SECURITY update to 1.2.18:

Fix a NULL pointer dereference vulnerability involving palette images with a malformed tRNS chunk (CVE-2007-2445). ok steven@
2007-05-16 19:46:59 +00:00 · 2007-05-16 19:46:59 +00:00 · 8f78fb5099
commit 8f78fb5099
parent 65a6b4fdee
5 changed files with 17 additions and 17 deletions
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.62 2007/04/08 15:02:36 naddy Exp $
+# $OpenBSD: Makefile,v 1.63 2007/05/16 19:46:59 naddy Exp $

 COMMENT=	"library for manipulating PNG images"

-VERSION=	1.2.16
+VERSION=	1.2.18
 DISTNAME=	libpng-${VERSION}
-PKGNAME=	png-${VERSION}p0
+PKGNAME=	png-${VERSION}
 SHARED_LIBS=	png	5.2
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libpng/}
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@ -1,5 +1,5 @@
-MD5 (libpng-1.2.16.tar.gz) = 9J2eSvSFp7DyOME0MhMjKg==
-RMD160 (libpng-1.2.16.tar.gz) = 0fXO296pEg6YiIFI30DNzhNYX90=
-SHA1 (libpng-1.2.16.tar.gz) = wRrChIZYzOQXOgQb3Vsh76K32Y4=
-SHA256 (libpng-1.2.16.tar.gz) = uXL65SYScSQDJ7+19OimFs7J+MtQQ8/o+TTzqoCFAZA=
-SIZE (libpng-1.2.16.tar.gz) = 829526
+MD5 (libpng-1.2.18.tar.gz) = vQilXjGQIqfNxuOILWuUlw==
+RMD160 (libpng-1.2.18.tar.gz) = HKNmrkAFkQ6ZYP3JUPasi3et0o8=
+SHA1 (libpng-1.2.18.tar.gz) = GTOHrxBzWoKEw5awdLW2CeaqLjA=
+SHA256 (libpng-1.2.18.tar.gz) = QwlxssydLYNl8V77TC58lrQ+qF77cTZhHhV5uwSxSck=
+SIZE (libpng-1.2.18.tar.gz) = 830456
--- a/graphics/png/patches/patch-scripts_libpng_pc_in
+++ b/graphics/png/patches/patch-scripts_libpng_pc_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-scripts_libpng_pc_in,v 1.7 2007/03/15 19:19:23 naddy Exp $
--- scripts/libpng.pc.in.orig	Sat Feb 10 18:19:11 2007
-+++ scripts/libpng.pc.in	Sat Feb 10 18:19:51 2007
+$OpenBSD: patch-scripts_libpng_pc_in,v 1.8 2007/05/16 19:47:00 naddy Exp $
+--- scripts/libpng.pc.in.orig	Wed May 16 17:07:18 2007
+++ scripts/libpng.pc.in	Wed May 16 17:07:37 2007
@@ -1,10 +1,10 @@
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@ -10,7 +10,7 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1.7 2007/03/15 19:19:23 naddy Exp $
 
 Name: libpng
 Description: Loads and saves PNG files
- Version: 1.2.16
+ Version: 1.2.18
 -Libs: -L${libdir} -lpng12
 +Libs: -L${libdir} -lpng -lz -lm
 Cflags: -I${includedir}
--- a/graphics/png/patches/patch-scripts_makefile_openbsd
+++ b/graphics/png/patches/patch-scripts_makefile_openbsd
@ -1,4 +1,4 @@
-$OpenBSD: patch-scripts_makefile_openbsd,v 1.20 2007/04/08 15:02:36 naddy Exp $
+$OpenBSD: patch-scripts_makefile_openbsd,v 1.21 2007/05/16 19:47:00 naddy Exp $
 --- scripts/makefile.openbsd.orig	Wed Jan 31 14:22:38 2007
 +++ scripts/makefile.openbsd	Sat Mar 31 20:47:38 2007
@@ -4,11 +4,12 @@
@ -12,7 +12,7 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.20 2007/04/08 15:02:36 naddy Exp $
 +DOCDIR= ${PREFIX}/share/doc/png
 
 -SHLIB_MAJOR=	0
-SHLIB_MINOR=	1.2.16
+-SHLIB_MINOR=	1.2.18
 
 LIB=	png
 SRCS=	png.c pngerror.c pnggccrd.c pngget.c pngmem.c pngpread.c \
@ -25,7 +25,7 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.20 2007/04/08 15:02:36 naddy Exp $
 
 MAN=	libpng.3 libpngpf.3 png.5
 -DOCS = ANNOUNCE CHANGES INSTALL KNOWNBUG LICENSE README TODO Y2KINFO libpng.txt
-+DOCS = libpng-1.2.16.txt
+DOCS = libpng-1.2.18.txt
 
 +all: ${_LIBS} libpng-config libpng.pc
 +
--- a/graphics/png/pkg/PLIST
+++ b/graphics/png/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.20 2007/03/15 19:19:23 naddy Exp $
+@comment $OpenBSD: PLIST,v 1.21 2007/05/16 19:47:00 naddy Exp $
 %%SHARED%%
 bin/libpng-config
 include/libpng/
@ -12,4 +12,4 @@ lib/pkgconfig/libpng.pc
@man man/cat3/libpngpf.0
@man man/cat5/png.0
 share/doc/png/
-share/doc/png/libpng-1.2.16.txt
+share/doc/png/libpng-1.2.18.txt