/opt/local/bin/c_rehash seems to come from the openssl package but is broken #354

sjorge · 2016-04-16T17:26:54Z

Due to missing perl

jperkin · 2016-06-02T07:48:40Z

Thanks! Sorry it's taken so long to get to this one, it will be fixed in 2016Q2.

Jorge Schrauwen in TritonDataCenter/pkgsrc#354. Bump PKGREVISION.

Upstream Changelog: Security gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) double-free in gdImageWebPtr() (CVE-2016-6912) potential unsigned underflow in gd_interpolation.c DOS vulnerability in gdImageCreateFromGd2Ctx() Fixed Fix #354: Signed Integer Overflow gd_io.c Fix #340: System frozen Fix OOB reads of the TGA decompression buffer Fix DOS vulnerability in gdImageCreateFromGd2Ctx() Fix potential unsigned underflow Fix double-free in gdImageWebPtr() Fix invalid read in gdImageCreateFromTiffPtr() Fix OOB reads of the TGA decompression buffer Fix #68: gif: buffer underflow reported by AddressSanitizer Avoid potentially dangerous signed to unsigned conversion Fix #304: test suite failure in gif/bug00006 [2.2.3] Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border Fix #330: Integer overflow in gdImageScaleBilinearPalette() Fix 321: Null pointer dereferences in gdImageRotateInterpolated Fix whitespace and add missing comment block Fix #319: gdImageRotateInterpolated can have wrong background color Fix color quantization documentation Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag Fix #300: gdImageClone() assigns res_y = res_x Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness() Replace GNU old-style field designators with C89 compatible initializers Fix #297: gdImageCrop() converts palette image to truecolor image Fix #290: TGA RLE decoding is broken Fix unnecessary non NULL checks Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files Fix #280: gdImageWebpEx() quantization parameter is a misnomer Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx() Fix issue #276: Sometimes pixels are missing when storing images as BMPs Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts Fix copy&paste error in gdImageScaleBicubicFixed() Added More documentation Documentation on GD and GD2 formats More tests

graphics/gd: security fix Revisions pulled up: - graphics/gd/Makefile 1.113 - graphics/gd/distinfo 1.43 - graphics/gd/patches/patch-src_gd__webp.c deleted --- Module Name: pkgsrc Committed By: spz Date: Sat Feb 4 23:05:52 UTC 2017 Modified Files: pkgsrc/graphics/gd: Makefile distinfo Removed Files: pkgsrc/graphics/gd/patches: patch-src_gd__webp.c Log Message: update of gd to 2.2.4. Upstream Changelog: Security gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) double-free in gdImageWebPtr() (CVE-2016-6912) potential unsigned underflow in gd_interpolation.c DOS vulnerability in gdImageCreateFromGd2Ctx() Fixed Fix #354: Signed Integer Overflow gd_io.c Fix #340: System frozen Fix OOB reads of the TGA decompression buffer Fix DOS vulnerability in gdImageCreateFromGd2Ctx() Fix potential unsigned underflow Fix double-free in gdImageWebPtr() Fix invalid read in gdImageCreateFromTiffPtr() Fix OOB reads of the TGA decompression buffer Fix #68: gif: buffer underflow reported by AddressSanitizer Avoid potentially dangerous signed to unsigned conversion Fix #304: test suite failure in gif/bug00006 [2.2.3] Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border Fix #330: Integer overflow in gdImageScaleBilinearPalette() Fix 321: Null pointer dereferences in gdImageRotateInterpolated Fix whitespace and add missing comment block Fix #319: gdImageRotateInterpolated can have wrong background color Fix color quantization documentation Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag Fix #300: gdImageClone() assigns res_y = res_x Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness() Replace GNU old-style field designators with C89 compatible initializers Fix #297: gdImageCrop() converts palette image to truecolor image Fix #290: TGA RLE decoding is broken Fix unnecessary non NULL checks Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files Fix #280: gdImageWebpEx() quantization parameter is a misnomer Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx() Fix issue #276: Sometimes pixels are missing when storing images as BMPs Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts Fix copy&paste error in gdImageScaleBicubicFixed() Added More documentation Documentation on GD and GD2 formats More tests

jperkin self-assigned this Jun 2, 2016

jperkin closed this as completed Jun 2, 2016

jsonn referenced this issue in jsonn/pkgsrc Jun 2, 2016

Make perl a runtime dependency, it is used by c_rehash. Reported by

af267e8

Jorge Schrauwen in TritonDataCenter/pkgsrc#354. Bump PKGREVISION.

jsonn referenced this issue in jsonn/pkgsrc Jun 4, 2016

Make perl a runtime dependency, it is used by c_rehash. Reported by

3ddf4ce

Jorge Schrauwen in TritonDataCenter/pkgsrc#354. Bump PKGREVISION.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

/opt/local/bin/c_rehash seems to come from the openssl package but is broken #354

/opt/local/bin/c_rehash seems to come from the openssl package but is broken #354

sjorge commented Apr 16, 2016

jperkin commented Jun 2, 2016

/opt/local/bin/c_rehash seems to come from the openssl package but is broken #354

/opt/local/bin/c_rehash seems to come from the openssl package but is broken #354

Comments

sjorge commented Apr 16, 2016

jperkin commented Jun 2, 2016