From 69f804d45c3bfdad11a6d6b0c1e4b5fe1e571831 Mon Sep 17 00:00:00 2001 From: ryoon Date: Tue, 30 Jun 2015 10:20:10 +0000 Subject: Update to 2.1.1 Changelog: GD team proudly announces that the 2.1.1 version of GD Graphics Library has been released. We have fixed some reported bugs and improved the build scripts (cmake and configure). See the Changelog files for a full list with details or CVEs. This is a recommended update. --- graphics/gd/Makefile | 9 +++--- graphics/gd/distinfo | 10 +++---- graphics/gd/patches/patch-src_gd__gif__in.c | 45 ----------------------------- graphics/gd/patches/patch-src_webpimg.c | 30 +++++++++++++++++++ 4 files changed, 40 insertions(+), 54 deletions(-) delete mode 100644 graphics/gd/patches/patch-src_gd__gif__in.c create mode 100644 graphics/gd/patches/patch-src_webpimg.c (limited to 'graphics/gd') diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index c7d206d0c34..b5f8524aaf3 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -1,16 +1,17 @@ -# $NetBSD: Makefile,v 1.105 2015/06/30 09:57:36 ryoon Exp $ +# $NetBSD: Makefile,v 1.106 2015/06/30 10:20:10 ryoon Exp $ -DISTNAME= libgd-2.1.0 +DISTNAME= libgd-2.1.1 PKGNAME= ${DISTNAME:S/libgd/gd/} -PKGREVISION= 4 CATEGORIES= graphics -MASTER_SITES= http://cdn.bitbucket.org/libgd/gd-libgd/downloads/ +MASTER_SITES= https://bitbucket.org/libgd/gd-libgd/downloads/ EXTRACT_SUFX= .tar.xz MAINTAINER= adam@NetBSD.org HOMEPAGE= http://libgd.bitbucket.org/ COMMENT= Graphics library for the dynamic creation of images +#WRKSRC= ${WRKDIR}/${DISTNAME:S/libgd-/libgd-gd-/} + .include "options.mk" USE_LIBTOOL= yes diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo index 78c3f4c6068..903211b8072 100644 --- a/graphics/gd/distinfo +++ b/graphics/gd/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.36 2015/04/12 15:09:32 tnn Exp $ +$NetBSD: distinfo,v 1.37 2015/06/30 10:20:10 ryoon Exp $ -SHA1 (libgd-2.1.0.tar.xz) = 66c56fc07246b66ba649c83e996fd2085ea2f9e2 -RMD160 (libgd-2.1.0.tar.xz) = 3fcdf88e1ca653ffd40ddba607dbc317ca87bf63 -Size (libgd-2.1.0.tar.xz) = 2004304 bytes +SHA1 (libgd-2.1.1.tar.xz) = 9038ed488b577d16aa8c32b6c10b4a70b10f7fa1 +RMD160 (libgd-2.1.1.tar.xz) = 8d564caf9a953d344fb9a5e169d241510a2c71f1 +Size (libgd-2.1.1.tar.xz) = 2039132 bytes SHA1 (patch-aa) = 00198349dd9cff60f1f5738524096a251057eb16 SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5 -SHA1 (patch-src_gd__gif__in.c) = 4c18302fa45b482b28f5b618681354690eaa9b2d +SHA1 (patch-src_webpimg.c) = 2717cbcfdbbddfc8cd96de2d4f6a07a0485ba086 diff --git a/graphics/gd/patches/patch-src_gd__gif__in.c b/graphics/gd/patches/patch-src_gd__gif__in.c deleted file mode 100644 index b53c98d0303..00000000000 --- a/graphics/gd/patches/patch-src_gd__gif__in.c +++ /dev/null @@ -1,45 +0,0 @@ -$NetBSD: patch-src_gd__gif__in.c,v 1.1 2015/04/12 15:09:33 tnn Exp $ - -CVE-2014-9709 -https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43/raw/ - -From 47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Sat, 13 Dec 2014 08:48:18 +0100 -Subject: [PATCH] Fix possible buffer read overflow detected by - -fsanitize=address, thanks to Jan Bee - ---- - src/gd_gif_in.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c -index b3b4ca3..13a663c 100644 ---- src/gd_gif_in.c -+++ src/gd_gif_in.c -@@ -75,8 +75,10 @@ static struct { - - #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2) - -+#define CSD_BUF_SIZE 280 -+ - typedef struct { -- unsigned char buf[280]; -+ unsigned char buf[CSD_BUF_SIZE]; - int curbit; - int lastbit; - int done; -@@ -468,7 +470,12 @@ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroD - - ret = 0; - for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) { -- ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; -+ if (i < CSD_BUF_SIZE * 8) { -+ ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; -+ } else { -+ ret = -1; -+ break; -+ } - } - - scd->curbit += code_size; diff --git a/graphics/gd/patches/patch-src_webpimg.c b/graphics/gd/patches/patch-src_webpimg.c new file mode 100644 index 00000000000..2d0b00dec61 --- /dev/null +++ b/graphics/gd/patches/patch-src_webpimg.c @@ -0,0 +1,30 @@ +$NetBSD: patch-src_webpimg.c,v 1.1 2015/06/30 10:20:11 ryoon Exp $ + +Fix build with libvpx-1.4.0. + +https://github.com/libgd/libgd/commit/d41eb72cd4545c394578332e5c102dee69e02ee8#diff-6df10f67563acb6f093f2d9fe3549f08 + +--- src/webpimg.c.orig 2015-01-14 03:09:04.000000000 +0000 ++++ src/webpimg.c +@@ -711,14 +711,14 @@ static WebPResult VPXEncode(const uint8* + codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0); + codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2); + +- vpx_img_wrap(&img, IMG_FMT_I420, ++ vpx_img_wrap(&img, VPX_IMG_FMT_I420, + y_width, y_height, 16, (uint8*)(Y)); +- img.planes[PLANE_Y] = (uint8*)(Y); +- img.planes[PLANE_U] = (uint8*)(U); +- img.planes[PLANE_V] = (uint8*)(V); +- img.stride[PLANE_Y] = y_stride; +- img.stride[PLANE_U] = uv_stride; +- img.stride[PLANE_V] = uv_stride; ++ img.planes[VPX_PLANE_Y] = (uint8*)(Y); ++ img.planes[VPX_PLANE_U] = (uint8*)(U); ++ img.planes[VPX_PLANE_V] = (uint8*)(V); ++ img.stride[VPX_PLANE_Y] = y_stride; ++ img.stride[VPX_PLANE_U] = uv_stride; ++ img.stride[VPX_PLANE_V] = uv_stride; + + res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY); + -- cgit v1.2.3