Mon Sep 7 11:21:28 2020 UTC ()
p5-GD: update to 2.72.
2.72 * fix CVE 2019-6977 colorMatch for older unpatched libgd versions.
This is a severe security problem, an exploitable heap-overflow.
See https://nvd.nist.gov/vuln/detail/CVE-2019-6977
(wiz)
diff -r1.88 -r1.89 pkgsrc/graphics/p5-GD/Makefile
diff -r1.28 -r1.29 pkgsrc/graphics/p5-GD/distinfo
--- pkgsrc/graphics/p5-GD/Makefile 2020/08/31 18:09:41 1.88
+++ pkgsrc/graphics/p5-GD/Makefile 2020/09/07 11:21:28 1.89
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2020/08/31 18:09:41 wiz Exp $
+# $NetBSD: Makefile,v 1.89 2020/09/07 11:21:28 wiz Exp $
-DISTNAME= GD-2.71
+DISTNAME= GD-2.72
PKGNAME= p5-${DISTNAME}
-PKGREVISION= 3
CATEGORIES= graphics perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=GD/}
@@ -12,8 +11,6 @@
LICENSE= gnu-gpl-v2 OR artistic-2.0
BUILD_DEPENDS+= p5-ExtUtils-PkgConfig>=1:../../devel/p5-ExtUtils-PkgConfig
-
-USE_LANGUAGES= c
# This is required at least on some Solaris builds to get a runnable
# package, and should be harmless on other platforms. See PR 45873.
--- pkgsrc/graphics/p5-GD/distinfo 2019/02/24 00:52:58 1.28
+++ pkgsrc/graphics/p5-GD/distinfo 2020/09/07 11:21:28 1.29
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.28 2019/02/24 00:52:58 mef Exp $
+$NetBSD: distinfo,v 1.29 2020/09/07 11:21:28 wiz Exp $
-SHA1 (GD-2.71.tar.gz) = b1bbc5c55bdc80553fabf17b01a90e6be0f4886c
+SHA1 (GD-2.72.tar.gz) = d3dbf21ea369a8e78a9d164ed198246c160557f3
-RMD160 (GD-2.71.tar.gz) = 8cf166852315841ffbdf44afea5fb7e8c415457c
+RMD160 (GD-2.72.tar.gz) = 2bfdbb28b46d41a315e8c776c2357c39f96619ba
-SHA512 (GD-2.71.tar.gz) = 3a1555f07e6ab36a7218f24853f4168914be45e8c19ab0fe971ab044725dc0d7efeca75be2e4408406e69601f07e047fd3ea157acc9b9d339c9917a1c3e1f74d
+SHA512 (GD-2.72.tar.gz) = 93a42c2385673ce8133102adc125da966f8a8abcebe4a0a9d87ae3e77a84870138db81f532e393eb1c5be4b12c71b737bd5b85ed84cf4b8580f08a5296189103
-Size (GD-2.71.tar.gz) = 256845 bytes
+Size (GD-2.72.tar.gz) = 259938 bytes