gd: update to 2.2.4 to fix security issues.

2025-02-03 17:57:13 +08:00 · 2017-03-26 10:43:01 +01:00 · 2017-03-26 10:43:01 +01:00 · cde2174429
commit cde2174429
parent f882f723b5
3 changed files with 62 additions and 19 deletions
--- a/gd/PKGBUILD
+++ b/gd/PKGBUILD
@ -1,17 +1,22 @@
 pkgname=gd
-pkgver=2.2.3
+pkgver=2.2.4
 pkgrel=1
 pkgdesc='Library for the dynamic creation of images by programmers'
 arch=('x86_64')
 url='http://www.libgd.org/'
 license=('custom')
-depends=('libpng'
-         'fontconfig'
-         'libjpeg-turbo'
-	 'libxpm')
+depends=('libpng' 'fontconfig' 'libjpeg-turbo' 'libxpm')
 optdepends=('perl: bdftogd script')
-source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz")
-sha256sums=('746b6cbd6769a22ff3ba6f5756f3512a769bd4cdf4695dff17f4867f25fa7d3c')
+checkdepends=('ttf-liberation')
+source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz"
+        'gd-2.2.4-upstream.patch')
+sha256sums=('137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6'
+            '0aa73d278fa7bc70c830660ff8539fb32d703f80523ecdb0994b7e14846435d7')
+
+prepare() {
+  cd libgd-${pkgver}
+  patch -p1 -i ${srcdir}/gd-2.2.4-upstream.patch
+}

 build() {
    cd ${srcdir}/libgd-${pkgver}
--- a/gd/gd-2.2.4-upstream.patch
+++ b/gd/gd-2.2.4-upstream.patch
@ -0,0 +1,50 @@
+From c9b601a658a79e6ea2aad29fbf60ca6e24ccef1e Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Wed, 18 Jan 2017 13:59:02 +0100
+Subject: [PATCH] Fix build issue regarding INT_MAX
+
+For portability gd_gd2.c needs to include <limits.h>.
+---
+ src/gd_gd2.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index c2904ca..049c4c5 100644
+--- a/src/gd_gd2.c
+++ b/src/gd_gd2.c
+@@ -74,6 +74,7 @@
+ 
+ /* 2.0.29: no more errno.h, makes windows happy */
+ #include <math.h>
+#include <limits.h>
+ #include <string.h>
+ #include "gd.h"
+ #include "gd_errors.h"
+
+
+From 55ac28a293eaa8c531870c8bb8ecc04b333975f4 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Thu, 19 Jan 2017 01:02:58 +0100
+Subject: [PATCH] Fix #357: 2.2.4: Segfault in test suite.
+
+We make sure to never pass a negative `int` as argument to a `size_t`
+parameter.
+---
+ src/gd_io_dp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
+index eda2eeb..cb38794 100644
+--- a/src/gd_io_dp.c
+++ b/src/gd_io_dp.c
+@@ -292,6 +292,10 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
+ 		rlen = dp->realSize - dp->pos;
+ 	}
+ 
+	if (rlen < 0) {
+		return 0;
+	}
+
+ 	memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen);
+ 	dp->pos += rlen;
+ 
--- a/gd/libpng14.patch
+++ b/gd/libpng14.patch
@ -1,12 +0,0 @@
-diff -Nur gd-2.0.36RC1.orig/gd_png.c gd-2.0.36RC1/gd_png.c
--- gd-2.0.36RC1.orig/gd_png.c	2007-11-27 10:30:34.000000000 +0200
-+++ gd-2.0.36RC1/gd_png.c	2010-01-17 17:14:11.000000000 +0200
-@@ -151,7 +151,7 @@
- 	return NULL;
-   }
- 
-	if (!png_check_sig (sig, 8)) { /* bad signature */
-+	if (png_sig_cmp (sig, 0, 8)) { /* bad signature */
-     	return NULL;		/* bad signature */
- 	}
-