commit b025a3d2ef17d6134dfc6d8c89ab34499d9548e0 Author: CentOS Sources Date: Thu May 14 22:17:50 2020 +0000 import gd-2.2.5-7.el8 diff --git a/.gd.metadata b/.gd.metadata new file mode 100644 index 0000000..555775f --- /dev/null +++ b/.gd.metadata @@ -0,0 +1 @@ +49de358fd02f7e8d881a7533c5116b118916d88a SOURCES/libgd-2.2.5.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6824a6c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libgd-2.2.5.tar.xz diff --git a/SOURCES/gd-2.1.0-multilib.patch b/SOURCES/gd-2.1.0-multilib.patch new file mode 100644 index 0000000..c4fdc63 --- /dev/null +++ b/SOURCES/gd-2.1.0-multilib.patch @@ -0,0 +1,33 @@ +diff -up gd-2.1.0/config/gdlib-config.in.multilib gd-2.1.0/config/gdlib-config.in +--- gd-2.1.0/config/gdlib-config.in.multilib 2013-04-21 16:58:17.820010758 +0200 ++++ gd-2.1.0/config/gdlib-config.in 2013-04-21 16:59:27.896317922 +0200 +@@ -7,9 +7,10 @@ + # installation directories + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ ++libdir=`pkg-config gdlib --variable=libdir` + includedir=@includedir@ + bindir=@bindir@ ++ldflags=`pkg-config gdlib --variable=ldflags` + + usage() + { +@@ -68,7 +69,7 @@ while test $# -gt 0; do + echo @GDLIB_REVISION@ + ;; + --ldflags) +- echo @LDFLAGS@ ++ echo $ldflags + ;; + --libs) + echo -lgd @LIBS@ @LIBICONV@ +@@ -83,7 +84,7 @@ while test $# -gt 0; do + echo "GD library @VERSION@" + echo "includedir: $includedir" + echo "cflags: -I@includedir@" +- echo "ldflags: @LDFLAGS@" ++ echo "ldflags: $ldflags" + echo "libs: @LIBS@ @LIBICONV@" + echo "libdir: $libdir" + echo "features: @FEATURES@" diff --git a/SOURCES/gd-2.2.5-gdImageBmpPtr-double-free.patch b/SOURCES/gd-2.2.5-gdImageBmpPtr-double-free.patch new file mode 100644 index 0000000..80f9712 --- /dev/null +++ b/SOURCES/gd-2.2.5-gdImageBmpPtr-double-free.patch @@ -0,0 +1,73 @@ +From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sat, 14 Jul 2018 13:54:08 -0400 +Subject: [PATCH] bmp: check return value in gdImageBmpPtr + +Closes #447. +--- + src/gd_bmp.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/src/gd_bmp.c b/src/gd_bmp.c +index bde0b9d3..78f40d9a 100644 +--- a/src/gd_bmp.c ++++ b/src/gd_bmp.c +@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp + static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); + static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); + ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); ++ + #define BMP_DEBUG(s) + + static int gdBMPPutWord(gdIOCtx *out, int w) +@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageBmpCtx(im, out, compression); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageBmpCtx(im, out, compression)) ++ rv = gdDPExtractData(out, size); ++ else ++ rv = NULL; + out->gd_free(out); + return rv; + } +@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) + compression - whether to apply RLE or not. + */ + BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) ++{ ++ _gdImageBmpCtx(im, out, compression); ++} ++ ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + { + int bitmap_size = 0, info_size, total_size, padding; + int i, row, xpos, pixel; +@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; + FILE *tmpfile_for_compression = NULL; + gdIOCtxPtr out_original = NULL; ++ int ret = 1; + + /* No compression if its true colour or we don't support seek */ + if (im->trueColor) { +@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + out_original = NULL; + } + ++ ret = 0; + cleanup: + if (tmpfile_for_compression) { + #ifdef _WIN32 +@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + if (out_original) { + out_original->gd_free(out_original); + } +- return; ++ return ret; + } + + static int compress_row(unsigned char *row, int length) diff --git a/SOURCES/gd-2.2.5-null-pointer.patch b/SOURCES/gd-2.2.5-null-pointer.patch new file mode 100644 index 0000000..afa18d9 --- /dev/null +++ b/SOURCES/gd-2.2.5-null-pointer.patch @@ -0,0 +1,74 @@ +From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= +Date: Fri, 20 Dec 2019 12:03:33 -0300 +Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone() + +--- + src/gd.c | 9 +-------- + tests/gdimageclone/style.c | 30 ++++++++++++++++++++++++++++++ + 5 files changed, 35 insertions(+), 9 deletions(-) + create mode 100644 tests/gdimageclone/style.c + +diff --git a/src/gd.c b/src/gd.c +index 592a0286..d564d1f9 