Update to 2.1.1 final

Resolves: #1181972
2015-01-14 13:52:36 +01:00 · 2015-01-14 13:52:36 +01:00 · ff3f68b87a
commit ff3f68b87a
parent b076ebc318
5 changed files with 9 additions and 48 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@ clog
 gd-2.0.35.tar.bz2
 /libgd-2.1.0-725ba9de4005144d137d2a7a70f760068fc3d306.tgz
 /libgd-2.1.0.tar.xz
 /libgd-2.1.1.tar.xz
--- a/gd-2.1.0-color_c_null_pointer.patch
+++ b/gd-2.1.0-color_c_null_pointer.patch
@ -1,29 +0,0 @@
 From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
 From: Remi Collet <fedora@famillecollet.com>
 Date: Mon, 4 Aug 2014 10:31:25 +0200
 Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
 ---
 src/gdxpm.c | 10 ++++++++++
 1 file changed, 10 insertions(+)
 diff -up ./src/gdxpm.c.1076676 ./src/gdxpm.c
 --- ./src/gdxpm.c.1076676	2013-06-25 11:58:23.000000000 +0200
 +++ ./src/gdxpm.c	2015-01-08 13:39:36.600424371 +0100
@@ -49,6 +49,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
 	if(overflow2(sizeof(int), number)) {
 		goto done;
 	}
 +	for(i = 0; i < number; i++) {
 +		/*
 +		   avoid NULL pointer dereference
 +		   TODO better fix need to manage monochrome/monovisual
 +		   see m_color or g4_color or g_color
 +		*/
 +		if (!image.colorTable[i].c_color) {
 +			goto done;
 +		}
 +	}
 	colors = (int *)gdMalloc(sizeof(int) * number);
 	if(colors == NULL) {
--- a/gd-fixautoconf.patch
+++ b/gd-fixautoconf.patch
@ -1,11 +0,0 @@
 --- libgd-2.1.0/configure.ac.orig	2013-12-15 19:20:24.569994500 +0000
 +++ libgd-2.1.0/configure.ac	2013-12-15 19:20:38.010142489 +0000
@@ -45,7 +45,7 @@
 FEATURES="GD_GIF GD_GIFANIM GD_OPENPOLYGON"
 AC_SUBST(FEATURES)
 -AM_INIT_AUTOMAKE([foreign dist-bzip2 dist-xz -Wall -Werror])
 +AM_INIT_AUTOMAKE([foreign dist-bzip2 dist-xz subdir-objects -Wall -Werror])
 AC_CONFIG_HEADERS([src/config.h:src/config.hin])
 dnl newer automake wants this, but we still want to work with older
--- a/gd.spec
+++ b/gd.spec
@ -4,8 +4,8 @@
 Summary:       A graphics library for quick creation of PNG or JPEG images
 Name:          gd
-Version:       2.1.0
+Version:       2.1.1
-Release:       8%{?prever}%{?short}%{?dist}
+Release:       1%{?prever}%{?short}%{?dist}
 Group:         System Environment/Libraries
 License:       MIT
 URL:           http://libgd.bitbucket.org/
@ -17,8 +17,6 @@ Source0:       libgd-%{version}-%{commit}.tgz
 Source0:       https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}%{?prever:-%{prever}}.tar.xz
 %endif
 Patch1:        gd-2.1.0-multilib.patch
 Patch2:        gd-fixautoconf.patch
 Patch3:        gd-2.1.0-color_c_null_pointer.patch
 BuildRequires: freetype-devel
 BuildRequires: fontconfig-devel
@ -75,8 +73,6 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
 %prep
 %setup -q -n libgd-%{version}%{?prever:-%{prever}}
 %patch1 -p1 -b .mlib
 %patch2 -p1 -b .automake
 %patch3 -p1 -b .color_c_null_pointer
 # https://bitbucket.org/libgd/gd-libgd/issue/77
 sed -e '/GD_VERSION_STRING/s/-alpha//' \
@ -141,7 +137,11 @@ make check
 %changelog
-* Thu Jan 08 2015 Jozef Mlich <jmlich@redhat.com - 2.1.0-8
+* Wed Jan 14 2015 Jozef Mlich <jmlich@redhat.com> - 2.1.1-1
 - Update to 2.1.1 final
  Resolves: #1181972
 * Thu Jan 08 2015 Jozef Mlich <jmlich@redhat.com> - 2.1.0-8
 - Resolves: #1076676 CVE-2014-2497
  Previous patch indroduced memory leak. Using upstream version.
  https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704
--- a/2
+++ b/2
@ -1 +1 @@
-03588159bf4faab9079849c8d709acc6  libgd-2.1.0.tar.xz
+9076f3abd1f9815d106da36467ea15bc  libgd-2.1.1.tar.xz
`@ -1 +1 @@`
	`03588159bf4faab9079849c8d709acc6 libgd-2.1.0.tar.xz`	`9076f3abd1f9815d106da36467ea15bc libgd-2.1.1.tar.xz`