This is a straightforward update to libpng 1.5.9 which already
includes the security fixes we had to shoehorn into the port.
I bumped the library because png_struct changed. It's supposed to
be opaque and we probably don't really need the bump, but...
I don't expect any fallout from this update.
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/png/Makefile,v
retrieving revision 1.84
diff -u -p -r1.84 Makefile
--- Makefile 17 Feb 2012 15:44:13 -0000 1.84
+++ Makefile 25 Feb 2012 18:27:47 -0000
@@ -2,11 +2,10 @@
COMMENT= library for manipulating PNG images
-REVISION= 1
-VERSION= 1.5.6
+VERSION= 1.5.9
DISTNAME= libpng-${VERSION}
PKGNAME= png-${VERSION}
-SHARED_LIBS= png 13.0
+SHARED_LIBS= png 14.0
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/}
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/png/distinfo,v
retrieving revision 1.30
diff -u -p -r1.30 distinfo
--- distinfo 14 Nov 2011 17:48:59 -0000 1.30
+++ distinfo 25 Feb 2012 18:27:47 -0000
@@ -1,5 +1,5 @@
-MD5 (libpng-1.5.6.tar.gz) = iwwF7RJjfuHwYN37v1Juow==
-RMD160 (libpng-1.5.6.tar.gz) = k+8DwEmdUbqn0Q8oyaZTA0JTqEY=
-SHA1 (libpng-1.5.6.tar.gz) = Bo0wioIAPLskYC/9/HOMyEjPTq8=
-SHA256 (libpng-1.5.6.tar.gz) = Hc2lannwYYbTBAuAlauAfQdpUrS8t1eZNqohsIGTpUo=
-SIZE (libpng-1.5.6.tar.gz) = 1051616
+MD5 (libpng-1.5.9.tar.gz) = x0C6Zs1wdLokcbak/0jh+w==
+RMD160 (libpng-1.5.9.tar.gz) = P+f7QB8ayFCr4gGHcgZABUyF0xQ=
+SHA1 (libpng-1.5.9.tar.gz) = 5FOEdZhU4EkwUbFfaRXAFWLC/CQ=
+SHA256 (libpng-1.5.9.tar.gz) = t12uJhUfmwMQYsjS9XeglLCNoK5E/owRF10Ln/Q0zAI=
+SIZE (libpng-1.5.9.tar.gz) = 1065637
Index: patches/patch-pngerror_c
===================================================================
RCS file: patches/patch-pngerror_c
diff -N patches/patch-pngerror_c
--- patches/patch-pngerror_c 3 Feb 2012 18:23:14 -0000 1.8
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,105 +0,0 @@
-$OpenBSD: patch-pngerror_c,v 1.8 2012/02/03 18:23:14 gsoares Exp $
-
-Fix for CVE-2011-3464
-(libpng "png_formatted_warning()" Off-by-One Vulnerability)
-
-patch came from upstream git:
-(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
-00c6a9a62c1825617c35c03ceb408114fffeca32)
-
---- pngerror.c.orig Thu Nov 3 01:42:50 2011
-+++ pngerror.c Fri Feb 3 11:53:42 2012
-@@ -284,32 +284,35 @@ png_formatted_warning(png_structp png_ptr, png_warning
- /* The internal buffer is just 128 bytes - enough for all our messages,
- * overflow doesn't happen because this code checks!
- */
-- size_t i;
-+ size_t i = 0; /* Index in the msg[] buffer: */
- char msg[128];
-
-- for (i=0; i<(sizeof msg)-1 && *message != '\0'; ++i)
-+ /* Each iteration through the following loop writes at most one character
-+ * to msg[i++] then returns here to validate that there is still space for
-+ * the trailing '\0'. It may (in the case of a parameter) read more than
-+ * one character from message[]; it must check for '\0' and continue to the
-+ * test if it finds the end of string.
-+ */
-+ while (i<(sizeof msg)-1 && *message != '\0')
- {
-- if (*message == '@')
-+ /* '@' at end of string is now just printed (previously it was skipped);
-+ * it is an error in the calling code to terminate the string with @.
-+ */
-+ if (p != NULL && *message == '@' && message[1] != '\0')
- {
-- int parameter = -1;
-- switch (*++message)
-- {
-- case '1':
-- parameter = 0;
-- break;
-+ int parameter_char = *++message; /* Consume the '@' */
-+ static const char valid_parameters[] = "123456789";
-+ int parameter = 0;
-
-- case '2':
-- parameter = 1;
-- break;
-+ /* Search for the parameter digit, the index in the string is the
-+ * parameter to use.
