From 90c88731bd036e5698b281fbc0a5f3aa4c9983ac Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 29 Jun 2020 11:38:31 +0100
Subject: gentoo resync : 29.06.2020

---
 media-libs/gd/Manifest                             |   9 -
 .../gd/files/gd-2.2.5-CVE-2018-1000222.patch       |  73 ------
 media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch   | 124 ---------
 media-libs/gd/files/gd-2.2.5-CVE-2019-6977.patch   |  28 ---
 media-libs/gd/files/gd-2.2.5-CVE-2019-6978.patch   | 278 ---------------------
 media-libs/gd/files/gd-2.2.5-ossfuzz5700.patch     | 103 --------
 media-libs/gd/gd-2.2.5-r2.ebuild                   |  98 --------
 7 files changed, 713 deletions(-)
 delete mode 100644 media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch
 delete mode 100644 media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch
 delete mode 100644 media-libs/gd/files/gd-2.2.5-CVE-2019-6977.patch
 delete mode 100644 media-libs/gd/files/gd-2.2.5-CVE-2019-6978.patch
 delete mode 100644 media-libs/gd/files/gd-2.2.5-ossfuzz5700.patch
 delete mode 100644 media-libs/gd/gd-2.2.5-r2.ebuild

(limited to 'media-libs/gd')

diff --git a/media-libs/gd/Manifest b/media-libs/gd/Manifest
index 468a342ff156..07812169e19f 100644
--- a/media-libs/gd/Manifest
+++ b/media-libs/gd/Manifest
@@ -1,15 +1,6 @@
-AUX gd-2.2.5-CVE-2018-1000222.patch 2491 BLAKE2B 492923989fe07fa6993fd9ac7d234d8777b944e45cbce5f92aaf5bc53bd1502039ff75937e829f1ad6bceac8813bf68704a42d3688401a3b55fdfcd19649a533 SHA512 d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b
-AUX gd-2.2.5-CVE-2018-5711.patch 3225 BLAKE2B f3e22fa172bb6d07a7bc1da59e25efed81afca5c65cf9dd20b1df286f11eee95be2e61fd094c2c568ec2c940372677553f4c3161e149c1ec294f90f35c3d3832 SHA512 4c8d756079cf4a5c856516ad3ad76c3913c26c3762064e564fd159a0f0b7c2d510f9e83353f89227238dbdb674e82e33ee6121a39a54222c6d67f1b8111a9d14
-AUX gd-2.2.5-CVE-2019-6977.patch 1167 BLAKE2B 7ec6fbd6c7a4841915d968558e8f8c647b873ece655e884661af1afe5732df66520de7b0c096c0faac5af57764fd0a8c6e9e83af155d93c3db74636944ff15d7 SHA512 5214ac4148c618f3fef3bb3b6675e41a76e31465cd8dac326ee99dc1ae4cfe760749997d2941743efa48e79b8dbdb536d6b6d79d9bc4e5363f2c50da52ab5cac
-AUX gd-2.2.5-CVE-2019-6978.patch 7852 BLAKE2B 2d9ced220950994fe3977c0ddbb3bf234fbc0912515ee1eb7e6f98510aabd4163b33ac4f0ccd4336538b20c27dea4f625a3e56ec865fe4bce610f7382415db42 SHA512 2a890d8b0c923e59b3d1b054f92999a48d7fa7065f64fdecc7bf80f719e5e10150a34549059a8edf13fba45c76c68be3ca698f38be0411cb2b9978daa2db3899
-AUX gd-2.2.5-ossfuzz5700.patch 2680 BLAKE2B 55beecdf63e280ab54b83b214d704bccc83a6779b650b4b6f31b3d6989deadaa179d4e733f0b07a4ee8aac5be043879619924ed21c0b6ede300b804783aded31 SHA512 cfac2479729105a9ed0200191b9e9a47e3e1962d4d9b0f811bc94006a79e9ac08ddb6ed424f60e8626c44e7316f0c1747de49e26890d5b454c8206fa22a65530
