security update: graphics/png

Matthias Kilian Sun, 27 Jun 2010 01:41:59 -0700

SECURITY update to 1.2.44.

Fixes CVE-2010-1205.


I think this needs a major bump because irowbytes in png_struct_def
has been replaced with user_chunk_cache_max, which has a completely
different meaning.

Regress tests did pass on amd64. No other tests yet (I'm currently
rebuilding stuff depending on png).


Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/png/Makefile,v
retrieving revision 1.74
diff -u -p -r1.74 Makefile
--- Makefile    6 Dec 2009 21:43:11 -0000       1.74
+++ Makefile    27 Jun 2010 07:23:54 -0000
@@ -2,10 +2,10 @@
 
 COMMENT=       library for manipulating PNG images
 
-VERSION=       1.2.41
+VERSION=       1.2.44
 DISTNAME=      libpng-${VERSION}
 PKGNAME=       png-${VERSION}
-SHARED_LIBS=   png     9.0
+SHARED_LIBS=   png     10.0
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libpng/}
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/png/distinfo,v
retrieving revision 1.25
diff -u -p -r1.25 distinfo
--- distinfo    6 Dec 2009 21:43:11 -0000       1.25
+++ distinfo    27 Jun 2010 07:23:54 -0000
@@ -1,5 +1,5 @@
-MD5 (libpng-1.2.41.tar.gz) = gquHgY+yKWFiCqx+yp/qFA==
-RMD160 (libpng-1.2.41.tar.gz) = ngLrCcdCbXFNTnzu72/lIB6yeN8=
-SHA1 (libpng-1.2.41.tar.gz) = yeXqiE2PVVHeMoIQzPw4bGBiQ2Y=
-SHA256 (libpng-1.2.41.tar.gz) = hjrO7P6pfKQRz9hLZfO4d/w5OvaS1IRKr2XRObCk+bw=
-SIZE (libpng-1.2.41.tar.gz) = 829665
+MD5 (libpng-1.2.44.tar.gz) = ibYvjaruqxNC4wfW0UEf8Q==
+RMD160 (libpng-1.2.44.tar.gz) = ZFgC0qiz+SyrYQVgTisZjkgyVPQ=
+SHA1 (libpng-1.2.44.tar.gz) = d2u45C2GvXGuWODZb4VHLB1jvus=
+SHA256 (libpng-1.2.44.tar.gz) = bVvgKh2QQL9OggXgbJ+2oHDI/ACFnZ4XKcTED/EB9n0=
+SIZE (libpng-1.2.44.tar.gz) = 829035
Index: patches/patch-scripts_libpng_pc_in
===================================================================
RCS file: /cvs/ports/graphics/png/patches/patch-scripts_libpng_pc_in,v
retrieving revision 1.17
diff -u -p -r1.17 patch-scripts_libpng_pc_in
--- patches/patch-scripts_libpng_pc_in  6 Dec 2009 21:43:11 -0000       1.17
+++ patches/patch-scripts_libpng_pc_in  27 Jun 2010 07:23:54 -0000
@@ -1,6 +1,6 @@
 $OpenBSD: patch-scripts_libpng_pc_in,v 1.17 2009/12/06 21:43:11 naddy Exp $
---- scripts/libpng.pc.in.orig  Sat Sep  8 05:23:01 2007
-+++ scripts/libpng.pc.in       Wed Oct  3 17:20:11 2007
+--- scripts/libpng.pc.in.orig  Sat Jun 26 02:31:16 2010
++++ scripts/libpng.pc.in       Sun Jun 27 08:23:08 2010
 @@ -1,10 +1,10 @@
  pref...@prefix@
  exec_pref...@exec_prefix@
@@ -10,7 +10,7 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1
  
  Name: libpng
  Description: Loads and saves PNG files
- Version: 1.2.41
+ Version: 1.2.44
 -Libs: -L${libdir} -lpng12
 +Libs: -L${libdir} -lpng -lz -lm
  Cflags: -I${includedir}
Index: patches/patch-scripts_makefile_openbsd
===================================================================
RCS file: /cvs/ports/graphics/png/patches/patch-scripts_makefile_openbsd,v
retrieving revision 1.30
diff -u -p -r1.30 patch-scripts_makefile_openbsd
--- patches/patch-scripts_makefile_openbsd      6 Dec 2009 21:43:11 -0000       
1.30
+++ patches/patch-scripts_makefile_openbsd      27 Jun 2010 07:23:54 -0000
@@ -1,6 +1,6 @@
 $OpenBSD: patch-scripts_makefile_openbsd,v 1.30 2009/12/06 21:43:11 naddy Exp $
---- scripts/makefile.openbsd.orig      Thu Aug 13 13:13:23 2009
-+++ scripts/makefile.openbsd   Sun Aug 23 16:21:58 2009
+--- scripts/makefile.openbsd.orig      Sat Jun 26 02:31:16 2010
++++ scripts/makefile.openbsd   Sun Jun 27 08:39:13 2010
 @@ -7,11 +7,12 @@
  # and license in png.h
  
@@ -12,7 +12,7 @@ $OpenBSD: patch-scripts_makefile_openbsd
 +DOCDIR= ${PREFIX}/share/doc/png
  
 -SHLIB_MAJOR=  0
--SHLIB_MINOR=  1.2.41
+-SHLIB_MINOR=  1.2.44
  
  LIB=  png
  SRCS= png.c pngerror.c pngget.c pngmem.c pngpread.c \
@@ -25,7 +25,7 @@ $OpenBSD: patch-scripts_makefile_openbsd
  
  MAN=  libpng.3 libpngpf.3 png.5
 -DOCS = ANNOUNCE CHANGES INSTALL KNOWNBUG LICENSE README TODO Y2KINFO 
libpng.txt
-+DOCS = libpng-1.2.41.txt
++DOCS = libpng-1.2.44.txt
  
 +all: ${_LIBS} libpng-config libpng.pc
 +
@@ -58,7 +58,7 @@ $OpenBSD: patch-scripts_makefile_openbsd
  
  beforeinstall:
 -      if [ ! -d ${DESTDIR}${PREFIX}/include/libpng ]; then \
--        ${INSTALL} -d -o root -g wheel ${DESTDIR}${PREFIX}/include/libpng; \
+-        ${INSTALL} -d -o root -g wheel ${DESTDIR}${PREFIX}/include; \
 +      if [ ! -d ${DESTDIR}${INCDIR} ]; then \
 +        ${INSTALL} -d -o root -g wheel ${DESTDIR}${INCDIR}; \
        fi
@@ -86,7 +86,7 @@ $OpenBSD: patch-scripts_makefile_openbsd
 +      ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} \
 +              -m ${BINMODE} libpng-config ${DESTDIR}${BINDIR}
        ${INSTALL} ${INSTALL_COPY} -o ${SHAREOWN} -g ${SHAREGRP} \
--              -m ${NONBINMODE} ${HDRS} ${DESTDIR}${PREFIX}/include/libpng
+-              -m ${NONBINMODE} ${HDRS} ${DESTDIR}${PREFIX}/include
 +              -m ${NONBINMODE} ${HDRS} ${DESTDIR}${INCDIR}
        ${INSTALL} ${INSTALL_COPY} -o ${SHAREOWN} -g ${SHAREGRP} \
 -              -m ${NONBINMODE} ${HDRS} ${DESTDIR}${PREFIX}/include

security update: graphics/png

Reply via email to