diff --git a/gd-freetype.patch b/gd-freetype.patch deleted file mode 100644 index aad178c..0000000 --- a/gd-freetype.patch +++ /dev/null @@ -1,51 +0,0 @@ -From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Sun, 29 Jan 2017 17:07:50 +0100 -Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7 - -Actually, the test failures are not necessarily related to freetype -2.7, but rather are caused by subpixel hinting which is enabled by -default in freetype 2.7. Subpixel hinting is, however, already -available in freetype 2.5 and in versions having the "Infinality" -patch. - -To get the expected results in all environments, we have to disable -subpixel hinting, what is easily done by setting a respective -environment variable. - -See also: -* https://www.freetype.org/freetype2/docs/subpixel-hinting.html -* https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html ---- - tests/freetype/bug00132.c | 3 +++ - tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++ - 2 files changed, 6 insertions(+) - -diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c -index 713dd2d0..42ed5b17 100644 ---- a/tests/freetype/bug00132.c -+++ b/tests/freetype/bug00132.c -@@ -11,6 +11,9 @@ int main() - char *path; - char *ret = NULL; - -+ /* disable subpixel hinting */ -+ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); -+ - im = gdImageCreateTrueColor(50, 30); - - if (!im) { -diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c -index 0161ec81..1596a9e7 100644 ---- a/tests/gdimagestringft/gdimagestringft_bbox.c -+++ b/tests/gdimagestringft/gdimagestringft_bbox.c -@@ -38,6 +38,9 @@ int main() - int error = 0; - FILE *fp; - -+ /* disable subpixel hinting */ -+ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); -+ - path = gdTestFilePath("freetype/DejaVuSans.ttf"); - im = gdImageCreate(800, 800); - gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for background color */ diff --git a/gd-rounding.patch b/gd-rounding.patch deleted file mode 100644 index 855bd58..0000000 --- a/gd-rounding.patch +++ /dev/null @@ -1,44 +0,0 @@ -From b7b66ea1ea9191b5bf1c2fdc9c7915c9ba69c4bb Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Fri, 22 Jul 2016 08:14:12 +0200 -Subject: [PATCH] Fix gd2/gd2_read.c:8:6: error: 'error' may be used - uninitialized in this function [-Werror=maybe-uninitialized] - -Also report about any error, not only the last one. - -(cherry picked from commit 2b3dd57a6ccb2940f2e9119ae04e14362e2a1f61) ---- - tests/gd2/gd2_read.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/tests/gd2/gd2_read.c b/tests/gd2/gd2_read.c -index 94fe069f..8ce8bd15 100644 ---- a/tests/gd2/gd2_read.c -+++ b/tests/gd2/gd2_read.c -@@ -5,7 +5,7 @@ - - int main(int argc, char *argv[]) - { -- int error, i = 0; -+ int error = 0, i = 0; - gdImagePtr im, exp; - FILE *fp; - char *path[] = { -@@ -40,8 +40,6 @@ int main(int argc, char *argv[]) - gdTestErrorMsg("image %s differs from expected result\n", path[i]); - gdImageDestroy(im); - error = 1; -- } else { -- error = 0; - } - if (exp) { - gdImageDestroy(exp); -@@ -52,8 +50,6 @@ int main(int argc, char *argv[]) - gdTestErrorMsg("image %s should have failed to be loaded\n", path[i]); - gdImageDestroy(im); - error = 1; -- } else { -- error = 0; - } - } - i++; diff --git a/gd.changes b/gd.changes index dfa02a4..fc47f74 100644 --- a/gd.changes +++ b/gd.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Tue Sep 5 13:49:20 UTC 2017 - pgajdos@suse.com + +- Version update to 2.2.5: + ### Security + - Double-free in gdImagePngPtr(). (CVE-2017-6362) + - Buffer over-read into uninitialized memory. (CVE-2017-7890) + + ### Fixed + - Fix #109: XBM reading fails with printed error + - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable + - Fix #357: 2.2.4: Segfault in test suite + - Fix #386: gdImageGrayScale() may produce colors + - Fix #406: webpng -i removes the transparent color + - Fix Coverity #155475: Failure to restore alphaBlendingFlag + - Fix Coverity #155476: potential resource leak + - Fix several build issues and test failures + - Fix and reenable optimized support for reading 1 bps TIFFs + + ### Added + - The native MSVC buildchain now supports libtiff and most executables +- removed patches (upstreamed): + . gd-freetype.patch + . gd-rounding.patch + ------------------------------------------------------------------- Tue Aug 15 09:19:05 UTC 2017 - lnussel@suse.de diff --git a/gd.spec b/gd.spec index ad86ead..e2d10a7 100644 --- a/gd.spec +++ b/gd.spec @@ -19,7 +19,7 @@ %define prjname libgd %define lname libgd3 Name: gd -Version: 2.2.4 +Version: 2.2.5 Release: 0 Summary: A Drawing Library for Programs That Use PNG and JPEG Output License: MIT @@ -33,10 +33,6 @@ Patch1: gd-fontpath.patch Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -# PATCH-FIX-UPSTREAM: build with newer freetype -Patch4: gd-freetype.patch -# PATCH-FIX-UPSTREAM: fix testfailure on 32b platforms -Patch5: gd-rounding.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -96,8 +92,7 @@ the formats accepted for inline images by most browsers. %patch1 %patch2 %patch3 -%patch4 -p1 -%patch5 -p1 +chmod 644 COPYING %build # ADDITIONAL CFLAGS ARE NEEDED TO FIX TEST FAILURES IN CASE OF i586, BUT HARMLESS TO APPLY GENERALLY FOR ALL ix86 diff --git a/libgd-2.2.4.tar.xz b/libgd-2.2.4.tar.xz deleted file mode 100644 index 46c5744..0000000 --- a/libgd-2.2.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6 -size 2478528 diff --git a/libgd-2.2.5.tar.xz b/libgd-2.2.5.tar.xz new file mode 100644 index 0000000..0756229 --- /dev/null +++ b/libgd-2.2.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51 +size 2594092