 AUX gd-2.3.0-disable-flaky-tests.patch 792 BLAKE2B 81d4d56f0365e51fd1f406f3f27cd788a670bc091e13c8d39e8fb8234dd934896d6161940e010e2c0118000a36012bc2f878674a7409bcc19662686afaf99cb3 SHA512 285c542ca60f25597c29c040c95bd1885dbd3c29d3c1af52123646bc06abbd271bd37d4dedc1fc0bb218a84063814c8d8176a30c1da8a19445064469e26a5ea6
 AUX gd-2.3.0-fix-tests-bug722448.patch 2231 BLAKE2B 629caa9cd7dbd63cab93c97466921ee9131c5542618fdb5ce772a9b1bd3fcf2e64f93da999ca9011917cf8e726cae914c76529eca1a24cd2c31f55c4e75aaa7c SHA512 6d66af4e5d70e1e919f81bf0fd7261bd13216da4873927826d5c4925cf1673a9a3e98d588f693bab7505ee02e7a231c19687e27c1efc1a606bab3b3ab20a93dd
 AUX gd-2.3.0-getlib.patch 2848 BLAKE2B 308577a8fce5b764cf96139d21d4aa6a6deb86244d0b858f520da1835547853d693f7c71621222744fe438f393aaaefa1fc6316ef27442a426af09df95c0faa2 SHA512 24d4774af36ca832504063c8327ff9a84956ae1a48cda3ef6f27d819e8a18b31a9083f2ce6d2587d5acb237d8c96c3d68cfe8eb8350a10715c15d16aca1cf37c
-DIST libgd-2.2.5-ossfuzz5700.dat 30 BLAKE2B 5ddd3d2be2adf05e1e2eb1852cc689be57d4d77c57b471e8b6021877f2fb137d15b4c73445fbb23a9ed585974a96dd154759a48712c1e7b5bdc5750d534aee4a SHA512 2394e92ff7a42c818e13a1ac9ad15bc81aa401adc917366ec8c440bb7f27a63777ab059aa03c501dafef0ac16b462dd23c7fb9f8086ce558203384a98a235fff
-DIST libgd-2.2.5-php_bug_75571.dat 1731 BLAKE2B 4b5d3f258b73e8089ede1b2c9f538855f410965a9e01e1f3f151ae52f072036172b184bd1a4d07b8355bb974bf088bebb0e812175a277bb67926274272bd80a0 SHA512 b3048640ce7828cca7901fadc989e867cfc6d31b44c0f5a1bda54d7428f317c8c8fc6403fef301e193869a95eb46eb7195d47710ec7f8c507ba049cb6cdcb281
-DIST libgd-2.2.5.tar.xz 2594092 BLAKE2B 222a7e012fbf9924ac391ee96c7cd3dec96afd78c6d43dfb680b33e7143e7df87fe6be75bbfe8fb93e916302d7daf08271214c84da28712e93a36465566cb2bd SHA512 e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b
 DIST libgd-2.3.0.tar.xz 2539188 BLAKE2B a90f48be959d1bb6774ec44960e191b8be134ff3e74401eba4cbf9b165c72665f3dffe3beaaf92fa6069e0ef79533be5d57a5946a1839f55446072fa322ed808 SHA512 5b201d22560e147a3d5471010b898ad0268c3a2453b870d1267b6ba92e540cf9f75099336c1ab08217e41827ac86fe04525726bf29ad117e5dcbaef9a8d0622a
-EBUILD gd-2.2.5-r2.ebuild 3116 BLAKE2B 6d8149681eb1b178de4b816891602bc9eb978b7b05ff34ee84d3f9fa3c5f9c375a674f172bbf73d75fc148f30468aa108b992c9e1a9053f7ea4563d4f46b83c9 SHA512 0ac9ce9ba782762ce5c8c935edcc89270b7046a3e3b51078eddd1372bfe6ba9844226015c9b0c207b3670959652a4bb8f93ba0f9bf1bb1c5275e887c79efdea6
 EBUILD gd-2.3.0.ebuild 2546 BLAKE2B ddaa75cd04902204a36ddf712064bd542e4c2e16e59fb21e296bf081e7e13ba6311e52ed0dd2c0c36f4a83a79a35ebb83627afa815ed0d767c0a8abf730b0237 SHA512 643ba24e91561046794da0f4f9d07db97e7726cb9c61cb6b1d22a1ffd0d4c8b04cb2f4fc5a11d1d9e82c5a219e91befcbc745dbe9a619e5a730d0e81374d30b8
 MISC metadata.xml 1415 BLAKE2B eebc7a74a8d70d6d8c8eda0f59a752ce1f2589dfa0ab0df358a1fc0fbb843b285a270e626d1cd27f29b51ea46825184dfbfc9c4c252baed5092d2ab8cc33c0a4 SHA512 38aef9d6c1ad8b510a28aa54ed7d93c96d755fddc7a2693a6ab4667a38667ab37ba5eddce534f52e43c1ce9abe576ab4adefb2c17c64ff90ce1d24f44ae58cb6
