SECURITY Update to png 1.6.10:

libpng will hang when reading images that have zero-length IDAT chunks with the progressive (streaming) reader; a malicious web site could use this bug to cause a (minor) denial of service. (CVE-2014-0333) ok sthen@
2014-04-18 02:54:05 +00:00 · 2014-04-18 02:54:05 +00:00 · e250d602a9
commit e250d602a9
parent df3aa8adef
2 changed files with 5 additions and 4 deletions
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.97 2014/01/03 15:53:04 naddy Exp $
+# $OpenBSD: Makefile,v 1.98 2014/04/18 02:54:05 brad Exp $

 COMMENT=	library for manipulating PNG images

-VERSION=	1.6.8
+VERSION=	1.6.10
 DISTNAME=	libpng-${VERSION}
 PKGNAME=	png-${VERSION}
 SHARED_LIBS=	png16	17.1 \
@ -10,6 +10,7 @@ SHARED_LIBS=	png16	17.1 \
 CATEGORIES=	graphics
 DPB_PROPERTIES=	parallel
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libpng/}
+EXTRACT_SUFX=	.tar.xz

 HOMEPAGE=	http://www.libpng.org/pub/png/libpng.html

--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@ -1,2 +1,2 @@
-SHA256 (libpng-1.6.8.tar.gz) = Mses8WCLnItxt0O5eArbens0dWPb+0pSY3YQVtpEzJY=
-SIZE (libpng-1.6.8.tar.gz) = 1317370
+SHA256 (libpng-1.6.10.tar.xz) = QAPw/Q42EQordC/FueGrk+16erV66Nxl8OgQFFh3WlY=
+SIZE (libpng-1.6.10.tar.xz) = 898452