- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

.gitignore

@@ -9,3 +9,4 @@ gd-2.0.35.tar.bz2
 /libgd-2.2.3.tar.xz
 /libgd-2.2.4.tar.xz
 /libgd-2.2.5.tar.xz
+/libgd-2.3.0.tar.xz

gd-2.1.0-multilib.patch

@@ -1,33 +0,0 @@
-diff -up gd-2.1.0/config/gdlib-config.in.multilib gd-2.1.0/config/gdlib-config.in
---- gd-2.1.0/config/gdlib-config.in.multilib	2013-04-21 16:58:17.820010758 +0200
-+++ gd-2.1.0/config/gdlib-config.in	2013-04-21 16:59:27.896317922 +0200
-@@ -7,9 +7,10 @@
- # installation directories
- prefix=@prefix@
- exec_prefix=@exec_prefix@
--libdir=@libdir@
-+libdir=`pkg-config gdlib --variable=libdir`
- includedir=@includedir@
- bindir=@bindir@
-+ldflags=`pkg-config gdlib --variable=ldflags`
- 
- usage()
- {
-@@ -68,7 +69,7 @@ while test $# -gt 0; do
- 	echo @GDLIB_REVISION@
- 	;;
-     --ldflags)
--	echo @LDFLAGS@
-+	echo $ldflags
- 	;;
-     --libs)
- 	echo -lgd @LIBS@ @LIBICONV@
-@@ -83,7 +84,7 @@ while test $# -gt 0; do
- 	echo "GD library  @VERSION@"
- 	echo "includedir: $includedir"
- 	echo "cflags:     -I@includedir@"
--	echo "ldflags:    @LDFLAGS@"
-+	echo "ldflags:    $ldflags"
- 	echo "libs:       @LIBS@ @LIBICONV@"
- 	echo "libdir:     $libdir"
- 	echo "features:   @FEATURES@"

gd-2.2.5-gdImageBmpPtr-double-free.patch

@@ -1,73 +0,0 @@
-From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 14 Jul 2018 13:54:08 -0400
-Subject: [PATCH] bmp: check return value in gdImageBmpPtr
-
-Closes #447.
----
- src/gd_bmp.c | 17 ++++++++++++++---
- 1 file changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index bde0b9d3..78f40d9a 100644
---- a/src/gd_bmp.c
-+++ b/src/gd_bmp.c
-@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
- static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
- static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
- 
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
-+
- #define BMP_DEBUG(s)
- 
- static int gdBMPPutWord(gdIOCtx *out, int w)
-@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageBmpCtx(im, out, compression);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageBmpCtx(im, out, compression))
-+		rv = gdDPExtractData(out, size);
-+	else
-+		rv = NULL;
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
- 		compression - whether to apply RLE or not.
- */
- BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
-+{
-+	_gdImageBmpCtx(im, out, compression);
-+}
-+
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- {
- 	int bitmap_size = 0, info_size, total_size, padding;
- 	int i, row, xpos, pixel;
-@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
- 	FILE *tmpfile_for_compression = NULL;
- 	gdIOCtxPtr out_original = NULL;
-+	int ret = 1;
- 
- 	/* No compression if its true colour or we don't support seek */
- 	if (im->trueColor) {
-@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 		out_original = NULL;
- 	}
- 
-+	ret = 0;
- cleanup:
- 	if (tmpfile_for_compression) {
- #ifdef _WIN32
-@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 	if (out_original) {
- 		out_original->gd_free(out_original);
- 	}
--	return;
-+	return ret;
- }
- 
- static int compress_row(unsigned char *row, int length)

gd-2.2.5-heap-based-buffer-overflow.patch

@@ -1,28 +0,0 @@
-From 98b2e94e62d873acbcc6d968f1f97af9749fe021 Mon Sep 17 00:00:00 2001
-From: Ondrej Dubaj <odubaj@redhat.com>
-Date: Tue, 4 Jun 2019 10:54:45 +0200
-Subject: [PATCH] heap based buffer overflow in
- gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch()
-
----
- src/gd_color_match.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/gd_color_match.c b/src/gd_color_match.c
-index f0842b6..a94a841 100755
---- a/src/gd_color_match.c
-+++ b/src/gd_color_match.c
-@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2)
- 		return -4; /* At least 1 color must be allocated */
- 	}
- 
--	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
--	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
-+	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
-+	memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
- 
- 	for (x=0; x < im1->sx; x++) {
- 		for( y=0; y<im1->sy; y++ ) {
--- 
-2.17.1
-

