Re: Update: graphics/png 1.5.9
works fine here on i386 and amd64 El 02/25/12 15:55, Christian Weisgerber escribió: Index: Makefile === RCS file: /cvs/ports/graphics/png/Makefile,v retrieving revision 1.84 diff -u -p -r1.84 Makefile --- Makefile17 Feb 2012 15:44:13 - 1.84 +++ Makefile25 Feb 2012 18:27:47 - @@ -2,11 +2,10 @@ COMMENT= library for manipulating PNG images -REVISION= 1 -VERSION= 1.5.6 +VERSION= 1.5.9 DISTNAME= libpng-${VERSION} PKGNAME= png-${VERSION} -SHARED_LIBS= png 13.0 +SHARED_LIBS= png 14.0 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} Index: distinfo === RCS file: /cvs/ports/graphics/png/distinfo,v retrieving revision 1.30 diff -u -p -r1.30 distinfo --- distinfo14 Nov 2011 17:48:59 - 1.30 +++ distinfo25 Feb 2012 18:27:47 - @@ -1,5 +1,5 @@ -MD5 (libpng-1.5.6.tar.gz) = iwwF7RJjfuHwYN37v1Juow== -RMD160 (libpng-1.5.6.tar.gz) = k+8DwEmdUbqn0Q8oyaZTA0JTqEY= -SHA1 (libpng-1.5.6.tar.gz) = Bo0wioIAPLskYC/9/HOMyEjPTq8= -SHA256 (libpng-1.5.6.tar.gz) = Hc2lannwYYbTBAuAlauAfQdpUrS8t1eZNqohsIGTpUo= -SIZE (libpng-1.5.6.tar.gz) = 1051616 +MD5 (libpng-1.5.9.tar.gz) = x0C6Zs1wdLokcbak/0jh+w== +RMD160 (libpng-1.5.9.tar.gz) = P+f7QB8ayFCr4gGHcgZABUyF0xQ= +SHA1 (libpng-1.5.9.tar.gz) = 5FOEdZhU4EkwUbFfaRXAFWLC/CQ= +SHA256 (libpng-1.5.9.tar.gz) = t12uJhUfmwMQYsjS9XeglLCNoK5E/owRF10Ln/Q0zAI= +SIZE (libpng-1.5.9.tar.gz) = 1065637 Index: patches/patch-pngerror_c === RCS file: patches/patch-pngerror_c diff -N patches/patch-pngerror_c --- patches/patch-pngerror_c3 Feb 2012 18:23:14 - 1.8 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,105 +0,0 @@ -$OpenBSD: patch-pngerror_c,v 1.8 2012/02/03 18:23:14 gsoares Exp $ - -Fix for CVE-2011-3464 -(libpng "png_formatted_warning()" Off-by-One Vulnerability) - -patch came from upstream git: -(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h= -00c6a9a62c1825617c35c03ceb408114fffeca32) - pngerror.c.origThu Nov 3 01:42:50 2011 -+++ pngerror.c Fri Feb 3 11:53:42 2012 -@@ -284,32 +284,35 @@ png_formatted_warning(png_structp png_ptr, png_warning -/* The internal buffer is just 128 bytes - enough for all our messages, - * overflow doesn't happen because this code checks! - */ -- size_t i; -+ size_t i = 0; /* Index in the msg[] buffer: */ -char msg[128]; - -- for (i=0; i<(sizeof msg)-1&& *message != '\0'; ++i) -+ /* Each iteration through the following loop writes at most one character -+* to msg[i++] then returns here to validate that there is still space for -+* the trailing '\0'. It may (in the case of a parameter) read more than -+* one character from message[]; it must check for '\0' and continue to the -+* test if it finds the end of string. -+*/ -+ while (i<(sizeof msg)-1&& *message != '\0') -{ -- if (*message == '@') -+ /* '@' at end of string is now just printed (previously it was skipped); -+ * it is an error in the calling code to terminate the string with @. -+ */ -+ if (p != NULL&& *message == '@'&& message[1] != '\0') - { -- int parameter = -1; -- switch (*++message) -- { --case '1': -- parameter = 0; -- break; -+ int parameter_char = *++message; /* Consume the '@' */ -+ static const char