pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2016Q2]: pkgsrc/graphics/gd Pullup ticket #5080 - requested by...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e0373ff846b1
branches:  pkgsrc-2016Q2
changeset: 408871:e0373ff846b1
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Wed Aug 10 18:12:37 2016 +0000

description:
Pullup ticket #5080 - requested by sevan
graphics/gd: security fix

Revisions pulled up:
- graphics/gd/Makefile                                          1.111
- graphics/gd/buildlink3.mk                                     1.37
- graphics/gd/distinfo                                          1.41
- graphics/gd/options.mk                                        1.5
- graphics/gd/patches/patch-aa                                  deleted
- graphics/gd/patches/patch-ab                                  deleted
- graphics/gd/patches/patch-configure                           deleted
- graphics/gd/patches/patch-configure.ac                        deleted
- graphics/gd/patches/patch-src_gd__bmp.c                       deleted
- graphics/gd/patches/patch-src_gd__crop.c                      deleted
- graphics/gd/patches/patch-src_webpimg.c                       deleted

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Tue Aug  2 18:29:21 UTC 2016

   Modified Files:
           pkgsrc/graphics/gd: Makefile buildlink3.mk distinfo options.mk
   Removed Files:
           pkgsrc/graphics/gd/patches: patch-aa patch-ab patch-configure
               patch-configure.ac patch-src_gd__bmp.c patch-src_gd__crop.c
               patch-src_webpimg.c

   Log Message:
   We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series.

   Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
   * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
   * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
   * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
   * bug 248, fix Out-Of-Bounds Read in read_image_tga

   Using application provided parameters, in these cases invalid data causes the issues:
   * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
   * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
   * improve color check for CropThreshold

   Important update:
   * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.

diffstat:

 graphics/gd/Makefile                     |   13 +-
 graphics/gd/buildlink3.mk                |   15 +-
 graphics/gd/distinfo                     |   17 +-
 graphics/gd/options.mk                   |   12 +-
 graphics/gd/patches/patch-aa             |   25 --
 graphics/gd/patches/patch-ab             |  266 -------------------------------
 graphics/gd/patches/patch-configure      |   21 --
 graphics/gd/patches/patch-configure.ac   |   15 -
 graphics/gd/patches/patch-src_gd__bmp.c  |   20 --
 graphics/gd/patches/patch-src_gd__crop.c |   18 --
 graphics/gd/patches/patch-src_webpimg.c  |   30 ---
 11 files changed, 18 insertions(+), 434 deletions(-)

diffs (truncated from 559 to 300 lines):

diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/Makefile
--- a/graphics/gd/Makefile      Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/Makefile      Wed Aug 10 18:12:37 2016 +0000
@@ -1,28 +1,30 @@
-# $NetBSD: Makefile,v 1.109 2016/06/30 09:00:18 taca Exp $
+# $NetBSD: Makefile,v 1.109.2.1 2016/08/10 18:12:37 bsiegert Exp $
 
-DISTNAME=      libgd-2.1.1
+DISTNAME=      libgd-2.2.3
 PKGNAME=       ${DISTNAME:S/libgd/gd/}
-PKGREVISION=   3
 CATEGORIES=    graphics
-MASTER_SITES=  https://bitbucket.org/libgd/gd-libgd/downloads/
+MASTER_SITES=  ${MASTER_SITE_GITHUB:=libgd/}
 EXTRACT_SUFX=  .tar.xz
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://libgd.bitbucket.org/
 COMMENT=       Graphics library for the dynamic creation of images
 
-#WRKSRC=               ${WRKDIR}/${DISTNAME:S/libgd-/libgd-gd-/}
+GITHUB_PROJECT=        libgd
+GITHUB_RELEASE=        gd-${PKGVERSION_NOREV}
 
 .include "options.mk"
 