100644 +--- a/src/gd.c ++++ b/src/gd.c +@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + } + } + +- if (src->styleLength > 0) { +- dst->styleLength = src->styleLength; +- dst->stylePos = src->stylePos; +- for (i = 0; i < src->styleLength; i++) { +- dst->style[i] = src->style[i]; +- } +- } +- + dst->interlace = src->interlace; + + dst->alphaBlendingFlag = src->alphaBlendingFlag; +@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + + if (src->style) { + gdImageSetStyle(dst, src->style, src->styleLength); ++ dst->stylePos = src->stylePos; + } + + for (i = 0; i < gdMaxColors; i++) { +diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c +new file mode 100644 +index 00000000..c2b246ed +--- /dev/null ++++ b/tests/gdimageclone/style.c +@@ -0,0 +1,30 @@ ++/** ++ * Cloning an image should exactly reproduce all style related data ++ */ ++ ++ ++#include ++#include "gd.h" ++#include "gdtest.h" ++ ++ ++int main() ++{ ++ gdImagePtr im, clone; ++ int style[] = {0, 0, 0}; ++ ++ im = gdImageCreate(8, 8); ++ gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0])); ++ ++ clone = gdImageClone(im); ++ gdTestAssert(clone != NULL); ++ ++ gdTestAssert(clone->styleLength == im->styleLength); ++ gdTestAssert(clone->stylePos == im->stylePos); ++ gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0]))); ++ ++ gdImageDestroy(clone); ++ gdImageDestroy(im); ++ ++ return gdNumFailures(); ++} diff --git a/SOURCES/gd-2.2.5-out-of-bounds-write-on-heap.patch b/SOURCES/gd-2.2.5-out-of-bounds-write-on-heap.patch new file mode 100644 index 0000000..0a3e7c7 --- /dev/null +++ b/SOURCES/gd-2.2.5-out-of-bounds-write-on-heap.patch @@ -0,0 +1,120 @@ +From 5b026e3cc05d7041cbe47a8702f1b51ffbf0a99b Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Thu, 5 Mar 2020 11:02:27 +0100 +Subject: [PATCH] Imagecolormatch Out Of Bounds Write on Heap + +At least some of the image reading functions may return images which +use color indexes greater than or equal to im->colorsTotal. We cater +to this by always using a buffer size which is sufficient for +`gdMaxColors` in `gdImageColorMatch()`. + +Resolves: #1678104 +Version: 2.2.5-7 +--- + src/gd_color_match.c | 4 ++-- + tests/CMakeLists.txt | 1 + + tests/Makefile.am | 1 + + tests/gdimagecolormatch/CMakeLists.txt | 5 +++++ + tests/gdimagecolormatch/Makemodule.am | 5 +++++ + tests/gdimagecolormatch/cve_2019_6977.c | 25 +++++++++++++++++++++++++ + 6 files changed, 39 insertions(+), 2 deletions(-) + create mode 100644 tests/gdimagecolormatch/CMakeLists.txt + create mode 100644 tests/gdimagecolormatch/Makemodule.am + create mode 100644 tests/gdimagecolormatch/cve_2019_6977.c + +diff --git a/src/gd_color_match.c b/src/gd_color_match.c +index f0842b6..a94a841 100755 +--- a/src/gd_color_match.c ++++ b/src/gd_color_match.c +@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2) + return -4; /* At least 1 color must be allocated */ + } + +- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); +- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); ++ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); ++ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); + + for (x=0; x < im1->sx; x++) { + for( y=0; ysy; y++ ) { +diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt +index 7eef4bf..6979416 100755 +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -31,6 +31,7 @@ if (BUILD_TEST) + gdimagecolordeallocate + gdimagecolorexact + gdimagecolorreplace ++ gdimagecolormatch + gdimagecolorresolve + gdimagecolortransparent + gdimagecontrast +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 5f8b624..1a44112 100755 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -26,6 +26,7 @@ include gdimagecolorclosest/Makemodule.am + include gdimagecolordeallocate/Makemodule.am + include gdimagecolorexact/Makemodule.am + include gdimagecolorreplace/Makemodule.am ++include gdimagecolormatch/Makemodule.am + include gdimagecolorresolve/Makemodule.am + include gdimagecolortransparent/Makemodule.am + include gdimagecontrast/Makemodule.am +diff --git a/tests/gdimagecolormatch/CMakeLists.txt b/tests/gdimagecolormatch/CMakeLists.txt +new file mode 100644 +index 0000000..591938f +--- /dev/null ++++ b/tests/gdimagecolormatch/CMakeLists.txt +@@ -0,0 +1,5 @@ ++LIST(APPEND TESTS_FILES ++ cve_2019_6977 ++) ++ ++ADD_GD_TESTS() +diff --git a/tests/gdimagecolormatch/Makemodule.am