File gd.changes of Package gd.21221
-------------------------------------------------------------------
Tue Sep 14 10:07:05 UTC 2021 - pgajdos@suse.com
- security update
- added patches
  fix CVE-2021-40812 [bsc#1190400], out-of-bounds read in GD library
  + gd-CVE-2021-40812.patch
-------------------------------------------------------------------
Wed Mar  4 10:11:21 UTC 2020 - pgajdos@suse.com
- security update
- added patches
  fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
  + gd-CVE-2018-14553.patch
-------------------------------------------------------------------
Tue Jul 16 09:12:15 UTC 2019 - pgajdos@suse.com
- security update
- added patches
  CVE-2019-11038 [bsc#1140120]
  + gd-CVE-2019-11038.patch
-------------------------------------------------------------------
Thu May 30 13:01:45 UTC 2019 - pgajdos@suse.com
- change order while installing splitted library [bsc#1136574]
-------------------------------------------------------------------
Thu Jan 31 11:23:46 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- security update
  * CVE-2019-6978 [bsc#1123522]
    + gd-CVE-2019-6978.patch
  * CVE-2019-6977 [bsc#1123361]
    + gd-CVE-2019-6977.patch
-------------------------------------------------------------------
Mon Aug 27 14:02:05 UTC 2018 - pgajdos@suse.com
- security update:
  * CVE-2018-1000222 [bsc#1105434]
    + gd-CVE-2018-1000222.patch
-------------------------------------------------------------------
Mon Jan 22 14:58:51 UTC 2018 - pgajdos@suse.com
- security update:
  * CVE-2018-5711 [bsc#1076391]
    + gd-CVE-2018-5711.patch
-------------------------------------------------------------------
Tue Sep  5 13:49:20 UTC 2017 - pgajdos@suse.com
- Version update to 2.2.5:
  ### Security
  - Double-free in gdImagePngPtr(). (CVE-2017-6362)
  - Buffer over-read into uninitialized memory. (CVE-2017-7890)
  
  ### Fixed
  - Fix #109: XBM reading fails with printed error
  - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable
  - Fix #357: 2.2.4: Segfault in test suite
  - Fix #386: gdImageGrayScale() may produce colors
  - Fix #406: webpng -i removes the transparent color
  - Fix Coverity #155475: Failure to restore alphaBlendingFlag
  - Fix Coverity #155476: potential resource leak
  - Fix several build issues and test failures
  - Fix and reenable optimized support for reading 1 bps TIFFs
  
  ### Added
  - The native MSVC buildchain now supports libtiff and most executables
- removed patches (upstreamed):
  . gd-freetype.patch
  . gd-rounding.patch
-------------------------------------------------------------------
Tue Aug 15 09:19:05 UTC 2017 - lnussel@suse.de
- Don't fail gdimagegrayscale/basic on SLE15 (boo#1053825)
-------------------------------------------------------------------
Fri Jul 21 11:29:06 UTC 2017 - tchvatal@suse.com
- Add patch gd-rounding.patch
- Set again the cflags so other archs do not fail testsuite
-------------------------------------------------------------------
Fri Jul  7 10:54:11 UTC 2017 - tchvatal@suse.com
- Version update to 2.2.4:
  * gdImageCreate() doesn't check for oversized images and as such is prone
    to DoS vulnerabilities. (CVE-2016-9317) bsc#1022283
  * double-free in gdImageWebPtr() (CVE-2016-6912) bsc#1022284
  * potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
    bsc#1022263
  * DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
    bsc#1022264
  * Signed Integer Overflow gd_io.c (CVE-2016-10168) bsc#1022265
- Remove patches merged/obsoleted by upstream:
  * gd-config.patch
  * gd-disable-freetype27-failed-tests.patch
  * gd-test-unintialized-var.patch
- Add patch gd-freetype.patch taking patch from upstream for
  freetype 2.7
-------------------------------------------------------------------
Fri Dec  9 17:09:40 UTC 2016 - pgajdos@suse.com
- devel package also require libwebp-devel
-------------------------------------------------------------------
Thu Dec  8 14:33:22 UTC 2016 - crrodriguez@opensuse.org
- Support webp format, BuildRequires libwebp-devel 
-------------------------------------------------------------------
Thu Dec  8 14:20:54 UTC 2016 - crrodriguez@opensuse.org
- Honour %optflags correctly.
