I'll take care of this. There are also API additions so it needs a SHARED_LIBS bump.
On 2015/11/14 14:20, Rafael Sadowski wrote: > Hi @ports, > > simple libgd update to 2.1.1. CVE-2014-9709 patch is not more necessary. > Tested on amd64: "All 93 tests passed". > > Cheers, Rafael > > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/graphics/gd/Makefile,v > retrieving revision 1.62 > diff -u -p -u -p -r1.62 Makefile > --- Makefile 17 Aug 2015 19:52:39 -0000 1.62 > +++ Makefile 14 Nov 2015 12:19:52 -0000 > @@ -2,10 +2,9 @@ > > COMMENT= library for dynamic creation of images > > -V= 2.1.0 > +V= 2.1.1 > DISTNAME= libgd-$V > PKGNAME= gd-$V > -REVISION= 2 > > SHARED_LIBS= gd 21.0 > > Index: distinfo > =================================================================== > RCS file: /cvs/ports/graphics/gd/distinfo,v > retrieving revision 1.7 > diff -u -p -u -p -r1.7 distinfo > --- distinfo 17 Mar 2014 23:20:57 -0000 1.7 > +++ distinfo 14 Nov 2015 12:19:52 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (libgd-2.1.0.tar.gz) = PO72nVRUo5LoeTrpC18NYy3T4gh5wShWqh0dPQY6Ucg= > -SIZE (libgd-2.1.0.tar.gz) = 2330322 > +SHA256 (libgd-2.1.1.tar.gz) = z0e85aTExtx3uo0DSdHuyc7/d+2G8UskmgeAt/GFVMU= > +SIZE (libgd-2.1.1.tar.gz) = 2390586 > Index: patches/patch-src_gd_gif_in_c > =================================================================== > RCS file: patches/patch-src_gd_gif_in_c > diff -N patches/patch-src_gd_gif_in_c > --- patches/patch-src_gd_gif_in_c 26 Mar 2015 09:16:31 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,32 +0,0 @@ > -$OpenBSD: patch-src_gd_gif_in_c,v 1.1 2015/03/26 09:16:31 jasper Exp $ > - > -Security fix for CVE-2014-9709, gd: buffer read overflow in gd_gif_in.c > - > ---- src/gd_gif_in.c.orig Thu Mar 26 10:07:17 2015 > -+++ src/gd_gif_in.c Thu Mar 26 10:08:35 2015 > -@@ -75,8 +75,10 @@ static struct { > - > - #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2) > - > -+#define CSD_BUF_SIZE 280 > -+ > - typedef struct { > -- unsigned char buf[280]; > -+ unsigned char buf[CSD_BUF_SIZE]; > - int curbit; > - int lastbit; > - int done; > -@@ -410,7 +412,12 @@ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_ > - > - ret = 0; > - for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) { > -- ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; > -+ if (i < CSD_BUF_SIZE * 8) { > -+ ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; > -+ } else { > -+ ret = -1; > -+ break; > -+ } > - } > - > - scd->curbit += code_size; >