b/tests/gdimagecolormatch/Makemodule.am +new file mode 100644 +index 0000000..e8e09a9 +--- /dev/null ++++ b/tests/gdimagecolormatch/Makemodule.am +@@ -0,0 +1,5 @@ ++libgd_test_programs += \ ++ gdimagecolormatch/cve_2019_6977 ++ ++EXTRA_DIST += \ ++ gdimagecolormatch/CMakeLists.txt +diff --git a/tests/gdimagecolormatch/cve_2019_6977.c b/tests/gdimagecolormatch/cve_2019_6977.c +new file mode 100644 +index 0000000..fdd7af5 +--- /dev/null ++++ b/tests/gdimagecolormatch/cve_2019_6977.c +@@ -0,0 +1,25 @@ ++/** ++ * Test for CVE-2019-6977 ++ */ ++ ++#include "gd.h" ++ ++int main() ++{ ++ gdImagePtr im1; ++ gdImagePtr im2; ++ ++ im1 = gdImageCreateTrueColor(0xfff, 0xfff); ++ im2 = gdImageCreate(0xfff, 0xfff); ++ if (gdImageColorAllocate(im2, 0, 0, 0) < 0) ++ { ++ gdImageDestroy(im1); ++ gdImageDestroy(im2); ++ return 1; ++ } ++ gdImageSetPixel(im2, 0, 0, 255); ++ gdImageColorMatch(im1, im2); ++ gdImageDestroy(im1); ++ gdImageDestroy(im2); ++ return 0; ++} +-- +2.24.1 + + diff --git a/SOURCES/gd-2.2.5-potential-double-free.patch b/SOURCES/gd-2.2.5-potential-double-free.patch new file mode 100644 index 0000000..ad6f54d --- /dev/null +++ b/SOURCES/gd-2.2.5-potential-double-free.patch @@ -0,0 +1,284 @@ +From d98e5a2ace46adcefa093c029663575fd677bf05 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Tue, 4 Jun 2019 13:05:57 +0200 +Subject: [PATCH] Potential double-free in gdImage*Ptr() + +Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we +must not call `gdDPExtractData()`; otherwise a double-free would +happen. Since `gdImage*Ctx()` are void functions, and we can't change +that for BC reasons, we're introducing static helpers which are used +internally. + +We're adding a regression test for `gdImageJpegPtr()`, but not for +`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to +trigger failure of the respective `gdImage*Ctx()` calls. + +This potential security issue has been reported by Solmaz Salimi (aka. +Rooney). +--- + src/gd_gif_out.c | 19 +++++++++++++++---- + src/gd_jpeg.c | 20 ++++++++++++++++---- + src/gd_wbmp.c | 21 ++++++++++++++++++--- + tests/jpeg/CMakeLists.txt | 1 + + tests/jpeg/Makemodule.am | 3 ++- + tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++ + 6 files changed, 83 insertions(+), 12 deletions(-) + create mode 100644 tests/jpeg/jpeg_ptr_double_free.c + +diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c +index 6fe707d..4a05c09 100755 +--- a/src/gd_gif_out.c ++++ b/src/gd_gif_out.c +@@ -99,7 +99,7 @@ static void char_init(GifCtx *ctx); + static void char_out(int c, GifCtx *ctx); + static void flush_char(GifCtx *ctx); + +- ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); + + + /* +@@ -131,8 +131,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageGifCtx(im, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageGifCtx(im, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -220,6 +223,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile) + + */ + BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) ++{ ++ _gdImageGifCtx(im, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + { + gdImagePtr pim = 0, tim = im; + int interlace, BitsPerPixel; +@@ -231,7 +240,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + based temporary image. */ + pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); + if(!pim) { +- return; ++ return 1; + } + tim = pim; + } +@@ -247,6 +256,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + /* Destroy palette based temporary image. */ + gdImageDestroy( pim); + } ++ ++ return 0; + } + + +diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c +index 271ef46..bd8fc27 100755 +--- a/src/gd_jpeg.c ++++ b/src/gd_jpeg.c +@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo) + exit(99); + } + ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); ++ + /* + * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality + * QUALITY. If QUALITY is in the range 0-100, increasing values +@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageJpegCtx(im, out, quality); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageJpegCtx(im, out, quality)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -259,6 +264,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile); + + */ + BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) ++{ ++ _gdImageJpegCtx(im, outfile, quality); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + { + struct jpeg_compress_struct cinfo; + struct jpeg_error_mgr jerr; +@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row) { + gdFree(row); + } +- return; ++ return 1; + } + + cinfo.err->emit_message = jpeg_emit_message; +@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row == 0) { + gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n"); + jpeg_destroy_compress(&cinfo); +- return; ++ return 1; + } + + rowptr[0] = row; +@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + jpeg_finish_compress(&cinfo); + jpeg_destroy_compress(&cinfo); + gdFree(row); ++ return 0; + } + + +diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c +index 0028273..341ff6e 100755 +--- a/src/gd_wbmp.c ++++ b/src/gd_wbmp.c +@@ -88,6 +88,8 @@ int gd_getin(void *in) + return (gdGetC((gdIOCtx *)in)); + } + ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); ++ + /* + Function: gdImageWBMPCtx + +@@ -100,6 +102,12 @@ int gd_getin(void *in) + out - the stream where to write + */ + BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) ++{ ++ _gdImageWBMPCtx(image, fg, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + { + int x, y, pos; + Wbmp *wbmp; +@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + /* create the WBMP */ + if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) { + gd_error("Could not create WBMP\n"); +- return; ++ return 1; + } + + /* fill up the WBMP structure */ +@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + + /* write the WBMP to a gd file descriptor */ + if(writewbmp(wbmp, &gd_putout, out)) { ++ freewbmp(wbmp); + gd_error("Could not save WBMP\n"); ++ return 1; + } + + /* des submitted this bugfix: gdFree the memory. */ + freewbmp(wbmp); ++ ++ return 0; + } + + /* +@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageWBMPCtx(im, fg, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageWBMPCtx(im, fg, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt +index 19964b0..a8d8162 100755 +--- a/tests/jpeg/CMakeLists.txt ++++ b/tests/jpeg/CMakeLists.txt +@@ -2,6 +2,7 @@ IF(JPEG_FOUND) + LIST(APPEND TESTS_FILES + jpeg_empty_file + jpeg_im2im ++ jpeg_ptr_double_free + jpeg_null + ) + +diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am +index 7e5d317..b89e169 100755 +--- a/tests/jpeg/Makemodule.am ++++ b/tests/jpeg/Makemodule.am +@@ -2,7 +2,8 @@ if HAVE_LIBJPEG + libgd_test_programs += \ + jpeg/jpeg_empty_file \ + jpeg/jpeg_im2im \ +- jpeg/jpeg_null ++ jpeg/jpeg_null \ ++ jpeg/jpeg_ptr_double_free + + if HAVE_LIBPNG + libgd_test_programs += \ +diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c +new file mode 100644 +index 0000000..c80aeb6 +--- /dev/null ++++ b/tests/jpeg/jpeg_ptr_double_free.c +@@ -0,0 +1,31 @@ ++/** ++ * Test that failure to convert to JPEG returns NULL ++ * ++ * We are creating an image, set its width to zero, and pass this image to ++ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL. ++ * ++ * See also ++ */ ++ ++ ++#include "gd.h" ++#include "gdtest.h" ++ ++ ++int main() ++{ ++ gdImagePtr src, dst; ++ int size; ++ ++ src = gdImageCreateTrueColor(1, 10); ++ gdTestAssert(src != NULL); ++ ++ src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */ ++ ++ dst = gdImageJpegPtr(src, &size, 0); ++ gdTestAssert(dst == NULL); ++ ++ gdImageDestroy(src); ++ ++ return gdNumFailures(); ++} +\ No newline at end of file +-- +2.17.1 + + diff --git a/SOURCES/gd-2.2.5-upstream.patch b/SOURCES/gd-2.2.5-upstream.patch new file mode 100644 index 0000000..0bc1bcb --- /dev/null +++ b/SOURCES/gd-2.2.5-upstream.patch @@ -0,0 +1,62 @@ +From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" +Date: Wed, 29 Nov 2017 19:37:38 +0100 +Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx + +Due to a signedness confusion in `GetCode_` a corrupt GIF file can +trigger an infinite loop. Furthermore we make sure that a GIF without +any palette entries is treated as invalid *after* open palette entries +have been removed. + +CVE-2018-5711 + +See also https://bugs.php.net/bug.php?id=75571. +--- + src/gd_gif_in.c | 12 ++++++------ + tests/gif/.gitignore | 1 + + tests/gif/CMakeLists.txt | 1 + + tests/gif/Makemodule.am | 2 ++ + tests/gif/php_bug_75571.c | 28 ++++++++++++++++++++++++++++ + tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes + 6 files changed, 38 insertions(+), 