sthen
70b6c6a8f2
bump various packages with static libs which frequently get pulled in;
...
this is to force pkg_add -u to pick them up because moving to PIE does change
these files but since there are no library bumps, the package signature stays
the same.
there are probably others, these are just ones I've run into. not a great
fix, and needs to be repeated when other arch move, but it's the simplest low
impact fix and I'm fed up with "relocation R_X86_64_32S can not be used
when making a shared object; recompile with -fPIC"
2012-10-12 15:06:37 +00:00
sthen
a26a1170e9
add DPB_PROPERTIES=Parallel for some things high in the dependency tree
...
which benefit from it.
2012-09-26 15:04:09 +00:00
naddy
5966c95102
SECURITY update to 1.5.10.
...
libpng failed to correctly handle malloc() failure for text chunks,
which can lead to memory corruption and the possibility of execution
of hostile code. (CVE-2011-3048)
2012-03-30 18:58:03 +00:00
naddy
c697fa7638
update to 1.5.9
2012-02-26 14:57:54 +00:00
sthen
bf0e713792
png SECURITY fix: CVE-2011-3026, heap-buffer-overflow in png_decompress_chunk
2012-02-17 15:44:13 +00:00
gsoares
b38fd19cea
Fix for CVE-2011-3464
...
(libpng "png_formatted_warning()" Off-by-One Vulnerability)
patch came from upstream git:
(http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=
00c6a9a62c1825617c35c03ceb408114fffeca32)
OK sthen@
2012-02-03 18:23:14 +00:00
rpointel
883bb752a7
Update libpng to 1.5.6.
...
bump major version of shared libs.
ok naddy@.
2011-11-14 17:48:59 +00:00
sthen
378c061449
SECURITY update to png 1.5.5, fixing a divide-by-zero with malformed cHRM
...
chunks, this bug was introduced in 1.5.4 - CVE-2011-3328. Clues from naddy@
2011-09-23 21:00:28 +00:00
naddy
da9fdc4abc
SECURITY update to png-1.5.4:
...
1. buffer overwrite in png_rgb_to_gray (CVE-2011-2690)
2. crash in png_default_error due to use of NULL Pointer (CVE-2011-2691)
3. memory corruption when handling empty sCAL chunks (CVE-2011-2692)
2011-07-15 11:10:40 +00:00
naddy
64920edcf7
Update to png 1.5.2. Lots of improvements, but also significant
...
API incompatibility:
"The libpng 1.5.x series finally hides the contents of the venerable
and hoary png_struct and png_info data structures inside private
(i.e., non-installed) header files. Instead of direct struct-access,
applications should be using the various png_get_xxx() and png_set_xxx()
accessor functions, which have existed for almost as long as libpng
itself."
2011-07-08 20:34:36 +00:00
jasper
0e1836bafa
Fix for CVE-2011-2501
...
libpng "png_format_buffer()" Denial of Service Vulnerability
from upstream git
2011-07-01 17:09:36 +00:00
naddy
dbfd750590
Cope with bsd.man.mk changes and install source man pages.
...
While here, also update some PLISTs, fix PREFIX use, etc.
ok landry@
2011-06-23 22:50:26 +00:00
naddy
4be689a796
ports that preformat man pages with mandoc via bsd.man.mk don't need groff
2010-10-19 21:04:52 +00:00
espie
0f681543b5
USE_GROFF=Yes
2010-10-18 18:13:12 +00:00
kili
df247d8854
SECRUTY update to 1.22.44
...
Fixes CVE-2010-1205.
ok naddy@
2010-06-27 19:55:04 +00:00
naddy
6bbe29c2fc
maintenance update to 1.2.41
2009-12-06 21:43:11 +00:00
naddy
44331772cf
minor maintenance update to 1.2.40
2009-10-12 10:17:16 +00:00
naddy
83ad075f4d
maintenance update to 1.2.39
2009-08-23 14:44:18 +00:00
naddy
ad59f1741b
Security update to 1.2.35: Fix an uninitialized data bug; CVE-2009-0040.
2009-03-04 20:17:16 +00:00
naddy
66e463990e
update to 1.2.33, which fixes a minor memory leak
2008-12-02 16:45:59 +00:00
naddy
4de0998058
Maintenance update to 1.2.32.
...
Library bump because png_struct has been extended.
2008-09-28 14:43:22 +00:00
naddy
02c7cbf779
Update to 1.2.28 which fixes a number of "security and crash bugs".
...
Bump library version since struct png_struct has changed--this shouldn't be
used externally, but you never know.
ok bernd@
2008-05-07 14:29:39 +00:00
espie
17d70806a3
tweak FAKE_FLAGS semantics to saner defaults.
2008-01-04 17:48:33 +00:00
naddy
d89a9420a7
SECURITY update to 1.2.22.
...
Fixes a number of out-of-bounds reads in certain chunk-handlers.
CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, CVE-2007-5269.
2007-10-16 20:32:18 +00:00
naddy
e0a69b4d6a
maintenance update to 1.2.20
2007-10-06 19:33:28 +00:00
simon
68a2007cc1
remove surrounding quotes from COMMENT/BROKEN/PERMIT_*
2007-09-15 20:09:40 +00:00
naddy
8f78fb5099
SECURITY update to 1.2.18:
...
Fix a NULL pointer dereference vulnerability involving palette
images with a malformed tRNS chunk (CVE-2007-2445).
ok steven@
2007-05-16 19:46:59 +00:00
naddy
ce25e73ce9
Hardcode our build options in pngconf.h so everything sees really the same
...
interface. ok steven@
2007-04-08 15:02:36 +00:00
espie
9eafbbfb35
base64 checksums.
2007-04-05 16:19:55 +00:00
naddy
b0a7e5d4d9
update to 1.2.16:
...
- minor bug fixes
- we now use the same API no matter whether asm optimizations are enabled
or not
2007-03-15 19:19:23 +00:00
bernd
0983a6434c
The libpng people re-rolled the distfile of png-1.2.14. They fixed
...
some fuckup in their autoconf stuff (which we don't use) and changed
dates in comments. Bump PKGNAME.
Noticed by aanriot@, thanks!
2006-11-30 17:24:13 +00:00
bernd
6fa372d430
Update to png-1.2.14.
...
'fine with me' steven@
2006-11-30 11:25:32 +00:00
bernd
f0fed5a60b
Security update to libpng-1.2.13. (CVE-2006-3334)
...
Libpng versions 1.0.6 through 1.2.12 can crash while decoding
the sPLT chunk. This is due to an incorrect calculation of
the buffer size for storing the palette entries.
ok steven@
2006-11-18 16:06:26 +00:00
bernd
fcc0136602
Security update to png-1.2.12.
...
Fixes a buffer overflow vulnerability.
More information:
http://www.securityfocus.com/bid/18698/
ok steven@ naddy@
2006-06-29 14:33:47 +00:00
bernd
0875288c2e
We compile png with -DPNG_NO_ASSEMBLER_CODE. Unfortunately, the libpng build
...
system doesn't install a pngconf.h appropriate to the options passed to the
build.
So we have to put a PNG_NO_ASSEMBLER_CODE define into pngconf.h manually.
This unbreaks (at least) ImageMagick on amd64.
Some more information about this problem can be found here:
http://sourceforge.net/mailarchive/forum.php?thread_id=10314069&forum_id=43850
Since we don't want to compile pentium specific code,
remove -DPNG_USE_PNGGCCRD.
Bump major lib version and PKGNAME.
with help & ok steven@, naddy@
2006-05-13 13:52:48 +00:00
bernd
63b1790f76
Update to png-1.2.10 and better DESCR.
...
ok naddy@
2006-05-10 13:50:01 +00:00
steven
4253de87ce
SHARED_LIBS
...
feedback and ok naddy@
2005-12-26 22:33:17 +00:00
fgsch
c5b44fec6e
after querying brad@ he decided to drop maintainership for these.
2005-10-30 00:10:39 +00:00
brad
3558d82648
upgrade to png 1.2.8
...
From: Simon Dassow <janus at area319 dot de>
2005-07-24 04:55:35 +00:00
espie
738ce04388
this stuff builds without really installing it now.
2005-04-17 13:37:42 +00:00
naddy
a8817eabcc
SIZE
2005-01-05 16:50:35 +00:00
brad
348e1827fe
install pkgconfig file for png.
...
From: Jacob Meuser <jakemsr at jakemsr dot com>
2004-10-15 04:41:13 +00:00
brad
b01a5d3ff8
bad bad me, I managed to kill the PKGNAME with the previous commit
...
noticed by espie@
2004-09-22 21:08:20 +00:00
brad
eabc4cd246
upgrade to png 1.2.7
2004-09-20 01:24:10 +00:00
espie
6ad2640218
new plists
2004-09-15 00:46:07 +00:00
espie
512d20367c
new plists
2004-08-07 08:03:06 +00:00
brad
9d09e74a0f
Add pieces of the libpng jumbo security patch not already in the port.
...
http://www.us-cert.gov/cas/techalerts/TA04-217A.html
2004-08-05 19:17:14 +00:00
espie
8a218ca3a6
more new PLISTs
2004-08-05 09:16:04 +00:00
brad
96f6978640
use upstream patch instead.
2004-07-10 23:19:21 +00:00
brad
edb4a4ba20
fix buffer overflows with 16-bit and greyscale samples.
...
CAN-2002-1363
http://www.openpkg.org/security/OpenPKG-SA-2003.001-png.html
http://www.openpkg.org/security/OpenPKG-SA-2004.030-png.html
2004-07-06 22:17:48 +00:00