pkgsrc/graphics/gd/Makefile

# $NetBSD: Makefile,v 1.121 2018/09/10 13:34:16 kim Exp $

DISTNAME=	libgd-2.2.5
PKGNAME=	${DISTNAME:S/libgd/gd/}
PKGREVISION=	4
CATEGORIES=	graphics
MASTER_SITES=	${MASTER_SITE_GITHUB:=libgd/}
EXTRACT_SUFX=	.tar.xz

PATCH_SITES=	${MASTER_SITE_GITHUB:=libgd/libgd/commit/}
PATCHFILES=	4b1e18a00ce7c4b7e6919c3b3109a034393b805a.patch
PATCH_DIST_STRIP=	-p1

MAINTAINER=	adam@NetBSD.org
HOMEPAGE=	https://libgd.github.io/
COMMENT=	Graphics library for the dynamic creation of images

GITHUB_PROJECT=	libgd
GITHUB_RELEASE=	gd-${PKGVERSION_NOREV}

.include "options.mk"

USE_LIBTOOL=		yes
USE_TOOLS+=		perl:run pkg-config
GNU_CONFIGURE=		yes
CONFIGURE_ARGS+=	--disable-werror
CONFIGURE_ARGS+=	--with-fontconfig=${BUILDLINK_PREFIX.fontconfig}
CONFIGURE_ARGS+=	--with-freetype=${BUILDLINK_PREFIX.freetype2}
CONFIGURE_ARGS+=	--with-jpeg=${BUILDLINK_PREFIX.jpeg}
CONFIGURE_ARGS+=	--with-liq=${BUILDLINK_PREFIX.libimagequant}
CONFIGURE_ARGS+=	--with-png=${BUILDLINK_PREFIX.png}
CONFIGURE_ARGS+=	--with-webp=${BUILDLINK_PREFIX.libwebp}
CONFIGURE_ARGS+=	--with-zlib=${BUILDLINK_PREFIX.zlib}
REPLACE_PERL+=		src/bdftogd
PTHREAD_AUTO_VARS=	yes

.include "../../converters/libiconv/buildlink3.mk"
.include "../../devel/zlib/buildlink3.mk"
.include "../../fonts/fontconfig/buildlink3.mk"
.include "../../graphics/freetype2/buildlink3.mk"
.include "../../graphics/libimagequant/buildlink3.mk"
.include "../../graphics/libwebp/buildlink3.mk"
.include "../../graphics/png/buildlink3.mk"
.include "../../mk/jpeg.buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
Add upstream patch to address CVE-2018-1000222. Restore the tiff option, so libtiff can be avoided. Ok by adam@. 2018-09-10 15:34:16 +02:00			`# $NetBSD: Makefile,v 1.121 2018/09/10 13:34:16 kim Exp $`
import the gd graphics generation library 1998-03-07 22:59:13 +01:00
Changes 2.2.5: Security * Double-free in gdImagePngPtr(). (CVE-2017-6362) * Buffer over-read into uninitialized memory. (CVE-2017-7890) Fixed * Fix 109: XBM reading fails with printed error * Fix 338: Fatal and normal libjpeg/ibpng errors not distinguishable * Fix 357: 2.2.4: Segfault in test suite * Fix 386: gdImageGrayScale() may produce colors * Fix 406: webpng -i removes the transparent color * Fix Coverity 155475: Failure to restore alphaBlendingFlag * Fix Coverity 155476: potential resource leak * Fix several build issues and test failures * Fix and reenable optimized support for reading 1 bps TIFFs Added * The native MSVC buildchain now supports libtiff and most executables 2017-09-04 08:20:45 +02:00			`DISTNAME= libgd-2.2.5`
Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes 2013-09-02 23:17:42 +02:00			`PKGNAME= ${DISTNAME:S/libgd/gd/}`
Add upstream patch to address CVE-2018-1000222. Restore the tiff option, so libtiff can be avoided. Ok by adam@. 2018-09-10 15:34:16 +02:00			`PKGREVISION= 4`
import the gd graphics generation library 1998-03-07 22:59:13 +01:00			`CATEGORIES= graphics`
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series. Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214) * bug 248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. 2016-08-02 20:29:21 +02:00			`MASTER_SITES= ${MASTER_SITE_GITHUB:=libgd/}`
Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes 2013-09-02 23:17:42 +02:00			`EXTRACT_SUFX= .tar.xz`
import the gd graphics generation library 1998-03-07 22:59:13 +01:00
Add upstream patch to address CVE-2018-1000222. Restore the tiff option, so libtiff can be avoided. Ok by adam@. 2018-09-10 15:34:16 +02:00			`PATCH_SITES= ${MASTER_SITE_GITHUB:=libgd/libgd/commit/}`
			`PATCHFILES= 4b1e18a00ce7c4b7e6919c3b3109a034393b805a.patch`
			`PATCH_DIST_STRIP= -p1`