6 deletions(-) + create mode 100644 tests/gif/php_bug_75571.c + create mode 100644 tests/gif/php_bug_75571.gif + +diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c +index daf26e79..0a8bd717 100644 +--- a/src/gd_gif_in.c ++++ b/src/gd_gif_in.c +@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) + return 0; + } + +- if(!im->colorsTotal) { +- gdImageDestroy(im); +- return 0; +- } +- + /* Check for open colors at the end, so + * we can reduce colorsTotal and ultimately + * BitsPerPixel */ +@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) + } + } + ++ if(!im->colorsTotal) { ++ gdImageDestroy(im); ++ return 0; ++ } ++ + return im; + } + +@@ -447,7 +447,7 @@ static int + GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) + { + int i, j, ret; +- unsigned char count; ++ int count; + + if(flag) { + scd->curbit = 0; + diff --git a/SPECS/gd.spec b/SPECS/gd.spec new file mode 100644 index 0000000..bfc6fc8 --- /dev/null +++ b/SPECS/gd.spec @@ -0,0 +1,591 @@ +# requested by https://bugzilla.redhat.com/1468338 +# this break gdimagefile/gdnametest: +# gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.gif +# gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.GIF +# FAIL gdimagefile/gdnametest (exit status: 2) +%global with_liq 0 + + +Summary: A graphics library for quick creation of PNG or JPEG images +Name: gd +Version: 2.2.5 +Release: 7%{?prever}%{?short}%{?dist} +Group: System Environment/Libraries +License: MIT +URL: http://libgd.github.io/ +%if 0%{?commit:1} +# git clone https://github.com/libgd/libgd.git; cd gd-libgd +# git archive --format=tgz --output=libgd-%{version}-%{commit}.tgz --prefix=libgd-%{version}/ master +Source0: libgd-%{version}-%{commit}.tgz +%else +Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/libgd-%{version}.tar.xz +%endif + +Patch1: gd-2.1.0-multilib.patch +# CVE-2018-5711 - https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04 +Patch2: gd-2.2.5-upstream.patch +# CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 +Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch +# CVE-2019-6977 +Patch4: gd-2.2.5-out-of-bounds-write-on-heap.patch +# CVE-2019-6978 +Patch5: gd-2.2.5-potential-double-free.patch +# CVE-2018-14553 - https://github.com/fcabralpacheco/libgd/commit/441cbfed60ebf6cb63b8ce120ed0a82b15e7aaf8 +Patch6: gd-2.2.5-null-pointer.patch + + +BuildRequires: freetype-devel +BuildRequires: fontconfig-devel +BuildRequires: gettext-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: libtiff-devel +BuildRequires: libwebp-devel +%if %{with_liq} +BuildRequires: libimagequant-devel +%endif +BuildRequires: libX11-devel +BuildRequires: libXpm-devel +BuildRequires: zlib-devel +BuildRequires: pkgconfig +BuildRequires: libtool +BuildRequires: perl-interpreter +BuildRequires: perl-generators +# for fontconfig/basic test +BuildRequires: liberation-sans-fonts + + +%description +The gd graphics library allows your code to quickly draw images +complete with lines, arcs, text, multiple colors, cut and paste from +other images, and flood fills, and to write out the result as a PNG or +JPEG file. This is particularly useful in Web applications, where PNG +and JPEG are two of the formats accepted for inline images by most +browsers. Note that gd is not a paint program. + + +%package progs +Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Utility programs that use libgd +Group: Applications/Multimedia + +%description progs +The gd-progs package includes utility programs supplied with gd, a +graphics library for creating PNG and JPEG images. + + +%package devel +Summary: The development libraries and header files for gd +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: freetype-devel%{?_isa} +Requires: fontconfig-devel%{?_isa} +Requires: libjpeg-devel%{?_isa} +Requires: libpng-devel%{?_isa} +Requires: libtiff-devel%{?_isa} +Requires: libwebp-devel%{?_isa} +Requires: libX11-devel%{?_isa} +Requires: libXpm-devel%{?_isa} +Requires: zlib-devel%{?