graphics/gd: Update from 2.2.4 to 2.2.5

This update fixes 2 security issues: - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) Full Changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md PR: 229707 Submitted by: Mikhail Teterin <mi@FreeBSD.org> Approved by: maintainer timeout (dinoex, 2 weeks) MFH: 2018Q3 Security: CVE-2017-6362 Security: CVE-2017-7890
svn path=/head/; revision=475415
2024-10-19 19:59:43 +00:00 · 2018-07-27 07:39:13 +00:00 · 2018-07-27 07:39:13 +00:00 · 815cbdfa64 · 2021-03-31 03:12:20 +00:00
commit 815cbdfa64
parent 340709b56a
4 changed files with 41 additions and 7 deletions
--- a/graphics/gd/Makefile
+++ b/graphics/gd/Makefile
@ -2,8 +2,7 @@
 # $FreeBSD$

 PORTNAME=	libgd
-PORTVERSION=	2.2.4
-PORTREVISION=	1
+PORTVERSION=	2.2.5
 PORTEPOCH=	1
 CATEGORIES+=	graphics
 MASTER_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/
@ -24,6 +23,7 @@ USES=		tar:xz pkgconfig pathfix libtool:keepla shebangfix jpeg
 SHEBANG_FILES=	${WRKSRC}/src/bdftogd
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
+TEST_TARGET=	check

 OPTIONS_DEFINE=	FONTCONFIG ICONV XPM WEBP
 OPTIONS_DEFAULT=FONTCONFIG WEBP
@ -90,6 +90,6 @@ pre-build:
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \
 		${STAGEDIR}${PREFIX}/include/
-	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.4
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6*

 .include <bsd.port.mk>
--- a/graphics/gd/distinfo
+++ b/graphics/gd/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1485463341
-SHA256 (libgd-2.2.4.tar.xz) = 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6
-SIZE (libgd-2.2.4.tar.xz) = 2478528
+TIMESTAMP = 1531337629
+SHA256 (libgd-2.2.5.tar.xz) = 8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51
+SIZE (libgd-2.2.5.tar.xz) = 2594092
--- a/graphics/gd/files/patch-gd_gif_in.c
+++ b/graphics/gd/files/patch-gd_gif_in.c
@ -0,0 +1,34 @@
+See:
+
+	https://bugs.php.net/bug.php?id=75571
+
+--- src/gd_gif_in.c	2017-08-30 07:05:54.000000000 -0400
+++ src/gd_gif_in.c	2018-07-11 15:39:11.746181000 -0400
+@@ -336,9 +336,4 @@
+ 	}
+ 
+-	if(!im->colorsTotal) {
+-		gdImageDestroy(im);
+-		return 0;
+-	}
+-
+ 	/* Check for open colors at the end, so
+ 	 * we can reduce colorsTotal and ultimately
+@@ -352,4 +347,9 @@
+ 	}
+ 
+	if(!im->colorsTotal) {
+		gdImageDestroy(im);
+		return 0;
+	}
+
+ 	return im;
+ }
+@@ -447,6 +447,5 @@
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
+ {
+-	int i, j, ret;
+-	unsigned char count;
+	int i, j, ret, count;
+ 
+ 	if(flag) {
--- a/graphics/gd/pkg-plist
+++ b/graphics/gd/pkg-plist
@ -29,5 +29,5 @@ lib/libgd.a
 lib/libgd.la
 lib/libgd.so
 lib/libgd.so.6
-lib/libgd.so.6.0.4
+lib/libgd.so.6.0.5
 libdata/pkgconfig/gdlib.pc