update to 1.5.9

2012-02-26 14:57:54 +00:00 · 2012-02-26 14:57:54 +00:00 · c697fa7638
commit c697fa7638
parent 8d7eda3146
7 changed files with 18 additions and 168 deletions
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@ -1,12 +1,11 @@
-# $OpenBSD: Makefile,v 1.84 2012/02/17 15:44:13 sthen Exp $
+# $OpenBSD: Makefile,v 1.85 2012/02/26 14:57:54 naddy Exp $

 COMMENT=	library for manipulating PNG images

-REVISION=	1
-VERSION=	1.5.6
+VERSION=	1.5.9
 DISTNAME=	libpng-${VERSION}
 PKGNAME=	png-${VERSION}
-SHARED_LIBS=	png	13.0
+SHARED_LIBS=	png	14.0
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libpng/}

--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@ -1,5 +1,5 @@
-MD5 (libpng-1.5.6.tar.gz) = iwwF7RJjfuHwYN37v1Juow==
-RMD160 (libpng-1.5.6.tar.gz) = k+8DwEmdUbqn0Q8oyaZTA0JTqEY=
-SHA1 (libpng-1.5.6.tar.gz) = Bo0wioIAPLskYC/9/HOMyEjPTq8=
-SHA256 (libpng-1.5.6.tar.gz) = Hc2lannwYYbTBAuAlauAfQdpUrS8t1eZNqohsIGTpUo=
-SIZE (libpng-1.5.6.tar.gz) = 1051616
+MD5 (libpng-1.5.9.tar.gz) = x0C6Zs1wdLokcbak/0jh+w==
+RMD160 (libpng-1.5.9.tar.gz) = P+f7QB8ayFCr4gGHcgZABUyF0xQ=
+SHA1 (libpng-1.5.9.tar.gz) = 5FOEdZhU4EkwUbFfaRXAFWLC/CQ=
+SHA256 (libpng-1.5.9.tar.gz) = t12uJhUfmwMQYsjS9XeglLCNoK5E/owRF10Ln/Q0zAI=
+SIZE (libpng-1.5.9.tar.gz) = 1065637
--- a/graphics/png/patches/patch-pngerror_c
+++ b/graphics/png/patches/patch-pngerror_c
@ -1,105 +0,0 @@
-$OpenBSD: patch-pngerror_c,v 1.8 2012/02/03 18:23:14 gsoares Exp $
-
-Fix for CVE-2011-3464
-(libpng "png_formatted_warning()" Off-by-One Vulnerability)
-
-patch came from upstream git:
-(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
-00c6a9a62c1825617c35c03ceb408114fffeca32)
-
--- pngerror.c.orig	Thu Nov  3 01:42:50 2011
-+++ pngerror.c	Fri Feb  3 11:53:42 2012
-@@ -284,32 +284,35 @@ png_formatted_warning(png_structp png_ptr, png_warning
-    /* The internal buffer is just 128 bytes - enough for all our messages,
-     * overflow doesn't happen because this code checks!
-     */
-   size_t i;
-+   size_t i = 0; /* Index in the msg[] buffer: */
-    char msg[128];
- 
-   for (i=0; i<(sizeof msg)-1 && *message != '\0'; ++i)
-+   /* Each iteration through the following loop writes at most one character
-+    * to msg[i++] then returns here to validate that there is still space for
-+    * the trailing '\0'.  It may (in the case of a parameter) read more than
-+    * one character from message[]; it must check for '\0' and continue to the
-+    * test if it finds the end of string.
-+    */
-+   while (i<(sizeof msg)-1 && *message != '\0')
-    {
-      if (*message == '@')
-+      /* '@' at end of string is now just printed (previously it was skipped);
-+       * it is an error in the calling code to terminate the string with @.
-+       */
-+      if (p != NULL && *message == '@' && message[1] != '\0')
-       {
-         int parameter = -1;
-         switch (*++message)
-         {
-            case '1':
-               parameter = 0;
-               break;
-+         int parameter_char = *++message; /* Consume the '@' */
-+         static const char valid_parameters[] = "123456789";
-+         int parameter = 0;
- 
-            case '2':
-               parameter = 1;
-               break;
-+         /* Search for the parameter digit, the index in the string is the
-+          * parameter to use.
-+          */
-+         while (valid_parameters[parameter] != parameter_char &&
-+            valid_parameters[parameter] != '\0')
-+            ++parameter;
- 
-            case '\0':
-               continue; /* To break out of the for loop above. */
-
-            default:
-               break;
-         }
-
-         if (parameter >= 0 && parameter < PNG_WARNING_PARAMETER_COUNT)
-+         /* If the parameter digit is out of range it will just get printed. */
-+         if (parameter < PNG_WARNING_PARAMETER_COUNT)
-          {
-             /* Append this parameter */
