# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=gd
pkgver=2.1.1
_myver=${pkgver/_rc/RC}
pkgrel=2
pkgdesc="Library for the dynamic creation of images by programmers"
url="http://www.libgd.org/"
arch="all"
license="custom"
depends=
makedepends="libpng-dev libjpeg-turbo-dev freetype-dev zlib-dev"
subpackages="$pkgname-dev $pkgname-doc"
source="http://bitbucket.org/libgd/gd-libgd/downloads/libgd-$pkgver.tar.xz
	invalid_neg_size.gd2
	CVE-2015-8874.patch
	CVE-2016-3074.patch
	CVE-2016-5116.patch
	CVE-2016-5766.patch
	CVE-2016-6128.patch
	CVE-2016-6161.patch
	CVE-2016-6214.patch
	Fix_out-of-bounds_read_in_read_image_tga.patch
	gdlib-config-uses-pkgconfig.patch
	read_out-of-bands_in_the_parsing_of_TGA_files.patch
	"

# secfixes:
#   2.2.1-r2:
#     - CVE-2015-8874
#     - CVE-2016-3074
#     - CVE-2016-5116
#     - CVE-2016-5766
#     - CVE-2016-6128
#     - CVE-2016-6161
#     - CVE-2016-6214

_builddir="$srcdir"/lib$pkgname-$_myver

prepare() {
	cd "$_builddir"
        for i in $source; do
                case $i in
                *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
                esac
        done
	update_config_sub || return 1
	# Binary file included in CVE
	cp "$srcdir"/invalid_neg_size.gd2 "$_builddir"/tests/gd2/ || return 1
}

build() {
	cd "$_builddir"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--with-png \
		--with-freetype \
		--with-jpeg \
		--without-xpm \
		--without-fontconfig \
		|| return 1
	make || return 1
}

package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install || return 1
	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
	rm -r "$pkgdir"/usr/lib/libgd.la
}

