backport-CVE-2021-38115.patch

@@ -0,0 +1,30 @@
+From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
+Date: Mon, 19 Jul 2021 10:07:13 +0430
+Subject: [PATCH 1/1] fix read out-of-bands in reading tga header file
+https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
+
+---
+ src/gd_tga.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/gd_tga.c b/src/gd_tga.c
+index cae9428..286febb 100644
+--- a/src/gd_tga.c
++++ b/src/gd_tga.c
+@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
+ 			return -1;
+ 		}
+ 
+-		gdGetBuf(tga->ident, tga->identsize, ctx);
++		
++		if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
++			gd_error("fail to read header ident");
++			return -1;
++		}
+ 	}
+ 
+ 	return 1;
+-- 
+2.30.2
+

backport-CVE-2021-40812.patch

@@ -0,0 +1,82 @@
+From e5c84f0b7a2e2cef8d8630bd8c26a2f859e959ff Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Tue, 7 Sep 2021 22:03:21 +0700
+Subject: [PATCH 1/2] Partial fix for #750
+
+Conflict:NA
+Reference:https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9
+
+---
+ src/gd_bmp.c  | 15 +++++++++++----
+ src/gd_webp.c |  7 ++++++-
+ 2 files changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/src/gd_bmp.c b/src/gd_bmp.c
+index e186ac9..ab56a3e 100644
+--- a/src/gd_bmp.c
++++ b/src/gd_bmp.c
+@@ -30,6 +30,7 @@
+ #include <stdlib.h>
+ #include "gd.h"
+ #include "gdhelpers.h"
++#include "gd_errors.h"
+ #include "bmp.h"
+ 
+ static int compress_row(unsigned char *uncompressed_row, int length);
+@@ -265,8 +266,11 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 				}
+ 				bitmap_size += compressed_size;
+ 
+-
+-				gdPutBuf(uncompressed_row, compressed_size, out);
++				if (gdPutBuf(uncompressed_row, compressed_size, out) != compressed_size){
++					gd_error("gd-bmp write error\n");
++					error = 1;
++					break;
++				}
+ 				gdPutC(BMP_RLE_COMMAND, out);
+ 				gdPutC(BMP_RLE_ENDOFLINE, out);
+ 				bitmap_size += 2;
+@@ -325,7 +329,10 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 			if (buffer_size == 0) {
+ 				break;
+ 			}
+-			gdPutBuf(copy_buffer , buffer_size, out_original);
++			if (gdPutBuf(copy_buffer , buffer_size, out_original) != buffer_size) {
++				gd_error("gd-bmp write error\n");
++				error = 1;
++			}
+ 		}
+ 		gdFree(copy_buffer);
+ 
+@@ -335,7 +342,7 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 		out_original = NULL;
+ 	}
+ 
+-	ret = 0;
++	ret = error;
+ cleanup:
+ 	if (tmpfile_for_compression) {
+ #ifdef _WIN32
+diff --git a/src/gd_webp.c b/src/gd_webp.c
+index a0b4787..af0bf2c 100644
+--- a/src/gd_webp.c
++++ b/src/gd_webp.c
+@@ -223,8 +223,13 @@ static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
+         ret = 1;
+ 		goto freeargb;
+ 	}
+-	gdPutBuf(out, out_size, outfile);
++
++	int res = gdPutBuf(out, out_size, outfile);
+ 	free(out);
++	if (res != out_size) {
++		gd_error("gd-webp write error\n");
++		ret = 1;
++	}
+ 
+ freeargb:
+ 	gdFree(argb);
+-- 
+2.27.0
+

gd.spec

@@ -1,6 +1,6 @@
 Name:           gd
-Version:        2.3.3
+Version:        2.3.2
-Release:        4
+Release:        1
 Summary:        A graphics library for quick creation of PNG or JPEG images
 License:        MIT
 URL:            http://libgd.github.io/
@@ -8,7 +8,9 @@ Source0:        https://github.com/libgd/libgd/releases/download/gd-%{version}/l
 
 # Missing, temporary workaround, fixed upstream for next version
 Source1:        https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh
-Patch0:		libgd-flip.patch
+
+Patch6000:      backport-CVE-2021-38115.patch
+Patch6001:      backport-CVE-2021-40812.patch
 
