ports/122869: [patch] Update graphics/png to fix security vulnerability

Nick Barkas snb at threerings.net
Thu Apr 17 20:00:06 UTC 2008 

>Number:         122869
>Category:       ports
>Synopsis:       [patch] Update graphics/png to fix security vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 17 20:00:05 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Nick Barkas
>Release:        FreeBSD 6.2-RELEASE-p11 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p11 FreeBSD 6.2-RELEASE-p11 #0: Wed Feb 13 07:00:04 UTC 2008 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
This updates the port for libpng to the latest beta release to fix a buffer 
overflow documented here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382
>How-To-Repeat:
>Fix:
--- png.patch begins here ---
diff -urN png.orig/Makefile png/Makefile
--- png.orig/Makefile	Tue Apr  8 10:08:57 2008
+++ png/Makefile	Thu Apr 17 12:48:48 2008
@@ -6,19 +6,19 @@
 #
 
 PORTNAME=	png
-PORTVERSION=	1.2.26
+PORTVERSION=	1.2.27.b3
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	lib${PORTNAME}
-DISTNAME=	lib${PORTNAME}-${PORTVERSION}
+DISTNAME=	lib${PORTNAME}-1.2.27beta03
+
+MAINTAINER=	ache at FreeBSD.org
+COMMENT=	Library for manipulating PNG images
 
 #PATCH_SITES=	${MASTER_SITES}
 #PATCH_SITE_SUBDIR=	${MASTER_SITE_SUBDIR}
 #PATCHFILES=
 #PATCH_DIST_STRIP= -p1
-
-MAINTAINER=	ache at FreeBSD.org
-COMMENT=	Library for manipulating PNG images
 
 MAKEFILE=	${WRKSRC}/scripts/makefile.freebsd
 ALL_TARGET=	all libpng-config test
diff -urN png.orig/distinfo png/distinfo
--- png.orig/distinfo	Tue Apr  8 10:08:57 2008
+++ png/distinfo	Thu Apr 17 12:44:19 2008
@@ -1,3 +1,3 @@
-MD5 (libpng-1.2.26.tar.bz2) = 1f743f4a3e5a9c12ea16eff0c60c3f8e
-SHA256 (libpng-1.2.26.tar.bz2) = 17c589b64902c6fc045ad85d748c647035b9916016813182402e89114aa7ebe7
-SIZE (libpng-1.2.26.tar.bz2) = 627569
+MD5 (libpng-1.2.27beta03.tar.bz2) = f3dc8f8dbdab547a738ffb6163b75ca8
+SHA256 (libpng-1.2.27beta03.tar.bz2) = bc6a479b03dbea93cafda8bc934c101f8e1b20aa1c5efd70d793c88e59fb7891
+SIZE (libpng-1.2.27beta03.tar.bz2) = 665285
diff -urN png.orig/files/patch-ab png/files/patch-ab
--- png.orig/files/patch-ab	Tue Apr  8 10:08:58 2008
+++ png/files/patch-ab	Thu Apr 17 12:47:29 2008
@@ -12,7 +12,7 @@
  
  Name: libpng
  Description: Loads and saves PNG files
- Version: 1.2.26
+ Version: 1.2.27beta03
 -Libs: -L${libdir} -lpng12
 +Libs: -L${libdir} -lpng -lz -lm
  Cflags: -I${includedir}
--- png.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list