Mon Sep 7 11:21:28 2020 UTC ()
p5-GD: update to 2.72.

2.72    * fix CVE 2019-6977 colorMatch for older unpatched libgd versions.
          This is a severe security problem, an exploitable heap-overflow.
          See https://nvd.nist.gov/vuln/detail/CVE-2019-6977


(wiz)
diff -r1.88 -r1.89 pkgsrc/graphics/p5-GD/Makefile
diff -r1.28 -r1.29 pkgsrc/graphics/p5-GD/distinfo
cvs diff -r1.88 -r1.89 pkgsrc/graphics/p5-GD/Makefile (expand / switch to unified diff)

--- pkgsrc/graphics/p5-GD/Makefile 2020/08/31 18:09:41 1.88
+++ pkgsrc/graphics/p5-GD/Makefile 2020/09/07 11:21:28 1.89
@@ -1,30 +1,27 @@ @@ -1,30 +1,27 @@
1# $NetBSD: Makefile,v 1.88 2020/08/31 18:09:41 wiz Exp $ 1# $NetBSD: Makefile,v 1.89 2020/09/07 11:21:28 wiz Exp $
2 2
3DISTNAME= GD-2.71 3DISTNAME= GD-2.72
4PKGNAME= p5-${DISTNAME} 4PKGNAME= p5-${DISTNAME}
5PKGREVISION= 3 
6CATEGORIES= graphics perl5 5CATEGORIES= graphics perl5
7MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=GD/} 6MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=GD/}
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://metacpan.org/release/GD 9HOMEPAGE= https://metacpan.org/release/GD
11COMMENT= Perl5 interface to gd graphics library 10COMMENT= Perl5 interface to gd graphics library
12LICENSE= gnu-gpl-v2 OR artistic-2.0 11LICENSE= gnu-gpl-v2 OR artistic-2.0
13 12
14BUILD_DEPENDS+= p5-ExtUtils-PkgConfig>=1:../../devel/p5-ExtUtils-PkgConfig 13BUILD_DEPENDS+= p5-ExtUtils-PkgConfig>=1:../../devel/p5-ExtUtils-PkgConfig
15 14
16USE_LANGUAGES= c 
17 
18# This is required at least on some Solaris builds to get a runnable 15# This is required at least on some Solaris builds to get a runnable
19# package, and should be harmless on other platforms. See PR 45873. 16# package, and should be harmless on other platforms. See PR 45873.
20CFLAGS+= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 17CFLAGS+= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
21 18
22PERL5_PACKLIST= auto/GD/.packlist 19PERL5_PACKLIST= auto/GD/.packlist
23PERL5_OPTIONS+= threads 20PERL5_OPTIONS+= threads
24 21
25# stop package's GetOptions() from parsing Module::Build settings 22# stop package's GetOptions() from parsing Module::Build settings
26MAKE_PARAMS+= -- 23MAKE_PARAMS+= --
27 24
28post-extract: 25post-extract:
29 chmod a+w ${WRKSRC}/bdf_scripts/bdf2gdfont_pl.PL 26 chmod a+w ${WRKSRC}/bdf_scripts/bdf2gdfont_pl.PL
30 27
cvs diff -r1.28 -r1.29 pkgsrc/graphics/p5-GD/distinfo (expand / switch to unified diff)

--- pkgsrc/graphics/p5-GD/distinfo 2019/02/24 00:52:58 1.28
+++ pkgsrc/graphics/p5-GD/distinfo 2020/09/07 11:21:28 1.29
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.28 2019/02/24 00:52:58 mef Exp $ 1$NetBSD: distinfo,v 1.29 2020/09/07 11:21:28 wiz Exp $
2 2
3SHA1 (GD-2.71.tar.gz) = b1bbc5c55bdc80553fabf17b01a90e6be0f4886c 3SHA1 (GD-2.72.tar.gz) = d3dbf21ea369a8e78a9d164ed198246c160557f3
4RMD160 (GD-2.71.tar.gz) = 8cf166852315841ffbdf44afea5fb7e8c415457c 4RMD160 (GD-2.72.tar.gz) = 2bfdbb28b46d41a315e8c776c2357c39f96619ba
5SHA512 (GD-2.71.tar.gz) = 3a1555f07e6ab36a7218f24853f4168914be45e8c19ab0fe971ab044725dc0d7efeca75be2e4408406e69601f07e047fd3ea157acc9b9d339c9917a1c3e1f74d 5SHA512 (GD-2.72.tar.gz) = 93a42c2385673ce8133102adc125da966f8a8abcebe4a0a9d87ae3e77a84870138db81f532e393eb1c5be4b12c71b737bd5b85ed84cf4b8580f08a5296189103
6Size (GD-2.71.tar.gz) = 256845 bytes 6Size (GD-2.72.tar.gz) = 259938 bytes