Potential double-free in gdImage*Ptr(). (CVE-2019-6978)
gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977)
Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038)
Double-free in gdImageBmp. (CVE-2018-1000222)
Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553)
Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711)
and see https://github.com/libgd/libgd/blob/gd-2.3.0/CHANGELOG.md
(if anyone is thinking of backporting, gdlib-config was removed,
p5-GD and cvsgraph updates will be needed)
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
### Security
- Double-free in gdImagePngPtr(). (CVE-2017-6362)
- Buffer over-read into uninitialized memory. (CVE-2017-7890)
### Fixed
- Fix#109: XBM reading fails with printed error
- Fix#338: Fatal and normal libjpeg/ibpng errors not distinguishable
- Fix#357: 2.2.4: Segfault in test suite
- Fix#386: gdImageGrayScale() may produce colors
- Fix#406: webpng -i removes the transparent color
- Fix Coverity #155475: Failure to restore alphaBlendingFlag
- Fix Coverity #155476: potential resource leak
- Fix several build issues and test failures
- Fix and reenable optimized support for reading 1 bps TIFFs
SECURITY fix for:
CVE-2016-9317,CVE-2016-6912,CVE-2016-10166,CVE-2016-10167,
CVE-2016-5767,CVE-2016-10168,CVE-2015-8874,CVE-2016-9933
Initial diff from me, diff to replace multimedia/libvpx with
graphics/libwebp from Brad Smith
ok sthen@, "looks okay" @landry
this is to force pkg_add -u to pick them up because moving to PIE does change
these files but since there are no library bumps, the package signature stays
the same.
there are probably others, these are just ones I've run into. not a great
fix, and needs to be repeated when other arch move, but it's the simplest low
impact fix and I'm fed up with "relocation R_X86_64_32S can not be used
when making a shared object; recompile with -fPIC"
Fixes an infinite loop error within the handling of GIF images.
Detailed information: http://secunia.com/advisories/20500/
Fix from Xavier Roche via Ubuntu via NetBSD
ok naddy@
