From 7f8d4d642ad643f553e0fe74c0d48d59c81d178c Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Sun, 29 Mar 2020 03:26:16 -0500
Subject: user/libgd: [CVE] bump to 2.3.0

---
 user/libgd/APKBUILD | 35 ++++++++++++-----------------------
 1 file changed, 12 insertions(+), 23 deletions(-)

(limited to 'user/libgd/APKBUILD')

diff --git a/user/libgd/APKBUILD b/user/libgd/APKBUILD
index 2a537dfca..c5da3861e 100644
--- a/user/libgd/APKBUILD
+++ b/user/libgd/APKBUILD
@@ -1,27 +1,24 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: 
 pkgname=libgd
-pkgver=2.2.5
-pkgrel=2
+pkgver=2.3.0
+pkgrel=0
 pkgdesc="Library for dynamic image creation"
 url="http://libgd.github.io/"
 arch="all"
-options="!check"  # Upstream bug 201 regression.
+options="!check"  # Multiple test suite failures. Assumes SSE+ math.
 license="MIT"
 depends=""
 makedepends="autoconf automake bash fontconfig-dev freetype-dev
 	libjpeg-turbo-dev libpng-dev libtool libwebp-dev tiff-dev zlib-dev
 	"
+# While the fontconfig/basic test checks for what happens if an empty
+# fontlist is passed to gdImageStringFT(), there still needs to be at
+# least one font installed on the system...
+checkdepends="ttf-liberation"
 subpackages="$pkgname-dev"
 replaces="gd"
-source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgname-$pkgver.tar.xz
-	CVE-2016-7568.patch
-	CVE-2018-5711.patch
-	CVE-2018-14553.patch
-	CVE-2018-1000222.patch
-	CVE-2019-6977.patch
-	CVE-2019-6978.patch
-	"
+source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgname-$pkgver.tar.xz"
 
 # secfixes:
 #   2.2.5-r1:
@@ -31,11 +28,8 @@ source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgna
 #     - CVE-2019-6978
 #   2.2.5-r2:
 #     - CVE-2018-14553
-
-prepare() {
-	default_prepare
-	autoreconf -vif
-}
+#   2.3.0-r0:
+#     - CVE-2019-11038
 
 build() {
 	./configure \
@@ -61,13 +55,8 @@ dev() {
 	default_dev
 	depends="$pkgname perl"
 	replaces="gd-dev"
+	mkdir -p "$subpkgdir"/usr/bin
 	mv "$pkgdir"/usr/bin/bdftogd "$subpkgdir"/usr/bin
 }
 
-sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b  libgd-2.2.5.tar.xz
-8310d11a2398e8617c9defc4500b9ce3897ac1026002ffa36000f1d1f8df19336005e8c1f6587533f1d787a4a54d7a3a28ad25bddbc966a018aedf4d8704a716  CVE-2016-7568.patch
-d6577566814cbe2d93b141a4216b32acdeb2989dc1712eb137565081b913151bbb4c69911c96b2bb7c90695078a85152d368aad183de494d1283fde25021751b  CVE-2018-5711.patch
-353491fab6c6e0916dca910c9d14f0e0efab6d9d88c48f6f3f2f69e60312489039b25d26980e7c5c2c04ed9e56003b99eae77bd412fbbed1d8eb47d561f7af74  CVE-2018-14553.patch
-d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b  CVE-2018-1000222.patch
-df84e469515f684d79ebad163e137401627310a984ac1ae6a4d31b739b3dc6d9144f101e9bfc3211af1d7cdbaa827721d21a9fe528e69b9b60a943ec8a7ab74b  CVE-2019-6977.patch
-3bf31941365a878bef899afa14a89e4ad0fbfb3280d34b2118c8484698e15eff600751ae3ce146a4f006e6c21730cb18899bae3538f6cc2651025274b40cf1ca  CVE-2019-6978.patch"
+sha512sums="5b201d22560e147a3d5471010b898ad0268c3a2453b870d1267b6ba92e540cf9f75099336c1ab08217e41827ac86fe04525726bf29ad117e5dcbaef9a8d0622a  libgd-2.3.0.tar.xz"
-- 
cgit v1.2.3-60-g2f50