Date: Fri, 27 Jul 2018 07:39:13 +0000 (UTC) From: Torsten Zuehlsdorff <tz@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r475415 - in head/graphics/gd: . files Message-ID: <201807270739.w6R7dDv0079650@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tz Date: Fri Jul 27 07:39:13 2018 New Revision: 475415 URL: https://svnweb.freebsd.org/changeset/ports/475415 Log: graphics/gd: Update from 2.2.4 to 2.2.5 This update fixes 2 security issues: - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) Full Changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md PR: 229707 Submitted by: Mikhail Teterin <mi@FreeBSD.org> Approved by: maintainer timeout (dinoex, 2 weeks) MFH: 2018Q3 Security: CVE-2017-6362 Security: CVE-2017-7890 Added: head/graphics/gd/files/patch-gd_gif_in.c (contents, props changed) Modified: head/graphics/gd/Makefile head/graphics/gd/distinfo head/graphics/gd/pkg-plist Modified: head/graphics/gd/Makefile ============================================================================== --- head/graphics/gd/Makefile Fri Jul 27 06:50:58 2018 (r475414) +++ head/graphics/gd/Makefile Fri Jul 27 07:39:13 2018 (r475415) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= libgd -PORTVERSION= 2.2.4 -PORTREVISION= 1 +PORTVERSION= 2.2.5 PORTEPOCH= 1 CATEGORIES+= graphics MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/ @@ -24,6 +23,7 @@ USES= tar:xz pkgconfig pathfix libtool:keepla shebang SHEBANG_FILES= ${WRKSRC}/src/bdftogd GNU_CONFIGURE= yes USE_LDCONFIG= yes +TEST_TARGET= check OPTIONS_DEFINE= FONTCONFIG ICONV XPM WEBP OPTIONS_DEFAULT=FONTCONFIG WEBP @@ -90,6 +90,6 @@ pre-build: post-install: ${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \ ${STAGEDIR}${PREFIX}/include/ - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.4 + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6* .include <bsd.port.mk> Modified: head/graphics/gd/distinfo ============================================================================== --- head/graphics/gd/distinfo Fri Jul 27 06:50:58 2018 (r475414) +++ head/graphics/gd/distinfo Fri Jul 27 07:39:13 2018 (r475415) @@ -1,3 +1,3 @@ -TIMESTAMP = 1485463341 -SHA256 (libgd-2.2.4.tar.xz) = 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6 -SIZE (libgd-2.2.4.tar.xz) = 2478528 +TIMESTAMP = 1531337629 +SHA256 (libgd-2.2.5.tar.xz) = 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51 +SIZE (libgd-2.2.5.tar.xz) = 2594092 Added: head/graphics/gd/files/patch-gd_gif_in.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/gd/files/patch-gd_gif_in.c Fri Jul 27 07:39:13 2018 (r475415) @@ -0,0 +1,34 @@ +See: + + https://bugs.php.net/bug.php?id=75571 + +--- src/gd_gif_in.c 2017-08-30 07:05:54.000000000 -0400 ++++ src/gd_gif_in.c 2018-07-11 15:39:11.746181000 -0400 +@@ -336,9 +336,4 @@ + } + +- if(!im->colorsTotal) { +- gdImageDestroy(im); +- return 0; +- } +- + /* Check for open colors at the end, so + * we can reduce colorsTotal and ultimately +@@ -352,4 +347,9 @@ + } + ++ if(!im->colorsTotal) { ++ gdImageDestroy(im); ++ return 0; ++ } ++ + return im; + } +@@ -447,6 +447,5 @@ + GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) + { +- int i, j, ret; +- unsigned char count; ++ int i, j, ret, count; + + if(flag) { Modified: head/graphics/gd/pkg-plist ============================================================================== --- head/graphics/gd/pkg-plist Fri Jul 27 06:50:58 2018 (r475414) +++ head/graphics/gd/pkg-plist Fri Jul 27 07:39:13 2018 (r475415) @@ -29,5 +29,5 @@ lib/libgd.a lib/libgd.la lib/libgd.so lib/libgd.so.6 -lib/libgd.so.6.0.4 +lib/libgd.so.6.0.5 libdata/pkgconfig/gdlib.pc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807270739.w6R7dDv0079650>