this is to force pkg_add -u to pick them up because moving to PIE does change
these files but since there are no library bumps, the package signature stays
the same.
there are probably others, these are just ones I've run into. not a great
fix, and needs to be repeated when other arch move, but it's the simplest low
impact fix and I'm fed up with "relocation R_X86_64_32S can not be used
when making a shared object; recompile with -fPIC"
libpng failed to correctly handle malloc() failure for text chunks,
which can lead to memory corruption and the possibility of execution
of hostile code. (CVE-2011-3048)
1. buffer overwrite in png_rgb_to_gray (CVE-2011-2690)
2. crash in png_default_error due to use of NULL Pointer (CVE-2011-2691)
3. memory corruption when handling empty sCAL chunks (CVE-2011-2692)
API incompatibility:
"The libpng 1.5.x series finally hides the contents of the venerable
and hoary png_struct and png_info data structures inside private
(i.e., non-installed) header files. Instead of direct struct-access,
applications should be using the various png_get_xxx() and png_set_xxx()
accessor functions, which have existed for almost as long as libpng
itself."
Libpng versions 1.0.6 through 1.2.12 can crash while decoding
the sPLT chunk. This is due to an incorrect calculation of
the buffer size for storing the palette entries.
ok steven@
system doesn't install a pngconf.h appropriate to the options passed to the
build.
So we have to put a PNG_NO_ASSEMBLER_CODE define into pngconf.h manually.
This unbreaks (at least) ImageMagick on amd64.
Some more information about this problem can be found here:
http://sourceforge.net/mailarchive/forum.php?thread_id=10314069&forum_id=43850
Since we don't want to compile pentium specific code,
remove -DPNG_USE_PNGGCCRD.
Bump major lib version and PKGNAME.
with help & ok steven@, naddy@
Steve Grubb reports a buffer read overrun in libpng's
png_format_buffer function. A specially constructed PNG image
processed by an application using libpng may trigger the buffer
read overrun and possibly result in an application crash.
ok brad@
