From 378c061449fed8eff24d1ddc13105bde03be10d2 Mon Sep 17 00:00:00 2001 From: sthen Date: Fri, 23 Sep 2011 21:00:28 +0000 Subject: [PATCH] SECURITY update to png 1.5.5, fixing a divide-by-zero with malformed cHRM chunks, this bug was introduced in 1.5.4 - CVE-2011-3328. Clues from naddy@ --- graphics/png/Makefile | 6 +++--- graphics/png/distinfo | 10 +++++----- graphics/png/patches/patch-scripts_libpng_pc_in | 8 ++++---- graphics/png/patches/patch-scripts_makefile_openbsd | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/graphics/png/Makefile b/graphics/png/Makefile index 4584eeabd23..57345826cae 100644 --- a/graphics/png/Makefile +++ b/graphics/png/Makefile @@ -1,11 +1,11 @@ -# $OpenBSD: Makefile,v 1.80 2011/07/15 11:10:40 naddy Exp $ +# $OpenBSD: Makefile,v 1.81 2011/09/23 21:00:28 sthen Exp $ COMMENT= library for manipulating PNG images -VERSION= 1.5.4 +VERSION= 1.5.5 DISTNAME= libpng-${VERSION} PKGNAME= png-${VERSION} -SHARED_LIBS= png 12.0 +SHARED_LIBS= png 12.1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} diff --git a/graphics/png/distinfo b/graphics/png/distinfo index fb9d9bee9bb..890d6701586 100644 --- a/graphics/png/distinfo +++ b/graphics/png/distinfo @@ -1,5 +1,5 @@ -MD5 (libpng-1.5.4.tar.gz) = 3qTR/WcRYEJJI+kv8M3aeA== -RMD160 (libpng-1.5.4.tar.gz) = 5iXqRYxlDICh0gl97EU2qziW4M4= -SHA1 (libpng-1.5.4.tar.gz) = P/NAFpp0tAspm0kQCfIQv1sxJHU= -SHA256 (libpng-1.5.4.tar.gz) = pczbtwxytI0KkNqqGuvLlJl+w/Ohmn9Jf1PcUMiP6qs= -SIZE (libpng-1.5.4.tar.gz) = 1019446 +MD5 (libpng-1.5.5.tar.gz) = ADvKwCISUCm65IGNdMQqlA== +RMD160 (libpng-1.5.5.tar.gz) = eKOVQ85hTEUN64snn5J4TF536Ds= +SHA1 (libpng-1.5.5.tar.gz) = IIAWj/jnxYDrUEZhAqcAx/r529A= +SHA256 (libpng-1.5.5.tar.gz) = 0xxIfkUFk1dLgvu5wVIFokBCdDn/+R1KAE0gYh4ptPI= +SIZE (libpng-1.5.5.tar.gz) = 1033025 diff --git a/graphics/png/patches/patch-scripts_libpng_pc_in b/graphics/png/patches/patch-scripts_libpng_pc_in index 59833be1564..67e7edc6a95 100644 --- a/graphics/png/patches/patch-scripts_libpng_pc_in +++ b/graphics/png/patches/patch-scripts_libpng_pc_in @@ -1,6 +1,6 @@ -$OpenBSD: patch-scripts_libpng_pc_in,v 1.20 2011/07/15 11:10:40 naddy Exp $ ---- scripts/libpng.pc.in.orig Thu Jul 7 05:24:50 2011 -+++ scripts/libpng.pc.in Fri Jul 8 18:50:50 2011 +$OpenBSD: patch-scripts_libpng_pc_in,v 1.21 2011/09/23 21:00:28 sthen Exp $ +--- scripts/libpng.pc.in.orig Thu Sep 22 14:40:25 2011 ++++ scripts/libpng.pc.in Fri Sep 23 09:20:51 2011 @@ -1,10 +1,10 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ @@ -10,7 +10,7 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1.20 2011/07/15 11:10:40 naddy Exp $ Name: libpng Description: Loads and saves PNG files - Version: 1.5.4 + Version: 1.5.5 -Libs: -L${libdir} -lpng15 +Libs: -L${libdir} -lpng -lz -lm Cflags: -I${includedir} diff --git a/graphics/png/patches/patch-scripts_makefile_openbsd b/graphics/png/patches/patch-scripts_makefile_openbsd index 6012c1e7021..a84e7f7cd17 100644 --- a/graphics/png/patches/patch-scripts_makefile_openbsd +++ b/graphics/png/patches/patch-scripts_makefile_openbsd @@ -1,6 +1,6 @@ -$OpenBSD: patch-scripts_makefile_openbsd,v 1.34 2011/07/15 11:10:40 naddy Exp $ ---- scripts/makefile.openbsd.orig Thu Jul 7 05:24:50 2011 -+++ scripts/makefile.openbsd Fri Jul 8 18:50:50 2011 +$OpenBSD: patch-scripts_makefile_openbsd,v 1.35 2011/09/23 21:00:28 sthen Exp $ +--- scripts/makefile.openbsd.orig Thu Sep 22 14:40:25 2011 ++++ scripts/makefile.openbsd Fri Sep 23 09:20:15 2011 @@ -7,12 +7,11 @@ # and license in png.h @@ -12,7 +12,7 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.34 2011/07/15 11:10:40 naddy Exp $ +INCDIR= ${PREFIX}/include/libpng -SHLIB_MAJOR= 15 --SHLIB_MINOR= 1.5.4 +-SHLIB_MINOR= 1.5.5 - LIB= png SRCS= png.c pngerror.c pngget.c pngmem.c pngpread.c \