diff options
author | Marius Bakke <mbakke@fastmail.com> | 2020-03-26 14:24:43 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2020-03-26 22:35:35 +0100 |
commit | 736d772b82bfd693cd9412e2857e029fa6309269 (patch) | |
tree | 0935a47c181dbeda2f59502c0e63664e30ab450a /gnu | |
parent | 8595c7b0bc84b354321ec8f6ccca54322f277eb6 (diff) | |
download | guix-736d772b82bfd693cd9412e2857e029fa6309269.tar guix-736d772b82bfd693cd9412e2857e029fa6309269.tar.gz |
gnu: gd: Update to 2.3.0.
* gnu/packages/patches/gd-fix-tests-on-i686.patch: Adjust context.
* gnu/packages/patches/gd-CVE-2018-1000222.patch,
gnu/packages/patches/gd-CVE-2018-5711.patch,
gnu/packages/patches/gd-CVE-2019-6977.patch,
gnu/packages/patches/gd-CVE-2019-6978.patch,
gnu/packages/patches/gd-freetype-test-failure.patch: Delete files.
* gnu/packages/patches/gd-brect-bounds.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly
* gnu/packages/gd.scm (gd): Update to 2.3.0.
[source](patches): Remove obsolete.
* gnu/packages/gd.scm (gd):
[propagated-inputs]: Move LIBJPEG-TURBO and FONTCONFIG ...
[inputs]: ... here.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 6 | ||||
-rw-r--r-- | gnu/packages/gd.scm | 20 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2018-1000222.patch | 87 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2018-5711.patch | 61 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2019-6977.patch | 36 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2019-6978.patch | 301 | ||||
-rw-r--r-- | gnu/packages/patches/gd-brect-bounds.patch | 63 | ||||
-rw-r--r-- | gnu/packages/patches/gd-fix-tests-on-i686.patch | 2 | ||||
-rw-r--r-- | gnu/packages/patches/gd-freetype-test-failure.patch | 59 |
9 files changed, 72 insertions, 563 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index ff92662cf4..6d689f6dc2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -925,12 +925,8 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-8-strmov-store-file-names.patch \ %D%/packages/patches/gcc-9-asan-fix-limits-include.patch \ %D%/packages/patches/gcc-9-strmov-store-file-names.patch \ - %D%/packages/patches/gd-CVE-2018-5711.patch \ - %D%/packages/patches/gd-CVE-2018-1000222.patch \ - %D%/packages/patches/gd-CVE-2019-6977.patch \ - %D%/packages/patches/gd-CVE-2019-6978.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ - %D%/packages/patches/gd-freetype-test-failure.patch \ + %D%/packages/patches/gd-brect-bounds.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ %D%/packages/patches/ghc-testsuite-dlopen-pie.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index 444c76956a..3c818872c1 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -42,7 +42,7 @@ ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. - (version "2.2.5") + (version "2.3.0") (source (origin (method url-fetch) (uri (string-append @@ -50,14 +50,9 @@ version "/libgd-" version ".tar.xz")) (sha256 (base32 - "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c")) - - (patches (search-patches "gd-CVE-2018-5711.patch" - "gd-CVE-2018-1000222.patch" - "gd-CVE-2019-6977.patch" - "gd-CVE-2019-6978.patch" - "gd-fix-tests-on-i686.patch" - "gd-freetype-test-failure.patch")))) + "0n5czhxzinvjvmhkf5l9fwjdx5ip69k5k7pj6zwb6zs1k9dibngc")) + (patches (search-patches "gd-fix-tests-on-i686.patch" + "gd-brect-bounds.patch")))) (build-system gnu-build-system) (arguments ;; As recommended by github.com/libgd/libgd/issues/278 to fix rounding @@ -78,12 +73,11 @@ (native-inputs `(("pkg-config" ,pkg-config))) (inputs - `(("freetype" ,freetype) + `(("fontconfig" ,fontconfig) + ("freetype" ,freetype) + ("libjpeg" ,libjpeg-turbo) ("libpng" ,libpng) ("zlib" ,zlib))) - (propagated-inputs - `(("fontconfig" ,fontconfig) - ("libjpeg" ,libjpeg-turbo))) (home-page "https://www.libgd.org/") (synopsis "Library for the dynamic creation of images by programmers") (description diff --git a/gnu/packages/patches/gd-CVE-2018-1000222.patch b/gnu/packages/patches/gd-CVE-2018-1000222.patch deleted file mode 100644 index 7e94295bb6..0000000000 --- a/gnu/packages/patches/gd-CVE-2018-1000222.patch +++ /dev/null @@ -1,87 +0,0 @@ -Fix CVE-2018-1000222: - -https://github.com/libgd/libgd/issues/447 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/4b1e18a00ce7c4b7e6919c3b3109a034393b805a - -From 4b1e18a00ce7c4b7e6919c3b3109a034393b805a Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sat, 14 Jul 2018 13:54:08 -0400 -Subject: [PATCH] bmp: check return value in gdImageBmpPtr - -Closes #447. - -(cherry picked from commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5) ---- - src/gd_bmp.c | 17 ++++++++++++++--- - 1 file changed, 14 insertions(+), 3 deletions(-) - -diff --git a/src/gd_bmp.c b/src/gd_bmp.c -index ccafdcd..d625da1 100644 ---- a/src/gd_bmp.c -+++ b/src/gd_bmp.c -@@ -48,6 +48,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp - static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); - static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); - -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); -+ - #define BMP_DEBUG(s) - - static int gdBMPPutWord(gdIOCtx *out, int w) -@@ -88,8 +90,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageBmpCtx(im, out, compression); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageBmpCtx(im, out, compression)) -+ rv = gdDPExtractData(out, size); -+ else -+ rv = NULL; - out->gd_free(out); - return rv; - } -@@ -142,6 +146,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) - compression - whether to apply RLE or not. - */ - BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) -+{ -+ _gdImageBmpCtx(im, out, compression); -+} -+ -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - { - int bitmap_size = 0, info_size, total_size, padding; - int i, row, xpos, pixel; -@@ -149,6 +158,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; - FILE *tmpfile_for_compression = NULL; - gdIOCtxPtr out_original = NULL; -+ int ret = 1; - - /* No compression if its true colour or we don't support seek */ - if (im->trueColor) { -@@ -326,6 +336,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - out_original = NULL; - } - -+ ret = 0; - cleanup: - if (tmpfile_for_compression) { - #ifdef _WIN32 -@@ -339,7 +350,7 @@ cleanup: - if (out_original) { - out_original->gd_free(out_original); - } -- return; -+ return ret; - } - - static int compress_row(unsigned char *row, int length) --- -2.18.0 - diff --git a/gnu/packages/patches/gd-CVE-2018-5711.patch b/gnu/packages/patches/gd-CVE-2018-5711.patch deleted file mode 100644 index 83b12cde63..0000000000 --- a/gnu/packages/patches/gd-CVE-2018-5711.patch +++ /dev/null @@ -1,61 +0,0 @@ -This patch is adapted from commit a11f47475e6443b7f32d21f2271f28f417e2ac04 and -fixes CVE-2018-5711. - -From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Wed, 29 Nov 2017 19:37:38 +0100 -Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx - -Due to a signedness confusion in `GetCode_` a corrupt GIF file can -trigger an infinite loop. Furthermore we make sure that a GIF without -any palette entries is treated as invalid *after* open palette entries -have been removed. - -CVE-2018-5711 - -See also https://bugs.php.net/bug.php?id=75571. ---- - src/gd_gif_in.c | 12 ++++++------ - 1 file changed, 38 insertions(+), 6 deletions(-) - -diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c -index daf26e7..0a8bd71 100644 ---- a/src/gd_gif_in.c -+++ b/src/gd_gif_in.c -@@ -335,11 +335,6 @@ terminated: - return 0; - } - -- if(!im->colorsTotal) { -- gdImageDestroy(im); -- return 0; -- } -- - /* Check for open colors at the