head 1.11; access; symbols pkgsrc-2016Q2:1.10.0.24 pkgsrc-2016Q2-base:1.10 pkgsrc-2016Q1:1.10.0.22 pkgsrc-2016Q1-base:1.10 pkgsrc-2015Q4:1.10.0.20 pkgsrc-2015Q4-base:1.10 pkgsrc-2015Q3:1.10.0.18 pkgsrc-2015Q3-base:1.10 pkgsrc-2015Q2:1.10.0.16 pkgsrc-2015Q2-base:1.10 pkgsrc-2015Q1:1.10.0.14 pkgsrc-2015Q1-base:1.10 pkgsrc-2014Q4:1.10.0.12 pkgsrc-2014Q4-base:1.10 pkgsrc-2014Q3:1.10.0.10 pkgsrc-2014Q3-base:1.10 pkgsrc-2014Q2:1.10.0.8 pkgsrc-2014Q2-base:1.10 pkgsrc-2014Q1:1.10.0.6 pkgsrc-2014Q1-base:1.10 pkgsrc-2013Q4:1.10.0.4 pkgsrc-2013Q4-base:1.10 pkgsrc-2013Q3:1.10.0.2 pkgsrc-2013Q3-base:1.10 pkgsrc-2013Q2:1.9.0.22 pkgsrc-2013Q2-base:1.9 pkgsrc-2013Q1:1.9.0.20 pkgsrc-2013Q1-base:1.9 pkgsrc-2012Q4:1.9.0.18 pkgsrc-2012Q4-base:1.9 pkgsrc-2012Q3:1.9.0.16 pkgsrc-2012Q3-base:1.9 pkgsrc-2012Q2:1.9.0.14 pkgsrc-2012Q2-base:1.9 pkgsrc-2012Q1:1.9.0.12 pkgsrc-2012Q1-base:1.9 pkgsrc-2011Q4:1.9.0.10 pkgsrc-2011Q4-base:1.9 pkgsrc-2011Q3:1.9.0.8 pkgsrc-2011Q3-base:1.9 pkgsrc-2011Q2:1.9.0.6 pkgsrc-2011Q2-base:1.9 TNF:1.1.1 pkgsrc-2011Q1:1.9.0.4 pkgsrc-2011Q1-base:1.9 pkgsrc-2010Q4:1.9.0.2 pkgsrc-2010Q4-base:1.9 pkgsrc-2010Q3:1.8.0.48 pkgsrc-2010Q3-base:1.8 pkgsrc-2010Q2:1.8.0.46 pkgsrc-2010Q2-base:1.8 pkgsrc-2010Q1:1.8.0.44 pkgsrc-2010Q1-base:1.8 pkgsrc-2009Q4:1.8.0.42 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.8.0.40 pkgsrc-2009Q3-base:1.8 pkgsrc-2009Q2:1.8.0.38 pkgsrc-2009Q2-base:1.8 pkgsrc-2009Q1:1.8.0.36 pkgsrc-2009Q1-base:1.8 pkgsrc-2008Q4:1.8.0.34 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.32 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.30 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.28 pkgsrc-2008Q2-base:1.8 cwrapper:1.8.0.26 pkgsrc-2008Q1:1.8.0.24 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.22 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.20 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.18 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.8.0.16 pkgsrc-2007Q1-base:1.8 pkgsrc-2006Q4:1.8.0.14 pkgsrc-2006Q4-base:1.8 pkgsrc-2006Q3:1.8.0.12 pkgsrc-2006Q3-base:1.8 pkgsrc-2006Q2:1.8.0.10 pkgsrc-2006Q2-base:1.8 pkgsrc-2006Q1:1.8.0.8 pkgsrc-2006Q1-base:1.8 pkgsrc-2005Q4:1.8.0.6 pkgsrc-2005Q4-base:1.8 pkgsrc-2005Q3:1.8.0.4 pkgsrc-2005Q3-base:1.8 pkgsrc-2005Q2:1.8.0.2 pkgsrc-2005Q2-base:1.8 pkgsrc-2005Q1:1.7.0.12 pkgsrc-2005Q1-base:1.7 pkgsrc-2004Q4:1.7.0.10 pkgsrc-2004Q4-base:1.7 pkgsrc-2004Q3:1.7.0.8 pkgsrc-2004Q3-base:1.7 pkgsrc-2004Q2:1.7.0.6 pkgsrc-2004Q2-base:1.7 pkgsrc-2004Q1:1.7.0.4 pkgsrc-2004Q1-base:1.7 pkgsrc-2003Q4:1.7.0.2 pkgsrc-2003Q4-base:1.7 netbsd-1-6-1:1.5.0.6 netbsd-1-6-1-base:1.5 netbsd-1-6:1.5.0.8 netbsd-1-6-RELEASE-base:1.5 pkgviews:1.5.0.4 