UPDATE: graphics/gd

Hi ports@,

is there any good reason to not update libgd? Here are eight good
reasons for a update:

- gdImageCreate() doesn't check for oversized images and as such is prone
to DoS vulnerabilities. (CVE-2016-9317)
- double-free in gdImageWebPtr() (CVE-2016-6912)
- potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
- DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
- Signed Integer Overflow gd_io.c (CVE-2016-10168)
- Integer Overflow in gdImagePaletteToTrueColor() resulting in heap
overflow (CVE-2016-5767)
- #215 Stack overflow with gdImageFillToBorder (CVE-2015-8874,
CVE-2016-9933) NULL Pointer Dereference at _gdScaleVert

Test result from 2.1.1 on amd64:

============================================================
1 of 93 tests failed
Please report to https://bitbucket.org/libgd/gd-libgd/issues
============================================================

and from the new one:

tsuite summary for GD 2.2.4
============================================================================
# TOTAL: 153
# # PASS: 150
# # SKIP: 0
# # XFAIL: 0
# # FAIL: 3
# # XPASS: 0
# # ERROR: 0
# ============================================================================

Best regards,

Rafael Sadowski


Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/gd/Makefile,v
retrieving revision 1.70
diff -u -p -u -p -r1.70 Makefile
--- Makefile 10 Apr 2017 11:46:20 -0000 1.70
+++ Makefile 29 Apr 2017 21:04:18 -0000
@@ -2,12 +2,11 @@

COMMENT= library for dynamic creation of images

-V= 2.1.1
-REVISION= 3
+V= 2.2.4
DISTNAME= libgd-$V
PKGNAME= gd-$V

-SHARED_LIBS += gd 21.1 # 3.0
+SHARED_LIBS += gd 22.0 # 3.0

CATEGORIES= graphics

@@ -15,10 +14,10 @@ HOMEPAGE= http://www.libgd.org/

PERMIT_PACKAGE_CDROM= Yes

-WANTLIB += c expat fontconfig freetype iconv jpeg m png pthread
-WANTLIB += pthread-stubs ${LIBCXX} tiff vpx z
+#WANTLIB += c expat fontconfig freetype iconv jpeg m png pthread
+#WANTLIB += pthread-stubs ${LIBCXX} tiff vpx z

-MASTER_SITES= https://bitbucket.org/libgd/gd-libgd/downloads/
+MASTER_SITES= https://github.com/libgd/libgd/releases/download/${PKGNAME}/

CONFIGURE_STYLE= gnu
CONFIGURE_ARGS+= --without-xpm
@@ -26,7 +25,6 @@ CONFIGURE_ARGS+= --without-xpm
LIB_DEPENDS= converters/libiconv \
graphics/jpeg \
graphics/png \
- graphics/tiff \
- multimedia/libvpx
+ graphics/tiff