valid_parameters[] = "123456789"; -+ int parameter = 0; - --case '2': -- parameter = 1; -- break; -+ /* Search for the parameter digit, the index in the string is the -+ * parameter to use. -+ */ -+ while (valid_parameters[parameter] != parameter_char&& -+valid_parameters[parameter] != '\0') -+++parameter; - --case '\0': -- continue; /* To break out of the for loop above. */ -- --default: -- break; -- } -- -- if (parameter>= 0&& parameter< PNG_WARNING_PARAMETER_COUNT) -+ /* If the parameter digit is out of range it will just get printed. */ -+ if (parameter< PNG_WARNING_PARAMETER_COUNT) - { - /* Append this parameter */ - png_const_charp parm = p[parameter]; -@@ -319,28 +322,32 @@ png_formatted_warning(png_structp png_ptr, png_warning - * that parm[] has been initialized, so there is no guarantee of a - * trailing '\0': - */ --for (; i<(sizeof msg)-1&& parm != '\0'&& parm< pend; ++i) -- msg[i] = *parm++; -+while (i<(sizeof msg)-1&& *parm != '\0'&& parm< pend) -+ msg[i++] = *parm++; - -+/* Consume the parameter digit too: */ - ++message; -
Re: Update: graphics/png 1.5.9
And while we're here, also update the old version of png included with graphics/povray. (CVE-2011-3026) Index: Makefile === RCS file: /cvs/ports/graphics/povray/Makefile,v retrieving revision 1.21 diff -u -p -r1.21 Makefile --- Makefile17 Jul 2011 13:32:37 - 1.21 +++ Makefile25 Feb 2012 19:58:59 - @@ -3,7 +3,7 @@ COMMENT= 3D image rendering package DISTNAME= povray-3.6.1 -REVISION= 1 +REVISION= 2 CATEGORIES=graphics HOMEPAGE= http://www.povray.org/ @@ -22,7 +22,7 @@ EXTRACT_SUFX= .tar.bz2 # We replace the included ancient copy of libpng with a later release # from the 1.2 branch. EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} -PNG_V= 1.2.46 +PNG_V= 1.2.47 MASTER_SITES0= ${MASTER_SITE_SOURCEFORGE:=libpng/} DISTFILES= ${EXTRACT_ONLY} libpng-${PNG_V}.tar.gz:0 Index: distinfo === RCS file: /cvs/ports/graphics/povray/distinfo,v retrieving revision 1.5 diff -u -p -r1.5 distinfo --- distinfo17 Jul 2011 13:32:37 - 1.5 +++ distinfo25 Feb 2012 19:59:09 - @@ -1,10 +1,10 @@ -MD5 (libpng-1.2.46.tar.gz) = A938F60yHbk/mEWB6UFdIg== +MD5 (libpng-1.2.47.tar.gz) = dA5Z32RjDFaQLUO1kFxn7Q== MD5 (povray-3.6.1.tar.bz2) = tXibt+6u0ICcXILQ79pXHQ== -RMD160 (libpng-1.2.46.tar.gz) = 9PFDscZNHi6zy2YlE7MRoFaLsEw= +RMD160 (libpng-1.2.47.tar.gz) = YOW1M4WdDl0Y+yacLjSaAyY0k3A= RMD160 (povray-3.6.1.tar.bz2) = hLpnnaZgifGSzBv8+L3UmOc2qaM= -SHA1 (libpng-1.2.46.tar.gz) = 1fOiQ5sLbYWiZJmyvgmRjrVOoTo= +SHA1 (libpng-1.2.47.tar.gz) = UkxD8XL9UjccCczOj3gEUSa0ONo= SHA1 (povray-3.6.1.tar.bz2) = H6s8y97a+/d+OmYIdwm732C8ZD0= -SHA256 (libpng-1.2.46.tar.gz) = PY/UyI0Zt/z5genZra2RleGhz7t7y552or1gLW4654E= +SHA256 (libpng-1.2.47.tar.gz) = sfaiyU8KSaEiTr4Lh08XPZ50PgpK2/fALWIj9qW7+L0= SHA256 (povray-3.6.1.tar.bz2) = Top/7NRIBzQ7aGfh8kQKoOCWE9bWmnOFrEj05edzenM= -SIZE (libpng-1.2.46.tar.gz) = 831390 +SIZE (libpng-1.2.47.tar.gz) = 835088 SIZE (povray-3.6.1.tar.bz2) = 8200160 -- Christian "naddy" Weisgerber na...@mips.inka.de
Update: graphics/png 1.5.9
