Re: Update: graphics/png 1.5.9

[Gonzalo L. R.]

works fine here on i386 and amd64

El 02/25/12 15:55, Christian Weisgerber escribió:

Index: Makefile
===
RCS file: /cvs/ports/graphics/png/Makefile,v
retrieving revision 1.84
diff -u -p -r1.84 Makefile
--- Makefile17 Feb 2012 15:44:13 -  1.84
+++ Makefile25 Feb 2012 18:27:47 -
@@ -2,11 +2,10 @@

  COMMENT=  library for manipulating PNG images

-REVISION=  1
-VERSION=   1.5.6
+VERSION=   1.5.9
  DISTNAME= libpng-${VERSION}
  PKGNAME=  png-${VERSION}
-SHARED_LIBS=   png 13.0
+SHARED_LIBS=   png 14.0
  CATEGORIES=   graphics
  MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/}

Index: distinfo
===
RCS file: /cvs/ports/graphics/png/distinfo,v
retrieving revision 1.30
diff -u -p -r1.30 distinfo
--- distinfo14 Nov 2011 17:48:59 -  1.30
+++ distinfo25 Feb 2012 18:27:47 -
@@ -1,5 +1,5 @@
-MD5 (libpng-1.5.6.tar.gz) = iwwF7RJjfuHwYN37v1Juow==
-RMD160 (libpng-1.5.6.tar.gz) = k+8DwEmdUbqn0Q8oyaZTA0JTqEY=
-SHA1 (libpng-1.5.6.tar.gz) = Bo0wioIAPLskYC/9/HOMyEjPTq8=
-SHA256 (libpng-1.5.6.tar.gz) = Hc2lannwYYbTBAuAlauAfQdpUrS8t1eZNqohsIGTpUo=
-SIZE (libpng-1.5.6.tar.gz) = 1051616
+MD5 (libpng-1.5.9.tar.gz) = x0C6Zs1wdLokcbak/0jh+w==
+RMD160 (libpng-1.5.9.tar.gz) = P+f7QB8ayFCr4gGHcgZABUyF0xQ=
+SHA1 (libpng-1.5.9.tar.gz) = 5FOEdZhU4EkwUbFfaRXAFWLC/CQ=
+SHA256 (libpng-1.5.9.tar.gz) = t12uJhUfmwMQYsjS9XeglLCNoK5E/owRF10Ln/Q0zAI=
+SIZE (libpng-1.5.9.tar.gz) = 1065637
Index: patches/patch-pngerror_c
===
RCS file: patches/patch-pngerror_c
diff -N patches/patch-pngerror_c
--- patches/patch-pngerror_c3 Feb 2012 18:23:14 -   1.8
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,105 +0,0 @@
-$OpenBSD: patch-pngerror_c,v 1.8 2012/02/03 18:23:14 gsoares Exp $
-
-Fix for CVE-2011-3464
-(libpng "png_formatted_warning()" Off-by-One Vulnerability)
-
-patch came from upstream git:
-(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
-00c6a9a62c1825617c35c03ceb408114fffeca32)
-
 pngerror.c.origThu Nov  3 01:42:50 2011
-+++ pngerror.c Fri Feb  3 11:53:42 2012
-@@ -284,32 +284,35 @@ png_formatted_warning(png_structp png_ptr, png_warning
-/* The internal buffer is just 128 bytes - enough for all our messages,
- * overflow doesn't happen because this code checks!
- */
--   size_t i;
-+   size_t i = 0; /* Index in the msg[] buffer: */
-char msg[128];
-
--   for (i=0; i<(sizeof msg)-1&&  *message != '\0'; ++i)
-+   /* Each iteration through the following loop writes at most one character
-+* to msg[i++] then returns here to validate that there is still space for
-+* the trailing '\0'.  It may (in the case of a parameter) read more than
-+* one character from message[]; it must check for '\0' and continue to the
-+* test if it finds the end of string.
-+*/
-+   while (i<(sizeof msg)-1&&  *message != '\0')
-{
--  if (*message == '@')
-+  /* '@' at end of string is now just printed (previously it was skipped);
-+   * it is an error in the calling code to terminate the string with @.
-+   */
-+  if (p != NULL&&  *message == '@'&&  message[1] != '\0')
-   {
-- int parameter = -1;
-- switch (*++message)
-- {
--case '1':
--   parameter = 0;
--   break;
-+ int parameter_char = *++message; /* Consume the '@' */
-+ static const char valid_parameters[] = "123456789";
-+ int parameter = 0;
-
--case '2':
--   parameter = 1;
--   break;
-+ /* Search for the parameter digit, the index in the string is the
-+  * parameter to use.
-+  */
-+ while (valid_parameters[parameter] != parameter_char&&
-+valid_parameters[parameter] != '\0')
-+++parameter;
-
--case '\0':
--   continue; /* To break out of the for loop above. */
--
--default:
--   break;
-- }
--
-- if (parameter>= 0&&  parameter<  PNG_WARNING_PARAMETER_COUNT)
-+ /* If the parameter digit is out of range it will just get printed. 
*/
-+ if (parameter<  PNG_WARNING_PARAMETER_COUNT)
-  {
- /* Append this parameter */
- png_const_charp parm = p[parameter];
-@@ -319,28 +322,32 @@ png_formatted_warning(png_structp png_ptr, png_warning
-  * that parm[] has been initialized, so there is no guarantee of a
-  * trailing '\0':
-  */
--for (; i<(sizeof msg)-1&&  parm != '\0'&&  parm<  pend; ++i)
--   msg[i] = *parm++;
-+while (i<(sizeof msg)-1&&  *parm != '\0'&&  parm<  pend)
-+   msg[i++] = *parm++;
-
-+/* Consume the parameter digit too: */
- ++message;
-