pkgviews-base:1.5 buildlink2:1.5.0.2 buildlink2-base:1.5 netbsd-1-5-PATCH003:1.5 netbsd-1-5-PATCH001:1.4 netbsd-1-5-RELEASE:1.4 netbsd-1-4-PATCH003:1.4 freebsd-current-07Mar1998:1.1.1.1; locks; strict; comment @# @; 1.11 date 2016.08.02.18.29.21; author adam; state dead; branches; next 1.10; commitid 8neXC4AuUQw3dLgz; 1.10 date 2013.09.02.21.17.42; author adam; state Exp; branches 1.10.24.1; next 1.9; commitid RTkiYLqzcPGanU3x; 1.9 date 2011.01.06.18.01.21; author drochner; state Exp; branches; next 1.8; 1.8 date 2005.06.06.18.38.08; author minskim; state Exp; branches; next 1.7; 1.7 date 2003.06.23.09.53.13; author adam; state dead; branches; next 1.6; 1.6 date 2003.06.07.11.32.39; author cjep; state Exp; branches; next 1.5; 1.5 date 2002.01.21.16.29.26; author wiz; state Exp; branches; next 1.4; 1.4 date 2000.06.14.16.33.49; author he; state Exp; branches; next 1.3; 1.3 date 2000.03.21.11.10.39; author he; state Exp; branches; next 1.2; 1.2 date 98.04.28.14.07.42; author bouyer; state dead; branches; next 1.1; 1.1 date 98.03.07.21.59.13; author explorer; state Exp; branches 1.1.1.1; next ; 1.10.24.1 date 2016.08.10.18.12.37; author bsiegert; state dead; branches; next ; commitid 52lC0pvQxqlHRMhz; 1.1.1.1 date 98.03.07.21.59.13; author explorer; state Exp; branches; next ; desc @@ 1.11 log @We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series. Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214) * bug 248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. @ text @$NetBSD: patch-ab,v 1.10 2013/09/02 21:17:42 adam Exp $ --- src/gdft.c.orig 2013-06-25 09:58:23.000000000 +0000 +++ src/gdft.c @@@@ -35,6 +35,261 @@@@ #endif #endif +struct entities_s entities[] = { + {"AElig", 198}, + {"Aacute", 193}, + {"Acirc", 194}, + {"Agrave", 192}, + {"Alpha", 913}, + {"Aring", 197}, + {"Atilde", 195}, + {"Auml", 196}, + {"Beta", 914}, + {"Ccedil", 199}, + {"Chi", 935}, + {"Dagger", 8225}, + {"Delta", 916}, + {"ETH", 208}, + {"Eacute", 201}, + {"Ecirc", 202}, + {"Egrave", 200}, + {"Epsilon", 917}, + {"Eta", 919}, + {"Euml", 203}, + {"Gamma", 915}, + {"Iacute", 205}, + {"Icirc", 206}, + {"Igrave", 204}, + {"Iota", 921}, + {"Iuml", 207}, + {"Kappa", 922}, + {"Lambda", 923}, + {"Mu", 924}, + {"Ntilde", 209}, + {"Nu", 925}, + {"OElig", 338}, + {"Oacute", 211}, + {"Ocirc", 212}, + {"Ograve", 210}, + {"Omega", 937}, + {"Omicron", 927}, + {"Oslash", 216}, + {"Otilde", 213}, + {"Ouml", 214}, + {"Phi", 934}, + {"Pi", 928}, + {"Prime", 8243}, + {"Psi", 936}, + {"Rho", 929}, + {"Scaron", 352}, + {"Sigma", 931}, + {"THORN", 222}, + {"Tau", 932}, + {"Theta", 920}, + {"Uacute", 218}, + {"Ucirc", 219}, + {"Ugrave", 217}, + {"Upsilon", 