This is a straightforward update to libpng 1.5.9 which already includes the security fixes we had to shoehorn into the port. I bumped the library because png_struct changed. It's supposed to be opaque and we probably don't really need the bump, but... I don't expect any fallout from this update. Index: Makefile === RCS file: /cvs/ports/graphics/png/Makefile,v retrieving revision 1.84 diff -u -p -r1.84 Makefile --- Makefile17 Feb 2012 15:44:13 - 1.84 +++ Makefile25 Feb 2012 18:27:47 - @@ -2,11 +2,10 @@ COMMENT= library for manipulating PNG images -REVISION= 1 -VERSION= 1.5.6 +VERSION= 1.5.9 DISTNAME= libpng-${VERSION} PKGNAME= png-${VERSION} -SHARED_LIBS= png 13.0 +SHARED_LIBS= png 14.0 CATEGORIES=graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} Index: distinfo === RCS file: /cvs/ports/graphics/png/distinfo,v retrieving revision 1.30 diff -u -p -r1.30 distinfo --- distinfo14 Nov 2011 17:48:59 - 1.30 +++ distinfo25 Feb 2012 18:27:47 - @@ -1,5 +1,5 @@ -MD5 (libpng-1.5.6.tar.gz) = iwwF7RJjfuHwYN37v1Juow== -RMD160 (libpng-1.5.6.tar.gz) = k+8DwEmdUbqn0Q8oyaZTA0JTqEY= -SHA1 (libpng-1.5.6.tar.gz) = Bo0wioIAPLskYC/9/HOMyEjPTq8= -SHA256 (libpng-1.5.6.tar.gz) = Hc2lannwYYbTBAuAlauAfQdpUrS8t1eZNqohsIGTpUo= -SIZE (libpng-1.5.6.tar.gz) = 1051616 +MD5 (libpng-1.5.9.tar.gz) = x0C6Zs1wdLokcbak/0jh+w== +RMD160 (libpng-1.5.9.tar.gz) = P+f7QB8ayFCr4gGHcgZABUyF0xQ= +SHA1 (libpng-1.5.9.tar.gz) = 5FOEdZhU4EkwUbFfaRXAFWLC/CQ= +SHA256 (libpng-1.5.9.tar.gz) = t12uJhUfmwMQYsjS9XeglLCNoK5E/owRF10Ln/Q0zAI= +SIZE (libpng-1.5.9.tar.gz) = 1065637 Index: patches/patch-pngerror_c === RCS file: patches/patch-pngerror_c diff -N patches/patch-pngerror_c --- patches/patch-pngerror_c3 Feb 2012 18:23:14 - 1.8 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,105 +0,0 @@ -$OpenBSD: patch-pngerror_c,v 1.8 2012/02/03 18:23:14 gsoares Exp $ - -Fix for CVE-2011-3464 -(libpng "png_formatted_warning()" Off-by-One Vulnerability) - -patch came from upstream git: -(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h= -00c6a9a62c1825617c35c03ceb408114fffeca32) - pngerror.c.origThu Nov 3 01:42:50 2011 -+++ pngerror.c Fri Feb 3 11:53:42 2012 -@@ -284,32 +284,35 @@ png_formatted_warning(png_structp png_ptr, png_warning -/* The internal buffer is just 128 bytes - enough for all our messages, - * overflow doesn't happen because this code checks! - */ -- size_t i; -+ size_t i = 0; /* Index in the msg[] buffer: */ -char msg[128]; - -- for (i=0; i<(sizeof msg)-1 && *message != '\0'; ++i) -+ /* Each iteration through the following loop writes at most one character -+* to msg[i++] then returns here to validate that there is still space for -+* the trailing '\0'. It may (in the case of a parameter) read more than -+* one character from message[]; it must check for '\0' and continue to the -+* test if it finds the end of string. -+*/ -+ while (i<(sizeof msg)-1 && *message != '\0') -{ -- if (*message == '@') -+ /* '@' at end of string is now just printed (previously it was skipped); -+ * it is an error in the calling code to terminate the string with @. -+ */ -+ if (p != NULL && *message == '@' && message[1] != '\0') - { -- int parameter = -1; -- switch (*++message) -- { --case '1': -- parameter = 0; -- break; -+ int parameter_char = *++message; /* Consume the '@' */ -+ static const char valid_parameters[] = "123456789"; -+ int parameter = 0; - --case '2': -- parameter = 1; -- break; -+ /* Search for the parameter digit, the index in the string is the -+ * parameter to use. -+ */ -+ while (valid_parameters[parameter] != parameter_char && -+valid_parameters[parameter] != '\0') -+++parameter; - --case '\0': -- continue; /* To break out of the for loop above. */ -- --default: -- break; -- } -- -- if (parameter >= 0 && parameter < PNG_WARNING_PARAMETER_COUNT) -+ /* If the parameter digit is out of range it will just get printed. */ -+ if (parameter < PNG_WARNING_PARAMETER_COUNT) - { - /* Append this parameter */ - png_const_charp parm = p[parameter]; -@@ -319,28 +322,32 @@ png_formatted_warning(png_structp png_ptr, png_warning - * that parm[] has been initialized, so there is no guarantee of a - * trailing '\0': - */ --for (; i<(sizeof msg)-1 && parm != '\0' && parm < pend; ++i) --
Re: UPDATE: math/mathomatic
On Tue, Dec 27, 2011 at 08:31:26PM +0600, Alexandr Shadchin wrote: > Hi, > > This update package mathomatic to the latest release 15.7.2. > Tested on amd64. > > Comments ? OK ? > Update to 15.8.0 -- Alexandr Shadchin Index: Makefile === RCS file: /cvs/ports/math/mathomatic/Makefile,v retrieving revision 1.25 diff -u -p -r1.25 Makefile --- Makefile12 Jun 2011 19:03:02 - 1.25 +++ Makefile25 Feb 2012 17:06:52 - @@ -2,7 +2,7 @@ COMMENT = small, portable, general purpose computer algebra system -DISTNAME = mathomatic-15.6.1 +DISTNAME = mathomatic-15.8.0 CATEGORIES = math Index: distinfo === RCS file: /cvs/ports/math/mathomatic/distinfo,v retrieving revision 1.18 diff -u -p -r1.18 distinfo --- distinfo12 Jun 2011 19:03:02 - 1.18 +++ distinfo25 Feb 2012 17:06:52 - @@ -1,5 +1,5 @@ -MD5 (mathomatic-15.6.1.tar.bz2) = eNXuyLZMuzsAFi9hb2pHfA== -RMD160 (mathomatic-15.6.1.tar.bz2) = b67X+271vSWGXVoZr/E8eLOwTnE= -SHA1 (mathomatic-15.6.1.tar.bz2) = 7HhoyEAaVO4QrNUGqmOrQW0s/9M= -SHA256 (mathomatic-15.6.1.tar.bz2) = iQS83C47MWy/MbbZ4Ww+0YbM1tAb9tzX+rw/bZ/UHQs= -SIZE (mathomatic-15.6.1.tar.bz2) = 215561 +MD5 (mathomatic-15.8.0.tar.bz2) = ipsTbis46XErdrX/624gnw== +RMD160 (mathomatic-15.8.0.tar.bz2) = VvTIbLkP9HJmu1Mm00XunWEWNmE= +SHA1 (mathomatic-15.8.0.tar.bz2) = liPdjj7ziiAgd9Jg7v2QvkOqQj0= +SHA256 (mathomatic-15.8.0.tar.bz2) = N4ylzp1gtJyvxdyVCWOXCgUqf/DX7sfKySulJ/sbbjI= +SIZE (mathomatic-15.8.0.tar.bz2) = 257128 Index: patches/patch-makefile === RCS file: /cvs/ports/math/mathomatic/patches/patch-makefile,v retrieving revision 1.13 diff -u -p -r1.13 patch-makefile --- patches/patch-makefile 12 Jun 2011 19:03:02 - 1.13 +++ patches/patch-makefile 25 Feb 2012 17:06:52 - @@ -1,13 +1,35 @@ $OpenBSD: patch-makefile,v 1.13 2011/06/12 19:03:02 shadchin Exp $ makefile.orig Sun May 22 02:54:29 2011 -+++ makefile Thu Jun 9 21:45:34 2011 -@@ -22,7 +22,8 @@ INSTALL ?= install # installer utility to use - INSTALL_PROGRAM ?= $(INSTALL) # command to install executable program files +--- makefile.orig Thu Nov 17 14:03:24 2011 makefile Sun Nov 20 03:57:13 2011 +@@ -33,10 +33,11 @@ SHELL = /bin/sh # from "http://www.gnu.org/prep/stand + CC?