SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libgd3-2.2.5-4.3.x86_64.rpm :
Mon Aug 27 14:00:00 2018 pgajdosAATTsuse.com
- security update:

* CVE-2018-1000222 [bsc#1105434]
+ gd-CVE-2018-1000222.patch

Tue Mar 13 13:00:00 2018 crrodriguezAATTopensuse.org
- libgd-config.patch: do not inject false dependencies into
packages, GD does not need extra libs to be used.
this also allows us to clean up -devel package dependencies.

Mon Jan 22 13:00:00 2018 pgajdosAATTsuse.com
- security update:

* CVE-2018-5711 [bsc#1076391]
+ gd-CVE-2018-5711.patch

Tue Sep 5 14:00:00 2017 pgajdosAATTsuse.com
- Version update to 2.2.5:
[#]## Security
- Double-free in gdImagePngPtr(). (CVE-2017-6362)
- Buffer over-read into uninitialized memory. (CVE-2017-7890)
[#]## Fixed
- Fix #109: XBM reading fails with printed error
- Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable
- Fix #357: 2.2.4: Segfault in test suite
- Fix #386: gdImageGrayScale() may produce colors
- Fix #406: webpng -i removes the transparent color
- Fix Coverity #155475: Failure to restore alphaBlendingFlag
- Fix Coverity #155476: potential resource leak
- Fix several build issues and test failures
- Fix and reenable optimized support for reading 1 bps TIFFs
[#]## Added
- The native MSVC buildchain now supports libtiff and most executables
- removed patches (upstreamed):
. gd-freetype.patch
. gd-rounding.patch

Tue Aug 15 14:00:00 2017 lnusselAATTsuse.de
- Don\'t fail gdimagegrayscale/basic on SLE15 (boo#1053825)

Fri Jul 21 14:00:00 2017 tchvatalAATTsuse.com
- Add patch gd-rounding.patch
- Set again the cflags so other archs do not fail testsuite

Fri Jul 7 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 2.2.4:

* gdImageCreate() doesn\'t check for oversized images and as such is prone
to DoS vulnerabilities. (CVE-2016-9317) bsc#1022283

* double-free in gdImageWebPtr() (CVE-2016-6912) bsc#1022284

* potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
bsc#1022263

* DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
bsc#1022264

* Signed Integer Overflow gd_io.c (CVE-2016-10168) bsc#1022265
- Remove patches merged/obsoleted by upstream:

* gd-config.patch

* gd-disable-freetype27-failed-tests.patch

* gd-test-unintialized-var.patch
- Add patch gd-freetype.patch taking patch from upstream for
freetype 2.7

Fri Dec 9 13:00:00 2016 pgajdosAATTsuse.com
- devel package also require libwebp-devel

Thu Dec 8 13:00:00 2016 crrodriguezAATTopensuse.org
- Support webp format, BuildRequires libwebp-devel

Thu Dec 8 13:00:00 2016 crrodriguezAATTopensuse.org
- Honour %optflags correctly.

Fri Sep 30 14:00:00 2016 badshah400AATTgmail.com
- Update to version 2.2.3:
+ Security fixes:
- Php bug#72339, Integer Overflow in _gd2GetHeader
(CVE-2016-5766)
- Issue gh/libgd/libgd#247: A read out-of-bands was found in
the parsing of TGA files (CVE-2016-6132)
- Issue gh/libgd/libgd#247: Buffer over-read issue when
parsing crafted TGA file (CVE-2016-6214)
- Issue gh/libgd/libgd#248: fix Out-Of-Bounds Read in
read_image_tga
- Integer overflow error within _gdContributionsAlloc()
(CVE-2016-6207)
- Fix php bug#72494, invalid color index not handled, can lead
to crash (CVE-2016-6128)
+ Improve color check for CropThreshold
+ gdImageCopyResampled has been improved. Better handling of
images with alpha channel, also brings libgd in sync with
php\'s bundled gd.
- Drop patches:
+ gd-CVE-2016-5116.patch: upstreamed
+ gd-CVE-2016-6132.patch: upstreamed
+ gd-CVE-2016-6214.patch: upstreamed
+ gd-CVE-2016-6905.patch: upstreamed
+ gd-libvpx.patch: vpx support dropped.
- Add BuildRequires for automake and autoconf since
gd-disable-freetype27-failed-tests.patch touches makefiles.
- Drop getver.pl from source: included in upstream tarball.
- Add \"-msse -mfpmath=sse\" to CFLAGS to fix tests on ix86
architectures.
- Add \"-ffp-contract=off\" to CFLAGS for non-ix86 arch (ppc, arm)
to fix a test: see gh#libgd/libgd#278.
- Add gd-test-unintialized-var.patch to fix an uninitialised
variable in tests/gd2/gd2_read.c to prevent it from compiling
with -Werror (only causes problems in no ix86 arch
surprisingly); patch sent upstream.
- Rebase gd-disable-freetype27-failed-tests.patch for updated
version.
- Update URL and Source to project\'s new github URL\'s.

