[gentoo-commits] repo/gentoo:master commit in: media-libs/gd/, media-libs/gd/files/

2019-03-03 Thread Thomas Deutschmann 
commit: 0c46087add86facfccbc875e0064cbc167775249
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Mon Mar  4 00:28:44 2019 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Mon Mar  4 00:28:59 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c46087a

media-libs/gd: rev bump to add some security patches

ossfuzz5700 fix
CVE-2018-5711
CVE-2019-6977
CVE-2019-6978

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann  gentoo.org>

 media-libs/gd/Manifest   |   2 +
 media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch | 124 ++
 media-libs/gd/files/gd-2.2.5-CVE-2019-6977.patch |  28 +++
 media-libs/gd/files/gd-2.2.5-CVE-2019-6978.patch | 278 +++
 media-libs/gd/files/gd-2.2.5-ossfuzz5700.patch   | 103 +
 media-libs/gd/gd-2.2.5-r2.ebuild |  82 +++
 6 files changed, 617 insertions(+)

diff --git a/media-libs/gd/Manifest b/media-libs/gd/Manifest
index 9957e0f8f60..986a6d40524 100644
--- a/media-libs/gd/Manifest
+++ b/media-libs/gd/Manifest
@@ -1 +1,3 @@
+DIST libgd-2.2.5-ossfuzz5700.dat 30 BLAKE2B 
5ddd3d2be2adf05e1e2eb1852cc689be57d4d77c57b471e8b6021877f2fb137d15b4c73445fbb23a9ed585974a96dd154759a48712c1e7b5bdc5750d534aee4a
 SHA512 
2394e92ff7a42c818e13a1ac9ad15bc81aa401adc917366ec8c440bb7f27a63777ab059aa03c501dafef0ac16b462dd23c7fb9f8086ce558203384a98a235fff
+DIST libgd-2.2.5-php_bug_75571.dat 1731 BLAKE2B 
4b5d3f258b73e8089ede1b2c9f538855f410965a9e01e1f3f151ae52f072036172b184bd1a4d07b8355bb974bf088bebb0e812175a277bb67926274272bd80a0
 SHA512 
b3048640ce7828cca7901fadc989e867cfc6d31b44c0f5a1bda54d7428f317c8c8fc6403fef301e193869a95eb46eb7195d47710ec7f8c507ba049cb6cdcb281
 DIST libgd-2.2.5.tar.xz 2594092 BLAKE2B 
222a7e012fbf9924ac391ee96c7cd3dec96afd78c6d43dfb680b33e7143e7df87fe6be75bbfe8fb93e916302d7daf08271214c84da28712e93a36465566cb2bd
 SHA512 
e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b

diff --git a/media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch 
b/media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch
new file mode 100644
index 000..6d9de06998a
--- /dev/null
+++ b/media-libs/gd/files/gd-2.2.5-CVE-2018-5711.patch
@@ -0,0 +1,124 @@
+From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" 
+Date: Wed, 29 Nov 2017 19:37:38 +0100
+Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx
+
+Due to a signedness confusion in `GetCode_` a corrupt GIF file can
+trigger an infinite loop.  Furthermore we make sure that a GIF without
+any palette entries is treated as invalid *after* open palette entries
+have been removed.
+
+CVE-2018-5711
+
+See also https://bugs.php.net/bug.php?id=75571.
+---
+ src/gd_gif_in.c |  12 ++--
+ tests/gif/CMakeLists.txt|   1 +
+ tests/gif/Makemodule.am |   2 ++
+ tests/gif/php_bug_75571.c   |  28 
+ tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes
+ 6 files changed, 38 insertions(+), 6 deletions(-)
+ create mode 100644 tests/gif/php_bug_75571.c
+
+diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
+index daf26e79..0a8bd717 100644
+--- a/src/gd_gif_in.c
 b/src/gd_gif_in.c
+@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) 
gdImageCreateFromGifCtx(gdIOCtxPtr fd)
+   return 0;
+   }
+ 
+-  if(!im->colorsTotal) {
+-  gdImageDestroy(im);
+-  return 0;
+-  }
+-
+   /* Check for open colors at the end, so
+* we can reduce colorsTotal and ultimately
+* BitsPerPixel */
+@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) 
gdImageCreateFromGifCtx(gdIOCtxPtr fd)
+   }
+   }
+ 
++  if(!im->colorsTotal) {
++  gdImageDestroy(im);
++  return 0;
++  }
++
+   return im;
+ }
+ 
+@@ -447,7 +447,7 @@ static int
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int 
*ZeroDataBlockP)
+ {
+   int i, j, ret;
+-  unsigned char count;
++  int count;
+ 
+   if(flag) {
+   scd->curbit = 0;
+diff --git a/tests/gif/CMakeLists.txt b/tests/gif/CMakeLists.txt
+index 2b73749e..e58e6b09 100644
+--- a/tests/gif/CMakeLists.txt
 b/tests/gif/CMakeLists.txt
+@@ -4,6 +4,7 @@ LIST(APPEND TESTS_FILES
+   bug00227
+   gif_null
+   ossfuzz5700
++  php_bug_75571
+   uninitialized_memory_read
+ )
+ 
+diff --git a/tests/gif/Makemodule.am b/tests/gif/Makemodule.am
+index 3199438f..5dbeac53 100644
+--- a/tests/gif/Makemodule.am
 b/tests/gif/Makemodule.am
+@@ -4,6 +4,7 @@ libgd_test_programs += \
+   gif/bug00227 \
+   gif/gif_null \
+   gif/ossfuzz5700 \
++  gif/php_bug_75571 \
+   gif/uninitialized_memory_read
+ 
+ if HAVE_LIBPNG
+@@ -26,4 +27,5 @@ EXTRA_DIST += \
+   gif/bug00066.gif \
+   gif/bug00066_exp.png \
+   gif/ossfuzz5700.gif \
++