s/netbsd.org/NetBSD.org/ 2003-07-17 23:31:04 +02:00			`MAINTAINER= adam@NetBSD.org`
graphics/gd: fix undefined behavior in ctype functions 2018-02-25 15:34:22 +01:00			`HOMEPAGE= https://libgd.github.io/`
Changes 2.0.17: minor compilation and packaging problem fixed Changes 2.0.16: Adds polar coordinate transformation, text on a circle, thread safety truetype font output, performance optimizations, correct compilation with the latest versions of freetype, and many fixes 2004-01-05 16:30:16 +01:00			`COMMENT= Graphics library for the dynamic creation of images`
import the gd graphics generation library 1998-03-07 22:59:13 +01:00
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series. Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214) * bug 248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. 2016-08-02 20:29:21 +02:00			`GITHUB_PROJECT= libgd`
			`GITHUB_RELEASE= gd-${PKGVERSION_NOREV}`
Update to 2.1.1 Changelog: GD team proudly announces that the 2.1.1 version of GD Graphics Library has been released. We have fixed some reported bugs and improved the build scripts (cmake and configure). See the Changelog files for a full list with details or CVEs. This is a recommended update. 2015-06-30 12:20:10 +02:00
PKG_DESTDIR_SUPPORT needs to be before .include "options.mk" 2009-05-19 00:18:42 +02:00			`.include "options.mk"`

