Hello community, here is the log from the commit of package gd for openSUSE:Factory checked in at 2017-08-10 13:43:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gd (Old) and /work/SRC/openSUSE:Factory/.gd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gd" Thu Aug 10 13:43:23 2017 rev:44 rq:511835 version:2.2.4 Changes: -------- --- /work/SRC/openSUSE:Factory/gd/gd.changes 2016-12-13 19:32:31.237931443 +0100 +++ /work/SRC/openSUSE:Factory/.gd.new/gd.changes 2017-08-10 13:43:25.518694184 +0200 @@ -1,0 +2,25 @@ +Fri Jul 21 11:29:06 UTC 2017 - tchvatal@suse.com + +- Add patch gd-rounding.patch +- Set again the cflags so other archs do not fail testsuite + +------------------------------------------------------------------- +Fri Jul 7 10:54:11 UTC 2017 - tchvatal@suse.com + +- Version update to 2.2.4: + * gdImageCreate() doesn't check for oversized images and as such is prone + to DoS vulnerabilities. (CVE-2016-9317) bsc#1022283 + * double-free in gdImageWebPtr() (CVE-2016-6912) bsc#1022284 + * potential unsigned underflow in gd_interpolation.c (CVE-2016-10166) + bsc#1022263 + * DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) + bsc#1022264 + * Signed Integer Overflow gd_io.c (CVE-2016-10168) bsc#1022265 +- Remove patches merged/obsoleted by upstream: + * gd-config.patch + * gd-disable-freetype27-failed-tests.patch + * gd-test-unintialized-var.patch +- Add patch gd-freetype.patch taking patch from upstream for + freetype 2.7 + +------------------------------------------------------------------- Old: ---- gd-config.patch gd-disable-freetype27-failed-tests.patch gd-test-unintialized-var.patch libgd-2.2.3.tar.xz New: ---- gd-freetype.patch gd-rounding.patch libgd-2.2.4.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gd.spec ++++++ --- /var/tmp/diff_new_pack.YuPG2i/_old 2017-08-10 13:43:26.842507831 +0200 +++ /var/tmp/diff_new_pack.YuPG2i/_new 2017-08-10 13:43:26.854506142 +0200 @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,11 +17,9 @@ %define prjname libgd - %define lname libgd3 - Name: gd -Version: 2.2.3 +Version: 2.2.4 Release: 0 Summary: A Drawing Library for Programs That Use PNG and JPEG Output License: MIT @@ -29,35 +27,31 @@ Url: https://libgd.github.io/ Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source1: baselibs.conf -# to be upstreamed, gdlib-config --libs to return the same as pkg-config --libs gdlib -Patch0: gd-config.patch # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) Patch1: gd-fontpath.patch # could be upstreamed, but not in this form (need ac check for attribute format printf, etc.) Patch2: gd-format.patch # could be upstreamed Patch3: gd-aliasing.patch -# PATCH-FIX-UPSTREAM gd-disable-freetype27-failed-tests.patch gh#libgd/libgd#302 badshah400@gmail.com -- Disable for now tests failing against freetype >= 2.7 for being too exact. -Patch5: gd-disable-freetype27-failed-tests.patch -# PATCH-FIX-UPSTREAM gd-test-unintialized-var.patch badshah400@gmail.com -- Initialise a variable in tests/gd2/gd2_read.c to 0 to prevent it from failing to compile with -Werror (only causes problems in no ix86 arch surprisingly); patch sent upstream -Patch6: gd-test-unintialized-var.patch -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: fontconfig-devel -BuildRequires: freetype2-devel +# PATCH-FIX-UPSTREAM: build with newer freetype +Patch4: gd-freetype.patch +# PATCH-FIX-UPSTREAM: fix testfailure on 32b platforms +Patch5: gd-rounding.patch +# needed for tests +BuildRequires: dejavu BuildRequires: libjpeg-devel BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libtool -BuildRequires: libwebp-devel -BuildRequires: pkg-config -BuildRequires: xorg-x11-libX11-devel -BuildRequires: xorg-x11-libXau-devel -BuildRequires: xorg-x11-libXdmcp-devel -BuildRequires: xorg-x11-libXpm-devel +BuildRequires: pkgconfig +BuildRequires: pkgconfig(fontconfig) +BuildRequires: pkgconfig(freetype2) +BuildRequires: pkgconfig(libtiff-4) +BuildRequires: pkgconfig(libwebp) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xau) +BuildRequires: pkgconfig(xdmcp) +BuildRequires: pkgconfig(xpm) Provides: gdlib = %{version} Obsoletes: gdlib < %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Gd allows your code to quickly draw images complete with lines, arcs, @@ -65,11 +59,11 @@ and flood fills. It outputs PNG, JPEG, and WBMP (for wireless devices) and is supported by PHP. -%package -n %lname +%package -n %{lname} Summary: A Drawing Library for Programs That Use PNG and JPEG Output Group: System/Libraries -%description -n %lname +%description -n %{lname} Gd allows your code to quickly draw images complete with lines, arcs, text, and multiple colors. It supports cut and paste from other images and flood fills. It outputs PNG, JPEG, and WBMP (for wireless devices) @@ -78,13 +72,17 @@ %package devel Summary: Drawing Library for Programs with PNG and JPEG Output Group: Development/Libraries/C and C++ -Requires: %lname = %{version} +Requires: %{lname} = %{version} Requires: glibc-devel +Requires: libjpeg-devel Requires: libpng-devel -Requires: libtiff-devel -Requires: libvpx-devel -Requires: libwebp-devel -Requires: zlib-devel +Requires: pkgconfig(libtiff-4) +Requires: pkgconfig(libwebp) +Requires: pkgconfig(libwebpdecoder) +Requires: pkgconfig(libwebpdemux) +Requires: pkgconfig(libwebpmux) +Requires: pkgconfig(vpx) +Requires: pkgconfig(zlib) %description devel gd allows code to quickly draw images complete with lines, arcs, text, @@ -95,53 +93,56 @@ %prep %setup -q -n %{prjname}-%{version} -%patch0 %patch1 %patch2 %patch3 +%patch4 -p1 %patch5 -p1 -%patch6 -p1 %build -autoreconf -fiv - # ADDITIONAL CFLAGS ARE NEEDED TO FIX TEST FAILURES IN CASE OF i586, BUT HARMLESS TO APPLY GENERALLY FOR ALL ix86 %ifarch %{ix86} -export CFLAGS="%optflags -msse -mfpmath=sse" +export CFLAGS="%{optflags} -msse -mfpmath=sse" %else %ifnarch x86_64 -export CFLAGS="%optflags -ffp-contract=off" +export CFLAGS="%{optflags} -ffp-contract=off" %endif %endif # without-x -- useless switch which just mangles cflags %configure \ + --disable-silent-rules \ + --disable-werror \ + --without-liq \ --without-x \ --with-fontconfig \ --with-freetype \ --with-jpeg \ --with-png \ --with-xpm \ - --disable-static \ - --with-pic - + --with-webp \ + --with-zlib \ + --disable-static make %{?_smp_mflags} %check +%ifarch %{ix86} +# See https://github.com/libgd/libgd/issues/359 +XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS" +%endif +export XFAIL_TESTS make check %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install find %{buildroot} -type f -name "*.la" -delete -print -%post -n %lname -p /sbin/ldconfig - -%postun -n %lname -p /sbin/ldconfig +%post -n %{lname} -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig %files -%defattr(-,root,root) -%doc COPYING NEWS examples +%doc COPYING %{_bindir}/annotate %{_bindir}/bdftogd %{_bindir}/gd2copypal @@ -155,13 +156,11 @@ %{_bindir}/pngtogd2 %{_bindir}/webpng -%files -n %lname -%defattr(-,root,root) +%files -n %{lname} %doc COPYING %{_libdir}/*.so.* %files devel -%defattr(-,root,root) %doc COPYING %{_bindir}/gdlib-config %{_includedir}/* ++++++ gd-freetype.patch ++++++
From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker"
Date: Sun, 29 Jan 2017 17:07:50 +0100 Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7
Actually, the test failures are not necessarily related to freetype 2.7, but rather are caused by subpixel hinting which is enabled by default in freetype 2.7. Subpixel hinting is, however, already available in freetype 2.5 and in versions having the "Infinality" patch. To get the expected results in all environments, we have to disable subpixel hinting, what is easily done by setting a respective environment variable. See also: * https://www.freetype.org/freetype2/docs/subpixel-hinting.html * https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html --- tests/freetype/bug00132.c | 3 +++ tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c index 713dd2d0..42ed5b17 100644 --- a/tests/freetype/bug00132.c +++ b/tests/freetype/bug00132.c @@ -11,6 +11,9 @@ int main() char *path; char *ret = NULL; + /* disable subpixel hinting */ + putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); + im = gdImageCreateTrueColor(50, 30); if (!im) { diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c index 0161ec81..1596a9e7 100644 --- a/tests/gdimagestringft/gdimagestringft_bbox.c +++ b/tests/gdimagestringft/gdimagestringft_bbox.c @@ -38,6 +38,9 @@ int main() int error = 0; FILE *fp; + /* disable subpixel hinting */ + putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); + path = gdTestFilePath("freetype/DejaVuSans.ttf"); im = gdImageCreate(800, 800); gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for background color */ ++++++ gd-rounding.patch ++++++
From b7b66ea1ea9191b5bf1c2fdc9c7915c9ba69c4bb Mon Sep 17 00:00:00 2001 From: Remi Collet
Date: Fri, 22 Jul 2016 08:14:12 +0200 Subject: [PATCH] Fix gd2/gd2_read.c:8:6: error: 'error' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Also report about any error, not only the last one. (cherry picked from commit 2b3dd57a6ccb2940f2e9119ae04e14362e2a1f61) --- tests/gd2/gd2_read.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/gd2/gd2_read.c b/tests/gd2/gd2_read.c index 94fe069f..8ce8bd15 100644 --- a/tests/gd2/gd2_read.c +++ b/tests/gd2/gd2_read.c @@ -5,7 +5,7 @@ int main(int argc, char *argv[]) { - int error, i = 0; + int error = 0, i = 0; gdImagePtr im, exp; FILE *fp; char *path[] = { @@ -40,8 +40,6 @@ int main(int argc, char *argv[]) gdTestErrorMsg("image %s differs from expected result\n", path[i]); gdImageDestroy(im); error = 1; - } else { - error = 0; } if (exp) { gdImageDestroy(exp); @@ -52,8 +50,6 @@ int main(int argc, char *argv[]) gdTestErrorMsg("image %s should have failed to be loaded\n", path[i]); gdImageDestroy(im); error = 1; - } else { - error = 0; } } i++; ++++++ libgd-2.2.3.tar.xz -> libgd-2.2.4.tar.xz ++++++ ++++ 41869 lines of diff (skipped)