gd-2.2.5-potential-double-free.patch

@@ -1,283 +0,0 @@
-From 4d9d8368d08c3a2be3ea4193b9314fffeddace52 Mon Sep 17 00:00:00 2001
-From: Ondrej Dubaj <odubaj@redhat.com>
-Date: Tue, 4 Jun 2019 13:38:41 +0200
-Subject: [PATCH] Potential double-free in gdImage*Ptr()
-
-Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we
-must not call `gdDPExtractData()`; otherwise a double-free would
-happen.  Since `gdImage*Ctx()` are void functions, and we can't change
-that for BC reasons, we're introducing static helpers which are used
-internally.
-
-We're adding a regression test for `gdImageJpegPtr()`, but not for
-`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to
-trigger failure of the respective `gdImage*Ctx()` calls.
-
-This potential security issue has been reported by Solmaz Salimi (aka.
-Rooney).
----
- src/gd_gif_out.c                  | 19 +++++++++++++++----
- src/gd_jpeg.c                     | 20 ++++++++++++++++----
- src/gd_wbmp.c                     | 21 ++++++++++++++++++---
- tests/jpeg/CMakeLists.txt         |  1 +
- tests/jpeg/Makemodule.am          |  3 ++-
- tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++
- 6 files changed, 83 insertions(+), 12 deletions(-)
- create mode 100644 tests/jpeg/jpeg_ptr_double_free.c
-
-diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c
-index 6fe707d..4a05c09 100755
---- a/src/gd_gif_out.c
-+++ b/src/gd_gif_out.c
-@@ -99,7 +99,7 @@ static void char_init(GifCtx *ctx);
- static void char_out(int c, GifCtx *ctx);
- static void flush_char(GifCtx *ctx);
- 
--
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out);
- 
- 
- /*
-@@ -131,8 +131,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageGifCtx(im, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageGifCtx(im, out)) {
-+        rv = gdDPExtractData(out, size);
-+    } else {
-+        rv = NULL;
-+    }
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -220,6 +223,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile)
- 
- */
- BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
-+{
-+    _gdImageGifCtx(im, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- {
- 	gdImagePtr pim = 0, tim = im;
- 	int interlace, BitsPerPixel;
-@@ -231,7 +240,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- 		based temporary image. */
- 		pim = gdImageCreatePaletteFromTrueColor(im, 1, 256);
- 		if(!pim) {
--			return;
-+			return 1;
- 		}
- 		tim = pim;
- 	}
-@@ -247,6 +256,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- 		/* Destroy palette based temporary image. */
- 		gdImageDestroy(	pim);
- 	}
-+
-+    return 0;
- }
- 
- 
-diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c
-index 271ef46..bd8fc27 100755
---- a/src/gd_jpeg.c
-+++ b/src/gd_jpeg.c
-@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo)
- 	exit(99);
- }
- 
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
-+
- /*
-  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
-  * QUALITY.  If QUALITY is in the range 0-100, increasing values
-@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageJpegCtx(im, out, quality);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageJpegCtx(im, out, quality)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -259,6 +264,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile);
- 
- */
- BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
-+{
-+	_gdImageJpegCtx(im, outfile, quality);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- {
- 	struct jpeg_compress_struct cinfo;
- 	struct jpeg_error_mgr jerr;
-@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 		if(row) {
- 			gdFree(row);
- 		}
--		return;
-+		return 1;
- 	}
- 
- 	cinfo.err->emit_message = jpeg_emit_message;
-@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 	if(row == 0) {
- 		gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n");
- 		jpeg_destroy_compress(&cinfo);
--		return;
-+		return 1;
- 	}
- 
- 	rowptr[0] = row;
-@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 	jpeg_finish_compress(&cinfo);
- 	jpeg_destroy_compress(&cinfo);
- 	gdFree(row);
-+	return 0;
- }
- 
- 
-diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c
-index 0028273..341ff6e 100755
---- a/src/gd_wbmp.c
-+++ b/src/gd_wbmp.c
-@@ -88,6 +88,8 @@ int gd_getin(void *in)
- 	return (gdGetC((gdIOCtx *)in));
- }
- 
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
-+
- /*
- 	Function: gdImageWBMPCtx
- 
-@@ -100,6 +102,12 @@ int gd_getin(void *in)
- 		out   - the stream where to write
- */
- BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
-+{
-+	_gdImageWBMPCtx(image, fg, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- {
- 	int x, y, pos;
- 	Wbmp *wbmp;
-@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- 	/* create the WBMP */
- 	if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) {
- 		gd_error("Could not create WBMP\n");
--		return;
-+		return 1;
- 	}
- 
- 	/* fill up the WBMP structure */
-@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- 
- 	/* write the WBMP to a gd file descriptor */
- 	if(writewbmp(wbmp, &gd_putout, out)) {
-+		freewbmp(wbmp);
- 		gd_error("Could not save WBMP\n");
-+		return 1;
- 	}
- 
- 	/* des submitted this bugfix: gdFree the memory. */
- 	freewbmp(wbmp);
-+
-+	return 0;
- }
- 
- /*
-@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageWBMPCtx(im, fg, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageWBMPCtx(im, fg, out)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt
-index 19964b0..a8d8162 100755
---- a/tests/jpeg/CMakeLists.txt
-+++ b/tests/jpeg/CMakeLists.txt
-@@ -2,6 +2,7 @@ IF(JPEG_FOUND)
- LIST(APPEND TESTS_FILES
- 	jpeg_empty_file
- 	jpeg_im2im
-+	jpeg_ptr_double_free
- 	jpeg_null
- )
- 
-diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am
-index 7e5d317..b89e169 100755
---- a/tests/jpeg/Makemodule.am
-+++ b/tests/jpeg/Makemodule.am
-@@ -2,7 +2,8 @@ if HAVE_LIBJPEG
- libgd_test_programs += \
- 	jpeg/jpeg_empty_file \
- 	jpeg/jpeg_im2im \
--	jpeg/jpeg_null
-+	jpeg/jpeg_null \
-+	jpeg/jpeg_ptr_double_free
- 
- if HAVE_LIBPNG
- libgd_test_programs += \
-diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c
-new file mode 100644
-index 0000000..c80aeb6
---- /dev/null
-+++ b/tests/jpeg/jpeg_ptr_double_free.c
-@@ -0,0 +1,31 @@
-+/**
-+ * Test that failure to convert to JPEG returns NULL
-+ *
-+ * We are creating an image, set its width to zero, and pass this image to
-+ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL.
-+ *
-+ * See also <https://github.com/libgd/libgd/issues/381>
-+ */
-+
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+int main()
-+{
-+    gdImagePtr src, dst;
-+    int size;
-+
-+    src = gdImageCreateTrueColor(1, 10);
-+    gdTestAssert(src != NULL);
-+
-+    src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */
-+
-+    dst = gdImageJpegPtr(src, &size, 0);
-+    gdTestAssert(dst == NULL);
-+
-+    gdImageDestroy(src);
-+
-+    return gdNumFailures();
-+}
-\ No newline at end of file
--- 
-2.17.1
-