-             png_const_charp parm = p[parameter];
-@@ -319,28 +322,32 @@ png_formatted_warning(png_structp png_ptr, png_warning
-              * that parm[] has been initialized, so there is no guarantee of a
-              * trailing '\0':
-              */
-            for (; i<(sizeof msg)-1 && parm != '\0' && parm < pend; ++i)
-               msg[i] = *parm++;
-+            while (i<(sizeof msg)-1 && *parm != '\0' && parm < pend)
-+               msg[i++] = *parm++;
- 
-+            /* Consume the parameter digit too: */
-             ++message;
-             continue;
-          }
- 
-          /* else not a parameter and there is a character after the @ sign; just
-          * copy that.
-+          * copy that.  This is known not to be '\0' because of the test above.
-           */
-       }
- 
-       /* At this point *message can't be '\0', even in the bad parameter case
-        * above where there is a lone '@' at the end of the message string.
-        */
-      msg[i] = *message++;
-+      msg[i++] = *message++;
-    }
- 
-    /* i is always less than (sizeof msg), so: */
-    msg[i] = '\0';
- 
-   /* And this is the formatted message: */
-+   /* And this is the formatted message, it may be larger than
-+    * PNG_MAX_ERROR_TEXT, but that is only used for 'chunk' errors and these are
-+    * not (currently) formatted.
-+    */
-    png_warning(png_ptr, msg);
- }
- #endif /* PNG_WARNINGS_SUPPORTED */
--- a/graphics/png/patches/patch-pngpriv_h
+++ b/graphics/png/patches/patch-pngpriv_h
@ -1,20 +0,0 @@
-$OpenBSD: patch-pngpriv_h,v 1.1 2012/02/03 18:23:14 gsoares Exp $
-
-Fix for CVE-2011-3464
-(libpng "png_formatted_warning()" Off-by-One Vulnerability)
-
-patch came from upstream git:
-(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
-00c6a9a62c1825617c35c03ceb408114fffeca32)
-
--- pngpriv.h.orig	Thu Nov  3 01:42:49 2011
-+++ pngpriv.h	Fri Feb  3 11:53:28 2012
-@@ -1368,7 +1368,7 @@ PNG_EXTERN png_charp png_format_number(png_const_charp
- #ifdef PNG_WARNINGS_SUPPORTED
- /* New defines and members adding in libpng-1.5.4 */
- #  define PNG_WARNING_PARAMETER_SIZE 32
-#  define PNG_WARNING_PARAMETER_COUNT 8
-+#  define PNG_WARNING_PARAMETER_COUNT 8 /* Maximum 9; see pngerror.c */
- 
- /* An l-value of this type has to be passed to the APIs below to cache the
-  * values of the parameters to a formatted warning message.
--- a/graphics/png/patches/patch-pngrutil_c
+++ b/graphics/png/patches/patch-pngrutil_c
@ -1,24 +0,0 @@
-$OpenBSD: patch-pngrutil_c,v 1.3 2012/02/17 15:44:13 sthen Exp $
-
-CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk
-
--- pngrutil.c.orig	Thu Feb 16 10:01:56 2012
-+++ pngrutil.c	Thu Feb 16 10:04:05 2012
-@@ -457,8 +457,15 @@ png_decompress_chunk(png_structp png_ptr, int comp_typ
-       {
-          /* Success (maybe) - really uncompress the chunk. */
-          png_size_t new_size = 0;
-         png_charp text = (png_charp)png_malloc_warn(png_ptr,
-             prefix_size + expanded_size + 1);
-+         png_charp text = NULL;
-+         /* Need to check for both truncation (64-bit platforms) and integer
-+          * overflow.
-+          */
-+         if (prefix_size + expanded_size > prefix_size &&
-+             prefix_size + expanded_size < 0xffffffffU)
-+         {
-+            text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
-+         }
- 
-          if (text != NULL)
-          {
--- a/graphics/png/patches/patch-scripts_libpng_pc_in
+++ b/graphics/png/patches/patch-scripts_libpng_pc_in
@ -1,4 +1,4 @@
-$OpenBSD: patch-scripts_libpng_pc_in,v 1.22 2011/11/14 17:48:59 rpointel Exp $
+$OpenBSD: patch-scripts_libpng_pc_in,v 1.23 2012/02/26 14:57:54 naddy Exp $
 --- scripts/libpng.pc.in.orig	Thu Nov  3 04:42:52 2011
 +++ scripts/libpng.pc.in	Thu Nov  3 12:20:06 2011
@@ -1,10 +1,10 @@
@ -10,7 +10,7 @@ $OpenBSD: patch-scripts_libpng_pc_in,v 1.22 2011/11/14 17:48:59 rpointel Exp $
 