Thu Sep 29 14:00:00 2016 badshah400AATTgmail.com
- Add gd-disable-freetype27-failed-tests.patch: Disable for now
tests failing against freetype >= 2.7 for being too exact
(gh#libgd/libgd#302). The failures have been understood by
upstream to be due to minor differences between test images and
those generated when freeetype >= 2.7 is used to build gd.

Tue Aug 23 14:00:00 2016 pgajdosAATTsuse.com
- security update:

* CVE-2016-6132 [bsc#987577]
+ gd-CVE-2016-6132.patch

* CVE-2016-6214 [bsc#991436]
+ gd-CVE-2016-6214.patch

* CVE-2016-6905 [bsc#995034]
+ gd-CVE-2016-6905.patch

Mon May 30 14:00:00 2016 pgajdosAATTsuse.com
- security update:

* CVE-2016-5116 [bsc#982176]
+ gd-CVE-2016-5116.patch

Tue Mar 1 13:00:00 2016 pgajdosAATTsuse.com
- add missing config/getver.pl [bsc#965190]

Tue May 12 14:00:00 2015 joerg.lorenzenAATTki.tng.de
- Added patch gd-libvpx.patch to enable build against libvpx >= 1.4,
new VPX_ prefixed namespaces are available since libvpx = 0.9.1.

Sat Feb 28 13:00:00 2015 mpluskalAATTsuse.com
- Cleanup spec file with spec-cleaner
- No longer needed patches

* gd-2.1.0-CVE-2014-2497.patch

* gd-autoconf.patch
- Update to 2.1.1

* changelog provided only as commit log (see Changelog)

* fix for CVE-2014-2497

Tue Aug 26 14:00:00 2014 jengelhAATTinai.de
- Resolve build failure with automake-1.14

Fri Jun 27 14:00:00 2014 meissnerAATTsuse.com
- split out libgd3, so libgd2 could be installed in parallel.

Thu Apr 17 14:00:00 2014 tchvatalAATTsuse.com
- Add tiff and vpx to the devel deps as it is in .pc file.

Thu Apr 10 14:00:00 2014 pgajdosAATTsuse.com
- build against libtiff and libvpx

Fri Apr 4 14:00:00 2014 pgajdosAATTsuse.com
- fixed NULL ptr deref in GD XPM decoder [bnc#868624]

* CVE-2014-2497.patch

Fri Dec 27 13:00:00 2013 tchvatalAATTsuse.com
- Cleanup here&there to parallelize everything
- Remove bogus cmake dependency

Tue Dec 17 13:00:00 2013 pgajdosAATTsuse.com
- updated to 2.1.0
- removed warn.patch (not needed)
- removed ppc64.patch (upstreamed)
- removed gd-png_check_sig.patch (upstreamed)

Sun Feb 3 13:00:00 2013 crrodriguezAATTopensuse.org
- gd-autoconf.patch fix up compile file so gd can handle
large files on 32 bit

Sun Feb 5 13:00:00 2012 jengelhAATTmedozas.de
- Remove redundant tags/sections
- Parallel build with %_smp_mflags
- Remove pointless INSTALL file from rpm package
(it\'s just the default autotools INSTALL blurb)

Wed Oct 5 14:00:00 2011 uliAATTsuse.com
- cross-build fix: use libpng from sysroot

Sat Oct 1 14:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to make the spec file more reliable

Tue Jun 14 14:00:00 2011 ajAATTsuse.de
- Devel package needs zlib-devel and libpng-devel.

Tue Apr 6 14:00:00 2010 roAATTsuse.de
- add baselibs.conf (for libpghoto2)

Sun Apr 4 14:00:00 2010 roAATTsuse.de
- replace png_check_sig by negated png_sig_cmp for libpng14


  
ICM