diff --git a/SOURCES/gd-2.1.0-multilib.patch b/SOURCES/gd-2.1.0-multilib.patch new file mode 100644 index 00000000..c4fdc63f --- /dev/null +++ b/SOURCES/gd-2.1.0-multilib.patch @@ -0,0 +1,33 @@ +diff -up gd-2.1.0/config/gdlib-config.in.multilib gd-2.1.0/config/gdlib-config.in +--- gd-2.1.0/config/gdlib-config.in.multilib 2013-04-21 16:58:17.820010758 +0200 ++++ gd-2.1.0/config/gdlib-config.in 2013-04-21 16:59:27.896317922 +0200 +@@ -7,9 +7,10 @@ + # installation directories + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ ++libdir=`pkg-config gdlib --variable=libdir` + includedir=@includedir@ + bindir=@bindir@ ++ldflags=`pkg-config gdlib --variable=ldflags` + + usage() + { +@@ -68,7 +69,7 @@ while test $# -gt 0; do + echo @GDLIB_REVISION@ + ;; + --ldflags) +- echo @LDFLAGS@ ++ echo $ldflags + ;; + --libs) + echo -lgd @LIBS@ @LIBICONV@ +@@ -83,7 +84,7 @@ while test $# -gt 0; do + echo "GD library @VERSION@" + echo "includedir: $includedir" + echo "cflags: -I@includedir@" +- echo "ldflags: @LDFLAGS@" ++ echo "ldflags: $ldflags" + echo "libs: @LIBS@ @LIBICONV@" + echo "libdir: $libdir" + echo "features: @FEATURES@" diff --git a/SOURCES/gd-2.2.5-gdImageBmpPtr-double-free.patch b/SOURCES/gd-2.2.5-gdImageBmpPtr-double-free.patch new file mode 100644 index 00000000..80f9712b --- /dev/null +++ b/SOURCES/gd-2.2.5-gdImageBmpPtr-double-free.patch @@ -0,0 +1,73 @@ +From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sat, 14 Jul 2018 13:54:08 -0400 +Subject: [PATCH] bmp: check return value in gdImageBmpPtr + +Closes #447. +--- + src/gd_bmp.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/src/gd_bmp.c b/src/gd_bmp.c +index bde0b9d3..78f40d9a 100644 +--- a/src/gd_bmp.c ++++ b/src/gd_bmp.c +@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp + static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); + static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); + ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); ++ + #define BMP_DEBUG(s) + + static int gdBMPPutWord(gdIOCtx *out, int w) +@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageBmpCtx(im, out, compression); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageBmpCtx(im, out, compression)) ++ rv = gdDPExtractData(out, size); ++ else ++ rv = NULL; + out->gd_free(out); + return rv; + } +@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) + compression - whether to apply RLE or not. + */ + BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) ++{ ++ _gdImageBmpCtx(im, out, compression); ++} ++ ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + { + int bitmap_size = 0, info_size, total_size, padding; + int i, row, xpos, pixel; +@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; + FILE *tmpfile_for_compression = NULL; + gdIOCtxPtr out_original = NULL; ++ int ret = 1; + + /* No compression if its true colour or we don't support seek */ + if (im->trueColor) { +@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + out_original = NULL; + } + ++ ret = 0; + cleanup: + if (tmpfile_for_compression) { + #ifdef _WIN32 +@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + if (out_original) { + out_original->gd_free(out_original); + } +- return; ++ return ret; + } + + static int compress_row(unsigned char *row, int length) diff --git a/SOURCES/gd-2.2.5-upstream.patch b/SOURCES/gd-2.2.5-upstream.patch new file mode 100644 index 00000000..0bc1bcb1 --- /dev/null +++ b/SOURCES/gd-2.2.5-upstream.patch @@ -0,0 +1,62 @@ +From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" +Date: Wed, 29 Nov 2017 19:37:38 +0100 +Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx + +Due to a signedness confusion in `GetCode_` a corrupt GIF file can +trigger an infinite loop. Furthermore we make sure that a GIF without +any palette entries is treated as invalid *after* open palette entries +have been removed. + +CVE-2018-5711 + +See also https://bugs.php.net/bug.php?id=75571. +--- + src/gd_gif_in.c | 12 ++++++------ + tests/gif/.gitignore | 1 + + tests/gif/CMakeLists.txt | 1 + + tests/gif/Makemodule.am | 2 ++ + tests/gif/php_bug_75571.c | 28 ++++++++++++++++++++++++++++ + tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes + 6 files changed, 38 insertions(+), 6 deletions(-) + create mode 100644 tests/gif/php_bug_75571.c + create mode 100644 tests/gif/php_bug_75571.gif + +diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c +index daf26e79..0a8bd717 100644 +--- a/src/gd_gif_in.c ++++ b/src/gd_gif_in.c +@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) + return 0; + } + +- if(!im->colorsTotal) { +- gdImageDestroy(im); +- return 0; +- } +- + /* Check for open colors at the end, so + * we can reduce colorsTotal and ultimately + * BitsPerPixel */ +@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) + } + } + ++ if(!im->colorsTotal) { ++ gdImageDestroy(im); ++ return 0; ++ } ++ + return im; + } + +@@ -447,7 +447,7 @@ static int + GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) + { + int i, j, ret; +- unsigned char count; ++ int count; + + if(flag) { + scd->curbit = 0; + diff --git a/SPECS/gd.spec b/SPECS/gd.spec new file mode 100644 index 00000000..02cb0996 --- /dev/null +++ b/SPECS/gd.spec @@ -0,0 +1,572 @@ +# requested by https://bugzilla.redhat.com/1468338 +# this break gdimagefile/gdnametest: +# gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.gif +# gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.GIF +# FAIL gdimagefile/gdnametest (exit status: 2) +%global with_liq 0 + + +Summary: A graphics library for quick creation of PNG or JPEG images +Name: gd +Version: 2.2.5 +Release: 6%{?prever}%{?short}%{?dist} +Group: System Environment/Libraries +License: MIT +URL: http://libgd.github.io/ +%if 0%{?commit:1} +# git clone https://github.com/libgd/libgd.git; cd gd-libgd +# git archive --format=tgz --output=libgd-%{version}-%{commit}.tgz --prefix=libgd-%{version}/ master +Source0: libgd-%{version}-%{commit}.tgz +%else +Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/libgd-%{version}.tar.xz +%endif + +Patch1: gd-2.1.0-multilib.patch +# CVE-2018-5711 - https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04 +Patch2: gd-2.2.5-upstream.patch +# CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 +Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch + +BuildRequires: freetype-devel +BuildRequires: fontconfig-devel +BuildRequires: gettext-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: libtiff-devel +BuildRequires: libwebp-devel +%if %{with_liq} +BuildRequires: libimagequant-devel +%endif +BuildRequires: libX11-devel +BuildRequires: libXpm-devel +BuildRequires: zlib-devel +BuildRequires: pkgconfig +BuildRequires: libtool +#BuildRequires: perl-interpreter +#BuildRequires: perl-generators +# for fontconfig/basic test +BuildRequires: liberation-sans-fonts + + +%description +The gd graphics library allows your code to quickly draw images +complete with lines, arcs, text, multiple colors, cut and paste from +other images, and