-------------------------------------------------------------------
Fri Sep 30 14:59:25 UTC 2016 - badshah400@gmail.com
- Update to version 2.2.3:
  + Security fixes:
    - Php bug#72339, Integer Overflow in _gd2GetHeader
      (CVE-2016-5766)
    - Issue gh/libgd/libgd#247: A read out-of-bands was found in
      the parsing of TGA files (CVE-2016-6132)
    - Issue gh/libgd/libgd#247: Buffer over-read issue when
      parsing crafted TGA file (CVE-2016-6214)
    - Issue gh/libgd/libgd#248: fix Out-Of-Bounds Read in
      read_image_tga
    - Integer overflow error within _gdContributionsAlloc()
      (CVE-2016-6207)
    - Fix php bug#72494, invalid color index not handled, can lead
      to crash (CVE-2016-6128)
  + Improve color check for CropThreshold
  + gdImageCopyResampled has been improved. Better handling of
    images with alpha channel, also brings libgd in sync with
    php's bundled gd.
- Drop patches:
  + gd-CVE-2016-5116.patch: upstreamed
  + gd-CVE-2016-6132.patch: upstreamed
  + gd-CVE-2016-6214.patch: upstreamed
  + gd-CVE-2016-6905.patch: upstreamed
  + gd-libvpx.patch: vpx support dropped.
- Add BuildRequires for automake and autoconf since
  gd-disable-freetype27-failed-tests.patch touches makefiles.
- Drop getver.pl from source: included in upstream tarball.
- Add "-msse -mfpmath=sse" to CFLAGS to fix tests on ix86
  architectures.
- Add "-ffp-contract=off" to CFLAGS for non-ix86 arch (ppc, arm)
  to fix a test: see gh#libgd/libgd#278.
- Add gd-test-unintialized-var.patch to fix an uninitialised
  variable in tests/gd2/gd2_read.c to prevent it from compiling
  with -Werror (only causes problems in no ix86 arch
  surprisingly); patch sent upstream.
- Rebase gd-disable-freetype27-failed-tests.patch for updated
  version.
- Update URL and Source to project's new github URL's.
-------------------------------------------------------------------
Thu Sep 29 14:06:53 UTC 2016 - badshah400@gmail.com
- Add gd-disable-freetype27-failed-tests.patch: Disable for now
  tests failing against freetype >= 2.7 for being too exact
  (gh#libgd/libgd#302). The failures have been understood by
  upstream to be due to minor differences between test images and
  those generated when freeetype >= 2.7 is used to build gd.
-------------------------------------------------------------------
Tue Aug 23 11:16:25 UTC 2016 - pgajdos@suse.com
- security update:
  * CVE-2016-6132 [bsc#987577]
    + gd-CVE-2016-6132.patch
  * CVE-2016-6214 [bsc#991436]
    + gd-CVE-2016-6214.patch
  * CVE-2016-6905 [bsc#995034]
    + gd-CVE-2016-6905.patch
-------------------------------------------------------------------
Mon May 30 13:17:18 UTC 2016 - pgajdos@suse.com
- security update:
  * CVE-2016-5116 [bsc#982176]
    + gd-CVE-2016-5116.patch
-------------------------------------------------------------------
Tue Mar  1 15:32:40 UTC 2016 - pgajdos@suse.com
- add missing config/getver.pl [bsc#965190]
-------------------------------------------------------------------
Tue May 12 14:11:33 UTC 2015 - joerg.lorenzen@ki.tng.de
- Added patch gd-libvpx.patch to enable build against libvpx >= 1.4,
  new VPX_ prefixed namespaces are available since libvpx = 0.9.1.
-------------------------------------------------------------------
Sat Feb 28 08:44:08 UTC 2015 - mpluskal@suse.com
- Cleanup spec file with spec-cleaner
- No longer needed patches
  * gd-2.1.0-CVE-2014-2497.patch
  * gd-autoconf.patch
- Update to 2.1.1
  * changelog provided only as commit log (see Changelog)
  * fix for CVE-2014-2497
-------------------------------------------------------------------
Tue Aug 26 05:58:53 UTC 2014 - jengelh@inai.de
- Resolve build failure with automake-1.14
-------------------------------------------------------------------
Fri Jun 27 12:05:59 UTC 2014 - meissner@suse.com
- split out libgd3, so libgd2 could be installed in parallel.