gd-2.2.5-upstream.patch

@@ -1,62 +0,0 @@
-From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 29 Nov 2017 19:37:38 +0100
-Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx
-
-Due to a signedness confusion in `GetCode_` a corrupt GIF file can
-trigger an infinite loop.  Furthermore we make sure that a GIF without
-any palette entries is treated as invalid *after* open palette entries
-have been removed.
-
-CVE-2018-5711
-
-See also https://bugs.php.net/bug.php?id=75571.
----
- src/gd_gif_in.c             |  12 ++++++------
- tests/gif/.gitignore        |   1 +
- tests/gif/CMakeLists.txt    |   1 +
- tests/gif/Makemodule.am     |   2 ++
- tests/gif/php_bug_75571.c   |  28 ++++++++++++++++++++++++++++
- tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes
- 6 files changed, 38 insertions(+), 6 deletions(-)
- create mode 100644 tests/gif/php_bug_75571.c
- create mode 100644 tests/gif/php_bug_75571.gif
-
-diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
-index daf26e79..0a8bd717 100644
---- a/src/gd_gif_in.c
-+++ b/src/gd_gif_in.c
-@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
- 		return 0;
- 	}
- 
--	if(!im->colorsTotal) {
--		gdImageDestroy(im);
--		return 0;
--	}
--
- 	/* Check for open colors at the end, so
- 	 * we can reduce colorsTotal and ultimately
- 	 * BitsPerPixel */
-@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
- 		}
- 	}
- 
-+	if(!im->colorsTotal) {
-+		gdImageDestroy(im);
-+		return 0;
-+	}
-+
- 	return im;
- }
- 
-@@ -447,7 +447,7 @@ static int
- GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
- {
- 	int i, j, ret;
--	unsigned char count;
-+	int count;
- 
- 	if(flag) {
- 		scd->curbit = 0;
- 

