From ff3f68b87a72fea2b14726bc0c3feea913412a34 Mon Sep 17 00:00:00 2001 From: Jozef Mlich Date: Jan 14 2015 12:52:36 +0000 Subject: Update to 2.1.1 final Resolves: #1181972 --- diff --git a/.gitignore b/.gitignore index 1150b94..f5a85b8 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ clog gd-2.0.35.tar.bz2 /libgd-2.1.0-725ba9de4005144d137d2a7a70f760068fc3d306.tgz /libgd-2.1.0.tar.xz +/libgd-2.1.1.tar.xz diff --git a/gd-2.1.0-color_c_null_pointer.patch b/gd-2.1.0-color_c_null_pointer.patch deleted file mode 100644 index a34cc94..0000000 --- a/gd-2.1.0-color_c_null_pointer.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Mon, 4 Aug 2014 10:31:25 +0200 -Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126 - ---- - src/gdxpm.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff -up ./src/gdxpm.c.1076676 ./src/gdxpm.c ---- ./src/gdxpm.c.1076676 2013-06-25 11:58:23.000000000 +0200 -+++ ./src/gdxpm.c 2015-01-08 13:39:36.600424371 +0100 -@@ -49,6 +49,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro - if(overflow2(sizeof(int), number)) { - goto done; - } -+ for(i = 0; i < number; i++) { -+ /* -+ avoid NULL pointer dereference -+ TODO better fix need to manage monochrome/monovisual -+ see m_color or g4_color or g_color -+ */ -+ if (!image.colorTable[i].c_color) { -+ goto done; -+ } -+ } - - colors = (int *)gdMalloc(sizeof(int) * number); - if(colors == NULL) { diff --git a/gd-fixautoconf.patch b/gd-fixautoconf.patch deleted file mode 100644 index 0ee26f7..0000000 --- a/gd-fixautoconf.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libgd-2.1.0/configure.ac.orig 2013-12-15 19:20:24.569994500 +0000 -+++ libgd-2.1.0/configure.ac 2013-12-15 19:20:38.010142489 +0000 -@@ -45,7 +45,7 @@ - FEATURES="GD_GIF GD_GIFANIM GD_OPENPOLYGON" - AC_SUBST(FEATURES) - --AM_INIT_AUTOMAKE([foreign dist-bzip2 dist-xz -Wall -Werror]) -+AM_INIT_AUTOMAKE([foreign dist-bzip2 dist-xz subdir-objects -Wall -Werror]) - AC_CONFIG_HEADERS([src/config.h:src/config.hin]) - - dnl newer automake wants this, but we still want to work with older diff --git a/gd.spec b/gd.spec index 72b65d3..86843cc 100644 --- a/gd.spec +++ b/gd.spec @@ -4,8 +4,8 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd -Version: 2.1.0 -Release: 8%{?prever}%{?short}%{?dist} +Version: 2.1.1 +Release: 1%{?prever}%{?short}%{?dist} Group: System Environment/Libraries License: MIT URL: http://libgd.bitbucket.org/ @@ -17,8 +17,6 @@ Source0: libgd-%{version}-%{commit}.tgz Source0: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}%{?prever:-%{prever}}.tar.xz %endif Patch1: gd-2.1.0-multilib.patch -Patch2: gd-fixautoconf.patch -Patch3: gd-2.1.0-color_c_null_pointer.patch BuildRequires: freetype-devel BuildRequires: fontconfig-devel @@ -75,8 +73,6 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %prep %setup -q -n libgd-%{version}%{?prever:-%{prever}} %patch1 -p1 -b .mlib -%patch2 -p1 -b .automake -%patch3 -p1 -b .color_c_null_pointer # https://bitbucket.org/libgd/gd-libgd/issue/77 sed -e '/GD_VERSION_STRING/s/-alpha//' \ @@ -141,7 +137,11 @@ make check %changelog -* Thu Jan 08 2015 Jozef Mlich - 2.1.1-1 +- Update to 2.1.1 final + Resolves: #1181972 + +* Thu Jan 08 2015 Jozef Mlich - 2.1.0-8 - Resolves: #1076676 CVE-2014-2497 Previous patch indroduced memory leak. Using upstream version. https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704 diff --git a/sources b/sources index 9b5e5cb..e60efe5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -03588159bf4faab9079849c8d709acc6 libgd-2.1.0.tar.xz +9076f3abd1f9815d106da36467ea15bc libgd-2.1.1.tar.xz