933}, + {"Uuml", 220}, + {"Xi", 926}, + {"Yacute", 221}, + {"Yuml", 376}, + {"Zeta", 918}, + {"aacute", 225}, + {"acirc", 226}, + {"acute", 180}, + {"aelig", 230}, + {"agrave", 224}, + {"alefsym", 8501}, + {"alpha", 945}, + {"amp", 38}, + {"and", 8743}, + {"ang", 8736}, + {"aring", 229}, + {"asymp", 8776}, + {"atilde", 227}, + {"auml", 228}, + {"bdquo", 8222}, + {"beta", 946}, + {"brvbar", 166}, + {"bull", 8226}, + {"cap", 8745}, + {"ccedil", 231}, + {"cedil", 184}, + {"cent", 162}, + {"chi", 967}, + {"circ", 710}, + {"clubs", 9827}, + {"cong", 8773}, + {"copy", 169}, + {"crarr", 8629}, + {"cup", 8746}, + {"curren", 164}, + {"dArr", 8659}, + {"dagger", 8224}, + {"darr", 8595}, + {"deg", 176}, + {"delta", 948}, + {"diams", 9830}, + {"divide", 247}, + {"eacute", 233}, + {"ecirc", 234}, + {"egrave", 232}, + {"empty", 8709}, + {"emsp", 8195}, + {"ensp", 8194}, + {"epsilon", 949}, + {"equiv", 8801}, + {"eta", 951}, + {"eth", 240}, + {"euml", 235}, + {"euro", 8364}, + {"exist", 8707}, + {"fnof", 402}, + {"forall", 8704}, + {"frac12", 189}, + {"frac14", 188}, + {"frac34", 190}, + {"frasl", 8260}, + {"gamma", 947}, + {"ge", 8805}, + {"gt", 62}, + {"hArr", 8660}, + {"harr", 8596}, + {"hearts", 9829}, + {"hellip", 8230}, + {"iacute", 237}, + {"icirc", 238}, + {"iexcl", 161}, + {"igrave", 236}, + {"image", 8465}, + {"infin", 8734}, + {"int", 8747}, + {"iota", 953}, + {"iquest", 191}, + {"isin", 8712}, + {"iuml", 239}, + {"kappa", 954}, + {"lArr", 8656}, + {"lambda", 955}, + {"lang", 9001}, + {"laquo", 171}, + {"larr", 8592}, + {"lceil", 8968}, + {"ldquo", 8220}, + {"le", 8804}, + {"lfloor", 8970}, + {"lowast", 8727}, + {"loz", 9674}, + {"lrm", 8206}, + {"lsaquo", 8249}, + {"lsquo", 8216}, + {"lt", 60}, + {"macr", 175}, + {"mdash", 8212}, + {"micro", 181}, + {"middot", 183}, + {"minus", 8722}, + {"mu", 956}, + {"nabla", 8711}, + {"nbsp", 160}, + {"ndash", 8211}, + {"ne", 8800}, + {"ni", 8715}, + {"not", 172}, + {"notin", 8713}, + {"nsub", 8836}, + {"ntilde", 241}, + {"nu", 957}, + {"oacute", 243}, + {"ocirc", 244}, + {"oelig", 339}, + {"ograve", 242}, + {"oline", 8254}, + {"omega", 969}, + {"omicron", 959}, + {"oplus", 8853}, + {"or", 8744}, + {"ordf", 170}, + {"ordm", 186}, + {"oslash", 248}, + {"otilde", 245}, + {"otimes", 8855}, + {"ouml", 246}, + {"para", 182}, + {"part", 8706}, + {"permil", 8240}, + {"perp", 8869}, + {"phi", 966}, + {"pi", 960}, + {"piv", 982}, + {"plusmn", 177}, + {"pound", 163}, + {"prime", 8242}, + {"prod", 8719}, + {"prop", 8733}, + {"psi", 968}, + {"quot", 34}, + {"rArr", 8658}, + {"radic", 8730}, + {"rang", 9002}, + {"raquo", 187}, + {"rarr", 8594}, + {"rceil", 8969}, + {"rdquo", 8221}, + {"real", 