import gd-2.2.5-7.el8

.gd.metadata

@@ -0,0 +1 @@
+49de358fd02f7e8d881a7533c5116b118916d88a SOURCES/libgd-2.2.5.tar.xz

.gitignore

@@ -0,0 +1 @@
+SOURCES/libgd-2.2.5.tar.xz

SOURCES/gd-2.1.0-multilib.patch

@@ -0,0 +1,33 @@
+diff -up gd-2.1.0/config/gdlib-config.in.multilib gd-2.1.0/config/gdlib-config.in
+--- gd-2.1.0/config/gdlib-config.in.multilib	2013-04-21 16:58:17.820010758 +0200
++++ gd-2.1.0/config/gdlib-config.in	2013-04-21 16:59:27.896317922 +0200
+@@ -7,9 +7,10 @@
+ # installation directories
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+-libdir=@libdir@
++libdir=`pkg-config gdlib --variable=libdir`
+ includedir=@includedir@
+ bindir=@bindir@
++ldflags=`pkg-config gdlib --variable=ldflags`
+ 
+ usage()
+ {
+@@ -68,7 +69,7 @@ while test $# -gt 0; do
+ 	echo @GDLIB_REVISION@
+ 	;;
+     --ldflags)
+-	echo @LDFLAGS@
++	echo $ldflags
+ 	;;
+     --libs)
+ 	echo -lgd @LIBS@ @LIBICONV@
+@@ -83,7 +84,7 @@ while test $# -gt 0; do
+ 	echo "GD library  @VERSION@"
+ 	echo "includedir: $includedir"
+ 	echo "cflags:     -I@includedir@"
+-	echo "ldflags:    @LDFLAGS@"
++	echo "ldflags:    $ldflags"
+ 	echo "libs:       @LIBS@ @LIBICONV@"
+ 	echo "libdir:     $libdir"
+ 	echo "features:   @FEATURES@"

SOURCES/gd-2.2.5-gdImageBmpPtr-double-free.patch

@@ -0,0 +1,73 @@
+From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 14 Jul 2018 13:54:08 -0400
+Subject: [PATCH] bmp: check return value in gdImageBmpPtr
+
+Closes #447.
+---
+ src/gd_bmp.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/src/gd_bmp.c b/src/gd_bmp.c
+index bde0b9d3..78f40d9a 100644
+--- a/src/gd_bmp.c
++++ b/src/gd_bmp.c
+@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
+ static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
+ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
+ 
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
++
+ #define BMP_DEBUG(s)
+ 
+ static int gdBMPPutWord(gdIOCtx *out, int w)
+@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageBmpCtx(im, out, compression);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageBmpCtx(im, out, compression))
++		rv = gdDPExtractData(out, size);
++	else
++		rv = NULL;
+ 	out->gd_free(out);
+ 	return rv;
+ }
+@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
+ 		compression - whether to apply RLE or not.
+ */
+ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
++{
++	_gdImageBmpCtx(im, out, compression);
++}
++
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ {
+ 	int bitmap_size = 0, info_size, total_size, padding;
+ 	int i, row, xpos, pixel;
+@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
+ 	FILE *tmpfile_for_compression = NULL;
+ 	gdIOCtxPtr out_original = NULL;
++	int ret = 1;
+ 
+ 	/* No compression if its true colour or we don't support seek */
+ 	if (im->trueColor) {
+@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 		out_original = NULL;
+ 	}
+ 
++	ret = 0;
+ cleanup:
+ 	if (tmpfile_for_compression) {
+ #ifdef _WIN32
+@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 	if (out_original) {
+ 		out_original->gd_free(out_original);
+ 	}
+-	return;
++	return ret;
+ }
+ 
+ static int compress_row(unsigned char *row, int length)

SOURCES/gd-2.2.5-null-pointer.patch

@@ -0,0 +1,74 @@
+From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com>
+Date: Fri, 20 Dec 2019 12:03:33 -0300
+Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone()
+
+---
+ src/gd.c                          |  9 +--------
+ tests/gdimageclone/style.c        | 30 ++++++++++++++++++++++++++++++
+ 5 files changed, 35 insertions(+), 9 deletions(-)
+ create mode 100644 tests/gdimageclone/style.c
+
+diff --git a/src/gd.c b/src/gd.c
+index 592a0286..d564d1f9 100644
+--- a/src/gd.c
++++ b/src/gd.c
+@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+ 		}
+ 	}
+ 
+-	if (src->styleLength > 0) {
+-		dst->styleLength = src->styleLength;
+-		dst->stylePos    = src->stylePos;
+-		for (i = 0; i < src->styleLength; i++) {
+-			dst->style[i] = src->style[i];
+-		}
+-	}
+-
+ 	dst->interlace   = src->interlace;
+ 
+ 	dst->alphaBlendingFlag = src->alphaBlendingFlag;
+@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+ 
+ 	if (src->style) {
+ 		gdImageSetStyle(dst, src->style, src->styleLength);
++		dst->stylePos = src->stylePos;
+ 	}
+ 
+ 	for (i = 0; i < gdMaxColors; i++) {
+diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c
+new file mode 100644
+index 00000000..c2b246ed
+--- /dev/null
++++ b/tests/gdimageclone/style.c
+@@ -0,0 +1,30 @@
++/**
++ * Cloning an image should exactly reproduce all style related data
++ */
++
++
++#include <string.h>
++#include "gd.h"
++#include "gdtest.h"
++
++
++int main()
++{
++    gdImagePtr im, clone;
++    int style[] = {0, 0, 0};
++
++    im = gdImageCreate(8, 8);
++    gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0]));
++
++    clone = gdImageClone(im);
++    gdTestAssert(clone != NULL);
++
++    gdTestAssert(clone->styleLength == im->styleLength);
++    gdTestAssert(clone->stylePos == im->stylePos);
++    gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0])));
++
++    gdImageDestroy(clone);
++    gdImageDestroy(im);
++
++    return gdNumFailures();
++}

