Upstream beat us to it. Release 1.8.3 fixes the previously submitted CVEs plus several others I wasn't aware of and some bonus GitHub issues.
Also they packaged the tarball containing a different directory than previously. Fixed with WRKDIST. Security fix for CVE-2018-19757 (#79), NULL pointer dereference problem, reported by @nluedtke and fixed by @knok (#91, #94). Security fix for CVE-2018-19762 (#81), heap-based buffer overflow problem, reported by @nluedtke and fixed by @knok (#92). Security fix for CVE-2018-19756 (#80), heap-based buffer over-read problem, reported by @nluedtke and fixed by @knok (#93). Security fix for CVE-2018-19763 (#82), heap-based buffer over-read problem, reported by @nluedtke and fixed by @knok (#95). Security fix for CVE-2018-19761, illegal address access, fixed by @knok (#96). Security fix for CVE-2018-19759, heap-based buffer over-read problem, fixed by @knok (#98). Security fix for CVE-2018-3753 (#83), infinite loop problem, reported by @cool-tomato and fixed by @knok (#99). Security fix for CVE-2018-19759 (#102), heap-based buffer over-read that will cause a denial of service. reported and fixed by @YourButterfly. (#106) Security fix for CVE-2019-19635 (#103), heap-based buffer overflow, reported and fixed by @YourButterfly. (#106) Security fix for CVE-2019-19636 (#104) and CVE-2019-19637 (#105), integer overflow problem. reported and fixed by @YourButterfly. (#106) gif loader: check LZW code size (Issue #75), Thanks to @HongxuChen. core: Fix a global-buffer-overflow problem (Issue #72), Thanks to @fgeek. core: Fix unexpected hangs/performance issues (Issue #76), Thanks to @HongxuChen. Tim. Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/libsixel/Makefile,v retrieving revision 1.5 diff -u -p -r1.5 Makefile --- Makefile 12 Jul 2019 20:47:02 -0000 1.5 +++ Makefile 15 Dec 2019 04:08:01 -0000 @@ -2,7 +2,7 @@ COMMENT = encoder/decoder implementation for DEC SIXEL graphics -V = 1.8.2 +V = 1.8.3 DISTNAME = libsixel-$V SHARED_LIBS += sixel 1.0 # 1.6 @@ -30,5 +30,7 @@ CONFIGURE_ARGS += --disable-python \ # Requires Python NO_TEST = Yes + +WRKDIST = ${WRKDIR}/sixel-$V .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/graphics/libsixel/distinfo,v retrieving revision 1.3 diff -u -p -r1.3 distinfo --- distinfo 24 Jul 2018 12:18:01 -0000 1.3 +++ distinfo 15 Dec 2019 04:08:01 -0000 @@ -1,2 +1,2 @@ -SHA256 (libsixel-1.8.2.tar.gz) = xGTSpvzzXp5rrRh2cp6FOoufar/pfZ40h8m/rEXPKl8= -SIZE (libsixel-1.8.2.tar.gz) = 4778776 +SHA256 (libsixel-1.8.3.tar.gz) = 2uThBUQN+OWBkpSIgb5WSEV0bmuncRUkIFi0sWPfH3Y= +SIZE (libsixel-1.8.3.tar.gz) = 641789 Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/graphics/libsixel/pkg/PLIST,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 PLIST --- pkg/PLIST 16 Apr 2017 15:58:31 -0000 1.1.1.1 +++ pkg/PLIST 15 Dec 2019 04:08:01 -0000 @@ -3,7 +3,7 @@ bin/libsixel-config @bin bin/sixel2png include/sixel.h -lib/libsixel.a +@static-lib lib/libsixel.a lib/libsixel.la @lib lib/libsixel.so.${LIBsixel_VERSION} lib/pkgconfig/libsixel.pc