end, so - * we can reduce colorsTotal and ultimately - * BitsPerPixel */ -@@ -351,6 +346,11 @@ terminated: - } - } - -+ if(!im->colorsTotal) { -+ gdImageDestroy(im); -+ return 0; -+ } -+ - return im; - } - -@@ -447,7 +447,7 @@ static int - GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) - { - int i, j, ret; -- unsigned char count; -+ int count; - - if(flag) { - scd->curbit = 0; - --- -2.13.6 - diff --git a/gnu/packages/patches/gd-CVE-2019-6977.patch b/gnu/packages/patches/gd-CVE-2019-6977.patch deleted file mode 100644 index b21a8ac619..0000000000 --- a/gnu/packages/patches/gd-CVE-2019-6977.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2019-6977: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977 - -Patch copied from Debian: - -https://salsa.debian.org/debian/libgd2/commit/2d7d3b68bb79843e5271a05543e996fd5a3a8cd1 - -Description: Heap-based buffer overflow in gdImageColorMatch -Origin: other, https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced -Bug-PHP: https://bugs.php.net/bug.php?id=77270 -Bug-Debian: https://bugs.debian.org/920645 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-6977 -Forwarded: no -Author: "Christoph M. Becker" <cmbecker69@gmx.de> -Last-Update: 2019-02-01 - -At least some of the image reading functions may return images which -use color indexes greater than or equal to im->colorsTotal. We cater -to this by always using a buffer size which is sufficient for -`gdMaxColors` in `gdImageColorMatch()`. ---- - ---- a/src/gd_color_match.c -+++ b/src/gd_color_match.c -@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm - return -4; /* At least 1 color must be allocated */ - } - -- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); -- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); -+ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); -+ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); - - for (x=0; x < im1->sx; x++) { - for( y=0; y<im1->sy; y++ ) { diff --git a/gnu/packages/patches/gd-CVE-2019-6978.patch b/gnu/packages/patches/gd-CVE-2019-6978.patch deleted file mode 100644 index 69fc5056fc..0000000000 --- a/gnu/packages/patches/gd-CVE-2019-6978.patch +++ /dev/null @@ -1,301 +0,0 @@ -Fix CVE-2019-6978: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0 - -From 553702980ae89c83f2d6e254d62cf82e204956d0 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Thu, 17 Jan 2019 11:54:55 +0100 -Subject: [PATCH] Fix #492: Potential double-free in gdImage*Ptr() - -Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we -must not call `gdDPExtractData()`; otherwise a double-free would -happen. Since `gdImage*Ctx()` are void functions, and we can't change -that for BC reasons, we're introducing static helpers which are used -internally. - -We're adding a regression test for `gdImageJpegPtr()`, but not for -`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to -trigger failure of the respective `gdImage*Ctx()` calls. - -This potential security issue has been reported by Solmaz Salimi (aka. -Rooney). ---- - src/gd_gif_out.c | 18 +++++++++++++++--- - src/gd_jpeg.c | 20 ++++++++++++++++---- - src/gd_wbmp.c | 21 ++++++++++++++++++--- - tests/jpeg/.gitignore | 1 + - tests/jpeg/CMakeLists.txt | 1 + - tests/jpeg/Makemodule.am | 3 ++- - tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++ - 7 files changed, 84 insertions(+), 11 deletions(-) - create mode 100644 tests/jpeg/jpeg_ptr_double_free.c - -diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c -index 298a581..d5a9534 100644 ---- a/src/gd_gif_out.c -+++ b/src/gd_gif_out.c -@@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx); - static void char_out(int c, GifCtx *ctx); - static void flush_char(GifCtx *ctx); - -+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); - - - -@@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageGifCtx(im, out); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageGifCtx(im, out)) { -+ rv = gdDPExtractData(out, size); -+ } else { -+ rv = NULL; -+ } - out->gd_free(out); - return rv; - } -@@ -220,6 +224,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile) - - */ - BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) -+{ -+ _gdImageGifCtx(im, out); -+} -+ -+/* returns 0 on success, 1 on failure */ -+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) - { - gdImagePtr pim = 0, tim = im; - int interlace, BitsPerPixel; -@@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) - based temporary image. */ - pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); - if(!pim) { -- return; -+ return 1; - } - tim = pim; - } -@@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) - /* Destroy palette based temporary image. */ - gdImageDestroy( pim); - } -+ -+ return 0; - } - - -diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c -index fc05842..96ef430 100644 ---- a/src/gd_jpeg.c -+++ b/src/gd_jpeg.c -@@ -117,6 +117,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo) - exit(99); - } - -+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); -+ - /* - * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality - * QUALITY. If QUALITY is in the range 0-100, increasing values -@@ -231,8 +233,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageJpegCtx(im, out, quality); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageJpegCtx(im, out, quality)) { -+ rv = gdDPExtractData(out, size); -+ } else { -+ rv = NULL; -+ } - out->gd_free(out); - return rv; - } -@@ -253,6 +258,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile); - - */ - BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) -+{ -+ _gdImageJpegCtx(im, outfile, quality); -+} -+ -+/* returns 0 on success, 1 on failure */ -+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - { - struct jpeg_compress_struct cinfo; - struct jpeg_error_mgr jerr; -@@ -287,7 +298,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - if(row) { - gdFree(row); - } -- return; -+ return 1; - } - - cinfo.err->emit_message = jpeg_emit_message; -@@ -328,7 +339,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - if(row == 0) { - gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n"); - jpeg_destroy_compress(&cinfo); -- return; -+ return 1; - } - - rowptr[0] = row; -@@ -405,6 +416,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) - jpeg_finish_compress(&cinfo); - jpeg_destroy_compress(&cinfo); - gdFree(row); -+ return 0; - } - - -diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c -index f19a1c9..a49bdbe 100644 ---- a/src/gd_wbmp.c -+++ b/src/gd_wbmp.c -@@ -88,6 +88,8 @@ int gd_getin(void *in) - return (gdGetC((gdIOCtx *)in)); - } - -+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); -+ - /* - Function: gdImageWBMPCtx - -@@ -100,6 +102,12 @@ int gd_getin(void *in) - out - the stream where to write - */ - BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) -+{ -+ _gdImageWBMPCtx(image, fg, out); -+} -+ -+/* returns 0 on success, 1 on failure */ -+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) - { - int x, y, pos; - Wbmp *wbmp; -@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) - /* create the WBMP */ - if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) { - gd_error("Could not create WBMP\n"); -- return; -+ return 1; - } - - /* fill up the WBMP structure */ -@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) - - /* write the WBMP to a gd file descriptor */ - if(writewbmp(wbmp, &gd_putout, out)) { -+ freewbmp(wbmp); - gd_error("Could not save WBMP\n"); -+ return 1; - } - - /* des submitted this bugfix: gdFree the memory. */ - freewbmp(wbmp); -+ -+ return 