Re: Update: graphics/png 1.5.9

[Christian Weisgerber]

And while we're here, also update the old version of png included with
graphics/povray. (CVE-2011-3026)

Index: Makefile
===
RCS file: /cvs/ports/graphics/povray/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- Makefile17 Jul 2011 13:32:37 -  1.21
+++ Makefile25 Feb 2012 19:58:59 -
@@ -3,7 +3,7 @@
 COMMENT=   3D image rendering package
 
 DISTNAME=  povray-3.6.1
-REVISION=  1
+REVISION=  2
 CATEGORIES=graphics
 
 HOMEPAGE=  http://www.povray.org/
@@ -22,7 +22,7 @@ EXTRACT_SUFX= .tar.bz2
 # We replace the included ancient copy of libpng with a later release
 # from the 1.2 branch.
 EXTRACT_ONLY=  ${DISTNAME}${EXTRACT_SUFX}
-PNG_V= 1.2.46
+PNG_V= 1.2.47
 MASTER_SITES0= ${MASTER_SITE_SOURCEFORGE:=libpng/}
 DISTFILES= ${EXTRACT_ONLY} libpng-${PNG_V}.tar.gz:0
 
Index: distinfo
===
RCS file: /cvs/ports/graphics/povray/distinfo,v
retrieving revision 1.5
diff -u -p -r1.5 distinfo
--- distinfo17 Jul 2011 13:32:37 -  1.5
+++ distinfo25 Feb 2012 19:59:09 -
@@ -1,10 +1,10 @@
-MD5 (libpng-1.2.46.tar.gz) = A938F60yHbk/mEWB6UFdIg==
+MD5 (libpng-1.2.47.tar.gz) = dA5Z32RjDFaQLUO1kFxn7Q==
 MD5 (povray-3.6.1.tar.bz2) = tXibt+6u0ICcXILQ79pXHQ==
-RMD160 (libpng-1.2.46.tar.gz) = 9PFDscZNHi6zy2YlE7MRoFaLsEw=
+RMD160 (libpng-1.2.47.tar.gz) = YOW1M4WdDl0Y+yacLjSaAyY0k3A=
 RMD160 (povray-3.6.1.tar.bz2) = hLpnnaZgifGSzBv8+L3UmOc2qaM=
-SHA1 (libpng-1.2.46.tar.gz) = 1fOiQ5sLbYWiZJmyvgmRjrVOoTo=
+SHA1 (libpng-1.2.47.tar.gz) = UkxD8XL9UjccCczOj3gEUSa0ONo=
 SHA1 (povray-3.6.1.tar.bz2) = H6s8y97a+/d+OmYIdwm732C8ZD0=
-SHA256 (libpng-1.2.46.tar.gz) = PY/UyI0Zt/z5genZra2RleGhz7t7y552or1gLW4654E=
+SHA256 (libpng-1.2.47.tar.gz) = sfaiyU8KSaEiTr4Lh08XPZ50PgpK2/fALWIj9qW7+L0=
 SHA256 (povray-3.6.1.tar.bz2) = Top/7NRIBzQ7aGfh8kQKoOCWE9bWmnOFrEj05edzenM=
-SIZE (libpng-1.2.46.tar.gz) = 831390
+SIZE (libpng-1.2.47.tar.gz) = 835088
 SIZE (povray-3.6.1.tar.bz2) = 8200160

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Update: graphics/png 1.5.9

[Christian Weisgerber]

This is a straightforward update to libpng 1.5.9 which already
includes the security fixes we had to shoehorn into the port.