 Name: libpng
 Description: Loads and saves PNG files
- Version: 1.5.6
+ Version: 1.5.9
 -Libs: -L${libdir} -lpng15
 +Libs: -L${libdir} -lpng -lz -lm
 Cflags: -I${includedir}
--- a/graphics/png/patches/patch-scripts_makefile_openbsd
+++ b/graphics/png/patches/patch-scripts_makefile_openbsd
@ -1,6 +1,6 @@
-$OpenBSD: patch-scripts_makefile_openbsd,v 1.36 2011/11/14 17:48:59 rpointel Exp $
--- scripts/makefile.openbsd.orig	Thu Nov  3 04:42:52 2011
-+++ scripts/makefile.openbsd	Thu Nov  3 12:18:34 2011
+$OpenBSD: patch-scripts_makefile_openbsd,v 1.37 2012/02/26 14:57:54 naddy Exp $
+--- scripts/makefile.openbsd.orig	Sat Feb 18 21:31:16 2012
+++ scripts/makefile.openbsd	Sat Feb 25 18:19:23 2012
@@ -7,8 +7,10 @@
 # and license in png.h
 
@ -12,8 +12,8 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.36 2011/11/14 17:48:59 rpointel Exp
 +INCDIR= ${PREFIX}/include/libpng
 
 SHLIB_MAJOR=	15
- SHLIB_MINOR=	1.5.6
-@@ -25,12 +27,30 @@
+ SHLIB_MINOR=	1.5.9
+@@ -25,12 +27,30 @@ CPPFLAGS+= -I${.CURDIR}
 
 NOPROFILE= Yes
 
@ -47,14 +47,14 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.36 2011/11/14 17:48:59 rpointel Exp
 # see scripts/pnglibconf.mak for more options
 pnglibconf.h: scripts/pnglibconf.h.prebuilt
 	cp scripts/pnglibconf.h.prebuilt $@
-@@ -41,13 +61,20 @@
+@@ -41,13 +61,20 @@ pngtest.o:	pngtest.c
 pngtest:	pngtest.o
 	${CC} ${LDFLAGS} ${.ALLSRC} -o ${.TARGET} -L${.OBJDIR} -lpng -lz -lm
 
 -test:	pngtest
 -	cd ${.OBJDIR} && env \
 -		LD_LIBRARY_PATH="${.OBJDIR}" ${.OBJDIR}/pngtest
-+pngvalid.o:	pngvalid.c
+pngvalid.o:	contrib/libtests/pngvalid.c
 +	${CC} ${CPPFLAGS} ${CFLAGS} -c ${.ALLSRC} -o ${.TARGET}
 
 +pngvalid:	pngvalid.o
@ -73,7 +73,7 @@ $OpenBSD: patch-scripts_makefile_openbsd,v 1.36 2011/11/14 17:48:59 rpointel Exp
 	fi
 	if [ ! -d ${DESTDIR}${LIBDIR} ]; then \
 	  ${INSTALL} -d -o root -g wheel ${DESTDIR}${LIBDIR}; \
-@@ -61,22 +88,19 @@
+@@ -61,22 +88,19 @@ beforeinstall:
 	if [ ! -d ${DESTDIR}${MANDIR}5 ]; then \
 	  ${INSTALL} -d -o root -g wheel ${DESTDIR}${MANDIR}5; \
 	fi