SOURCES/gd-2.2.5-out-of-bounds-write-on-heap.patch

@@ -0,0 +1,120 @@
+From 5b026e3cc05d7041cbe47a8702f1b51ffbf0a99b Mon Sep 17 00:00:00 2001
+From: Ondrej Dubaj <odubaj@redhat.com>
+Date: Thu, 5 Mar 2020 11:02:27 +0100
+Subject: [PATCH] Imagecolormatch Out Of Bounds Write on Heap
+
+At least some of the image reading functions may return images which
+use color indexes greater than or equal to im->colorsTotal.  We cater
+to this by always using a buffer size which is sufficient for
+`gdMaxColors` in `gdImageColorMatch()`.
+
+Resolves: #1678104
+Version: 2.2.5-7
+---
+ src/gd_color_match.c                    |  4 ++--
+ tests/CMakeLists.txt                    |  1 +
+ tests/Makefile.am                       |  1 +
+ tests/gdimagecolormatch/CMakeLists.txt  |  5 +++++
+ tests/gdimagecolormatch/Makemodule.am   |  5 +++++
+ tests/gdimagecolormatch/cve_2019_6977.c | 25 +++++++++++++++++++++++++
+ 6 files changed, 39 insertions(+), 2 deletions(-)
+ create mode 100644 tests/gdimagecolormatch/CMakeLists.txt
+ create mode 100644 tests/gdimagecolormatch/Makemodule.am
+ create mode 100644 tests/gdimagecolormatch/cve_2019_6977.c
+
+diff --git a/src/gd_color_match.c b/src/gd_color_match.c
+index f0842b6..a94a841 100755
+--- a/src/gd_color_match.c
++++ b/src/gd_color_match.c
+@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2)
+ 		return -4; /* At least 1 color must be allocated */
+ 	}
+ 
+-	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
+-	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
++	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
++	memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
+ 
+ 	for (x=0; x < im1->sx; x++) {
+ 		for( y=0; y<im1->sy; y++ ) {
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index 7eef4bf..6979416 100755
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -31,6 +31,7 @@ if (BUILD_TEST)
+ 		gdimagecolordeallocate
+ 		gdimagecolorexact
+ 		gdimagecolorreplace
++		gdimagecolormatch
+ 		gdimagecolorresolve
+ 		gdimagecolortransparent
+ 		gdimagecontrast
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 5f8b624..1a44112 100755
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -26,6 +26,7 @@ include gdimagecolorclosest/Makemodule.am
+ include gdimagecolordeallocate/Makemodule.am
+ include gdimagecolorexact/Makemodule.am
+ include gdimagecolorreplace/Makemodule.am
++include gdimagecolormatch/Makemodule.am
+ include gdimagecolorresolve/Makemodule.am
+ include gdimagecolortransparent/Makemodule.am
+ include gdimagecontrast/Makemodule.am
+diff --git a/tests/gdimagecolormatch/CMakeLists.txt b/tests/gdimagecolormatch/CMakeLists.txt
+new file mode 100644
+index 0000000..591938f
+--- /dev/null
++++ b/tests/gdimagecolormatch/CMakeLists.txt
+@@ -0,0 +1,5 @@
++LIST(APPEND TESTS_FILES
++	cve_2019_6977
++)
++
++ADD_GD_TESTS()
+diff --git a/tests/gdimagecolormatch/Makemodule.am b/tests/gdimagecolormatch/Makemodule.am
+new file mode 100644
+index 0000000..e8e09a9
+--- /dev/null
++++ b/tests/gdimagecolormatch/Makemodule.am
+@@ -0,0 +1,5 @@
++libgd_test_programs += \
++	gdimagecolormatch/cve_2019_6977
++
++EXTRA_DIST += \
++	gdimagecolormatch/CMakeLists.txt
+diff --git a/tests/gdimagecolormatch/cve_2019_6977.c b/tests/gdimagecolormatch/cve_2019_6977.c
+new file mode 100644
+index 0000000..fdd7af5
+--- /dev/null
++++ b/tests/gdimagecolormatch/cve_2019_6977.c
+@@ -0,0 +1,25 @@
++/**
++ * Test for CVE-2019-6977
++ */
++
++#include "gd.h"
++
++int main()
++{
++	gdImagePtr im1;
++	gdImagePtr im2;
++
++	im1 = gdImageCreateTrueColor(0xfff, 0xfff);
++	im2 = gdImageCreate(0xfff, 0xfff);
++	if (gdImageColorAllocate(im2, 0, 0, 0) < 0)
++	{
++		gdImageDestroy(im1);
++		gdImageDestroy(im2);
++		return 1;
++	}
++	gdImageSetPixel(im2, 0, 0, 255);
++	gdImageColorMatch(im1, im2);
++	gdImageDestroy(im1);
++	gdImageDestroy(im2);
++	return 0;
++}
+-- 
+2.24.1
+
+

