[arch-commits] Commit in gd/trunk (5 files)

Pierre Schmitz pierre at archlinux.org
Mon Mar 23 18:43:47 UTC 2020


    Date: Monday, March 23, 2020 @ 18:43:46
  Author: pierre
Revision: 378409

upgpkg: gd 2.3.0-1

Modified:
  gd/trunk/PKGBUILD
Deleted:
  gd/trunk/gd-CVE-2018-1000222.patch
  gd/trunk/gd-CVE-2018-5711.patch
  gd/trunk/gd-CVE-2019-6977.patch
  gd/trunk/gd-CVE-2019-6978.patch

---------------------------+
 PKGBUILD                  |   27 +-----
 gd-CVE-2018-1000222.patch |   64 ---------------
 gd-CVE-2018-5711.patch    |   37 --------
 gd-CVE-2019-6977.patch    |   15 ---
 gd-CVE-2019-6978.patch    |  187 --------------------------------------------
 5 files changed, 7 insertions(+), 323 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-03-23 14:29:59 UTC (rev 378408)
+++ PKGBUILD	2020-03-23 18:43:46 UTC (rev 378409)
@@ -1,8 +1,8 @@
 # Maintainer: Pierre Schmitz <pierre at archlinux.de>
 
 pkgname=gd
-pkgver=2.2.5
-pkgrel=2
+pkgver=2.3.0
+pkgrel=1
 pkgdesc="Library for the dynamic creation of images by programmers"
 arch=('x86_64')
 url="https://libgd.github.io/"
@@ -10,27 +10,12 @@
 depends=('fontconfig' 'libxpm' 'libwebp')
 optdepends=('perl: bdftogd script')
 checkdepends=('ttf-liberation')
-source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz"
-        'gd-CVE-2018-1000222.patch' 'gd-CVE-2018-5711.patch'
-        'gd-CVE-2019-6977.patch' 'gd-CVE-2019-6978.patch')
-sha1sums=('b777b005c401b6fa310ccf09eeb29f6c6e17ab2c'
-          'f17097d44735face67cf5eb3c85878f45d0f72c9'
-          '4a4c0acc19ee4d5ceb6dd8b090b65381a39bf18e'
-          'bd2444b04cf648d9bc60268f0c890c5950a46d36'
-          'fc04932562f7a806a6041605bde43976c173a646')
+source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz")
+sha1sums=('ec75c84aa6326a7ade3302d5c18471f440b2ca1e')
 
-prepare() {
+build() {
   cd libgd-${pkgver}
-  # security patches from openSUSE:
-  # https://build.opensuse.org/package/show/openSUSE:Factory/gd
-  patch -p1 -i "${srcdir}/gd-CVE-2018-1000222.patch"
-  patch -p1 -i "${srcdir}/gd-CVE-2018-5711.patch"
-  patch -p1 -i "${srcdir}/gd-CVE-2019-6977.patch"
-  patch -p1 -i "${srcdir}/gd-CVE-2019-6978.patch"
-}
 
-build() {
-  cd libgd-${pkgver}
   ./configure \
     --prefix=/usr \
     --disable-rpath
@@ -39,11 +24,13 @@
 
 check() {
   cd libgd-${pkgver}
+
   make check
 }
 
 package() {
   cd libgd-${pkgver}
+
   make DESTDIR="${pkgdir}" install
   install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
 }