I bumped the library because png_struct changed.  It's supposed to
be opaque and we probably don't really need the bump, but...

I don't expect any fallout from this update.

Index: Makefile
===
RCS file: /cvs/ports/graphics/png/Makefile,v
retrieving revision 1.84
diff -u -p -r1.84 Makefile
--- Makefile17 Feb 2012 15:44:13 -  1.84
+++ Makefile25 Feb 2012 18:27:47 -
@@ -2,11 +2,10 @@
 
 COMMENT=   library for manipulating PNG images
 
-REVISION=  1
-VERSION=   1.5.6
+VERSION=   1.5.9
 DISTNAME=  libpng-${VERSION}
 PKGNAME=   png-${VERSION}
-SHARED_LIBS=   png 13.0
+SHARED_LIBS=   png 14.0
 CATEGORIES=graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libpng/}
 
Index: distinfo
===
RCS file: /cvs/ports/graphics/png/distinfo,v
retrieving revision 1.30
diff -u -p -r1.30 distinfo
--- distinfo14 Nov 2011 17:48:59 -  1.30
+++ distinfo25 Feb 2012 18:27:47 -
@@ -1,5 +1,5 @@
-MD5 (libpng-1.5.6.tar.gz) = iwwF7RJjfuHwYN37v1Juow==
-RMD160 (libpng-1.5.6.tar.gz) = k+8DwEmdUbqn0Q8oyaZTA0JTqEY=
-SHA1 (libpng-1.5.6.tar.gz) = Bo0wioIAPLskYC/9/HOMyEjPTq8=
-SHA256 (libpng-1.5.6.tar.gz) = Hc2lannwYYbTBAuAlauAfQdpUrS8t1eZNqohsIGTpUo=
-SIZE (libpng-1.5.6.tar.gz) = 1051616
+MD5 (libpng-1.5.9.tar.gz) = x0C6Zs1wdLokcbak/0jh+w==
+RMD160 (libpng-1.5.9.tar.gz) = P+f7QB8ayFCr4gGHcgZABUyF0xQ=
+SHA1 (libpng-1.5.9.tar.gz) = 5FOEdZhU4EkwUbFfaRXAFWLC/CQ=
+SHA256 (libpng-1.5.9.tar.gz) = t12uJhUfmwMQYsjS9XeglLCNoK5E/owRF10Ln/Q0zAI=
+SIZE (libpng-1.5.9.tar.gz) = 1065637
Index: patches/patch-pngerror_c
===
RCS file: patches/patch-pngerror_c
diff -N patches/patch-pngerror_c
--- patches/patch-pngerror_c3 Feb 2012 18:23:14 -   1.8
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,105 +0,0 @@
-$OpenBSD: patch-pngerror_c,v 1.8 2012/02/03 18:23:14 gsoares Exp $
-
-Fix for CVE-2011-3464
-(libpng "png_formatted_warning()" Off-by-One Vulnerability)
-
-patch came from upstream git:
-(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
-00c6a9a62c1825617c35c03ceb408114fffeca32)
-
 pngerror.c.origThu Nov  3 01:42:50 2011
-+++ pngerror.c Fri Feb  3 11:53:42 2012
-@@ -284,32 +284,35 @@ png_formatted_warning(png_structp png_ptr, png_warning
-/* The internal buffer is just 128 bytes - enough for all our messages,
- * overflow doesn't happen because this code checks!
- */
--   size_t i;
-+   size_t i = 0; /* Index in the msg[] buffer: */
-char msg[128];
- 
--   for (i=0; i<(sizeof msg)-1 && *message != '\0'; ++i)
-+   /* Each iteration through the following loop writes at most one character
-+* to msg[i++] then returns here to validate that there is still space for
-+* the trailing '\0'.  It may (in the case of a parameter) read more than
-+* one character from message[]; it must check for '\0' and continue to the
-+* test if it finds the end of string.
-+*/
-+   while (i<(sizeof msg)-1 && *message != '\0')
-{
--  if (*message == '@')
-+  /* '@' at end of string is now just printed (previously it was skipped);
-+   * it is an error in the calling code to terminate the string with @.
-+   */
-+  if (p != NULL && *message == '@' && message[1] != '\0')
-   {
-- int parameter = -1;
-- switch (*++message)
-- {
--case '1':
--   parameter = 0;
--   break;
-+ int parameter_char = *++message; /* Consume the '@' */
-+ static const char valid_parameters[] = "123456789";
-+ int parameter = 0;
- 
--case '2':
--   parameter = 1;
--   break;
-+ /* Search for the parameter digit, the index in the string is the
-+  * parameter to use.
-+  */
-+ while (valid_parameters[parameter] != parameter_char &&
-+valid_parameters[parameter] != '\0')
-+++parameter;
- 
--case '\0':
--   continue; /* To break out of the for loop above. */
--
--default:
--   break;
-- }
--
-- if (parameter >= 0 && parameter < PNG_WARNING_PARAMETER_COUNT)
-+ /* If the parameter digit is out of range it will just get printed. 
*/
-+ if (parameter < PNG_WARNING_PARAMETER_COUNT)
-  {
- /* Append this parameter */
- png_const_charp parm = p[parameter];
-@@ -319,28 +322,32 @@ png_formatted_warning(png_structp png_ptr, png_warning
-  * that parm[] has been initialized, so there is no guarantee of a
-  * trailing '\0':
-  */
--for (; i<(sizeof msg)-1 && parm != '\0' && parm < pend; ++i)
--

