SECURITY update to png 1.5.5, fixing a divide-by-zero with malformed cHRM

chunks, this bug was introduced in 1.5.4 - CVE-2011-3328. Clues from naddy@
2011-09-23 21:00:28 +00:00 · 2011-09-23 21:00:28 +00:00 · 378c061449
commit 378c061449
parent ba2e16326b
4 changed files with 16 additions and 16 deletions
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.80 2011/07/15 11:10:40 naddy Exp $
+# $OpenBSD: Makefile,v 1.81 2011/09/23 21:00:28 sthen Exp $

 COMMENT=	library for manipulating PNG images

-VERSION=	1.5.4
+VERSION=	1.5.5
 DISTNAME=	libpng-${VERSION}
 PKGNAME=	png-${VERSION}
-SHARED_LIBS=	png	12.0
+SHARED_LIBS=	png	12.1
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libpng/}

--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@ -1,5 +1,5 @@
-MD5 (libpng-1.5.4.tar.gz) = 3qTR/WcRYEJJI+kv8M3aeA==
-RMD160 (libpng-1.5.4.tar.gz) = 5iXqRYxlDICh0gl97EU2qziW4M4=
-SHA1 (libpng-1.5.4.tar.gz) = P/NAFpp0tAspm0kQCfIQv1sxJHU=
-SHA256 (libpng-1.5.4.tar.gz) = pczbtwxytI0KkNqqGuvLlJl+w/Ohmn9Jf1PcUMiP6qs=
-SIZE (libpng-1.5.4.tar.gz) = 1019446
+MD5 (libpng-1.5.5.tar.gz) = ADvKwCISUCm65IGNdMQqlA==
+RMD160 (libpng-1.5.5.tar.gz) = eKOVQ85hTEUN64snn5J4TF536Ds=
+SHA1 (libpng-1.5.5.tar.gz) = IIAWj/jnxYDrUEZhAqcAx/r529A=
+SHA256 (libpng-1.5.5.tar.gz) = 0xxIfkUFk1dLgvu5wVIFokBCdDn/+R1KAE0gYh4ptPI=
+SIZE (libpng-1.5.5.tar.gz) = 1033025
--- a/graphics/png/patches/patch-scripts_libpng_pc_in
+++ b/graphics/png/patches/patch-scripts_libpng_pc_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-scripts_libpng_pc_in,v 1.20 2011/07/15 11:10:40 naddy Exp $
--- scripts/libpng.pc.in.orig	Thu Jul  7 05:24:50 2011
-+++ scripts/libpng.pc.in	Fri Jul  8 18:50:50 2011
+$OpenBSD: patch-scripts_libpng_pc_in,v 1.21 2011/09/23 21:00:28 sthen Exp $
+--- scripts/libpng.pc.in.orig	Thu Sep 22 14:40:25 2011
+++ scripts/libpng.pc.in	Fri Sep 23 09:20:51 2011
@@ -1,10 +1,10 @@
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@ -10,7 +10,7 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1.20 2011/07/15 11:10:40 naddy Exp $
 
 Name: libpng
 Description: Loads and saves PNG files
- Version: 1.5.4
+ Version: 1.5.5
 -Libs: -L${libdir} -lpng15
 +Libs: -L${libdir} -lpng -lz -lm
 Cflags: -I${includedir}
--- a/graphics/png/patches/patch-scripts_makefile_openbsd
+++ b/graphics/png/patches/patch-scripts_makefile_openbsd
@ -1,6 +1,6 @@
-$OpenBSD: patch-scripts_makefile_openbsd,v 1.34 2011/07/15 11:10:40 naddy Exp $
--- scripts/makefile.openbsd.orig	Thu Jul  7 05:24:50 2011
-+++ scripts/makefile.openbsd	Fri Jul  8 18:50:50 2011
+$OpenBSD: patch-scripts_makefile_openbsd,v 1.35 2011/09/23 21:00:28 sthen Exp $
+--- scripts/makefile.openbsd.orig	Thu Sep 22 14:40:25 2011
+++ scripts/makefile.openbsd	Fri Sep 23 09:20:15 2011
@@ -7,12 +7,11 @@
 # and license in png.h
 
@ -12,7 +12,7 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.34 2011/07/15 11:10:40 naddy Exp $
 +INCDIR= ${PREFIX}/include/libpng
 
 -SHLIB_MAJOR=	15
-SHLIB_MINOR=	1.5.4
+-SHLIB_MINOR=	1.5.5
 -
 LIB=	png
 SRCS=	png.c pngerror.c pngget.c pngmem.c pngpread.c \