gd-bug615.patch

@@ -0,0 +1,188 @@
+From 3dd0e308cbd2c24fde2fc9e9b707181252a2de95 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Tue, 5 May 2020 12:02:45 +0200
+Subject: [PATCH] Fix #615: gdImageStringFT() fails for empty strings as of
+ libgd 2.3.0 (#633)
+
+We change the return type of `textLayout()` to `ssize_t`, and signal
+failure by returning `-1`, so that laying out an empty string is no
+longer handled as failure.  We make sure that no overflow occurs,
+assuming that all `int` values can be fully represented as `ssize_t`.
+---
+ src/gdft.c                           | 18 +++++++++---------
+ tests/gdimagestringft/.gitignore     |  1 +
+ tests/gdimagestringft/CMakeLists.txt |  1 +
+ tests/gdimagestringft/Makemodule.am  |  1 +
+ tests/gdimagestringft/bug00615.c     | 25 +++++++++++++++++++++++++
+ 5 files changed, 37 insertions(+), 9 deletions(-)
+ create mode 100644 tests/gdimagestringft/bug00615.c
+
+diff --git a/src/gdft.c b/src/gdft.c
+index b483b383..186eefff 100644
+--- a/src/gdft.c
++++ b/src/gdft.c
+@@ -441,7 +441,7 @@ typedef struct {
+ 	uint32_t cluster;
+ } glyphInfo;
+ 
+-static size_t
++static ssize_t
+ textLayout(uint32_t *text, int len,
+ 		FT_Face face, gdFTStringExtraPtr strex,
+ 		glyphInfo **glyph_info)
+@@ -459,19 +459,19 @@ textLayout(uint32_t *text, int len,
+ 		!raqm_set_par_direction (rq, RAQM_DIRECTION_DEFAULT) ||
+ 		!raqm_layout (rq)) {
+ 		raqm_destroy (rq);
+-		return 0;
++		return -1;
+ 	}
+ 
+ 	glyphs = raqm_get_glyphs (rq, &count);
+ 	if (!glyphs) {
+ 		raqm_destroy (rq);
+-		return 0;
++		return -1;
+ 	}
+ 
+ 	info = (glyphInfo*) gdMalloc (sizeof (glyphInfo) * count);
+ 	if (!info) {
+ 		raqm_destroy (rq);
+-		return 0;
++		return -1;
+ 	}
+ 
+ 	for (i = 0; i < count; i++) {
+@@ -489,7 +489,7 @@ textLayout(uint32_t *text, int len,
+ 	FT_Error err;
+ 	info = (glyphInfo*) gdMalloc (sizeof (glyphInfo) * len);
+ 	if (!info) {
+-		return 0;
++		return -1;
+ 	}
+ 	for (count = 0; count < len; count++) {
+ 		/* Convert character code to glyph index */
+@@ -508,7 +508,7 @@ textLayout(uint32_t *text, int len,
+ 		err = FT_Load_Glyph (face, glyph_index, FT_LOAD_DEFAULT);
+ 		if (err) {
+ 			gdFree (info);
+-			return 0;
++			return -1;
+ 		}
+ 		info[count].index = glyph_index;
+ 		info[count].x_offset = 0;
+@@ -527,7 +527,7 @@ textLayout(uint32_t *text, int len,
+ #endif
+ 
+ 	*glyph_info = info;
+-	return count;
++	return count <= SSIZE_MAX ? count : -1;
+ }
+ 
+ /********************************************************************/
+@@ -1108,7 +1108,7 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c
+ 	char *tmpstr = 0;
+ 	uint32_t *text;
+ 	glyphInfo *info = NULL;
+-	size_t count;
++	ssize_t count;
+ 	int render = (im && (im->trueColor || (fg <= 255 && fg >= -255)));
