pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2016Q2]: pkgsrc/graphics/gd Pullup ticket #5080 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e0373ff846b1
branches: pkgsrc-2016Q2
changeset: 408871:e0373ff846b1
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Wed Aug 10 18:12:37 2016 +0000
description:
Pullup ticket #5080 - requested by sevan
graphics/gd: security fix
Revisions pulled up:
- graphics/gd/Makefile 1.111
- graphics/gd/buildlink3.mk 1.37
- graphics/gd/distinfo 1.41
- graphics/gd/options.mk 1.5
- graphics/gd/patches/patch-aa deleted
- graphics/gd/patches/patch-ab deleted
- graphics/gd/patches/patch-configure deleted
- graphics/gd/patches/patch-configure.ac deleted
- graphics/gd/patches/patch-src_gd__bmp.c deleted
- graphics/gd/patches/patch-src_gd__crop.c deleted
- graphics/gd/patches/patch-src_webpimg.c deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Aug 2 18:29:21 UTC 2016
Modified Files:
pkgsrc/graphics/gd: Makefile buildlink3.mk distinfo options.mk
Removed Files:
pkgsrc/graphics/gd/patches: patch-aa patch-ab patch-configure
patch-configure.ac patch-src_gd__bmp.c patch-src_gd__crop.c
patch-src_webpimg.c
Log Message:
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series.
Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga
Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
* improve color check for CropThreshold
Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.
diffstat:
graphics/gd/Makefile | 13 +-
graphics/gd/buildlink3.mk | 15 +-
graphics/gd/distinfo | 17 +-
graphics/gd/options.mk | 12 +-
graphics/gd/patches/patch-aa | 25 --
graphics/gd/patches/patch-ab | 266 -------------------------------
graphics/gd/patches/patch-configure | 21 --
graphics/gd/patches/patch-configure.ac | 15 -
graphics/gd/patches/patch-src_gd__bmp.c | 20 --
graphics/gd/patches/patch-src_gd__crop.c | 18 --
graphics/gd/patches/patch-src_webpimg.c | 30 ---
11 files changed, 18 insertions(+), 434 deletions(-)
diffs (truncated from 559 to 300 lines):
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/Makefile
--- a/graphics/gd/Makefile Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/Makefile Wed Aug 10 18:12:37 2016 +0000
@@ -1,28 +1,30 @@
-# $NetBSD: Makefile,v 1.109 2016/06/30 09:00:18 taca Exp $
+# $NetBSD: Makefile,v 1.109.2.1 2016/08/10 18:12:37 bsiegert Exp $
-DISTNAME= libgd-2.1.1
+DISTNAME= libgd-2.2.3
PKGNAME= ${DISTNAME:S/libgd/gd/}
-PKGREVISION= 3
CATEGORIES= graphics
-MASTER_SITES= https://bitbucket.org/libgd/gd-libgd/downloads/
+MASTER_SITES= ${MASTER_SITE_GITHUB:=libgd/}
EXTRACT_SUFX= .tar.xz
MAINTAINER= adam%NetBSD.org@localhost
HOMEPAGE= http://libgd.bitbucket.org/
COMMENT= Graphics library for the dynamic creation of images
-#WRKSRC= ${WRKDIR}/${DISTNAME:S/libgd-/libgd-gd-/}
+GITHUB_PROJECT= libgd
+GITHUB_RELEASE= gd-${PKGVERSION_NOREV}
.include "options.mk"
USE_LIBTOOL= yes
USE_TOOLS+= perl:run
GNU_CONFIGURE= yes
+CONFIGURE_ARGS+= --disable-werror
CONFIGURE_ARGS+= --with-fontconfig=${BUILDLINK_PREFIX.fontconfig}
CONFIGURE_ARGS+= --with-freetype=${BUILDLINK_PREFIX.freetype2}
CONFIGURE_ARGS+= --with-jpeg=${BUILDLINK_PREFIX.jpeg}
CONFIGURE_ARGS+= --with-png=${BUILDLINK_PREFIX.png}
CONFIGURE_ARGS+= --with-tiff=${BUILDLINK_PREFIX.tiff}
+CONFIGURE_ARGS+= --with-webp=${BUILDLINK_PREFIX.libwebp}
CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib}
REPLACE_PERL+= src/bdftogd
PTHREAD_AUTO_VARS= yes
@@ -31,6 +33,7 @@
.include "../../devel/zlib/buildlink3.mk"
.include "../../fonts/fontconfig/buildlink3.mk"
.include "../../graphics/freetype2/buildlink3.mk"
+.include "../../graphics/libwebp/buildlink3.mk"
