From b4e3dcda6cdb6182ef63e1f01b21ac53e5aed1b3 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@fedoraproject.org>
Date: Thu, 19 Jan 2017 09:38:12 +0100
Subject: [PATCH] v2.2.4

---
 .gitignore                                    |   1 +
 gd-2.2.3-dynamicGetbuf-negative-rlen.patch    |  26 ---------
 gd-2.2.3-overflow-in-gdImageWebpCtx.patch     |  33 ------------
 gd-2.2.4-upstream.patch                       |  50 ++++++++++++++++++
 ...lid-read-in-gdImageCreateFromTiffPtr.patch | Bin 10937 -> 0 bytes
 gd.spec                                       |  33 +++++++-----
 sources                                       |   2 +-
 7 files changed, 73 insertions(+), 72 deletions(-)
 delete mode 100644 gd-2.2.3-dynamicGetbuf-negative-rlen.patch
 delete mode 100644 gd-2.2.3-overflow-in-gdImageWebpCtx.patch
 create mode 100644 gd-2.2.4-upstream.patch
 delete mode 100644 gd-2.2.x-fix-invalid-read-in-gdImageCreateFromTiffPtr.patch

diff --git a/.gitignore b/.gitignore
index ab5574d..60452a2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ gd-2.0.35.tar.bz2
 /libgd-2.2.1.tar.xz
 /libgd-2.2.2.tar.xz
 /libgd-2.2.3.tar.xz
+/libgd-2.2.4.tar.xz
diff --git a/gd-2.2.3-dynamicGetbuf-negative-rlen.patch b/gd-2.2.3-dynamicGetbuf-negative-rlen.patch
deleted file mode 100644
index 24ebd9b..0000000
--- a/gd-2.2.3-dynamicGetbuf-negative-rlen.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 12 Oct 2016 11:15:32 +0200
-Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
-
-We make sure to never pass a negative `rlen` as size to memcpy(). See
-also <https://bugs.php.net/bug.php?id=73280>.
-
-Patch provided by Emmanuel Law.
----
- src/gd_io_dp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
-index 135eda3..228bfa5 100644
---- a/src/gd_io_dp.c
-+++ b/src/gd_io_dp.c
-@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
- 	if(remain >= len) {
- 		rlen = len;
- 	} else {
--		if(remain == 0) {
-+		if(remain <= 0) {
- 			/* 2.0.34: EOF is incorrect. We use 0 for
- 			 * errors and EOF, just like fileGetbuf,
- 			 * which is a simple fread() wrapper.
diff --git a/gd-2.2.3-overflow-in-gdImageWebpCtx.patch b/gd-2.2.3-overflow-in-gdImageWebpCtx.patch
deleted file mode 100644
index fdf522c..0000000
