From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Apr 29 03:20:01 2008
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0AA49106566B
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 29 Apr 2008 03:20:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id D28FE8FC14
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue, 29 Apr 2008 03:20:00 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3T3K0Hw037689
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 29 Apr 2008 03:20:00 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3T3K0fl037688;
	Tue, 29 Apr 2008 03:20:00 GMT (envelope-from gnats)
Resent-Date: Tue, 29 Apr 2008 03:20:00 GMT
Resent-Message-Id: <200804290320.m3T3K0fl037688@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, bf <bf2006a@yahoo.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 253E5106568A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 29 Apr 2008 03:18:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 0AFE98FC1D
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 29 Apr 2008 03:18:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3T3HxNd003694
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 29 Apr 2008 03:17:59 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3T3HxL5003692;
	Tue, 29 Apr 2008 03:17:59 GMT (envelope-from nobody)
Message-Id: <200804290317.m3T3HxL5003692@www.freebsd.org>
Date: Tue, 29 Apr 2008 03:17:59 GMT
From: bf <bf2006a@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: ports/123186: [PATCH]graphics/png: update to 1.2.27
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2008 03:20:01 -0000


>Number:         123186
>Category:       ports
>Synopsis:       [PATCH]graphics/png: update to 1.2.27
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 29 03:20:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     bf
>Release:        7-STABLE i386
>Organization:
-
>Environment:
>Description:
Update to 1.2.27, released 29 April 2008.  Relevant changes:

  Fixed bug (introduced in libpng-1.0.5h) with handling zero-length
    unknown chunks.
  Added more information about png_set_keep_unknown_chunks() to the
    documentation.
  Reject tRNS chunk with out-of-range samples instead of masking off
    the invalid high bits as done in since libpng-1.2.19beta5.
  Revised documentation about unknown chunk and user chunk handling.
  Keep tRNS chunk with out-of-range samples and issue a png_warning().
  Added check for NULL ptr in TURBOC version of png_free_default().
  Removed several unnecessary checks for NULL before calling png_free().
  Revised png_set_tRNS() so that calling it twice removes and invalidates
    the previous call.
  Revised pngtest to check for out-of-range tRNS samples.
  Avoid changing color_type from GRAY to RGB by
    png_set_expand_gray_1_2_4_to_8().

Since this fixes CVE-2008-1382 (see, for example, 

http://jaist.dl.sourceforge.net/sourceforge/libpng/Advisory-1.2.27.txt

), the security/vuxml database should be updated to show that this version of the port is not insecure.  Also, it's probably time to switch to USE_LDCONFIG, but since my last proposed changes in this direction were rejected, I'll let the maintainer/portmgr worry about it.  This is related to PR ports/122869, but the proposed update in this PR is to a later stable version.

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN png.orig/Makefile png/Makefile
--- png.orig/Makefile	2008-04-28 22:30:20.473072988 -0400
+++ png/Makefile	2008-04-28 22:47:35.836374748 -0400
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	png
-PORTVERSION=	1.2.26
+PORTVERSION=	1.2.27
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	lib${PORTNAME}
diff -ruN png.orig/distinfo png/distinfo
--- png.orig/distinfo	2008-04-28 22:30:20.473072988 -0400
+++ png/distinfo	2008-04-28 22:47:35.836374748 -0400
@@ -1,3 +1,3 @@
-MD5 (libpng-1.2.26.tar.bz2) = 1f743f4a3e5a9c12ea16eff0c60c3f8e
-SHA256 (libpng-1.2.26.tar.bz2) = 17c589b64902c6fc045ad85d748c647035b9916016813182402e89114aa7ebe7
-SIZE (libpng-1.2.26.tar.bz2) = 627569
+MD5 (libpng-1.2.27.tar.bz2) = 310954baea8bedbe1a1c0fbd13a494ad
+SHA256 (libpng-1.2.27.tar.bz2) = 742891c0ec5a5fa5a7a545b08865e96e922447d8095b71e5348b9ff6d3123a9a
+SIZE (libpng-1.2.27.tar.bz2) = 641193
diff -ruN png.orig/files/patch-ab png/files/patch-ab
--- png.orig/files/patch-ab	2008-04-28 22:30:20.473072988 -0400
+++ png/files/patch-ab	2008-04-28 22:47:35.836374748 -0400
@@ -12,7 +12,7 @@
  
  Name: libpng
  Description: Loads and saves PNG files
- Version: 1.2.26
+ Version: 1.2.27
 -Libs: -L${libdir} -lpng12
 +Libs: -L${libdir} -lpng -lz -lm
  Cflags: -I${includedir}


>Release-Note:
>Audit-Trail:
>Unformatted: