39 Commits

Author SHA1 Message Date
Khem Raj e1e889bae4 gd: Fix build with clang-15
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-08-23 09:55:28 -07:00
Richard Purdie b402a3076f recipes: Update SRC_URI branch and protocols
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-03 06:57:49 -07:00
Sakib Sajal 4229789eba gd: upgrade 2.3.2 -> 2.3.3
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-09-24 08:12:35 -07:00
Sakib Sajal 59d6f63abb gd: fix CVE-2021-38115
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-26 10:10:56 -07:00
Martin Jansa c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
Khem Raj 7bc8f7d2d1 gd: Replace deprecated types from tiff
These are now flagged with new tiff >= 4.3.0

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Wang Mingyu <wangmy@fujitsu.com>
2021-04-23 21:41:26 -07:00
zhengruoqin 61f7a1624a gd: upgrade 2.3.1 -> 2.3.2
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-16 21:37:15 -07:00
zhengruoqin e5bbf1301d gd: upgrade 2.3.0 -> 2.3.1
- Fix potential integer overflow detected by oss-fuzz
- Fix #615 using libraqm
- Fix #303: gdlib.pc: use Requires instead of Libs (#537)
- Fixed #472: Adjusting CMakeLists.txt (#582)
- Fix #615: gdImageStringFT() fails for empty strings as of libgd 2.3.0 (#633)
- Fix typo but preserve BC
- Compute average in gdGuessBackgroundColorFromCorners properly (#483)
- CMakeLists.txt: zlib is enabled implicitly
- src/config.h.cmake: replace #cmakedefine01 with #define in macro ENABLE_GD_FOORMATS (#622)
- gdlib.pc: use prefixes for pkgconfig file
- cmake: remove required host includes (#617)
- Move initial declaration out of `for` loop
- distribute getlib script
- Make gd_nnquant.c less likely to introduce duplicate definitions (#601)
- webp: support pkg-config file
- gd_io: replace internal Putchar with gdPutC
- gd_io: trim unused Putword function

- Add REQUIRED to FIND_PACKAGE(ZLIB)
- README: add some libraries info (#631)
- VMS/README.VMS: Add dropping support information (#614)

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-02-04 19:10:38 -08:00
Christian Eggers 86193cd563 gd: Extend for native and nativesdk
gd is required for msgcgen which is often used together with doxygen.

Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-06-10 20:55:27 -07:00
Sakib Sajal 39e3a1936e gd: uprev from 2.2.5 to 2.3.0
Major release after 2.2.5.
Changelog: https://github.com/libgd/libgd/blob/gd-2.3.0/CHANGELOG.md

Changes:
- SRC_REV points to tag gd-2.3.0
- branch in SRC_URI points to master
- updated homepage
- removed patches as they were merged upstream
	 under gd-2.3.0 tag

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-26 20:35:47 -07:00
Sakib Sajal e6b805c3b2 gd: Fix CVE-2018-14553
Backport fix from upstream to fix NULL pointer dereference.

Upstream-Status: Backport
CVE: CVE-2018-14553

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-18 15:35:33 -07:00
Haiqing Bai d16876d777 gd: fix CVE-2017-6363
Backport the CVE patch from the upstream to fix the heap-based buffer
over-read in tiffWriter.

Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-04 18:54:52 -08:00
Trevor Gamblin 6ce65dc3fb gd: fix CVE-2019-6978
CVE: CVE-2019-6978

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-04 19:11:55 -07:00
Qi.Chen@windriver.com eee71df881 gd: set CVE_PRODUCT
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-05-07 09:33:49 -07:00
Changqing Li 8099332416 gd: fix compile error caused by -Werror=maybe-uninitialized
When enable DEBUG_BUILD, gd compile failed with error:

| ../../git/src/gd_tiff.c:961:64: error: 'image_type' may be used uninitialized in this function [-Werror=maybe-uninitialized]
|           (image_type == GD_PALETTE || image_type == GD_INDEXED || image_type == GD_GRAY)) {
|           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~

actually, this warning is misinformation, we can see the logic from:
https://github.com/libgd/libgd/blob/master/src/gd_tiff.c
image_type will be assigned no matter force_rgba is TRUE/FALSE.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-04-09 18:09:00 -07:00
Mingli Yu b0ece93cbd gd: Fix CVE-2018-1000222
check return value in gdImageBmpPtr

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-09-12 07:07:28 -07:00
Robert Yang 639af7f742 gd: Replace strncpy with memccpy to fix -Wstringop-truncation.
Fixed for gcc8:
git/src/gdft.c:1699:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-06-20 10:07:41 -07:00
Derek Straka 9faa0acba8 gd: update to version 2.2.5
Resolves the following security issues:
  * Double-free in gdImagePngPtr(). (CVE-2017-6362)
  * Buffer over-read into uninitialized memory. (CVE-2017-7890)

Full changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-11-30 09:13:32 -08:00
Yi Zhao a7f02b1fe5 gd: update to 2.2.4
* Remove the following patches which already merged in upstream:
    fix-gcc-unused-functions.patch
    .gitignore-the-new-test-case.patch
    CVE-2016-10166.patch
    CVE-2016-10167.patch
    CVE-2016-10168.patch
    CVE-2016-6906-1.patch
    CVE-2016-6906-2.patch
    Fix-290-TGA-RLE-decoding-is-broken.patch

* Update LICENSE's MD5 check sum.
  The COPYING file has been update with the following commits in
  upstream:

  commit f863b3c2d300ff5344f6752e5813b0d6985e79c4
    Resolve #282: COPYING vs. docs/naturaldocs/license.txt

  commit 9ccdaedbd9a2cfd1c8a9a258c09af161e796bd41
    Sync COPYING and docs/naturaldocs/license.txt

  These two commits updated the copyright statement regarding the
  authorship of gd and adjust the format.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-08-28 11:06:02 +02:00
Catalin Enache 0ae067ae24 gd : CVE-2016-6906
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd)
before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read)
via a crafted TGA file, related to the decompression buffer.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6906

Upstream patches:
https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-06-05 11:01:45 +02:00
Catalin Enache f66465d4d5 gd : CVE-2016-10167, CVE-2016-10168
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics
Library (aka libgd) before 2.2.4 allows remote attackers to cause a
denial of service (application crash) via a crafted image file.

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to have unspecified impact via vectors
involving the number of horizontal and vertical chunks in an image.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10167
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10168

Upstream patches:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-04-18 14:21:39 +02:00
Catalin Enache f882211c14 gd : CVE-2016-10166
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c
in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers
to have unspecified impact via vectors related to decrementing the u variable.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10166

Upstream patch:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-04-18 14:21:38 +02:00
Martin Jansa 289217bbc3 meta-oe: fix indentation
* remove tabs which sneaked in since last cleanup
* meta-oe layers are using consistent indentation with 4 spaces, see
  http://www.openembedded.org/wiki/Styleguide

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-08-22 15:56:28 +02:00
Derek Straka d1ebcbc629 gd: update to version 2.2.3
* Upstream removed vpx support in favor of webp
    * Explicity disable webp support

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-08-22 15:49:22 +02:00
Wenzong Fan 38ed53fcde gd: cleanup buildpaths from gdlib.pc
* gdlib.pc:
  -L/path/to/tmp/sysroots/qemux86-64/usr/lib64 -> -L/usr/lib64

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-10-13 12:28:13 +02:00
Koen Kooi 016db91036 gd: disable webp/vpx support
The recent update to libvpx 1.4.x broke gd. Upstream has replaced libvpx with libwebp, so fixing it isn't worth it.

If webp support is really needed, backport https://bitbucket.org/libgd/gd-libgd/commits/a79232c5fa69 and add a PACKAGECONFIG for it.

Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-09-23 15:34:26 +02:00
Roy Li 2f71b62260 gd: upgrade to 2.1.1
remove fix-the-subdir-objects-error.patch, a same fix has been merged
into source code.

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-08-24 13:58:18 +02:00
Martin Jansa 0ea6467344 gd: add dependency on libvpx
* fixes floating dependency:
  gd-2.1.0: gd rdepends on libvpx but it isn't a build dependency? [build-deps]

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-08-11 11:00:40 +02:00
Martin Jansa fb87fda264 gd: add dependency on tiff
* fixes floating dependency:
  gd/gd/latest lost dependency on  liblzma tiff

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-08-11 10:59:23 +02:00
Richard Purdie 36d57b9234 recipes: add missing pkgconfig class inherits
* These recipes all use pkg-config in some way but were missing
  dependencies on the tool, this patch adds them.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-06-21 13:06:13 +02:00
Jackie Huang 846ab65cfe gd: split the binaries to package gd-tools
As most linux distribution do, gd only includes the library,
and split all the command line tools into gd-tools, and add
the perl dependcy since one of the tools is a perl script.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-05-03 20:45:02 +02:00
Robert Yang 72b21ffad3 gd: fix the subdir-objects error
Fix this error:
iautomake: warning: possible forward-incompatibility.
automake: At least a source file is in a subdirectory, but the 'subdir-objects'
automake: automake option hasn't been enabled.  For now, the corresponding output
automake: object file(s) will be placed in the top-level directory.  However,
automake: this behaviour will change in future Automake versions: they will
automake: unconditionally cause object files to be placed in the same subdirectory
automake: of the corresponding sources.
automake: You are advised to start using 'subdir-objects' option throughout your
automake: project, to avoid future incompatibilities.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-04-21 13:31:47 +02:00
Martin Jansa c51deaaa36 gd: fix --with-freetype option
* 'yes' value means using pkg-config to find freetype, other values are using
  FREETYPE_CONFIG=/bin/freetype-config and freetype-config isn't
  in STAGING_LIBDIR but in STAGING_BINDIR/crossscripts/freetype-config

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-04-21 13:31:47 +02:00
Jackie Huang f55ae4fac4 gd: update to version 2.1.0
Changes:
- Add DESCRIPTION and HOMEPAGE
- libgd.org is down, use bitbucket.org instead and also
  remove the MIRROR for it.
- Remove the unnecessary specified dir for --with-png.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-04-21 13:31:47 +02:00
stephen.arnold42 19141207ba gd: added upstream license file and fixed configure warnings
This fixes QA warnings about missing license file and stale configure options,
(includes updates for freetype libpath and disables hardcoded rpaths).

Upstream-Status: Inappropriate (distribution/packaging fix)

Signed-off-by: Stephen Arnold <stephen.arnold42@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-04-20 11:03:24 +02:00
Matthieu CRAPET c95e155780 recipes: convert remaining SUMMARY/DESCRIPTION cosmetic issues
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line

Note: don't bump PR

Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-02-23 23:20:02 +01:00
Paul Barker b07f0a239e gd: Add mirror for when libgd.org is down
Added http://fossies.org/unix/www/ as a mirror of http://www.libgd.org/releases/
so that gd-2.0.36RC1.tar.gz can still be downloaded when libgd.org is down.

Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2013-04-08 14:12:24 +02:00
Martin Jansa d0028e40a3 recipes: bump PR to rebuild .la files without libz.la
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2012-02-13 16:59:29 +01:00
Martin Jansa e9609b067b gd: import from OE rev d4f0211e2078d5033ae0dee74664de5520d8392d
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2011-05-29 21:37:56 +02:00