0; - } - - /* -@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageWBMPCtx(im, fg, out); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageWBMPCtx(im, fg, out)) { -+ rv = gdDPExtractData(out, size); -+ } else { -+ rv = NULL; -+ } - out->gd_free(out); - return rv; - } -#diff --git a/tests/jpeg/.gitignore b/tests/jpeg/.gitignore -#index c28aa87..13bcf04 100644 -#--- a/tests/jpeg/.gitignore -#+++ b/tests/jpeg/.gitignore -#@@ -3,5 +3,6 @@ -# /jpeg_empty_file -# /jpeg_im2im -# /jpeg_null -#+/jpeg_ptr_double_free -# /jpeg_read -# /jpeg_resolution -diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt -index 19964b0..a8d8162 100644 ---- a/tests/jpeg/CMakeLists.txt -+++ b/tests/jpeg/CMakeLists.txt -@@ -2,6 +2,7 @@ IF(JPEG_FOUND) - LIST(APPEND TESTS_FILES - jpeg_empty_file - jpeg_im2im -+ jpeg_ptr_double_free - jpeg_null - ) - -diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am -index 7e5d317..b89e169 100644 ---- a/tests/jpeg/Makemodule.am -+++ b/tests/jpeg/Makemodule.am -@@ -2,7 +2,8 @@ if HAVE_LIBJPEG - libgd_test_programs += \ - jpeg/jpeg_empty_file \ - jpeg/jpeg_im2im \ -- jpeg/jpeg_null -+ jpeg/jpeg_null \ -+ jpeg/jpeg_ptr_double_free - - if HAVE_LIBPNG - libgd_test_programs += \ -diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c -new file mode 100644 -index 0000000..df5a510 ---- /dev/null -+++ b/tests/jpeg/jpeg_ptr_double_free.c -@@ -0,0 +1,31 @@ -+/** -+ * Test that failure to convert to JPEG returns NULL -+ * -+ * We are creating an image, set its width to zero, and pass this image to -+ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL. -+ * -+ * See also <https://github.com/libgd/libgd/issues/381> -+ */ -+ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+int main() -+{ -+ gdImagePtr src, dst; -+ int size; -+ -+ src = gdImageCreateTrueColor(1, 10); -+ gdTestAssert(src != NULL); -+ -+ src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */ -+ -+ dst = gdImageJpegPtr(src, &size, 0); -+ gdTestAssert(dst == NULL); -+ -+ gdImageDestroy(src); -+ -+ return gdNumFailures(); -+} --- -2.20.1 - diff --git a/gnu/packages/patches/gd-brect-bounds.patch b/gnu/packages/patches/gd-brect-bounds.patch new file mode 100644 index 0000000000..575e4dc2ad --- /dev/null +++ b/gnu/packages/patches/gd-brect-bounds.patch @@ -0,0 +1,63 @@ +Revert upstream commit 04bb9a08b3c25f8e3c0c235f9cefc0f94df59a5a because it +causes a test failure on i686 and possibly other architectures. + +See <https://github.com/libgd/libgd/issues/613>. + +diff --git a/src/gdft.c b/src/gdft.c +--- a/src/gdft.c ++++ b/src/gdft.c +@@ -1579,6 +1579,12 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c + double scalex = (double)hdpi / (64 * METRIC_RES); + double scaley = (double)vdpi / (64 * METRIC_RES); + ++ /* increase by 1 pixel to allow for rounding */ ++ total_min.x -= METRIC_RES; ++ total_min.y -= METRIC_RES; ++ total_max.x += METRIC_RES; ++ total_max.y += METRIC_RES; ++ + /* rotate bounding rectangle, scale and round to int pixels, and translate */ + brect[0] = x + (total_min.x * cos_a + total_max.y * sin_a)*scalex; + brect[1] = y - (total_min.x * sin_a - total_max.y * cos_a)*scaley; +diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c +--- a/tests/gdimagestringft/gdimagestringft_bbox.c ++++ b/tests/gdimagestringft/gdimagestringft_bbox.c +@@ -8,22 +8,22 @@ + #define DELTA (PI/8) + + static int EXPECT[16][8] = { +- {500, 400, 628, 400, 628, 376, 500, 376}, +- {492, 362, 611, 312, 601, 290, 483, 339}, +- {470, 330, 561, 239, 544, 221, 453, 312}, +- {437, 308, 486, 189, 464, 180, 414, 299}, +- {400, 301, 400, 173, 376, 173, 376, 301}, +- {363, 309, 313, 190, 291, 200, 340, 318}, +- {332, 331, 241, 240, 223, 257, 314, 348}, +- {311, 363, 192, 314, 183, 336, 302, 386}, +- {304, 399, 176, 399, 176, 423, 304, 423}, +- {312, 