8476}, + {"reg", 174}, + {"rfloor", 8971}, + {"rho", 961}, + {"rlm", 8207}, + {"rsaquo", 8250}, + {"rsquo", 8217}, + {"sbquo", 8218}, + {"scaron", 353}, + {"sdot", 8901}, + {"sect", 167}, + {"shy", 173}, + {"sigma", 963}, + {"sigmaf", 962}, + {"sim", 8764}, + {"spades", 9824}, + {"sub", 8834}, + {"sube", 8838}, + {"sum", 8721}, + {"sup", 8835}, + {"sup1", 185}, + {"sup2", 178}, + {"sup3", 179}, + {"supe", 8839}, + {"szlig", 223}, + {"tau", 964}, + {"there4", 8756}, + {"theta", 952}, + {"thetasym", 977}, + {"thinsp", 8201}, + {"thorn", 254}, + {"tilde", 732}, + {"times", 215}, + {"trade", 8482}, + {"uArr", 8657}, + {"uacute", 250}, + {"uarr", 8593}, + {"ucirc", 251}, + {"ugrave", 249}, + {"uml", 168}, + {"upsih", 978}, + {"upsilon", 965}, + {"uuml", 252}, + {"weierp", 8472}, + {"xi", 958}, + {"yacute", 253}, + {"yen", 165}, + {"yuml", 255}, + {"zeta", 950}, + {"zwj", 8205}, + {"zwnj", 8204}, +}; + /* number of antialised colors for indexed bitmaps */ #define GD_NUMCOLORS 8 @ 1.10 log @Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes @ text @d1 1 a1 1 $NetBSD$ @ 1.10.24.1 log @Pullup ticket #5080 - requested by sevan graphics/gd: security fix Revisions pulled up: - graphics/gd/Makefile 1.111 - graphics/gd/buildlink3.mk 1.37 - graphics/gd/distinfo 1.41 - graphics/gd/options.mk 1.5 - graphics/gd/patches/patch-aa deleted - graphics/gd/patches/patch-ab deleted - graphics/gd/patches/patch-configure deleted - graphics/gd/patches/patch-configure.ac deleted - graphics/gd/patches/patch-src_gd__bmp.c deleted - graphics/gd/patches/patch-src_gd__crop.c deleted - graphics/gd/patches/patch-src_webpimg.c deleted --- Module Name: pkgsrc Committed By: adam Date: Tue Aug 2 18:29:21 UTC 2016 Modified Files: pkgsrc/graphics/gd: Makefile buildlink3.mk distinfo options.mk Removed Files: pkgsrc/graphics/gd/patches: patch-aa patch-ab patch-configure patch-configure.ac patch-src_gd__bmp.c patch-src_gd__crop.c patch-src_webpimg.c Log Message: We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series. Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214) * bug 248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.10 2013/09/02 21:17:42 adam Exp $ @ 1.9 log @add a patch from upstream to fix a bug which made that fontconfig support could not be switched off once enabled (could make a difference for gnuplot but I couldn't find a testcase yet) @ text @d3 4 a6 4 --- gdft.c.orig 2007-04-19 12:54:56.000000000 +0000 +++ gdft.c @@@@ -25,6 +25,261 @@@@ #define R_OK 04 /* Needed in Windows */ d265 1 a265 1 #define NUMCOLORS 8 a266 9 @@@@ -1659,7 +1914,7 @@@@ static char * font_path(char **fontpath, BGD_DECLARE(int) gdFTUseFontConfig(int flag) { #ifdef