cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
74,591 Commits 1 Branch 0 Tags 554 MiB
8a2f52a6cd
Commit Graph

86 Commits

Author SHA1 Message Date
naddy
5966c95102 SECURITY update to 1.5.10. 
libpng failed to correctly handle malloc() failure for text chunks,
which can lead to memory corruption and the possibility of execution
of hostile code. (CVE-2011-3048)
 2012-03-30 18:58:03 +00:00
naddy
c697fa7638 update to 1.5.9 2012-02-26 14:57:54 +00:00
sthen
bf0e713792 png SECURITY fix: CVE-2011-3026, heap-buffer-overflow in png_decompress_chunk 2012-02-17 15:44:13 +00:00
gsoares
b38fd19cea Fix for CVE-2011-3464 
(libpng "png_formatted_warning()" Off-by-One Vulnerability)

patch came from upstream git:
(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
00c6a9a62c1825617c35c03ceb408114fffeca32)

OK sthen@
 2012-02-03 18:23:14 +00:00
rpointel
883bb752a7 Update libpng to 1.5.6. 
bump major version of shared libs.
ok naddy@.
 2011-11-14 17:48:59 +00:00
sthen
378c061449 SECURITY update to png 1.5.5, fixing a divide-by-zero with malformed cHRM 
chunks, this bug was introduced in 1.5.4 - CVE-2011-3328. Clues from naddy@
 2011-09-23 21:00:28 +00:00
naddy
da9fdc4abc SECURITY update to png-1.5.4: 
1. buffer overwrite in png_rgb_to_gray (CVE-2011-2690)
2. crash in png_default_error due to use of NULL Pointer (CVE-2011-2691)
3. memory corruption when handling empty sCAL chunks (CVE-2011-2692)
 2011-07-15 11:10:40 +00:00
naddy
64920edcf7 Update to png 1.5.2. Lots of improvements, but also significant 
API incompatibility:

"The libpng 1.5.x series finally hides the contents of the venerable
and hoary png_struct and png_info data structures inside private
(i.e., non-installed) header files. Instead of direct struct-access,
applications should be using the various png_get_xxx() and png_set_xxx()
accessor functions, which have existed for almost as long as libpng
itself."
 2011-07-08 20:34:36 +00:00
jasper
0e1836bafa Fix for CVE-2011-2501 
libpng "png_format_buffer()" Denial of Service Vulnerability

from upstream git
 2011-07-01 17:09:36 +00:00
naddy
4be689a796 ports that preformat man pages with mandoc via bsd.man.mk don't need groff 2010-10-19 21:04:52 +00:00
espie
0f681543b5 USE_GROFF=Yes 2010-10-18 18:13:12 +00:00
kili
df247d8854 SECRUTY update to 1.22.44 
Fixes CVE-2010-1205.

ok naddy@
 2010-06-27 19:55:04 +00:00
naddy
6bbe29c2fc maintenance update to 1.2.41 2009-12-06 21:43:11 +00:00
naddy
44331772cf minor maintenance update to 1.2.40 2009-10-12 10:17:16 +00:00
naddy
83ad075f4d maintenance update to 1.2.39 2009-08-23 14:44:18 +00:00
naddy
ad59f1741b Security update to 1.2.35: Fix an uninitialized data bug; CVE-2009-0040. 2009-03-04 20:17:16 +00:00
naddy
66e463990e update to 1.2.33, which fixes a minor memory leak 2008-12-02 16:45:59 +00:00
naddy
4de0998058 Maintenance update to 1.2.32. 
Library bump because png_struct has been extended.
 2008-09-28 14:43:22 +00:00
naddy
02c7cbf779 Update to 1.2.28 which fixes a number of "security and crash bugs". 
Bump library version since struct png_struct has changed--this shouldn't be
used externally, but you never know.

ok bernd@
 2008-05-07 14:29:39 +00:00
espie
17d70806a3 tweak FAKE_FLAGS semantics to saner defaults. 2008-01-04 17:48:33 +00:00
naddy
d89a9420a7 SECURITY update to 1.2.22. 
Fixes a number of out-of-bounds reads in certain chunk-handlers.
CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, CVE-2007-5269.
 2007-10-16 20:32:18 +00:00
naddy
e0a69b4d6a maintenance update to 1.2.20 2007-10-06 19:33:28 +00:00
simon
68a2007cc1 remove surrounding quotes from COMMENT/BROKEN/PERMIT_* 2007-09-15 20:09:40 +00:00
naddy
8f78fb5099 SECURITY update to 1.2.18: 
Fix a NULL pointer dereference vulnerability involving palette
images with a malformed tRNS chunk (CVE-2007-2445).
ok steven@
 2007-05-16 19:46:59 +00:00
naddy
ce25e73ce9 Hardcode our build options in pngconf.h so everything sees really the same 
interface.  ok steven@
 2007-04-08 15:02:36 +00:00
naddy
b0a7e5d4d9 update to 1.2.16: 
- minor bug fixes
- we now use the same API no matter whether asm optimizations are enabled
  or not
 2007-03-15 19:19:23 +00:00
bernd
0983a6434c The libpng people re-rolled the distfile of png-1.2.14. They fixed 
some fuckup in their autoconf stuff (which we don't use) and changed
dates in comments. Bump PKGNAME.