Changes 2.0.34: * 32-bit multiplication overflow vulnerabilities along with a number of similar issues * Memory allocation errors that were not checked * Multiple issues in the GIF loader. Corrupt gif images would cause a segfault or infinite loop * Malformed or empty PNG image also may have caused segfaults * gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0) * Antialiased lines drawn on an images edge caused a segfault * gdImageFill segfaulted when used with patterns or invalid arguments * gdImageFilledEllipse did not respect transparency 2007-02-16 21:37:52 +01:00			`USE_LIBTOOL= yes`
Use pkg-config. Fixes freetype2 detection and "annotate" build on Darwin. 2018-05-05 14:13:44 +02:00			`USE_TOOLS+= perl:run pkg-config`
Changes 2.0.34: * 32-bit multiplication overflow vulnerabilities along with a number of similar issues * Memory allocation errors that were not checked * Multiple issues in the GIF loader. Corrupt gif images would cause a segfault or infinite loop * Malformed or empty PNG image also may have caused segfaults * gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0) * Antialiased lines drawn on an images edge caused a segfault * gdImageFill segfaulted when used with patterns or invalid arguments * gdImageFilledEllipse did not respect transparency 2007-02-16 21:37:52 +01:00			`GNU_CONFIGURE= yes`
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series. Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214) * bug 248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. 2016-08-02 20:29:21 +02:00			`CONFIGURE_ARGS+= --disable-werror`
Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes 2013-09-02 23:17:42 +02:00			`CONFIGURE_ARGS+= --with-fontconfig=${BUILDLINK_PREFIX.fontconfig}`
			`CONFIGURE_ARGS+= --with-freetype=${BUILDLINK_PREFIX.freetype2}`
			`CONFIGURE_ARGS+= --with-jpeg=${BUILDLINK_PREFIX.jpeg}`
Changes 2.2.5: Security * Double-free in gdImagePngPtr(). (CVE-2017-6362) * Buffer over-read into uninitialized memory. (CVE-2017-7890) Fixed * Fix 109: XBM reading fails with printed error * Fix 338: Fatal and normal libjpeg/ibpng errors not distinguishable * Fix 357: 2.2.4: Segfault in test suite * Fix 386: gdImageGrayScale() may produce colors * Fix 406: webpng -i removes the transparent color * Fix Coverity 155475: Failure to restore alphaBlendingFlag * Fix Coverity 155476: potential resource leak * Fix several build issues and test failures * Fix and reenable optimized support for reading 1 bps TIFFs Added * The native MSVC buildchain now supports libtiff and most executables 2017-09-04 08:20:45 +02:00			`CONFIGURE_ARGS+= --with-liq=${BUILDLINK_PREFIX.libimagequant}`
Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes 2013-09-02 23:17:42 +02:00			`CONFIGURE_ARGS+= --with-png=${BUILDLINK_PREFIX.png}`
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series. Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214) * bug 248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. 2016-08-02 20:29:21 +02:00			`CONFIGURE_ARGS+= --with-webp=${BUILDLINK_PREFIX.libwebp}`
Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes 2013-09-02 23:17:42 +02:00			`CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib}`
			`REPLACE_PERL+= src/bdftogd`
Added PTHREAD_AUTO_VARS=yes so this builds properly on 2.0. (thanks, Juan RP) 2004-11-29 18:00:01 +01:00			`PTHREAD_AUTO_VARS= yes`
* Update to gd-1.7.3. Now depends on graphics/freetype and graphics/xpm. * Build process no longer uses configure. * Change DESCR to reflect that gd makes PNG, not GIF, files. * Version library at 1.7. Fixes PR#???? Changes from version 1.6.3: -------------------------- What's new in version 1.7.3? Another attempt at Makefile fixes to permit linking with all libraries required on platforms with order- dependent linkers. Perhaps it will work this time. What's new in version 1.7.2? An uninitialized-pointer bug in gdtestttf.c was corrected. This bug caused crashes at the end of each call to gdImageStringTTF on some platforms. Thanks to Wolfgang Haefelinger. Documentation fixes. Thanks to Dohn Arms. Makefile fixes to permit linking with all libraries required on platforms with order- dependent linkers. What's new in version 1.7.1? A minor buglet in the Makefile was corrected, as well as an inaccurate error message in gdtestttf.c. Thanks to Masahito Yamaga. What's new in version 1.7? Version 1.7 contains the following changes: * Japanese language support for the TrueType functions. Thanks to Masahito Yamaga. * autoconf and configure have been removed, in favor of a carefully designed Makefile which produces and properly installs the library and the binaries. System-dependent variables are at the top of the Makefile for easy modification. I'm sorry, folks, but autoconf generated _many, many confused email messages_ from people who didn't have things where autoconf expected to find them. I am not an autoconf/automake wizard, and gd is a simple, very compact library which does not need to be a shared library. I _did_ make many improvements over the old gd 1.3 Makefile, which were directly inspired by the autoconf version found in the 1.6 series (thanks to John Ellson). * Completely ANSI C compliant, according to the -pedantic-errors flag of gcc. Several pieces of not-quite-ANSI-C code were causing problems for those with non-gcc compilers. * gdttf.c patched to allow the use of Windows symbol fonts, when present (thanks to Joseph Peppin). * extern "C" wrappers added to gd.h and the font header files for the convenience of C++ programmers. bdftogd was also modified to automatically insert these wrappers into future font header files. Thanks to John Lindal. * Compiles correctly on platforms that don't define SEEK_SET. Thanks to Robert Bonomi. * Loads Xpm images via the gdImageCreateFromXpm function, if the Xpm library is available. Thanks to Caolan McNamara. 1999-11-01 04:29:29 +01:00
Include libiconv. Fixes build on SunOS. 2013-09-04 11:39:20 +02:00			`.include "../../converters/libiconv/buildlink3.mk"`
bl3ify 2004-01-06 09:00:28 +01:00			`.include "../../devel/zlib/buildlink3.mk"`
explicitly link in with fontconfig since it will grab it anyway, see http://mail-index.netbsd.org/tech-pkg/2008/11/13/msg002046.html 2008-11-14 20:11:44 +01:00			`.include "../../fonts/fontconfig/buildlink3.mk"`
bl3ify 2004-01-06 09:00:28 +01:00			`.include "../../graphics/freetype2/buildlink3.mk"`
Changes 2.2.5: Security * Double-free in gdImagePngPtr(). (CVE-2017-6362) * Buffer over-read into uninitialized memory. (CVE-2017-7890) Fixed * Fix 109: XBM reading fails with printed error * Fix 338: Fatal and normal libjpeg/ibpng errors not distinguishable * Fix 357: 2.2.4: Segfault in test suite * Fix 386: gdImageGrayScale() may produce colors * Fix 406: webpng -i removes the transparent color * Fix Coverity 155475: Failure to restore alphaBlendingFlag * Fix Coverity 155476: potential resource leak * Fix several build issues and test failures * Fix and reenable optimized support for reading 1 bps TIFFs Added * The native MSVC buildchain now supports libtiff and most executables 2017-09-04 08:20:45 +02:00			`.include "../../graphics/libimagequant/buildlink3.mk"`
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important milestone in the GD 2.2 series. Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214) * bug 248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128) * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. 2016-08-02 20:29:21 +02:00			`.include "../../graphics/libwebp/buildlink3.mk"`
bl3ify 2004-01-06 09:00:28 +01:00			`.include "../../graphics/png/buildlink3.mk"`
Changes 2.1.0: * gdColorMapLookup() answers the RGB values according to given color map * Added support of variable resolution * new filter gdImagePixelate() * merged improvements that PHP GD team had made to GD Graphics Library * bugfixes 2013-09-02 23:17:42 +02:00			`.include "../../mk/jpeg.buildlink3.mk"`
s/buildlink2/buildlink3/ I must be going blind! 2004-01-07 08:16:13 +01:00			`.include "../../mk/pthread.buildlink3.mk"`
Use the bsd.pkg.mk and bsd.pkg.subdir.mk files in the pkgsrc tree. Remove redundant (and sometimes erroneous) comments. 1998-04-15 12:38:15 +02:00			`.include "../../mk/bsd.pkg.mk"`