[packages/gd] - new URLs, updated to 2.2.3 (fixes CVE-2015-8874 CVE-2016-3074 CVE-2016-5766 CVE-2016-5767 CVE-2016
qboosh
qboosh at pld-linux.org
Sun Aug 28 13:19:27 CEST 2016
commit 35d1d5c8943c9359387c8c8c0c4516faf0daff43
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sun Aug 28 13:20:45 2016 +0200
- new URLs, updated to 2.2.3 (fixes CVE-2015-8874 CVE-2016-3074 CVE-2016-5766 CVE-2016-5767 CVE-2016-6128 CVE-2016-6132 CVE-2016-6207 CVE-2016-6214)
- removed obsolete missing,version patches
- removed outdated libvpx2 patch (WebP is now supported via libwebp instead of libvpx)
- old liq patch obsolete; added new one which workarounds allocation alignment issues with SSE-enabled libimagequant
- set XFAIL for tests failing due to known reason
- disable liq by default (breaks transparency handling in TrueColor->palette conversion)
gd-liq.patch | 34 +++++++++++-----------------------
gd-missing.patch | 45 ---------------------------------------------
gd-version.patch | 11 -----------
gd.spec | 54 ++++++++++++++++++++++++++++++++++--------------------
libvpx2.patch | 24 ------------------------
5 files changed, 45 insertions(+), 123 deletions(-)
---
diff --git a/gd.spec b/gd.spec
index e00b4a5..07e0565 100644
--- a/gd.spec
+++ b/gd.spec
@@ -1,32 +1,31 @@
#
# Conditional build:
%bcond_without fontconfig # fontconfig support
-%bcond_without libimagequant # LIQ quantization method support
+%bcond_with libimagequant # LIQ quantization method support (breaks transparency in TrueColor->palette conversion)
+%bcond_with sse # SSE math on ix86
%bcond_without xpm # XPM support (requires X11 libs)
%bcond_without tests # "make check"
#
+%ifarch pentium3 pentium4
+%define with_ssemath 1
+%endif
Summary: Library for PNG, JPEG creation
Summary(es.UTF-8): Biblioteca para manipulación de imágenes
Summary(pl.UTF-8): Biblioteka do tworzenia grafiki w formacie PNG, JPEG
Summary(pt_BR.UTF-8): Biblioteca para manipulação de imagens
Name: gd
-Version: 2.1.1
-Release: 5
+Version: 2.2.3
+Release: 1
License: BSD-like
Group: Libraries
#Source0Download: https://github.com/libgd/libgd/releases
-# future versions:
-#Source0: https://github.com/libgd/libgd/archive/%{name}-%{version}.tar.gz
-Source0: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}.tar.xz
-# Source0-md5: 9076f3abd1f9815d106da36467ea15bc
+Source0: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/lib%{name}-%{version}.tar.xz
+# Source0-md5: 14e4134c129b4c166c3a0549a32ef340
Patch0: %{name}-fontpath.patch
Patch1: %{name}-2.0.33-BoxBound.patch
Patch2: %{name}-loop.patch
-Patch3: libvpx2.patch
-Patch4: %{name}-missing.patch
-Patch5: %{name}-version.patch
-Patch6: %{name}-liq.patch
-URL: http://www.libgd.org/
+Patch3: %{name}-liq.patch
+URL: https://libgd.github.io/
BuildRequires: autoconf >= 2.54
BuildRequires: automake
%{?with_fontconfig:BuildRequires: fontconfig-devel}
@@ -37,7 +36,7 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel >= 2:1.4.0
BuildRequires: libtiff-devel >= 4
BuildRequires: libtool >= 2:2
-BuildRequires: libvpx-devel
+BuildRequires: libwebp-devel
BuildRequires: pkgconfig
BuildRequires: sed >= 4
BuildRequires: tar >= 1:1.22
@@ -96,7 +95,7 @@ Requires: freetype-devel >= 1:2.1.10
Requires: libjpeg-devel
Requires: libpng-devel
Requires: libtiff-devel >= 4
-Requires: libvpx-devel
+Requires: libwebp-devel
%{?with_xpm:Requires: xorg-lib-libXpm-devel}
Requires: zlib-devel
Provides: gd-devel(gif) = %{version}-%{release}
@@ -165,9 +164,6 @@ para uso pelos programas que usam a libgd.
