Hi, Below is the diff to update sdl2-image to 2.0.5. Like typical for this port, there's a bunch of security issues addressed with this update:
TALOS-2019-0820 (CVE-2019-5051) TALOS-2019-0821 (CVE-2019-5052) TALOS-2019-0841 TALOS-2019-0842 TALOS-2019-0843 TALOS-2019-0844 (0841 through 0844 are apparently undisclosed zeroday vulns per [1].) I also updates external libs to libpng 1.6.32 and libwebp 1.0.2. Our libwebp port however is only 1.0.0. Nonetheless, I didn't encounter any issues during (limited) testing of the consumers. I identified all consumers via sqlports. Tested the following consumers briefly without any issues: games/barony games/blobwars games/cataclysm-dda games/chromium-bsu games/colobot/colobot games/flare games/fnaify games/freedink games/freeserf games/hedgewars games/koboredux games/manaplus games/mirrormagic games/pioneer games/redeclipse games/rocksndiamonds games/sdlpop games/solarus (tested with zsdx) games/starfighter games/stone-soup games/supertux games/tbftss games/tome4 games/wesnoth games/widelands graphics/grafx2 sysutils/gource I didn't test the following consumers because of lack of required data files: games/fifechan games/fifengine x11/cegui sysutils/logstalgia No change to lib version because check_sym: /usr/local/lib/libSDL2_image.so.0.1 --> /usr/ports/pobj/sdl2-image-2.0.5/SDL2_image-2.0.5/.libs/libSDL2_image.so.0.2 No dynamic export changes Official release notes can be found at [2]. Update license marker while here. ok? OK to also backport this to -stable? [1] https://www.talosintelligence.com/vulnerability_info [2] https://www.libsdl.org/projects/SDL_image/ Index: Makefile =================================================================== RCS file: /cvs/ports/devel/sdl2-image/Makefile,v retrieving revision 1.12 diff -u -p -r1.12 Makefile --- Makefile 17 May 2019 16:45:25 -0000 1.12 +++ Makefile 11 Jul 2019 19:24:46 -0000 @@ -1,11 +1,10 @@ # $OpenBSD: Makefile,v 1.12 2019/05/17 16:45:25 sthen Exp $ -V = 2.0.4 +V = 2.0.5 COMMENT = SDL2 image library DISTNAME = SDL2_image-${V} PKGNAME = sdl2-image-${V} CATEGORIES = devel graphics -REVISION = 0 SHARED_LIBS += SDL2_image 0.1 # 0.4 @@ -14,12 +13,11 @@ HOMEPAGE = https://www.libsdl.org/projec MAINTAINER = Thomas Frohwein <[email protected]> # zlib -PERMIT_PACKAGE_CDROM = Yes +PERMIT_PACKAGE = Yes WANTLIB += SDL2 jpeg m png pthread samplerate sndio tiff usbhid webp z MASTER_SITES = https://www.libsdl.org/projects/SDL_image/release/ - LIB_DEPENDS = devel/sdl2>=2.0.8 \ graphics/jpeg \ Index: distinfo =================================================================== RCS file: /cvs/ports/devel/sdl2-image/distinfo,v retrieving revision 1.4 diff -u -p -r1.4 distinfo --- distinfo 20 Jan 2019 23:37:36 -0000 1.4 +++ distinfo 11 Jul 2019 19:24:46 -0000 @@ -1,2 +1,2 @@ -SHA256 (SDL2_image-2.0.4.tar.gz) = 507EnCQC6yQvv6FvL0OhlYKnTC6r+/uHPwDUJQA4zqw= -SIZE (SDL2_image-2.0.4.tar.gz) = 11682695 +SHA256 (SDL2_image-2.0.5.tar.gz) = vdX24CZoL31+G+C2BRsgnaL0AqLdi9HEvZwlrSYxCNA= +SIZE (SDL2_image-2.0.5.tar.gz) = 11736518
