cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
109,022 Commits 1 Branch 0 Tags 544 MiB
5de4d85c55
Commit Graph

146 Commits

Author SHA1 Message Date
naddy
a431532192 SECURITY update to 1.6.20: 
Complete fix for CVE-2015-8126: buffer overflow in png_set_PLTE
 2015-12-04 21:27:58 +00:00
naddy
196a3a3002 SECURITY update to 1.6.19: 
Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions
CVE-2015-8126

ok sthen@
 2015-11-14 20:27:09 +00:00
naddy
4cd7f97ec6 explicitly replace symlink with file and use sed -i 2015-10-09 15:28:24 +00:00
sthen
958368e3a2 revert previous; libpng.la is a symlink and sed -i doesn't operate on these 
(so build as-is fails), switching to operating on libpng16.la results in a
plist change, and the installed files from the previous package do actually
have a difference between libpng.la and libpng16.la(?!).
 2015-10-08 23:45:30 +00:00
jasper
3e8b310348 sed -i 2015-10-08 12:02:03 +00:00
naddy
3b3aab2dd2 maintenance update to 1.6.18; from Brad, carefully checked by yours truly 2015-08-13 20:59:38 +00:00
naddy
65337c6c57 maintenance update to 1.6.17; from Brad 2015-05-06 20:17:48 +00:00
brad
f65d14f4e8 Update to png 1.6.16. 
ok naddy@
 2015-01-26 12:08:06 +00:00
brad
d00c176c8b Update to png 1.6.15. 
ok naddy@
 2014-11-25 22:41:50 +00:00
brad
999de3ec3b Update to png 1.6.14. 
ok naddy@
 2014-11-02 03:12:42 +00:00
brad
4cfe917ce3 Update to png 1.6.13. 
ok naddy@
 2014-10-16 17:18:42 +00:00
brad
46cfcf34aa Update to png 1.6.12. 
ok sthen@
 2014-07-17 23:01:58 +00:00
brad
e250d602a9 SECURITY Update to png 1.6.10: 
libpng will hang when reading images that have zero-length IDAT chunks with
the progressive (streaming) reader; a malicious web site could use this bug
to cause a (minor) denial of service. (CVE-2014-0333)

ok sthen@
 2014-04-18 02:54:05 +00:00
naddy
02270920a7 SECURITY update to 1.6.8: 
Fix a null pointer dereference (CVE-2013-6954)
 2014-01-03 15:53:04 +00:00
naddy
60b50fde16 Update to 1.6.6: fixes build on ARM, no other changes. 
From: Juan Francisco Cantero Hurtado
 2013-10-05 22:04:44 +00:00
brad
c0ae24e0f4 Update to png 1.6.5. 
pngfix is commented out as it requires a newer zlib release.

ok naddy@
 2013-09-16 20:10:01 +00:00
naddy
c201c477e8 also s/libpng16/libpng/ in libpng.la, otherwise libtool produces -lpng16 2013-06-09 15:13:03 +00:00
naddy
d569949d8c Major update to 1.6.2 on the new png 1.6 branch. 2013-06-08 19:39:28 +00:00
naddy
a6602dfa4e switch to autotools-based build and follow the upstream install layout 2013-06-03 02:46:25 +00:00
brad
b44b7e4b5b Update to png 1.5.15. 
ok sthen@
 2013-04-15 02:38:43 +00:00
brad
87ee19a888 Update to png 1.5.14. 
Reinstates inter-library dependencies and corrects the libpng-config
and pkg-config files for static vs shared linking.

WANTLIB update and Ok naddy@
 2013-03-25 00:21:37 +00:00
espie
e4fa65e765 PERMIT_* / REGRESS -> TEST sweep 2013-03-11 11:10:51 +00:00
sthen
70b6c6a8f2 bump various packages with static libs which frequently get pulled in; 
this is to force pkg_add -u to pick them up because moving to PIE does change
these files but since there are no library bumps, the package signature stays
the same.

there are probably others, these are just ones I've run into. not a great
fix, and needs to be repeated when other arch move, but it's the simplest low
impact fix and I'm fed up with "relocation R_X86_64_32S can not be used
when making a shared object; recompile with -fPIC"
 2012-10-12 15:06:37 +00:00
sthen
a26a1170e9 add DPB_PROPERTIES=Parallel for some things high in the dependency tree 
which benefit from it.
 2012-09-26 15:04:09 +00:00
naddy
5966c95102 SECURITY update to 1.5.10. 
libpng failed to correctly handle malloc() failure for text chunks,
which can lead to memory corruption and the possibility of execution
of hostile code. (CVE-2011-3048)
 2012-03-30 18:58:03 +00:00
naddy
c697fa7638 update to 1.5.9 2012-02-26 14:57:54 +00:00
sthen
bf0e713792 png SECURITY fix: CVE-2011-3026, heap-buffer-overflow in png_decompress_chunk 2012-02-17 15:44:13 +00:00
gsoares
b38fd19cea Fix for CVE-2011-3464 
(libpng "png_formatted_warning()" Off-by-One Vulnerability)

patch came from upstream git:
(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
00c6a9a62c1825617c35c03ceb408114fffeca32)