= gcc # C compiler to use; this statement doesn't work usually, instead using cc. + M4?= m4 # Change this to gm4 in Unix or a non-GNU system. + INSTALL ?= install # Installer utility to use; change to ginstall under Unix. +-INSTALL_PROGRAM ?= $(INSTALL) -Cv # Command to install executable program files; compares to see if any differences, first. ++INSTALL_PROGRAM ?= $(INSTALL) -C # Command to install executable program files; compares to see if any differences, first. INSTALL_DATA ?= $(INSTALL) -m 0644 # command to install data files --CC_OPTIMIZE = -O3 # Default C compiler optimization flags that are safe. +-CC_OPTIMIZE ?= -O3 # Default C compiler optimization flags that are safe. +CC_OPTIMIZE = -+#CC_OPTIMIZE = -O3 # Default C compiler optimization flags that are safe. ++#CC_OPTIMIZE ?= -O3 # Default C compiler optimization flags that are safe. # Be sure and run tests to see if Mathomatic works and runs faster, if you uncomment the following line: #CC_OPTIMIZE += -fno-signaling-nans -fno-trapping-math -fomit-frame-pointer # Possible additional optimizations, not tested. + +@@ -48,7 +49,7 @@ LDLIBS += -lm # libraries to link with to create the + + # Run "make READLINE=1" to include the optional readline editing and history support: + CFLAGS+= $(READLINE:1=-DREADLINE) +-LDLIBS+= $(READLINE:1=-lreadline) # Add -lncurses if needed for readline, might be called "curses" on some systems. ++LDLIBS+= $(READLINE:1=-lreadline) -lncurses # Add -lncurses if needed for readline, might be called "curses" on some systems. + + # Uncomment the following line to force generation of x86-64-bit code: + #CFLAGS += -m64 +@@ -114,7 +115,7 @@ pdfsheet quickref.pdf: $(AOUT) + test: + @echo + @echo Testing ./$(AOUT) +- cd tests && time -p ../$(AOUT) -t all 0<&- >test.out && diff -u --strip-trailing-cr all.out test.out && rm test.out && cd .. ++ cd tests && time -p ../$(AOUT) -t all 0<&- >test.out && diff -u all.out test.out && rm test.out && cd .. + @echo + @echo All tests passed. Index: pkg/PLIST === RCS file: /cvs/ports/math/mathomatic/pkg/PLIST,v retrieving revision 1.13 diff -u -p -r1.13 PLIST --- pkg/PLIST 12 Jun 2011 19:03:02 - 1.13 +++ pkg/PLIST 25 Feb 2012 17:06:52 - @@ -5,9 +5,9 @@ share/applications/m
Re: UPDATE: SDL 1.2.15
On 24/02/12 4:52 PM, Brad Smith wrote: On Wed, Feb 22, 2012 at 08:04:13PM -0500, Brad Smith wrote: On Wed, Feb 22, 2012 at 02:58:25PM -0500, Brad Smith wrote: Here is an update to SDL 1.2.15. .14 fixed a lot of bugs and .15 fixed a few more. .15 should have resolved the XRandR issue that was reported with .14. So please test and let me know how it goes. An updated diff rolling in 3 fixes from upstream and two minor tweaks to the port.. Fixed bug 1390 - X11_KeyToUnicode Fixed bug 1424 - Handling of alpha channel in Altivec accelerated blit functions Fixed bug 1427 - integer passed to XChangeProperty() causes crash Updated diff to fix a build issue on PowerPC. Could someone please try out SDL on sparc64 with for example MPlayer using SDL as video output? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.