_isa} + +%description devel +The gd-devel package contains the development libraries and header +files for gd, a graphics library for creating PNG and JPEG graphics. + + +%prep +%setup -q -n libgd-%{version}%{?prever:-%{prever}} +%patch1 -p1 -b .mlib +%patch2 -p1 -b .upstream +%patch3 -p1 -b .gdImageBmpPtr-free +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 + +: $(perl config/getver.pl) + +: regenerate autotool stuff +if [ -f configure ]; then + libtoolize --copy --force + autoreconf -vif +else + ./bootstrap.sh +fi + + +%build +# Provide a correct default font search path +CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\ +/usr/share/fonts/bitstream-vera:\ +/usr/share/fonts/dejavu:\ +/usr/share/fonts/default/Type1:\ +/usr/share/X11/fonts/Type1:\ +/usr/share/fonts/liberation\"'" + +%ifarch %{ix86} +# see https://github.com/libgd/libgd/issues/242 +CFLAGS="$CFLAGS -msse -mfpmath=sse" +%endif + +%ifarch aarch64 ppc64 ppc64le s390 s390x +# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1359680 +export CFLAGS="$CFLAGS -ffp-contract=off" +%endif + +%configure \ + --with-tiff=%{_prefix} \ + --disable-rpath +make %{?_smp_mflags} + + +%install +make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT +rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a + + +%check +export XFAIL_TESTS + +: Upstream test suite +make check + +: Check content of pkgconfig +grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_libdir}/*.so.* + +%files progs +%{_bindir}/* +%exclude %{_bindir}/gdlib-config + +%files devel +%{_bindir}/gdlib-config +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/gdlib.pc + + +%changelog + +* Fri Mar 27 2020 fjanus@redhat.com - 2.2.5-7 +- Fix CVE-2018-14553 - Potential Null pointer dereference in gdImageClone + Resolves: RHBZ#1811788 +- Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() + Resolves: RHBZ#1678104 (CVE-2019-6977) +- Fixed potential double-free in gdImage*Ptr() + Resolves: RHBZ#1679002 (CVE-2019-6978) + +* Mon Sep 10 2018 mskalick@redhat.com - 2.2.5-6 +- Check return value in gdImageBmpPtr to avoid double free (CVE-2018-1000222) + Resolves: RHBZ#1621956 + +* Mon Aug 06 2018 mskalick@redhat.com - 2.2.5-5 +- Rebuild to pass annobin checks + Fixes: RHBZ#1611074 + +* Tue May 22 2018 mskalick@redhat.com - 2.2.5-4 +- gdimagegrayscale/basic test is not failing in RHEL8 + +* Mon Mar 26 2018 Marek Skalický - 2.2.5-3 +- Fix CVE-2018-5711 - Potential infinite loop in gdImageCreateFromGifCtx + +* Wed Feb 07 2018 Fedora Release Engineering - 2.2.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 30 2017 Remi Collet - 2.2.5-1 +- Update to 2.2.5 +- fix double-free in gdImagePngPtr(). CVE-2017-6362 +- fix buffer over-read into uninitialized memory. CVE-2017-7890 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.2.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.2.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 01 2017 Sandro Mani - 2.2.4-2 +- Rebuild (libwebp) + +* Wed Jan 18 2017 Remi Collet - 2.2.4-1 +- Update to 2.2.4 + +* Tue Dec 06 2016 Marek Skalický - 2.2.3-5 +- Fix invalid read in gdImageCreateFromTiffPtr() ( CVE-2016-6911) +- Disable tests using freetype in Fedora 26 (freetype > 2.6) + +* Mon Dec 05 2016 Marek Skalický - 2.2.3-4 +- Fix stack based buffer overflow when passing negative `rlen` as size to + memcpy() (CVE-2016-8670) + +* Mon Dec 05 2016 Marek Skalický - 2.2.3-3 +- Fix possible overflow in gdImageWebpCtx (CVE-2016-7568) + +* Tue Jul 26 2016 Dan Horák - 2.2.3-2 +- apply workaround for rhbz#1359680 + +* Fri Jul 22 2016 Remi Collet - 2.2.3-1 +- Update to 2.2.3 +- use -msse -mfpmath=sse build options (x86-32) + +* Fri Jun 24 2016 Remi Collet - 2.2.2-1 +- Update to 2.2.2 + +* Sat May 28 2016 Remi Collet - 2.2.1-2 +- remove unneeded sources + +* Fri May 27 2016 Marek Skalicky - 2.2.1-1 +- Upgrade to 2.2.1 release +- Upstream moved to github.com + +* Thu Apr 28 2016 Marek Skalicky - 2.1.1-7 +- Fixed heap overflow (CVE-2016-3074) + +* Wed Feb 03 2016 Fedora Release Engineering - 2.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Dec 1 2015 Tom Callaway - 2.1.1-5 +- rebuild for libvpx 1.5.0 + +* Wed Jun 17 2015 Fedora Release Engineering - 2.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Apr 6 2015 Tom Callaway - 2.1.1-3 +- rebuild for libvpx 1.4.0 + +* Mon Mar 23 2015 Remi Collet - 2.1.1-2 +- fix version in gdlib.pc +- fix license handling + +* Wed Jan 14 2015 Jozef Mlich - 2.1.1-1 +- Update to 2.1.1 final + Resolves: #1181972 + +* Thu Jan 08 2015 Jozef Mlich - 2.1.0-8 +- Resolves: #1076676 CVE-2014-2497 + Previous patch indroduced memory leak. Using upstream version. + https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704 + +* Sat Aug 16 2014 Fedora Release Engineering - 2.1.