md5sums="9076f3abd1f9815d106da36467ea15bc  libgd-2.1.1.tar.xz
5d47f93d43e04fd29e758a1cda35fd4a  invalid_neg_size.gd2
ffdea036b5dc25d2b4686e028cc0bcdc  CVE-2015-8874.patch
1302aaf334899f086c707ebff7b27c96  CVE-2016-3074.patch
c76949031da145d6e40e9a65794f86c0  CVE-2016-5116.patch
fe62c60ecdbbe58407108a8241d6b64b  CVE-2016-5766.patch
b5855d707396a59de730af7df9ff4e5f  CVE-2016-6128.patch
e26e08aa74179306d216c7ac1e56e122  CVE-2016-6161.patch
99ce876835b32791270da65814a96c6b  CVE-2016-6214.patch
a5948cb2f199d78a9616a7d6eaf6b7e7  Fix_out-of-bounds_read_in_read_image_tga.patch
f63f2d68fd047cb78c67af552ddfd90b  gdlib-config-uses-pkgconfig.patch
bd87c73fe724b03ee0ffc0882ae02753  read_out-of-bands_in_the_parsing_of_TGA_files.patch"
sha256sums="9ada1ed45594abc998ebc942cef12b032fbad672e73efc22bc9ff54f5df2b285  libgd-2.1.1.tar.xz
a90b3a76ca00e6766a600feeecf3c3fb1a6c71b256b44fe0d6e7268e54e758f3  invalid_neg_size.gd2
d9676b643d78d25fcc76dd89934a7ceeebed4c5c3aeeda17c97901288f5ba6b5  CVE-2015-8874.patch
98908d8dda9b82c28c5903e1d42ba0f4c4604742b3648cfa224267e0a56cebfd  CVE-2016-3074.patch
05f48d46bbc8f2edb6175c394f1b1968a9e486c672c7f0034f386546783086c5  CVE-2016-5116.patch
a9c43998f804f670103c388603d4b567445722fff464e1192306622ac485ddbf  CVE-2016-5766.patch
33c234de245f058f83a3349b57c296755ba128e346c153df19417250f640d586  CVE-2016-6128.patch
6b57bc5ec9427abdb9daef8463ace7d213d39efc3a0c7179ab9c35d2cab9b17e  CVE-2016-6161.patch
02db388e6304c457259eb280618b03175aa7a667288a6d1976f4431a61c5e178  CVE-2016-6214.patch
794f6977709e75295e3b19f7c9574bb8dc13aaf06b77cf36e512e1f1d4dd95a1  Fix_out-of-bounds_read_in_read_image_tga.patch
2ea89fdbd443ab2a3b38e762e99c598389a12373fdcc59182fbaad0e22779270  gdlib-config-uses-pkgconfig.patch
addf67d8e251243b19a02c91d4346cebf684e4de8e75ac0e229b9839486e99cd  read_out-of-bands_in_the_parsing_of_TGA_files.patch"
sha512sums="48f444402a4b89e412870f9091b92eb26136c5c0d795722262ad973c7d4103476204a2de36133a2634b8f410d6bccdcf60afb829a74ac2fddfb96aff2cd2567b  libgd-2.1.1.tar.xz
c2402dd19525468b41f5424d42237ead46f108d8ef7f70fc8f11afa715972b474c53d792f92dd27f044f1be9b2e6a9c33eeb9434249f63055f52ac4a68b970b4  invalid_neg_size.gd2
fd0e6094a968e16b3cc37ba5ce25118e0f1e6bcaa2ecf42834120f15dcd9b7bc8788258d774ced02677b25accbdb187b4add9bb09deab78669972aa12c583fce  CVE-2015-8874.patch
91e13a5f9d2009707258613fec0549021c397b9f0b92a0e63dca9874a8f4041de1a2e04693da5e34668b154069d952735c5a4c8de9e3b6ab57b97297f8eab832  CVE-2016-3074.patch
4010a85dc298292da3e82061390e6eb81578f059ae40ccac319e4e2bacfd804567cb36f162d7e5753a511f00285d15a0cf28bed381b01e268bb4398eed5705ef  CVE-2016-5116.patch
e08c7e351d6982c43f3852c4d6c174615d3e81292929d330082704d2469bfa2563db2c34bbe6dece2a2af351c89c7f4964a8723ca4453ebb75875aced61c778a  CVE-2016-5766.patch
2d028aade6b39f62bf587719031a280064006723bc6060c11266df0c8391fbd90456e0c7c0c1081b35291b58aa60b47b012278160a987c6b1659fc562c298e4f  CVE-2016-6128.patch
2df0665aecd454343c9bd801f096cd46b44d5dcc632bd0a1b03de01d797f2ebda078e4dcb20279ba33a86f30f6ae5819ad7a5c02902174cc1f185416159cf046  CVE-2016-6161.patch
f5afe3434010b5d7e77d33b60cbc02bf7455cd0e469705900da3d4dc5451022cdaeb315ebe902bb80ddef2379bd851b57f5216e5e024a9cb2085f2932c0a3e12  CVE-2016-6214.patch
013cb2d4751685ae0c64cdce2ddd120c209a9f6b60a20404c58c67e4a36f168a918bc048b7833c37279900255e3e687607f0740ccd0f33ee12bffe284c9dd6af  Fix_out-of-bounds_read_in_read_image_tga.patch
cbd01fa281c32806d3dac43e80760e4fb34a45d86035d7dbcdca987fdf341819708960c9aa20e2d075d97bb3b9de2652a787eab73f755d955ad4f437cb38eee3  gdlib-config-uses-pkgconfig.patch
87468dd7b310e5488f2b877f766b2eac90561d77c44ad79df98f61d07a40f76ed7621d1f2772afeeb00bc032d144e0302ecdae8cfd442a8e0b748b039b1d27df  read_out-of-bands_in_the_parsing_of_TGA_files.patch"