pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2016Q2] pkgsrc/graphics/gd



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Wed Aug 10 18:12:37 UTC 2016

Modified Files:
        pkgsrc/graphics/gd [pkgsrc-2016Q2]: Makefile buildlink3.mk distinfo
            options.mk
Removed Files:
        pkgsrc/graphics/gd/patches [pkgsrc-2016Q2]: patch-aa patch-ab
            patch-configure patch-configure.ac patch-src_gd__bmp.c
            patch-src_gd__crop.c patch-src_webpimg.c

Log Message:
Pullup ticket #5080 - requested by sevan
graphics/gd: security fix

Revisions pulled up:
- graphics/gd/Makefile                                          1.111
- graphics/gd/buildlink3.mk                                     1.37
- graphics/gd/distinfo                                          1.41
- graphics/gd/options.mk                                        1.5
- graphics/gd/patches/patch-aa                                  deleted
- graphics/gd/patches/patch-ab                                  deleted
- graphics/gd/patches/patch-configure                           deleted
- graphics/gd/patches/patch-configure.ac                        deleted
- graphics/gd/patches/patch-src_gd__bmp.c                       deleted
- graphics/gd/patches/patch-src_gd__crop.c                      deleted
- graphics/gd/patches/patch-src_webpimg.c                       deleted

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Tue Aug  2 18:29:21 UTC 2016

   Modified Files:
           pkgsrc/graphics/gd: Makefile buildlink3.mk distinfo options.mk
   Removed Files:
           pkgsrc/graphics/gd/patches: patch-aa patch-ab patch-configure
               patch-configure.ac patch-src_gd__bmp.c patch-src_gd__crop.c
               patch-src_webpimg.c

   Log Message:
   We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series.

   Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
   * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
   * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
   * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
   * bug 248, fix Out-Of-Bounds Read in read_image_tga

   Using application provided parameters, in these cases invalid data causes the issues:
   * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
   * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
   * improve color check for CropThreshold

   Important update:
   * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.


To generate a diff of this commit:
cvs rdiff -u -r1.109 -r1.109.2.1 pkgsrc/graphics/gd/Makefile
cvs rdiff -u -r1.36 -r1.36.6.1 pkgsrc/graphics/gd/buildlink3.mk
cvs rdiff -u -r1.40 -r1.40.2.1 pkgsrc/graphics/gd/distinfo
cvs rdiff -u -r1.4 -r1.4.8.1 pkgsrc/graphics/gd/options.mk
cvs rdiff -u -r1.19 -r0 pkgsrc/graphics/gd/patches/patch-aa
cvs rdiff -u -r1.10 -r0 pkgsrc/graphics/gd/patches/patch-ab
cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/gd/patches/patch-configure \
    pkgsrc/graphics/gd/patches/patch-configure.ac \
    pkgsrc/graphics/gd/patches/patch-src_gd__crop.c \
    pkgsrc/graphics/gd/patches/patch-src_webpimg.c
cvs rdiff -u -r1.2 -r0 pkgsrc/graphics/gd/patches/patch-src_gd__bmp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/gd/Makefile
diff -u pkgsrc/graphics/gd/Makefile:1.109 pkgsrc/graphics/gd/Makefile:1.109.2.1
--- pkgsrc/graphics/gd/Makefile:1.109   Thu Jun 30 09:00:18 2016
+++ pkgsrc/graphics/gd/Makefile Wed Aug 10 18:12:37 2016
@@ -1,28 +1,30 @@
-# $NetBSD: Makefile,v 1.109 2016/06/30 09:00:18 taca Exp $
+# $NetBSD: Makefile,v 1.109.2.1 2016/08/10 18:12:37 bsiegert Exp $
 
-DISTNAME=      libgd-2.1.1
+DISTNAME=      libgd-2.2.3
 PKGNAME=       ${DISTNAME:S/libgd/gd/}
-PKGREVISION=   3
 CATEGORIES=    graphics
-MASTER_SITES=  https://bitbucket.org/libgd/gd-libgd/downloads/
+MASTER_SITES=  ${MASTER_SITE_GITHUB:=libgd/}
 EXTRACT_SUFX=  .tar.xz
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://libgd.bitbucket.org/
 COMMENT=       Graphics library for the dynamic creation of images
 
