summaryrefslogtreecommitdiff
path: root/user/libgd
diff options
context:
space:
mode:
Diffstat (limited to 'user/libgd')
-rw-r--r--user/libgd/APKBUILD44
-rw-r--r--user/libgd/CVE-2016-7568.patch33
-rw-r--r--user/libgd/revert-318-removal-of-macros.patch27
3 files changed, 59 insertions, 45 deletions
diff --git a/user/libgd/APKBUILD b/user/libgd/APKBUILD
index 13f07cfe0..57525510d 100644
--- a/user/libgd/APKBUILD
+++ b/user/libgd/APKBUILD
@@ -1,24 +1,44 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
-# Maintainer:
+# Maintainer: Zach van Rijn <me@zv.io>
pkgname=libgd
-pkgver=2.2.5
-pkgrel=0
+pkgver=2.3.3
+pkgrel=1
pkgdesc="Library for dynamic image creation"
url="http://libgd.github.io/"
arch="all"
-options="!check" # Upstream bug 201 regression.
+options="!check" # Multiple test suite failures. Assumes SSE+ math.
license="MIT"
depends=""
-makedepends="bash fontconfig-dev freetype-dev libjpeg-turbo-dev libpng-dev
- libwebp-dev zlib-dev"
+makedepends="autoconf automake bash fontconfig-dev freetype-dev
+ libjpeg-turbo-dev libpng-dev libtool libwebp-dev libxpm-dev tiff-dev
+ zlib-dev
+ "
+# While the fontconfig/basic test checks for what happens if an empty
+# fontlist is passed to gdImageStringFT(), there still needs to be at
+# least one font installed on the system...
+checkdepends="ttf-liberation"
subpackages="$pkgname-dev"
replaces="gd"
source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgname-$pkgver.tar.xz
- CVE-2016-7568.patch
+ revert-318-removal-of-macros.patch
"
+# secfixes:
+# 2.3.3-r0:
+# - CVE-2019-11038
+# - CVE-2019-6977
+# - CVE-2019-6978
+# 2.2.5-r1:
+# - CVE-2018-5711
+# - CVE-2018-1000222
+# - CVE-2019-6977
+# - CVE-2019-6978
+# 2.2.5-r2:
+# - CVE-2018-14553
+# 2.3.0-r0:
+# - CVE-2019-11038
+
build() {
- cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -26,17 +46,16 @@ build() {
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
+ --with-xpm \
--disable-werror
make
}
check() {
- cd "$builddir"
make check
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
@@ -44,8 +63,9 @@ dev() {
default_dev
depends="$pkgname perl"
replaces="gd-dev"
+ mkdir -p "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/bdftogd "$subpkgdir"/usr/bin
}
-sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz
-8310d11a2398e8617c9defc4500b9ce3897ac1026002ffa36000f1d1f8df19336005e8c1f6587533f1d787a4a54d7a3a28ad25bddbc966a018aedf4d8704a716 CVE-2016-7568.patch"
+sha512sums="aa49d4381d604a4360d556419d603df2ffd689a6dcc10f8e5e1d158ddaa3ab89912f6077ca77da4e370055074007971cf6d356ec9bf26dcf39bcff3208bc7e6c libgd-2.3.3.tar.xz
+623e312e20f1994c6ae26f7fdac45b0eb7f4e65b83160ca4e22495c37b162b2dbde21ede6aab189e566b8934bb22aafdb80e9263cd87118013233927a2ab3601 revert-318-removal-of-macros.patch"
diff --git a/user/libgd/CVE-2016-7568.patch b/user/libgd/CVE-2016-7568.patch
deleted file mode 100644
index 56156411e..000000000
--- a/user/libgd/CVE-2016-7568.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
-From: trylab <trylab@users.noreply.github.com>
-Date: Tue, 6 Sep 2016 18:35:32 +0800
-Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
-
-Integer overflow can be happened in expression gdImageSX(im) * 4 *
-gdImageSY(im). It could lead to heap buffer overflow in the following
-code. This issue has been reported to the PHP Bug Tracking System. The
-proof-of-concept file will be supplied some days later. This issue was
-discovered by Ke Liu of Tencent's Xuanwu LAB.
----
- src/gd_webp.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/gd_webp.c b/src/gd_webp.c
-index 8eb4dee..9886399 100644
---- a/src/gd_webp.c
-+++ b/src/gd_webp.c
-@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
- quality = 80;
- }
-
-+ if (overflow2(gdImageSX(im), 4)) {
-+ return;
-+ }
-+
-+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
-+ return;
-+ }
-+
- argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
- if (!argb) {
- return;
diff --git a/user/libgd/revert-318-removal-of-macros.patch b/user/libgd/revert-318-removal-of-macros.patch
new file mode 100644
index 000000000..85ea9c05d
--- /dev/null
+++ b/user/libgd/revert-318-removal-of-macros.patch
@@ -0,0 +1,27 @@
+From f4bc1f5c26925548662946ed7cfa473c190a104a Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Mon, 13 Sep 2021 14:57:52 +0200
+Subject: [PATCH] Revert "Fix #318, these macros are not used as planed, we
+ have separate functions for each"
+
+This reverts commit bdc281eadb1d58d5c0c7bbc1125ee4674256df08.
+---
+ src/gd.h | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/gd.h b/src/gd.h
+index 305603952..1ad9e6378 100644
+--- a/src/gd.h
++++ b/src/gd.h
+@@ -1604,6 +1604,11 @@ BGD_DECLARE(void) gdImageFlipHorizontal(gdImagePtr im);
+ BGD_DECLARE(void) gdImageFlipVertical(gdImagePtr im);
+ BGD_DECLARE(void) gdImageFlipBoth(gdImagePtr im);
+
++#define GD_FLIP_HORINZONTAL 1 /* typo, kept for BC */
++#define GD_FLIP_HORIZONTAL 1
++#define GD_FLIP_VERTICAL 2
++#define GD_FLIP_BOTH 3
++
+ /**
+ * Group: Crop
+ *
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-07-11 19:57:12 +0000