UPDATE: graphics/gd

Sat, 14 Nov 2015 04:34:57 -0800 

Hi @ports,

simple libgd update to 2.1.1. CVE-2014-9709 patch is not more necessary.
Tested on amd64: "All 93 tests passed".

Cheers, Rafael


Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/gd/Makefile,v
retrieving revision 1.62
diff -u -p -u -p -r1.62 Makefile
--- Makefile    17 Aug 2015 19:52:39 -0000      1.62
+++ Makefile    14 Nov 2015 12:19:52 -0000
@@ -2,10 +2,9 @@
 
 COMMENT=       library for dynamic creation of images
 
-V=             2.1.0
+V=             2.1.1
 DISTNAME=      libgd-$V
 PKGNAME=       gd-$V
-REVISION=      2
 
 SHARED_LIBS=   gd      21.0
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/gd/distinfo,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 distinfo
--- distinfo    17 Mar 2014 23:20:57 -0000      1.7
+++ distinfo    14 Nov 2015 12:19:52 -0000
@@ -1,2 +1,2 @@
-SHA256 (libgd-2.1.0.tar.gz) = PO72nVRUo5LoeTrpC18NYy3T4gh5wShWqh0dPQY6Ucg=
-SIZE (libgd-2.1.0.tar.gz) = 2330322
+SHA256 (libgd-2.1.1.tar.gz) = z0e85aTExtx3uo0DSdHuyc7/d+2G8UskmgeAt/GFVMU=
+SIZE (libgd-2.1.1.tar.gz) = 2390586
Index: patches/patch-src_gd_gif_in_c
===================================================================
RCS file: patches/patch-src_gd_gif_in_c
diff -N patches/patch-src_gd_gif_in_c
--- patches/patch-src_gd_gif_in_c       26 Mar 2015 09:16:31 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,32 +0,0 @@
-$OpenBSD: patch-src_gd_gif_in_c,v 1.1 2015/03/26 09:16:31 jasper Exp $
-
-Security fix for CVE-2014-9709, gd: buffer read overflow in gd_gif_in.c
-
---- src/gd_gif_in.c.orig       Thu Mar 26 10:07:17 2015
-+++ src/gd_gif_in.c    Thu Mar 26 10:08:35 2015
-@@ -75,8 +75,10 @@ static struct {
- 
- #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2)
- 
-+#define CSD_BUF_SIZE 280
-+
- typedef struct {
--      unsigned char buf[280];
-+      unsigned char buf[CSD_BUF_SIZE];
-       int curbit;
-       int lastbit;
-       int done;
-@@ -410,7 +412,12 @@ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_
- 
-       ret = 0;
-       for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) {
--              ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j;
-+              if (i < CSD_BUF_SIZE * 8) {
-+                      ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j;
-+              } else {
-+                      ret = -1;
-+                      break;
-+              }
-       }
- 
-       scd->curbit += code_size;

Reply via email to