+ 	FT_BitmapGlyph bm;
+ 	/* 2.0.13: Bob Ostermann: don't force autohint, that's just for testing
+@@ -1409,7 +1409,7 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c
+ 
+ 	count = textLayout (text , i, face, strex, &info);
+ 
+-	if (!count) {
++	if (count < 0) {
+ 		gdFree (text);
+ 		gdFree (tmpstr);
+ 		gdCacheDelete (tc_cache);
+diff --git a/tests/gdimagestringft/CMakeLists.txt b/tests/gdimagestringft/CMakeLists.txt
+index f46b9006..42868a27 100644
+--- a/tests/gdimagestringft/CMakeLists.txt
++++ b/tests/gdimagestringft/CMakeLists.txt
+@@ -1,5 +1,6 @@
+ IF(FREETYPE_FOUND)
+ LIST(APPEND TESTS_FILES
++	bug00615
+ 	gdimagestringft_bbox
+ )
+ ENDIF(FREETYPE_FOUND)
+diff --git a/tests/gdimagestringft/Makemodule.am b/tests/gdimagestringft/Makemodule.am
+index 0dfe26fb..a62081f4 100644
+--- a/tests/gdimagestringft/Makemodule.am
++++ b/tests/gdimagestringft/Makemodule.am
+@@ -1,5 +1,6 @@
+ if HAVE_LIBFREETYPE
+ libgd_test_programs += \
++	gdimagestringft/bug00615 \
+ 	gdimagestringft/gdimagestringft_bbox
+ endif
+ 
+diff --git a/tests/gdimagestringft/bug00615.c b/tests/gdimagestringft/bug00615.c
+new file mode 100644
+index 00000000..0da51dae
+--- /dev/null
++++ b/tests/gdimagestringft/bug00615.c
+@@ -0,0 +1,25 @@
++/**
++ * Test that rendering an empty string does not fail
++ *
++ * Rendering an empty string with gdImageStringFT() is not supposed to fail;
++ * it is just a no-op.
++ *
++ * See <https://github.com/libgd/libgd/issues/615>
++ */
++
++#include "gd.h"
++#include "gdtest.h"
++
++int main()
++{
++    gdImagePtr im = gdImageCreate(100, 100);
++
++    int rect[8];
++    int fg = gdImageColorAllocate(im, 255, 255, 255);
++    char *path = gdTestFilePath("freetype/DejaVuSans.ttf");
++    char *res = gdImageStringFT(im, rect, fg, path, 12, 0, 10, 10, "");
++
++    gdTestAssert(res == NULL);
++
++    return gdNumFailures();
++}
+From 0be6aec0fe11dce8b8a5674eea5ee23bc700042e Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 15 Jul 2020 08:56:08 +0200
+Subject: [PATCH] Fix #615 using libraqm and avoid unneeded free
+
+---
+ src/gdft.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/gdft.c b/src/gdft.c
+index 186eefff..7eb97077 100644
+--- a/src/gdft.c
++++ b/src/gdft.c
+@@ -449,6 +449,10 @@ textLayout(uint32_t *text, int len,
+ 	size_t count;
+ 	glyphInfo *info;
+ 
++	if (!len) {
++		return 0;
++	}
++
+ #ifdef HAVE_LIBRAQM
+ 	size_t i;
+ 	raqm_glyph_t *glyphs;
+@@ -1566,7 +1570,9 @@ BGD_DECLARE(char *) gdImageStringFTEx (gdImage * im, int *brect, int fg, const c
+ 	}
+ 
+ 	gdFree(text);
+-	gdFree(info);
++	if (info) {
++		gdFree(info);
++	}
+ 
+ 	/* Save the (unkerned) advance from the last character in the xshow vector */
+ 	if (strex && (strex->flags & gdFTEX_XSHOW) && strex->xshow) {

