Hi All,
update png to 1.6.32. This release includes a security patch:
"libpng version 1.6.31 added png_handle_eXIf(), which has a
null-pointer-dereference bug as well as a potential memory leak. Insofar
as the function has existed for only four weeks and the chunk itself for
only six, it's unlikely there are any applications affected by it at
this time, but they might come into existence in the future. The
vulnerability is fixed in version 1.6.32, released on 24 August 2017."
Ok? Comments?
Best regards,
Rafael Sadowksi
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/png/Makefile,v
retrieving revision 1.119
diff -u -p -u -p -r1.119 Makefile
--- Makefile 12 Aug 2017 03:05:29 -0000 1.119
+++ Makefile 7 Oct 2017 13:42:41 -0000
@@ -2,7 +2,7 @@
COMMENT= library for manipulating PNG images
-VERSION= 1.6.31
+VERSION= 1.6.32
DISTNAME= libpng-${VERSION}
PKGNAME= png-${VERSION}
CATEGORIES= graphics
@@ -10,8 +10,8 @@ DPB_PROPERTIES= parallel
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/}
EXTRACT_SUFX= .tar.xz
-SHARED_LIBS= png16 17.4 \
- png 17.4
+SHARED_LIBS= png16 17.5 \
+ png 17.5
HOMEPAGE= http://www.libpng.org/pub/png/libpng.html
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/png/distinfo,v
retrieving revision 1.56
diff -u -p -u -p -r1.56 distinfo
--- distinfo 12 Aug 2017 03:05:29 -0000 1.56
+++ distinfo 7 Oct 2017 13:42:41 -0000
@@ -1,2 +1,2 @@
-SHA256 (libpng-1.6.31.tar.xz) = IypgLeBJFrK1zm+QGCnK9BlRnmoWzJzXwckRh9Pui0E=
-SIZE (libpng-1.6.31.tar.xz) = 991824
+SHA256 (libpng-1.6.32.tar.xz) = yRjDET3nSmkvChUmzogdwmBndj6zkVxX7zoPe2iG9Zs=
+SIZE (libpng-1.6.32.tar.xz) = 997136