diff --git a/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch b/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch
deleted file mode 100644
index 80f9712bf8e3..000000000000
--- a/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 14 Jul 2018 13:54:08 -0400
-Subject: [PATCH] bmp: check return value in gdImageBmpPtr
-
-Closes #447.
----
- src/gd_bmp.c | 17 ++++++++++++++---
- 1 file changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index bde0b9d3..78f40d9a 100644
---- a/src/gd_bmp.c
-+++ b/src/gd_bmp.c
-@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
- static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
- static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
- 
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
-+
- #define BMP_DEBUG(s)
- 
- static int gdBMPPutWord(gdIOCtx *out, int w)
-@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageBmpCtx(im, out, compression);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageBmpCtx(im, out, compression))
-+		rv = gdDPExtractData(out, size);
-+	else
-+		rv = NULL;
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
- 		compression - whether to apply RLE or not.
- */
- BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
-+{
-+	_gdImageBmpCtx(im, out, compression);
-+}
-+
-+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- {
- 	int bitmap_size = 0, info_size, total_size, padding;
- 	int i, row, xpos, pixel;
-@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
- 	FILE *tmpfile_for_compression = NULL;
- 	gdIOCtxPtr out_original = NULL;
-+	int ret = 1;
- 
- 	/* No compression if its true colour or we don't support seek */
- 	if (im->trueColor) {
-@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 		out_original = NULL;
- 	}
- 
-+	ret = 0;
- cleanup:
- 	if (tmpfile_for_compression) {
- #ifdef _WIN32
-@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
- 	if (out_original) {
- 		out_original->gd_free(out_original);
- 	}
--	return;
-+	return ret;
- }
- 
- static int compress_row(unsigned char *row, int length)
diff --git a/media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch b/media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch
deleted file mode 100644
index 6d9de06998a4..000000000000
--- a/media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 29 Nov 2017 19:37:38 +0100
-Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx
-
-Due to a signedness confusion in `GetCode_` a corrupt GIF file can
-trigger an infinite loop.  Furthermore we make sure that a GIF without
-any palette entries is treated as invalid *after* open palette entries
-have been removed.
-
-CVE-2018-5711
-
-See also https://bugs.php.net/bug.php?id=75571.
