gd-2.3.2-2

g/gd/gd-vl.spec

@@ -5,7 +5,7 @@ Summary: A graphics library for drawing .png files.
 Summary(ja): PNGイメージファイルを描写するためのグラフィックライブラリ
 Name: gd
 Version: 2.3.2
-Release: 1%{_dist_release}
+Release: 2%{_dist_release}
 Group: system
 Vendor: Project Vine
 Distribution: Vine Linux
@@ -19,6 +19,8 @@ Source1: https://raw.githubusercontent.com/libgd/libgd/master/config/getlib.sh
 Patch0: gd-2.1.0-multilib.patch
 # https://github.com/libgd/libgd/issues/615
 Patch1000: CVE-2021-38115.patch
+# https://github.com/libgd/libgd/issues/700
+Patch1001: CVE-2021-40145.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: freetype2-devel
@@ -113,7 +115,7 @@ gdをインストールした場合、gd-develパッケージも必要になり
 ## to build compat32 for x86_64 architecture support
 %package -n compat32-%{name}
 Summary: A graphics library for drawing .png files.
-Group: system
+Group: system,legacy
 %description -n compat32-%{name}
 Gd is a graphics library for drawing .png files.  Gd allows your code to
 quickly draw images (lines, arcs, text, multiple colors, cutting and
@@ -129,7 +131,7 @@ package.
 
 %package -n compat32-%{name}-devel
 Summary: The development libraries and header files for gd.
-Group: programming
+Group: programming,legacy
 Requires: compat32-freetype2-devel
 Requires: compat32-fontconfig-devel
 Requires: compat32-libjpeg-turbo-devel
@@ -156,6 +158,7 @@ If you're installing the gd graphics library, you must install gd-devel.
 %setup -q -n libgd-%{version}
 #patch0 -p1 -b .mlib
 %patch1000 -p1
+%patch1001 -p1
 
 cp %{SOURCE1} ./config/
 chmod 755 ./config/getlib.sh
@@ -229,6 +232,9 @@ make %{?_smp_mflags} check
 
 
 %changelog
+* Fri Sep 03 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.3.2-2.
+- imported Patch1001 from upstream to fix CVE-2021-40145.
+
 * Thu Aug 12 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.3.2-1
 - new upstream release.
 - dropped ldconfig scriptlets.