-+ */
-+ while (valid_parameters[parameter] != parameter_char &&
-+ valid_parameters[parameter] != '\0')
-+ ++parameter;
-
-- case '\0':
-- continue; /* To break out of the for loop above. */
--
-- default:
-- break;
-- }
--
-- if (parameter >= 0 && parameter < PNG_WARNING_PARAMETER_COUNT)
-+ /* If the parameter digit is out of range it will just get printed.
*/
-+ if (parameter < PNG_WARNING_PARAMETER_COUNT)
- {
- /* Append this parameter */
- png_const_charp parm = p[parameter];
-@@ -319,28 +322,32 @@ png_formatted_warning(png_structp png_ptr, png_warning
- * that parm[] has been initialized, so there is no guarantee of a
- * trailing '\0':
- */
-- for (; i<(sizeof msg)-1 && parm != '\0' && parm < pend; ++i)
-- msg[i] = *parm++;
-+ while (i<(sizeof msg)-1 && *parm != '\0' && parm < pend)
-+ msg[i++] = *parm++;
-
-+ /* Consume the parameter digit too: */
- ++message;
- continue;
- }
-
- /* else not a parameter and there is a character after the @ sign;
just
-- * copy that.
-+ * copy that. This is known not to be '\0' because of the test
above.
- */
- }
-
- /* At this point *message can't be '\0', even in the bad parameter case
- * above where there is a lone '@' at the end of the message string.
- */
-- msg[i] = *message++;
-+ msg[i++] = *message++;
- }
-
- /* i is always less than (sizeof msg), so: */
- msg[i] = '\0';
-
-- /* And this is the formatted message: */
-+ /* And this is the formatted message, it may be larger than
-+ * PNG_MAX_ERROR_TEXT, but that is only used for 'chunk' errors and these
are
-+ * not (currently) formatted.
-+ */
- png_warning(png_ptr, msg);
- }
- #endif /* PNG_WARNINGS_SUPPORTED */
Index: patches/patch-pngpriv_h
===================================================================
RCS file: patches/patch-pngpriv_h
diff -N patches/patch-pngpriv_h
--- patches/patch-pngpriv_h 3 Feb 2012 18:23:14 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,20 +0,0 @@
-$OpenBSD: patch-pngpriv_h,v 1.1 2012/02/03 18:23:14 gsoares Exp $
-
-Fix for CVE-2011-3464
-(libpng "png_formatted_warning()" Off-by-One Vulnerability)
-
-patch came from upstream git:
-(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
-00c6a9a62c1825617c35c03ceb408114fffeca32)
-
---- pngpriv.h.orig Thu Nov 3 01:42:49 2011
-+++ pngpriv.h Fri Feb 3 11:53:28 2012
-@@ -1368,7 +1368,7 @@ PNG_EXTERN png_charp png_format_number(png_const_charp
- #ifdef PNG_WARNINGS_SUPPORTED
- /* New defines and members adding in libpng-1.5.4 */
- # define PNG_WARNING_PARAMETER_SIZE 32
--# define PNG_WARNING_PARAMETER_COUNT 8
-+# define PNG_WARNING_PARAMETER_COUNT 8 /* Maximum 9; see pngerror.c */
-
- /* An l-value of this type has to be passed to the APIs below to cache the
- * values of the parameters to a formatted warning message.
Index: patches/patch-pngrutil_c
===================================================================
RCS file: patches/patch-pngrutil_c
diff -N patches/patch-pngrutil_c
--- patches/patch-pngrutil_c 17 Feb 2012 15:44:13 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,24 +0,0 @@
-$OpenBSD: patch-pngrutil_c,v 1.3 2012/02/17 15:44:13 sthen Exp $
-
-CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk
-
---- pngrutil.c.orig Thu Feb 16 10:01:56 2012
-+++ pngrutil.c Thu Feb 16 10:04:05 2012
-@@ -457,8 +457,15 @@ png_decompress_chunk(png_structp png_ptr, int comp_typ
- {
- /* Success (maybe) - really uncompress the chunk. */
- png_size_t new_size = 0;
-- png_charp text = (png_charp)png_malloc_warn(png_ptr,
-- prefix_size + expanded_size + 1);
-+ png_charp text = NULL;
-+ /* Need to check for both truncation (64-bit platforms) and integer
-+ * overflow.