 BuildRequires:  freetype-devel fontconfig-devel gettext-devel libjpeg-devel libpng-devel libtiff-devel libwebp-devel
 BuildRequires:  libX11-devel libXpm-devel zlib-devel pkgconfig libtool perl-interpreter perl-generators liberation-sans-fonts
@@ -65,7 +67,7 @@ CFLAGS="$RPM_OPT_FLAGS -DDEFAULT_FONTPATH='\"\
 export CFLAGS="$CFLAGS -msse -mfpmath=sse"
 %endif
 
-%ifarch aarch64 ppc64 ppc64le s390 s390x loongarch64 riscv64
+%ifarch aarch64 ppc64 ppc64le s390 s390x
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1359680
 export CFLAGS="$CFLAGS -ffp-contract=off"
 %endif
@@ -79,7 +81,7 @@ export CFLAGS="$CFLAGS -ffp-contract=off"
 %make_install
 
 %check
-export TMPDIR=/tmp
+export XFAIL_TESTS
 make check
 
 grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
@@ -108,21 +110,6 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
 %exclude %{_libdir}/libgd.a
 
 %changelog
-* Mon Jun 05 2023 laokz <zhangkai@iscas.ac.cn> - 2.3.3-4
-- fix build error for riscv64
-
-* Mon Feb 13 2023 zhangpan <zhangpan103@h-partners.com> - 2.3.3-3
-- fix build error for loongarch64
-
-* Sun Nov 13 2022 Funda Wang <fundawang@yeah.net> - 2.3.3-2
-- Add patch from fedora to fix build with PHP
-
-* Sat Oct 29 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2.3.3-1
-- update to 2.3.3
-
-* Fri Apr 08 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2.3.2-2
-- fix CVE-2021-40145
-
 * Sat Nov 20 2021 hanhui<hanhui15@huawei.com> - 2.3.2-1
 - DESC:update to 2.3.2
 

getlib.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-GETVER="${0%/*}/getver.sh"
+GETVER="${0%/*}/getver.pl"
 GDLIB_MAJOR=$("${GETVER}" MAJOR)
 GDLIB_MINOR=$("${GETVER}" MINOR)
 GDLIB_REVISION=$("${GETVER}" RELEASE)

libgd-flip.patch

@@ -1,50 +0,0 @@
-From f4bc1f5c26925548662946ed7cfa473c190a104a Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Mon, 13 Sep 2021 14:57:52 +0200
-Subject: [PATCH 1/2] Revert "Fix #318, these macros are not used as planed, we
- have separate functions for each"
-
-This reverts commit bdc281eadb1d58d5c0c7bbc1125ee4674256df08.
----
- src/gd.h | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/gd.h b/src/gd.h
-index 30560395..1ad9e637 100644
---- a/src/gd.h
-+++ b/src/gd.h
-@@ -1604,6 +1604,11 @@ BGD_DECLARE(void) gdImageFlipHorizontal(gdImagePtr im);
- BGD_DECLARE(void) gdImageFlipVertical(gdImagePtr im);
- BGD_DECLARE(void) gdImageFlipBoth(gdImagePtr im);
- 
-+#define GD_FLIP_HORINZONTAL 1 /* typo, kept for BC */
-+#define GD_FLIP_HORIZONTAL 1
-+#define GD_FLIP_VERTICAL 2
-+#define GD_FLIP_BOTH 3
-+
- /**
-  * Group: Crop
-  *
-
-From e47c619d792455aad23708d2ec2947455394427e Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Mon, 13 Sep 2021 14:59:47 +0200
-Subject: [PATCH 2/2] add comment to not remove these macros
-
----
- src/gd.h | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/gd.h b/src/gd.h
-index 1ad9e637..71f5a89c 100644
---- a/src/gd.h
-+++ b/src/gd.h
-@@ -1604,6 +1604,8 @@ BGD_DECLARE(void) gdImageFlipHorizontal(gdImagePtr im);
- BGD_DECLARE(void) gdImageFlipVertical(gdImagePtr im);
- BGD_DECLARE(void) gdImageFlipBoth(gdImagePtr im);
- 
-+/* Macros still used in gd extension up to PHP 8.0
-+   so please keep these unused macros for now */
- #define GD_FLIP_HORINZONTAL 1 /* typo, kept for BC */
- #define GD_FLIP_HORIZONTAL 1
- #define GD_FLIP_VERTICAL 2