subject:"\[arch\-commits\] Commit in gd\/trunk \(5 files\)"

[arch-commits] Commit in gd/trunk (5 files)

2020-03-23 Thread Pierre Schmitz via arch-commits

Date: Monday, March 23, 2020 @ 18:43:46
  Author: pierre
Revision: 378409

upgpkg: gd 2.3.0-1

Modified:
  gd/trunk/PKGBUILD
Deleted:
  gd/trunk/gd-CVE-2018-1000222.patch
  gd/trunk/gd-CVE-2018-5711.patch
  gd/trunk/gd-CVE-2019-6977.patch
  gd/trunk/gd-CVE-2019-6978.patch

---+
 PKGBUILD  |   27 +-
 gd-CVE-2018-1000222.patch |   64 ---
 gd-CVE-2018-5711.patch|   37 
 gd-CVE-2019-6977.patch|   15 ---
 gd-CVE-2019-6978.patch|  187 
 5 files changed, 7 insertions(+), 323 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2020-03-23 14:29:59 UTC (rev 378408)
+++ PKGBUILD2020-03-23 18:43:46 UTC (rev 378409)
@@ -1,8 +1,8 @@
 # Maintainer: Pierre Schmitz 
 
 pkgname=gd
-pkgver=2.2.5
-pkgrel=2
+pkgver=2.3.0
+pkgrel=1
 pkgdesc="Library for the dynamic creation of images by programmers"
 arch=('x86_64')
 url="https://libgd.github.io/;
@@ -10,27 +10,12 @@
 depends=('fontconfig' 'libxpm' 'libwebp')
 optdepends=('perl: bdftogd script')
 checkdepends=('ttf-liberation')
-source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz;
-'gd-CVE-2018-1000222.patch' 'gd-CVE-2018-5711.patch'
-'gd-CVE-2019-6977.patch' 'gd-CVE-2019-6978.patch')
-sha1sums=('b777b005c401b6fa310ccf09eeb29f6c6e17ab2c'
-  'f17097d44735face67cf5eb3c85878f45d0f72c9'
-  '4a4c0acc19ee4d5ceb6dd8b090b65381a39bf18e'
-  'bd2444b04cf648d9bc60268f0c890c5950a46d36'
-  'fc04932562f7a806a6041605bde43976c173a646')
+source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz;)
+sha1sums=('ec75c84aa6326a7ade3302d5c18471f440b2ca1e')
 
-prepare() {
+build() {
   cd libgd-${pkgver}
-  # security patches from openSUSE:
-  # https://build.opensuse.org/package/show/openSUSE:Factory/gd
-  patch -p1 -i "${srcdir}/gd-CVE-2018-1000222.patch"
-  patch -p1 -i "${srcdir}/gd-CVE-2018-5711.patch"
-  patch -p1 -i "${srcdir}/gd-CVE-2019-6977.patch"
-  patch -p1 -i "${srcdir}/gd-CVE-2019-6978.patch"
-}
 
-build() {
-  cd libgd-${pkgver}
   ./configure \
 --prefix=/usr \
 --disable-rpath
@@ -39,11 +24,13 @@
 
 check() {
   cd libgd-${pkgver}
+
   make check
 }
 
 package() {
   cd libgd-${pkgver}
+
   make DESTDIR="${pkgdir}" install
   install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
 }

Deleted: gd-CVE-2018-1000222.patch
===
--- gd-CVE-2018-1000222.patch   2020-03-23 14:29:59 UTC (rev 378408)
+++ gd-CVE-2018-1000222.patch   2020-03-23 18:43:46 UTC (rev 378409)
@@ -1,64 +0,0 @@
-diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index bde0b9d3..78f40d9a 100644
 a/src/gd_bmp.c
-+++ b/src/gd_bmp.c
-@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, 
bmp_info_t *info, bmp
- static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, 
bmp_hdr_t *header);
- static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
- 
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
-+
- #define BMP_DEBUG(s)
- 
- static int gdBMPPutWord(gdIOCtx *out, int w)
-@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, 
int compression)
-   void *rv;
-   gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
-   if (out == NULL) return NULL;
--  gdImageBmpCtx(im, out, compression);
--  rv = gdDPExtractData(out, size);
-+  if (!_gdImageBmpCtx(im, out, compression))
-+  rv = gdDPExtractData(out, size);
-+  else
-+  rv = NULL;
-   out->gd_free(out);
-   return rv;
- }
-@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE 
*outFile, int compression)
-   compression - whether to apply RLE or not.
- */
- BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int 
compression)
-+{
-+  _gdImageBmpCtx(im, out, compression);
-+}
-+
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- {
-   int bitmap_size = 0, info_size, total_size, padding;
-   int i, row, xpos, pixel;
-@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr 
out, int compression)
-   unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
-   FILE *tmpfile_for_compression = NULL;
-   gdIOCtxPtr out_original = NULL;
-+  int ret = 1;
- 
-   /* No compression if its true colour or we don't support seek */
-   if (im->trueColor) {
-@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr 
out, int compression)
-   out_original = NULL;
-   }
- 
-+  ret = 0;
- cleanup:
-   if (tmpfile_for_compression) {
- #ifdef _WIN32
-@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr 
out, int compression)
-

