svn commit: r475431 - in branches/2018Q3/graphics/gd: . files

Torsten Zuehlsdorff tz at FreeBSD.org
Fri Jul 27 12:35:23 UTC 2018 

Author: tz
Date: Fri Jul 27 12:35:21 2018
New Revision: 475431
URL: https://svnweb.freebsd.org/changeset/ports/475431

Log:
  MFH: r475415
  
  graphics/gd: Update from 2.2.4 to 2.2.5
  
  This update fixes 2 security issues:
  - Double-free in gdImagePngPtr(). (CVE-2017-6362)
  - Buffer over-read into uninitialized memory. (CVE-2017-7890)
  
  Full Changelog:
  https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md
  
  PR:		229707
  Submitted by:	Mikhail Teterin <mi at FreeBSD.org>
  Approved by:	maintainer timeout (dinoex, 2 weeks)
  Security:	CVE-2017-6362
  Security:	CVE-2017-7890
  
  Approved by:	ports-secteam (miwi)

Added:
  branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c
     - copied unchanged from r475415, head/graphics/gd/files/patch-gd_gif_in.c
Modified:
  branches/2018Q3/graphics/gd/Makefile
  branches/2018Q3/graphics/gd/distinfo
  branches/2018Q3/graphics/gd/pkg-plist
Directory Properties:
  branches/2018Q3/   (props changed)

Modified: branches/2018Q3/graphics/gd/Makefile
==============================================================================
--- branches/2018Q3/graphics/gd/Makefile	Fri Jul 27 12:34:57 2018	(r475430)
+++ branches/2018Q3/graphics/gd/Makefile	Fri Jul 27 12:35:21 2018	(r475431)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	libgd
-PORTVERSION=	2.2.4
-PORTREVISION=	1
+PORTVERSION=	2.2.5
 PORTEPOCH=	1
 CATEGORIES+=	graphics
 MASTER_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/
@@ -24,6 +23,7 @@ USES=		tar:xz pkgconfig pathfix libtool:keepla shebang
 SHEBANG_FILES=	${WRKSRC}/src/bdftogd
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
+TEST_TARGET=	check
 
 OPTIONS_DEFINE=	FONTCONFIG ICONV XPM WEBP
 OPTIONS_DEFAULT=FONTCONFIG WEBP
@@ -90,6 +90,6 @@ pre-build:
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \
 		${STAGEDIR}${PREFIX}/include/
-	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.4
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6*
 
 .include <bsd.port.mk>

Modified: branches/2018Q3/graphics/gd/distinfo
==============================================================================
--- branches/2018Q3/graphics/gd/distinfo	Fri Jul 27 12:34:57 2018	(r475430)
+++ branches/2018Q3/graphics/gd/distinfo	Fri Jul 27 12:35:21 2018	(r475431)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1485463341
-SHA256 (libgd-2.2.4.tar.xz) = 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6
-SIZE (libgd-2.2.4.tar.xz) = 2478528
+TIMESTAMP = 1531337629
+SHA256 (libgd-2.2.5.tar.xz) = 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51
+SIZE (libgd-2.2.5.tar.xz) = 2594092

Copied: branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c (from r475415, head/graphics/gd/files/patch-gd_gif_in.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c	Fri Jul 27 12:35:21 2018	(r475431, copy of r475415, head/graphics/gd/files/patch-gd_gif_in.c)
@@ -0,0 +1,34 @@
+See:
+
+	https://bugs.php.net/bug.php?id=75571
+
+--- src/gd_gif_in.c	2017-08-30 07:05:54.000000000 -0400
++++ src/gd_gif_in.c	2018-07-11 15:39:11.746181000 -0400
+@@ -336,9 +336,4 @@
+ 	}
+ 
+-	if(!im->colorsTotal) {
+-		gdImageDestroy(im);
+-		return 0;
+-	}
+-
+ 	/* Check for open colors at the end, so
+ 	 * we can reduce colorsTotal and ultimately
+@@ -352,4 +347,9 @@
+ 	}
+ 
++	if(!im->colorsTotal) {
++		gdImageDestroy(im);
++		return 0;
++	}
++
+ 	return im;
+ }
+@@ -447,6 +447,5 @@
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
+ {
+-	int i, j, ret;
+-	unsigned char count;
++	int i, j, ret, count;
+ 
+ 	if(flag) {

Modified: branches/2018Q3/graphics/gd/pkg-plist
==============================================================================
--- branches/2018Q3/graphics/gd/pkg-plist	Fri Jul 27 12:34:57 2018	(r475430)
+++ branches/2018Q3/graphics/gd/pkg-plist	Fri Jul 27 12:35:21 2018	(r475431)
@@ -29,5 +29,5 @@ lib/libgd.a
 lib/libgd.la
 lib/libgd.so
 lib/libgd.so.6
-lib/libgd.so.6.0.4
+lib/libgd.so.6.0.5
 libdata/pkgconfig/gdlib.pc

More information about the svn-ports-all mailing list