From c98f6ba9aa1c95efea371035155689b556c829fe Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 6 Jan 2024 04:20:09 +0100 Subject: [PATCH] update to 2.1.0 [release 2.1.0-1mamba;Mon Jan 27 2014] --- README.md | 3 + gd-2.0.35-CVE_2007_0455.patch | 13 +++ gd-2.0.35-default_fontpath.patch | 11 +++ gd-2.0.35-gd_gif_loop.patch | 23 +++++ gd-2.0.35-libpng-1.6.patch | 30 ++++++ libgd.spec | 158 +++++++++++++++++++++++++++++++ 6 files changed, 238 insertions(+) create mode 100644 gd-2.0.35-CVE_2007_0455.patch create mode 100644 gd-2.0.35-default_fontpath.patch create mode 100644 gd-2.0.35-gd_gif_loop.patch create mode 100644 gd-2.0.35-libpng-1.6.patch create mode 100644 libgd.spec diff --git a/README.md b/README.md index 2b9084c..de52ba0 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # libgd +GD is a graphics library. +It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. GD does not create GIF images. + diff --git a/gd-2.0.35-CVE_2007_0455.patch b/gd-2.0.35-CVE_2007_0455.patch new file mode 100644 index 0000000..ccb8a5f --- /dev/null +++ b/gd-2.0.35-CVE_2007_0455.patch @@ -0,0 +1,13 @@ +--- gd-2.0.35/gd_gd.c 2006-04-05 17:52:22.000000000 +0200 ++++ gd-2.0.35/gd_gd.c_CVE-2007-0455 2008-10-25 11:40:40.000000000 +0200 +@@ -149,6 +149,10 @@ _gdCreateFromFile (gdIOCtx * in, int *sx + { + im = gdImageCreate (*sx, *sy); + } ++ if (!im) ++ { ++ goto fail1; ++ } + if (!_gdGetColors (in, im, gd2xFlag)) + { + goto fail2; diff --git a/gd-2.0.35-default_fontpath.patch b/gd-2.0.35-default_fontpath.patch new file mode 100644 index 0000000..3fba909 --- /dev/null +++ b/gd-2.0.35-default_fontpath.patch @@ -0,0 +1,11 @@ +--- gd-2.0.35/Makefile.in 2007-04-23 16:57:51.000000000 +0200 ++++ gd-2.0.35/Makefile.in.def_fontpath 2008-10-25 12:17:52.000000000 +0200 +@@ -227,7 +227,7 @@ + AWK = @AWK@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +-CFLAGS = @CFLAGS@ ++CFLAGS = @CFLAGS@ -D_DEFAULT_FONTPATH="/usr/lib/X11/fonts/TTF:/usr/lib/X11/fonts/Type1:/usr/share/fonts/liberation:/usr/share/fonts/msttcorefonts:/usr/share/fonts/truetype" + CPP = @CPP@ + CPPFLAGS = @CPPFLAGS@ + CXX = @CXX@ diff --git a/gd-2.0.35-gd_gif_loop.patch b/gd-2.0.35-gd_gif_loop.patch new file mode 100644 index 0000000..8ef2d8c --- /dev/null +++ b/gd-2.0.35-gd_gif_loop.patch @@ -0,0 +1,23 @@ +--- gd-2.0.35/gd_gif_in.c 2007-06-14 21:51:41.000000000 +0200 ++++ gd-2.0.35/gd_gif_in.c.loop 2008-10-25 11:51:59.000000000 +0200 +@@ -453,16 +453,17 @@ LWZReadByte_(gdIOCtx *fd, LZW_STATIC_DAT + return sd->firstcode; + } else if (code == sd->end_code) { + int count; ++ int max_count = 1024; + unsigned char buf[260]; + + if (*ZeroDataBlockP) + return -2; + +- while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0) ++ while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --max_count >= 0 ) + ; + +- if (count != 0) +- return -2; ++ if (count != 0 || max_count < 0 ) ++ return -2; + } + + incode = code; diff --git a/gd-2.0.35-libpng-1.6.patch b/gd-2.0.35-libpng-1.6.patch new file mode 100644 index 0000000..cf8b92e --- /dev/null +++ b/gd-2.0.35-libpng-1.6.patch @@ -0,0 +1,30 @@ +Call the libpng12-confg and libpng-config specified by +$LIBPNG12_CONFIG and $LIBPNG_CONFIG variables that are set by +ac_cv_path_LIBPNG12_CONFIG and ac_cv_path_LIBPNG_CONFIG. This is +important for cross compiler that need to get the staging settings +instead of the host settings. + +Signed-off-by: Jean-Christian de Rivaz + +diff -Nura gd-2.0.35.orig/configure.ac gd-2.0.35/configure.ac +--- gd-2.0.35.orig/configure.ac 2013-01-18 02:00:59.000000000 +0100 ++++ gd-2.0.35/configure.ac 2013-01-18 02:01:44.000000000 +0100 +@@ -353,14 +353,14 @@ + AC_PATH_PROG([LIBPNG12_CONFIG], [libpng12-config]) + AC_PATH_PROG([LIBPNG_CONFIG], [libpng-config]) + if test -n "$LIBPNG12_CONFIG"; then +- libpng_CPPFLAGS=`libpng12-config --cflags` ++ libpng_CPPFLAGS=`$LIBPNG12_CONFIG --cflags` + # should be --ldopts, but it's currently broken +- libpng_LDFLAGS=`libpng12-config --ldflags` ++ libpng_LDFLAGS=`$LIBPNG12_CONFIG --ldflags` + libpng_LDFLAGS=`echo " $libpng_LDFLAGS" | sed 's/ -l[[^ ]][[^ ]]*//g'` + elif test -n "$LIBPNG_CONFIG"; then +- libpng_CPPFLAGS=`libpng-config --cflags` ++ libpng_CPPFLAGS=`$LIBPNG_CONFIG --cflags` + # should be --ldopts, but it's currently broken +- libpng_LDFLAGS=`libpng-config --ldflags` ++ libpng_LDFLAGS=`$LIBPNG_CONFIG --ldflags` + libpng_LDFLAGS=`echo " $libpng_LDFLAGS" | sed 's/ -l[[^ ]][[^ ]]*//g'` + elif test -d "$withval"; then + libpng_CPPFLAGS="-I$withval/include" diff --git a/libgd.spec b/libgd.spec new file mode 100644 index 0000000..ce7e3b1 --- /dev/null +++ b/libgd.spec @@ -0,0 +1,158 @@ +%define libname libgd + +Name: libgd +Version: 2.1.0 +Release: 1mamba +Summary: A library used to create PNG, JPEG, or WBMP images +Group: System/Libraries +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://libgd.bitbucket.org/ +Source: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}.tar.xz +Patch0: gd-2.0.35-CVE_2007_0455.patch +Patch1: gd-2.0.35-gd_gif_loop.patch +# see "DEFAULT_FONTPATH" in index.html +Patch2: gd-2.0.35-default_fontpath.patch +Patch3: gd-2.0.35-libpng-1.6.patch +License: BSD +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libX11-devel +BuildRequires: libXpm-devel +BuildRequires: libfontconfig-devel +BuildRequires: libfreetype-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: libtiff-devel +BuildRequires: libvpx-devel +BuildRequires: libz-devel +BuildRequires: perl-devel +## AUTOBUILDREQ-END +BuildRequires: gettext-devel >= 0.14.4 +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +GD is a graphics library. +It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. GD does not create GIF images. + +%package devel +Summary: Static libraries and headers for %{name} +Group: Development/Libraries +Requires: libgd = %{version}-%{release} + +%description devel +GD is a graphics library. +It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. GD does not create GIF images. + +This package contains static libraries and header files need for development. + +%package utils +Summary: The utils files for %{name} +Group: Applications/Multimedia +Requires: %{libname} = %{version}-%{release} +Provides: gd-utils +Obsoletes: gd-utils + +%description utils +The gd-utils package includes utility programs supplied with gd, a graphics library for creating PNG and JPEG images. + +%prep +%setup -q + +%build +%configure +%make + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%files +%defattr(-,root,root) +%{_libdir}/libgd.so.* +%doc COPYING + +%files devel +%defattr(-,root,root) +%{_bindir}/gdlib-config +%{_includedir}/*.h +%{_libdir}/libgd.a +%{_libdir}/libgd.la +%{_libdir}/libgd.so +%{_libdir}/pkgconfig/gdlib.pc + +%files utils +%defattr(-,root,root) +%{_bindir}/annotate +%{_bindir}/bdftogd +%{_bindir}/gd2copypal +%{_bindir}/gd2togif +%{_bindir}/gd2topng +%{_bindir}/gdcmpgif +%{_bindir}/gdparttopng +%{_bindir}/gdtopng +%{_bindir}/giftogd2 +%{_bindir}/pngtogd +%{_bindir}/pngtogd2 +%{_bindir}/webpng + +%changelog +* Mon Jan 27 2014 Silvan Calarco 2.1.0-1mamba +- update to 2.1.0 + +* Fri Aug 30 2013 Silvan Calarco 2.0.35-6mamba +- rebuilt with libpng 1.6 really (added patch) + +* Tue Aug 27 2013 Silvan Calarco 2.0.35-5mamba +- libpng 1.6 mass rebuild + +* Fri Jul 02 2010 Silvan Calarco 2.0.35-4mamba +- rebuilt with libpng 1.4 and libjpeg 8 + +* Thu Jun 03 2010 Silvan Calarco 2.0.35-3mamba +- rebuilt with current libjpeg + +* Sat Oct 25 2008 Aleph0 2.0.35-2mamba +- fixed permissions of the documentation files +- security update: CVE-2007-0455 (gd buffer overrun) +- prevent from an infinite loop when decoding bad GIF images + +* Mon Jun 16 2008 Silvan Calarco 2.0.35-1mamba +- update to 2.0.35 + +* Mon Mar 19 2007 Silvan Calarco 2.0.34-1qilnx +- update to version 2.0.34 by autospec + +* Thu Jun 29 2006 Davide Madrisan 2.0.33-3qilnx +- security update: CAN-2006-2906 (qibug:186) + +* Wed Apr 13 2005 Davide Madrisan 2.0.33-2qilnx +- added gd-utils package +- fixed security issue QSA-2005-043 (CAN-2004-0941) +- added %%post and %%postun scripts + +* Fri Nov 05 2004 Davide Madrisan 2.0.33-1qilnx +- update to version 2.0.33 by autospec +- also fix security issue QSA-2004-050 (CAN-2004-0990) + +* Tue Jul 27 2004 Silvan Calarco 2.0.28-1qilnx +- new version build + +* Tue Jul 01 2004 Silvan Calarco 2.0.26-2qilnx +- added *.so inclusion in devel package + +* Tue Jun 29 2004 Silvan Calarco 2.0.26-1qilnx +- new version build + +* Tue Dec 30 2003 Silvan Calarco 2.0.17-1qilnx +- new version rebuild + +* Fri Jun 06 2003 Silvan Calarco 2.0.15-1qilnx +- creation of libgd package