[arch-commits] Commit in gd/trunk (5 files)

2019-05-12 Thread Pierre Schmitz via arch-commits

Date: Sunday, May 12, 2019 @ 09:04:13
  Author: pierre
Revision: 352911

Fix several security issues

Unfortunately upstream does not provide updated releases

Added:
  gd/trunk/gd-CVE-2018-1000222.patch
  gd/trunk/gd-CVE-2018-5711.patch
  gd/trunk/gd-CVE-2019-6977.patch
  gd/trunk/gd-CVE-2019-6978.patch
Modified:
  gd/trunk/PKGBUILD

---+
 PKGBUILD  |   25 -
 gd-CVE-2018-1000222.patch |   64 +++
 gd-CVE-2018-5711.patch|   37 
 gd-CVE-2019-6977.patch|   15 +++
 gd-CVE-2019-6978.patch|  187 
 5 files changed, 323 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2019-05-12 06:56:40 UTC (rev 352910)
+++ PKGBUILD2019-05-12 09:04:13 UTC (rev 352911)
@@ -2,7 +2,7 @@
 
 pkgname=gd
 pkgver=2.2.5
-pkgrel=1
+pkgrel=2
 pkgdesc="Library for the dynamic creation of images by programmers"
 arch=('x86_64')
 url="https://libgd.github.io/;
@@ -10,9 +10,25 @@
 depends=('fontconfig' 'libxpm' 'libwebp')
 optdepends=('perl: bdftogd script')
 checkdepends=('ttf-liberation')
-source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz;)
-md5sums=('8d8d6a6189513ecee6e893b1fb109bf8')
+source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz;
+'gd-CVE-2018-1000222.patch' 'gd-CVE-2018-5711.patch'
+'gd-CVE-2019-6977.patch' 'gd-CVE-2019-6978.patch')
+sha1sums=('b777b005c401b6fa310ccf09eeb29f6c6e17ab2c'
+  'f17097d44735face67cf5eb3c85878f45d0f72c9'
+  '4a4c0acc19ee4d5ceb6dd8b090b65381a39bf18e'
+  'bd2444b04cf648d9bc60268f0c890c5950a46d36'
+  'fc04932562f7a806a6041605bde43976c173a646')
 
+prepare() {
+  cd libgd-${pkgver}
+  # security patches from openSUSE:
+  # https://build.opensuse.org/package/show/openSUSE:Factory/gd
+  patch -p1 -i "${srcdir}/gd-CVE-2018-1000222.patch"
+  patch -p1 -i "${srcdir}/gd-CVE-2018-5711.patch"
+  patch -p1 -i "${srcdir}/gd-CVE-2019-6977.patch"
+  patch -p1 -i "${srcdir}/gd-CVE-2019-6978.patch"
+}
+
 build() {
   cd libgd-${pkgver}
   ./configure \
@@ -23,8 +39,7 @@
 
 check() {
   cd libgd-${pkgver}
-  # see https://github.com/libgd/libgd/issues/302
-  [[ ${CARCH} == 'i686' ]] || 
FREETYPE_PROPERTIES='truetype:interpreter-version=35' make check
+  make check
 }
 
 package() {

Added: gd-CVE-2018-1000222.patch
===
--- gd-CVE-2018-1000222.patch   (rev 0)
+++ gd-CVE-2018-1000222.patch   2019-05-12 09:04:13 UTC (rev 352911)
@@ -0,0 +1,64 @@
+diff --git a/src/gd_bmp.c b/src/gd_bmp.c
+index bde0b9d3..78f40d9a 100644
+--- a/src/gd_bmp.c
 b/src/gd_bmp.c
+@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, 
bmp_info_t *info, bmp
+ static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, 
bmp_hdr_t *header);
+ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
+ 
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
++
+ #define BMP_DEBUG(s)
+ 
+ static int gdBMPPutWord(gdIOCtx *out, int w)
+@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, 
int compression)
+   void *rv;
+   gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+   if (out == NULL) return NULL;
+-  gdImageBmpCtx(im, out, compression);
+-  rv = gdDPExtractData(out, size);
++  if (!_gdImageBmpCtx(im, out, compression))
++  rv = gdDPExtractData(out, size);
++  else
++  rv = NULL;
+   out->gd_free(out);
+   return rv;
+ }
+@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE 
*outFile, int compression)
+   compression - whether to apply RLE or not.
+ */
+ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int 
compression)
++{
++  _gdImageBmpCtx(im, out, compression);
++}
++
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ {
+   int bitmap_size = 0, info_size, total_size, padding;
+   int i, row, xpos, pixel;
+@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr 
out, int compression)
+   unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
+   FILE *tmpfile_for_compression = NULL;
+   gdIOCtxPtr out_original = NULL;
++  int ret = 1;
+ 
+   /* No compression if its true colour or we don't support seek */
+   if (im->trueColor) {
+@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr 
out, int compression)
+   out_original = NULL;
+   }
+ 
++  ret = 0;
+ cleanup:
+   if (tmpfile_for_compression) {
+ #ifdef _WIN32
+@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr 
out, int compression)
+   if (out_original) {
+

[arch-commits] Commit in gd/trunk (5 files)

[arch-commits] Commit in gd/trunk (5 files)

2 matches

Site Navigation

Mail list logo

Footer information