.include "../../graphics/png/buildlink3.mk"
.include "../../graphics/tiff/buildlink3.mk"
.include "../../mk/jpeg.buildlink3.mk"
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/buildlink3.mk
--- a/graphics/gd/buildlink3.mk Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/buildlink3.mk Wed Aug 10 18:12:37 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.36 2015/11/18 14:19:46 ryoon Exp $
+# $NetBSD: buildlink3.mk,v 1.36.6.1 2016/08/10 18:12:37 bsiegert Exp $
BUILDLINK_TREE+= gd
@@ -6,18 +6,11 @@
GD_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.gd+= gd>=2.0.15nb1
-BUILDLINK_ABI_DEPENDS.gd+= gd>=2.1.1nb2
+BUILDLINK_ABI_DEPENDS.gd+= gd>=2.2.3
BUILDLINK_PKGSRCDIR.gd?= ../../graphics/gd
.include "../../mk/bsd.fast.prefs.mk"
-_GD_PRE_LIBVPX_OPTION!= \
- if ${PKG_INFO} -qe 'gd<2.1.0nb1'; then \
- ${ECHO} yes; \
- else \
- ${ECHO} no; \
- fi
-
pkgbase := gd
.include "../../mk/pkg-build-options.mk"
@@ -28,11 +21,9 @@
.include "../../devel/zlib/buildlink3.mk"
.include "../../fonts/fontconfig/buildlink3.mk"
.include "../../graphics/freetype2/buildlink3.mk"
+.include "../../graphics/libwebp/buildlink3.mk"
.include "../../graphics/png/buildlink3.mk"
.include "../../graphics/tiff/buildlink3.mk"
-.if ${_GD_PRE_LIBVPX_OPTION} == "yes" || !empty(PKG_BUILD_OPTIONS.gd:Mlibvpx)
-.include "../../multimedia/libvpx/buildlink3.mk"
-.endif
.include "../../mk/jpeg.buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
.endif # GD_BUILDLINK3_MK
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/distinfo
--- a/graphics/gd/distinfo Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/distinfo Wed Aug 10 18:12:37 2016 +0000
@@ -1,13 +1,6 @@
-$NetBSD: distinfo,v 1.40 2016/06/30 09:00:18 taca Exp $
+$NetBSD: distinfo,v 1.40.2.1 2016/08/10 18:12:37 bsiegert Exp $
-SHA1 (libgd-2.1.1.tar.xz) = 9038ed488b577d16aa8c32b6c10b4a70b10f7fa1
-RMD160 (libgd-2.1.1.tar.xz) = 8d564caf9a953d344fb9a5e169d241510a2c71f1
-SHA512 (libgd-2.1.1.tar.xz) = 48f444402a4b89e412870f9091b92eb26136c5c0d795722262ad973c7d4103476204a2de36133a2634b8f410d6bccdcf60afb829a74ac2fddfb96aff2cd2567b
-Size (libgd-2.1.1.tar.xz) = 2039132 bytes
-SHA1 (patch-aa) = 00198349dd9cff60f1f5738524096a251057eb16
-SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b
-SHA1 (patch-configure) = 53769c3daffa38c88d82093f59cb97b4bd38008f
-SHA1 (patch-configure.ac) = 72092d5a0ee7944249286edc0d3505176f15303f
-SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5
-SHA1 (patch-src_gd__crop.c) = 34c9716fe40e8f80cc126893dbafa0151bbf3b5a
-SHA1 (patch-src_webpimg.c) = 2717cbcfdbbddfc8cd96de2d4f6a07a0485ba086
+SHA1 (libgd-2.2.3.tar.xz) = 2f8cebec5afd6c83a3d5cb92f40ea4926b4daa98
+RMD160 (libgd-2.2.3.tar.xz) = e6c29133c2ea33c8ba16571892d2798ef0f5afea
+SHA512 (libgd-2.2.3.tar.xz) = bdc6d086bc054beda6574ec46baa4cd94048a5f2f357f875ba05983e92d247f1b731434b9e438c6aef09d46fa96f1a7e1f330a25a77ffd2dd78aa8a32d652557
+Size (libgd-2.2.3.tar.xz) = 2164152 bytes
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/options.mk
--- a/graphics/gd/options.mk Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/options.mk Wed Aug 10 18:12:37 2016 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: options.mk,v 1.4 2015/07/04 16:18:35 joerg Exp $
+# $NetBSD: options.mk,v 1.4.8.1 2016/08/10 18:12:37 bsiegert Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.gd
-PKG_SUPPORTED_OPTIONS= libvpx x11
-PKG_SUGGESTED_OPTIONS= libvpx
+PKG_SUPPORTED_OPTIONS= x11
.include "../../mk/bsd.options.mk"
@@ -13,10 +12,3 @@
.else
CONFIGURE_ARGS+= --without-xpm
.endif
-
-.if !empty(PKG_OPTIONS:Mlibvpx)
-.include "../../multimedia/libvpx/buildlink3.mk"