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
# hack to avoid inclusion of -s in --ldflags
%{__sed} -i -e 's, at LDFLAGS@,,g' config/gdlib-config.in
@@ -180,15 +176,33 @@ para uso pelos programas que usam a libgd.
%{__automake}
%{__autoheader}
%{__autoconf}
+%ifarch %{ix86}
+%if %{with sse}
+CFLAGS="%{rpmcflags} -msse -mfpmath=sse"
+%endif
+%endif
%configure \
%{!?with_fontconfig:--without-fontconfig} \
- %{!?with_libimagequant:--without-libimagequant} \
+ %{!?with_libimagequant:--without-liq} \
%{!?with_xpm:--without-xpm}
%{__make}
%if %{with tests}
-# https://bitbucket.org/libgd/gd-libgd/issue/72/gdimagestringft_bbox-test-fails-on-old
-export XFAIL_TESTS=gdimagestringft/gdimagestringft_bbox
+# https://bitbucket.org/libgd/gd-libgd/issue/72/gdimagestringft_bbox-test-fails-on-old (what is the exact reason???)
+XFAIL_TESTS=gdimagestringft/gdimagestringft_bbox
+%ifarch %{ix86}
+%if %{without ssemath}
+# 387 arithmetic is inexact, https://github.com/libgd/libgd/issues/242
+XFAIL_TESTS="$XFAIL_TESTS gdimagecopyresampled/bug00201 gdimagerotate/bug00067"
+%endif
+%endif
+%if %{with libimagequant}
+# liq quantization method doesn't support alpha channel in a way expected by gd
+XFAIL_TESTS="$XFAIL_TESTS gif/bug00006"
+%endif
+# freetype TTF rendering difference?
+XFAIL_TESTS="$XFAIL_TESTS freetype/bug00132"
+export XFAIL_TESTS
%{__make} check
%endif
diff --git a/gd-liq.patch b/gd-liq.patch
index 3ad5467..85d456f 100644
--- a/gd-liq.patch
+++ b/gd-liq.patch
@@ -1,23 +1,11 @@
---- libgd-2.1.1/configure.ac.orig 2015-06-19 20:50:19.125019013 +0200
-+++ libgd-2.1.1/configure.ac 2015-06-21 16:12:24.498467052 +0200
-@@ -154,6 +154,20 @@
- fi
- AM_CONDITIONAL([HAVE_LIBPNG], test "$with_png" = yes)
-
-+dnl LIQ
-+AC_ARG_WITH(libimagequant,dnl
-+[ --with-libimagequant=DIR where to find the libimagequant library],
-+ [if test -d "$withval"; then
-+ LDFLAGS="$LDFLAGS -L$withval/lib"
-+ CFLAGS="$CFLAGS -I$withval/include"
-+ fi])
-+
-+if test "$with_libimagequant" != no; then
-+ AC_CHECK_HEADER([libimagequant.h])
-+ AC_CHECK_LIB(imagequant, liq_attr_create,
-+ [LIBS="-limagequant $LIBS"])
-+fi
-+
- dnl FreeType configure tests snarfed from libwmf ..
- AC_ARG_WITH(freetype,dnl
- [ --with-freetype=DIR where to find the freetype 2.x library]])
+--- libgd-2.2.3/src/gd_topal.c.orig 2016-07-21 10:06:42.000000000 +0200
++++ libgd-2.2.3/src/gd_topal.c 2016-08-27 21:45:24.911652643 +0200
+@@ -1545,7 +1545,7 @@
+ #ifdef HAVE_LIBIMAGEQUANT
+ if (oim->paletteQuantizationMethod == GD_QUANT_DEFAULT ||
+ oim->paletteQuantizationMethod == GD_QUANT_LIQ) {
+- liq_attr *attr = liq_attr_create_with_allocator(gdMalloc, gdFree);
++ liq_attr *attr = liq_attr_create(); // not passing gdMalloc/gdFree as allocators: they are just malloc/free, but liq requires 16-byte alignment
+ liq_image *image;
+ liq_result *remap;
+ int remapped_ok = 0;
diff --git a/gd-missing.patch b/gd-missing.patch
deleted file mode 100644
index 18de618..0000000
--- a/gd-missing.patch
+++ /dev/null
@@ -1,45 +0,0 @@
---- libgd-2.1.1/config/getver.pl.orig 1970-01-01 01:00:00.000000000 +0100
-+++ libgd-2.1.1/config/getver.pl 2015-06-19 20:37:05.518385651 +0200
-@@ -0,0 +1,42 @@
-+#!/usr/bin/env perl
-+
-+# Simple script to extract the version number parts from src/gd.h. If
-+# called with the middle word of the version macro, it prints the
-+# value of that macro. If called with no argument, it outputs a
-+# human-readable version string. This must be run in the project
-+# root. It is used by configure.ac and docs/naturaldocs/run_docs.sh.