----
- src/gd_gif_in.c             |  12 ++++++------
- tests/gif/CMakeLists.txt    |   1 +
- tests/gif/Makemodule.am     |   2 ++
- tests/gif/php_bug_75571.c   |  28 ++++++++++++++++++++++++++++
- tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes
- 6 files changed, 38 insertions(+), 6 deletions(-)
- create mode 100644 tests/gif/php_bug_75571.c
-
-diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
-index daf26e79..0a8bd717 100644
---- a/src/gd_gif_in.c
-+++ b/src/gd_gif_in.c
-@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
- 		return 0;
- 	}
- 
--	if(!im->colorsTotal) {
--		gdImageDestroy(im);
--		return 0;
--	}
--
- 	/* Check for open colors at the end, so
- 	 * we can reduce colorsTotal and ultimately
- 	 * BitsPerPixel */
-@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
- 		}
- 	}
- 
-+	if(!im->colorsTotal) {
-+		gdImageDestroy(im);
-+		return 0;
-+	}
-+
- 	return im;
- }
- 
-@@ -447,7 +447,7 @@ static int
- GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
- {
- 	int i, j, ret;
--	unsigned char count;
-+	int count;
- 
- 	if(flag) {
- 		scd->curbit = 0;
-diff --git a/tests/gif/CMakeLists.txt b/tests/gif/CMakeLists.txt
-index 2b73749e..e58e6b09 100644
---- a/tests/gif/CMakeLists.txt
-+++ b/tests/gif/CMakeLists.txt
-@@ -4,6 +4,7 @@ LIST(APPEND TESTS_FILES
- 	bug00227
- 	gif_null
- 	ossfuzz5700
-+	php_bug_75571
- 	uninitialized_memory_read
- )
- 
-diff --git a/tests/gif/Makemodule.am b/tests/gif/Makemodule.am
-index 3199438f..5dbeac53 100644
---- a/tests/gif/Makemodule.am
-+++ b/tests/gif/Makemodule.am
-@@ -4,6 +4,7 @@ libgd_test_programs += \
- 	gif/bug00227 \
- 	gif/gif_null \
- 	gif/ossfuzz5700 \
-+	gif/php_bug_75571 \
- 	gif/uninitialized_memory_read
- 
- if HAVE_LIBPNG
-@@ -26,4 +27,5 @@ EXTRA_DIST += \
- 	gif/bug00066.gif \
- 	gif/bug00066_exp.png \
- 	gif/ossfuzz5700.gif \
-+	gif/php_bug_75571.gif \
- 	gif/unitialized_memory_read.gif
-diff --git a/tests/gif/php_bug_75571.c b/tests/gif/php_bug_75571.c
-new file mode 100644
-index 00000000..d4fae3ae
---- /dev/null
-+++ b/tests/gif/php_bug_75571.c
-@@ -0,0 +1,28 @@
-+/**
-+ * Test that GIF reading does not loop infinitely
-+ * 
-+ * We are reading a crafted GIF image which has been truncated.  This would
-+ * trigger an infinite loop formerly, but know bails out early, returning
-+ * NULL from gdImageCreateFromGif().
-+ *
-+ * See also https://bugs.php.net/bug.php?id=75571.
-+ */
-+
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+int main()
-+{
-+    gdImagePtr im;
-+    FILE *fp;
-+
-+    fp = gdTestFileOpen2("gif", "php_bug_75571.gif");
-+    gdTestAssert(fp != NULL);
-+    im = gdImageCreateFromGif(fp);
-+    gdTestAssert(im == NULL);
-+    fclose(fp);
-+
-+    return gdNumFailures();
-+}
-
diff --git a/media-libs/gd/files/gd-2.2.5-CVE-2019-6977.patch b/media-libs/gd/files/gd-2.2.5-CVE-2019-6977.patch
deleted file mode 100644
index 0b67a596c6bc..000000000000
--- a/media-libs/gd/files/gd-2.2.5-CVE-2019-6977.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Description: Heap-based buffer overflow in gdImageColorMatch
-Origin: other, https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
-Bug-PHP: https://bugs.php.net/bug.php?id=77270
-Bug-Debian: https://bugs.debian.org/920645
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-6977
-Forwarded: no
-Author: "Christoph M. Becker" <cmbecker69@gmx.de>
-Last-Update: 2019-02-01
-
-At least some of the image reading functions may return images which
-use color indexes greater than or equal to im->colorsTotal.  We cater
-to this by always using a buffer size which is sufficient for
-`gdMaxColors` in `gdImageColorMatch()`.
