head 1.9; access; symbols pkgsrc-2013Q2:1.8.0.34 pkgsrc-2013Q2-base:1.8 pkgsrc-2013Q1:1.8.0.32 pkgsrc-2013Q1-base:1.8 pkgsrc-2012Q4:1.8.0.30 pkgsrc-2012Q4-base:1.8 pkgsrc-2012Q3:1.8.0.28 pkgsrc-2012Q3-base:1.8 pkgsrc-2012Q2:1.8.0.26 pkgsrc-2012Q2-base:1.8 pkgsrc-2012Q1:1.8.0.24 pkgsrc-2012Q1-base:1.8 pkgsrc-2011Q4:1.8.0.22 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q3:1.8.0.20 pkgsrc-2011Q3-base:1.8 pkgsrc-2011Q2:1.8.0.18 pkgsrc-2011Q2-base:1.8 pkgsrc-2011Q1:1.8.0.16 pkgsrc-2011Q1-base:1.8 pkgsrc-2010Q4:1.8.0.14 pkgsrc-2010Q4-base:1.8 pkgsrc-2010Q3:1.8.0.12 pkgsrc-2010Q3-base:1.8 pkgsrc-2010Q2:1.8.0.10 pkgsrc-2010Q2-base:1.8 pkgsrc-2010Q1:1.8.0.8 pkgsrc-2010Q1-base:1.8 pkgsrc-2009Q4:1.8.0.6 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.8.0.4 pkgsrc-2009Q3-base:1.8 pkgsrc-2009Q2:1.8.0.2 pkgsrc-2009Q2-base:1.8 pkgsrc-2009Q1:1.7.0.6 pkgsrc-2009Q1-base:1.7 pkgsrc-2008Q4:1.7.0.4 pkgsrc-2008Q4-base:1.7 pkgsrc-2008Q3:1.7.0.2 pkgsrc-2008Q3-base:1.7 cube-native-xorg:1.6.0.14 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.12 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.10 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.8 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.6 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.4 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.2 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.3.0.6 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.4 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.2 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 buildlink2-base:1.2; locks; strict; comment @# @; 1.9 date 2013.09.02.21.17.42; author adam; state dead; branches; next 1.8; commitid RTkiYLqzcPGanU3x; 1.8 date 2009.04.12.00.29.26; author sno; state Exp; branches; next 1.7; 1.7 date 2008.09.22.17.44.49; author adam; state Exp; branches; next 1.6; 1.6 date 2007.02.22.17.21.18; author drochner; state dead; branches; next 1.5; 1.5 date 2007.02.17.07.04.45; author adam; state Exp; branches; next 1.4; 1.4 date 2007.02.16.20.37.52; author adam; state Exp; branches; next 1.3; 1.3 date 2006.06.14.21.42.33; author salo; state Exp; branches 1.3.6.1; next 1.2; 1.2 date 2001.06.28.20.02.57; author jlam; state dead; branches 1.2.20.1; next 1.1; 1.1 date 2001.06.14.06.36.50; author kei; state Exp; branches; next ; 1.3.6.1 date 2007.02.18.12.09.25; author ghen; state Exp; branches; next ; 1.2.20.1 date 2006.06.15.12.56.54; author ghen; state Exp; branches; next ; desc @@ 1.9 log @Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes @ text @$NetBSD: patch-ac,v 1.8 2009/04/12 00:29:26 sno Exp $ --- configure.orig 2008-09-22 17:26:32.000000000 +0200 +++ configure @@@@ -23117,7 +23117,7 @@@@ if test "${with_xpm+set}" = set; then CPPFLAGS="$CPPFLAGS -I$withval/include" fi else - withval=yes + withval=no fi @ 1.8 log @PkgSrc changes: - allow optionally build a gd which supports xpm @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.7 2008/09/22 17:44:49 adam Exp $ @ 1.7 log @Avoid dependency on libXpm; thanks to adrianp @ text @d1 1 a1 1 $NetBSD$ a13 9 @@@@ -24163,6 +24163,8 @@@@ do case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + : Avoid regenerating within pkgsrc + exit 0 ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) echo "$ac_cs_version"; exit ;; @ 1.6 log @CVE-2006-2906 has been fixed upstream another way; this patch is unneeded @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.5 2007/02/17 07:04:45 adam Exp $ d3 20 a22 61 --- gd_gif_in.c.orig 2007-02-03 02:41:00.000000000 +0100 +++ gd_gif_in.c @@@@ -118,6 +118,7 @@@@ BGD_DECLARE(gdImagePtr) gdImageCreateFro char version[4]; /* 2.0.28: threadsafe storage */ int ZeroDataBlock = FALSE; + int maxcount = 1024; gdImagePtr im = 0; if (! ReadOK(fd,buf,6)) { @@@@ -166,6 +167,8 @@@@ BGD_DECLARE(gdImagePtr) gdImageCreateFro } if (c != ',') { /* Not a valid start character */ + if (--maxcount < 0) + goto terminated; /* Looping */ continue; } @@@@ -253,6 +256,7 @@@@ static int DoExtension(gdIOCtx *fd, int label, int *Transparent, int *ZeroDataBlockP) { static unsigned char buf[256]; + int maxcount = 1024; switch (label) { case 0xf9: /* Graphic Control Extension */ @@@@ -265,13 +269,13 @@@@ DoExtension(gdIOCtx *fd, int label, int if ((buf[0] & 0x1) != 0) *Transparent = buf[3]; - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount >= 0) ; return FALSE; default: break; } - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount >= 0) ; return FALSE; @@@@ -430,14 +434,15 @@@@ LWZReadByte_(gdIOCtx *fd, int flag, int } else if (code == end_code) { int count; unsigned char buf[260]; + int maxcount = 1024; if (*ZeroDataBlockP) return -2; - while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0) + while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --maxcount >= 0) ; - if (count != 0) + if (count != 0 || maxcount < 0) return -2; } @ 1.5 log @Patch patch-ac @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.4 2007/02/16 20:37:52 adam Exp $ @ 1.4 log @Changes 2.0.34: * 32-bit multiplication overflow vulnerabilities along with a number of similar issues * Memory allocation errors that were not checked * Multiple issues in the GIF loader. Corrupt gif images would cause a segfault or infinite loop * Malformed or empty PNG image also may have caused segfaults * gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0) * Antialiased lines drawn on an images edge caused a segfault * gdImageFill segfaulted when used with patterns or invalid arguments * gdImageFilledEllipse did not respect transparency @ text @d1 1 a1 1 $NetBSD$ d35 1 a35 1 + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount > 0) d42 1 a42 1 + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount > 0) @ 1.3 log @Security fix for CVE-2006-2906: "The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop." Patch from Xavier Roche via Ubuntu. @ text @d3 3 a5 5 Security fix for CVE-2006-2906, from Xavier Roche via Ubuntu. --- gd_gif_in.c.orig 2004-11-01 19:28:56.000000000 +0100 +++ gd_gif_in.c 2006-06-14 23:30:38.000000000 +0200 @@@@ -118,6 +118,7 @@@@ d13 1 a13 1 @@@@ -164,6 +165,8 @@@@ d22 1 a22 1 @@@@ -242,6 +245,7 @@@@ d30 1 a30 1 @@@@ -254,13 +258,13 @@@@ d34 2 a35 2 - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0) d41 2 a42 2 - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0) d46 1 a46 1 @@@@ -419,14 +423,15 @@@@ @ 1.3.6.1 log @Pullup ticket 2022 - requested by salo security update for gd - pkgsrc/graphics/gd/Makefile 1.71-1.72 - pkgsrc/graphics/gd/distinfo 1.24-1.25 - pkgsrc/graphics/gd/patches/patch-ac 1.4-1.5 Module Name: pkgsrc Committed By: wiz Date: Wed Feb 7 20:28:49 UTC 2007 Modified Files: pkgsrc/graphics/gd: Makefile Log Message: Update HOMEPAGE. --- Module Name: pkgsrc Committed By: adam Date: Fri Feb 16 20:37:52 UTC 2007 Modified Files: pkgsrc/graphics/gd: Makefile distinfo pkgsrc/graphics/gd/patches: patch-ac Log Message: Changes 2.0.34: * 32-bit multiplication overflow vulnerabilities along with a number of similar issues * Memory allocation errors that were not checked * Multiple issues in the GIF loader. Corrupt gif images would cause a segfault or infinite loop * Malformed or empty PNG image also may have caused segfaults * gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0) * Antialiased lines drawn on an images edge caused a segfault * gdImageFill segfaulted when used with patterns or invalid arguments * gdImageFilledEllipse did not respect transparency --- Module Name: pkgsrc Committed By: adam Date: Sat Feb 17 07:04:45 UTC 2007 Modified Files: pkgsrc/graphics/gd: distinfo pkgsrc/graphics/gd/patches: patch-ac Log Message: Patch patch-ac @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.5 2007/02/17 07:04:45 adam Exp $ d3 5 a7 3 --- gd_gif_in.c.orig 2007-02-03 02:41:00.000000000 +0100 +++ gd_gif_in.c @@@@ -118,6 +118,7 @@@@ BGD_DECLARE(gdImagePtr) gdImageCreateFro d15 1 a15 1 @@@@ -166,6 +167,8 @@@@ BGD_DECLARE(gdImagePtr) gdImageCreateFro d24 1 a24 1 @@@@ -253,6 +256,7 @@@@ static int d32 1 a32 1 @@@@ -265,13 +269,13 @@@@ DoExtension(gdIOCtx *fd, int label, int d36 2 a37 2 - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount >= 0) d43 2 a44 2 - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount >= 0) d48 1 a48 1 @@@@ -430,14 +434,15 @@@@ LWZReadByte_(gdIOCtx *fd, int flag, int @ 1.2 log @Convert to use buildlink.mk files and mark as USE_BUILDLINK_ONLY. Also use REPLACE_PERL instead of patching to replace /usr/bin/perl. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 2001/06/14 06:36:50 kei Exp $ d3 62 a64 5 --- bdftogd.orig Thu Jun 14 14:46:54 2001 +++ bdftogd Thu Jun 14 14:49:18 2001 @@@@ -1,4 +1,4 @@@@ -#!/usr/bin/perl -w +#!@@PREFIX@@/bin/perl -w a65 2 # # Simple convertor from bdf to gd font format. @ 1.2.20.1 log @Pullup ticket 1702 - requested by salo security fix for gd Revisions pulled up: - pkgsrc/graphics/gd/Makefile 1.68, 1.69, 1.70 - pkgsrc/graphics/gd/distinfo 1.23 - pkgsrc/graphics/gd/patches/patch-ac 1.3 Module Name: pkgsrc Committed By: minskim Date: Sun May 14 18:19:08 UTC 2006 Modified Files: pkgsrc/graphics/gd: Makefile Log Message: Fix a pkglint warning. --- Module Name: pkgsrc Committed By: minskim Date: Sun May 14 18:22:38 UTC 2006 Modified Files: pkgsrc/graphics/gd: Makefile Log Message: This package installs a perl script. Add a dependency on perl using USE_TOOLS. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: salo Date: Wed Jun 14 21:42:33 UTC 2006 Modified Files: pkgsrc/graphics/gd: Makefile distinfo Added Files: pkgsrc/graphics/gd/patches: patch-ac Log Message: Security fix for CVE-2006-2906: "The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop." Patch from Xavier Roche via Ubuntu. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.3 2006/06/14 21:42:33 salo Exp $ d3 5 a7 62 Security fix for CVE-2006-2906, from Xavier Roche via Ubuntu. --- gd_gif_in.c.orig 2004-11-01 19:28:56.000000000 +0100 +++ gd_gif_in.c 2006-06-14 23:30:38.000000000 +0200 @@@@ -118,6 +118,7 @@@@ char version[4]; /* 2.0.28: threadsafe storage */ int ZeroDataBlock = FALSE; + int maxcount = 1024; gdImagePtr im = 0; if (! ReadOK(fd,buf,6)) { @@@@ -164,6 +165,8 @@@@ } if (c != ',') { /* Not a valid start character */ + if (--maxcount < 0) + goto terminated; /* Looping */ continue; } @@@@ -242,6 +245,7 @@@@ DoExtension(gdIOCtx *fd, int label, int *Transparent, int *ZeroDataBlockP) { static unsigned char buf[256]; + int maxcount = 1024; switch (label) { case 0xf9: /* Graphic Control Extension */ @@@@ -254,13 +258,13 @@@@ if ((buf[0] & 0x1) != 0) *Transparent = buf[3]; - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0) ; return FALSE; default: break; } - while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0) + while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0) ; return FALSE; @@@@ -419,14 +423,15 @@@@ } else if (code == end_code) { int count; unsigned char buf[260]; + int maxcount = 1024; if (*ZeroDataBlockP) return -2; - while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0) + while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --maxcount >= 0) ; - if (count != 0) + if (count != 0 || maxcount < 0) return -2; } d9 2 @ 1.1 log @added support to fix the path to perl. It seems that we need more generic way to replace the symbols (e.g. paths) in the various files. @ text @d1 1 a1 1 $NetBSD$ @