-#WRKSRC=               ${WRKDIR}/${DISTNAME:S/libgd-/libgd-gd-/}
+GITHUB_PROJECT=        libgd
+GITHUB_RELEASE=        gd-${PKGVERSION_NOREV}
 
 .include "options.mk"
 
 USE_LIBTOOL=           yes
 USE_TOOLS+=            perl:run
 GNU_CONFIGURE=         yes
+CONFIGURE_ARGS+=       --disable-werror
 CONFIGURE_ARGS+=       --with-fontconfig=${BUILDLINK_PREFIX.fontconfig}
 CONFIGURE_ARGS+=       --with-freetype=${BUILDLINK_PREFIX.freetype2}
 CONFIGURE_ARGS+=       --with-jpeg=${BUILDLINK_PREFIX.jpeg}
 CONFIGURE_ARGS+=       --with-png=${BUILDLINK_PREFIX.png}
 CONFIGURE_ARGS+=       --with-tiff=${BUILDLINK_PREFIX.tiff}
+CONFIGURE_ARGS+=       --with-webp=${BUILDLINK_PREFIX.libwebp}
 CONFIGURE_ARGS+=       --with-zlib=${BUILDLINK_PREFIX.zlib}
 REPLACE_PERL+=         src/bdftogd
 PTHREAD_AUTO_VARS=     yes
@@ -31,6 +33,7 @@ PTHREAD_AUTO_VARS=    yes
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../fonts/fontconfig/buildlink3.mk"
 .include "../../graphics/freetype2/buildlink3.mk"
+.include "../../graphics/libwebp/buildlink3.mk"
 .include "../../graphics/png/buildlink3.mk"
 .include "../../graphics/tiff/buildlink3.mk"
 .include "../../mk/jpeg.buildlink3.mk"

Index: pkgsrc/graphics/gd/buildlink3.mk
diff -u pkgsrc/graphics/gd/buildlink3.mk:1.36 pkgsrc/graphics/gd/buildlink3.mk:1.36.6.1
--- pkgsrc/graphics/gd/buildlink3.mk:1.36       Wed Nov 18 14:19:46 2015
+++ pkgsrc/graphics/gd/buildlink3.mk    Wed Aug 10 18:12:37 2016
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.36 2015/11/18 14:19:46 ryoon Exp $
+# $NetBSD: buildlink3.mk,v 1.36.6.1 2016/08/10 18:12:37 bsiegert Exp $
 
 BUILDLINK_TREE+=       gd
 
@@ -6,18 +6,11 @@ BUILDLINK_TREE+=      gd
 GD_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.gd+=     gd>=2.0.15nb1
-BUILDLINK_ABI_DEPENDS.gd+=     gd>=2.1.1nb2
+BUILDLINK_ABI_DEPENDS.gd+=     gd>=2.2.3
 BUILDLINK_PKGSRCDIR.gd?=       ../../graphics/gd
 
 .include "../../mk/bsd.fast.prefs.mk"
 
-_GD_PRE_LIBVPX_OPTION!= \
-       if ${PKG_INFO} -qe 'gd<2.1.0nb1'; then  \
-               ${ECHO} yes;                    \
-       else                                    \
-               ${ECHO} no;                     \
-       fi
-
 pkgbase := gd
 .include "../../mk/pkg-build-options.mk"
 
@@ -28,11 +21,9 @@ pkgbase := gd
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../fonts/fontconfig/buildlink3.mk"
 .include "../../graphics/freetype2/buildlink3.mk"
+.include "../../graphics/libwebp/buildlink3.mk"
 .include "../../graphics/png/buildlink3.mk"
 .include "../../graphics/tiff/buildlink3.mk"
-.if ${_GD_PRE_LIBVPX_OPTION} == "yes" || !empty(PKG_BUILD_OPTIONS.gd:Mlibvpx)
-.include "../../multimedia/libvpx/buildlink3.mk"
-.endif
 .include "../../mk/jpeg.buildlink3.mk"
 .include "../../mk/pthread.buildlink3.mk"
 .endif # GD_BUILDLINK3_MK