-------------------------------------------------------------------
Thu Apr 17 17:51:34 UTC 2014 - tchvatal@suse.com
- Add tiff and vpx to the devel deps as it is in .pc file.
-------------------------------------------------------------------
Thu Apr 10 07:08:18 UTC 2014 - pgajdos@suse.com
- build against libtiff and libvpx
-------------------------------------------------------------------
Fri Apr  4 12:21:22 UTC 2014 - pgajdos@suse.com
- fixed NULL ptr deref in GD XPM decoder [bnc#868624]
   * CVE-2014-2497.patch 
-------------------------------------------------------------------
Fri Dec 27 07:42:11 UTC 2013 - tchvatal@suse.com
- Cleanup here&there to parallelize everything
- Remove bogus cmake dependency
-------------------------------------------------------------------
Tue Dec 17 14:30:38 UTC 2013 - pgajdos@suse.com
- updated to 2.1.0
- removed warn.patch (not needed)
- removed ppc64.patch (upstreamed)
- removed gd-png_check_sig.patch (upstreamed)
-------------------------------------------------------------------
Sun Feb  3 14:57:17 UTC 2013 - crrodriguez@opensuse.org
- gd-autoconf.patch fix up compile file so gd can handle 
  large files on 32 bit
-------------------------------------------------------------------
Sun Feb  5 16:31:39 UTC 2012 - jengelh@medozas.de
- Remove redundant tags/sections
- Parallel build with %_smp_mflags
- Remove pointless INSTALL file from rpm package
  (it's just the default autotools INSTALL blurb)
-------------------------------------------------------------------
Wed Oct  5 12:05:47 UTC 2011 - uli@suse.com
- cross-build fix: use libpng from sysroot
-------------------------------------------------------------------
Sat Oct  1 05:39:10 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
-------------------------------------------------------------------
Tue Jun 14 15:00:32 UTC 2011 - aj@suse.de
- Devel package needs zlib-devel and libpng-devel.
-------------------------------------------------------------------
Tue Apr  6 18:27:56 CEST 2010 - ro@suse.de
- add baselibs.conf (for libpghoto2) 
-------------------------------------------------------------------
Sun Apr  4 18:39:19 CEST 2010 - ro@suse.de
- replace png_check_sig by negated png_sig_cmp for libpng14
-------------------------------------------------------------------
Wed Nov 12 16:18:34 CET 2008 - crrodriguez@suse.de
- QA Results: Regression on PPC64 only, detected by PHP test suite,
  the system libgd part, fix by IBM  
-------------------------------------------------------------------
Mon Mar 10 01:43:39 CET 2008 - crrodriguez@suse.de
- fix rpm version number, otherwise it wont upgrade later. 
-------------------------------------------------------------------
Fri Jan 18 15:51:13 CET 2008 - anosek@suse.cz
- updated to version 2.0.36RC1
  * Fixed gdImageCopy with true color image, the transparent color was ignored
  * Fixed support of PNG grayscale image with alpha channel
  * Added Netware builds script
  * ease the creation of regexp to match symbols/functions in the sources
  * _gdCreateFromFile() can crash if gdImageCreate fails
  * gdImageCreateFrom*Ptr() can crash if gdNewDynamicCtxEx() fails
  * gdImageRectangle draws 1x1 rectangles as 1x3 rectangles
  * Possible integer overflow in gdImageFill()
  * Optimization for single pixel line not in correct order
  * gdImageColorDeallocate can write outside buffer
  * gdImageColorTransparent can write outside buffer
  * gdImageWBMPCtx can crash when createwbmp fails
  * Fixed decoding of the html entity ϑ
  * Fixed configure script ignoring --with-png=DIR option
- dropped obsoleted security.patch
-------------------------------------------------------------------
Thu Dec 20 04:22:14 CET 2007 - crrodriguez@suse.de
- remove static libraries and "la" files
- devel package dependency cleanup 
-------------------------------------------------------------------
Mon Jul  9 09:09:51 CEST 2007 - anosek@suse.cz
- updated to version 2.0.35
  * Fix valgrind error in gdImageFillTiled (Nuno Lopes)
  * Add missing custom cmake macros (required for the tests suite)
  * Avoid signature buffer copy  in gd_gif_c (Nuno Lopes)
  * Race condition in gdImageStringFTEx (Antony Dogval, Pierre
    Scott MacVicar)
  * Reading GIF images is not thread safe (static usage in private