flood fills, and to write out the result as a PNG or +JPEG file. This is particularly useful in Web applications, where PNG +and JPEG are two of the formats accepted for inline images by most +browsers. Note that gd is not a paint program. + + +%package progs +Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Utility programs that use libgd +Group: Applications/Multimedia + +%description progs +The gd-progs package includes utility programs supplied with gd, a +graphics library for creating PNG and JPEG images. + + +%package devel +Summary: The development libraries and header files for gd +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: freetype-devel%{?_isa} +Requires: fontconfig-devel%{?_isa} +Requires: libjpeg-devel%{?_isa} +Requires: libpng-devel%{?_isa} +Requires: libtiff-devel%{?_isa} +Requires: libwebp-devel%{?_isa} +Requires: libX11-devel%{?_isa} +Requires: libXpm-devel%{?_isa} +Requires: zlib-devel%{?_isa} + +%description devel +The gd-devel package contains the development libraries and header +files for gd, a graphics library for creating PNG and JPEG graphics. + + +%prep +%setup -q -n libgd-%{version}%{?prever:-%{prever}} +%patch1 -p1 -b .mlib +%patch2 -p1 -b .upstream +%patch3 -p1 -b .gdImageBmpPtr-free + +: $(perl config/getver.pl) + +: regenerate autotool stuff +if [ -f configure ]; then + libtoolize --copy --force + autoreconf -vif +else + ./bootstrap.sh +fi + + +%build +# Provide a correct default font search path +CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\ +/usr/share/fonts/bitstream-vera:\ +/usr/share/fonts/dejavu:\ +/usr/share/fonts/default/Type1:\ +/usr/share/X11/fonts/Type1:\ +/usr/share/fonts/liberation\"'" + +%ifarch %{ix86} +# see https://github.com/libgd/libgd/issues/242 +CFLAGS="$CFLAGS -msse -mfpmath=sse" +%endif + +%ifarch aarch64 ppc64 ppc64le s390 s390x +# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1359680 +export CFLAGS="$CFLAGS -ffp-contract=off" +%endif + +%configure \ + --with-tiff=%{_prefix} \ + --disable-rpath +make %{?_smp_mflags} + + +%install +make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT +rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a + + +%check +export XFAIL_TESTS + +: Upstream test suite +make check + +: Check content of pkgconfig +grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_libdir}/*.so.* + +%files progs +%{_bindir}/* +%exclude %{_bindir}/gdlib-config + +%files devel +%{_bindir}/gdlib-config +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/gdlib.pc + + +%changelog +* Mon Sep 10 2018 mskalick@redhat.com - 2.2.5-6 +- Check return value in gdImageBmpPtr to avoid double free (CVE-2018-1000222) + Resolves: RHBZ#1621956 + +* Mon Aug 06 2018 mskalick@redhat.com - 2.2.5-5 +- Rebuild to pass annobin checks + Fixes: RHBZ#1611074 + +* Tue May 22 2018 mskalick@redhat.com - 2.2.5-4 +- gdimagegrayscale/basic test is not failing in RHEL8 + +* Mon Mar 26 2018 Marek Skalický - 2.2.5-3 +- Fix CVE-2018-5711 - Potential infinite loop in gdImageCreateFromGifCtx + +* Wed Feb 07 2018 Fedora Release Engineering - 2.2.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 30 2017 Remi Collet - 2.2.5-1 +- Update to 2.2.5 +- fix double-free in gdImagePngPtr(). CVE-2017-6362 +- fix buffer over-read into uninitialized memory. CVE-2017-7890 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.2.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.2.