Bug 15185

Summary: Proposed version bump for libgd (2.1.1)
Product: Mageia Reporter: Oden Eriksson <oe>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: luigiwalser
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/libgd/libgd/blob/master/ChangeLog
Whiteboard:
Source RPM: libgd CVE:
Status comment:

Description Oden Eriksson 2015-02-02 10:56:48 CET
libgd-2.1.1 was released Wed 14 January 2015 and contains a lot of bugfixes.

https://github.com/libgd/libgd/blob/master/ChangeLog

According to https://bugzilla.redhat.com/show_bug.cgi?id=1076676#c33 there's important fixes in the 2.1.1 release. Some bugfixes seems to be security related by reading the ChangeLog.

I propose to upgrade libgd-2.1.0 to libgd-2.1.1 for mga5. The 2.1.1 version is already in svn but needs someobne to submit it.

I will take care of rebuilding the packages linking to the libgd library as a precaution.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-02-02 14:38:11 CET
Just in case you didn't see my response on the mailing list, repeating it here:

I have no objection to this, I just wanted to say a few things:
- there is a security-related fix in 2.1.1, but I already added the patch
- Fedora's comment is irrelevant, they added a bad patch, but I had the good
  upstream one all along that they eventually switched to
- that fix came from a PHP bug.  We also have another patch from a PHP bug in
  the package.  Why has that one not gone upstream?
- speaking of that patch, you didn't need to rename it since it didn't change,
  and you should use svn mv if you do rename a patch

CC: (none) => luigiwalser

Comment 2 Oden Eriksson 2015-02-13 11:04:32 CET
For reference. All patches applied to libgd-2.1.0-8.mga5.src.rpm has been applied upstream to the 2.1.1 version or is redundant except the libgd-2.1.1-phpbug65070.diff patch that got rediffed.
Comment 3 David Walser 2015-02-16 13:44:17 CET
Fixed in libgd-2.1.1-1.mga5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED