From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Apr 17 20:00:06 2008
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5D56B1065672
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 17 Apr 2008 20:00:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 366358FC1F
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 17 Apr 2008 20:00:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3HK06Wg080861
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 17 Apr 2008 20:00:06 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3HK068F080860;
	Thu, 17 Apr 2008 20:00:06 GMT (envelope-from gnats)
Resent-Date: Thu, 17 Apr 2008 20:00:06 GMT
Resent-Message-Id: <200804172000.m3HK068F080860@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Nick Barkas <snb@threerings.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B6A771065673
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 17 Apr 2008 19:54:00 +0000 (UTC)
	(envelope-from snb@smtp.earth.threerings.net)
Received: from smtp.earth.threerings.net (smtp1.earth.threerings.net
	[64.127.109.108])
	by mx1.freebsd.org (Postfix) with ESMTP id A608E8FC0A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 17 Apr 2008 19:54:00 +0000 (UTC)
	(envelope-from snb@smtp.earth.threerings.net)
Received: by smtp.earth.threerings.net (Postfix, from userid 10038)
	id E9C7061D53; Thu, 17 Apr 2008 12:53:59 -0700 (PDT)
Message-Id: <20080417195359.E9C7061D53@smtp.earth.threerings.net>
Date: Thu, 17 Apr 2008 12:53:59 -0700 (PDT)
From: Nick Barkas <snb@threerings.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: ache@FreeBSD.org
Subject: ports/122869: [patch] Update graphics/png to fix security
	vulnerability
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Nick Barkas <snb@threerings.net>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2008 20:00:06 -0000


>Number:         122869
>Category:       ports
>Synopsis:       [patch] Update graphics/png to fix security vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 17 20:00:05 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Nick Barkas
>Release:        FreeBSD 6.2-RELEASE-p11 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p11 FreeBSD 6.2-RELEASE-p11 #0: Wed Feb 13 07:00:04 UTC 2008 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
This updates the port for libpng to the latest beta release to fix a buffer 
overflow documented here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382
>How-To-Repeat:
>Fix:
--- png.patch begins here ---
diff -urN png.orig/Makefile png/Makefile
--- png.orig/Makefile	Tue Apr  8 10:08:57 2008
+++ png/Makefile	Thu Apr 17 12:48:48 2008
@@ -6,19 +6,19 @@
 #
 
 PORTNAME=	png
-PORTVERSION=	1.2.26
+PORTVERSION=	1.2.27.b3
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	lib${PORTNAME}
-DISTNAME=	lib${PORTNAME}-${PORTVERSION}
+DISTNAME=	lib${PORTNAME}-1.2.27beta03
+
+MAINTAINER=	ache@FreeBSD.org
+COMMENT=	Library for manipulating PNG images
 
 #PATCH_SITES=	${MASTER_SITES}
 #PATCH_SITE_SUBDIR=	${MASTER_SITE_SUBDIR}
 #PATCHFILES=
 #PATCH_DIST_STRIP= -p1
-
-MAINTAINER=	ache@FreeBSD.org
-COMMENT=	Library for manipulating PNG images
 
 MAKEFILE=	${WRKSRC}/scripts/makefile.freebsd
 ALL_TARGET=	all libpng-config test
diff -urN png.orig/distinfo png/distinfo
--- png.orig/distinfo	Tue Apr  8 10:08:57 2008
+++ png/distinfo	Thu Apr 17 12:44:19 2008
@@ -1,3 +1,3 @@
-MD5 (libpng-1.2.26.tar.bz2) = 1f743f4a3e5a9c12ea16eff0c60c3f8e
-SHA256 (libpng-1.2.26.tar.bz2) = 17c589b64902c6fc045ad85d748c647035b9916016813182402e89114aa7ebe7
-SIZE (libpng-1.2.26.tar.bz2) = 627569
+MD5 (libpng-1.2.27beta03.tar.bz2) = f3dc8f8dbdab547a738ffb6163b75ca8
+SHA256 (libpng-1.2.27beta03.tar.bz2) = bc6a479b03dbea93cafda8bc934c101f8e1b20aa1c5efd70d793c88e59fb7891
+SIZE (libpng-1.2.27beta03.tar.bz2) = 665285
diff -urN png.orig/files/patch-ab png/files/patch-ab
--- png.orig/files/patch-ab	Tue Apr  8 10:08:58 2008
+++ png/files/patch-ab	Thu Apr 17 12:47:29 2008
@@ -12,7 +12,7 @@
  
  Name: libpng
  Description: Loads and saves PNG files
- Version: 1.2.26
+ Version: 1.2.27beta03
 -Libs: -L${libdir} -lpng12
 +Libs: -L${libdir} -lpng -lz -lm
  Cflags: -I${includedir}
--- png.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: