cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
70,033 Commits 1 Branch 0 Tags 554 MiB
56ab18e849
Commit Graph

68 Commits

Author SHA1 Message Date
sthen
378c061449 SECURITY update to png 1.5.5, fixing a divide-by-zero with malformed cHRM 
chunks, this bug was introduced in 1.5.4 - CVE-2011-3328. Clues from naddy@
 2011-09-23 21:00:28 +00:00
naddy
da9fdc4abc SECURITY update to png-1.5.4: 
1. buffer overwrite in png_rgb_to_gray (CVE-2011-2690)
2. crash in png_default_error due to use of NULL Pointer (CVE-2011-2691)
3. memory corruption when handling empty sCAL chunks (CVE-2011-2692)
 2011-07-15 11:10:40 +00:00
naddy
64920edcf7 Update to png 1.5.2. Lots of improvements, but also significant 
API incompatibility:

"The libpng 1.5.x series finally hides the contents of the venerable
and hoary png_struct and png_info data structures inside private
(i.e., non-installed) header files. Instead of direct struct-access,
applications should be using the various png_get_xxx() and png_set_xxx()
accessor functions, which have existed for almost as long as libpng
itself."
 2011-07-08 20:34:36 +00:00
jasper
0e1836bafa Fix for CVE-2011-2501 
libpng "png_format_buffer()" Denial of Service Vulnerability

from upstream git
 2011-07-01 17:09:36 +00:00
naddy
dbfd750590 Cope with bsd.man.mk changes and install source man pages. 
While here, also update some PLISTs, fix PREFIX use, etc.
ok landry@
 2011-06-23 22:50:26 +00:00
kili
df247d8854 SECRUTY update to 1.22.44 
Fixes CVE-2010-1205.

ok naddy@
 2010-06-27 19:55:04 +00:00
naddy
6bbe29c2fc maintenance update to 1.2.41 2009-12-06 21:43:11 +00:00
naddy
44331772cf minor maintenance update to 1.2.40 2009-10-12 10:17:16 +00:00
naddy
83ad075f4d maintenance update to 1.2.39 2009-08-23 14:44:18 +00:00
naddy
ad59f1741b Security update to 1.2.35: Fix an uninitialized data bug; CVE-2009-0040. 2009-03-04 20:17:16 +00:00
naddy
66e463990e update to 1.2.33, which fixes a minor memory leak 2008-12-02 16:45:59 +00:00
naddy
4de0998058 Maintenance update to 1.2.32. 
Library bump because png_struct has been extended.
 2008-09-28 14:43:22 +00:00
naddy
02c7cbf779 Update to 1.2.28 which fixes a number of "security and crash bugs". 
Bump library version since struct png_struct has changed--this shouldn't be
used externally, but you never know.

ok bernd@
 2008-05-07 14:29:39 +00:00
naddy
d89a9420a7 SECURITY update to 1.2.22. 
Fixes a number of out-of-bounds reads in certain chunk-handlers.
CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, CVE-2007-5269.
 2007-10-16 20:32:18 +00:00
naddy
e0a69b4d6a maintenance update to 1.2.20 2007-10-06 19:33:28 +00:00
naddy
8f78fb5099 SECURITY update to 1.2.18: 
Fix a NULL pointer dereference vulnerability involving palette
images with a malformed tRNS chunk (CVE-2007-2445).
ok steven@
 2007-05-16 19:46:59 +00:00
naddy
ce25e73ce9 Hardcode our build options in pngconf.h so everything sees really the same 
interface.  ok steven@
 2007-04-08 15:02:36 +00:00
naddy
b0a7e5d4d9 update to 1.2.16: 
- minor bug fixes
- we now use the same API no matter whether asm optimizations are enabled
  or not
 2007-03-15 19:19:23 +00:00
bernd
6fa372d430 Update to png-1.2.14. 
'fine with me' steven@
 2006-11-30 11:25:32 +00:00
bernd
f0fed5a60b Security update to libpng-1.2.13. (CVE-2006-3334) 
Libpng versions 1.0.6 through 1.2.12 can crash while decoding
the sPLT chunk.  This is due to an incorrect calculation of
the buffer size for storing the palette entries.

ok steven@
 2006-11-18 16:06:26 +00:00
bernd
fcc0136602 Security update to png-1.2.12. 
Fixes a buffer overflow vulnerability.

More information:
http://www.securityfocus.com/bid/18698/

ok steven@ naddy@
 2006-06-29 14:33:47 +00:00
bernd
0875288c2e We compile png with -DPNG_NO_ASSEMBLER_CODE. Unfortunately, the libpng build 
system doesn't install a pngconf.h appropriate to the options passed to the
build.
So we have to put a PNG_NO_ASSEMBLER_CODE define into pngconf.h manually.
This unbreaks (at least) ImageMagick on amd64.

Some more information about this problem can be found here:

http://sourceforge.net/mailarchive/forum.php?thread_id=10314069&forum_id=43850

Since we don't want to compile pentium specific code,
remove -DPNG_USE_PNGGCCRD.

Bump major lib version and PKGNAME.

with help & ok steven@, naddy@
 2006-05-13 13:52:48 +00:00
bernd
63b1790f76 Update to png-1.2.10 and better DESCR. 
ok naddy@
 2006-05-10 13:50:01 +00:00
steven
4253de87ce SHARED_LIBS 
feedback and ok naddy@
 2005-12-26 22:33:17 +00:00
brad
3558d82648 upgrade to png 1.2.8 
From: Simon Dassow <janus at area319 dot de>
 2005-07-24 04:55:35 +00:00
brad
348e1827fe install pkgconfig file for png. 
From: Jacob Meuser <jakemsr at jakemsr dot com>
 2004-10-15 04:41:13 +00:00
brad
eabc4cd246 upgrade to png 1.2.7 2004-09-20 01:24:10 +00:00
brad
9d09e74a0f Add pieces of the libpng jumbo security patch not already in the port. 
http://www.us-cert.gov/cas/techalerts/TA04-217A.html
 2004-08-05 19:17:14 +00:00
brad
96f6978640 use upstream patch instead. 2004-07-10 23:19:21 +00:00
brad
edb4a4ba20 fix buffer overflows with 16-bit and greyscale samples. 
CAN-2002-1363

http://www.openpkg.org/security/OpenPKG-SA-2003.001-png.html
http://www.openpkg.org/security/OpenPKG-SA-2004.030-png.html
 2004-07-06 22:17:48 +00:00
brad
59d16f1db0 better diff from openpkg 2004-07-06 22:06:17 +00:00
brad
dc94a9affa sync 2004-07-06 21:53:16 +00:00
robert
f0431b4d0c Fix for CAN-2004-0421: 
Steve Grubb reports a buffer read overrun in libpng's
png_format_buffer function. A specially constructed PNG image
processed by an application using libpng may trigger the buffer
read overrun and possibly result in an application crash.

ok brad@
 2004-05-03 05:13:04 +00:00
brad
879958ba98 remove LDADD instead of leaving it empty. 2004-04-06 08:32:45 +00:00
brad
d54b276e09 oops, check -> regress 2004-02-25 20:24:41 +00:00
brad
9668daea96 - add license marker 
- remove REGRESS_TARGET and add a check target to the png Makefile
 2004-02-24 23:18:57 +00:00
espie
56a31d0490 Unlink png from zlib, bump major number. 
Breaks lbreakout2 and pdflib, we don't really care, we'll fix them.
 2003-12-18 00:09:48 +00:00
brad
928f8ac8f9 - strip out some useless docs 
- install libpng-config
 2003-01-25 05:52:21 +00:00
brad
045606bb2d upgrade to png 1.2.5 2002-10-30 23:55:27 +00:00
brad
400870d2bb upgrade to png 1.2.4 
--
compat symlinks have been removed.
 2002-07-17 22:39:03 +00:00
brad
b65440c52c upgrade to png 1.2.2 
--
headers have been moved from include/ to include/libpng/.
for the short term sym-links have been created in include/ but will
be removed once all ports have been checked. porters should @comment out
the sym-links to check ports locally.
 2002-04-26 02:19:04 +00:00
brad
5a2c747039 upgrade to png 1.2.0 
--
Thanks to naddy@ for doing a full tree build and finding out that nothing
broke because of this upgrade.
 2001-11-19 02:40:52 +00:00
brad
6b2a42a3ca upgrade to png 1.0.11 
- bump shared lib major rev, should have happened way back at 1.0.6 but
the libpng maintainers seemed to have overlooked this.
 2001-05-23 23:57:45 +00:00
brad
fd0244ad00 upgrade to png 1.0.10 2001-04-03 14:08:30 +00:00
brad
ab1b4306dc upgrade to png 1.0.9 2001-03-04 06:21:38 +00:00
brad
adb7f02b7e add library dependency on libz and libm. 2001-01-14 18:27:24 +00:00
brad
dc166a570a pass the pic flag along to the compiler when linking the shared library. 2000-10-16 19:38:15 +00:00
brad
107abfb98e revert switch to libtool, use "cc -shared" to create shared libraries 2000-09-16 11:44:22 +00:00
brad
519cfa5865 simplify this patch 2000-09-14 10:07:07 +00:00
brad
75a5e6f465 upgrade to png 1.0.8 2000-07-25 08:56:14 +00:00