.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/gd/distinfo,v
retrieving revision 1.8
diff -u -p -u -p -r1.8 distinfo
--- distinfo 14 Nov 2015 12:41:53 -0000 1.8
+++ distinfo 29 Apr 2017 21:04:18 -0000
@@ -1,2 +1,2 @@
-SHA256 (libgd-2.1.1.tar.gz) = z0e85aTExtx3uo0DSdHuyc7/d+2G8UskmgeAt/GFVMU=
-SIZE (libgd-2.1.1.tar.gz) = 2390586
+SHA256 (libgd-2.2.4.tar.gz) = SHplCqYUIX7QirG9GqXSgvnTec/ZXHVq7QtDQGOBvmU=
+SIZE (libgd-2.2.4.tar.gz) = 3013928
Index: patches/patch-src_gd_crop_c
===================================================================
RCS file: patches/patch-src_gd_crop_c
diff -N patches/patch-src_gd_crop_c
--- patches/patch-src_gd_crop_c 30 Jun 2016 13:27:42 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-$OpenBSD: patch-src_gd_crop_c,v 1.1 2016/06/30 13:27:42 jasper Exp $
-
-CVE-2016-6128
-https://bugs.php.net/bug.php?id=72494
-https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd
-
---- src/gd_crop.c.orig Thu Jun 30 15:23:49 2016
-+++ src/gd_crop.c Thu Jun 30 15:24:14 2016
-@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePt
- return NULL;
- }
-
-+ if (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im)) {
-+ return NULL;
-+ }
-+
- /* TODO: Add gdImageGetRowPtr and works with ptr at the row level
- * for the true color and palette images
- * new formats will simply work with ptr
Index: patches/patch-src_gd_gd2_c
===================================================================
RCS file: patches/patch-src_gd_gd2_c
diff -N patches/patch-src_gd_gd2_c
--- patches/patch-src_gd_gd2_c 9 May 2016 06:29:18 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
-$OpenBSD: patch-src_gd_gd2_c,v 1.1 2016/05/09 06:29:18 ajacoutot Exp $
-
-gd2: handle corrupt images better (CVE-2016-3074)
-
---- src/gd_gd2.c.orig Sun May 8 23:50:58 2016
-+++ src/gd_gd2.c Sun May 8 23:52:14 2016
-@@ -167,6 +167,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
- if (gdGetInt (&cidx[i].size, in) != 1) {
- goto fail2;
- };
-+ if (cidx[i].offset < 0 || cidx[i].size < 0)
-+ goto fail2;
- };
- *chunkIdx = cidx;
- };
Index: patches/patch-src_gd_gif_out_c
===================================================================
RCS file: patches/patch-src_gd_gif_out_c
diff -N patches/patch-src_gd_gif_out_c
--- patches/patch-src_gd_gif_out_c 6 Jul 2016 08:46:01 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,41 +0,0 @@
-$OpenBSD: patch-src_gd_gif_out_c,v 1.1 2016/07/06 08:46:01 jasper Exp $
-
-CVE-2016-6161
-https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842
-
---- src/gd_gif_out.c.orig Tue Jan 6 10:16:03 2015
-+++ src/gd_gif_out.c Wed Jul 6 10:43:57 2016
-@@ -1442,15 +1442,23 @@ nomatch:
- * code in turn. When the buffer fills up empty it and start over.
- */
-
--static unsigned long masks[] = {
-+static const unsigned long masks[] = {
- 0x0000, 0x0001, 0x0003, 0x0007, 0x000F,
- 0x001F, 0x003F, 0x007F, 0x00FF,
- 0x01FF, 0x03FF, 0x07FF, 0x0FFF,
- 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF
- };
-
-+/* Arbitrary value to mark output is done. When we see EOFCode, then we don't
-+ * expect to see any more data. If we do (e.g. corrupt image inputs), cur_bits
-+ * might be negative, so flag it to return early.
-+ */
-+#define CUR_BITS_FINISHED -1000
-+
- static void output(code_int code, GifCtx *ctx)
- {
-+ if (ctx->cur_bits == CUR_BITS_FINISHED)
-+ return;
- ctx->cur_accum &= masks[ctx->cur_bits];
-
- if(ctx->cur_bits > 0) {
-@@ -1492,6 +1500,8 @@ static void output(code_int code, GifCtx *ctx)
- ctx->cur_accum >>= 8;
- ctx->cur_bits -= 8;
- }
-+ /* Flag that it's done to prevent re-entry. */
-+ ctx->cur_bits = CUR_BITS_FINISHED;
-
- flush_char(ctx);
- }
Index: patches/patch-src_webpimg_c
===================================================================
RCS file: patches/patch-src_webpimg_c
diff -N patches/patch-src_webpimg_c
--- patches/patch-src_webpimg_c 18 Apr 2015 09:16:36 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,28 +0,0 @@
-$OpenBSD: patch-src_webpimg_c,v 1.1 2015/04/18 09:16:36 sthen Exp $
-
-Fix the build with newer libvpx.
-
---- src/webpimg.c.orig Sun Apr 12 19:49:36 2015
-+++ src/webpimg.c Sun Apr 12 19:50:47 2015
-@@ -711,14 +711,14 @@ static WebPResult VPXEncode(const uint8* Y,
- codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0);
- codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2);
-
-- vpx_img_wrap(&img, IMG_FMT_I420,
-+ vpx_img_wrap(&img, VPX_IMG_FMT_I420,
- y_width, y_height, 16, (uint8*)(Y));
-- img.planes[PLANE_Y] = (uint8*)(Y);
-- img.planes[PLANE_U] = (uint8*)(U);
-- img.planes[PLANE_V] = (uint8*)(V);
-- img.stride[PLANE_Y] = y_stride;
-- img.stride[PLANE_U] = uv_stride;
-- img.stride[PLANE_V] = uv_stride;
-+ img.planes[VPX_PLANE_Y] = (uint8*)(Y);
-+ img.planes[VPX_PLANE_U] = (uint8*)(U);
-+ img.planes[VPX_PLANE_V] = (uint8*)(V);
-+ img.stride[VPX_PLANE_Y] = y_stride;
-+ img.stride[VPX_PLANE_U] = uv_stride;
-+ img.stride[VPX_PLANE_V] = uv_stride;
-
- res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY);
-