HAVE_LIBFONTCONFIG - fontConfigFlag = 1; + fontConfigFlag = flag; return 1; #else return 0; @ 1.8 log @Do not define a variable in a header file; move the definition into .c and leave the declraration only. This fixes the graphviz build problem reported by Adrian Portelli in PR pkg/28596. Bump PKGREVISION. @ text @d3 1 a3 1 --- gdft.c.orig 2004-11-02 15:00:48.000000000 -0600 d267 9 @ 1.7 log @Update gd to 2.0.15 What's new: * Support for truecolor images * Support for alpha channels * The specialized .gd and .gd2 file formats * Documentation fixes * Bug fixes @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.6 2003/06/07 11:32:39 cjep Exp $ d3 5 a7 4 --- gd.h.orig 2001-02-06 19:44:01.000000000 +0000 +++ gd.h @@@@ -122,6 +122,7 @@@@ gdImagePtr gdImageCreateFromGd2Part(FILE gdImagePtr gdImageCreateFromGd2PartCtx(gdIOCtxPtr in, int srcx, int srcy, int w, int h); d9 257 a265 2 gdImagePtr gdImageCreateFromXbm(FILE *fd); +gdImagePtr gdImageCreateFromXpm(char *filename); a266 2 void gdImageDestroy(gdImagePtr im); void gdImageSetPixel(gdImagePtr im, int x, int y, int color); @ 1.6 log @Use $(INSTALL) rather than "install". Fixes build on Solaris. @ text @d1 1 a1 1 $NetBSD$ @ 1.5 log @Update to 1.8.4: * Add support for FreeType2 (John Ellson ellson@@lucent.com) [not used in the package right now] * Add support for finding in fonts in a builtin DEFAULT_FONTPATH, or in a path from the GDFONTPATH environment variable. * remove some unused symbols to reduce compiler warnings * bugfix in size comparisons in gdImageCompare * REXX now mentioned * All memory allocation functions are now wrapped within the library; gdFree is exported and recommended for freeing memory returned by the gdImage(Something)Ptr family of functions. Based on a package sent to tech-pkg by Adam Ciarcinski. @ text @d3 1 a3 1 --- gd.h.orig Tue Feb 6 20:44:01 2001 d5 1 a5 1 @@@@ -122,6 +122,7 @@@@ @ 1.4 log @Upgrade this package from 1.8.1 to 1.8.3; the distribution file for 1.8.1 was replaced with 1.8.3. @ text @d3 3 a5 3 --- gd.h.orig Wed Jun 14 17:45:03 2000 +++ gd.h Wed Jun 14 17:45:01 2000 @@@@ -114,6 +114,7 @@@@ @ 1.3 log @Add prototype for gdImageCreateFromXpm in gd.h. Patch originally (a small) part of GD-1.26. @ text @d3 2 a4 2 --- gd.h.dist Mon Mar 13 19:25:57 2000 +++ gd.h Tue Mar 21 11:32:30 2000 @ 1.2 log @Update to version 1.3. @ text @d1 12 a12 13 *** gd.c.dist Tue Jan 28 14:39:24 1997 --- gd.c Tue Jan 28 14:39:42 1997 *************** *** 1,4 **** ! #include #include #include #include --- 1,4 ---- ! #include #include #include #include @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @import the gd graphics generation library @ text @@