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 01 2017 Sandro Mani - 2.2.4-2 +- Rebuild (libwebp) + +* Wed Jan 18 2017 Remi Collet - 2.2.4-1 +- Update to 2.2.4 + +* Tue Dec 06 2016 Marek Skalický - 2.2.3-5 +- Fix invalid read in gdImageCreateFromTiffPtr() ( CVE-2016-6911) +- Disable tests using freetype in Fedora 26 (freetype > 2.6) + +* Mon Dec 05 2016 Marek Skalický - 2.2.3-4 +- Fix stack based buffer overflow when passing negative `rlen` as size to + memcpy() (CVE-2016-8670) + +* Mon Dec 05 2016 Marek Skalický - 2.2.3-3 +- Fix possible overflow in gdImageWebpCtx (CVE-2016-7568) + +* Tue Jul 26 2016 Dan Horák - 2.2.3-2 +- apply workaround for rhbz#1359680 + +* Fri Jul 22 2016 Remi Collet - 2.2.3-1 +- Update to 2.2.3 +- use -msse -mfpmath=sse build options (x86-32) + +* Fri Jun 24 2016 Remi Collet - 2.2.2-1 +- Update to 2.2.2 + +* Sat May 28 2016 Remi Collet - 2.2.1-2 +- remove unneeded sources + +* Fri May 27 2016 Marek Skalicky - 2.2.1-1 +- Upgrade to 2.2.1 release +- Upstream moved to github.com + +* Thu Apr 28 2016 Marek Skalicky - 2.1.1-7 +- Fixed heap overflow (CVE-2016-3074) + +* Wed Feb 03 2016 Fedora Release Engineering - 2.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Dec 1 2015 Tom Callaway - 2.1.1-5 +- rebuild for libvpx 1.5.0 + +* Wed Jun 17 2015 Fedora Release Engineering - 2.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Apr 6 2015 Tom Callaway - 2.1.1-3 +- rebuild for libvpx 1.4.0 + +* Mon Mar 23 2015 Remi Collet - 2.1.1-2 +- fix version in gdlib.pc +- fix license handling + +* Wed Jan 14 2015 Jozef Mlich - 2.1.1-1 +- Update to 2.1.1 final + Resolves: #1181972 + +* Thu Jan 08 2015 Jozef Mlich - 2.1.0-8 +- Resolves: #1076676 CVE-2014-2497 + Previous patch indroduced memory leak. Using upstream version. + https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704 + +* Sat Aug 16 2014 Fedora Release Engineering - 2.1.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 16 2014 Jozef Mlich - 2.1.0-6 +- Resolves: #1076676 CVE-2014-2497 + NULL pointer dereference in gdImageCreateFromXpm() + +* Sat Jun 07 2014 Fedora Release Engineering - 2.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Dec 23 2013 Peter Robinson 2.1.0-4 +- Fix FTBFS + +* Sat Aug 03 2013 Fedora Release Engineering - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 2.1.0-2 +- Perl 5.18 rebuild + +* Tue Jun 25 2013 Remi Collet - 2.1.0-1 +- update to 2.1.0 final + +* Tue Jun 25 2013 Remi Collet - 2.1.0-0.2.725ba9d +- rebuild for linpng 1.6 + +* Tue Jun 11 2013 Remi Collet - 2.1.0-0.1.725ba9d +- update to 2.1.0 (post RC2 git snapshot) + +* Tue Apr 23 2013 Remi Collet - 2.0.35-25 +- drop uneeded patch +- really set default font search path + +* Mon Mar 25 2013 Honza Horak - 2.0.35-24 +- Fix build on aarch64 + +* Mon Mar 25 2013 Honza Horak - 2.0.35-23 +- Fix issues found by Coverity + +* Wed Feb 13 2013 Fedora Release Engineering - 2.0.35-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jan 18 2013 Adam Tkac - 2.0.35-21 +- rebuild due to "jpeg8-ABI" feature drop + +* Fri Dec 21 2012 Adam Tkac - 2.0.35-20 +- rebuild against new libjpeg + +* Tue Aug 28 2012 Honza Horak - 2.0.35-19 +- Spec file cleanup +- Compile and run test suite during build +- Using chrpath to get rid of --rpath in gd-progs + +* Fri Jul 27 2012 Fedora Release Engineering - 2.0.35-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Honza Horak - 2.0.35-17 +- fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors() + Resolves: #830745 + +* Tue Feb 28 2012 Honza Horak - 2.0.35-16 +- Fixed AALineThick.patch to display