[gentoo-commits] repo/gentoo:master commit in: media-libs/gd/, media-libs/gd/files/

2016-11-02 Thread Markus Meier 
commit: 7492ba6074ec9a5c1e726b553faa6878dbae6d95
Author: Markus Meier  gentoo  org>
AuthorDate: Wed Nov  2 18:52:40 2016 +
Commit: Markus Meier  gentoo  org>
CommitDate: Wed Nov  2 18:52:40 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7492ba60

media-libs/gd: remove old, bug #587662

Package-Manager: portage-2.3.2

 media-libs/gd/Manifest |  1 -
 media-libs/gd/files/gd-2.2.2-osx-libtool.patch | 37 ---
 media-libs/gd/gd-2.2.2.ebuild  | 65 --
 3 files changed, 103 deletions(-)

diff --git a/media-libs/gd/Manifest b/media-libs/gd/Manifest
index fb5be03..49ca5f9 100644
--- a/media-libs/gd/Manifest
+++ b/media-libs/gd/Manifest
@@ -1,2 +1 @@
-DIST libgd-2.2.2.tar.xz 2105628 SHA256 
489f756ce07f0c034b1a794f4d34fdb4d829256112cb3c36feb40bb56b79218c SHA512 
65c2f22ff35b5d62889921d7963d9cf808700299aece9292716555ac544e8c52ca435d6c5f817610553162e249343868a9164bf0fef9d59b61cd8075334c7e8d
 WHIRLPOOL 
862588677be868c56af7c312e4aa66a5e67f10ccbc3cc7209b0fd23bcc3aae594c1e092b4b08ca7f913b334be47a486e696bced69d3f461056649f9ea8cc130d
 DIST libgd-2.2.3.tar.xz 2164152 SHA256 
746b6cbd6769a22ff3ba6f5756f3512a769bd4cdf4695dff17f4867f25fa7d3c SHA512 
bdc6d086bc054beda6574ec46baa4cd94048a5f2f357f875ba05983e92d247f1b731434b9e438c6aef09d46fa96f1a7e1f330a25a77ffd2dd78aa8a32d652557
 WHIRLPOOL 
1f290bb446618e402422488e77e1b88626ea3d9679653f10392b90386cf2ae861f9f8fdf624ebd96d152b764cfa3bf6f01859f58a033585db01ef8ea77c21e1a

diff --git a/media-libs/gd/files/gd-2.2.2-osx-libtool.patch 
b/media-libs/gd/files/gd-2.2.2-osx-libtool.patch
deleted file mode 100644
index 4d20f33..
--- a/media-libs/gd/files/gd-2.2.2-osx-libtool.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-https://bugs.gentoo.org/583584
-https://github.com/libgd/libgd/issues/241
-
-From dd6615fd138e53656a7883015d4a6b2d02292b26 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger 
-Date: Sat, 21 May 2016 15:00:53 -0400
-Subject: [PATCH] libtool: rework revision to fix OS X breakage
-
-It seems the OS X linker restricts the revision field to 8 bits.
-Rework how we calculate that value and pack it in closer to fit.
-It might produce some collisions if we get to like 2.2.8, but oh
-well ... this field doesn't need to be super exact.
-
-Fixes #214 and fixes #241.

