quick fix for graphics/libpng

Sat Oct 13 14:54:34 PDT 2007

I just ran into not being able to install anything that
depends on libpng because of the recently discovered
security vulnerabilites:
http://www.freebsd.org/ports/portaudit/172acf78-780c-11dc-b3f4-0016179b2dd5.html

I scooped up a quick patch to upgrade the port to libpng-1.2.22rc1,
which apparently fixes the vulnerabilities:
http://www.securityfocus.com/bid/25957/solution

I won't submit this to the PR database because I guess the maintainer
is already aware of the issue and working on a proper fix.
I'm just posting this here in case it comes in handy for someone.

It compiles for me, so far nothing broke. YMMV.


Index: Makefile
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/Makefile,v
retrieving revision 1.80
diff -u -r1.80 Makefile

--- Makefile	21 May 2007 11:21:09 -0000	1.80
+++ Makefile	13 Oct 2007 15:26:54 -0000
@@ -6,11 +6,12 @@
 #
 
 PORTNAME=	png
-PORTVERSION=	1.2.18
+PORTVERSION=	1.2.22
+PORTREVISION=	1
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	lib${PORTNAME}
-DISTNAME=	lib${PORTNAME}-${PORTVERSION}
+DISTNAME=	lib${PORTNAME}-${PORTVERSION}rc1
 
 PATCH_SITES=	${MASTER_SITES}
 #PATCH_SITE_SUBDIR=	${MASTER_SITE_SUBDIR}
Index: distinfo
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/distinfo,v
retrieving revision 1.34
diff -u -r1.34 distinfo
--- distinfo	21 May 2007 11:21:09 -0000	1.34
+++ distinfo	13 Oct 2007 15:29:51 -0000
@@ -1,3 +1,3 @@
-MD5 (libpng-1.2.18.tar.bz2) = 25a7f2f101eaaf2eb18c4987e0fbe39d
-SHA256 (libpng-1.2.18.tar.bz2) = 6fce62f9e67e951c38672bf520c062a2be742e893d240d150748a00c32f20c62
-SIZE (libpng-1.2.18.tar.bz2) = 623690
+MD5 (libpng-1.2.22rc1.tar.bz2) = 0b597c7f91eac87f3c300a8623f32208
+SHA256 (libpng-1.2.22rc1.tar.bz2) = 2f9c534ee6e2f49b5d69ce373e4a17cf643350ea63afcd94c6510d4625b830cc
+SIZE (libpng-1.2.22rc1.tar.bz2) = 615355
Index: files/patch-aa
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/files/patch-aa,v
retrieving revision 1.29
diff -u -r1.29 patch-aa
--- files/patch-aa	21 May 2007 11:21:09 -0000	1.29
+++ files/patch-aa	13 Oct 2007 15:52:15 -0000
@@ -1,5 +1,5 @@
---- scripts/makefile.freebsd.orig	Sat Feb 25 15:37:11 2006
-+++ scripts/makefile.freebsd	Thu Jul 27 22:03:50 2006
+--- scripts/makefile.freebsd.orig	Thu Jun 21 00:10:26 2007
++++ scripts/makefile.freebsd	Sat Oct 13 17:52:12 2007
 @@ -8,27 +8,26 @@
  LIB=		png
  SHLIB_MAJOR=	${SHLIB_VER}
@@ -9,8 +9,7 @@
 +NO_OBJ=		YES
 +.else
  NOPROFILE=	YES
--NOOBJ=          YES
-+NOOBJ=		YES
+ NOOBJ=          YES
 +.endif
  
  # where make install puts libpng.a and png.h
@@ -29,14 +28,14 @@
  LDADD+=         -lm -lz
  DPADD+=         ${LIBM} ${LIBZ}
  