--- a/gd-2.2.3-overflow-in-gdImageWebpCtx.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
-From: trylab <trylab@users.noreply.github.com>
-Date: Tue, 6 Sep 2016 18:35:32 +0800
-Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
-
-Integer overflow can be happened in expression gdImageSX(im) * 4 *
-gdImageSY(im). It could lead to heap buffer overflow in the following
-code. This issue has been reported to the PHP Bug Tracking System. The
-proof-of-concept file will be supplied some days later. This issue was
-discovered by Ke Liu of Tencent's Xuanwu LAB.
----
- src/gd_webp.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/gd_webp.c b/src/gd_webp.c
-index 8eb4dee..9886399 100644
---- a/src/gd_webp.c
-+++ b/src/gd_webp.c
-@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
- 		quantization = 80;
- 	}
- 
-+	if (overflow2(gdImageSX(im), 4)) {
-+		return;
-+	}
-+
-+	if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
-+		return;
-+	}
-+
- 	argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
- 	if (!argb) {
- 		return;
diff --git a/gd-2.2.4-upstream.patch b/gd-2.2.4-upstream.patch
new file mode 100644
index 0000000..8aee1a0
--- /dev/null
+++ b/gd-2.2.4-upstream.patch
@@ -0,0 +1,50 @@
+From c9b601a658a79e6ea2aad29fbf60ca6e24ccef1e Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Wed, 18 Jan 2017 13:59:02 +0100
+Subject: [PATCH] Fix build issue regarding INT_MAX
+
+For portability gd_gd2.c needs to include <limits.h>.
+---
+ src/gd_gd2.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index c2904ca..049c4c5 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -74,6 +74,7 @@
+ 
+ /* 2.0.29: no more errno.h, makes windows happy */
+ #include <math.h>
++#include <limits.h>
+ #include <string.h>
+ #include "gd.h"
+ #include "gd_errors.h"
+
+
+From 55ac28a293eaa8c531870c8bb8ecc04b333975f4 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Thu, 19 Jan 2017 01:02:58 +0100
+Subject: [PATCH] Fix #357: 2.2.4: Segfault in test suite.
+
+We make sure to never pass a negative `int` as argument to a `size_t`
+parameter.
+---
+ src/gd_io_dp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
+index eda2eeb..cb38794 100644
+--- a/src/gd_io_dp.c
++++ b/src/gd_io_dp.c
+@@ -292,6 +292,10 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
+ 		rlen = dp->realSize - dp->pos;
