update vulnerable libpng to fixed version?

[Charles Swiger]

On Aug 4, 2004, at 3:08 PM, Fernan Aguero wrote:
> according to this tech report
> http://www.us-cert.gov/cas/techalerts/TA04-217A.html
> there are a number of vulnerabilities in libpng that are
> fixed in 1.2.6rc1
>
> is an update of the port being worked on? I'm eager to do a
> 'portupgrade -r png'.

Here's a diff which updates the png port to 1.2.6rc1:

diff -dur png_old/Makefile png/Makefile
--- png_old/Makefile    Wed Aug  4 16:10:04 2004
+++ png/Makefile        Wed Aug  4 16:12:27 2004
@@ -6,8 +6,7 @@
  #

  PORTNAME=      png
-PORTVERSION=   1.2.5
-PORTREVISION=  7
+PORTVERSION=   1.2.6rc1
  CATEGORIES=    graphics
  MASTER_SITES=  ftp://swrinde.nde.swri.edu/pub/png/src/ \
                 ${MASTER_SITE_SOURCEFORGE}
diff -dur png_old/distinfo png/distinfo
--- png_old/distinfo    Wed Aug  4 16:10:04 2004
+++ png/distinfo        Wed Aug  4 16:12:49 2004
@@ -1,2 +1,2 @@
-MD5 (libpng-1.2.5.tar.gz) = 0cec860559f2f5f7145da3c6851bacb7
-SIZE (libpng-1.2.5.tar.gz) = 505988
+MD5 (libpng-1.2.6rc1.tar.gz) = 142581efca1d62b0807cfc448056ea7b
+SIZE (libpng-1.2.6rc1.tar.gz) = 500804
diff -dur png_old/files/patch-ab png/files/patch-ab
--- png_old/files/patch-ab      Wed Aug  4 16:10:04 2004
+++ png/files/patch-ab  Wed Aug  4 16:17:41 2004
@@ -3,7 +3,7 @@
  @@ -7,5 +7,5 @@
   Name: libpng12
   Description: Loads and saves PNG files
- Version: 1.2.5
+ Version: 1.2.6rc1
  -Libs: -L${libdir} -lpng12 -lz -lm
  -Cflags: -I${includedir}/libpng12
  +Libs: -L${libdir} -lpng -lz -lm
Only in png_old/files: patch-ac
Only in png_old/files: patch-pnggccrd.c
Only in png_old/files: patch-pngrtran.c

The changes in patch-ac and patch-pngrtran.c have already been adopted 
into the sources and are no longer needed.

I am unsure what the changes found in patch-pnggccrd.c do (what does 
"rim" (_const4) mean in x86 assembly, anyway?), but the program 
compiles and passes it's self-test without that patch.

-- 
-Chuck