----
-
---- a/src/gd_color_match.c
-+++ b/src/gd_color_match.c
-@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm
- 		return -4; /* At least 1 color must be allocated */
- 	}
- 
--	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
--	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
-+	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
-+	memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
- 
- 	for (x=0; x < im1->sx; x++) {
- 		for( y=0; y<im1->sy; y++ ) {
diff --git a/media-libs/gd/files/gd-2.2.5-CVE-2019-6978.patch b/media-libs/gd/files/gd-2.2.5-CVE-2019-6978.patch
deleted file mode 100644
index 2eb9369a0bad..000000000000
--- a/media-libs/gd/files/gd-2.2.5-CVE-2019-6978.patch
+++ /dev/null
@@ -1,278 +0,0 @@
-From 553702980ae89c83f2d6e254d62cf82e204956d0 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Thu, 17 Jan 2019 11:54:55 +0100
-Subject: [PATCH] Fix #492: Potential double-free in gdImage*Ptr()
-
-Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we
-must not call `gdDPExtractData()`; otherwise a double-free would
-happen.  Since `gdImage*Ctx()` are void functions, and we can't change
-that for BC reasons, we're introducing static helpers which are used
-internally.
-
-We're adding a regression test for `gdImageJpegPtr()`, but not for
-`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to
-trigger failure of the respective `gdImage*Ctx()` calls.
-
-This potential security issue has been reported by Solmaz Salimi (aka.
-Rooney).
----
- src/gd_gif_out.c                  | 18 +++++++++++++++---
- src/gd_jpeg.c                     | 20 ++++++++++++++++----
- src/gd_wbmp.c                     | 21 ++++++++++++++++++---
- tests/jpeg/CMakeLists.txt         |  1 +
- tests/jpeg/Makemodule.am          |  3 ++-
- tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++
- 7 files changed, 84 insertions(+), 11 deletions(-)
- create mode 100644 tests/jpeg/jpeg_ptr_double_free.c
-
-diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c
-index 298a5812..d5a95346 100644
---- a/src/gd_gif_out.c
-+++ b/src/gd_gif_out.c
-@@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx);
- static void char_out(int c, GifCtx *ctx);
- static void flush_char(GifCtx *ctx);
- 
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out);
- 
- 
- 
-@@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageGifCtx(im, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageGifCtx(im, out)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -220,6 +224,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile)
- 
- */
- BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
-+{
-+	_gdImageGifCtx(im, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- {
- 	gdImagePtr pim = 0, tim = im;
- 	int interlace, BitsPerPixel;
-@@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- 		based temporary image. */
- 		pim = gdImageCreatePaletteFromTrueColor(im, 1, 256);
- 		if(!pim) {
--			return;
-+			return 1;
- 		}
- 		tim = pim;
- 	}
-@@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
- 		/* Destroy palette based temporary image. */
- 		gdImageDestroy(	pim);
- 	}
-+
-+	return 0;
- }
- 
- 
-diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c
-index fc058420..96ef4302 100644
---- a/src/gd_jpeg.c
-+++ b/src/gd_jpeg.c
-@@ -117,6 +117,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo)
- 	exit(99);
- }
- 
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
-+
- /*
-  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
-  * QUALITY.  If QUALITY is in the range 0-100, increasing values
-@@ -231,8 +233,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageJpegCtx(im, out, quality);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageJpegCtx(im, out, quality)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-@@ -253,6 +258,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile);
- 
- */
- BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
-+{
-+	_gdImageJpegCtx(im, outfile, quality);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- {
- 	struct jpeg_compress_struct cinfo;
- 	struct jpeg_error_mgr jerr;
-@@ -287,7 +298,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 		if(row) {
- 			gdFree(row);
- 		}
--		return;
-+		return 1;
- 	}
