svn commit: r475415 - in head/graphics/gd: . files

Torsten Zuehlsdorff tz at FreeBSD.org
Fri Jul 27 07:39:15 UTC 2018 

Author: tz
Date: Fri Jul 27 07:39:13 2018
New Revision: 475415
URL: https://svnweb.freebsd.org/changeset/ports/475415

Log:
  graphics/gd: Update from 2.2.4 to 2.2.5
  
  This update fixes 2 security issues:
  - Double-free in gdImagePngPtr(). (CVE-2017-6362)
  - Buffer over-read into uninitialized memory. (CVE-2017-7890)
  
  Full Changelog:
  https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md
  
  PR:		229707
  Submitted by:	Mikhail Teterin <mi at FreeBSD.org>
  Approved by:	maintainer timeout (dinoex, 2 weeks)
  MFH:		2018Q3
  Security:	CVE-2017-6362
  Security:	CVE-2017-7890

Added:
  head/graphics/gd/files/patch-gd_gif_in.c   (contents, props changed)
Modified:
  head/graphics/gd/Makefile
  head/graphics/gd/distinfo
  head/graphics/gd/pkg-plist

Modified: head/graphics/gd/Makefile
==============================================================================
--- head/graphics/gd/Makefile	Fri Jul 27 06:50:58 2018	(r475414)
+++ head/graphics/gd/Makefile	Fri Jul 27 07:39:13 2018	(r475415)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	libgd
-PORTVERSION=	2.2.4
-PORTREVISION=	1
+PORTVERSION=	2.2.5
 PORTEPOCH=	1
 CATEGORIES+=	graphics
 MASTER_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/
@@ -24,6 +23,7 @@ USES=		tar:xz pkgconfig pathfix libtool:keepla shebang
 SHEBANG_FILES=	${WRKSRC}/src/bdftogd
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
+TEST_TARGET=	check
 
 OPTIONS_DEFINE=	FONTCONFIG ICONV XPM WEBP
 OPTIONS_DEFAULT=FONTCONFIG WEBP
@@ -90,6 +90,6 @@ pre-build:
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \
 		${STAGEDIR}${PREFIX}/include/
-	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.4
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6*
 
 .include <bsd.port.mk>

Modified: head/graphics/gd/distinfo
==============================================================================
--- head/graphics/gd/distinfo	Fri Jul 27 06:50:58 2018	(r475414)
+++ head/graphics/gd/distinfo	Fri Jul 27 07:39:13 2018	(r475415)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1485463341
-SHA256 (libgd-2.2.4.tar.xz) = 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6
-SIZE (libgd-2.2.4.tar.xz) = 2478528
+TIMESTAMP = 1531337629
+SHA256 (libgd-2.2.5.tar.xz) = 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51
+SIZE (libgd-2.2.5.tar.xz) = 2594092

Added: head/graphics/gd/files/patch-gd_gif_in.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/gd/files/patch-gd_gif_in.c	Fri Jul 27 07:39:13 2018	(r475415)
@@ -0,0 +1,34 @@
+See:
+
+	https://bugs.php.net/bug.php?id=75571
+
+--- src/gd_gif_in.c	2017-08-30 07:05:54.000000000 -0400
++++ src/gd_gif_in.c	2018-07-11 15:39:11.746181000 -0400
+@@ -336,9 +336,4 @@
+ 	}
+ 
+-	if(!im->colorsTotal) {
+-		gdImageDestroy(im);
+-		return 0;
+-	}
+-
+ 	/* Check for open colors at the end, so
+ 	 * we can reduce colorsTotal and ultimately
+@@ -352,4 +347,9 @@
+ 	}
+ 
++	if(!im->colorsTotal) {
++		gdImageDestroy(im);
++		return 0;
++	}
++
+ 	return im;
+ }
+@@ -447,6 +447,5 @@
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
+ {
+-	int i, j, ret;
+-	unsigned char count;
++	int i, j, ret, count;
+ 
+ 	if(flag) {

Modified: head/graphics/gd/pkg-plist
==============================================================================
--- head/graphics/gd/pkg-plist	Fri Jul 27 06:50:58 2018	(r475414)
+++ head/graphics/gd/pkg-plist	Fri Jul 27 07:39:13 2018	(r475415)
@@ -29,5 +29,5 @@ lib/libgd.a
 lib/libgd.la
 lib/libgd.so
 lib/libgd.so.6
-lib/libgd.so.6.0.4
+lib/libgd.so.6.0.5
 libdata/pkgconfig/gdlib.pc

More information about the svn-ports-all mailing list