Age | Commit message (Collapse) | Author |
|
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics
Library (aka libgd) before 2.2.4 allows remote attackers to cause a
denial of service (application crash) via a crafted image file.
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to have unspecified impact via vectors
involving the number of horizontal and vertical chunks in an image.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10167
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10168
Upstream patches:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c
in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers
to have unspecified impact via vectors related to decrementing the u variable.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10166
Upstream patch:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* remove tabs which sneaked in since last cleanup
* meta-oe layers are using consistent indentation with 4 spaces, see
http://www.openembedded.org/wiki/Styleguide
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* Upstream removed vpx support in favor of webp
* Explicity disable webp support
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* gdlib.pc:
-L/path/to/tmp/sysroots/qemux86-64/usr/lib64 -> -L/usr/lib64
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The recent update to libvpx 1.4.x broke gd. Upstream has replaced libvpx with libwebp, so fixing it isn't worth it.
If webp support is really needed, backport https://bitbucket.org/libgd/gd-libgd/commits/a79232c5fa69 and add a PACKAGECONFIG for it.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
remove fix-the-subdir-objects-error.patch, a same fix has been merged
into source code.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* fixes floating dependency:
gd-2.1.0: gd rdepends on libvpx but it isn't a build dependency? [build-deps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* fixes floating dependency:
gd/gd/latest lost dependency on liblzma tiff
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
As most linux distribution do, gd only includes the library,
and split all the command line tools into gd-tools, and add
the perl dependcy since one of the tools is a perl script.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fix this error:
iautomake: warning: possible forward-incompatibility.
automake: At least a source file is in a subdirectory, but the 'subdir-objects'
automake: automake option hasn't been enabled. For now, the corresponding output
automake: object file(s) will be placed in the top-level directory. However,
automake: this behaviour will change in future Automake versions: they will
automake: unconditionally cause object files to be placed in the same subdirectory
automake: of the corresponding sources.
automake: You are advised to start using 'subdir-objects' option throughout your
automake: project, to avoid future incompatibilities.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* 'yes' value means using pkg-config to find freetype, other values are using
FREETYPE_CONFIG=/bin/freetype-config and freetype-config isn't
in STAGING_LIBDIR but in STAGING_BINDIR/crossscripts/freetype-config
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Changes:
- Add DESCRIPTION and HOMEPAGE
- libgd.org is down, use bitbucket.org instead and also
remove the MIRROR for it.
- Remove the unnecessary specified dir for --with-png.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This fixes QA warnings about missing license file and stale configure options,
(includes updates for freetype libpath and disables hardcoded rpaths).
Upstream-Status: Inappropriate (distribution/packaging fix)
Signed-off-by: Stephen Arnold <stephen.arnold42@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Added http://fossies.org/unix/www/ as a mirror of http://www.libgd.org/releases/
so that gd-2.0.36RC1.tar.gz can still be downloaded when libgd.org is down.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|