OK sthen@
 2012-02-03 18:23:14 +00:00
rpointel
883bb752a7 Update libpng to 1.5.6. 
bump major version of shared libs.
ok naddy@.
 2011-11-14 17:48:59 +00:00
sthen
378c061449 SECURITY update to png 1.5.5, fixing a divide-by-zero with malformed cHRM 
chunks, this bug was introduced in 1.5.4 - CVE-2011-3328. Clues from naddy@
 2011-09-23 21:00:28 +00:00
naddy
da9fdc4abc SECURITY update to png-1.5.4: 
1. buffer overwrite in png_rgb_to_gray (CVE-2011-2690)
2. crash in png_default_error due to use of NULL Pointer (CVE-2011-2691)
3. memory corruption when handling empty sCAL chunks (CVE-2011-2692)
 2011-07-15 11:10:40 +00:00
naddy
64920edcf7 Update to png 1.5.2. Lots of improvements, but also significant 
API incompatibility:

"The libpng 1.5.x series finally hides the contents of the venerable
and hoary png_struct and png_info data structures inside private
(i.e., non-installed) header files. Instead of direct struct-access,
applications should be using the various png_get_xxx() and png_set_xxx()
accessor functions, which have existed for almost as long as libpng
itself."
 2011-07-08 20:34:36 +00:00
jasper
0e1836bafa Fix for CVE-2011-2501 
libpng "png_format_buffer()" Denial of Service Vulnerability

from upstream git
 2011-07-01 17:09:36 +00:00
naddy
dbfd750590 Cope with bsd.man.mk changes and install source man pages. 
While here, also update some PLISTs, fix PREFIX use, etc.
ok landry@
 2011-06-23 22:50:26 +00:00
naddy
4be689a796 ports that preformat man pages with mandoc via bsd.man.mk don't need groff 2010-10-19 21:04:52 +00:00
espie
0f681543b5 USE_GROFF=Yes 2010-10-18 18:13:12 +00:00
kili
df247d8854 SECRUTY update to 1.22.44 
Fixes CVE-2010-1205.

ok naddy@
 2010-06-27 19:55:04 +00:00
naddy
6bbe29c2fc maintenance update to 1.2.41 2009-12-06 21:43:11 +00:00
naddy
44331772cf minor maintenance update to 1.2.40 2009-10-12 10:17:16 +00:00
naddy
83ad075f4d maintenance update to 1.2.39 2009-08-23 14:44:18 +00:00
naddy
ad59f1741b Security update to 1.2.35: Fix an uninitialized data bug; CVE-2009-0040. 2009-03-04 20:17:16 +00:00
naddy
66e463990e update to 1.2.33, which fixes a minor memory leak 2008-12-02 16:45:59 +00:00
naddy
4de0998058 Maintenance update to 1.2.32. 
Library bump because png_struct has been extended.
 2008-09-28 14:43:22 +00:00
naddy
02c7cbf779 Update to 1.2.28 which fixes a number of "security and crash bugs". 
Bump library version since struct png_struct has changed--this shouldn't be
used externally, but you never know.

ok bernd@
 2008-05-07 14:29:39 +00:00
espie
17d70806a3 tweak FAKE_FLAGS semantics to saner defaults. 2008-01-04 17:48:33 +00:00
naddy
d89a9420a7 SECURITY update to 1.2.22. 
Fixes a number of out-of-bounds reads in certain chunk-handlers.
CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, CVE-2007-5269.
 2007-10-16 20:32:18 +00:00
naddy
e0a69b4d6a maintenance update to 1.2.20 2007-10-06 19:33:28 +00:00
simon
68a2007cc1 remove surrounding quotes from COMMENT/BROKEN/PERMIT_* 2007-09-15 20:09:40 +00:00
naddy
8f78fb5099 SECURITY update to 1.2.18: 
Fix a NULL pointer dereference vulnerability involving palette
images with a malformed tRNS chunk (CVE-2007-2445).
ok steven@
 2007-05-16 19:46:59 +00:00
naddy
ce25e73ce9 Hardcode our build options in pngconf.h so everything sees really the same 
interface.  ok steven@
 2007-04-08 15:02:36 +00:00