+ 	}
+ 
++	if (rlen < 0) {
++		return 0;
++	}
++
+ 	memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen);
+ 	dp->pos += rlen;
+ 
diff --git a/gd-2.2.x-fix-invalid-read-in-gdImageCreateFromTiffPtr.patch b/gd-2.2.x-fix-invalid-read-in-gdImageCreateFromTiffPtr.patch
deleted file mode 100644
index 78a80b447e3bcfd49d5712391ee870b6803198dd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 10937
zcmeHN-E-T<5r^|NA)53n>BlsE*s3!LD3TxuN}?#ms$^MmG*xVkB{!XEIxGkrNW>t(
z0YFPi?3p~}sn4BB`_}$D?Q8qo{~&LDYx>*6fubnM5^ar}htL*rxZB;^+x^|{-VL{t
zc(6iqoBbq6vv}C24^6ry+=n8WqxaoGS2ma0>%GB|>4`P{wv&k!Iv9y6*|ah0k!>}W
zs9~=(td(YyDwb_o`u?c<iEy(O+76B=h#om%;87wR4=>d7b_PyQY~no=+nD|!@cq3k
zG0M80q1jOk9cD1Ohk}&cI7vpstV&Mgk?V|7k)k;*T)$X&mAa#hqBy%y2cvA#L0^zN
z3WrIM>6q0!j+{Z@-Vs@M<QwHG9rgpaPhKq2=)H{GKFmXYoKQT<YO!DI#v`c5il-*+
zM3nVebte^7eM*#ElM{x*qr)KUlS7f{Ia%;XkT<NY4dXOd*a_2^@D|7+XyJ=Qj~|J|
z597m>`VJVfn7RVZ$b+~luP;}VCngI6sUk^4HcBE)X}G=#lMV)0W@}N{ZKqu}bsg>s
zqTckXNgVZqZjeDr-^uU=6Xo8ZgPrYdI*do5M`;#>A-U44I@1K~Wh_ESZ%MX%egYmw
zf?{8?--og8-?_CRL1C2HF6<;}TH%@cM=(e%XU=^e3Jl6w3hdnPbsaGJP7qRXzEB=Z
zvA_fNN06qNz7I5Zg^1v-VVq<zO81y{x{1>d2DBB{_MKz&!L+GxM}WiedKh$jo*5@S
zQ?J!(I;DwQ?|Gdd?s!AfrE@=zi5iPkk)KH>hV?}}1SY$sn7|1>{^*p6G)wEuTHpN8
zc_?<VWm7Xd$|j};FEyxgiumlVQrd!e3B*_UJY8O=k?+&TbPM3KsJ2GUrnLZzLgh<X
z?K7+kcKb@4&2u=H3(gk#L5LXPVq5fhS1h-%F;bCaK^&z<1$(*CB2NHLvZGek6|86w
zdx9F4wY0D>Y4UTdI5Uef)a-n@m1gJ5ZKUfShtXQC7i8qrr-0j?>d=G86Gvp*%U$1D
zG)>_-wh&!q62|@+89E?DXXLD}Q_Ws#R+p&4j~1aL%@E{VdK4ogsF1if%HXBMNV8<*
zW}F}HZDvO_?`B6F%%CxRQ*wqw5qY=sfNXdetgU&&D!to<C(ElkJ<&<8)aS9EImmIa
z5)_S)!4RGO92Vrb*$6@RScd3TAT^F?>)y6ZDk4b`$mi?W*tw28_35asR70{NshnKJ
zJc4qrXDA|Q`WcjE)&#FrOf+zUXjPZCXxUX8`^|1OtM=lAHJ)*%5?g_8lHm=d$)H!6
z6@xKK-Vg(YmC&JAN{Ef1l(~i8$J!r1E>aDxffgeOtKoj|sVHL+l~PHCYikuRPjti-
z^zdp}GN{A27q~eC)e2EOci<a}5OUcl(k3M~2w3sWL{CVBNKc=kIl=J$O|qE0Rw|X?
zOWU-}=E92f5l8Nb6Avm2laLlr17H=%zLJ{eNqUgW0*@K0^vNjAC=4D784L0xUM-08
z6bYdYrNLkrf(Xm^kVp;_##(|X4<#V>;MOgZ?j=Dlh@22rL{FuR6}s(2fe2|cKI|d+
znG7E08QYDpguC|+r1}_xNl(Uj-3(bglwk^}z&2<6RgrL_wR7E++jY``ll~}tHxL7N
zcx*_t8aZ;yWEi~lXuizco|8FLDLjb?$%^sT0-AEzRBp;Xbe$VfR8|`Yg8W^@lkS4w
z5KB$dZ2Gq4E}kDx6vwG>qWX9TwHDhPP53bxO?dyDQxnMQWS+oZEvio5y1{_s3G?(t
z(CcTwWH6|$rN_L|5&D}p@uo(lHPMrx%HWN_eCfz_MVhi1h+&$dghN>vBgVRM7>^Pf
zhy-xyaeT>~q=%ZNhvJtjq8yb#9}stl|0pd`3ym^J0@mC($^>Sp$uS2lR3O7dAaQY_