 USE_LIBTOOL=           yes
 USE_TOOLS+=            perl:run
 GNU_CONFIGURE=         yes
+CONFIGURE_ARGS+=       --disable-werror
 CONFIGURE_ARGS+=       --with-fontconfig=${BUILDLINK_PREFIX.fontconfig}
 CONFIGURE_ARGS+=       --with-freetype=${BUILDLINK_PREFIX.freetype2}
 CONFIGURE_ARGS+=       --with-jpeg=${BUILDLINK_PREFIX.jpeg}
 CONFIGURE_ARGS+=       --with-png=${BUILDLINK_PREFIX.png}
 CONFIGURE_ARGS+=       --with-tiff=${BUILDLINK_PREFIX.tiff}
+CONFIGURE_ARGS+=       --with-webp=${BUILDLINK_PREFIX.libwebp}
 CONFIGURE_ARGS+=       --with-zlib=${BUILDLINK_PREFIX.zlib}
 REPLACE_PERL+=         src/bdftogd
 PTHREAD_AUTO_VARS=     yes
@@ -31,6 +33,7 @@
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../fonts/fontconfig/buildlink3.mk"
 .include "../../graphics/freetype2/buildlink3.mk"
+.include "../../graphics/libwebp/buildlink3.mk"
 .include "../../graphics/png/buildlink3.mk"
 .include "../../graphics/tiff/buildlink3.mk"
 .include "../../mk/jpeg.buildlink3.mk"
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/buildlink3.mk
--- a/graphics/gd/buildlink3.mk Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/buildlink3.mk Wed Aug 10 18:12:37 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.36 2015/11/18 14:19:46 ryoon Exp $
+# $NetBSD: buildlink3.mk,v 1.36.6.1 2016/08/10 18:12:37 bsiegert Exp $
 
 BUILDLINK_TREE+=       gd
 
@@ -6,18 +6,11 @@
 GD_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.gd+=     gd>=2.0.15nb1
-BUILDLINK_ABI_DEPENDS.gd+=     gd>=2.1.1nb2
+BUILDLINK_ABI_DEPENDS.gd+=     gd>=2.2.3
 BUILDLINK_PKGSRCDIR.gd?=       ../../graphics/gd
 
 .include "../../mk/bsd.fast.prefs.mk"
 
-_GD_PRE_LIBVPX_OPTION!= \
-       if ${PKG_INFO} -qe 'gd<2.1.0nb1'; then  \
-               ${ECHO} yes;                    \
-       else                                    \
-               ${ECHO} no;                     \
-       fi
-
 pkgbase := gd
 .include "../../mk/pkg-build-options.mk"
 
@@ -28,11 +21,9 @@
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../fonts/fontconfig/buildlink3.mk"
 .include "../../graphics/freetype2/buildlink3.mk"
+.include "../../graphics/libwebp/buildlink3.mk"
 .include "../../graphics/png/buildlink3.mk"
 .include "../../graphics/tiff/buildlink3.mk"
-.if ${_GD_PRE_LIBVPX_OPTION} == "yes" || !empty(PKG_BUILD_OPTIONS.gd:Mlibvpx)
-.include "../../multimedia/libvpx/buildlink3.mk"
-.endif
 .include "../../mk/jpeg.buildlink3.mk"
 .include "../../mk/pthread.buildlink3.mk"
 .endif # GD_BUILDLINK3_MK
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/distinfo
--- a/graphics/gd/distinfo      Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/distinfo      Wed Aug 10 18:12:37 2016 +0000
@@ -1,13 +1,6 @@
-$NetBSD: distinfo,v 1.40 2016/06/30 09:00:18 taca Exp $
+$NetBSD: distinfo,v 1.40.2.1 2016/08/10 18:12:37 bsiegert Exp $
 
