Created attachment 172229 [details] Poudriere log This includes (along with versions between our in ports and 2.2.2) some security fixes. It's a shame it's kept outdated...
Created attachment 172231 [details] gd-2.2.2 patch
I specified MASTER_SITES specifically to avoid downloading tarball which doesn't include configure script.
Sorry, but the shared version number should never go backwards. This will break updates from ports when a previous version is installed.
Created attachment 172309 [details] gd-2.2.2 patch Corrected. Also, I seem to have uploaded the wrong patch previously, one patch from files/ needs to be removed.
Created attachment 172591 [details] patch v3 Another version - I've regenerated all the patches using makepatch (that made the names correct), set the license to MIT and added the patch for security issue mentioned in http://www.openwall.com/lists/oss-security/2016/07/12/4 (still no CVE). Build fine on 10.3-RELEASE.
Created attachment 172671 [details] v4 Added patch for CVE-2016-6214.
Problem 1) You only change the filename, not the soname of the library itself. Problem 2) renaming the patches makes the changes invisible here. Problem 3) Build will pick up installed webp libraray. Problem 4) The new libgd.so is not backwards compatible with the old one. The dependent ports have to get there PORTVERSION bumped. I am preparing an update to the port to address all the problems.
Created attachment 172723 [details] patch v5 1. Thanks for the info! I didn't know that SONAME was "burned" separately into the library, so I learned something new :) 2. I've just corrected the patches to use the proper names. You can check the real changes by running yourself "make makepatch" on your SVN copy, and then checking my diff. 3. Corrected. 4. I know about that, but that isn't something I can do and bumping PORTREVISION is simple enough that reviewing my patch will probably take more than writing your own.
A commit references this bug: Author: dinoex Date: Wed Jul 20 09:33:40 UTC 2016 New revision: 418829 URL: https://svnweb.freebsd.org/changeset/ports/418829 Log: - update libgd to 2.2.2 - new MASTER_SITES - add security patch PR: 210913 Submitted by: Piotr Kubaj MFH: 2016Q3 Security: CVE-2015-8874 Security: CVE-2016-3074 Security: http://www.openwall.com/lists/oss-security/2016/07/12/4 Changes: head/astro/rmap/Makefile head/audio/enscribe/Makefile head/audio/mp3plot/Makefile head/biology/emboss/Makefile head/cad/pcb/Makefile head/devel/cvsgraph/Makefile head/devel/m17n-lib/Makefile head/emulators/fceux/Makefile head/games/mkhexgrid/Makefile head/games/openlierox/Makefile head/graphics/a2png/Makefile head/graphics/dataplot/Makefile head/graphics/fly/Makefile head/graphics/g2/Makefile head/graphics/gd/Makefile head/graphics/gd/distinfo head/graphics/gd/files/patch-configure head/graphics/gd/files/patch-gd_tga.c head/graphics/gd/files/patch-webpimg.c head/graphics/gd/pkg-plist head/graphics/gdchart/Makefile head/graphics/gdtclft/Makefile head/graphics/grads/Makefile head/graphics/graphviz/Makefile head/graphics/libgphoto2/Makefile head/graphics/libpuzzle/Makefile head/graphics/libsixel/Makefile head/graphics/lua-gd/Makefile head/graphics/mapserver/Makefile head/graphics/mscgen/Makefile head/graphics/p5-GD/Makefile head/graphics/php-libpuzzle/Makefile head/graphics/php5-ffmpeg/Makefile head/graphics/phplot/Makefile head/graphics/png2html/Makefile head/graphics/pstoedit/Makefile head/graphics/py-gd/Makefile head/graphics/raster3d/Makefile head/graphics/repng2jpeg/Makefile head/graphics/ruby-gd/Makefile head/graphics/rubygem-gd2/Makefile head/graphics/scr2png/Makefile head/graphics/zimg/Makefile head/lang/fpc/Makefile head/mail/dspam/Makefile head/mail/libpst/Makefile head/math/PDL/Makefile head/math/gnuplot/Makefile head/math/ploticus/Makefile head/math/plplot/Makefile head/multimedia/kissdx/Makefile head/multimedia/oggvideotools/Makefile head/net/vnstat/Makefile head/net-mgmt/bandwidthd/Makefile head/net-mgmt/icinga-classicweb/Makefile head/net-mgmt/mrtg/Makefile head/net-mgmt/nagios/Makefile head/net-mgmt/nagios4/Makefile head/net-p2p/amule/Makefile head/net-p2p/amule-devel/Makefile head/net-p2p/mldonkey/Makefile head/print/texlive-base/Makefile head/sysutils/apcupsd/Makefile head/sysutils/nut/Makefile head/sysutils/pfstat/Makefile head/textproc/modlogan/Makefile head/www/analog/Makefile head/www/asterisk-stat/Makefile head/www/awffull/Makefile head/www/http-analyze/Makefile head/www/mgstat/Makefile head/www/nginx/Makefile head/www/nginx-devel/Makefile head/www/sarg/Makefile head/www/tengine/Makefile head/www/webalizer/Makefile head/x11-toolkits/nucleo/Makefile
Improved patch committed, Thanks. MFH: 2016Q3 set.
