Created attachment 195060 [details] Upgrade graphics/gd to 2.2.5 The patch upgrades the port from 2.2.4 to 2.2.5 and adds a patch fixing the problem uncovered by PHP-developers in handling of malformed GIF-files: https://bugs.php.net/bug.php?id=75571
Created attachment 195061 [details] Upgrade graphics/gd to 2.2.5 This version contains the TEST_TARGET -- all tests pass for me here...
Since this seems to run into maintainer-timeout i just started a build-test for this patch including all its 80 dependencies.
A commit references this bug: Author: tz Date: Fri Jul 27 07:39:14 UTC 2018 New revision: 475415 URL: https://svnweb.freebsd.org/changeset/ports/475415 Log: graphics/gd: Update from 2.2.4 to 2.2.5 This update fixes 2 security issues: - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) Full Changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md PR: 229707 Submitted by: Mikhail Teterin <mi@FreeBSD.org> Approved by: maintainer timeout (dinoex, 2 weeks) MFH: 2018Q3 Security: CVE-2017-6362 Security: CVE-2017-7890 Changes: head/graphics/gd/Makefile head/graphics/gd/distinfo head/graphics/gd/files/patch-gd_gif_in.c head/graphics/gd/pkg-plist
A commit references this bug: Author: tz Date: Fri Jul 27 12:35:22 UTC 2018 New revision: 475431 URL: https://svnweb.freebsd.org/changeset/ports/475431 Log: MFH: r475415 graphics/gd: Update from 2.2.4 to 2.2.5 This update fixes 2 security issues: - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) Full Changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md PR: 229707 Submitted by: Mikhail Teterin <mi@FreeBSD.org> Approved by: maintainer timeout (dinoex, 2 weeks) Security: CVE-2017-6362 Security: CVE-2017-7890 Approved by: ports-secteam (miwi) Changes: _U branches/2018Q3/ branches/2018Q3/graphics/gd/Makefile branches/2018Q3/graphics/gd/distinfo branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c branches/2018Q3/graphics/gd/pkg-plist
Committed and MFH'd :) Thanks!