zhmhuk!@fh(Rig+sm+Zt=KuGGxG0I{YYFe#EwXqCKamcZzLd~qEDnNVZc4vEIXZOMV
zEw&4Tv{qsppDy8~xeo&`>sOV5xsqjTR<XBN^%}UaX^msp-CCt%#G>2}Xjdv~^D_a5
zHV_<vK#D_iJkC}}JVQDwYH=sz?R$)36;%;R#W0Lr957^IeW=_r-uyE3aQu+exue8*
z`@++hI@kGk&~rYYA6w(7{Cg|_+n5Oq>xh%8tYQ&dHVlSHxlDDkb0Wq<0>Ykmkc`A8
zziqJh3^p1#?&loULc*P?_glrgqs%5_VhS(~gCoQpg*6}~KWF67Q$a|bg!V<Y$HYc3
zs1ow2f_x2juTi5aWh4+^DJf7x-`RZ1$+yBA1L;M{Q2FEOUgl`{R5vrhv-(-`a!TMF
zbDpCm0Xytzo|Z(Hx>{0QtFJ31nJZ*yx!l`w{+Zn^vrqoTJ6T58wuP`-X|+$+YR?c|
z^RO7jhe(x-SA|rLipaCr6nPZuBENXN`w|4eAVRs$<yT3qMedbbibUd9auq$>q0{4i
zF%g~iA8c-J?e8<1RSrIh)H2uB=TGOYi%(SD`h{aEpIJ?RscE^Ux!myWrqw)MA79L!
z=eCQ-*%J-Uat)c|blTaL0i&~h@4?;MNL{--`v=Cx-rm;T+jOwCf3V-#-r3#Shv7I=
zc7lN&3}Au$CBJ-;cPRxyGz!C_?F|E+$`=~tj0~JvPg&+10zDFkvf!FLNEJ4-<i|9-
z!dq-Ex8-4??ukcrsni+MoF|^`V^uA-4-T*E>s<8fm5;=G2@)hu$c!g>QNj6uUrt?C
z<fp<SY2;TEPIQcfJ&2Rz{B9tv>J=^`$JZS(%0V1kkj#6D;|d=JJeKzjDH(w&%%Zy3
z#FSHaTG#;cIHFhXKG@wYn|g%{LA~-z)Ux3S2hBO$DfH(~cknV~CsR(InB=WUhu5I$
zwl1!Ca786J1}nl81$+m`53Ih!f+opTS%a`ItG-EYo{D!m7x=h}t9+(c_*!9N#<?@z
zP{-Lhp8ay-{0w_V;{4z$iF4U%L-)M9qro<=b4G|P22ac<lPjBPye<`E@_KNrK9|Bp
z<tJC9jL8oW<(lvdvc{Bw-z{pKNu#n+aGk^@zy+6{EUZf7dOR0W*b{{V9JrD4wFLqo
z-MmQ>MM_^BSOnMeD6P&KLTNswW$yQjU@*2$PR2N6aH;7y%Fw(&RIh3RaWw4Yi@@Pp
zw#J4k_~rU}CEF0V=VX1`kXV{SVK{+bHkQxFRv-H<G79c0%_ZG2YEGF1)W0|}31Xg~
z3h~hJaV=m~X@6_$*Bt~&woR!}lf`Eu3_&FO&vNW<9q>r*Yh@{L4P-@W6mpn^6+Wd;
zK|P@q(-el`x!E7a*#2y|*f-`?2aa5Y{3=Xw?i?q=ZjOmh^!42kX8^T0o?Bw1Fy#rI
z+D(NpEau78lR$CZ_w-Cq+;v?g9S93oO|9<C>7bZnA}2IuO4!+%*FN};rhWbG=adEh
z`!)YN`?;w9Eam^F=c@W$mF`8Y;#u{1R=(?6*LBT*U2?8#UEfqWFUn5WJ<oN^yQ+Vl
zci!jazp9>>(aoyItn`=7e_i93>2=xob?NcEa;Ej1et%y1FN(j=yLi5+d9Q1pX}zc4
zuWO!f<viU2Z)@6(m$e(3ru`IuH&pw3XupK^D|p_0L(^VX{Y>|oYQKcGUYQtp^Ttcs
zhv@th7=Cc$6)E)fCtv*K#}hO^Qf(Go^v|RH6Ggv{lKy8mUX{FSkn@geZ=?P52|30@
zyNos~1NF5v&~y6>(EkeU*U<jWA2sd1qR;6x?E^`D^8CJ*|HF#@^*6TI=l}lnfS=kw
z{=O@pfBy1Ietz!z@AC62<Kyqi_jlgh<EQr9wxq8QqO6`c10TQRz=60?Px)Ng!C!r$
zwXm?f)V3Y`7{{?}+wnxh_m@1e*zG!2(_U^0+v~O)X8NcnfBB%v?-`D5>ZcZ$9NW}S
z4X$!*Yd06%rdXW)*rw(<_t^Gb*#2{k_Lg5i0Uraa03Z8|!6*CBF2MIH+6DMtM*Cdw
z{Q+EK@PX)uQqW(eumXH6xB#C<C*XT+Mf<0O9}~QSuL6B<pgjxv_CQ~t5AxTc125`r
zmW$6c_!>)^=6Ra-)>|07DgZzJ%9t5|%a+$%Y%jK&4cBQ4z|d{m0?>0B{*vR{EvM@=
zT8)<33;Y~_Ghk2sSmzS#sh_J{1$(w7yyaG7cI>G+zA4y~NYXCFo~Hc=fp1j;^#x+D
R*?b1<T|M}XW8du1`yU^vP8a|H