A commit references this bug: Author: dinoex Date: Wed Jul 20 21:30:11 UTC 2016 New revision: 418857 URL: https://svnweb.freebsd.org/changeset/ports/418857 Log: MFH: r418829 - update libgd to 2.2.2 - new MASTER_SITES - add security patch PR: 210913 Submitted by: Piotr Kubaj Security: CVE-2015-8874 Security: CVE-2016-3074 Security: http://www.openwall.com/lists/oss-security/2016/07/12/4 Approved by: portmgr (feld) Changes: _U branches/2016Q3/ branches/2016Q3/astro/rmap/Makefile branches/2016Q3/audio/enscribe/Makefile branches/2016Q3/audio/mp3plot/Makefile branches/2016Q3/biology/emboss/Makefile branches/2016Q3/cad/pcb/Makefile branches/2016Q3/devel/cvsgraph/Makefile branches/2016Q3/devel/m17n-lib/Makefile branches/2016Q3/emulators/fceux/Makefile branches/2016Q3/games/mkhexgrid/Makefile branches/2016Q3/games/openlierox/Makefile branches/2016Q3/graphics/a2png/Makefile branches/2016Q3/graphics/dataplot/Makefile branches/2016Q3/graphics/fly/Makefile branches/2016Q3/graphics/g2/Makefile branches/2016Q3/graphics/gd/Makefile branches/2016Q3/graphics/gd/distinfo branches/2016Q3/graphics/gd/files/patch-configure branches/2016Q3/graphics/gd/files/patch-gd_tga.c branches/2016Q3/graphics/gd/files/patch-webpimg.c branches/2016Q3/graphics/gd/pkg-plist branches/2016Q3/graphics/gdchart/Makefile branches/2016Q3/graphics/gdtclft/Makefile branches/2016Q3/graphics/grads/Makefile branches/2016Q3/graphics/graphviz/Makefile branches/2016Q3/graphics/libgphoto2/Makefile branches/2016Q3/graphics/libpuzzle/Makefile branches/2016Q3/graphics/libsixel/Makefile branches/2016Q3/graphics/lua-gd/Makefile branches/2016Q3/graphics/mapserver/Makefile branches/2016Q3/graphics/mscgen/Makefile branches/2016Q3/graphics/p5-GD/Makefile branches/2016Q3/graphics/php-libpuzzle/Makefile branches/2016Q3/graphics/php5-ffmpeg/Makefile branches/2016Q3/graphics/phplot/Makefile branches/2016Q3/graphics/png2html/Makefile branches/2016Q3/graphics/pstoedit/Makefile branches/2016Q3/graphics/py-gd/Makefile branches/2016Q3/graphics/raster3d/Makefile branches/2016Q3/graphics/repng2jpeg/Makefile branches/2016Q3/graphics/ruby-gd/Makefile branches/2016Q3/graphics/rubygem-gd2/Makefile branches/2016Q3/graphics/scr2png/Makefile branches/2016Q3/graphics/zimg/Makefile branches/2016Q3/lang/fpc/Makefile branches/2016Q3/mail/dspam/Makefile branches/2016Q3/mail/libpst/Makefile branches/2016Q3/math/PDL/Makefile branches/2016Q3/math/gnuplot/Makefile branches/2016Q3/math/ploticus/Makefile branches/2016Q3/math/plplot/Makefile branches/2016Q3/multimedia/kissdx/Makefile branches/2016Q3/multimedia/oggvideotools/Makefile branches/2016Q3/net/vnstat/Makefile branches/2016Q3/net-mgmt/bandwidthd/Makefile branches/2016Q3/net-mgmt/icinga-classicweb/Makefile branches/2016Q3/net-mgmt/mrtg/Makefile branches/2016Q3/net-mgmt/nagios/Makefile branches/2016Q3/net-mgmt/nagios4/Makefile branches/2016Q3/net-p2p/amule/Makefile branches/2016Q3/net-p2p/amule-devel/Makefile branches/2016Q3/net-p2p/mldonkey/Makefile branches/2016Q3/print/texlive-base/Makefile branches/2016Q3/sysutils/apcupsd/Makefile branches/2016Q3/sysutils/nut/Makefile branches/2016Q3/sysutils/pfstat/Makefile branches/2016Q3/textproc/modlogan/Makefile branches/2016Q3/www/analog/Makefile branches/2016Q3/www/asterisk-stat/Makefile branches/2016Q3/www/awffull/Makefile branches/2016Q3/www/http-analyze/Makefile branches/2016Q3/www/mgstat/Makefile branches/2016Q3/www/nginx/Makefile branches/2016Q3/www/nginx-devel/Makefile branches/2016Q3/www/sarg/Makefile branches/2016Q3/www/tengine/Makefile branches/2016Q3/www/webalizer/Makefile branches/2016Q3/x11-toolkits/nucleo/Makefile