Upstream beat us to it. Release 1.8.3 fixes the previously submitted CVEs
plus several others I wasn't aware of and some bonus GitHub issues.
Also they packaged the tarball containing a different directory than
previously. Fixed with WRKDIST.
Security fix for CVE-2018-19757 (#79), NULL pointer dereference problem,
reported by @nluedtke and fixed by @knok (#91, #94).
Security fix for CVE-2018-19762 (#81), heap-based buffer overflow problem,
reported by @nluedtke and fixed by @knok (#92).
Security fix for CVE-2018-19756 (#80), heap-based buffer over-read problem,
reported by @nluedtke and fixed by @knok (#93).
Security fix for CVE-2018-19763 (#82), heap-based buffer over-read problem,
reported by @nluedtke and fixed by @knok (#95).
Security fix for CVE-2018-19761, illegal address access,
fixed by @knok (#96).
Security fix for CVE-2018-19759, heap-based buffer over-read problem,
fixed by @knok (#98).
Security fix for CVE-2018-3753 (#83), infinite loop problem,
reported by @cool-tomato and fixed by @knok (#99).
Security fix for CVE-2018-19759 (#102),
heap-based buffer over-read that will cause a denial of service.
reported and fixed by @YourButterfly. (#106)
Security fix for CVE-2019-19635 (#103), heap-based buffer overflow,
reported and fixed by @YourButterfly. (#106)
Security fix for CVE-2019-19636 (#104) and CVE-2019-19637 (#105),
integer overflow problem. reported and fixed by @YourButterfly. (#106)
gif loader: check LZW code size (Issue #75), Thanks to @HongxuChen.
core: Fix a global-buffer-overflow problem (Issue #72), Thanks to @fgeek.
core: Fix unexpected hangs/performance issues (Issue #76),
Thanks to @HongxuChen.
Tim.
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/libsixel/Makefile,v
retrieving revision 1.5
diff -u -p -r1.5 Makefile
--- Makefile 12 Jul 2019 20:47:02 -0000 1.5
+++ Makefile 15 Dec 2019 04:08:01 -0000
@@ -2,7 +2,7 @@
COMMENT = encoder/decoder implementation for DEC SIXEL graphics
-V = 1.8.2
+V = 1.8.3
DISTNAME = libsixel-$V
SHARED_LIBS += sixel 1.0 # 1.6
@@ -30,5 +30,7 @@ CONFIGURE_ARGS += --disable-python \
# Requires Python
NO_TEST = Yes
+
+WRKDIST = ${WRKDIR}/sixel-$V
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/libsixel/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo 24 Jul 2018 12:18:01 -0000 1.3
+++ distinfo 15 Dec 2019 04:08:01 -0000
@@ -1,2 +1,2 @@
-SHA256 (libsixel-1.8.2.tar.gz) = xGTSpvzzXp5rrRh2cp6FOoufar/pfZ40h8m/rEXPKl8=
-SIZE (libsixel-1.8.2.tar.gz) = 4778776
+SHA256 (libsixel-1.8.3.tar.gz) = 2uThBUQN+OWBkpSIgb5WSEV0bmuncRUkIFi0sWPfH3Y=
+SIZE (libsixel-1.8.3.tar.gz) = 641789
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/graphics/libsixel/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST 16 Apr 2017 15:58:31 -0000 1.1.1.1
+++ pkg/PLIST 15 Dec 2019 04:08:01 -0000
@@ -3,7 +3,7 @@
bin/libsixel-config
@bin bin/sixel2png
include/sixel.h
-lib/libsixel.a
+@static-lib lib/libsixel.a
lib/libsixel.la
@lib lib/libsixel.so.${LIBsixel_VERSION}
lib/pkgconfig/libsixel.pc