-SHA1 (libgd-2.1.1.tar.xz) = 9038ed488b577d16aa8c32b6c10b4a70b10f7fa1
-RMD160 (libgd-2.1.1.tar.xz) = 8d564caf9a953d344fb9a5e169d241510a2c71f1
-SHA512 (libgd-2.1.1.tar.xz) = 48f444402a4b89e412870f9091b92eb26136c5c0d795722262ad973c7d4103476204a2de36133a2634b8f410d6bccdcf60afb829a74ac2fddfb96aff2cd2567b
-Size (libgd-2.1.1.tar.xz) = 2039132 bytes
-SHA1 (patch-aa) = 00198349dd9cff60f1f5738524096a251057eb16
-SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b
-SHA1 (patch-configure) = 53769c3daffa38c88d82093f59cb97b4bd38008f
-SHA1 (patch-configure.ac) = 72092d5a0ee7944249286edc0d3505176f15303f
-SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5
-SHA1 (patch-src_gd__crop.c) = 34c9716fe40e8f80cc126893dbafa0151bbf3b5a
-SHA1 (patch-src_webpimg.c) = 2717cbcfdbbddfc8cd96de2d4f6a07a0485ba086
+SHA1 (libgd-2.2.3.tar.xz) = 2f8cebec5afd6c83a3d5cb92f40ea4926b4daa98
+RMD160 (libgd-2.2.3.tar.xz) = e6c29133c2ea33c8ba16571892d2798ef0f5afea
+SHA512 (libgd-2.2.3.tar.xz) = bdc6d086bc054beda6574ec46baa4cd94048a5f2f357f875ba05983e92d247f1b731434b9e438c6aef09d46fa96f1a7e1f330a25a77ffd2dd78aa8a32d652557
+Size (libgd-2.2.3.tar.xz) = 2164152 bytes
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/options.mk
--- a/graphics/gd/options.mk    Wed Aug 10 17:06:46 2016 +0000
+++ b/graphics/gd/options.mk    Wed Aug 10 18:12:37 2016 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: options.mk,v 1.4 2015/07/04 16:18:35 joerg Exp $
+# $NetBSD: options.mk,v 1.4.8.1 2016/08/10 18:12:37 bsiegert Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.gd
-PKG_SUPPORTED_OPTIONS= libvpx x11
-PKG_SUGGESTED_OPTIONS= libvpx
+PKG_SUPPORTED_OPTIONS= x11
 
 .include "../../mk/bsd.options.mk"
 