-CONFIGURE_ARGS+= --with-vpx=${BUILDLINK_PREFIX.libvpx}
-.else
-CONFIGURE_ARGS+= --without-vpx
-.endif
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/patches/patch-aa
--- a/graphics/gd/patches/patch-aa Wed Aug 10 17:06:46 2016 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-$NetBSD: patch-aa,v 1.19 2013/09/02 21:17:42 adam Exp $
-
---- src/entities.h.orig 2013-06-25 09:58:23.000000000 +0000
-+++ src/entities.h
-@@ -14,7 +14,11 @@ extern "C" {
- static struct entities_s {
- char *name;
- int value;
-- } entities[] = {
-+ };
-+ extern struct entities_s entities[];
-+
-+#if 0
-+struct entities_s entities[] = {
- {"AElig", 198},
- {"Aacute", 193},
- {"Acirc", 194},
-@@ -268,6 +272,7 @@ extern "C" {
- {"zwj", 8205},
- {"zwnj", 8204},
- };
-+#endif
-
- #define ENTITY_NAME_LENGTH_MAX 8
- #define NR_OF_ENTITIES 252
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/patches/patch-ab
--- a/graphics/gd/patches/patch-ab Wed Aug 10 17:06:46 2016 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,266 +0,0 @@
-$NetBSD: patch-ab,v 1.10 2013/09/02 21:17:42 adam Exp $
-
---- src/gdft.c.orig 2013-06-25 09:58:23.000000000 +0000
-+++ src/gdft.c
-@@ -35,6 +35,261 @@
- #endif
- #endif
-
-+struct entities_s entities[] = {
-+ {"AElig", 198},
-+ {"Aacute", 193},
-+ {"Acirc", 194},
-+ {"Agrave", 192},
-+ {"Alpha", 913},
-+ {"Aring", 197},
-+ {"Atilde", 195},
-+ {"Auml", 196},
-+ {"Beta", 914},
-+ {"Ccedil", 199},
-+ {"Chi", 935},
-+ {"Dagger", 8225},
-+ {"Delta", 916},
-+ {"ETH", 208},
-+ {"Eacute", 201},
-+ {"Ecirc", 202},
-+ {"Egrave", 200},
-+ {"Epsilon", 917},
-+ {"Eta", 919},
-+ {"Euml", 203},
-+ {"Gamma", 915},
-+ {"Iacute", 205},
-+ {"Icirc", 206},
-+ {"Igrave", 204},
-+ {"Iota", 921},
-+ {"Iuml", 207},
-+ {"Kappa", 922},
-+ {"Lambda", 923},
-+ {"Mu", 924},
-+ {"Ntilde", 209},
-+ {"Nu", 925},
-+ {"OElig", 338},
-+ {"Oacute", 211},
-+ {"Ocirc", 212},
-+ {"Ograve", 210},
-+ {"Omega", 937},
-+ {"Omicron", 927},
-+ {"Oslash", 216},
-+ {"Otilde", 213},
-+ {"Ouml", 214},
-+ {"Phi", 934},
-+ {"Pi", 928},
-+ {"Prime", 8243},
-+ {"Psi", 936},
-+ {"Rho", 929},
-+ {"Scaron", 352},
-+ {"Sigma", 931},
-+ {"THORN", 222},
-+ {"Tau", 932},
-+ {"Theta", 920},
-+ {"Uacute", 218},
-+ {"Ucirc", 219},
-+ {"Ugrave", 217},
-+ {"Upsilon", 933},
-+ {"Uuml", 220},
-+ {"Xi", 926},
-+ {"Yacute", 221},
-+ {"Yuml", 376},
-+ {"Zeta", 918},
-+ {"aacute", 225},
-+ {"acirc", 226},
-+ {"acute", 180},
-+ {"aelig", 230},
-+ {"agrave", 224},
-+ {"alefsym", 8501},
-+ {"alpha", 945},
-+ {"amp", 38},
-+ {"and", 8743},
-+ {"ang", 8736},
-+ {"aring", 229},
-+ {"asymp", 8776},
-+ {"atilde", 227},
-+ {"auml", 228},
-+ {"bdquo", 8222},
-+ {"beta", 946},
-+ {"brvbar", 166},
-+ {"bull", 8226},
-+ {"cap", 8745},
-+ {"ccedil", 231},
-+ {"cedil", 184},
-+ {"cent", 162},
-+ {"chi", 967},
-+ {"circ", 710},
-+ {"clubs", 9827},
-+ {"cong", 8773},
-+ {"copy", 169},
-+ {"crarr", 8629},
-+ {"cup", 8746},
-+ {"curren", 164},
-+ {"dArr", 8659},
-+ {"dagger", 8224},
-+ {"darr", 8595},
-+ {"deg", 176},
-+ {"delta", 948},
-+ {"diams", 9830},
-+ {"divide", 247},
-+ {"eacute", 233},
-+ {"ecirc", 234},
-+ {"egrave", 232},
-+ {"empty", 8709},
-+ {"emsp", 8195},
-+ {"ensp", 8194},
-+ {"epsilon", 949},
-+ {"equiv", 8801},
-+ {"eta", 951},
-+ {"eth", 240},
-+ {"euml", 235},
-+ {"euro", 8364},
-+ {"exist", 8707},
-+ {"fnof", 402},
-+ {"forall", 8704},
-+ {"frac12", 189},
-+ {"frac14", 188},
-+ {"frac34", 190},
-+ {"frasl", 8260},
-+ {"gamma", 947},
-+ {"ge", 8805},
-+ {"gt", 62},
-+ {"hArr", 8660},
-+ {"harr", 8596},
-+ {"hearts", 9829},
-+ {"hellip", 8230},
Home |
Main Index |
Thread Index |
Old Index