Deleted: gd-CVE-2018-1000222.patch
===================================================================
--- gd-CVE-2018-1000222.patch	2020-03-23 14:29:59 UTC (rev 378408)
+++ gd-CVE-2018-1000222.patch	2020-03-23 18:43:46 UTC (rev 378409)
@@ -1,64 +0,0 @@
-diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index bde0b9d3..78f40d9a 100644
---- a/src/gd_bmp.c
-+++ b/src/gd_bmp.c
-@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
- static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
- static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
- 
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
-+
- #define BMP_DEBUG(s)
- 
- static int gdBMPPutWord(gdIOCtx *out, int w)
-@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageBmpCtx(im, out, compression);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageBmpCtx(im, out, compression))
-+		rv = gdDPExtractData(out, size);
-+	else
-+		rv = NULL;
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
- 		compression - whether to apply RLE or not.
- */
- BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
-+{
-+	_gdImageBmpCtx(im, out, compression);
-+}
-+
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- {
- 	int bitmap_size = 0, info_size, total_size, padding;
- 	int i, row, xpos, pixel;
-@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
- 	FILE *tmpfile_for_compression = NULL;
- 	gdIOCtxPtr out_original = NULL;
-+	int ret = 1;
- 
- 	/* No compression if its true colour or we don't support seek */
- 	if (im->trueColor) {
-@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 		out_original = NULL;
- 	}
- 
-+	ret = 0;
- cleanup:
- 	if (tmpfile_for_compression) {
- #ifdef _WIN32
-@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 	if (out_original) {
- 		out_original->gd_free(out_original);
- 	}
--	return;
-+	return ret;
- }
- 
- static int compress_row(unsigned char *row, int length)
-

Deleted: gd-CVE-2018-5711.patch
===================================================================
--- gd-CVE-2018-5711.patch	2020-03-23 14:29:59 UTC (rev 378408)
+++ gd-CVE-2018-5711.patch	2020-03-23 18:43:46 UTC (rev 378409)
@@ -1,37 +0,0 @@
-Index: libgd-2.2.5/src/gd_gif_in.c
-===================================================================
---- libgd-2.2.5.orig/src/gd_gif_in.c	2018-01-22 15:19:35.417382486 +0100
-+++ libgd-2.2.5/src/gd_gif_in.c	2018-01-22 15:21:28.683291084 +0100
-@@ -335,11 +335,6 @@ terminated:
- 		return 0;
- 	}
- 
--	if(!im->colorsTotal) {
--		gdImageDestroy(im);
--		return 0;
--	}
--
- 	/* Check for open colors at the end, so
- 	 * we can reduce colorsTotal and ultimately
- 	 * BitsPerPixel */
-@@ -351,6 +346,11 @@ terminated:
- 		}
- 	}
- 
-+	if(!im->colorsTotal) {
-+		gdImageDestroy(im);
-+		return 0;
-+	}
-+
- 	return im;
- }
- 
-@@ -447,7 +447,7 @@ static int
- GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
- {
- 	int i, j, ret;
--	unsigned char count;
-+	int count;
- 
- 	if(flag) {
- 		scd->curbit = 0;

Deleted: gd-CVE-2019-6977.patch
===================================================================
--- gd-CVE-2019-6977.patch	2020-03-23 14:29:59 UTC (rev 378408)
+++ gd-CVE-2019-6977.patch	2020-03-23 18:43:46 UTC (rev 378409)
@@ -1,15 +0,0 @@
-Index: libgd-2.2.5/src/gd_color_match.c
-===================================================================
---- libgd-2.2.5.orig/src/gd_color_match.c	2019-01-31 12:56:44.944336318 +0100
-+++ libgd-2.2.5/src/gd_color_match.c	2019-01-31 12:58:11.368836899 +0100
-@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm
- 		return -4; /* At least 1 color must be allocated */
- 	}
- 
--	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
--	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
-+	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
-+	memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
- 
- 	for (x=0; x < im1->sx; x++) {
- 		for( y=0; y<im1->sy; y++ ) {