SOURCES/gd-2.2.5-potential-double-free.patch

@@ -0,0 +1,284 @@
+From d98e5a2ace46adcefa093c029663575fd677bf05 Mon Sep 17 00:00:00 2001
+From: Ondrej Dubaj <odubaj@redhat.com>
+Date: Tue, 4 Jun 2019 13:05:57 +0200
+Subject: [PATCH] Potential double-free in gdImage*Ptr()
+
+Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we
+must not call `gdDPExtractData()`; otherwise a double-free would
+happen.  Since `gdImage*Ctx()` are void functions, and we can't change
+that for BC reasons, we're introducing static helpers which are used
+internally.
+
+We're adding a regression test for `gdImageJpegPtr()`, but not for
+`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to
+trigger failure of the respective `gdImage*Ctx()` calls.
+
+This potential security issue has been reported by Solmaz Salimi (aka.
+Rooney).
+---
+ src/gd_gif_out.c                  | 19 +++++++++++++++----
+ src/gd_jpeg.c                     | 20 ++++++++++++++++----
+ src/gd_wbmp.c                     | 21 ++++++++++++++++++---
+ tests/jpeg/CMakeLists.txt         |  1 +
+ tests/jpeg/Makemodule.am          |  3 ++-
+ tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++
+ 6 files changed, 83 insertions(+), 12 deletions(-)
+ create mode 100644 tests/jpeg/jpeg_ptr_double_free.c
+
+diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c
+index 6fe707d..4a05c09 100755
+--- a/src/gd_gif_out.c
++++ b/src/gd_gif_out.c
+@@ -99,7 +99,7 @@ static void char_init(GifCtx *ctx);
+ static void char_out(int c, GifCtx *ctx);
+ static void flush_char(GifCtx *ctx);
+ 
+-
++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out);
+ 
+ 
+ /*
+@@ -131,8 +131,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageGifCtx(im, out);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageGifCtx(im, out)) {
++        rv = gdDPExtractData(out, size);
++    } else {
++        rv = NULL;
++    }
+ 	out->gd_free(out);
+ 	return rv;
+ }
+@@ -220,6 +223,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile)
+ 
+ */
+ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
++{
++    _gdImageGifCtx(im, out);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
+ {
+ 	gdImagePtr pim = 0, tim = im;
+ 	int interlace, BitsPerPixel;
+@@ -231,7 +240,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
+ 		based temporary image. */
+ 		pim = gdImageCreatePaletteFromTrueColor(im, 1, 256);
+ 		if(!pim) {
+-			return;
++			return 1;
+ 		}
+ 		tim = pim;
+ 	}
+@@ -247,6 +256,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
+ 		/* Destroy palette based temporary image. */
+ 		gdImageDestroy(	pim);
+ 	}
++
++    return 0;
+ }
+ 
+ 
+diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c
+index 271ef46..bd8fc27 100755
+--- a/src/gd_jpeg.c
++++ b/src/gd_jpeg.c
+@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo)
+ 	exit(99);
+ }
+ 
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
++
+ /*
+  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
+  * QUALITY.  If QUALITY is in the range 0-100, increasing values
+@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageJpegCtx(im, out, quality);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageJpegCtx(im, out, quality)) {
++		rv = gdDPExtractData(out, size);
++	} else {
++		rv = NULL;
++	}
+ 	out->gd_free(out);
+ 	return rv;
+ }
+@@ -259,6 +264,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile);
+ 
+ */
+ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
++{
++	_gdImageJpegCtx(im, outfile, quality);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
+ {
+ 	struct jpeg_compress_struct cinfo;
+ 	struct jpeg_error_mgr jerr;
+@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
+ 		if(row) {
+ 			gdFree(row);
+ 		}
+-		return;
++		return 1;
+ 	}
+ 
+ 	cinfo.err->emit_message = jpeg_emit_message;
+@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
+ 	if(row == 0) {
+ 		gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n");
+ 		jpeg_destroy_compress(&cinfo);
+-		return;
++		return 1;
+ 	}
+ 
+ 	rowptr[0] = row;
+@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
+ 	jpeg_finish_compress(&cinfo);
+ 	jpeg_destroy_compress(&cinfo);
+ 	gdFree(row);
++	return 0;
+ }
+ 
+ 
+diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c
+index 0028273..341ff6e 100755
+--- a/src/gd_wbmp.c
++++ b/src/gd_wbmp.c
+@@ -88,6 +88,8 @@ int gd_getin(void *in)
+ 	return (gdGetC((gdIOCtx *)in));
+ }
+ 
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
++
+ /*
+ 	Function: gdImageWBMPCtx
+ 
+@@ -100,6 +102,12 @@ int gd_getin(void *in)
+ 		out   - the stream where to write
+ */
+ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
++{
++	_gdImageWBMPCtx(image, fg, out);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
+ {
+ 	int x, y, pos;
+ 	Wbmp *wbmp;
+@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
+ 	/* create the WBMP */
+ 	if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) {
+ 		gd_error("Could not create WBMP\n");
+-		return;
++		return 1;
+ 	}
+ 
+ 	/* fill up the WBMP structure */
+@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
+ 
+ 	/* write the WBMP to a gd file descriptor */
+ 	if(writewbmp(wbmp, &gd_putout, out)) {
++		freewbmp(wbmp);
+ 		gd_error("Could not save WBMP\n");
++		return 1;
+ 	}
+ 
+ 	/* des submitted this bugfix: gdFree the memory. */
+ 	freewbmp(wbmp);
++
++	return 0;
+ }
+ 
+ /*
+@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageWBMPCtx(im, fg, out);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageWBMPCtx(im, fg, out)) {
++		rv = gdDPExtractData(out, size);
++	} else {
++		rv = NULL;
++	}
+ 	out->gd_free(out);
+ 	return rv;
+ }
+diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt
+index 19964b0..a8d8162 100755
+--- a/tests/jpeg/CMakeLists.txt
++++ b/tests/jpeg/CMakeLists.txt
+@@ -2,6 +2,7 @@ IF(JPEG_FOUND)
+ LIST(APPEND TESTS_FILES
+ 	jpeg_empty_file
+ 	jpeg_im2im
++	jpeg_ptr_double_free
+ 	jpeg_null
+ )
+ 
+diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am
+index 7e5d317..b89e169 100755
+--- a/tests/jpeg/Makemodule.am
++++ b/tests/jpeg/Makemodule.am
+@@ -2,7 +2,8 @@ if HAVE_LIBJPEG
+ libgd_test_programs += \
+ 	jpeg/jpeg_empty_file \
+ 	jpeg/jpeg_im2im \
+-	jpeg/jpeg_null
++	jpeg/jpeg_null \
++	jpeg/jpeg_ptr_double_free
+ 
+ if HAVE_LIBPNG
+ libgd_test_programs += \
+diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c
+new file mode 100644
+index 0000000..c80aeb6
+--- /dev/null
++++ b/tests/jpeg/jpeg_ptr_double_free.c
+@@ -0,0 +1,31 @@
++/**
++ * Test that failure to convert to JPEG returns NULL
++ *
++ * We are creating an image, set its width to zero, and pass this image to
++ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL.
++ *
++ * See also <https://github.com/libgd/libgd/issues/381>
++ */
++
++
++#include "gd.h"
++#include "gdtest.h"
++
++
++int main()
++{
++    gdImagePtr src, dst;
++    int size;
++
++    src = gdImageCreateTrueColor(1, 10);
++    gdTestAssert(src != NULL);
++
++    src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */
++
++    dst = gdImageJpegPtr(src, &size, 0);
++    gdTestAssert(dst == NULL);
++
++    gdImageDestroy(src);
++
++    return gdNumFailures();
++}
+\ No newline at end of file
+-- 
+2.17.1
+
+