gd.spec

@@ -1,15 +1,11 @@
-# requested by https://bugzilla.redhat.com/1468338
-# this break gdimagefile/gdnametest:
-#   gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.gif
-#   gdimagefile/gdnametest.c:122: 255 pixels different on /tmp/gdtest.CrpdIb/img.GIF
-#   FAIL gdimagefile/gdnametest (exit status: 2)
-%global  with_liq   0
+%global  with_liq   1
+%global  with_raqm  1
 
 
 Summary:       A graphics library for quick creation of PNG or JPEG images
 Name:          gd
-Version:       2.2.5
-Release:       10%{?prever}%{?short}%{?dist}
+Version:       2.3.0
+Release:       3%{?prever}%{?short}%{?dist}
 License:       MIT
 URL:           http://libgd.github.io/
 %if 0%{?commit:1}
@@ -19,16 +15,10 @@ Source0:       libgd-%{version}-%{commit}.tgz
 %else
 Source0:       https://github.com/libgd/libgd/releases/download/gd-%{version}/libgd-%{version}.tar.xz
 %endif
+# Missing, temporary workaround, fixed upstream for next version
+Source1:       https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh
 
-Patch1:        gd-2.1.0-multilib.patch
-# CVE-2018-5711 - https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
-Patch2:        gd-2.2.5-upstream.patch
-# CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
-Patch3:        gd-2.2.5-gdImageBmpPtr-double-free.patch
-# CVE-2019-6977
-Patch4:        gd-2.2.5-heap-based-buffer-overflow.patch
-# CVE-2019-6978
-Patch5:        gd-2.2.5-potential-double-free.patch
+Patch0:        gd-bug615.patch
 
 BuildRequires: freetype-devel
 BuildRequires: fontconfig-devel
@@ -40,6 +30,9 @@ BuildRequires: libwebp-devel
 %if %{with_liq}
 BuildRequires: libimagequant-devel
 %endif
+%if %{with_raqm}
+BuildRequires: libraqm-devel
+%endif
 BuildRequires: libX11-devel
 BuildRequires: libXpm-devel
 BuildRequires: zlib-devel
@@ -47,9 +40,9 @@ BuildRequires: pkgconfig
 BuildRequires: libtool
 BuildRequires: perl-interpreter
 BuildRequires: perl-generators
+BuildRequires: perl(FindBin)
 # for fontconfig/basic test
 BuildRequires: liberation-sans-fonts
-BuildRequires: libimagequant-devel
 
 
 %description
@@ -82,7 +75,13 @@ Requires: libwebp-devel%{?_isa}
 Requires: libX11-devel%{?_isa}
 Requires: libXpm-devel%{?_isa}
 Requires: zlib-devel%{?_isa}
+%if %{with_liq}
 Requires: libimagequant-devel%{?_isa}
+%endif
+%if %{with_raqm}
+Requires: libraqm-devel
+%endif
+
 
 %description devel
 The gd-devel package contains the development libraries and header
@@ -91,11 +90,8 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
 
 %prep
 %setup -q -n libgd-%{version}%{?prever:-%{prever}}
-%patch1 -p1 -b .mlib
-%patch2 -p1 -b .upstream
-%patch3 -p1 -b .gdImageBmpPtr-free
-%patch4 -p1
-%patch5 -p1
+%patch0 -p1
+install -m 0755 %{SOURCE1} config/
 
 : $(perl config/getver.pl)
 