    functions) (Roman Nemecek, Nuno Lopes, Pierre)
  * GIF Local palette is read twice
  * GIF, Use local frame dimension when possible instead of the
    logical screen size (Pierre)
  * GIF, do not try to use the global colmap if it does not exist
    (Nuno Lopes, Pierre)
  * gdImageAALine draws axis lines with two pixels width (Pierre)
  * gdImageArc CPU usage with large angles (Pierre)
  * gdImageFilledRectangle regression fixed when used with reversed
    edges (Pierre)
  * Possible infinite loop in libgd/gd_png.c, flaw found by Xavier
    Roche (Pierre)
  * Fixed segfault when an invalid color index is present in a GIF
    image data, reported by Elliot <wccode at gmail dot com> (Pierre)
  * Possible integer overflow in gdImageCreateTrueColor (Pierre)
    gdImageCreateXbm can crash if gdImageCreate fails (Pierre)
- dropped obsolete patches (png-loop-CVE-2007-2756.patch)
-------------------------------------------------------------------
Tue May 29 17:16:32 CEST 2007 - nadvornik@suse.cz
- fixed infinite loop on truncated png images 
  CVE-2007-2756 [#276525]
-------------------------------------------------------------------
Thu May  3 17:54:51 CEST 2007 - prusnak@suse.cz
- changed expat to libexpat-devel in Requires of devel subpackage
-------------------------------------------------------------------
Tue Feb 20 11:47:45 CET 2007 - nadvornik@suse.cz
- updated to 2.0.34:
  * security fixes merged upstream
  * various other bugfixes
-------------------------------------------------------------------
Wed Aug 16 20:13:13 CEST 2006 - aj@suse.de
- Reduce BuildRequires.
-------------------------------------------------------------------
Wed Aug 16 18:09:26 CEST 2006 - aj@suse.de
- Remove unneeded BuildRequire xorg-x11.
-------------------------------------------------------------------
Wed Aug 16 10:42:17 CEST 2006 - aj@suse.de
- Do not use fonts to build package.
-------------------------------------------------------------------
Wed Aug 16 05:16:58 CEST 2006 - sndirsch@suse.de
- gd-fontpath.diff: fixes new fontpath for Type1 fonts
-------------------------------------------------------------------
Mon Aug  7 12:29:26 CEST 2006 - nadvornik@suse.cz
- adjusted ttf fonts path for gdtestft
-------------------------------------------------------------------
Fri Jun 23 14:13:13 CEST 2006 - nadvornik@suse.cz
- fixed another check for return value on error [#186953]
- gdlib-config is moved to devel package [#168628]
-------------------------------------------------------------------
Thu Jun  8 18:56:20 CEST 2006 - nadvornik@suse.cz
- fixed check for EOF in gd_gif_in.c [#182334]
-------------------------------------------------------------------
Wed Mar  8 19:54:52 CET 2006 - sbrabec@suse.cz
- Fixed devel dependencies.
-------------------------------------------------------------------
Wed Jan 25 21:36:07 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Thu Jan 12 16:15:57 CET 2006 - nadvornik@suse.cz
- compile with -fstack-protector
-------------------------------------------------------------------
Thu Jan  5 13:54:33 CET 2006 - nadvornik@suse.cz
- fixed another integer overflow [#138007]
-------------------------------------------------------------------
Thu Nov 24 13:00:05 CET 2005 - meissner@suse.de
- fixed 1 aliasing issue.
-------------------------------------------------------------------
Sat Feb  5 11:23:14 CET 2005 - meissner@suse.de
- added 1 missign format attribute
-------------------------------------------------------------------
Mon Nov 22 12:56:45 CET 2004 - nadvornik@suse.cz
- run test programs during build [#48382]
-------------------------------------------------------------------
Mon Nov 15 12:37:31 CET 2004 - nadvornik@suse.cz
- fixed more overflows - CAN-2004-0941 [#47666]
-------------------------------------------------------------------
Tue Nov 02 15:44:19 CET 2004 - nadvornik@suse.cz
- updated to 2.0.32:
  * fixed several integer overflows [#47666]
  * animated gif support
-------------------------------------------------------------------
Tue Aug 24 09:59:01 CEST 2004 - nadvornik@suse.cz
- updated to 2.0.28:
  restored support for reading and writing GIF images
-------------------------------------------------------------------
Fri Feb 20 14:05:37 CET 2004 - schwab@suse.de
- Fix missing return value.
