:        2.0.35
+Release:        1
+URL:            http://www.libgd.org/
 Summary:        A Drawing Library for Programs That Use PNG and JPEG Output
 Source:         gd-%{version}.tar.bz2
 Patch0:         gd-%{version}-warn.patch
@ -27,7 +27,6 @@ Patch2:         gd-format.patch
 Patch3:         gd-aliasing.patch
 Patch4:         gd-security.patch
 Patch6:         gd-fontpath.patch
-Patch7:         gd-png-loop-CVE-2007-2756.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -69,7 +68,6 @@ Authors:
 %patch3
 %patch4
 %patch6
-%patch7

 %build
 %{suse_update_config -f}
@ -138,6 +136,31 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.la

 %changelog
+* Mon Jul 09 2007 - anosek@suse.cz
+- updated to version 2.0.35
+  * Fix valgrind error in gdImageFillTiled (Nuno Lopes)
+  * Add missing custom cmake macros (required for the tests suite)
+  * Avoid signature buffer copy  in gd_gif_c (Nuno Lopes)
+  * Race condition in gdImageStringFTEx (Antony Dogval, Pierre
+  Scott MacVicar)
+  * Reading GIF images is not thread safe (static usage in private
+  functions) (Roman Nemecek, Nuno Lopes, Pierre)
+  * GIF Local palette is read twice
+  * GIF, Use local frame dimension when possible instead of the
+  logical screen size (Pierre)
+  * GIF, do not try to use the global colmap if it does not exist
+  (Nuno Lopes, Pierre)
+  * gdImageAALine draws axis lines with two pixels width (Pierre)
+  * gdImageArc CPU usage with large angles (Pierre)
+  * gdImageFilledRectangle regression fixed when used with reversed
+  edges (Pierre)
+  * Possible infinite loop in libgd/gd_png.c, flaw found by Xavier
+  Roche (Pierre)
+  * Fixed segfault when an invalid color index is present in a GIF
+  image data, reported by Elliot <wccode at gmail dot com> (Pierre)
+  * Possible integer overflow in gdImageCreateTrueColor (Pierre)
+  gdImageCreateXbm can crash if gdImageCreate fails (Pierre)
+- dropped obsolete patches (png-loop-CVE-2007-2756.patch)
 * Tue May 29 2007 - nadvornik@suse.cz
 - fixed infinite loop on truncated png images
  CVE-2007-2756 [#276525]