SOURCES/gd-2.2.5-upstream.patch

@@ -0,0 +1,62 @@
+From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Wed, 29 Nov 2017 19:37:38 +0100
+Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx
+
+Due to a signedness confusion in `GetCode_` a corrupt GIF file can
+trigger an infinite loop.  Furthermore we make sure that a GIF without
+any palette entries is treated as invalid *after* open palette entries
+have been removed.
+
+CVE-2018-5711
+
+See also https://bugs.php.net/bug.php?id=75571.
+---
+ src/gd_gif_in.c             |  12 ++++++------
+ tests/gif/.gitignore        |   1 +
+ tests/gif/CMakeLists.txt    |   1 +
+ tests/gif/Makemodule.am     |   2 ++
+ tests/gif/php_bug_75571.c   |  28 ++++++++++++++++++++++++++++
+ tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes
+ 6 files changed, 38 insertions(+), 6 deletions(-)
+ create mode 100644 tests/gif/php_bug_75571.c
+ create mode 100644 tests/gif/php_bug_75571.gif
+
+diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
+index daf26e79..0a8bd717 100644
+--- a/src/gd_gif_in.c
++++ b/src/gd_gif_in.c
+@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
+ 		return 0;
+ 	}
+ 
+-	if(!im->colorsTotal) {
+-		gdImageDestroy(im);
+-		return 0;
+-	}
+-
+ 	/* Check for open colors at the end, so
+ 	 * we can reduce colorsTotal and ultimately
+ 	 * BitsPerPixel */
+@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
+ 		}
+ 	}
+ 
++	if(!im->colorsTotal) {
++		gdImageDestroy(im);
++		return 0;
++	}
++
+ 	return im;
+ }
+ 
+@@ -447,7 +447,7 @@ static int
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
+ {
+ 	int i, j, ret;
+-	unsigned char count;
++	int count;
+ 
+ 	if(flag) {
+ 		scd->curbit = 0;
+ 

