There's been a new release since I started working on the png update. I don't want to put this in blindly without a test build and it will take a few days for me to get around to that.
Meanwhile robert@ is complaining about display problems in chrome, but his system is frankensteined, so who knows. Anyway, people may want to play with this. Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/png/Makefile,v retrieving revision 1.79 diff -u -p -r1.79 Makefile --- Makefile 8 Jul 2011 20:34:36 -0000 1.79 +++ Makefile 9 Jul 2011 03:41:46 -0000 @@ -2,10 +2,10 @@ COMMENT= library for manipulating PNG images -VERSION= 1.5.2 +VERSION= 1.5.4 DISTNAME= libpng-${VERSION} PKGNAME= png-${VERSION} -SHARED_LIBS= png 11.0 +SHARED_LIBS= png 12.0 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} Index: distinfo =================================================================== RCS file: /cvs/ports/graphics/png/distinfo,v retrieving revision 1.27 diff -u -p -r1.27 distinfo --- distinfo 8 Jul 2011 20:34:37 -0000 1.27 +++ distinfo 9 Jul 2011 03:41:46 -0000 @@ -1,5 +1,5 @@ -MD5 (libpng-1.5.2.tar.gz) = MdRI65OhZGNZoj8bI0NKsw== -RMD160 (libpng-1.5.2.tar.gz) = 0Rh51Y1si7849KZuUp5qs01KHMw= -SHA1 (libpng-1.5.2.tar.gz) = ccMLmyMWmi2sWwp3lU2dkfjZRP4= -SHA256 (libpng-1.5.2.tar.gz) = HtKBgQNI27YdAkZcDf+FTBe4JvXF12zOMrwOatygIVY= -SIZE (libpng-1.5.2.tar.gz) = 964261 +MD5 (libpng-1.5.4.tar.gz) = 3qTR/WcRYEJJI+kv8M3aeA== +RMD160 (libpng-1.5.4.tar.gz) = 5iXqRYxlDICh0gl97EU2qziW4M4= +SHA1 (libpng-1.5.4.tar.gz) = P/NAFpp0tAspm0kQCfIQv1sxJHU= +SHA256 (libpng-1.5.4.tar.gz) = pczbtwxytI0KkNqqGuvLlJl+w/Ohmn9Jf1PcUMiP6qs= +SIZE (libpng-1.5.4.tar.gz) = 1019446 Index: patches/patch-libpng_3 =================================================================== RCS file: patches/patch-libpng_3 diff -N patches/patch-libpng_3 --- patches/patch-libpng_3 8 Jul 2011 20:34:37 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-libpng_3,v 1.1 2011/07/08 20:34:37 naddy Exp $ ---- libpng.3.orig Sun Jul 3 08:20:25 2011 -+++ libpng.3 Sun Jul 3 08:20:40 2011 -@@ -1122,7 +1122,7 @@ rebuilt from scripts/pnglibconf.dfa using awk or it mu - - Hand editing is achieved by copying scripts/pnglibconf.h.prebuilt and changing - the lines defining the supported features, paying very close attention to the --'option' information in scripts/pnglibconf.dfa that describes those features and -+\&'option' information in scripts/pnglibconf.dfa that describes those features and - their requirements. This is easy to get wrong. - - B. Configuration using DFA_XTRA Index: patches/patch-pngerror_c =================================================================== RCS file: patches/patch-pngerror_c diff -N patches/patch-pngerror_c --- patches/patch-pngerror_c 8 Jul 2011 20:34:37 -0000 1.6 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,26 +0,0 @@ -$OpenBSD: patch-pngerror_c,v 1.6 2011/07/08 20:34:37 naddy Exp $ - -Fix for CVE-2011-2501 -libpng "png_format_buffer()" Denial of Service Vulnerability - -From upstream git: -http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af - ---- pngerror.c.orig Thu Mar 31 18:23:40 2011 -+++ pngerror.c Sun Jul 3 00:19:50 2011 -@@ -185,8 +185,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffe - { - buffer[iout++] = ':'; - buffer[iout++] = ' '; -- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT); -- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0'; -+ -+ iin = 0; -+ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0') -+ buffer[iout++] = error_message[iin++]; -+ -+ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */ -+ buffer[iout] = '\0'; - } - } - #endif /* PNG_WARNINGS_SUPPORTED || PNG_ERROR_TEXT_SUPPORTED */ Index: patches/patch-scripts_libpng_pc_in =================================================================== RCS file: /cvs/ports/graphics/png/patches/patch-scripts_libpng_pc_in,v retrieving revision 1.19 diff -u -p -r1.19 patch-scripts_libpng_pc_in --- patches/patch-scripts_libpng_pc_in 8 Jul 2011 20:34:37 -0000 1.19 +++ patches/patch-scripts_libpng_pc_in 9 Jul 2011 03:41:46 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1.19 2011/07/08 20:34:37 naddy Exp $ ---- scripts/libpng.pc.in.orig Sat Jul 2 23:30:05 2011 -+++ scripts/libpng.pc.in Sat Jul 2 23:30:23 2011 +--- scripts/libpng.pc.in.orig Thu Jul 7 05:24:50 2011 ++++ scripts/libpng.pc.in Fri Jul 8 18:50:50 2011 @@ -1,10 +1,10 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ @@ -10,7 +10,7 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1 Name: libpng Description: Loads and saves PNG files - Version: 1.5.2 + Version: 1.5.4 -Libs: -L${libdir} -lpng15 +Libs: -L${libdir} -lpng -lz -lm Cflags: -I${includedir} Index: patches/patch-scripts_makefile_openbsd =================================================================== RCS file: /cvs/ports/graphics/png/patches/patch-scripts_makefile_openbsd,v retrieving revision 1.33 diff -u -p -r1.33 patch-scripts_makefile_openbsd --- patches/patch-scripts_makefile_openbsd 8 Jul 2011 20:34:37 -0000 1.33 +++ patches/patch-scripts_makefile_openbsd 9 Jul 2011 03:41:46 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.33 2011/07/08 20:34:37 naddy Exp $ ---- scripts/makefile.openbsd.orig Thu Mar 31 18:23:42 2011 -+++ scripts/makefile.openbsd Sun Jul 3 19:09:39 2011 +--- scripts/makefile.openbsd.orig Thu Jul 7 05:24:50 2011 ++++ scripts/makefile.openbsd Fri Jul 8 18:50:50 2011 @@ -7,12 +7,11 @@ # and license in png.h @@ -12,7 +12,7 @@ $OpenBSD: patch-scripts_makefile_openbsd +INCDIR= ${PREFIX}/include/libpng -SHLIB_MAJOR= 15 --SHLIB_MINOR= 1.5.2 +-SHLIB_MINOR= 1.5.4 - LIB= png SRCS= png.c pngerror.c pngget.c pngmem.c pngpread.c \ -- Christian "naddy" Weisgerber na...@mips.inka.de