quick fix for graphics/libpng
Stefan Sperling
stsp at stsp.name
Sat Oct 13 14:54:34 PDT 2007
I just ran into not being able to install anything that
depends on libpng because of the recently discovered
security vulnerabilites:
http://www.freebsd.org/ports/portaudit/172acf78-780c-11dc-b3f4-0016179b2dd5.html
I scooped up a quick patch to upgrade the port to libpng-1.2.22rc1,
which apparently fixes the vulnerabilities:
http://www.securityfocus.com/bid/25957/solution
I won't submit this to the PR database because I guess the maintainer
is already aware of the issue and working on a proper fix.
I'm just posting this here in case it comes in handy for someone.
It compiles for me, so far nothing broke. YMMV.
Index: Makefile
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/Makefile,v
retrieving revision 1.80
diff -u -r1.80 Makefile
--- Makefile 21 May 2007 11:21:09 -0000 1.80
+++ Makefile 13 Oct 2007 15:26:54 -0000
@@ -6,11 +6,12 @@
#
PORTNAME= png
-PORTVERSION= 1.2.18
+PORTVERSION= 1.2.22
+PORTREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= lib${PORTNAME}
-DISTNAME= lib${PORTNAME}-${PORTVERSION}
+DISTNAME= lib${PORTNAME}-${PORTVERSION}rc1
PATCH_SITES= ${MASTER_SITES}
#PATCH_SITE_SUBDIR= ${MASTER_SITE_SUBDIR}
Index: distinfo
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/distinfo,v
retrieving revision 1.34
diff -u -r1.34 distinfo
--- distinfo 21 May 2007 11:21:09 -0000 1.34
+++ distinfo 13 Oct 2007 15:29:51 -0000
@@ -1,3 +1,3 @@
-MD5 (libpng-1.2.18.tar.bz2) = 25a7f2f101eaaf2eb18c4987e0fbe39d
-SHA256 (libpng-1.2.18.tar.bz2) = 6fce62f9e67e951c38672bf520c062a2be742e893d240d150748a00c32f20c62
-SIZE (libpng-1.2.18.tar.bz2) = 623690
+MD5 (libpng-1.2.22rc1.tar.bz2) = 0b597c7f91eac87f3c300a8623f32208
+SHA256 (libpng-1.2.22rc1.tar.bz2) = 2f9c534ee6e2f49b5d69ce373e4a17cf643350ea63afcd94c6510d4625b830cc
+SIZE (libpng-1.2.22rc1.tar.bz2) = 615355
Index: files/patch-aa
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/files/patch-aa,v
retrieving revision 1.29
diff -u -r1.29 patch-aa
--- files/patch-aa 21 May 2007 11:21:09 -0000 1.29
+++ files/patch-aa 13 Oct 2007 15:52:15 -0000
@@ -1,5 +1,5 @@
---- scripts/makefile.freebsd.orig Sat Feb 25 15:37:11 2006
-+++ scripts/makefile.freebsd Thu Jul 27 22:03:50 2006
+--- scripts/makefile.freebsd.orig Thu Jun 21 00:10:26 2007
++++ scripts/makefile.freebsd Sat Oct 13 17:52:12 2007
@@ -8,27 +8,26 @@
LIB= png
SHLIB_MAJOR= ${SHLIB_VER}
@@ -9,8 +9,7 @@
+NO_OBJ= YES
+.else
NOPROFILE= YES
--NOOBJ= YES
-+NOOBJ= YES
+ NOOBJ= YES
+.endif
# where make install puts libpng.a and png.h
@@ -29,14 +28,14 @@
LDADD+= -lm -lz
DPADD+= ${LIBM} ${LIBZ}
--CFLAGS+= -I. -DPNG_USE_PNGGCCRD
+-CFLAGS+= -I.
-.if (${MACHINE_ARCH} != "i386")
-CFLAGS+= -DPNG_NO_MMX_CODE
-.endif
-
SRCS= png.c pngset.c pngget.c pngrutil.c pngtrans.c pngwutil.c \
pngread.c pngrio.c pngwio.c pngwrite.c pngrtran.c \
- pngwtran.c pngmem.c pngerror.c pngpread.c pnggccrd.c
+ pngwtran.c pngmem.c pngerror.c pngpread.c
@@ -44,5 +43,23 @@
DOCS = ANNOUNCE CHANGES INSTALL KNOWNBUG LICENSE README TODO Y2KINFO
writelock:
Index: files/patch-ab
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/files/patch-ab,v
retrieving revision 1.7
diff -u -r1.7 patch-ab
--- files/patch-ab 21 May 2007 11:21:09 -0000 1.7
+++ files/patch-ab 13 Oct 2007 15:42:48 -0000
@@ -1,5 +1,5 @@
---- scripts/libpng.pc.in.orig Wed Jun 28 00:22:40 2006
-+++ scripts/libpng.pc.in Sun Jul 23 10:56:25 2006
+--- scripts/libpng.pc.in.orig Mon Oct 8 17:47:40 2007
++++ scripts/libpng.pc.in Sat Oct 13 17:42:36 2007
@@ -1,10 +1,10 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
@@ -12,7 +12,7 @@
Name: libpng
Description: Loads and saves PNG files
- Version: 1.2.18
+ Version: 1.2.22rc1
-Libs: -L${libdir} -lpng12
+Libs: -L${libdir} -lpng -lz -lm
Cflags: -I${includedir}
Index: files/patch-ad
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/files/patch-ad,v
retrieving revision 1.2
diff -u -r1.2 patch-ad
--- files/patch-ad 21 May 2007 11:21:09 -0000 1.2
+++ files/patch-ad 13 Oct 2007 15:45:33 -0000
@@ -1,9 +1,9 @@
---- pngconf.h.orig Wed May 16 03:52:22 2007
-+++ pngconf.h Mon May 21 13:25:03 2007
-@@ -729,7 +729,7 @@
- * PNG_NO_MMX_CODE disables the use of MMX code without changing the API.
- * When MMX code is off, then optimized C replacement functions are used.
- */
+--- pngconf.h.orig Mon Oct 8 17:47:31 2007
++++ pngconf.h Sat Oct 13 17:44:34 2007
+@@ -740,7 +740,7 @@
+ # endif
+ #endif
+
-#if defined(PNG_READ_SUPPORTED) && !defined(PNG_NO_ASSEMBLER_CODE)
+#if defined(PNG_READ_SUPPORTED) && !defined(PNG_NO_ASSEMBLER_CODE) && defined(__i386__)
# ifndef PNG_ASSEMBLER_CODE_SUPPORTED
Index: files/patch-ae
===================================================================
RCS file: files/patch-ae
diff -N files/patch-ae
--- files/patch-ae 21 May 2007 11:21:09 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,18 +0,0 @@
---- pnggccrd.c.bak Wed May 16 03:52:23 2007
-+++ pnggccrd.c Mon May 21 13:04:54 2007
-@@ -359,6 +359,7 @@
- _pctemp = _pctemp;
- _MMXLength = _MMXLength;
- #endif
-+#if 0
- _const4 = _const4;
- _const6 = _const6;
- _mask8_0 = _mask8_0;
-@@ -377,6 +378,7 @@
- _mask48_2 = _mask48_2;
- _mask48_1 = _mask48_1;
- _mask48_0 = _mask48_0;
-+#endif
- }
- #endif /* PNG_MMX_CODE_SUPPORTED */
-
--
stefan
http://stsp.name PGP Key: 0xF59D25F0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20071013/64b4b123/attachment.pgp
More information about the freebsd-ports
mailing list