From owner-freebsd-ports@FreeBSD.ORG Wed Aug 4 20:38:07 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98D2A16A4CE; Wed, 4 Aug 2004 20:38:07 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CF6E43D31; Wed, 4 Aug 2004 20:38:07 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i74Kc42G020542; Wed, 4 Aug 2004 13:38:07 -0700 (PDT) Received: from [10.1.1.245] (nfw1.codefab.com [199.103.21.225]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id i74Kc2Q4006075; Wed, 4 Aug 2004 13:38:03 -0700 (PDT) In-Reply-To: <20040804190855.GA69872@iib.unsam.edu.ar> References: <20040804190855.GA69872@iib.unsam.edu.ar> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <2E7293C8-E656-11D8-91D1-003065ABFD92@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Wed, 4 Aug 2004 16:38:02 -0400 To: Fernan Aguero X-Mailer: Apple Mail (2.618) cc: FreeBSD Ports cc: ache@FreeBSD.ORG Subject: Re: update vulnerable libpng to fixed version? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Aug 2004 20:38:07 -0000 On Aug 4, 2004, at 3:08 PM, Fernan Aguero wrote: > according to this tech report > http://www.us-cert.gov/cas/techalerts/TA04-217A.html > there are a number of vulnerabilities in libpng that are > fixed in 1.2.6rc1 > > is an update of the port being worked on? I'm eager to do a > 'portupgrade -r png'. Here's a diff which updates the png port to 1.2.6rc1: diff -dur png_old/Makefile png/Makefile --- png_old/Makefile Wed Aug 4 16:10:04 2004 +++ png/Makefile Wed Aug 4 16:12:27 2004 @@ -6,8 +6,7 @@ # PORTNAME= png -PORTVERSION= 1.2.5 -PORTREVISION= 7 +PORTVERSION= 1.2.6rc1 CATEGORIES= graphics MASTER_SITES= ftp://swrinde.nde.swri.edu/pub/png/src/ \ ${MASTER_SITE_SOURCEFORGE} diff -dur png_old/distinfo png/distinfo --- png_old/distinfo Wed Aug 4 16:10:04 2004 +++ png/distinfo Wed Aug 4 16:12:49 2004 @@ -1,2 +1,2 @@ -MD5 (libpng-1.2.5.tar.gz) = 0cec860559f2f5f7145da3c6851bacb7 -SIZE (libpng-1.2.5.tar.gz) = 505988 +MD5 (libpng-1.2.6rc1.tar.gz) = 142581efca1d62b0807cfc448056ea7b +SIZE (libpng-1.2.6rc1.tar.gz) = 500804 diff -dur png_old/files/patch-ab png/files/patch-ab --- png_old/files/patch-ab Wed Aug 4 16:10:04 2004 +++ png/files/patch-ab Wed Aug 4 16:17:41 2004 @@ -3,7 +3,7 @@ @@ -7,5 +7,5 @@ Name: libpng12 Description: Loads and saves PNG files - Version: 1.2.5 + Version: 1.2.6rc1 -Libs: -L${libdir} -lpng12 -lz -lm -Cflags: -I${includedir}/libpng12 +Libs: -L${libdir} -lpng -lz -lm Only in png_old/files: patch-ac Only in png_old/files: patch-pnggccrd.c Only in png_old/files: patch-pngrtran.c The changes in patch-ac and patch-pngrtran.c have already been adopted into the sources and are no longer needed. I am unsure what the changes found in patch-pnggccrd.c do (what does "rim" (_const4) mean in x86 assembly, anyway?), but the program compiles and passes it's self-test without that patch. -- -Chuck