Date: Wed, 4 Aug 2004 16:38:02 -0400 From: Charles Swiger <cswiger@mac.com> To: Fernan Aguero <fernan@iib.unsam.edu.ar> Cc: ache@FreeBSD.ORG Subject: Re: update vulnerable libpng to fixed version? Message-ID: <2E7293C8-E656-11D8-91D1-003065ABFD92@mac.com> In-Reply-To: <20040804190855.GA69872@iib.unsam.edu.ar> References: <20040804190855.GA69872@iib.unsam.edu.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 4, 2004, at 3:08 PM, Fernan Aguero wrote: > according to this tech report > http://www.us-cert.gov/cas/techalerts/TA04-217A.html > there are a number of vulnerabilities in libpng that are > fixed in 1.2.6rc1 > > is an update of the port being worked on? I'm eager to do a > 'portupgrade -r png'. Here's a diff which updates the png port to 1.2.6rc1: diff -dur png_old/Makefile png/Makefile --- png_old/Makefile Wed Aug 4 16:10:04 2004 +++ png/Makefile Wed Aug 4 16:12:27 2004 @@ -6,8 +6,7 @@ # PORTNAME= png -PORTVERSION= 1.2.5 -PORTREVISION= 7 +PORTVERSION= 1.2.6rc1 CATEGORIES= graphics MASTER_SITES= ftp://swrinde.nde.swri.edu/pub/png/src/ \ ${MASTER_SITE_SOURCEFORGE} diff -dur png_old/distinfo png/distinfo --- png_old/distinfo Wed Aug 4 16:10:04 2004 +++ png/distinfo Wed Aug 4 16:12:49 2004 @@ -1,2 +1,2 @@ -MD5 (libpng-1.2.5.tar.gz) = 0cec860559f2f5f7145da3c6851bacb7 -SIZE (libpng-1.2.5.tar.gz) = 505988 +MD5 (libpng-1.2.6rc1.tar.gz) = 142581efca1d62b0807cfc448056ea7b +SIZE (libpng-1.2.6rc1.tar.gz) = 500804 diff -dur png_old/files/patch-ab png/files/patch-ab --- png_old/files/patch-ab Wed Aug 4 16:10:04 2004 +++ png/files/patch-ab Wed Aug 4 16:17:41 2004 @@ -3,7 +3,7 @@ @@ -7,5 +7,5 @@ Name: libpng12 Description: Loads and saves PNG files - Version: 1.2.5 + Version: 1.2.6rc1 -Libs: -L${libdir} -lpng12 -lz -lm -Cflags: -I${includedir}/libpng12 +Libs: -L${libdir} -lpng -lz -lm Only in png_old/files: patch-ac Only in png_old/files: patch-pnggccrd.c Only in png_old/files: patch-pngrtran.c The changes in patch-ac and patch-pngrtran.c have already been adopted into the sources and are no longer needed. I am unsure what the changes found in patch-pnggccrd.c do (what does "rim" (_const4) mean in x86 assembly, anyway?), but the program compiles and passes it's self-test without that patch. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2E7293C8-E656-11D8-91D1-003065ABFD92>