svn commit: r475431 - in branches/2018Q3/graphics/gd: . files
Torsten Zuehlsdorff
tz at FreeBSD.org
Fri Jul 27 12:35:23 UTC 2018
Author: tz
Date: Fri Jul 27 12:35:21 2018
New Revision: 475431
URL: https://svnweb.freebsd.org/changeset/ports/475431
Log:
MFH: r475415
graphics/gd: Update from 2.2.4 to 2.2.5
This update fixes 2 security issues:
- Double-free in gdImagePngPtr(). (CVE-2017-6362)
- Buffer over-read into uninitialized memory. (CVE-2017-7890)
Full Changelog:
https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md
PR: 229707
Submitted by: Mikhail Teterin <mi at FreeBSD.org>
Approved by: maintainer timeout (dinoex, 2 weeks)
Security: CVE-2017-6362
Security: CVE-2017-7890
Approved by: ports-secteam (miwi)
Added:
branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c
- copied unchanged from r475415, head/graphics/gd/files/patch-gd_gif_in.c
Modified:
branches/2018Q3/graphics/gd/Makefile
branches/2018Q3/graphics/gd/distinfo
branches/2018Q3/graphics/gd/pkg-plist
Directory Properties:
branches/2018Q3/ (props changed)
Modified: branches/2018Q3/graphics/gd/Makefile
==============================================================================
--- branches/2018Q3/graphics/gd/Makefile Fri Jul 27 12:34:57 2018 (r475430)
+++ branches/2018Q3/graphics/gd/Makefile Fri Jul 27 12:35:21 2018 (r475431)
@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= libgd
-PORTVERSION= 2.2.4
-PORTREVISION= 1
+PORTVERSION= 2.2.5
PORTEPOCH= 1
CATEGORIES+= graphics
MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/
@@ -24,6 +23,7 @@ USES= tar:xz pkgconfig pathfix libtool:keepla shebang
SHEBANG_FILES= ${WRKSRC}/src/bdftogd
GNU_CONFIGURE= yes
USE_LDCONFIG= yes
+TEST_TARGET= check
OPTIONS_DEFINE= FONTCONFIG ICONV XPM WEBP
OPTIONS_DEFAULT=FONTCONFIG WEBP
@@ -90,6 +90,6 @@ pre-build:
post-install:
${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \
${STAGEDIR}${PREFIX}/include/
- ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.4
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6*
.include <bsd.port.mk>
Modified: branches/2018Q3/graphics/gd/distinfo
==============================================================================
--- branches/2018Q3/graphics/gd/distinfo Fri Jul 27 12:34:57 2018 (r475430)
+++ branches/2018Q3/graphics/gd/distinfo Fri Jul 27 12:35:21 2018 (r475431)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1485463341
-SHA256 (libgd-2.2.4.tar.xz) = 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6
-SIZE (libgd-2.2.4.tar.xz) = 2478528
+TIMESTAMP = 1531337629
+SHA256 (libgd-2.2.5.tar.xz) = 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51
+SIZE (libgd-2.2.5.tar.xz) = 2594092
Copied: branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c (from r475415, head/graphics/gd/files/patch-gd_gif_in.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c Fri Jul 27 12:35:21 2018 (r475431, copy of r475415, head/graphics/gd/files/patch-gd_gif_in.c)
@@ -0,0 +1,34 @@
+See:
+
+ https://bugs.php.net/bug.php?id=75571
+
+--- src/gd_gif_in.c 2017-08-30 07:05:54.000000000 -0400
++++ src/gd_gif_in.c 2018-07-11 15:39:11.746181000 -0400
+@@ -336,9 +336,4 @@
+ }
+
+- if(!im->colorsTotal) {
+- gdImageDestroy(im);
+- return 0;
+- }
+-
+ /* Check for open colors at the end, so
+ * we can reduce colorsTotal and ultimately
+@@ -352,4 +347,9 @@
+ }
+
++ if(!im->colorsTotal) {
++ gdImageDestroy(im);
++ return 0;
++ }
++
+ return im;
+ }
+@@ -447,6 +447,5 @@
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
+ {
+- int i, j, ret;
+- unsigned char count;
++ int i, j, ret, count;
+
+ if(flag) {
Modified: branches/2018Q3/graphics/gd/pkg-plist
==============================================================================
--- branches/2018Q3/graphics/gd/pkg-plist Fri Jul 27 12:34:57 2018 (r475430)
+++ branches/2018Q3/graphics/gd/pkg-plist Fri Jul 27 12:35:21 2018 (r475431)
@@ -29,5 +29,5 @@ lib/libgd.a
lib/libgd.la
lib/libgd.so
lib/libgd.so.6
-lib/libgd.so.6.0.4
+lib/libgd.so.6.0.5
libdata/pkgconfig/gdlib.pc
More information about the svn-ports-all
mailing list