- configure.ac | 7 ++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
 a/configure
-+++ b/configure
-@@ -2460,7 +2460,12 @@ AC_SUBST(GDLIB_VERSION)
- # See 
http://www.gnu.org/software/libtool/manual/libtool.html#Updating-version-info
- 
- GDLIB_LT_CURRENT=3
-+# This is the version where the soname (current above) changes.  We use it
-+# to reset the revision base back to zero.  It's a bit of a pain, but some
-+# systems restrict the revision range below to [0..255] (like OS X).
-+GDLIB_PREV_MAJOR=2
-+GDLIB_PREV_MINOR=2
--GDLIB_LT_REVISION=$(printf '%i%02i%02i' $GDLIB_MAJOR $GDLIB_MINOR 
$GDLIB_REVISION)
-+GDLIB_LT_REVISION=$(( ((GDLIB_MAJOR - GDLIB_PREV_MAJOR) << 6) | ((GDLIB_MINOR 
- GDLIB_PREV_MINOR) << 3) | GDLIB_REVISION ))
- GDLIB_LT_AGE=0
- 
- 
--- 
-2.8.2
-

diff --git a/media-libs/gd/gd-2.2.2.ebuild b/media-libs/gd/gd-2.2.2.ebuild
deleted file mode 100644
index 1666398..
--- a/media-libs/gd/gd-2.2.2.ebuild
+++ /dev/null
@@ -1,65 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils libtool multilib-minimal
-
-DESCRIPTION="A graphics library for fast image creation"
-HOMEPAGE="http://libgd.org/ http://www.boutell.com/gd/;
-SRC_URI="https://github.com/libgd/libgd/releases/download/${P}/lib${P}.tar.xz;
-
-LICENSE="gd IJG HPND BSD"
-SLOT="2/3"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc 
x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~x86-interix 
~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris 
~x64-solaris ~x86-solaris"
-IUSE="fontconfig jpeg png static-libs tiff truetype webp xpm zlib"
-
-# fontconfig has prefixed font paths, details see bug #518970
-REQUIRED_USE="prefix? ( fontconfig )"
-
-RDEPEND="fontconfig? ( >=media-libs/fontconfig-2.10.92[${MULTILIB_USEDEP}] )
-   jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
-   png? ( >=media-libs/libpng-1.6.10:0=[${MULTILIB_USEDEP}] )
-   tiff? ( media-libs/tiff:0[${MULTILIB_USEDEP}] )
-   truetype? ( >=media-libs/freetype-2.5.0.1[${MULTILIB_USEDEP}] )
-   webp? ( media-libs/libwebp[${MULTILIB_USEDEP}] )
-   xpm? ( >=x11-libs/libXpm-3.5.10-r1[${MULTILIB_USEDEP}] 
>=x11-libs/libXt-1.1.4[${MULTILIB_USEDEP}] )
-   zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-   >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
-
-S="${WORKDIR}/lib${P}"
-
-PATCHES=(
-   "${FILESDIR}"/${P}-osx-libtool.patch #583584
-)
-
-src_prepare() {
-   default
-   elibtoolize  # for shared library on Solaris
-}
-

[gentoo-commits] repo/gentoo:master commit in: media-libs/gd/, media-libs/gd/files/

2016-03-12 Thread Markus Meier 
commit: 13f429c8a0b8dd1d56e98c84108a20b5b5db9d6f
Author: Markus Meier  gentoo  org>
AuthorDate: Sat Mar 12 11:18:29 2016 +
Commit: Markus Meier  gentoo  org>
CommitDate: Sat Mar 12 11:18:29 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13f429c8

media-libs/gd: remove old for bug #538686

Package-Manager: portage-2.2.27

 media-libs/gd/Manifest |   1 -
 media-libs/gd/files/gd-2.0.35-fontconfig.patch |  25 -
 .../gd/files/gd-2.0.35-libpng-pkg-config.patch | 113 -
 media-libs/gd/files/gd-2.0.35-libpng14.patch   |  16 ---
 media-libs/gd/files/gd-2.0.35-maxcolors.patch  |  17 
 media-libs/gd/gd-2.0.35-r3.ebuild  |  69 -
 media-libs/gd/gd-2.0.35-r4.ebuild  | 101 --
 media-libs/gd/gd-2.1.1.ebuild  |  59 ---
 8 files changed, 401 deletions(-)

diff --git a/media-libs/gd/Manifest b/media-libs/gd/Manifest
index 8fc786d..3703145 100644
--- a/media-libs/gd/Manifest
+++ b/media-libs/gd/Manifest
@@ -1,2 +1 @@
-DIST gd-2.0.35.tar.bz2 1212730 SHA256 
bf222490749d2a9a9ac3593b01eb55aed98461ff81202414707f61b42aa300f9 SHA512 
eef8150adc040bed920155337211864a41ae3c4532e852ad443a3a3b9ffdc7fd3130698041b7b19b0b1207e78a80c263c6da26eba7208cdeeff78283c7d0d281
 WHIRLPOOL 
9eca23a184106652ef5c19ee3b5c18e23d742e21103c66907bf829910b95aa92eea7620c5579bf493c14730bc0327a4d662ffaf9bf9a5538127b8c10cc9c6b84
 DIST libgd-2.1.1.tar.xz 2039132 SHA256 
9ada1ed45594abc998ebc942cef12b032fbad672e73efc22bc9ff54f5df2b285 SHA512 
48f02a4b89e412870f9091b92eb26136c5c0d795722262ad973c7d4103476204a2de36133a2634b8f410d6bccdcf60afb829a74ac2fddfb96aff2cd2567b
 WHIRLPOOL 
a38cf1f060db35d247b54038e731484e6230cd8a9da263a8c4823aaf6b3ce455c0747bbbde60f131d85a48340e39a5c8d6273fa51366cbe2436530520211a238