Re: UPDATE: math/mathomatic

[Alexandr Shadchin]

On Tue, Dec 27, 2011 at 08:31:26PM +0600, Alexandr Shadchin wrote:
> Hi,
> 
> This update package mathomatic to the latest release 15.7.2.
> Tested on amd64.
> 
> Comments ? OK ?
> 

Update to 15.8.0

-- 
Alexandr Shadchin

Index: Makefile
===
RCS file: /cvs/ports/math/mathomatic/Makefile,v
retrieving revision 1.25
diff -u -p -r1.25 Makefile
--- Makefile12 Jun 2011 19:03:02 -  1.25
+++ Makefile25 Feb 2012 17:06:52 -
@@ -2,7 +2,7 @@
 
 COMMENT =  small, portable, general purpose computer algebra system
 
-DISTNAME = mathomatic-15.6.1
+DISTNAME = mathomatic-15.8.0
 
 CATEGORIES =   math
 
Index: distinfo
===
RCS file: /cvs/ports/math/mathomatic/distinfo,v
retrieving revision 1.18
diff -u -p -r1.18 distinfo
--- distinfo12 Jun 2011 19:03:02 -  1.18
+++ distinfo25 Feb 2012 17:06:52 -
@@ -1,5 +1,5 @@
-MD5 (mathomatic-15.6.1.tar.bz2) = eNXuyLZMuzsAFi9hb2pHfA==
-RMD160 (mathomatic-15.6.1.tar.bz2) = b67X+271vSWGXVoZr/E8eLOwTnE=
-SHA1 (mathomatic-15.6.1.tar.bz2) = 7HhoyEAaVO4QrNUGqmOrQW0s/9M=
-SHA256 (mathomatic-15.6.1.tar.bz2) = 
iQS83C47MWy/MbbZ4Ww+0YbM1tAb9tzX+rw/bZ/UHQs=
-SIZE (mathomatic-15.6.1.tar.bz2) = 215561
+MD5 (mathomatic-15.8.0.tar.bz2) = ipsTbis46XErdrX/624gnw==
+RMD160 (mathomatic-15.8.0.tar.bz2) = VvTIbLkP9HJmu1Mm00XunWEWNmE=
+SHA1 (mathomatic-15.8.0.tar.bz2) = liPdjj7ziiAgd9Jg7v2QvkOqQj0=
+SHA256 (mathomatic-15.8.0.tar.bz2) = 
N4ylzp1gtJyvxdyVCWOXCgUqf/DX7sfKySulJ/sbbjI=
+SIZE (mathomatic-15.8.0.tar.bz2) = 257128
Index: patches/patch-makefile
===
RCS file: /cvs/ports/math/mathomatic/patches/patch-makefile,v
retrieving revision 1.13
diff -u -p -r1.13 patch-makefile
--- patches/patch-makefile  12 Jun 2011 19:03:02 -  1.13
+++ patches/patch-makefile  25 Feb 2012 17:06:52 -
@@ -1,13 +1,35 @@
 $OpenBSD: patch-makefile,v 1.13 2011/06/12 19:03:02 shadchin Exp $
 makefile.orig  Sun May 22 02:54:29 2011
-+++ makefile   Thu Jun  9 21:45:34 2011
-@@ -22,7 +22,8 @@ INSTALL  ?= install # installer utility to use
- INSTALL_PROGRAM   ?= $(INSTALL) # command to install executable program 
files
+--- makefile.orig  Thu Nov 17 14:03:24 2011
 makefile   Sun Nov 20 03:57:13 2011
+@@ -33,10 +33,11 @@ SHELL  = /bin/sh # from 
"http://www.gnu.org/prep/stand
+ CC?= gcc # C compiler to use; this statement doesn't work 
usually, instead using cc.
+ M4?= m4 # Change this to gm4 in Unix or a non-GNU system.
+ INSTALL   ?= install # Installer utility to use; change to 
ginstall under Unix.
+-INSTALL_PROGRAM   ?= $(INSTALL) -Cv # Command to install executable 
program files; compares to see if any differences, first.
++INSTALL_PROGRAM   ?= $(INSTALL) -C # Command to install executable 
program files; compares to see if any differences, first.
  INSTALL_DATA  ?= $(INSTALL) -m 0644 # command to install data files
  