- 
- 	cinfo.err->emit_message = jpeg_emit_message;
-@@ -328,7 +339,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 	if(row == 0) {
- 		gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n");
- 		jpeg_destroy_compress(&cinfo);
--		return;
-+		return 1;
- 	}
- 
- 	rowptr[0] = row;
-@@ -405,6 +416,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
- 	jpeg_finish_compress(&cinfo);
- 	jpeg_destroy_compress(&cinfo);
- 	gdFree(row);
-+	return 0;
- }
- 
- 
-diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c
-index f19a1c96..a49bdbec 100644
---- a/src/gd_wbmp.c
-+++ b/src/gd_wbmp.c
-@@ -88,6 +88,8 @@ int gd_getin(void *in)
- 	return (gdGetC((gdIOCtx *)in));
- }
- 
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
-+
- /*
- 	Function: gdImageWBMPCtx
- 
-@@ -100,6 +102,12 @@ int gd_getin(void *in)
- 		out   - the stream where to write
- */
- BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
-+{
-+	_gdImageWBMPCtx(image, fg, out);
-+}
-+
-+/* returns 0 on success, 1 on failure */
-+static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- {
- 	int x, y, pos;
- 	Wbmp *wbmp;
-@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- 	/* create the WBMP */
- 	if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) {
- 		gd_error("Could not create WBMP\n");
--		return;
-+		return 1;
- 	}
- 
- 	/* fill up the WBMP structure */
-@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
- 
- 	/* write the WBMP to a gd file descriptor */
- 	if(writewbmp(wbmp, &gd_putout, out)) {
-+		freewbmp(wbmp);
- 		gd_error("Could not save WBMP\n");
-+		return 1;
- 	}
- 
- 	/* des submitted this bugfix: gdFree the memory. */
- 	freewbmp(wbmp);
-+
-+	return 0;
- }
- 
- /*
-@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg)
- 	void *rv;
- 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
- 	if (out == NULL) return NULL;
--	gdImageWBMPCtx(im, fg, out);
--	rv = gdDPExtractData(out, size);
-+	if (!_gdImageWBMPCtx(im, fg, out)) {
-+		rv = gdDPExtractData(out, size);
-+	} else {
-+		rv = NULL;
-+	}
- 	out->gd_free(out);
- 	return rv;
- }
-diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt
-index 19964b0c..a8d8162f 100644
---- a/tests/jpeg/CMakeLists.txt
-+++ b/tests/jpeg/CMakeLists.txt
-@@ -2,6 +2,7 @@ IF(JPEG_FOUND)
- LIST(APPEND TESTS_FILES
- 	jpeg_empty_file
- 	jpeg_im2im
-+	jpeg_ptr_double_free
- 	jpeg_null
- )
- 
-diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am
-index 7e5d317b..b89e1695 100644
---- a/tests/jpeg/Makemodule.am
-+++ b/tests/jpeg/Makemodule.am
-@@ -2,7 +2,8 @@ if HAVE_LIBJPEG
- libgd_test_programs += \
- 	jpeg/jpeg_empty_file \
- 	jpeg/jpeg_im2im \
--	jpeg/jpeg_null
-+	jpeg/jpeg_null \
-+	jpeg/jpeg_ptr_double_free
- 
- if HAVE_LIBPNG
- libgd_test_programs += \
-diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c
-new file mode 100644
-index 00000000..df5a510b
---- /dev/null
-+++ b/tests/jpeg/jpeg_ptr_double_free.c
-@@ -0,0 +1,31 @@
-+/**
-+ * Test that failure to convert to JPEG returns NULL
-+ *
-+ * We are creating an image, set its width to zero, and pass this image to
-+ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL.
-+ *
-+ * See also <https://github.com/libgd/libgd/issues/381>
-+ */
-+
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+int main()
-+{
-+    gdImagePtr src, dst;
-+    int size;
-+
-+    src = gdImageCreateTrueColor(1, 10);
-+    gdTestAssert(src != NULL);
-+
-+    src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */
-+
-+    dst = gdImageJpegPtr(src, &size, 0);
-+    gdTestAssert(dst == NULL);
-+
-+    gdImageDestroy(src);
-+
-+    return gdNumFailures();
-+}
diff --git a/media-libs/gd/files/gd-2.2.5-ossfuzz5700.patch b/media-libs/gd/files/gd-2.2.5-ossfuzz5700.patch
deleted file mode 100644
index 891c232115ec..000000000000
--- a/media-libs/gd/files/gd-2.2.5-ossfuzz5700.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 9fa3abd2e61da18ed2b889704e4e252f0f5a95fe Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Fri, 26 Jan 2018 01:57:52 -0500
-Subject: [PATCH] gif: fix out-of-bounds read w/corrupted lzw data
-
-oss-fuzz pointed out:
-gd_gif_in.c:605:16: runtime error: index 5595 out of bounds for type 'int [4096]'
-
-Add some bounds checking on each code that we read from the file.