Noticed by aanriot@, thanks!
 2006-11-30 17:24:13 +00:00
bernd
6fa372d430 Update to png-1.2.14. 
'fine with me' steven@
 2006-11-30 11:25:32 +00:00
bernd
f0fed5a60b Security update to libpng-1.2.13. (CVE-2006-3334) 
Libpng versions 1.0.6 through 1.2.12 can crash while decoding
the sPLT chunk.  This is due to an incorrect calculation of
the buffer size for storing the palette entries.

ok steven@
 2006-11-18 16:06:26 +00:00
bernd
fcc0136602 Security update to png-1.2.12. 
Fixes a buffer overflow vulnerability.

More information:
http://www.securityfocus.com/bid/18698/

ok steven@ naddy@
 2006-06-29 14:33:47 +00:00
bernd
0875288c2e We compile png with -DPNG_NO_ASSEMBLER_CODE. Unfortunately, the libpng build 
system doesn't install a pngconf.h appropriate to the options passed to the
build.
So we have to put a PNG_NO_ASSEMBLER_CODE define into pngconf.h manually.
This unbreaks (at least) ImageMagick on amd64.

Some more information about this problem can be found here:

http://sourceforge.net/mailarchive/forum.php?thread_id=10314069&forum_id=43850

Since we don't want to compile pentium specific code,
remove -DPNG_USE_PNGGCCRD.

Bump major lib version and PKGNAME.

with help & ok steven@, naddy@
 2006-05-13 13:52:48 +00:00
bernd
63b1790f76 Update to png-1.2.10 and better DESCR. 
ok naddy@
 2006-05-10 13:50:01 +00:00
steven
4253de87ce SHARED_LIBS 
feedback and ok naddy@
 2005-12-26 22:33:17 +00:00
fgsch
c5b44fec6e after querying brad@ he decided to drop maintainership for these. 2005-10-30 00:10:39 +00:00
brad
3558d82648 upgrade to png 1.2.8 
From: Simon Dassow <janus at area319 dot de>
 2005-07-24 04:55:35 +00:00
espie
738ce04388 this stuff builds without really installing it now. 2005-04-17 13:37:42 +00:00
brad
348e1827fe install pkgconfig file for png. 
From: Jacob Meuser <jakemsr at jakemsr dot com>
 2004-10-15 04:41:13 +00:00
brad
b01a5d3ff8 bad bad me, I managed to kill the PKGNAME with the previous commit 
noticed by espie@
 2004-09-22 21:08:20 +00:00
brad
eabc4cd246 upgrade to png 1.2.7 2004-09-20 01:24:10 +00:00
brad
9d09e74a0f Add pieces of the libpng jumbo security patch not already in the port. 
http://www.us-cert.gov/cas/techalerts/TA04-217A.html
 2004-08-05 19:17:14 +00:00
brad
edb4a4ba20 fix buffer overflows with 16-bit and greyscale samples. 
CAN-2002-1363

http://www.openpkg.org/security/OpenPKG-SA-2003.001-png.html
http://www.openpkg.org/security/OpenPKG-SA-2004.030-png.html
 2004-07-06 22:17:48 +00:00
robert
f0431b4d0c Fix for CAN-2004-0421: 
Steve Grubb reports a buffer read overrun in libpng's
png_format_buffer function. A specially constructed PNG image
processed by an application using libpng may trigger the buffer
read overrun and possibly result in an application crash.

ok brad@
 2004-05-03 05:13:04 +00:00
brad
9668daea96 - add license marker 
- remove REGRESS_TARGET and add a check target to the png Makefile
 2004-02-24 23:18:57 +00:00
espie
56a31d0490 Unlink png from zlib, bump major number. 
Breaks lbreakout2 and pdflib, we don't really care, we'll fix them.
 2003-12-18 00:09:48 +00:00
brad
928f8ac8f9 - strip out some useless docs 
- install libpng-config
 2003-01-25 05:52:21 +00:00
brad
045606bb2d upgrade to png 1.2.5 2002-10-30 23:55:27 +00:00
brad
400870d2bb upgrade to png 1.2.4 
--
compat symlinks have been removed.
 2002-07-17 22:39:03 +00:00
espie
8e0401df9e More MASTER_SITES_SUBDIR out 2002-05-13 23:31:24 +00:00
brad
b65440c52c upgrade to png 1.2.2 
--
headers have been moved from include/ to include/libpng/.
for the short term sym-links have been created in include/ but will
be removed once all ports have been checked. porters should @comment out
the sym-links to check ports locally.
 2002-04-26 02:19:04 +00:00
brad
7a6e735ac9 proper HOMEPAGE URL 2002-02-07 04:50:55 +00:00