--CFLAGS+= -I. -DPNG_USE_PNGGCCRD
+-CFLAGS+= -I.
 -.if (${MACHINE_ARCH} != "i386")
 -CFLAGS+= -DPNG_NO_MMX_CODE
 -.endif
 -
  SRCS=	png.c pngset.c pngget.c pngrutil.c pngtrans.c pngwutil.c \
  	pngread.c pngrio.c pngwio.c pngwrite.c pngrtran.c \
- 	pngwtran.c pngmem.c pngerror.c pngpread.c pnggccrd.c
+ 	pngwtran.c pngmem.c pngerror.c pngpread.c
 @@ -44,5 +43,23 @@
  DOCS = ANNOUNCE CHANGES INSTALL KNOWNBUG LICENSE README TODO Y2KINFO
  writelock:
Index: files/patch-ab
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/files/patch-ab,v
retrieving revision 1.7
diff -u -r1.7 patch-ab
--- files/patch-ab	21 May 2007 11:21:09 -0000	1.7
+++ files/patch-ab	13 Oct 2007 15:42:48 -0000
@@ -1,5 +1,5 @@
---- scripts/libpng.pc.in.orig	Wed Jun 28 00:22:40 2006
-+++ scripts/libpng.pc.in	Sun Jul 23 10:56:25 2006
+--- scripts/libpng.pc.in.orig	Mon Oct  8 17:47:40 2007
++++ scripts/libpng.pc.in	Sat Oct 13 17:42:36 2007
 @@ -1,10 +1,10 @@
 -prefix=@prefix@
 -exec_prefix=@exec_prefix@
@@ -12,7 +12,7 @@
  
  Name: libpng
  Description: Loads and saves PNG files
- Version: 1.2.18
+ Version: 1.2.22rc1
 -Libs: -L${libdir} -lpng12
 +Libs: -L${libdir} -lpng -lz -lm
  Cflags: -I${includedir}
Index: files/patch-ad
===================================================================
RCS file: /usr/ncvs/ports/graphics/png/files/patch-ad,v
retrieving revision 1.2
diff -u -r1.2 patch-ad
--- files/patch-ad	21 May 2007 11:21:09 -0000	1.2
+++ files/patch-ad	13 Oct 2007 15:45:33 -0000
@@ -1,9 +1,9 @@
---- pngconf.h.orig	Wed May 16 03:52:22 2007
-+++ pngconf.h	Mon May 21 13:25:03 2007
-@@ -729,7 +729,7 @@
-  * PNG_NO_MMX_CODE disables the use of MMX code without changing the API.
-  * When MMX code is off, then optimized C replacement functions are used.
- */
+--- pngconf.h.orig	Mon Oct  8 17:47:31 2007
++++ pngconf.h	Sat Oct 13 17:44:34 2007
+@@ -740,7 +740,7 @@
+ #  endif
+ #endif
+ 
 -#if defined(PNG_READ_SUPPORTED) && !defined(PNG_NO_ASSEMBLER_CODE)
 +#if defined(PNG_READ_SUPPORTED) && !defined(PNG_NO_ASSEMBLER_CODE) && defined(__i386__)
  #  ifndef PNG_ASSEMBLER_CODE_SUPPORTED
Index: files/patch-ae
===================================================================
RCS file: files/patch-ae
diff -N files/patch-ae
--- files/patch-ae	21 May 2007 11:21:09 -0000	1.1
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,18 +0,0 @@
---- pnggccrd.c.bak	Wed May 16 03:52:23 2007
-+++ pnggccrd.c	Mon May 21 13:04:54 2007
-@@ -359,6 +359,7 @@
-    _pctemp = _pctemp;
-    _MMXLength = _MMXLength;
- #endif
-+#if 0
-    _const4  = _const4;
-    _const6  = _const6;
-    _mask8_0  = _mask8_0;
-@@ -377,6 +378,7 @@
-    _mask48_2 = _mask48_2;
-    _mask48_1 = _mask48_1;
-    _mask48_0 = _mask48_0;
-+#endif
- }
- #endif /* PNG_MMX_CODE_SUPPORTED */
- 

-- 
stefan
http://stsp.name                                         PGP Key: 0xF59D25F0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20071013/64b4b123/attachment.pgp