--CC_OPTIMIZE   = -O3 # Default C compiler optimization flags that are safe.
+-CC_OPTIMIZE   ?= -O3 # Default C compiler optimization flags that are safe.
 +CC_OPTIMIZE   =
-+#CC_OPTIMIZE  = -O3 # Default C compiler optimization flags that are safe.
++#CC_OPTIMIZE  ?= -O3 # Default C compiler optimization flags that are safe.
  # Be sure and run tests to see if Mathomatic works and runs faster, if you 
uncomment the following line:
  #CC_OPTIMIZE  += -fno-signaling-nans -fno-trapping-math -fomit-frame-pointer 
# Possible additional optimizations, not tested.
+ 
+@@ -48,7 +49,7 @@ LDLIBS   += -lm # libraries to link with to 
create the 
+ 
+ # Run "make READLINE=1" to include the optional readline editing and history 
support:
+ CFLAGS+= $(READLINE:1=-DREADLINE)
+-LDLIBS+= $(READLINE:1=-lreadline) # Add -lncurses if needed 
for readline, might be called "curses" on some systems.
++LDLIBS+= $(READLINE:1=-lreadline) -lncurses # Add -lncurses 
if needed for readline, might be called "curses" on some systems.
+ 
+ # Uncomment the following line to force generation of x86-64-bit code:
+ #CFLAGS   += -m64
+@@ -114,7 +115,7 @@ pdfsheet quickref.pdf: $(AOUT)
+ test:
+   @echo
+   @echo Testing ./$(AOUT)
+-  cd tests && time -p ../$(AOUT) -t all 0<&- >test.out && diff -u 
--strip-trailing-cr all.out test.out && rm test.out && cd ..
++  cd tests && time -p ../$(AOUT) -t all 0<&- >test.out && diff -u all.out 
test.out && rm test.out && cd ..
+   @echo
+   @echo All tests passed.
  
Index: pkg/PLIST
===
RCS file: /cvs/ports/math/mathomatic/pkg/PLIST,v
retrieving revision 1.13
diff -u -p -r1.13 PLIST
--- pkg/PLIST   12 Jun 2011 19:03:02 -  1.13
+++ pkg/PLIST   25 Feb 2012 17:06:52 -
@@ -5,9 +5,9 @@ share/applications/m

Re: UPDATE: SDL 1.2.15

[Brad Smith]

On 24/02/12 4:52 PM, Brad Smith wrote:

On Wed, Feb 22, 2012 at 08:04:13PM -0500, Brad Smith wrote:

On Wed, Feb 22, 2012 at 02:58:25PM -0500, Brad Smith wrote:

Here is an update to SDL 1.2.15. .14 fixed a lot of bugs and .15 fixed
a few more. .15 should have resolved the XRandR issue that was reported
with .14. So please test and let me know how it goes.


An updated diff rolling in 3 fixes from upstream and two minor tweaks to the
port..

Fixed bug 1390 - X11_KeyToUnicode
Fixed bug 1424 - Handling of alpha channel in Altivec accelerated blit functions
Fixed bug 1427 - integer passed to XChangeProperty() causes crash


Updated diff to fix a build issue on PowerPC.


Could someone please try out SDL on sparc64 with for example MPlayer 
using SDL as

video output?

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.