-------------------------------------------------------------------
Thu Feb 05 17:59:36 CET 2004 - nadvornik@suse.cz
- updated to 2.0.22
- fixed dangerous compiler warnings
-------------------------------------------------------------------
Sat Jan 10 17:22:24 CET 2004 - adrian@suse.de
- add %defattr and %run_ldconfig
-------------------------------------------------------------------
Tue Jan 06 12:35:57 CET 2004 - nadvornik@suse.cz
- updated to 2.0.17
- fixed to build with new freetype
-------------------------------------------------------------------
Thu Jul 24 16:02:58 CEST 2003 - mjancar@suse.cz
- update to 2.0.15
-------------------------------------------------------------------
Thu Feb 13 11:20:57 CET 2003 - nadvornik@suse.cz
- updated to 2.0.11: speed improvements, bugfixes
-------------------------------------------------------------------
Fri Dec 13 22:16:16 CET 2002 - prehak@suse.cz
- added gdImageCreateFromXpm() function prototype to gd.h
-------------------------------------------------------------------
Thu Nov 28 19:10:29 CET 2002 - nadvornik@suse.cz
- updated to 2.0.8
-------------------------------------------------------------------
Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de
- removed bogus self-provides 
-------------------------------------------------------------------
Tue May 28 11:10:41 CEST 2002 - bk@suse.de
- gd-devel requires gd and use prefix, bindir and includedir macros
-------------------------------------------------------------------
Wed Feb 13 11:42:32 CET 2002 - nadvornik@suse.cz
- used macro %{_libdir}
-------------------------------------------------------------------
Fri Feb  1 00:26:06 CET 2002 - ro@suse.de
- changed neededforbuild <libpng> to <libpng-devel-packages>
-------------------------------------------------------------------
Mon Nov  5 18:15:48 CET 2001 - ro@suse.de
- fix Makefile.am for automake 1.5 (removed duplicated line) 
-------------------------------------------------------------------
Fri May 25 15:34:38 CEST 2001 - pblaha@suse.cz
- fix include on ia64 
-------------------------------------------------------------------
Thu Mar 29 13:01:53 CEST 2001 - ro@suse.de
- use aclocal 
-------------------------------------------------------------------
Wed Mar 21 16:05:52 CET 2001 - ro@suse.de
- update to 1.8.4
- use freetype2 
-------------------------------------------------------------------
Mon Dec  4 11:42:20 CET 2000 - pblaha@suse.cz
- move simbolick link libgd.so -> gd-devel
-------------------------------------------------------------------
Thu Nov 30 10:58:56 CET 2000 - aj@suse.de
- Add suse_update_config.
-------------------------------------------------------------------
Wed Nov 15 16:09:30 CET 2000 - pblaha@suse.cz
- aplied patch from perl-GD and split to gd & gd-devel  
-------------------------------------------------------------------
Mon Jun  5 14:24:24 CEST 2000 - bubnikv@suse.cz
- updated to 1.8.3
-------------------------------------------------------------------
Fri May 12 15:08:44 CEST 2000 - nadvornik@suse.cz
- update to 1.8.1
- added BuildRoot
-------------------------------------------------------------------
Tue Oct 12 00:04:19 CEST 1999 - ro@suse.de
- added xpm and ttf support
-------------------------------------------------------------------
Sun Oct 10 17:29:36 CEST 1999 - ro@suse.de
- added libpng to neededforbuild
-------------------------------------------------------------------
Thu Oct  7 11:26:30 CEST 1999 - schwab@suse.de
- update to 1.7.3
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Thu Sep  9 12:15:28 CEST 1999 - bs@suse.de
- fixed call of Check at the end of %install section
-------------------------------------------------------------------
Tue Jun 15 23:51:28 MEST 1999 - ro@suse.de
- fixed doc installation
-------------------------------------------------------------------
Tue Jun 15 16:23:00 MEST 1999 - ro@suse.de
- update to 1.3
-------------------------------------------------------------------
Thu Feb  5 15:35:02 MET 1998 - ro@suse.de
- ready for autobuild