diff --git a/gd.spec b/gd.spec
index d7d725f..cec5648 100644
--- a/gd.spec
+++ b/gd.spec
@@ -4,8 +4,8 @@
 
 Summary:       A graphics library for quick creation of PNG or JPEG images
 Name:          gd
-Version:       2.2.3
-Release:       5%{?prever}%{?short}%{?dist}
+Version:       2.2.4
+Release:       1%{?prever}%{?short}%{?dist}
 Group:         System Environment/Libraries
 License:       MIT
 URL:           http://libgd.github.io/
@@ -19,11 +19,7 @@ Source0:       https://github.com/libgd/libgd/releases/download/gd-%{version}/li
 
 Patch1:        gd-2.1.0-multilib.patch
 Patch2:        gd-2.2.3-tests.patch
-Patch3:        gd-2.2.3-overflow-in-gdImageWebpCtx.patch
-Patch4:        gd-2.2.3-dynamicGetbuf-negative-rlen.patch
-# TODO - created by one of upstream maintainers, but not in upstream yet
-# https://github.com/libgd/libgd/pull/353
-Patch5:        gd-2.2.x-fix-invalid-read-in-gdImageCreateFromTiffPtr.patch
+Patch3:        gd-2.2.4-upstream.patch
 
 BuildRequires: freetype-devel
 BuildRequires: fontconfig-devel
@@ -39,6 +35,8 @@ BuildRequires: pkgconfig
 BuildRequires: libtool
 BuildRequires: perl
 BuildRequires: perl-generators
+# for fontconfig/basic test
+BuildRequires: liberation-sans-fonts
 
 
 %description
@@ -83,10 +81,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
 %setup -q -n libgd-%{version}%{?prever:-%{prever}}
 %patch1 -p1 -b .mlib
 %patch2 -p1 -b .build
-%patch3 -p1 -b .gdImageWebpCtx
-%patch4 -p1 -b .dynamicGetbuf
-# Patch5 adds some non-text files (.tiff)
-patch -p1 --binary < %{PATCH5}
+%patch3 -p1 -b .upstream
 
 %if 0%{?fedora} >= 26
 # TODO - tests using freetype 2.7 are failing
@@ -139,6 +134,18 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a
 
 
 %check
+%ifarch %{ix86}
+# See https://github.com/libgd/libgd/issues/359
+XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS"
+%endif
+%if 0%{?fedora} >= 26
+# See https://github.com/libgd/libgd/issues/363
+XFAIL_TESTS="freetype/bug00132 $XFAIL_TESTS"
+XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox $XFAIL_TESTS"
+%endif
+
+export XFAIL_TESTS
+
 : Upstream test suite
 make check
 
@@ -161,7 +168,6 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
 %exclude %{_bindir}/gdlib-config
 
 %files devel
-%doc ChangeLog
 %{_bindir}/gdlib-config
 %{_includedir}/*
 %{_libdir}/*.so
@@ -169,6 +175,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
 
 
 %changelog
+* Wed Jan 18 2017 Remi Collet <remi@fedoraproject.org> - 2.2.4-1
+- Update to 2.2.4
+
 * Tue Dec 06 2016 Marek Skalický <mskalick@redhat.com> - 2.2.3-5
 - Fix invalid read in gdImageCreateFromTiffPtr() ( CVE-2016-6911)
 - Disable tests using freetype in Fedora 26 (freetype > 2.6)
diff --git a/sources b/sources
index 2fb8acb..976a31c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-14e4134c129b4c166c3a0549a32ef340  libgd-2.2.3.tar.xz
+SHA512 (libgd-2.2.4.tar.xz) = 07903f322c4f6ab392508b0f60c38ca133699111ea92995dc6cd9379210d598bcb24a46c19657884d9e252f8663d0ee8c89c600e3a382a5ae598198c190f39b5