SPECS/gd.spec

@@ -0,0 +1,591 @@
+# requested by https://bugzilla.redhat.com/1468338
+# this break gdimagefile/gdnametest:
+#   gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.gif
+#   gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.GIF
+#   FAIL gdimagefile/gdnametest (exit status: 2)
+%global  with_liq   0
+
+
+Summary:       A graphics library for quick creation of PNG or JPEG images
+Name:          gd
+Version:       2.2.5
+Release:       7%{?prever}%{?short}%{?dist}
+Group:         System Environment/Libraries
+License:       MIT
+URL:           http://libgd.github.io/
+%if 0%{?commit:1}
+# git clone https://github.com/libgd/libgd.git; cd gd-libgd
+# git archive  --format=tgz --output=libgd-%{version}-%{commit}.tgz --prefix=libgd-%{version}/  master
+Source0:       libgd-%{version}-%{commit}.tgz
+%else
+Source0:       https://github.com/libgd/libgd/releases/download/gd-%{version}/libgd-%{version}.tar.xz
+%endif
+
+Patch1:        gd-2.1.0-multilib.patch
+# CVE-2018-5711 - https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
+Patch2:        gd-2.2.5-upstream.patch
+#  CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
+Patch3:        gd-2.2.5-gdImageBmpPtr-double-free.patch
+# CVE-2019-6977
+Patch4:        gd-2.2.5-out-of-bounds-write-on-heap.patch
+# CVE-2019-6978
+Patch5:        gd-2.2.5-potential-double-free.patch
+#  CVE-2018-14553 - https://github.com/fcabralpacheco/libgd/commit/441cbfed60ebf6cb63b8ce120ed0a82b15e7aaf8
+Patch6:	       gd-2.2.5-null-pointer.patch
+
+
+BuildRequires: freetype-devel
+BuildRequires: fontconfig-devel
+BuildRequires: gettext-devel
+BuildRequires: libjpeg-devel
+BuildRequires: libpng-devel
+BuildRequires: libtiff-devel
+BuildRequires: libwebp-devel
+%if %{with_liq}
+BuildRequires: libimagequant-devel
+%endif
+BuildRequires: libX11-devel
+BuildRequires: libXpm-devel
+BuildRequires: zlib-devel
+BuildRequires: pkgconfig
+BuildRequires: libtool
+BuildRequires: perl-interpreter
+BuildRequires: perl-generators
+# for fontconfig/basic test
+BuildRequires: liberation-sans-fonts
+
+
+%description
+The gd graphics library allows your code to quickly draw images
+complete with lines, arcs, text, multiple colors, cut and paste from
+other images, and flood fills, and to write out the result as a PNG or
+JPEG file. This is particularly useful in Web applications, where PNG
+and JPEG are two of the formats accepted for inline images by most
+browsers. Note that gd is not a paint program.
+
+
+%package progs
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Summary:        Utility programs that use libgd
+Group:          Applications/Multimedia
+
+%description progs
+The gd-progs package includes utility programs supplied with gd, a
+graphics library for creating PNG and JPEG images.
+
+
+%package devel
+Summary:  The development libraries and header files for gd
+Group:    Development/Libraries
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: freetype-devel%{?_isa}
+Requires: fontconfig-devel%{?_isa}
+Requires: libjpeg-devel%{?_isa}
+Requires: libpng-devel%{?_isa}
+Requires: libtiff-devel%{?_isa}
+Requires: libwebp-devel%{?_isa}
+Requires: libX11-devel%{?_isa}
+Requires: libXpm-devel%{?_isa}
+Requires: zlib-devel%{?_isa}
+
+%description devel
+The gd-devel package contains the development libraries and header
+files for gd, a graphics library for creating PNG and JPEG graphics.
+
+
+%prep
+%setup -q -n libgd-%{version}%{?prever:-%{prever}}
+%patch1 -p1 -b .mlib
+%patch2 -p1 -b .upstream
+%patch3 -p1 -b .gdImageBmpPtr-free
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+
+: $(perl config/getver.pl)
+
+: regenerate autotool stuff
+if [ -f configure ]; then
+   libtoolize --copy --force
+   autoreconf -vif
+else
+   ./bootstrap.sh
+fi
+
+
+%build
+# Provide a correct default font search path
+CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\
+/usr/share/fonts/bitstream-vera:\
+/usr/share/fonts/dejavu:\
+/usr/share/fonts/default/Type1:\
+/usr/share/X11/fonts/Type1:\
+/usr/share/fonts/liberation\"'"
+
+%ifarch %{ix86}
+# see https://github.com/libgd/libgd/issues/242
+CFLAGS="$CFLAGS -msse -mfpmath=sse"
+%endif
+
+%ifarch aarch64 ppc64 ppc64le s390 s390x
+# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1359680
+export CFLAGS="$CFLAGS -ffp-contract=off"
+%endif
+
+%configure \
+    --with-tiff=%{_prefix} \
+    --disable-rpath
+make %{?_smp_mflags}
+
+
+%install
+make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT
+rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.la
+rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a
+
+
+%check
+export XFAIL_TESTS
+
+: Upstream test suite
+make check
+
+: Check content of pkgconfig
+grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
+
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%{_libdir}/*.so.*
+
+%files progs
+%{_bindir}/*
+%exclude %{_bindir}/gdlib-config
+
+%files devel
+%{_bindir}/gdlib-config
+%{_includedir}/*
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/gdlib.pc
+
+
+%changelog
+
+* Fri Mar 27 2020 fjanus@redhat.com - 2.2.5-7
+- Fix CVE-2018-14553 - Potential Null pointer dereference in gdImageClone
+  Resolves: RHBZ#1811788
+- Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch()
+  Resolves: RHBZ#1678104 (CVE-2019-6977)
+- Fixed potential double-free in gdImage*Ptr()
+  Resolves: RHBZ#1679002 (CVE-2019-6978)
+
+* Mon Sep 10 2018 mskalick@redhat.com - 2.2.5-6
+- Check return value in gdImageBmpPtr to avoid double free (CVE-2018-1000222)
+  Resolves: RHBZ#1621956
+
+* Mon Aug 06 2018 mskalick@redhat.com - 2.2.5-5
+- Rebuild to pass annobin checks
+  Fixes: RHBZ#1611074
+
+* Tue May 22 2018 mskalick@redhat.com - 2.2.5-4
+- gdimagegrayscale/basic test is not failing in RHEL8
+
+* Mon Mar 26 2018 Marek Skalický <mskalick@redhat.com> - 2.2.5-3
+- Fix CVE-2018-5711 - Potential infinite loop in gdImageCreateFromGifCtx
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 30 2017 Remi Collet <remi@fedoraproject.org> - 2.2.5-1
+- Update to 2.2.5
+- fix double-free in gdImagePngPtr(). CVE-2017-6362
+- fix buffer over-read into uninitialized memory. CVE-2017-7890
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Feb 01 2017 Sandro Mani <manisandro@gmail.com> - 2.2.4-2
+- Rebuild (libwebp)
+
+* Wed Jan 18 2017 Remi Collet <remi@fedoraproject.org> - 2.2.4-1
+- Update to 2.2.4
+
+* Tue Dec 06 2016 Marek Skalický <mskalick@redhat.com> - 2.2.3-5
+- Fix invalid read in gdImageCreateFromTiffPtr() ( CVE-2016-6911)
+- Disable tests using freetype in Fedora 26 (freetype > 2.6)
+
+* Mon Dec 05 2016 Marek Skalický <mskalick@redhat.com> - 2.2.3-4
+- Fix stack based buffer overflow when passing negative `rlen` as size to
+  memcpy() (CVE-2016-8670)
+
+* Mon Dec 05 2016 Marek Skalický <mskalick@redhat.com> - 2.2.3-3
+- Fix possible overflow in gdImageWebpCtx (CVE-2016-7568)
+
+* Tue Jul 26 2016 Dan Horák <dan[at]danny.cz> - 2.2.3-2
+- apply workaround for rhbz#1359680
+
+* Fri Jul 22 2016 Remi Collet <remi@fedoraproject.org> - 2.2.3-1
+- Update to 2.2.3
+- use -msse -mfpmath=sse build options (x86-32)
+
+* Fri Jun 24 2016 Remi Collet <remi@fedoraproject.org> - 2.2.2-1
+- Update to 2.2.2
+
+* Sat May 28 2016 Remi Collet <remi@fedoraproject.org> - 2.2.1-2
+- remove unneeded sources
+
+* Fri May 27 2016 Marek Skalicky <mskalick@redhat.com> - 2.2.1-1
+- Upgrade to 2.2.1 release
+- Upstream moved to github.com
+
+* Thu Apr 28 2016 Marek Skalicky <mskalick@redhat.com> - 2.1.1-7
+- Fixed heap overflow (CVE-2016-3074)
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Dec  1 2015 Tom Callaway <spot@fedoraproject.org> - 2.1.1-5
+- rebuild for libvpx 1.5.0
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Apr  6 2015 Tom Callaway <spot@fedoraproject.org> - 2.1.1-3
+- rebuild for libvpx 1.4.0
+
+* Mon Mar 23 2015 Remi Collet <remi@fedoraproject.org> - 2.1.1-2
+- fix version in gdlib.pc
+- fix license handling
+
+* Wed Jan 14 2015 Jozef Mlich <jmlich@redhat.com> - 2.1.1-1
+- Update to 2.1.1 final
+  Resolves: #1181972
+
+* Thu Jan 08 2015 Jozef Mlich <jmlich@redhat.com> - 2.1.0-8
+- Resolves: #1076676 CVE-2014-2497
+  Previous patch indroduced memory leak. Using upstream version.
+  https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Wed Jul 16 2014 Jozef Mlich <jmlich@redhat.com> - 2.1.0-6
+- Resolves: #1076676 CVE-2014-2497
+  NULL pointer dereference in gdImageCreateFromXpm()
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon Dec 23 2013 Peter Robinson <pbrobinson@fedoraproject.org> 2.1.0-4
+- Fix FTBFS
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 2.1.0-2
+- Perl 5.18 rebuild
+
+* Tue Jun 25 2013 Remi Collet <remi@fedoraproject.org> - 2.1.0-1
+- update to 2.1.0 final
+
+* Tue Jun 25 2013 Remi Collet <rcollet@redhat.com> - 2.1.0-0.2.725ba9d
+- rebuild for linpng 1.6
+
+* Tue Jun 11 2013 Remi Collet <rcollet@redhat.com> - 2.1.0-0.1.725ba9d
+- update to 2.1.0 (post RC2 git snapshot)
+
+* Tue Apr 23 2013 Remi Collet <rcollet@redhat.com> - 2.0.35-25
+- drop uneeded patch
+- really set default font search path
+
