Age | Commit message (Collapse) | Author |
|
check return value in gdImageBmpPtr
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixed for gcc8:
git/src/gdft.c:1699:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Resolves the following security issues:
* Double-free in gdImagePngPtr(). (CVE-2017-6362)
* Buffer over-read into uninitialized memory. (CVE-2017-7890)
Full changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Remove the following patches which already merged in upstream:
fix-gcc-unused-functions.patch
.gitignore-the-new-test-case.patch
CVE-2016-10166.patch
CVE-2016-10167.patch
CVE-2016-10168.patch
CVE-2016-6906-1.patch
CVE-2016-6906-2.patch
Fix-290-TGA-RLE-decoding-is-broken.patch
* Update LICENSE's MD5 check sum.
The COPYING file has been update with the following commits in
upstream:
commit f863b3c2d300ff5344f6752e5813b0d6985e79c4
Resolve #282: COPYING vs. docs/naturaldocs/license.txt
commit 9ccdaedbd9a2cfd1c8a9a258c09af161e796bd41
Sync COPYING and docs/naturaldocs/license.txt
These two commits updated the copyright statement regarding the
authorship of gd and adjust the format.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd)
before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read)
via a crafted TGA file, related to the decompression buffer.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6906
Upstream patches:
https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics
Library (aka libgd) before 2.2.4 allows remote attackers to cause a
denial of service (application crash) via a crafted image file.
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to have unspecified impact via vectors
involving the number of horizontal and vertical chunks in an image.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10167
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10168
Upstream patches:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c
in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers
to have unspecified impact via vectors related to decrementing the u variable.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10166
Upstream patch:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* remove tabs which sneaked in since last cleanup
* meta-oe layers are using consistent indentation with 4 spaces, see
http://www.openembedded.org/wiki/Styleguide
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* Upstream removed vpx support in favor of webp
* Explicity disable webp support
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* gdlib.pc:
-L/path/to/tmp/sysroots/qemux86-64/usr/lib64 -> -L/usr/lib64
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The recent update to libvpx 1.4.x broke gd. Upstream has replaced libvpx with libwebp, so fixing it isn't worth it.
If webp support is really needed, backport https://bitbucket.org/libgd/gd-libgd/commits/a79232c5fa69 and add a PACKAGECONFIG for it.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
remove fix-the-subdir-objects-error.patch, a same fix has been merged
into source code.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* fixes floating dependency:
gd-2.1.0: gd rdepends on libvpx but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* fixes floating dependency:
gd/gd/latest lost dependency on liblzma tiff
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
As most linux distribution do, gd only includes the library,
and split all the command line tools into gd-tools, and add
the perl dependcy since one of the tools is a perl script.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fix this error:
iautomake: warning: possible forward-incompatibility.
automake: At least a source file is in a subdirectory, but the 'subdir-objects'
automake: automake option hasn't been enabled. For now, the corresponding output
automake: object file(s) will be placed in the top-level directory. However,
automake: this behaviour will change in future Automake versions: they will
automake: unconditionally cause object files to be placed in the same subdirectory
automake: of the corresponding sources.
automake: You are advised to start using 'subdir-objects' option throughout your
automake: project, to avoid future incompatibilities.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* 'yes' value means using pkg-config to find freetype, other values are using
FREETYPE_CONFIG=/bin/freetype-config and freetype-config isn't
in STAGING_LIBDIR but in STAGING_BINDIR/crossscripts/freetype-config
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Changes:
- Add DESCRIPTION and HOMEPAGE
- libgd.org is down, use bitbucket.org instead and also
remove the MIRROR for it.
- Remove the unnecessary specified dir for --with-png.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This fixes QA warnings about missing license file and stale configure options,
(includes updates for freetype libpath and disables hardcoded rpaths).
Upstream-Status: Inappropriate (distribution/packaging fix)
Signed-off-by: Stephen Arnold <stephen.arnold42@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Added http://fossies.org/unix/www/ as a mirror of http://www.libgd.org/releases/
so that gd-2.0.36RC1.tar.gz can still be downloaded when libgd.org is down.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|