update to libgd-2.3.0, includes some security-related and other fixes,

Potential double-free in gdImage*Ptr(). (CVE-2019-6978) gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977) Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038) Double-free in gdImageBmp. (CVE-2018-1000222) Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553) Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711) and see https://github.com/libgd/libgd/blob/gd-2.3.0/CHANGELOG.md (if anyone is thinking of backporting, gdlib-config was removed, p5-GD and cvsgraph updates will be needed)
2020-06-30 00:05:49 +00:00 · 2020-06-30 00:05:49 +00:00 · 032bdbd62b
commit 032bdbd62b
parent d31c999b45
3 changed files with 11 additions and 14 deletions
--- a/graphics/gd/Makefile
+++ b/graphics/gd/Makefile
@ -1,26 +1,24 @@
-# $OpenBSD: Makefile,v 1.78 2019/07/12 20:46:58 sthen Exp $
-
-PORTROACH=	skipv:gd-2.2.5
+# $OpenBSD: Makefile,v 1.79 2020/06/30 00:05:49 sthen Exp $

 COMMENT=	library for dynamic creation of images

-V=		2.2.5
+V=		2.3.0
 DISTNAME=	libgd-$V
 PKGNAME=	gd-$V
-REVISION=	1

 SHARED_LIBS +=	gd                   22.0     # 3.0

 CATEGORIES=	graphics

-HOMEPAGE=	http://www.libgd.org/
+HOMEPAGE=	https://libgd.github.io/

 PERMIT_PACKAGE=	Yes

-WANTLIB += c expat fontconfig freetype iconv jpeg m png pthread
-WANTLIB += ${COMPILER_LIBCXX} tiff webp z
+WANTLIB += c expat fontconfig freetype iconv jpeg lzma m png pthread
+WANTLIB += tiff webp z zstd

-COMPILER =		base-clang ports-gcc base-gcc
+COMPILER =	base-clang ports-gcc base-gcc
+DEBUG_PACKAGES = ${BUILD_PACKAGES}

 MASTER_SITES=	https://github.com/libgd/libgd/releases/download/${PKGNAME}/

--- a/graphics/gd/distinfo
+++ b/graphics/gd/distinfo
@ -1,2 +1,2 @@
-SHA256 (libgd-2.2.5.tar.gz) = pmERybSgToGOnio3166NSq4JOaEAo2sP+1LHBqCQdLU=
-SIZE (libgd-2.2.5.tar.gz) = 3345603
+SHA256 (libgd-2.3.0.tar.gz) = MlkONhoepsk5FdJEirAEF5LBG657GO6BJRT+CLLGo0I=
+SIZE (libgd-2.3.0.tar.gz) = 3102749
--- a/graphics/gd/pkg/PLIST
+++ b/graphics/gd/pkg/PLIST
@ -1,11 +1,10 @@
-@comment $OpenBSD: PLIST,v 1.13 2015/05/22 11:31:15 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.14 2020/06/30 00:05:49 sthen Exp $
@bin bin/annotate
 bin/bdftogd
@bin bin/gd2copypal
@bin bin/gd2togif
@bin bin/gd2topng
@bin bin/gdcmpgif
-bin/gdlib-config
@bin bin/gdparttopng
@bin bin/gdtopng
@bin bin/giftogd2
@ -25,7 +24,7 @@ include/gdfonts.h
 include/gdfontt.h
 include/gdfx.h
 include/gdpp.h
-lib/libgd.a
+@static-lib lib/libgd.a
 lib/libgd.la
@lib lib/libgd.so.${LIBgd_VERSION}
 lib/pkgconfig/gdlib.pc