@@ -13,10 +12,3 @@
 .else
 CONFIGURE_ARGS+=       --without-xpm
 .endif
-
-.if !empty(PKG_OPTIONS:Mlibvpx)
-.include "../../multimedia/libvpx/buildlink3.mk"
-CONFIGURE_ARGS+=       --with-vpx=${BUILDLINK_PREFIX.libvpx}
-.else
-CONFIGURE_ARGS+=       --without-vpx
-.endif
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/patches/patch-aa
--- a/graphics/gd/patches/patch-aa      Wed Aug 10 17:06:46 2016 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-$NetBSD: patch-aa,v 1.19 2013/09/02 21:17:42 adam Exp $
-
---- src/entities.h.orig        2013-06-25 09:58:23.000000000 +0000
-+++ src/entities.h
-@@ -14,7 +14,11 @@ extern "C" {
-       static struct entities_s {
-               char    *name;
-               int     value;
--      } entities[] = {
-+      };
-+      extern struct entities_s entities[];
-+
-+#if 0
-+struct entities_s entities[] = {
-               {"AElig", 198},
-               {"Aacute", 193},
-               {"Acirc", 194},
-@@ -268,6 +272,7 @@ extern "C" {
-               {"zwj", 8205},
-               {"zwnj", 8204},
-       };
-+#endif
- 
- #define ENTITY_NAME_LENGTH_MAX 8
- #define NR_OF_ENTITIES 252
diff -r 128436cc6f2c -r e0373ff846b1 graphics/gd/patches/patch-ab
--- a/graphics/gd/patches/patch-ab      Wed Aug 10 17:06:46 2016 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,266 +0,0 @@
-$NetBSD: patch-ab,v 1.10 2013/09/02 21:17:42 adam Exp $
-
---- src/gdft.c.orig    2013-06-25 09:58:23.000000000 +0000
-+++ src/gdft.c
-@@ -35,6 +35,261 @@
- #endif
- #endif
- 
-+struct entities_s entities[] = {
-+      {"AElig", 198},
-+      {"Aacute", 193},
-+      {"Acirc", 194},
-+      {"Agrave", 192},
-+      {"Alpha", 913},
-+      {"Aring", 197},
-+      {"Atilde", 195},
-+      {"Auml", 196},
-+      {"Beta", 914},
-+      {"Ccedil", 199},
-+      {"Chi", 935},
-+      {"Dagger", 8225},
-+      {"Delta", 916},
-+      {"ETH", 208},
-+      {"Eacute", 201},
-+      {"Ecirc", 202},
-+      {"Egrave", 200},
-+      {"Epsilon", 917},
-+      {"Eta", 919},
-+      {"Euml", 203},
-+      {"Gamma", 915},
-+      {"Iacute", 205},
-+      {"Icirc", 206},
-+      {"Igrave", 204},
-+      {"Iota", 921},
-+      {"Iuml", 207},
-+      {"Kappa", 922},
-+      {"Lambda", 923},
-+      {"Mu", 924},
-+      {"Ntilde", 209},
-+      {"Nu", 925},
-+      {"OElig", 338},
-+      {"Oacute", 211},
-+      {"Ocirc", 212},
-+      {"Ograve", 210},
-+      {"Omega", 937},
-+      {"Omicron", 927},
-+      {"Oslash", 216},
-+      {"Otilde", 213},
-+      {"Ouml", 214},
-+      {"Phi", 934},
-+      {"Pi", 928},
-+      {"Prime", 8243},
-+      {"Psi", 936},
-+      {"Rho", 929},
-+      {"Scaron", 352},
-+      {"Sigma", 931},
-+      {"THORN", 222},
-+      {"Tau", 932},
-+      {"Theta", 920},
-+      {"Uacute", 218},
-+      {"Ucirc", 219},
-+      {"Ugrave", 217},
-+      {"Upsilon", 933},
-+      {"Uuml", 220},
-+      {"Xi", 926},
-+      {"Yacute", 221},
-+      {"Yuml", 376},
-+      {"Zeta", 918},
-+      {"aacute", 225},
-+      {"acirc", 226},
-+      {"acute", 180},
-+      {"aelig", 230},
-+      {"agrave", 224},
-+      {"alefsym", 8501},
-+      {"alpha", 945},
-+      {"amp", 38},
-+      {"and", 8743},
-+      {"ang", 8736},
-+      {"aring", 229},
-+      {"asymp", 8776},
-+      {"atilde", 227},
-+      {"auml", 228},
-+      {"bdquo", 8222},
-+      {"beta", 946},
-+      {"brvbar", 166},
-+      {"bull", 8226},
-+      {"cap", 8745},
-+      {"ccedil", 231},
-+      {"cedil", 184},
-+      {"cent", 162},
-+      {"chi", 967},
-+      {"circ", 710},
-+      {"clubs", 9827},
-+      {"cong", 8773},
-+      {"copy", 169},
-+      {"crarr", 8629},
-+      {"cup", 8746},
-+      {"curren", 164},
-+      {"dArr", 8659},
-+      {"dagger", 8224},
-+      {"darr", 8595},
-+      {"deg", 176},
-+      {"delta", 948},
-+      {"diams", 9830},
-+      {"divide", 247},
-+      {"eacute", 233},
-+      {"ecirc", 234},
-+      {"egrave", 232},
-+      {"empty", 8709},
-+      {"emsp", 8195},
-+      {"ensp", 8194},
-+      {"epsilon", 949},
-+      {"equiv", 8801},
-+      {"eta", 951},
-+      {"eth", 240},
-+      {"euml", 235},
-+      {"euro", 8364},
-+      {"exist", 8707},
-+      {"fnof", 402},
-+      {"forall", 8704},
-+      {"frac12", 189},
-+      {"frac14", 188},
-+      {"frac34", 190},
-+      {"frasl", 8260},
-+      {"gamma", 947},
-+      {"ge", 8805},
-+      {"gt", 62},
-+      {"hArr", 8660},
-+      {"harr", 8596},
-+      {"hearts", 9829},
-+      {"hellip", 8230},



Home | Main Index | Thread Index | Old Index