Hi ports@, is there any good reason to not update libgd? Here are eight good reasons for a update:
- gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) - double-free in gdImageWebPtr() (CVE-2016-6912) - potential unsigned underflow in gd_interpolation.c (CVE-2016-10166) - DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) - Signed Integer Overflow gd_io.c (CVE-2016-10168) - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767) - #215 Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933) NULL Pointer Dereference at _gdScaleVert Test result from 2.1.1 on amd64: ============================================================ 1 of 93 tests failed Please report to https://bitbucket.org/libgd/gd-libgd/issues ============================================================ and from the new one: tsuite summary for GD 2.2.4 ============================================================================ # TOTAL: 153 # # PASS: 150 # # SKIP: 0 # # XFAIL: 0 # # FAIL: 3 # # XPASS: 0 # # ERROR: 0 # ============================================================================ Best regards, Rafael Sadowski Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/gd/Makefile,v retrieving revision 1.70 diff -u -p -u -p -r1.70 Makefile --- Makefile 10 Apr 2017 11:46:20 -0000 1.70 +++ Makefile 29 Apr 2017 21:04:18 -0000 @@ -2,12 +2,11 @@ COMMENT= library for dynamic creation of images -V= 2.1.1 -REVISION= 3 +V= 2.2.4 DISTNAME= libgd-$V PKGNAME= gd-$V -SHARED_LIBS += gd 21.1 # 3.0 +SHARED_LIBS += gd 22.0 # 3.0 CATEGORIES= graphics @@ -15,10 +14,10 @@ HOMEPAGE= http://www.libgd.org/ PERMIT_PACKAGE_CDROM= Yes -WANTLIB += c expat fontconfig freetype iconv jpeg m png pthread -WANTLIB += pthread-stubs ${LIBCXX} tiff vpx z +#WANTLIB += c expat fontconfig freetype iconv jpeg m png pthread +#WANTLIB += pthread-stubs ${LIBCXX} tiff vpx z -MASTER_SITES= https://bitbucket.org/libgd/gd-libgd/downloads/ +MASTER_SITES= https://github.com/libgd/libgd/releases/download/${PKGNAME}/ CONFIGURE_STYLE= gnu CONFIGURE_ARGS+= --without-xpm @@ -26,7 +25,6 @@ CONFIGURE_ARGS+= --without-xpm LIB_DEPENDS= converters/libiconv \ graphics/jpeg \ graphics/png \ - graphics/tiff \ - multimedia/libvpx + graphics/tiff .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/graphics/gd/distinfo,v retrieving revision 1.8 diff -u -p -u -p -r1.8 distinfo --- distinfo 14 Nov 2015 12:41:53 -0000 1.8 +++ distinfo 29 Apr 2017 21:04:18 -0000 @@ -1,2 +1,2 @@ -SHA256 (libgd-2.1.1.tar.gz) = z0e85aTExtx3uo0DSdHuyc7/d+2G8UskmgeAt/GFVMU= -SIZE (libgd-2.1.1.tar.gz) = 2390586 +SHA256 (libgd-2.2.4.tar.gz) = SHplCqYUIX7QirG9GqXSgvnTec/ZXHVq7QtDQGOBvmU= +SIZE (libgd-2.2.4.tar.gz) = 3013928 Index: patches/patch-src_gd_crop_c =================================================================== RCS file: patches/patch-src_gd_crop_c diff -N patches/patch-src_gd_crop_c --- patches/patch-src_gd_crop_c 30 Jun 2016 13:27:42 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,19 +0,0 @@ -$OpenBSD: patch-src_gd_crop_c,v 1.1 2016/06/30 13:27:42 jasper Exp $ - -CVE-2016-6128 -https://bugs.php.net/bug.php?id=72494 -https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd - ---- src/gd_crop.c.orig Thu Jun 30 15:23:49 2016 -+++ src/gd_crop.c Thu Jun 30 15:24:14 2016 -@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePt - return NULL; - } - -+ if (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im)) { -+ return NULL; -+ } -+ - /* TODO: Add gdImageGetRowPtr and works with ptr at the row level - * for the true color and palette images - * new formats will simply work with ptr Index: patches/patch-src_gd_gd2_c =================================================================== RCS file: patches/patch-src_gd_gd2_c diff -N patches/patch-src_gd_gd2_c --- patches/patch-src_gd_gd2_c 9 May 2016 06:29:18 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-src_gd_gd2_c,v 1.1 2016/05/09 06:29:18 ajacoutot Exp $ - -gd2: handle corrupt images better (CVE-2016-3074) - ---- src/gd_gd2.c.orig Sun May 8 23:50:58 2016 -+++ src/gd_gd2.c Sun May 8 23:52:14 2016 -@@ -167,6 +167,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, - if (gdGetInt (&cidx[i].size, in) != 1) { - goto fail2; - }; -+ if (cidx[i].offset < 0 || cidx[i].size < 0) -+ goto fail2; - }; - *chunkIdx = cidx; - }; Index: patches/patch-src_gd_gif_out_c =================================================================== RCS file: patches/patch-src_gd_gif_out_c diff -N patches/patch-src_gd_gif_out_c --- patches/patch-src_gd_gif_out_c 6 Jul 2016 08:46:01 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,41 +0,0 @@ -$OpenBSD: patch-src_gd_gif_out_c,v 1.1 2016/07/06 08:46:01 jasper Exp $ - -CVE-2016-6161 -https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 - ---- src/gd_gif_out.c.orig Tue Jan 6 10:16:03 2015 -+++ src/gd_gif_out.c Wed Jul 6 10:43:57 2016 -@@ -1442,15 +1442,23 @@ nomatch: - * code in turn. When the buffer fills up empty it and start over. - */ - --static unsigned long masks[] = { -+static const unsigned long masks[] = { - 0x0000, 0x0001, 0x0003, 0x0007, 0x000F, - 0x001F, 0x003F, 0x007F, 0x00FF, - 0x01FF, 0x03FF, 0x07FF, 0x0FFF, - 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF - }; - -+/* Arbitrary value to mark output is done. When we see EOFCode, then we don't -+ * expect to see any more data. If we do (e.g. corrupt image inputs), cur_bits -+ * might be negative, so flag it to return early. -+ */ -+#define CUR_BITS_FINISHED -1000 -+ - static void output(code_int code, GifCtx *ctx) - { -+ if (ctx->cur_bits == CUR_BITS_FINISHED) -+ return; - ctx->cur_accum &= masks[ctx->cur_bits]; - - if(ctx->cur_bits > 0) { -@@ -1492,6 +1500,8 @@ static void output(code_int code, GifCtx *ctx) - ctx->cur_accum >>= 8; - ctx->cur_bits -= 8; - } -+ /* Flag that it's done to prevent re-entry. */ -+ ctx->cur_bits = CUR_BITS_FINISHED; - - flush_char(ctx); - } Index: patches/patch-src_webpimg_c =================================================================== RCS file: patches/patch-src_webpimg_c diff -N patches/patch-src_webpimg_c --- patches/patch-src_webpimg_c 18 Apr 2015 09:16:36 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,28 +0,0 @@ -$OpenBSD: patch-src_webpimg_c,v 1.1 2015/04/18 09:16:36 sthen Exp $ - -Fix the build with newer libvpx. - ---- src/webpimg.c.orig Sun Apr 12 19:49:36 2015 -+++ src/webpimg.c Sun Apr 12 19:50:47 2015 -@@ -711,14 +711,14 @@ static WebPResult VPXEncode(const uint8* Y, - codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0); - codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2); - -- vpx_img_wrap(&img, IMG_FMT_I420, -+ vpx_img_wrap(&img, VPX_IMG_FMT_I420, - y_width, y_height, 16, (uint8*)(Y)); -- img.planes[PLANE_Y] = (uint8*)(Y); -- img.planes[PLANE_U] = (uint8*)(U); -- img.planes[PLANE_V] = (uint8*)(V); -- img.stride[PLANE_Y] = y_stride; -- img.stride[PLANE_U] = uv_stride; -- img.stride[PLANE_V] = uv_stride; -+ img.planes[VPX_PLANE_Y] = (uint8*)(Y); -+ img.planes[VPX_PLANE_U] = (uint8*)(U); -+ img.planes[VPX_PLANE_V] = (uint8*)(V); -+ img.stride[VPX_PLANE_Y] = y_stride; -+ img.stride[VPX_PLANE_U] = uv_stride; -+ img.stride[VPX_PLANE_V] = uv_stride; - - res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY); -