435, 193, 485, 203, 507, 321, 458}, +- {333, 465, 242, 556, 259, 574, 350, 483}, +- {364, 486, 315, 605, 337, 614, 387, 495}, +- {399, 492, 399, 620, 423, 620, 423, 492}, +- {434, 484, 484, 603, 506, 593, 457, 475}, +- {463, 464, 554, 555, 572, 538, 481, 447}, +- {483, 434, 602, 483, 611, 461, 492, 411}, ++ {498, 401, 630, 401, 630, 374, 498, 374}, ++ {491, 364, 613, 313, 602, 288, 481, 338}, ++ {470, 332, 563, 239, 544, 219, 451, 312}, ++ {438, 310, 488, 189, 463, 178, 412, 300}, ++ {401, 303, 401, 171, 374, 171, 374, 303}, ++ {365, 310, 314, 188, 289, 199, 339, 320}, ++ {334, 331, 241, 238, 221, 257, 314, 350}, ++ {313, 362, 192, 312, 181, 337, 303, 388}, ++ {306, 398, 174, 398, 174, 425, 306, 425}, ++ {313, 433, 191, 484, 202, 509, 323, 459}, ++ {333, 463, 240, 556, 259, 576, 352, 483}, ++ {363, 484, 313, 605, 338, 616, 389, 494}, ++ {398, 490, 398, 622, 425, 622, 425, 490}, ++ {432, 483, 483, 605, 508, 594, 458, 473}, ++ {461, 464, 554, 557, 574, 538, 481, 445}, ++ {481, 435, 602, 485, 613, 460, 491, 409}, + }; + + int main() diff --git a/gnu/packages/patches/gd-fix-tests-on-i686.patch b/gnu/packages/patches/gd-fix-tests-on-i686.patch index 280893c1d4..7ec8e7fee9 100644 --- a/gnu/packages/patches/gd-fix-tests-on-i686.patch +++ b/gnu/packages/patches/gd-fix-tests-on-i686.patch @@ -38,7 +38,7 @@ diff -ru libgd-2.2.3.orig/tests/gdimagecopyresampled/bug00201.c libgd-2.2.3/test @@ -65,7 +66,8 @@ gdImageDestroy(background); gdImageDestroy(scaled_logo); - + - gdAssertImageEqualsToFile("gdimagecopyresampled/bug00201_exp.png", img); + if (FLT_EVAL_METHOD != 2) + gdAssertImageEqualsToFile("gdimagecopyresampled/bug00201_exp.png", img); diff --git a/gnu/packages/patches/gd-freetype-test-failure.patch b/gnu/packages/patches/gd-freetype-test-failure.patch deleted file mode 100644 index 49c16ca089..0000000000 --- a/gnu/packages/patches/gd-freetype-test-failure.patch +++ /dev/null @@ -1,59 +0,0 @@ -Fix a test failure with freetype 2.7: - -https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 - -From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Sun, 29 Jan 2017 17:07:50 +0100 -Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7 - -Actually, the test failures are not necessarily related to freetype -2.7, but rather are caused by subpixel hinting which is enabled by -default in freetype 2.7. Subpixel hinting is, however, already -available in freetype 2.5 and in versions having the "Infinality" -patch. - -To get the expected results in all environments, we have to disable -subpixel hinting, what is easily done by setting a respective -environment variable. - -See also: -* https://www.freetype.org/freetype2/docs/subpixel-hinting.html -* https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html ---- - tests/freetype/bug00132.c | 3 +++ - tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++ - 2 files changed, 6 insertions(+) - -diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c -index 713dd2d..42ed5b1 100644 ---- a/tests/freetype/bug00132.c -+++ b/tests/freetype/bug00132.c -@@ -11,6 +11,9 @@ int main() - char *path; - char *ret = NULL; - -+ /* disable subpixel hinting */ -+ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); -+ - im = gdImageCreateTrueColor(50, 30); - - if (!im) { -diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c -index 0161ec8..1596a9e 100644 ---- a/tests/gdimagestringft/gdimagestringft_bbox.c -+++ b/tests/gdimagestringft/gdimagestringft_bbox.c -@@ -38,6 +38,9 @@ int main() - int error = 0; - FILE *fp; - -+ /* disable subpixel hinting */ -+ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); -+ - path = gdTestFilePath("freetype/DejaVuSans.ttf"); - im = gdImageCreate(800, 800); - gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for background color */ |