vertical lines correctly + Resolves: #798255 + +* Fri Jan 13 2012 Fedora Release Engineering - 2.0.35-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 08 2011 Adam Jackson 2.0.35-14 +- Rebuild for libpng 1.5 + +* Wed Oct 26 2011 Fedora Release Engineering - 2.0.35-13 +- Rebuilt for glibc bug#747377 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.0.35-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 6 2010 Jiri Moskovcak - 2.0.35-11 +- more spec file fixes + +* Wed Jan 6 2010 Jiri Moskovcak - 2.0.35-10 +- spec file fixes based on merge review + +* Fri Jul 24 2009 Fedora Release Engineering - 2.0.35-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Feb 24 2009 Fedora Release Engineering - 2.0.35-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jan 6 2009 Ivana Varekova - 2.0.35-7 +- do minor spec file cleanup + +* Mon Jul 21 2008 Tom "spot" Callaway - 2.0.35-6 +- fix license tag (nothing in this is GPL) + +* Tue Feb 19 2008 Fedora Release Engineering - 2.0.35-5 +- Autorebuild for GCC 4.3 + +* Tue Nov 20 2007 Ivana Varekova 2.0.35-4 +- remove static library + +* Mon Nov 19 2007 Ivana Varekova 2.0.35-3 +- spec file cleanup + +* Mon Nov 19 2007 Ivana Varekova 2.0.35-2 +- fix gdlib.pc file + +* Tue Sep 18 2007 Ivana Varekova 2.0.35-1 +- update to 2.0.35 + +* Tue Sep 4 2007 Ivana Varekova 2.0.34-3 +- fix font paths (#225786#5) +- fix pkgconfig Libs flag (#225786#4) + +* Thu Feb 22 2007 Ivana Varekova 2.0.34-2 +- incorporate package review feedback + +* Thu Feb 8 2007 Ivana Varekova 2.0.34-1 +- update to 2.0.34 + +* Mon Jan 29 2007 Ivana Varekova 2.0.33-12 +- Resolves: #224610 + CVE-2007-0455 gd buffer overrun + +* Tue Nov 21 2006 Ivana Varekova 2.0.33-11 +- Fix problem with to large box boundaries + Resolves: #197747 + +* Thu Nov 16 2006 Ivana Varekova 2.0.33-10 +- added 'thick' - variable support for AA line (#198042) + +* Tue Oct 31 2006 Adam Tkac 2.0.33-9.4 +- patched some additionals overflows in gd (#175414) + +* Wed Sep 13 2006 Jitka Kudrnacova - 2.0.33 - 9.3 +- gd-devel now requires fontconfig-devel (#205834) + +* Wed Jul 19 2006 Jitka Kudrnacova - 2.0.33 - 9.2 +- use CFLAGS on sparc64 (#199363) + +* Wed Jul 12 2006 Jesse Keating - 2.0.33 - 9.1 +- rebuild + +* Mon Jul 10 2006 Jitka Kudrnacova 2.0.33-9 +- prevent from an infinite loop when decoding bad GIF images (#194520) + +* Thu May 25 2006 Ivana Varekova - 2.0.33-7 +- fix multilib problem (add pkgconfig) + +* Fri Feb 10 2006 Jesse Keating - 2.0.33-6.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.0.33-6.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Jan 20 2006 Phil Knirsch 2.0.33-6 +- Included a few more overflow checks (#177907) + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 02 2005 Phil Knirsch 2.0.33-5 +- Switched BuildPreReqs and Requires to modular xorg-x11 style + +* Mon Oct 10 2005 Phil Knirsch 2.0.33-4 +- Fixed possible gd crash when drawing AA line near image borders (#167843) + +* Wed Sep 07 2005 Phil Knirsch 2.0.33-3 +- Fixed broken freetype-config --libs flags in configure (#165875) + +* Sun Apr 17 2005 Warren Togami 2.0.33-2 +- devel reqs (#155183 thias) + +* Tue Mar 22 2005 Than Ngo 2.0.33-1 +- 2.0.33 #150717 +- apply the patch from Jose Pedro Oliveira + - Added the release macro to the subpackages requirements versioning + - Handled the gdlib-config movement to gd-devel in a differment manner + - Added fontconfig-devel to the build requirements + - Added xorg-x11-devel to the build requirements (Xpm) + - Removed