ports/122869: [patch] Update graphics/png to fix security vulnerability
Nick Barkas
snb at threerings.net
Thu Apr 17 20:00:06 UTC 2008
>Number: 122869
>Category: ports
>Synopsis: [patch] Update graphics/png to fix security vulnerability
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 17 20:00:05 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Nick Barkas
>Release: FreeBSD 6.2-RELEASE-p11 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p11 FreeBSD 6.2-RELEASE-p11 #0: Wed Feb 13 07:00:04 UTC 2008 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
This updates the port for libpng to the latest beta release to fix a buffer
overflow documented here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382
>How-To-Repeat:
>Fix:
--- png.patch begins here ---
diff -urN png.orig/Makefile png/Makefile
--- png.orig/Makefile Tue Apr 8 10:08:57 2008
+++ png/Makefile Thu Apr 17 12:48:48 2008
@@ -6,19 +6,19 @@
#
PORTNAME= png
-PORTVERSION= 1.2.26
+PORTVERSION= 1.2.27.b3
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= lib${PORTNAME}
-DISTNAME= lib${PORTNAME}-${PORTVERSION}
+DISTNAME= lib${PORTNAME}-1.2.27beta03
+
+MAINTAINER= ache at FreeBSD.org
+COMMENT= Library for manipulating PNG images
#PATCH_SITES= ${MASTER_SITES}
#PATCH_SITE_SUBDIR= ${MASTER_SITE_SUBDIR}
#PATCHFILES=
#PATCH_DIST_STRIP= -p1
-
-MAINTAINER= ache at FreeBSD.org
-COMMENT= Library for manipulating PNG images
MAKEFILE= ${WRKSRC}/scripts/makefile.freebsd
ALL_TARGET= all libpng-config test
diff -urN png.orig/distinfo png/distinfo
--- png.orig/distinfo Tue Apr 8 10:08:57 2008
+++ png/distinfo Thu Apr 17 12:44:19 2008
@@ -1,3 +1,3 @@
-MD5 (libpng-1.2.26.tar.bz2) = 1f743f4a3e5a9c12ea16eff0c60c3f8e
-SHA256 (libpng-1.2.26.tar.bz2) = 17c589b64902c6fc045ad85d748c647035b9916016813182402e89114aa7ebe7
-SIZE (libpng-1.2.26.tar.bz2) = 627569
+MD5 (libpng-1.2.27beta03.tar.bz2) = f3dc8f8dbdab547a738ffb6163b75ca8
+SHA256 (libpng-1.2.27beta03.tar.bz2) = bc6a479b03dbea93cafda8bc934c101f8e1b20aa1c5efd70d793c88e59fb7891
+SIZE (libpng-1.2.27beta03.tar.bz2) = 665285
diff -urN png.orig/files/patch-ab png/files/patch-ab
--- png.orig/files/patch-ab Tue Apr 8 10:08:58 2008
+++ png/files/patch-ab Thu Apr 17 12:47:29 2008
@@ -12,7 +12,7 @@
Name: libpng
Description: Loads and saves PNG files
- Version: 1.2.26
+ Version: 1.2.27beta03
-Libs: -L${libdir} -lpng12
+Libs: -L${libdir} -lpng -lz -lm
Cflags: -I${includedir}
--- png.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list