----
- src/gd_gif_in.c           |   8 ++++++++
- tests/gif/CMakeLists.txt  |   3 ++-
- tests/gif/Makemodule.am   |   2 ++
- tests/gif/ossfuzz5700.c   |  13 +++++++++++++
- tests/gif/ossfuzz5700.gif | Bin 0 -> 30 bytes
- 6 files changed, 26 insertions(+), 1 deletion(-)
- create mode 100644 tests/gif/ossfuzz5700.c
-
-diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
-index afc08bf7..daf26e79 100644
---- a/src/gd_gif_in.c
-+++ b/src/gd_gif_in.c
-@@ -601,6 +601,10 @@ LWZReadByte_(gdIOCtx *fd, LZW_STATIC_DATA *sd, char flag, int input_code_size, i
- 				/* Bad compressed data stream */
- 				return -1;
- 			}
-+			if(code >= (1 << MAX_LWZ_BITS)) {
-+				/* Corrupted code */
-+				return -1;
-+			}
- 
- 			*sd->sp++ = sd->table[1][code];
- 
-@@ -610,6 +614,10 @@ LWZReadByte_(gdIOCtx *fd, LZW_STATIC_DATA *sd, char flag, int input_code_size, i
- 
- 			code = sd->table[0][code];
- 		}
-+		if(code >= (1 << MAX_LWZ_BITS)) {
-+			/* Corrupted code */
-+			return -1;
-+		}
- 
- 		*sd->sp++ = sd->firstcode = sd->table[1][code];
- 
-diff --git a/tests/gif/CMakeLists.txt b/tests/gif/CMakeLists.txt
-index 7d40cddc..2b73749e 100644
---- a/tests/gif/CMakeLists.txt
-+++ b/tests/gif/CMakeLists.txt
-@@ -3,6 +3,8 @@ LIST(APPEND TESTS_FILES
- 	bug00181
- 	bug00227
- 	gif_null
-+	ossfuzz5700
-+	uninitialized_memory_read
- )
- 
- IF(PNG_FOUND)
-@@ -12,7 +14,6 @@ LIST(APPEND TESTS_FILES
- 	bug00060
- 	bug00066
- 	gif_im2im
--	uninitialized_memory_read
- )
- ENDIF(PNG_FOUND)
- 
-diff --git a/tests/gif/Makemodule.am b/tests/gif/Makemodule.am
-index 0bdeab7e..3199438f 100644
---- a/tests/gif/Makemodule.am
-+++ b/tests/gif/Makemodule.am
-@@ -3,6 +3,7 @@ libgd_test_programs += \
- 	gif/bug00181 \
- 	gif/bug00227 \
- 	gif/gif_null \
-+	gif/ossfuzz5700 \
- 	gif/uninitialized_memory_read
- 
- if HAVE_LIBPNG
-@@ -24,4 +25,5 @@ EXTRA_DIST += \
- 	gif/bug00060.gif \
- 	gif/bug00066.gif \
- 	gif/bug00066_exp.png \
-+	gif/ossfuzz5700.gif \
- 	gif/unitialized_memory_read.gif
-diff --git a/tests/gif/ossfuzz5700.c b/tests/gif/ossfuzz5700.c
-new file mode 100644
-index 00000000..8fc9f88c
---- /dev/null
-+++ b/tests/gif/ossfuzz5700.c
-@@ -0,0 +1,13 @@
-+#include <stdio.h>
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+int main()
-+{
-+	gdImagePtr im;
-+	FILE *fp = gdTestFileOpen("gif/ossfuzz5700.gif");
-+	im = gdImageCreateFromGif(fp);
-+	fclose(fp);
-+	gdImageDestroy(im);
-+	return 0;
-+}
-
diff --git a/media-libs/gd/gd-2.2.5-r2.ebuild b/media-libs/gd/gd-2.2.5-r2.ebuild
deleted file mode 100644
index b4896640b7bd..000000000000
--- a/media-libs/gd/gd-2.2.5-r2.ebuild
+++ /dev/null
@@ -1,98 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools flag-o-matic multilib-minimal
-
-DESCRIPTION="Graphics library for fast image creation"
-HOMEPAGE="https://libgd.org/ https://www.boutell.com/gd/"