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 16 2014 Jozef Mlich - 2.1.0-6 +- Resolves: #1076676 CVE-2014-2497 + NULL pointer dereference in gdImageCreateFromXpm() + +* Sat Jun 07 2014 Fedora Release Engineering - 2.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Dec 23 2013 Peter Robinson 2.1.0-4 +- Fix FTBFS + +* Sat Aug 03 2013 Fedora Release Engineering - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 2.1.0-2 +- Perl 5.18 rebuild + +* Tue Jun 25 2013 Remi Collet - 2.1.0-1 +- update to 2.1.0 final + +* Tue Jun 25 2013 Remi Collet - 2.1.0-0.2.725ba9d +- rebuild for linpng 1.6 + +* Tue Jun 11 2013 Remi Collet - 2.1.0-0.1.725ba9d +- update to 2.1.0 (post RC2 git snapshot) + +* Tue Apr 23 2013 Remi Collet - 2.0.35-25 +- drop uneeded patch +- really set default font search path + +* Mon Mar 25 2013 Honza Horak - 2.0.35-24 +- Fix build on aarch64 + +* Mon Mar 25 2013 Honza Horak - 2.0.35-23 +- Fix issues found by Coverity + +* Wed Feb 13 2013 Fedora Release Engineering - 2.0.35-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jan 18 2013 Adam Tkac - 2.0.35-21 +- rebuild due to "jpeg8-ABI" feature drop + +* Fri Dec 21 2012 Adam Tkac - 2.0.35-20 +- rebuild against new libjpeg + +* Tue Aug 28 2012 Honza Horak - 2.0.35-19 +- Spec file cleanup +- Compile and run test suite during build +- Using chrpath to get rid of --rpath in gd-progs + +* Fri Jul 27 2012 Fedora Release Engineering - 2.0.35-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Honza Horak - 2.0.35-17 +- fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors() + Resolves: #830745 + +* Tue Feb 28 2012 Honza Horak - 2.0.35-16 +- Fixed AALineThick.patch to display vertical lines correctly + Resolves: #798255 + +* Fri Jan 13 2012 Fedora Release Engineering - 2.0.35-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 08 2011 Adam Jackson 2.0.35-14 +- Rebuild for libpng 1.5 + +* Wed Oct 26 2011 Fedora Release Engineering - 2.0.35-13 +- Rebuilt for glibc bug#747377 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.0.35-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 6 2010 Jiri Moskovcak - 2.0.35-11 +- more spec file fixes + +* Wed Jan 6 2010 Jiri Moskovcak - 2.0.35-10 +- spec file fixes based on merge review + +* Fri Jul 24 2009 Fedora Release Engineering - 2.0.35-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Feb 24 2009 Fedora Release Engineering - 2.0.35-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jan 6 2009 Ivana Varekova - 2.0.35-7 +- do minor spec file cleanup + +* Mon Jul 21 2008 Tom "spot" Callaway - 2.0.35-6 +- fix license tag (nothing in this is GPL) + +* Tue Feb 19 2008 Fedora Release Engineering - 2.0.35-5 +- Autorebuild for GCC 4.3 + +* Tue Nov 20 2007 Ivana Varekova 2.0.35-4 +- remove static library + +* Mon Nov 19 2007 Ivana Varekova 2.0.35-3 +- spec file cleanup + +* Mon Nov 19 2007 Ivana Varekova 2.0.35-2 +- fix gdlib.pc file + +* Tue Sep 18 2007 Ivana Varekova 2.0.35-1 +- update to 2.0.35 + +* Tue Sep 4 2007 Ivana Varekova 2.0.34-3 +- fix font paths (#225786#5) +- fix pkgconfig Libs flag (#225786#4) + +* Thu Feb 22 2007 Ivana Varekova 2.0.34-2 +- incorporate package review feedback + +* Thu Feb 8 2007 Ivana Varekova 2.0.34-1 +- update to 2.0.34 + +* Mon Jan 29 2007 Ivana Varekova 2.0.33-12 +- Resolves: #224610 + CVE-2007-0455 gd buffer overrun + +* Tue Nov 21 2006 Ivana Varekova 2.0.33-11 +- Fix problem with to large box boundaries + Resolves: #197747 + +* Thu Nov 16 2006 Ivana Varekova 2.0.33-10 +- added 'thick' - variable support for AA line (#198042) + +* Tue Oct 31 2006 Adam Tkac 2.0.33-9.4 +- patched some additionals overflows in gd (#175414) + +* Wed Sep 13 2006 Jitka Kudrnacova - 2.0.33 - 9.3 +- gd-devel now requires fontconfig-devel (#205834) + +* Wed Jul 19 2006 Jitka Kudrnacova - 2.0.33 - 9.2 +- use CFLAGS on sparc64 (#199363) + +* Wed Jul 12 2006 Jesse Keating - 2.0.33 - 9.1 +- rebuild + +* Mon Jul 10 2006 Jitka Kudrnacova 2.0.33-9 +- prevent from an infinite loop when decoding bad GIF images (#194520) + +* Thu May 25 2006 Ivana Varekova - 2.0.33-7 +- fix multilib problem (add pkgconfig) + +* Fri Feb 10 2006 Jesse Keating - 2.0.33-6.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.0.33-6.