diff --git a/media-libs/gd/files/gd-2.0.35-fontconfig.patch 
b/media-libs/gd/files/gd-2.0.35-fontconfig.patch
deleted file mode 100644
index ca31302..000
--- a/media-libs/gd/files/gd-2.0.35-fontconfig.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-fix from upstream
-
-http://bugs.gentoo.org/363367
-
-# HG changeset patch
-# User tabe
-# Date 1239812355 0
-# Node ID 3ea283efcdafcb2acc1dd0ace1d3d48da6d8cec8
-# Parent  4f29a877875f63cee5a64e7bea406a61882a565e
-fixed FS#199
-
-199, Fixed useFontConfig() to work as documented (Ethan Merritt)
- 
-diff -r 4f29a877875f -r 3ea283efcdaf src/gdft.c
 a/src/gdft.c   Sat Apr 04 12:00:37 2009 +
-+++ b/src/gdft.c   Wed Apr 15 16:19:15 2009 +
-@@ -1688,7 +1688,7 @@
- BGD_DECLARE(int) gdFTUseFontConfig(int flag)
- {
- #ifdef HAVE_LIBFONTCONFIG
--  fontConfigFlag = 1;
-+  fontConfigFlag = flag;
-   return 1;
- #else
-   return 0;

diff --git a/media-libs/gd/files/gd-2.0.35-libpng-pkg-config.patch 
b/media-libs/gd/files/gd-2.0.35-libpng-pkg-config.patch
deleted file mode 100644
index 4b8971f..000
--- a/media-libs/gd/files/gd-2.0.35-libpng-pkg-config.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-use libpng's pkg-config files rather than the ugly xxx-config scripts
-
 a/configure.ac
-+++ b/configure.ac
-@@ -47,6 +47,7 @@ AC_PROG_LIBTOOL
- AC_PROG_LN_S
- AC_PROG_MAKE_SET
- #AC_PROG_RANLIB
-+PKG_PROG_PKG_CONFIG
- 
- dnl may be required for freetype and Xpm
- AC_PATH_X
-@@ -340,74 +341,26 @@ AC_CHECK_LIB(z,deflate,
- dnl libpng is required
- AC_ARG_WITH(png,dnl
- [  --with-png=DIR  where to find the png library],,
--  withval=yes)
--
--# libpng12.so is a nightmare. We have to test separately for
--# libpng12-config and libpng-config. If we find libpng12-config,
--# we don't look for the other, which will just be a symlink to it,
--# confusing autoconf into thinking the library itself will be named -lpng,
--# which it won't be. Awful. This code will suffice unless the libpng
--# authors decide to do this AGAIN. Which I really hope they won't. TBB
--
--if test "$withval" != no; then
--  AC_PATH_PROG([LIBPNG12_CONFIG], [libpng12-config])
--  AC_PATH_PROG([LIBPNG_CONFIG], [libpng-config])
--  if test -n "$LIBPNG12_CONFIG"; then
--libpng_CPPFLAGS=`libpng12-config --cflags`
--# should be --ldopts, but it's currently broken
--libpng_LDFLAGS=`libpng12-config --ldflags`
--libpng_LDFLAGS=`echo " $libpng_LDFLAGS" | sed 's/ -l[[^ ]][[^ ]]*//g'`
--  elif test -n "$LIBPNG_CONFIG"; then
--libpng_CPPFLAGS=`libpng-config --cflags`
--# should be --ldopts, but it's currently broken
--libpng_LDFLAGS=`libpng-config --ldflags`
--libpng_LDFLAGS=`echo " $libpng_LDFLAGS" | sed 's/ -l[[^ ]][[^ ]]*//g'`
--  elif test -d "$withval"; then
--libpng_CPPFLAGS="-I$withval/include"
--libpng_LDFLAGS="-L$withval/lib"
--  fi
--
--  AC_CHECK_HEADERS(png.h,,
--[AC_CHECK_HEADERS(libpng/png.h,
--   [CPPFLAGS="$CPPFLAGS $libpng_CPPFLAGS/libpng"],
--   [CPPFLAGS="$_cppflags"])])
--
--  _ldflags="$LDFLAGS"
--  LDFLAGS="$libpng_LDFLAGS $LDFLAGS"
--
--  if test -n "$LIBPNG12_CONFIG"; then