Deleted: gd-CVE-2019-6978.patch
===================================================================
--- gd-CVE-2019-6978.patch	2020-03-23 14:29:59 UTC (rev 378408)
+++ gd-CVE-2019-6978.patch	2020-03-23 18:43:46 UTC (rev 378409)
@@ -1,187 +0,0 @@
-Index: libgd-2.2.5/src/gd_gif_out.c
-===================================================================
---- libgd-2.2.5.orig/src/gd_gif_out.c	2017-08-30 13:05:54.000000000 +0200
-+++ libgd-2.2.5/src/gd_gif_out.c	2019-01-31 09:47:44.703693790 +0100
-@@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx);
- static void char_out(int c, GifCtx *ctx);
- static void flush_char(GifCtx *ctx);
- 
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out);
- 
- 
- 
-@@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImag
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageGifCtx(im, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageGifCtx(im, out)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -221,6 +225,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr
- */
- BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- {
-+	_gdImageGifCtx(im, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
-+{
- 	gdImagePtr pim = 0, tim = im;
- 	int interlace, BitsPerPixel;
- 	interlace = im->interlace;
-@@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP
- 		based temporary image. */
- 		pim = gdImageCreatePaletteFromTrueColor(im, 1, 256);
- 		if(!pim) {
--			return;
-+			return 1;
- 		}
- 		tim = pim;
- 	}
-@@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP
- 		/* Destroy palette based temporary image. */
- 		gdImageDestroy(	pim);
- 	}
-+
-+	return 0;
- }
- 
- 
-Index: libgd-2.2.5/src/gd_jpeg.c
-===================================================================
---- libgd-2.2.5.orig/src/gd_jpeg.c	2017-08-30 13:05:54.000000000 +0200
-+++ libgd-2.2.5/src/gd_jpeg.c	2019-01-31 09:47:44.707693815 +0100
-@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_pt
- 	exit(99);
- }
- 
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
-+
- /*
-  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
-  * QUALITY.  If QUALITY is in the range 0-100, increasing values
-@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdIma
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageJpegCtx(im, out, quality);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageJpegCtx(im, out, quality)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -260,6 +265,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr ci
- */
- BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- {
-+	_gdImageJpegCtx(im, outfile, quality);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
-+{
- 	struct jpeg_compress_struct cinfo;
- 	struct jpeg_error_mgr jerr;
- 	int i, j, jidx;
-@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage
- 		if(row) {
- 			gdFree(row);
- 		}
--		return;
-+		return 1;
- 	}
- 
- 	cinfo.err->emit_message = jpeg_emit_message;
-@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage
- 	if(row == 0) {
- 		gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n");
- 		jpeg_destroy_compress(&cinfo);
--		return;
-+		return 1;
- 	}
- 
- 	rowptr[0] = row;
-@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage
- 	jpeg_finish_compress(&cinfo);
- 	jpeg_destroy_compress(&cinfo);
- 	gdFree(row);
-+	return 0;
- }
- 
- 
-Index: libgd-2.2.5/src/gd_wbmp.c
-===================================================================
---- libgd-2.2.5.orig/src/gd_wbmp.c	2017-08-30 13:05:54.000000000 +0200
-+++ libgd-2.2.5/src/gd_wbmp.c	2019-01-31 09:47:44.707693815 +0100
-@@ -88,6 +88,8 @@ int gd_getin(void *in)
- 	return (gdGetC((gdIOCtx *)in));
- }
- 
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
-+
- /*
- 	Function: gdImageWBMPCtx
- 
-@@ -101,13 +103,19 @@ int gd_getin(void *in)
- */
- BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- {
-+	_gdImageWBMPCtx(image, fg, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
-+{
- 	int x, y, pos;
- 	Wbmp *wbmp;
- 
- 	/* create the WBMP */
- 	if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) {
- 		gd_error("Could not create WBMP\n");
--		return;
-+		return 1;
- 	}
- 
- 	/* fill up the WBMP structure */
-@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImage
- 
- 	/* write the WBMP to a gd file descriptor */
- 	if(writewbmp(wbmp, &gd_putout, out)) {
-+		freewbmp(wbmp);
- 		gd_error("Could not save WBMP\n");
-+		return 1;
- 	}
- 
- 	/* des submitted this bugfix: gdFree the memory. */
- 	freewbmp(wbmp);
-+
-+	return 0;
- }
- 
- /*
-@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdIma
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageWBMPCtx(im, fg, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageWBMPCtx(im, fg, out)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }



More information about the arch-commits mailing list