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Jan 20 2006 Phil Knirsch 2.0.33-6 +- Included a few more overflow checks (#177907) + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 02 2005 Phil Knirsch 2.0.33-5 +- Switched BuildPreReqs and Requires to modular xorg-x11 style + +* Mon Oct 10 2005 Phil Knirsch 2.0.33-4 +- Fixed possible gd crash when drawing AA line near image borders (#167843) + +* Wed Sep 07 2005 Phil Knirsch 2.0.33-3 +- Fixed broken freetype-config --libs flags in configure (#165875) + +* Sun Apr 17 2005 Warren Togami 2.0.33-2 +- devel reqs (#155183 thias) + +* Tue Mar 22 2005 Than Ngo 2.0.33-1 +- 2.0.33 #150717 +- apply the patch from Jose Pedro Oliveira + - Added the release macro to the subpackages requirements versioning + - Handled the gdlib-config movement to gd-devel in a differment manner + - Added fontconfig-devel to the build requirements + - Added xorg-x11-devel to the build requirements (Xpm) + - Removed explicit /sbin/ldconfig requirement (gd rpm) + - Removed explicit perl requirement (gd-progs rpm) + - Added several missing documentation files (including the license file) + - Replaced %%makeinstall by make install DESTDIR=... + +* Thu Mar 10 2005 Than Ngo 2.0.32-3 +- move gdlib-config in devel + +* Wed Mar 02 2005 Phil Knirsch 2.0.32-2 +- bump release and rebuild with gcc 4 + +* Wed Nov 03 2004 Phil Knirsch 2.0.32-1 +- Update to 2.0.32 which includes all the security fixes + +* Wed Oct 27 2004 Phil Knirsch 2.0.28-2 +- Fixed several buffer overflows for gdMalloc() calls + +* Tue Jul 27 2004 Phil Knirsch 2.0.28-1 +- Update to 2.0.28 + +* Fri Jul 02 2004 Phil Knirsch 2.0.27-1 +- Updated to 2.0.27 due to: + o Potential memory overruns in gdImageFilledPolygon. Thanks to John Ellson. + o The sign of Y-axis values returned in the bounding box by gdImageStringFT + was incorrect. Thanks to John Ellson and Riccardo Cohen. + +* Wed Jun 30 2004 Phil Knirsch 2.0.26-1 +- Update to 2.0.26 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Wed Apr 21 2004 Phil Knirsch 2.0.21-3 +- Disable rpath usage. + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Mon Feb 02 2004 Phil Knirsch 2.0.21-1 +- Updated to 2.0.21 + +* Tue Aug 12 2003 Florian La Roche +- update to 2.0.15 + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue May 06 2003 Phil Knirsch 2.0.12-1 +- Update to 2.0.12 + +* Wed Jan 22 2003 Tim Powers 1.8.4-11 +- rebuilt + +* Wed Dec 11 2002 Tim Powers 1.8.4-10 +- rebuild on all arches + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Thu Jan 24 2002 Phil Knirsch +- Specfile update to add URL for homepage (#54608) + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Wed Oct 31 2001 Bernhard Rosenkraenzer 1.8.4-5 +- Rebuild with current libpng + +* Mon Aug 13 2001 Philipp Knirsch 1.8.4-4 +- Fixed a wrong double ownership of libgd.so (#51599). + +* Fri Jul 20 2001 Bernhard Rosenkraenzer 1.8.4-3 +- There's really no reason to link against both freetype 1.x and 2.x, + especially when gd is configured to use just freetype 2.x. ;) + +* Mon Jun 25 2001 Philipp Knirsch +- Forgot to include the freetype library in the shared library linking. Fixed. + +* Thu Jun 21 2001 Philipp Knirsch +- Update to 1.8.4 + +* Tue Dec 19 2000 Philipp Knirsch +- Updates the descriptions to get rid of al references to gif + +* Tue Dec 12 2000 Philipp Knirsch +- Fixed bug #22001 where during installation the .so.1 and the so.1.8 links + didn't get installed and therefore updates had problems. + +* Wed Oct 4 2000 Nalin Dahyabhai +- define HAVE_LIBTTF to actually enable ttf support (oops, #18299) +- remove explicit dependencies on libpng, libjpeg, et. al. +- add BuildPrereq: freetype-devel + +* Wed Aug 2 2000 Matt Wilson +- rebuilt against new libpng + +* Mon Jul 31 2000 Nalin Dahyabhai +- add %%postun run of ldconfig (#14915) + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Tue Jun 27 2000 Nalin Dahyabhai +- update to 1.8.3 + +* Sun Jun 4 2000 Nalin Dahyabhai +- rebuild in new environment + +* Mon May 22 2000 Nalin Dahyabhai +- break out a -progs subpackage +- disable freetype support + +* Fri May 19 2000 Nalin Dahyabhai +- update to latest version (1.8.2) +- disable xpm support + +* Thu Feb 03 2000 Nalin Dahyabhai +- auto rebuild in the new build environment (release 6) + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 5) + +* Thu Dec 17 1998 Cristian Gafton +- buiuld for glibc 2.1 + +* Fri Sep 11 1998 Cristian Gafton +- built for 5.2