+* Mon Mar 25 2013 Honza Horak <hhorak@redhat.com> - 2.0.35-24
+- Fix build on aarch64
+
+* Mon Mar 25 2013 Honza Horak <hhorak@redhat.com> - 2.0.35-23
+- Fix issues found by Coverity
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 2.0.35-21
+- rebuild due to "jpeg8-ABI" feature drop
+
+* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 2.0.35-20
+- rebuild against new libjpeg
+
+* Tue Aug 28 2012 Honza Horak <hhorak@redhat.com> - 2.0.35-19
+- Spec file cleanup
+- Compile and run test suite during build
+- Using chrpath to get rid of --rpath in gd-progs
+
+* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Mon Jun 11 2012 Honza Horak <hhorak@redhat.com> - 2.0.35-17
+- fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors()
+  Resolves: #830745
+
+* Tue Feb 28 2012 Honza Horak <hhorak@redhat.com> - 2.0.35-16
+- Fixed AALineThick.patch to display vertical lines correctly
+  Resolves: #798255
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Nov 08 2011 Adam Jackson <ajax@redhat.com> 2.0.35-14
+- Rebuild for libpng 1.5
+
+* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-13
+- Rebuilt for glibc bug#747377
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jan  6 2010 Jiri Moskovcak <jmoskovc@redhat.com> - 2.0.35-11
+- more spec file fixes
+
+* Wed Jan  6 2010 Jiri Moskovcak <jmoskovc@redhat.com> - 2.0.35-10
+- spec file fixes based on merge review
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Jan  6 2009 Ivana Varekova <varekova@redhat.com> - 2.0.35-7
+- do minor spec file cleanup 
+
+* Mon Jul 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.35-6
+- fix license tag (nothing in this is GPL)
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.0.35-5
+- Autorebuild for GCC 4.3
+
+* Tue Nov 20 2007 Ivana Varekova <varekova@redhat.com> 2.0.35-4
+- remove static library
+
+* Mon Nov 19 2007 Ivana Varekova <varekova@redhat.com> 2.0.35-3
+- spec file cleanup
+
+* Mon Nov 19 2007 Ivana Varekova <varekova@redhat.com> 2.0.35-2
+- fix gdlib.pc file
+
+* Tue Sep 18 2007 Ivana Varekova <varekova@redhat.com> 2.0.35-1
+- update to 2.0.35
+
+* Tue Sep  4 2007 Ivana Varekova <varekova@redhat.com> 2.0.34-3
+- fix font paths (#225786#5)
+- fix pkgconfig Libs flag (#225786#4)
+
+* Thu Feb 22 2007 Ivana Varekova <varekova@redhat.com> 2.0.34-2
+- incorporate package review feedback
+
+* Thu Feb  8 2007 Ivana Varekova <varekova@redhat.com> 2.0.34-1
+- update to 2.0.34
+
+* Mon Jan 29 2007 Ivana Varekova <varekova@redhat.com> 2.0.33-12
+- Resolves: #224610
+  CVE-2007-0455 gd buffer overrun
+
+* Tue Nov 21 2006 Ivana Varekova <varekova@redhat.com> 2.0.33-11
+- Fix problem with to large box boundaries
+  Resolves: #197747
+
+* Thu Nov 16 2006 Ivana Varekova <varekova@redhat.com> 2.0.33-10
+- added 'thick' - variable support for AA line (#198042)
+
+* Tue Oct 31 2006 Adam Tkac <atkac@redhat.com> 2.0.33-9.4
+- patched some additionals overflows in gd (#175414)
+
+* Wed Sep 13 2006 Jitka Kudrnacova <jkudrnac@redhat.com> - 2.0.33 - 9.3
+- gd-devel now requires fontconfig-devel (#205834)
+
+* Wed Jul 19 2006 Jitka Kudrnacova <jkudrnac@redhat.com> - 2.0.33 - 9.2
+- use CFLAGS on sparc64 (#199363)
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.0.33 - 9.1
+- rebuild
+
+* Mon Jul 10 2006 Jitka Kudrnacova <jkudrnac@redhat.com> 2.0.33-9
+- prevent from an infinite loop when decoding bad GIF images (#194520)
+ 
+* Thu May 25 2006 Ivana Varekova <varekova@redhat.com> - 2.0.33-7
+- fix multilib problem (add pkgconfig)
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.0.33-6.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.0.33-6.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Jan 20 2006 Phil Knirsch <pknirsch@redhat.com> 2.0.33-6
+- Included a few more overflow checks (#177907)
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Wed Nov 02 2005 Phil Knirsch <pknirsch@redhat.com> 2.0.33-5
+- Switched BuildPreReqs and Requires to modular xorg-x11 style
+
+* Mon Oct 10 2005 Phil Knirsch <pknirsch@redhat.com> 2.0.33-4
+- Fixed possible gd crash when drawing AA line near image borders (#167843)
+
+* Wed Sep 07 2005 Phil Knirsch <pknirsch@redhat.com> 2.0.33-3
+- Fixed broken freetype-config --libs flags in configure (#165875)
+
+* Sun Apr 17 2005 Warren Togami <wtogami@redhat.com> 2.0.33-2
+- devel reqs (#155183 thias)
+
+* Tue Mar 22 2005 Than Ngo <than@redhat.com> 2.0.33-1
+- 2.0.33 #150717
+- apply the patch from Jose Pedro Oliveira
+  - Added the release macro to the subpackages requirements versioning
+  - Handled the gdlib-config movement to gd-devel in a differment manner
