From owner-svn-ports-all@freebsd.org Fri Jul 27 12:35:23 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A271104945C; Fri, 27 Jul 2018 12:35:23 +0000 (UTC) (envelope-from tz@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0029A724E3; Fri, 27 Jul 2018 12:35:23 +0000 (UTC) (envelope-from tz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D59EF17F20; Fri, 27 Jul 2018 12:35:22 +0000 (UTC) (envelope-from tz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6RCZMFT033758; Fri, 27 Jul 2018 12:35:22 GMT (envelope-from tz@FreeBSD.org) Received: (from tz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6RCZMmB033751; Fri, 27 Jul 2018 12:35:22 GMT (envelope-from tz@FreeBSD.org) Message-Id: <201807271235.w6RCZMmB033751@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tz set sender to tz@FreeBSD.org using -f From: Torsten Zuehlsdorff Date: Fri, 27 Jul 2018 12:35:22 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r475431 - in branches/2018Q3/graphics/gd: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: tz X-SVN-Commit-Paths: in branches/2018Q3/graphics/gd: . files X-SVN-Commit-Revision: 475431 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2018 12:35:23 -0000 Author: tz Date: Fri Jul 27 12:35:21 2018 New Revision: 475431 URL: https://svnweb.freebsd.org/changeset/ports/475431 Log: MFH: r475415 graphics/gd: Update from 2.2.4 to 2.2.5 This update fixes 2 security issues: - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) Full Changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md PR: 229707 Submitted by: Mikhail Teterin Approved by: maintainer timeout (dinoex, 2 weeks) Security: CVE-2017-6362 Security: CVE-2017-7890 Approved by: ports-secteam (miwi) Added: branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c - copied unchanged from r475415, head/graphics/gd/files/patch-gd_gif_in.c Modified: branches/2018Q3/graphics/gd/Makefile branches/2018Q3/graphics/gd/distinfo branches/2018Q3/graphics/gd/pkg-plist Directory Properties: branches/2018Q3/ (props changed) Modified: branches/2018Q3/graphics/gd/Makefile ============================================================================== --- branches/2018Q3/graphics/gd/Makefile Fri Jul 27 12:34:57 2018 (r475430) +++ branches/2018Q3/graphics/gd/Makefile Fri Jul 27 12:35:21 2018 (r475431) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= libgd -PORTVERSION= 2.2.4 -PORTREVISION= 1 +PORTVERSION= 2.2.5 PORTEPOCH= 1 CATEGORIES+= graphics MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/ @@ -24,6 +23,7 @@ USES= tar:xz pkgconfig pathfix libtool:keepla shebang SHEBANG_FILES= ${WRKSRC}/src/bdftogd GNU_CONFIGURE= yes USE_LDCONFIG= yes +TEST_TARGET= check OPTIONS_DEFINE= FONTCONFIG ICONV XPM WEBP OPTIONS_DEFAULT=FONTCONFIG WEBP @@ -90,6 +90,6 @@ pre-build: post-install: ${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \ ${STAGEDIR}${PREFIX}/include/ - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.4 + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6* .include Modified: branches/2018Q3/graphics/gd/distinfo ============================================================================== --- branches/2018Q3/graphics/gd/distinfo Fri Jul 27 12:34:57 2018 (r475430) +++ branches/2018Q3/graphics/gd/distinfo Fri Jul 27 12:35:21 2018 (r475431) @@ -1,3 +1,3 @@ -TIMESTAMP = 1485463341 -SHA256 (libgd-2.2.4.tar.xz) = 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6 -SIZE (libgd-2.2.4.tar.xz) = 2478528 +TIMESTAMP = 1531337629 +SHA256 (libgd-2.2.5.tar.xz) = 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51 +SIZE (libgd-2.2.5.tar.xz) = 2594092 Copied: branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c (from r475415, head/graphics/gd/files/patch-gd_gif_in.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c Fri Jul 27 12:35:21 2018 (r475431, copy of r475415, head/graphics/gd/files/patch-gd_gif_in.c) @@ -0,0 +1,34 @@ +See: + + https://bugs.php.net/bug.php?id=75571 + +--- src/gd_gif_in.c 2017-08-30 07:05:54.000000000 -0400 ++++ src/gd_gif_in.c 2018-07-11 15:39:11.746181000 -0400 +@@ -336,9 +336,4 @@ + } + +- if(!im->colorsTotal) { +- gdImageDestroy(im); +- return 0; +- } +- + /* Check for open colors at the end, so + * we can reduce colorsTotal and ultimately +@@ -352,4 +347,9 @@ + } + ++ if(!im->colorsTotal) { ++ gdImageDestroy(im); ++ return 0; ++ } ++ + return im; + } +@@ -447,6 +447,5 @@ + GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) + { +- int i, j, ret; +- unsigned char count; ++ int i, j, ret, count; + + if(flag) { Modified: branches/2018Q3/graphics/gd/pkg-plist ============================================================================== --- branches/2018Q3/graphics/gd/pkg-plist Fri Jul 27 12:34:57 2018 (r475430) +++ branches/2018Q3/graphics/gd/pkg-plist Fri Jul 27 12:35:21 2018 (r475431) @@ -29,5 +29,5 @@ lib/libgd.a lib/libgd.la lib/libgd.so lib/libgd.so.6 -lib/libgd.so.6.0.4 +lib/libgd.so.6.0.5 libdata/pkgconfig/gdlib.pc