@@ -140,6 +136,14 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a
 
 
 %check
+# minor diff in size
+XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox"
+%ifarch s390x
+XFAIL_TESTS="gdimagestring16/gdimagestring16 gdimagestringup16/gdimagestringup16 $XFAIL_TESTS"
+%endif
+
+export XFAIL_TESTS
+
 : Upstream test suite
 make check
 
@@ -157,16 +161,33 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
 
 %files progs
 %{_bindir}/*
-%exclude %{_bindir}/gdlib-config
 
 %files devel
-%{_bindir}/gdlib-config
 %{_includedir}/*
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/gdlib.pc
 
 
 %changelog
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 15 2020 Remi Collet <remi@remirepo.net> - 2.3.0-2
+- fix gdImageStringFT() fails for empty strings
+  https://github.com/libgd/libgd/issues/615
+
+* Tue Mar 24 2020 Remi Collet <remi@remirepo.net> - 2.3.0-1
+- update to 2.3.0
+- add dependency on libraqm
+- remove gdlib-config
+
+* Fri Jan 31 2020 Filip Januš <fjanus@redhat.com> - 2.2.5-12
+- Add patch(gd-2.2.5-null-pointer.patch) - fix Null pointer reference in gdImageClone (gdImagePtr src)
+- Resolves: #1599032
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
 * Fri Nov 01 2019 odubaj@redhat.com - 2.2.5-10
 - Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch()
 - Resolves: RHBZ#1678104 (CVE-2019-6977)

getlib.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+GETVER="${0%/*}/getver.pl"
+GDLIB_MAJOR=$("${GETVER}" MAJOR)
+GDLIB_MINOR=$("${GETVER}" MINOR)
+GDLIB_REVISION=$("${GETVER}" RELEASE)
+
+# Dynamic library version information
+# See http://www.gnu.org/software/libtool/manual/libtool.html#Updating-version-info
+
+GDLIB_LT_CURRENT=3
+# This is the version where the soname (current above) changes.  We use it
+# to reset the revision base back to zero.  It's a bit of a pain, but some
+# systems restrict the revision range below to [0..255] (like OS X).
+GDLIB_PREV_MAJOR=2
+GDLIB_PREV_MINOR=2
+# This isn't 100% correct, but it tends to be a close enough approximation
+# for how we manage the codebase.  It's rare to do a release that doesn't
+# modify the library since this project is centered around the library.
+GDLIB_LT_REVISION=$(( ((GDLIB_MAJOR - GDLIB_PREV_MAJOR) << 6) | ((GDLIB_MINOR - GDLIB_PREV_MINOR) << 3) | GDLIB_REVISION ))
+GDLIB_LT_AGE=0
+
+# The first three fields we feed into libtool and the OS target determines how
+# they get used.  The last two fields we feed into cmake.  We use the same rules
+# as Linux SONAME versioning in libtool, but cmake should handle it for us.
+case $1 in
+CURRENT)
+	printf '%s' "${GDLIB_LT_CURRENT}"
+	;;
+REVISION)
+	printf '%s' "${GDLIB_LT_REVISION}"
+	;;
+AGE)
+	printf '%s' "${GDLIB_LT_AGE}"
+	;;
+VERSION)
+	printf '%s' "$(( GDLIB_LT_CURRENT - GDLIB_LT_AGE )).${GDLIB_LT_AGE}.${GDLIB_LT_REVISION}"
+	;;
+SONAME)
+	printf '%s' "$(( GDLIB_LT_CURRENT - GDLIB_LT_AGE ))"
+	;;
+esac

sources

@@ -1 +1 @@
-SHA512 (libgd-2.2.5.tar.xz) = 946675b0a9dbecdee3dda927d496a35d6b5b071d3252a82cd649db0d959a82fcc65ce067ec34d07eed0e0497cd92cc0d93803609a4854f42d284e950764044d0
+SHA512 (libgd-2.3.0.tar.xz) = 5b201d22560e147a3d5471010b898ad0268c3a2453b870d1267b6ba92e540cf9f75099336c1ab08217e41827ac86fe04525726bf29ad117e5dcbaef9a8d0622a