-SRC_URI="https://github.com/libgd/libgd/releases/download/${P}/lib${P}.tar.xz
-	test? (
-		https://github.com/libgd/libgd/raw/e0cb1b76c305db68b251fe782faa12da5d357593/tests/gif/ossfuzz5700.gif -> lib${P}-ossfuzz5700.dat
-		https://github.com/libgd/libgd/raw/e0cb1b76c305db68b251fe782faa12da5d357593/tests/gif/php_bug_75571.gif -> lib${P}-php_bug_75571.dat
-	)"
-
-LICENSE="gd IJG HPND BSD"
-SLOT="2/3"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~ppc-aix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cpu_flags_x86_sse fontconfig jpeg png static-libs test tiff truetype webp xpm zlib"
-RESTRICT="!test? ( test )"
-
-# fontconfig has prefixed font paths, details see bug #518970
-REQUIRED_USE="prefix? ( fontconfig )"
-
-RDEPEND="fontconfig? ( >=media-libs/fontconfig-2.10.92[${MULTILIB_USEDEP}] )
-	jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
-	png? ( >=media-libs/libpng-1.6.10:0=[${MULTILIB_USEDEP}] )
-	tiff? ( media-libs/tiff:0[${MULTILIB_USEDEP}] )
-	truetype? ( >=media-libs/freetype-2.5.0.1[${MULTILIB_USEDEP}] )
-	webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
-	xpm? ( >=x11-libs/libXpm-3.5.10-r1[${MULTILIB_USEDEP}] >=x11-libs/libXt-1.1.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig"
-
-S="${WORKDIR}/lib${P}"
-
-PATCHES=(
-	"${FILESDIR}/${P}-ossfuzz5700.patch"
-	"${FILESDIR}/${P}-CVE-2018-5711.patch"
-	"${FILESDIR}/${P}-CVE-2018-1000222.patch"
-	"${FILESDIR}/${P}-CVE-2019-6977.patch"
-	"${FILESDIR}/${P}-CVE-2019-6978.patch"
-)
-
-src_unpack() {
-	default
-
-	if use test ; then
-		cp "${DISTDIR}"/lib${P}-ossfuzz5700.dat \
-			"${S}"/tests/gif/ossfuzz5700.gif || die
-		cp "${DISTDIR}"/lib${P}-php_bug_75571.dat \
-			"${S}"/tests/gif/php_bug_75571.gif || die
-	fi
-}
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-multilib_src_configure() {
-	# bug 603360, https://github.com/libgd/libgd/blob/fd06f7f83c5e78bf5b7f5397746b4e5ee4366250/docs/README.TESTING#L65
-	if use cpu_flags_x86_sse ; then
-		append-cflags -msse -mfpmath=sse
-	else
-		append-cflags -ffloat-store
-	fi
-
-	# bug 632076, https://github.com/libgd/libgd/issues/278
-	if use arm64 || use ppc64 || use s390 ; then
-		append-cflags -ffp-contract=off
-	fi
-
-	# we aren't actually {en,dis}abling X here ... the configure
-	# script uses it just to add explicit -I/-L paths which we
-	# don't care about on Gentoo systems.
-	local myeconfargs=(
-		--disable-werror
-		--without-x
-		--without-liq
-		$(use_enable static-libs static)
-		$(use_with fontconfig)
-		$(use_with png)
-		$(use_with tiff)
-		$(use_with truetype freetype)
-		$(use_with jpeg)
-		$(use_with webp)
-		$(use_with xpm)
-		$(use_with zlib)
-	)
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
-	dodoc README.md
-	find "${ED}" -name '*.la' -delete || die
-}
-- 
cgit v1.2.3