Index: pkgsrc/graphics/gd/distinfo
diff -u pkgsrc/graphics/gd/distinfo:1.40 pkgsrc/graphics/gd/distinfo:1.40.2.1
--- pkgsrc/graphics/gd/distinfo:1.40    Thu Jun 30 09:00:18 2016
+++ pkgsrc/graphics/gd/distinfo Wed Aug 10 18:12:37 2016
@@ -1,13 +1,6 @@
-$NetBSD: distinfo,v 1.40 2016/06/30 09:00:18 taca Exp $
+$NetBSD: distinfo,v 1.40.2.1 2016/08/10 18:12:37 bsiegert Exp $
 
-SHA1 (libgd-2.1.1.tar.xz) = 9038ed488b577d16aa8c32b6c10b4a70b10f7fa1
-RMD160 (libgd-2.1.1.tar.xz) = 8d564caf9a953d344fb9a5e169d241510a2c71f1
-SHA512 (libgd-2.1.1.tar.xz) = 48f444402a4b89e412870f9091b92eb26136c5c0d795722262ad973c7d4103476204a2de36133a2634b8f410d6bccdcf60afb829a74ac2fddfb96aff2cd2567b
-Size (libgd-2.1.1.tar.xz) = 2039132 bytes
-SHA1 (patch-aa) = 00198349dd9cff60f1f5738524096a251057eb16
-SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b
-SHA1 (patch-configure) = 53769c3daffa38c88d82093f59cb97b4bd38008f
-SHA1 (patch-configure.ac) = 72092d5a0ee7944249286edc0d3505176f15303f
-SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5
-SHA1 (patch-src_gd__crop.c) = 34c9716fe40e8f80cc126893dbafa0151bbf3b5a
-SHA1 (patch-src_webpimg.c) = 2717cbcfdbbddfc8cd96de2d4f6a07a0485ba086
+SHA1 (libgd-2.2.3.tar.xz) = 2f8cebec5afd6c83a3d5cb92f40ea4926b4daa98
+RMD160 (libgd-2.2.3.tar.xz) = e6c29133c2ea33c8ba16571892d2798ef0f5afea
+SHA512 (libgd-2.2.3.tar.xz) = bdc6d086bc054beda6574ec46baa4cd94048a5f2f357f875ba05983e92d247f1b731434b9e438c6aef09d46fa96f1a7e1f330a25a77ffd2dd78aa8a32d652557
+Size (libgd-2.2.3.tar.xz) = 2164152 bytes

Index: pkgsrc/graphics/gd/options.mk
diff -u pkgsrc/graphics/gd/options.mk:1.4 pkgsrc/graphics/gd/options.mk:1.4.8.1
--- pkgsrc/graphics/gd/options.mk:1.4   Sat Jul  4 16:18:35 2015
+++ pkgsrc/graphics/gd/options.mk       Wed Aug 10 18:12:37 2016
@@ -1,8 +1,7 @@
-# $NetBSD: options.mk,v 1.4 2015/07/04 16:18:35 joerg Exp $
+# $NetBSD: options.mk,v 1.4.8.1 2016/08/10 18:12:37 bsiegert Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.gd
-PKG_SUPPORTED_OPTIONS= libvpx x11
-PKG_SUGGESTED_OPTIONS= libvpx
+PKG_SUPPORTED_OPTIONS= x11
 
 .include "../../mk/bsd.options.mk"
 
@@ -13,10 +12,3 @@ CONFIGURE_ARGS+=     --with-xpm=${BUILDLINK_
 .else
 CONFIGURE_ARGS+=       --without-xpm
 .endif
-
-.if !empty(PKG_OPTIONS:Mlibvpx)
-.include "../../multimedia/libvpx/buildlink3.mk"
-CONFIGURE_ARGS+=       --with-vpx=${BUILDLINK_PREFIX.libvpx}
-.else
-CONFIGURE_ARGS+=       --without-vpx
-.endif



Home | Main Index | Thread Index | Old Index