-+ */
-+ if (prefix_size + expanded_size > prefix_size &&
-+ prefix_size + expanded_size < 0xffffffffU)
-+ {
-+ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
-+ }
-
- if (text != NULL)
- {
Index: patches/patch-scripts_libpng_pc_in
===================================================================
RCS file: /cvs/ports/graphics/png/patches/patch-scripts_libpng_pc_in,v
retrieving revision 1.22
diff -u -p -r1.22 patch-scripts_libpng_pc_in
--- patches/patch-scripts_libpng_pc_in 14 Nov 2011 17:48:59 -0000 1.22
+++ patches/patch-scripts_libpng_pc_in 25 Feb 2012 18:27:47 -0000
@@ -10,7 +10,7 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1
Name: libpng
Description: Loads and saves PNG files
- Version: 1.5.6
+ Version: 1.5.9
-Libs: -L${libdir} -lpng15
+Libs: -L${libdir} -lpng -lz -lm
Cflags: -I${includedir}
Index: patches/patch-scripts_makefile_openbsd
===================================================================
RCS file: /cvs/ports/graphics/png/patches/patch-scripts_makefile_openbsd,v
retrieving revision 1.36
diff -u -p -r1.36 patch-scripts_makefile_openbsd
--- patches/patch-scripts_makefile_openbsd 14 Nov 2011 17:48:59 -0000
1.36
+++ patches/patch-scripts_makefile_openbsd 25 Feb 2012 18:27:47 -0000
@@ -1,6 +1,6 @@
$OpenBSD: patch-scripts_makefile_openbsd,v 1.36 2011/11/14 17:48:59 rpointel
Exp $
---- scripts/makefile.openbsd.orig Thu Nov 3 04:42:52 2011
-+++ scripts/makefile.openbsd Thu Nov 3 12:18:34 2011
+--- scripts/makefile.openbsd.orig Sat Feb 18 21:31:16 2012
++++ scripts/makefile.openbsd Sat Feb 25 18:19:23 2012
@@ -7,8 +7,10 @@
# and license in png.h
@@ -12,8 +12,8 @@ $OpenBSD: patch-scripts_makefile_openbsd
+INCDIR= ${PREFIX}/include/libpng
SHLIB_MAJOR= 15
- SHLIB_MINOR= 1.5.6
-@@ -25,12 +27,30 @@
+ SHLIB_MINOR= 1.5.9
+@@ -25,12 +27,30 @@ CPPFLAGS+= -I${.CURDIR}
NOPROFILE= Yes
@@ -47,14 +47,14 @@ $OpenBSD: patch-scripts_makefile_openbsd
# see scripts/pnglibconf.mak for more options
pnglibconf.h: scripts/pnglibconf.h.prebuilt
cp scripts/pnglibconf.h.prebuilt $@
-@@ -41,13 +61,20 @@
+@@ -41,13 +61,20 @@ pngtest.o: pngtest.c
pngtest: pngtest.o
${CC} ${LDFLAGS} ${.ALLSRC} -o ${.TARGET} -L${.OBJDIR} -lpng -lz -lm
-test: pngtest
- cd ${.OBJDIR} && env \
- LD_LIBRARY_PATH="${.OBJDIR}" ${.OBJDIR}/pngtest
-+pngvalid.o: pngvalid.c
++pngvalid.o: contrib/libtests/pngvalid.c
+ ${CC} ${CPPFLAGS} ${CFLAGS} -c ${.ALLSRC} -o ${.TARGET}
+pngvalid: pngvalid.o
@@ -73,7 +73,7 @@ $OpenBSD: patch-scripts_makefile_openbsd
fi
if [ ! -d ${DESTDIR}${LIBDIR} ]; then \
${INSTALL} -d -o root -g wheel ${DESTDIR}${LIBDIR}; \
-@@ -61,22 +88,19 @@
+@@ -61,22 +88,19 @@ beforeinstall:
if [ ! -d ${DESTDIR}${MANDIR}5 ]; then \
${INSTALL} -d -o root -g wheel ${DESTDIR}${MANDIR}5; \
fi
--
Christian "naddy" Weisgerber [email protected]