explicit /sbin/ldconfig requirement (gd rpm) + - Removed explicit perl requirement (gd-progs rpm) + - Added several missing documentation files (including the license file) + - Replaced %%makeinstall by make install DESTDIR=... + +* Thu Mar 10 2005 Than Ngo 2.0.32-3 +- move gdlib-config in devel + +* Wed Mar 02 2005 Phil Knirsch 2.0.32-2 +- bump release and rebuild with gcc 4 + +* Wed Nov 03 2004 Phil Knirsch 2.0.32-1 +- Update to 2.0.32 which includes all the security fixes + +* Wed Oct 27 2004 Phil Knirsch 2.0.28-2 +- Fixed several buffer overflows for gdMalloc() calls + +* Tue Jul 27 2004 Phil Knirsch 2.0.28-1 +- Update to 2.0.28 + +* Fri Jul 02 2004 Phil Knirsch 2.0.27-1 +- Updated to 2.0.27 due to: + o Potential memory overruns in gdImageFilledPolygon. Thanks to John Ellson. + o The sign of Y-axis values returned in the bounding box by gdImageStringFT + was incorrect. Thanks to John Ellson and Riccardo Cohen. + +* Wed Jun 30 2004 Phil Knirsch 2.0.26-1 +- Update to 2.0.26 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Wed Apr 21 2004 Phil Knirsch 2.0.21-3 +- Disable rpath usage. + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Mon Feb 02 2004 Phil Knirsch 2.0.21-1 +- Updated to 2.0.21 + +* Tue Aug 12 2003 Florian La Roche +- update to 2.0.15 + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue May 06 2003 Phil Knirsch 2.0.12-1 +- Update to 2.0.12 + +* Wed Jan 22 2003 Tim Powers 1.8.4-11 +- rebuilt + +* Wed Dec 11 2002 Tim Powers 1.8.4-10 +- rebuild on all arches + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Thu Jan 24 2002 Phil Knirsch +- Specfile update to add URL for homepage (#54608) + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Wed Oct 31 2001 Bernhard Rosenkraenzer 1.8.4-5 +- Rebuild with current libpng + +* Mon Aug 13 2001 Philipp Knirsch 1.8.4-4 +- Fixed a wrong double ownership of libgd.so (#51599). + +* Fri Jul 20 2001 Bernhard Rosenkraenzer 1.8.4-3 +- There's really no reason to link against both freetype 1.x and 2.x, + especially when gd is configured to use just freetype 2.x. ;) + +* Mon Jun 25 2001 Philipp Knirsch +- Forgot to include the freetype library in the shared library linking. Fixed. + +* Thu Jun 21 2001 Philipp Knirsch +- Update to 1.8.4 + +* Tue Dec 19 2000 Philipp Knirsch +- Updates the descriptions to get rid of al references to gif + +* Tue Dec 12 2000 Philipp Knirsch +- Fixed bug #22001 where during installation the .so.1 and the so.1.8 links + didn't get installed and therefore updates had problems. + +* Wed Oct 4 2000 Nalin Dahyabhai +- define HAVE_LIBTTF to actually enable ttf support (oops, #18299) +- remove explicit dependencies on libpng, libjpeg, et. al. +- add BuildPrereq: freetype-devel + +* Wed Aug 2 2000 Matt Wilson +- rebuilt against new libpng + +* Mon Jul 31 2000 Nalin Dahyabhai +- add %%postun run of ldconfig (#14915) + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Tue Jun 27 2000 Nalin Dahyabhai +- update to 1.8.3 + +* Sun Jun 4 2000 Nalin Dahyabhai +- rebuild in new environment + +* Mon May 22 2000 Nalin Dahyabhai +- break out a -progs subpackage +- disable freetype support + +* Fri May 19 2000 Nalin Dahyabhai +- update to latest version (1.8.2) +- disable xpm support + +* Thu Feb 03 2000 Nalin Dahyabhai +- auto rebuild in the new build environment (release 6) + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 5) + +* Thu Dec 17 1998 Cristian Gafton +- buiuld for glibc 2.1 + +* Fri Sep 11 1998 Cristian Gafton +- built for 5.2