This is the fix for the null pointer dereference (CVE-2013-6954) for OPENBSD_5_4, backported from png 1.6.8.
I don't have a 5.4-stable system at hand to actually test this there. OK? OPENBSD_5_3 has 1.5.10, which is not affected according to the libpng homepage. Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/png/Makefile,v retrieving revision 1.94 diff -u -p -r1.94 Makefile --- Makefile 9 Jun 2013 15:13:03 -0000 1.94 +++ Makefile 3 Jan 2014 15:53:18 -0000 @@ -5,7 +5,7 @@ COMMENT= library for manipulating PNG im VERSION= 1.6.2 DISTNAME= libpng-${VERSION} PKGNAME= png-${VERSION} -REVISION= 0 +REVISION= 1 SHARED_LIBS= png16 17.0 \ png 17.0 CATEGORIES= graphics Index: patches/patch-pngrtran_c =================================================================== RCS file: patches/patch-pngrtran_c diff -N patches/patch-pngrtran_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-pngrtran_c 3 Jan 2014 15:53:18 -0000 @@ -0,0 +1,16 @@ +$OpenBSD$ + +CVE-2013-6954 + +--- pngrtran.c.orig Thu Apr 25 14:24:44 2013 ++++ pngrtran.c Fri Jan 3 14:21:08 2014 +@@ -1933,6 +1933,9 @@ png_read_transform_info(png_structrp png_ptr, png_info + + info_ptr->bit_depth = 8; + info_ptr->num_trans = 0; ++ ++ if (png_ptr->palette == NULL) ++ png_error (png_ptr, "Palette is NULL in indexed image"); + } + else + { Index: patches/patch-pngset_c =================================================================== RCS file: patches/patch-pngset_c diff -N patches/patch-pngset_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-pngset_c 3 Jan 2014 15:53:18 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ + +CVE-2013-6954 + +--- pngset.c.orig Thu Apr 25 14:24:44 2013 ++++ pngset.c Fri Jan 3 14:21:08 2014 +@@ -536,7 +536,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr + # endif + )) + { +- png_chunk_report(png_ptr, "Invalid palette", PNG_CHUNK_ERROR); ++ png_error(png_ptr, "Invalid palette"); + return; + } + -- Christian "naddy" Weisgerber na...@mips.inka.de