!22 update to gd-2.3.2

From: @shirely16 Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock
2021-11-23 01:54:42 +00:00 · 2021-11-23 01:54:42 +00:00 · a0f35ea49e
commit a0f35ea49e
parent c98899827b d1007092b2
4 changed files with 30 additions and 18 deletions
--- a/backport-CVE-2021-40812.patch
+++ b/backport-CVE-2021-40812.patch
@ -5,13 +5,14 @@ Subject: [PATCH 1/2] Partial fix for #750

 Conflict:NA
 Reference:https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9
+
 ---
- src/gd_bmp.c  | 14 +++++++++++---
+ src/gd_bmp.c  | 15 +++++++++++----
 src/gd_webp.c |  7 ++++++-
- 2 files changed, 17 insertions(+), 4 deletions(-)
+ 2 files changed, 17 insertions(+), 5 deletions(-)

 diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index 34494ff..ec3267a 100755
+index e186ac9..ab56a3e 100644
 --- a/src/gd_bmp.c
 +++ b/src/gd_bmp.c
@@ -30,6 +30,7 @@
@ -22,20 +23,21 @@ index 34494ff..ec3267a 100755
 #include "bmp.h"
 
 static int compress_row(unsigned char *uncompressed_row, int length);
-@@ -266,7 +267,11 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+@@ -265,8 +266,11 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 				}
 				bitmap_size += compressed_size;
 
- 
+-
 -				gdPutBuf(uncompressed_row, compressed_size, out);
 +				if (gdPutBuf(uncompressed_row, compressed_size, out) != compressed_size){
 +					gd_error("gd-bmp write error\n");
 +					error = 1;
 +					break;
 +				}
- 				Putchar(BMP_RLE_COMMAND, out);
- 				Putchar(BMP_RLE_ENDOFLINE, out);
+ 				gdPutC(BMP_RLE_COMMAND, out);
+ 				gdPutC(BMP_RLE_ENDOFLINE, out);
 				bitmap_size += 2;
-@@ -325,7 +330,10 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+@@ -325,7 +329,10 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
 			if (buffer_size == 0) {
 				break;
 			}
@ -47,7 +49,7 @@ index 34494ff..ec3267a 100755
 		}
 		gdFree(copy_buffer);
 
-@@ -335,7 +343,7 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+@@ -335,7 +342,7 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
 		out_original = NULL;
 	}
 
@ -57,10 +59,10 @@ index 34494ff..ec3267a 100755
 	if (tmpfile_for_compression) {
 #ifdef _WIN32
 diff --git a/src/gd_webp.c b/src/gd_webp.c
-index b5ee264..b0f21b6 100755
+index a0b4787..af0bf2c 100644
 --- a/src/gd_webp.c
 +++ b/src/gd_webp.c
-@@ -222,8 +222,13 @@ static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
+@@ -223,8 +223,13 @@ static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
         ret = 1;
 		goto freeargb;
 	}
--- a/gd.spec
+++ b/gd.spec
@ -1,6 +1,6 @@
 Name:           gd
-Version:        2.3.0
-Release:        4
+Version:        2.3.2
+Release:        1
 Summary:        A graphics library for quick creation of PNG or JPEG images
 License:        MIT
 URL:            http://libgd.github.io/
@ -10,14 +10,11 @@ Source0:        https://github.com/libgd/libgd/releases/download/gd-%{version}/l
 Source1:        https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh

 Patch6000:      backport-CVE-2021-38115.patch
-Patch6001:	backport-CVE-2021-40812.patch
+Patch6001:      backport-CVE-2021-40812.patch

 BuildRequires:  freetype-devel fontconfig-devel gettext-devel libjpeg-devel libpng-devel libtiff-devel libwebp-devel
 BuildRequires:  libX11-devel libXpm-devel zlib-devel pkgconfig libtool perl-interpreter perl-generators liberation-sans-fonts

-Provides:       %{name}-progs = %{version}-%{release}
-Obsoletes:      %{name}-progs < %{version}-%{release}
-
 %description
 The gd graphics library allows your code to quickly draw images complete with lines, arcs, text,
 multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or
@ -30,6 +27,14 @@ Requires:       %{name}%{?_isa} = %{version}-%{release} freetype-devel%{?_isa} f
 Requires:       libpng-devel%{?_isa} libtiff-devel%{?_isa} libwebp-devel%{?_isa} libX11-devel%{?_isa}
 Requires:       libXpm-devel%{?_isa} zlib-devel%{?_isa}

+%package progs
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Summary:        Utility programs that use libgd
+
+%description progs
+The gd-progs package includes utility programs supplied with gd, a
+graphics library for creating PNG and JPEG images.
+
 %description    devel
 The gd-devel package contains the development libraries and header files for gd, a graphics
 library for creating PNG and JPEG graphics.The gd-progs package includes utility programs supplied with gd, a
@ -92,9 +97,11 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %{_libdir}/*.so.*
-%{_bindir}/*
 %exclude %{_bindir}/gdlib-config

+%files progs
+%{_bindir}/*
+
 %files devel
 %{_includedir}/*
 %{_libdir}/*.so
@ -103,6 +110,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
 %exclude %{_libdir}/libgd.a

 %changelog
+* Sat Nov 20 2021 hanhui<hanhui15@huawei.com> - 2.3.2-1
+- DESC:update to 2.3.2
+
 * Thu Sep 23 2021 liuyumeng<liuyumeng5@huawei.com> - 2.3.0-4
 - Type:CVE
 - CVE:CVE-2021-40812
--- a/libgd-2.3.0.tar.xz
+++ b/libgd-2.3.0.tar.xz
--- a/libgd-2.3.2.tar.xz
+++ b/libgd-2.3.2.tar.xz