* Wed Mar 04 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
+ gd-CVE-2018-14553.patch
* Tue Jul 16 2019 pgajdos@suse.com
- security update
- added patches
CVE-2019-11038 [bsc#1140120]
+ gd-CVE-2019-11038.patch
* Thu May 30 2019 pgajdos@suse.com
- change order while installing splitted library [bsc#1136574]
* Fri Sep 30 2016 badshah400@gmail.com
- Update to version 2.2.3:
+ Security fixes:
- Php bug#72339, Integer Overflow in _gd2GetHeader
(CVE-2016-5766)
- Issue gh/libgd/libgd#247: A read out-of-bands was found in
the parsing of TGA files (CVE-2016-6132)
- Issue gh/libgd/libgd#247: Buffer over-read issue when
parsing crafted TGA file (CVE-2016-6214)
- Issue gh/libgd/libgd#248: fix Out-Of-Bounds Read in
read_image_tga
- Integer overflow error within _gdContributionsAlloc()
(CVE-2016-6207)
- Fix php bug#72494, invalid color index not handled, can lead
to crash (CVE-2016-6128)
+ Improve color check for CropThreshold
+ gdImageCopyResampled has been improved. Better handling of
images with alpha channel, also brings libgd in sync with
php's bundled gd.
- Drop patches:
+ gd-CVE-2016-5116.patch: upstreamed
+ gd-CVE-2016-6132.patch: upstreamed
+ gd-CVE-2016-6214.patch: upstreamed
+ gd-CVE-2016-6905.patch: upstreamed
+ gd-libvpx.patch: vpx support dropped.
- Add BuildRequires for automake and autoconf since
gd-disable-freetype27-failed-tests.patch touches makefiles.
- Drop getver.pl from source: included in upstream tarball.
- Add "-msse -mfpmath=sse" to CFLAGS to fix tests on ix86
architectures.
- Add "-ffp-contract=off" to CFLAGS for non-ix86 arch (ppc, arm)
to fix a test: see gh#libgd/libgd#278.
- Add gd-test-unintialized-var.patch to fix an uninitialised
variable in tests/gd2/gd2_read.c to prevent it from compiling
with -Werror (only causes problems in no ix86 arch
surprisingly); patch sent upstream.
- Rebase gd-disable-freetype27-failed-tests.patch for updated
version.
- Update URL and Source to project's new github URL's.
* Thu Sep 29 2016 badshah400@gmail.com
- Add gd-disable-freetype27-failed-tests.patch: Disable for now
tests failing against freetype >= 2.7 for being too exact
(gh#libgd/libgd#302). The failures have been understood by
upstream to be due to minor differences between test images and
those generated when freeetype >= 2.7 is used to build gd.
* Tue Aug 23 2016 pgajdos@suse.com
- security update:
* CVE-2016-6132 [bsc#987577]
+ gd-CVE-2016-6132.patch
* CVE-2016-6214 [bsc#991436]
+ gd-CVE-2016-6214.patch
* CVE-2016-6905 [bsc#995034]
+ gd-CVE-2016-6905.patch
* Mon May 30 2016 pgajdos@suse.com
- security update:
* CVE-2016-5116 [bsc#982176]
+ gd-CVE-2016-5116.patch
* Tue Mar 01 2016 pgajdos@suse.com
- add missing config/getver.pl [bsc#965190]
* Tue May 12 2015 joerg.lorenzen@ki.tng.de
- Added patch gd-libvpx.patch to enable build against libvpx >= 1.4,
new VPX_ prefixed namespaces are available since libvpx = 0.9.1.
* Sat Feb 28 2015 mpluskal@suse.com
- Cleanup spec file with spec-cleaner
- No longer needed patches
* gd-2.1.0-CVE-2014-2497.patch
* gd-autoconf.patch
- Update to 2.1.1
* changelog provided only as commit log (see Changelog)
* fix for CVE-2014-2497