+  - Added fontconfig-devel to the build requirements
+  - Added xorg-x11-devel to the build requirements (Xpm)
+  - Removed explicit /sbin/ldconfig requirement (gd rpm)
+  - Removed explicit perl requirement (gd-progs rpm)
+  - Added several missing documentation files (including the license file)
+  - Replaced %%makeinstall by make install DESTDIR=...
+
+* Thu Mar 10 2005 Than Ngo <than@redhat.com> 2.0.32-3
+- move gdlib-config in devel
+
+* Wed Mar 02 2005 Phil Knirsch <pknirsch@redhat.com> 2.0.32-2
+- bump release and rebuild with gcc 4
+
+* Wed Nov 03 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.32-1
+- Update to 2.0.32 which includes all the security fixes
+
+* Wed Oct 27 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.28-2
+- Fixed several buffer overflows for gdMalloc() calls
+
+* Tue Jul 27 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.28-1
+- Update to 2.0.28
+
+* Fri Jul 02 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.27-1
+- Updated to 2.0.27 due to:
+  o Potential memory overruns in gdImageFilledPolygon. Thanks to John Ellson.
+  o The sign of Y-axis values returned in the bounding box by gdImageStringFT
+    was incorrect. Thanks to John Ellson and Riccardo Cohen.
+
+* Wed Jun 30 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.26-1
+- Update to 2.0.26
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Apr 21 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.21-3
+- Disable rpath usage.
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Mon Feb 02 2004 Phil Knirsch <pknirsch@redhat.com> 2.0.21-1
+- Updated to 2.0.21
+
+* Tue Aug 12 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 2.0.15
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Tue May 06 2003 Phil Knirsch <pknirsch@redhat.com> 2.0.12-1
+- Update to 2.0.12
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com> 1.8.4-11
+- rebuilt
+
+* Wed Dec 11 2002 Tim Powers <timp@redhat.com> 1.8.4-10
+- rebuild on all arches
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 23 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu Jan 24 2002 Phil Knirsch <pknirsch@redhat.com>
+- Specfile update to add URL for homepage (#54608)
+
+* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Wed Oct 31 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.8.4-5
+- Rebuild with current libpng
+
+* Mon Aug 13 2001 Philipp Knirsch <pknirsch@redhat.de> 1.8.4-4
+- Fixed a wrong double ownership of libgd.so (#51599).
+
+* Fri Jul 20 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.8.4-3
+- There's really no reason to link against both freetype 1.x and 2.x,
+  especially when gd is configured to use just freetype 2.x. ;)
+
+* Mon Jun 25 2001 Philipp Knirsch <pknirsch@redhat.de>
+- Forgot to include the freetype library in the shared library linking. Fixed.
+
+* Thu Jun 21 2001 Philipp Knirsch <pknirsch@redhat.de>
+- Update to 1.8.4
+
+* Tue Dec 19 2000 Philipp Knirsch <pknirsch@redhat.de>
+- Updates the descriptions to get rid of al references to gif
+
+* Tue Dec 12 2000 Philipp Knirsch <Philipp.Knirsch@redhat.de>
+- Fixed bug #22001 where during installation the .so.1 and the so.1.8 links
+  didn't get installed and therefore updates had problems.
+
+* Wed Oct  4 2000 Nalin Dahyabhai <nalin@redhat.com>
+- define HAVE_LIBTTF to actually enable ttf support (oops, #18299)
+- remove explicit dependencies on libpng, libjpeg, et. al.
+- add BuildPrereq: freetype-devel
+
+* Wed Aug  2 2000 Matt Wilson <msw@redhat.com>
+- rebuilt against new libpng
+
+* Mon Jul 31 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add %%postun run of ldconfig (#14915)
+
+* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
+- automatic rebuild
+
+* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com> 
+- update to 1.8.3
+
+* Sun Jun  4 2000 Nalin Dahyabhai <nalin@redhat.com>
+- rebuild in new environment
+
+* Mon May 22 2000 Nalin Dahyabhai <nalin@redhat.com> 
+- break out a -progs subpackage
+- disable freetype support
+
+* Fri May 19 2000 Nalin Dahyabhai <nalin@redhat.com> 
+- update to latest version (1.8.2)
+- disable xpm support
+
+* Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com> 
+- auto rebuild in the new build environment (release 6)
+
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
+- auto rebuild in the new build environment (release 5)
+
+* Thu Dec 17 1998 Cristian Gafton <gafton@redhat.com>
+- buiuld for glibc 2.1
+
+* Fri Sep 11 1998 Cristian Gafton <gafton@redhat.com>
+- built for 5.2