-+
-+use strict;
-+
-+my $key = shift;
-+my @version_parts = ();
-+
-+open FH, "<src/gd.h" # old-style filehandle for max. portability
-+ or die "Unable to open 'version.h' for reading.\n";
-+
-+while(<FH>) {
-+ next unless m{version605b5d1778};
-+ next unless /^#define\s+GD_([A-Z0-9]+)_VERSION+\s+(\S+)/;
-+ my ($lk, $lv) = ($1, $2);
-+ if ($lk eq $key) {
-+ chomp $lv;
-+ $lv =~ s/"//g;
-+
-+ print $lv; # no newline
-+ exit(0); # success!
-+ }
-+
-+ push @version_parts, $lv if (!$key);
-+}
-+
-+close(FH);
-+
-+if (scalar @version_parts == 4) {
-+ my $result = join(".", @version_parts[0..2]);
-+ $result .= $version_parts[3];
-+ $result =~ s/"//g;
-+ print $result;
-+ exit(0);
-+}
-+
-+exit(1); # failure
diff --git a/gd-version.patch b/gd-version.patch
deleted file mode 100644
index 9aa5bdb..0000000
--- a/gd-version.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- libgd-2.1.1/configure.ac.orig 2015-06-19 20:38:02.458383261 +0200
-+++ libgd-2.1.1/configure.ac 2015-06-19 20:48:54.771689220 +0200
-@@ -27,6 +27,8 @@
- GDLIB_REVISION=gd_REVISION
- GDLIB_EXTRA=gd_EXTRA
- GDLIB_VERSION=gd_PKG_VERSION
-+AC_SUBST(GDLIB_MAJOR)
-+AC_SUBST(GDLIB_MINOR)
-
- # Dynamic library version information
- # See http://www.gnu.org/software/libtool/manual/libtool.html#Updating-version-info
diff --git a/libvpx2.patch b/libvpx2.patch
deleted file mode 100644
index 50e1afd..0000000
--- a/libvpx2.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- libgd-2.1.1/src/webpimg.c.orig 2015-05-23 21:28:59.036681960 +0200
-+++ libgd-2.1.1/src/webpimg.c 2015-05-23 21:29:28.300382040 +0200
-@@ -711,14 +711,14 @@
- codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0);
- codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2);
-
-- vpx_img_wrap(&img, IMG_FMT_I420,
-+ vpx_img_wrap(&img, VPX_IMG_FMT_I420,
- y_width, y_height, 16, (uint8*)(Y));
-- img.planes[PLANE_Y] = (uint8*)(Y);
-- img.planes[PLANE_U] = (uint8*)(U);
-- img.planes[PLANE_V] = (uint8*)(V);
-- img.stride[PLANE_Y] = y_stride;
-- img.stride[PLANE_U] = uv_stride;
-- img.stride[PLANE_V] = uv_stride;
-+ img.planes[VPX_PLANE_Y] = (uint8*)(Y);
-+ img.planes[VPX_PLANE_U] = (uint8*)(U);
-+ img.planes[VPX_PLANE_V] = (uint8*)(V);
-+ img.stride[VPX_PLANE_Y] = y_stride;
-+ img.stride[VPX_PLANE_U] = uv_stride;
-+ img.stride[VPX_PLANE_V] = uv_stride;
-
- res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY);
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/gd.git/commitdiff/35d1d5c8943c9359387c8c8c0c4516faf0daff43
More information about the pld-cvs-commit
mailing list