Date: Sat, 13 Oct 2007 18:10:34 +0200 From: Stefan Sperling <stsp@stsp.name> To: ports@freebsd.org Subject: quick fix for graphics/libpng Message-ID: <20071013161034.GA21850@jack.stsp.lan>
next in thread | raw e-mail | index | archive | help
--mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I just ran into not being able to install anything that depends on libpng because of the recently discovered security vulnerabilites: http://www.freebsd.org/ports/portaudit/172acf78-780c-11dc-b3f4-0016179b2dd5= =2Ehtml I scooped up a quick patch to upgrade the port to libpng-1.2.22rc1, which apparently fixes the vulnerabilities: http://www.securityfocus.com/bid/25957/solution I won't submit this to the PR database because I guess the maintainer is already aware of the issue and working on a proper fix. I'm just posting this here in case it comes in handy for someone. It compiles for me, so far nothing broke. YMMV. Index: Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/ncvs/ports/graphics/png/Makefile,v retrieving revision 1.80 diff -u -r1.80 Makefile --- Makefile 21 May 2007 11:21:09 -0000 1.80 +++ Makefile 13 Oct 2007 15:26:54 -0000 @@ -6,11 +6,12 @@ # =20 PORTNAME=3D png -PORTVERSION=3D 1.2.18 +PORTVERSION=3D 1.2.22 +PORTREVISION=3D 1 CATEGORIES=3D graphics MASTER_SITES=3D ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR=3D lib${PORTNAME} -DISTNAME=3D lib${PORTNAME}-${PORTVERSION} +DISTNAME=3D lib${PORTNAME}-${PORTVERSION}rc1 =20 PATCH_SITES=3D ${MASTER_SITES} #PATCH_SITE_SUBDIR=3D ${MASTER_SITE_SUBDIR} Index: distinfo =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/ncvs/ports/graphics/png/distinfo,v retrieving revision 1.34 diff -u -r1.34 distinfo --- distinfo 21 May 2007 11:21:09 -0000 1.34 +++ distinfo 13 Oct 2007 15:29:51 -0000 @@ -1,3 +1,3 @@ -MD5 (libpng-1.2.18.tar.bz2) =3D 25a7f2f101eaaf2eb18c4987e0fbe39d -SHA256 (libpng-1.2.18.tar.bz2) =3D 6fce62f9e67e951c38672bf520c062a2be742e8= 93d240d150748a00c32f20c62 -SIZE (libpng-1.2.18.tar.bz2) =3D 623690 +MD5 (libpng-1.2.22rc1.tar.bz2) =3D 0b597c7f91eac87f3c300a8623f32208 +SHA256 (libpng-1.2.22rc1.tar.bz2) =3D 2f9c534ee6e2f49b5d69ce373e4a17cf6433= 50ea63afcd94c6510d4625b830cc +SIZE (libpng-1.2.22rc1.tar.bz2) =3D 615355 Index: files/patch-aa =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/ncvs/ports/graphics/png/files/patch-aa,v retrieving revision 1.29 diff -u -r1.29 patch-aa --- files/patch-aa 21 May 2007 11:21:09 -0000 1.29 +++ files/patch-aa 13 Oct 2007 15:52:15 -0000 @@ -1,5 +1,5 @@ ---- scripts/makefile.freebsd.orig Sat Feb 25 15:37:11 2006 -+++ scripts/makefile.freebsd Thu Jul 27 22:03:50 2006 +--- scripts/makefile.freebsd.orig Thu Jun 21 00:10:26 2007 ++++ scripts/makefile.freebsd Sat Oct 13 17:52:12 2007 @@ -8,27 +8,26 @@ LIB=3D png SHLIB_MAJOR=3D ${SHLIB_VER} @@ -9,8 +9,7 @@ +NO_OBJ=3D YES +.else NOPROFILE=3D YES --NOOBJ=3D YES -+NOOBJ=3D YES + NOOBJ=3D YES +.endif =20 # where make install puts libpng.a and png.h @@ -29,14 +28,14 @@ LDADD+=3D -lm -lz DPADD+=3D ${LIBM} ${LIBZ} =20 --CFLAGS+=3D -I. -DPNG_USE_PNGGCCRD +-CFLAGS+=3D -I. -.if (${MACHINE_ARCH} !=3D "i386") -CFLAGS+=3D -DPNG_NO_MMX_CODE -.endif - SRCS=3D png.c pngset.c pngget.c pngrutil.c pngtrans.c pngwutil.c \ pngread.c pngrio.c pngwio.c pngwrite.c pngrtran.c \ - pngwtran.c pngmem.c pngerror.c pngpread.c pnggccrd.c + pngwtran.c pngmem.c pngerror.c pngpread.c @@ -44,5 +43,23 @@ DOCS =3D ANNOUNCE CHANGES INSTALL KNOWNBUG LICENSE README TODO Y2KINFO writelock: Index: files/patch-ab =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/ncvs/ports/graphics/png/files/patch-ab,v retrieving revision 1.7 diff -u -r1.7 patch-ab --- files/patch-ab 21 May 2007 11:21:09 -0000 1.7 +++ files/patch-ab 13 Oct 2007 15:42:48 -0000 @@ -1,5 +1,5 @@ ---- scripts/libpng.pc.in.orig Wed Jun 28 00:22:40 2006 -+++ scripts/libpng.pc.in Sun Jul 23 10:56:25 2006 +--- scripts/libpng.pc.in.orig Mon Oct 8 17:47:40 2007 ++++ scripts/libpng.pc.in Sat Oct 13 17:42:36 2007 @@ -1,10 +1,10 @@ -prefix=3D@prefix@ -exec_prefix=3D@exec_prefix@ @@ -12,7 +12,7 @@ =20 Name: libpng Description: Loads and saves PNG files - Version: 1.2.18 + Version: 1.2.22rc1 -Libs: -L${libdir} -lpng12 +Libs: -L${libdir} -lpng -lz -lm Cflags: -I${includedir} Index: files/patch-ad =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/ncvs/ports/graphics/png/files/patch-ad,v retrieving revision 1.2 diff -u -r1.2 patch-ad --- files/patch-ad 21 May 2007 11:21:09 -0000 1.2 +++ files/patch-ad 13 Oct 2007 15:45:33 -0000 @@ -1,9 +1,9 @@ ---- pngconf.h.orig Wed May 16 03:52:22 2007 -+++ pngconf.h Mon May 21 13:25:03 2007 -@@ -729,7 +729,7 @@ - * PNG_NO_MMX_CODE disables the use of MMX code without changing the API. - * When MMX code is off, then optimized C replacement functions are used. - */ +--- pngconf.h.orig Mon Oct 8 17:47:31 2007 ++++ pngconf.h Sat Oct 13 17:44:34 2007 +@@ -740,7 +740,7 @@ + # endif + #endif +=20 -#if defined(PNG_READ_SUPPORTED) && !defined(PNG_NO_ASSEMBLER_CODE) +#if defined(PNG_READ_SUPPORTED) && !defined(PNG_NO_ASSEMBLER_CODE) && def= ined(__i386__) # ifndef PNG_ASSEMBLER_CODE_SUPPORTED Index: files/patch-ae =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/patch-ae diff -N files/patch-ae --- files/patch-ae 21 May 2007 11:21:09 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,18 +0,0 @@ ---- pnggccrd.c.bak Wed May 16 03:52:23 2007 -+++ pnggccrd.c Mon May 21 13:04:54 2007 -@@ -359,6 +359,7 @@ - _pctemp =3D _pctemp; - _MMXLength =3D _MMXLength; - #endif -+#if 0 - _const4 =3D _const4; - _const6 =3D _const6; - _mask8_0 =3D _mask8_0; -@@ -377,6 +378,7 @@ - _mask48_2 =3D _mask48_2; - _mask48_1 =3D _mask48_1; - _mask48_0 =3D _mask48_0; -+#endif - } - #endif /* PNG_MMX_CODE_SUPPORTED */ -=20 --=20 stefan http://stsp.name PGP Key: 0xF59D25F0 --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (OpenBSD) iD8DBQFHEO365dMCc/WdJfARAhWIAKDFrnOBkCDzjbTvYvJOsmzr1L7HTQCg70oL ZfKv7gJyR0RSUC8qs1rfzlk= =LzxA -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071013161034.GA21850>