Bug 210913 - graphics/gd: update to 2.2.2
Summary: graphics/gd: update to 2.2.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Dirk Meyer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-08 08:41 UTC by Piotr Kubaj
Modified: 2016-07-20 21:30 UTC (History)
1 user (show)

See Also:
dinoex: maintainer-feedback+
dinoex: maintainer-feedback+
dinoex: merge-quarterly+


Attachments
Poudriere log (101.10 KB, text/plain)
2016-07-08 08:41 UTC, Piotr Kubaj
no flags Details
gd-2.2.2 patch (1.56 KB, patch)
2016-07-08 08:42 UTC, Piotr Kubaj
no flags Details | Diff
gd-2.2.2 patch (3.09 KB, patch)
2016-07-10 10:56 UTC, Piotr Kubaj
no flags Details | Diff
patch v3 (14.59 KB, patch)
2016-07-16 21:44 UTC, Piotr Kubaj
no flags Details | Diff
v4 (15.70 KB, patch)
2016-07-18 17:28 UTC, Piotr Kubaj
no flags Details | Diff
patch v5 (16.05 KB, patch)
2016-07-19 14:35 UTC, Piotr Kubaj
pkubaj: maintainer-approval? (dinoex)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer freebsd_triage 2016-07-08 08:41:26 UTC
Created attachment 172229 [details]
Poudriere log

This includes (along with versions between our in ports and 2.2.2) some security fixes. It's a shame it's kept outdated...
Comment 1 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-08 08:42:25 UTC
Created attachment 172231 [details]
gd-2.2.2 patch
Comment 2 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-08 08:43:50 UTC
I specified MASTER_SITES specifically to avoid downloading tarball which doesn't include configure script.
Comment 3 Dirk Meyer freebsd_committer freebsd_triage 2016-07-09 23:02:05 UTC
Sorry, but the shared version number should never go backwards.

This will break updates from ports when a previous version is installed.
Comment 4 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-10 10:56:13 UTC
Created attachment 172309 [details]
gd-2.2.2 patch

Corrected.

Also, I seem to have uploaded the wrong patch previously, one patch from files/ needs to be removed.
Comment 5 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-16 21:44:58 UTC
Created attachment 172591 [details]
patch v3

Another version - I've regenerated all the patches using makepatch (that made the names correct), set the license to MIT and added the patch for security issue mentioned in http://www.openwall.com/lists/oss-security/2016/07/12/4 (still no CVE). Build fine on 10.3-RELEASE.
Comment 6 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-18 17:28:07 UTC
Created attachment 172671 [details]
v4

Added patch for CVE-2016-6214.
Comment 7 Dirk Meyer freebsd_committer freebsd_triage 2016-07-19 12:16:52 UTC
Problem 1)
You only change the filename, not the soname of the library itself.

Problem 2)
renaming the patches makes the changes invisible here.

Problem 3)
Build will pick up installed webp libraray.

Problem 4)
The new libgd.so is not backwards compatible with the old one.
The dependent ports have to get there PORTVERSION bumped.

I am preparing an update to the port to address all the problems.
Comment 8 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-19 14:35:37 UTC
Created attachment 172723 [details]
patch v5

1. Thanks for the info! I didn't know that SONAME was "burned" separately into the library, so I learned something new :)

2. I've just corrected the patches to use the proper names. You can check the real changes by running yourself "make makepatch" on your SVN copy, and then checking my diff.

3. Corrected.

4. I know about that, but that isn't something I can do and bumping PORTREVISION is simple enough that reviewing my patch will probably take more than writing your own.
Comment 9 commit-hook freebsd_committer freebsd_triage 2016-07-20 09:34:42 UTC
A commit references this bug:

Author: dinoex
Date: Wed Jul 20 09:33:40 UTC 2016
New revision: 418829
URL: https://svnweb.freebsd.org/changeset/ports/418829

Log:
  - update libgd to 2.2.2
  - new MASTER_SITES
  - add security patch
  PR:		210913
  Submitted by:	Piotr Kubaj
  MFH:		2016Q3
  Security: CVE-2015-8874
  Security: CVE-2016-3074
  Security: http://www.openwall.com/lists/oss-security/2016/07/12/4

Changes:
  head/astro/rmap/Makefile
  head/audio/enscribe/Makefile
  head/audio/mp3plot/Makefile
  head/biology/emboss/Makefile
  head/cad/pcb/Makefile
  head/devel/cvsgraph/Makefile
  head/devel/m17n-lib/Makefile
  head/emulators/fceux/Makefile
  head/games/mkhexgrid/Makefile
  head/games/openlierox/Makefile
  head/graphics/a2png/Makefile
  head/graphics/dataplot/Makefile
  head/graphics/fly/Makefile
  head/graphics/g2/Makefile
  head/graphics/gd/Makefile
  head/graphics/gd/distinfo
  head/graphics/gd/files/patch-configure
  head/graphics/gd/files/patch-gd_tga.c
  head/graphics/gd/files/patch-webpimg.c
  head/graphics/gd/pkg-plist
  head/graphics/gdchart/Makefile
  head/graphics/gdtclft/Makefile
  head/graphics/grads/Makefile
  head/graphics/graphviz/Makefile
  head/graphics/libgphoto2/Makefile
  head/graphics/libpuzzle/Makefile
  head/graphics/libsixel/Makefile
  head/graphics/lua-gd/Makefile
  head/graphics/mapserver/Makefile
  head/graphics/mscgen/Makefile
  head/graphics/p5-GD/Makefile
  head/graphics/php-libpuzzle/Makefile
  head/graphics/php5-ffmpeg/Makefile
  head/graphics/phplot/Makefile
  head/graphics/png2html/Makefile
  head/graphics/pstoedit/Makefile
  head/graphics/py-gd/Makefile
  head/graphics/raster3d/Makefile
  head/graphics/repng2jpeg/Makefile
  head/graphics/ruby-gd/Makefile
  head/graphics/rubygem-gd2/Makefile
  head/graphics/scr2png/Makefile
  head/graphics/zimg/Makefile
  head/lang/fpc/Makefile
  head/mail/dspam/Makefile
  head/mail/libpst/Makefile
  head/math/PDL/Makefile
  head/math/gnuplot/Makefile
  head/math/ploticus/Makefile
  head/math/plplot/Makefile
  head/multimedia/kissdx/Makefile
  head/multimedia/oggvideotools/Makefile
  head/net/vnstat/Makefile
  head/net-mgmt/bandwidthd/Makefile
  head/net-mgmt/icinga-classicweb/Makefile
  head/net-mgmt/mrtg/Makefile
  head/net-mgmt/nagios/Makefile
  head/net-mgmt/nagios4/Makefile
  head/net-p2p/amule/Makefile
  head/net-p2p/amule-devel/Makefile
  head/net-p2p/mldonkey/Makefile
  head/print/texlive-base/Makefile
  head/sysutils/apcupsd/Makefile
  head/sysutils/nut/Makefile
  head/sysutils/pfstat/Makefile
  head/textproc/modlogan/Makefile
  head/www/analog/Makefile
  head/www/asterisk-stat/Makefile
  head/www/awffull/Makefile
  head/www/http-analyze/Makefile
  head/www/mgstat/Makefile
  head/www/nginx/Makefile
  head/www/nginx-devel/Makefile
  head/www/sarg/Makefile
  head/www/tengine/Makefile
  head/www/webalizer/Makefile
  head/x11-toolkits/nucleo/Makefile
Comment 10 Dirk Meyer freebsd_committer freebsd_triage 2016-07-20 09:37:12 UTC
Improved patch committed, Thanks.
MFH: 2016Q3 set.
Comment 11 commit-hook freebsd_committer freebsd_triage 2016-07-20 21:30:54 UTC
A commit references this bug:

Author: dinoex
Date: Wed Jul 20 21:30:11 UTC 2016
New revision: 418857
URL: https://svnweb.freebsd.org/changeset/ports/418857

Log:
  MFH: r418829

  - update libgd to 2.2.2
  - new MASTER_SITES
  - add security patch
  PR:		210913
  Submitted by:	Piotr Kubaj
  Security: CVE-2015-8874
  Security: CVE-2016-3074
  Security: http://www.openwall.com/lists/oss-security/2016/07/12/4

  Approved by:	portmgr (feld)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/astro/rmap/Makefile
  branches/2016Q3/audio/enscribe/Makefile
  branches/2016Q3/audio/mp3plot/Makefile
  branches/2016Q3/biology/emboss/Makefile
  branches/2016Q3/cad/pcb/Makefile
  branches/2016Q3/devel/cvsgraph/Makefile
  branches/2016Q3/devel/m17n-lib/Makefile
  branches/2016Q3/emulators/fceux/Makefile
  branches/2016Q3/games/mkhexgrid/Makefile
  branches/2016Q3/games/openlierox/Makefile
  branches/2016Q3/graphics/a2png/Makefile
  branches/2016Q3/graphics/dataplot/Makefile
  branches/2016Q3/graphics/fly/Makefile
  branches/2016Q3/graphics/g2/Makefile
  branches/2016Q3/graphics/gd/Makefile
  branches/2016Q3/graphics/gd/distinfo
  branches/2016Q3/graphics/gd/files/patch-configure
  branches/2016Q3/graphics/gd/files/patch-gd_tga.c
  branches/2016Q3/graphics/gd/files/patch-webpimg.c
  branches/2016Q3/graphics/gd/pkg-plist
  branches/2016Q3/graphics/gdchart/Makefile
  branches/2016Q3/graphics/gdtclft/Makefile
  branches/2016Q3/graphics/grads/Makefile
  branches/2016Q3/graphics/graphviz/Makefile
  branches/2016Q3/graphics/libgphoto2/Makefile
  branches/2016Q3/graphics/libpuzzle/Makefile
  branches/2016Q3/graphics/libsixel/Makefile
  branches/2016Q3/graphics/lua-gd/Makefile
  branches/2016Q3/graphics/mapserver/Makefile
  branches/2016Q3/graphics/mscgen/Makefile
  branches/2016Q3/graphics/p5-GD/Makefile
  branches/2016Q3/graphics/php-libpuzzle/Makefile
  branches/2016Q3/graphics/php5-ffmpeg/Makefile
  branches/2016Q3/graphics/phplot/Makefile
  branches/2016Q3/graphics/png2html/Makefile
  branches/2016Q3/graphics/pstoedit/Makefile
  branches/2016Q3/graphics/py-gd/Makefile
  branches/2016Q3/graphics/raster3d/Makefile
  branches/2016Q3/graphics/repng2jpeg/Makefile
  branches/2016Q3/graphics/ruby-gd/Makefile
  branches/2016Q3/graphics/rubygem-gd2/Makefile
  branches/2016Q3/graphics/scr2png/Makefile
  branches/2016Q3/graphics/zimg/Makefile
  branches/2016Q3/lang/fpc/Makefile
  branches/2016Q3/mail/dspam/Makefile
  branches/2016Q3/mail/libpst/Makefile
  branches/2016Q3/math/PDL/Makefile
  branches/2016Q3/math/gnuplot/Makefile
  branches/2016Q3/math/ploticus/Makefile
  branches/2016Q3/math/plplot/Makefile
  branches/2016Q3/multimedia/kissdx/Makefile
  branches/2016Q3/multimedia/oggvideotools/Makefile
  branches/2016Q3/net/vnstat/Makefile
  branches/2016Q3/net-mgmt/bandwidthd/Makefile
  branches/2016Q3/net-mgmt/icinga-classicweb/Makefile
  branches/2016Q3/net-mgmt/mrtg/Makefile
  branches/2016Q3/net-mgmt/nagios/Makefile
  branches/2016Q3/net-mgmt/nagios4/Makefile
  branches/2016Q3/net-p2p/amule/Makefile
  branches/2016Q3/net-p2p/amule-devel/Makefile
  branches/2016Q3/net-p2p/mldonkey/Makefile
  branches/2016Q3/print/texlive-base/Makefile
  branches/2016Q3/sysutils/apcupsd/Makefile
  branches/2016Q3/sysutils/nut/Makefile
  branches/2016Q3/sysutils/pfstat/Makefile
  branches/2016Q3/textproc/modlogan/Makefile
  branches/2016Q3/www/analog/Makefile
  branches/2016Q3/www/asterisk-stat/Makefile
  branches/2016Q3/www/awffull/Makefile
  branches/2016Q3/www/http-analyze/Makefile
  branches/2016Q3/www/mgstat/Makefile
  branches/2016Q3/www/nginx/Makefile
  branches/2016Q3/www/nginx-devel/Makefile
  branches/2016Q3/www/sarg/Makefile
  branches/2016Q3/www/tengine/Makefile
  branches/2016Q3/www/webalizer/Makefile
  branches/2016Q3/x11-toolkits/nucleo/Makefile