Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/graphics/png
From: S.P.Zeidler
Date: 2012-02-19 14:56:37
Message id: 20120219135637.2146B175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3687 - requested by tron
graphics/png: security update

Revisions pulled up:
- graphics/png/Makefile                                         1.144-1.146
- graphics/png/distinfo                                         1.91-1.93

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	drochner
   Date:		Sat Feb 18 15:16:59 UTC 2012

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo
   Added Files:
   	pkgsrc/graphics/png/patches: patch-CVE-2011-3026

   Log Message:
   fix possible buffer overflow due to integer overflow in malloc()
   size calculation (2011-3026), patch from Chromium via Redhat/Debian
   bump PKGREV

   To generate a diff of this commit:
   cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.90 -r1.91 pkgsrc/graphics/png/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/png/patches/patch-CVE-2011-3026

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Feb 18 15:42:57 UTC 2012

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo
   Removed Files:
   	pkgsrc/graphics/png/patches: patch-CVE-2011-3026

   Log Message:
   Update to 1.5.9rc01, which includes the official patch for CVE-2011-3026.

   Version 1.5.9beta01 [February 3, 2012]
     Rebuilt configure scripts in the tar distributions.

   Version 1.5.9beta02 [February 16, 2012]
     Removed two unused definitions from scripts/pnglibconf.h.prebuilt
     Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
     Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h

   Version 1.5.9rc01 [February 17, 2012]
     Fixed CVE-2011-3026 buffer overrun bug.  Deal more correctly with the test
       on iCCP chunk length. Also removed spurious casts that may hide problems
       on 16-bit systems.

   To generate a diff of this commit:
   cvs rdiff -u -r1.144 -r1.145 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.91 -r1.92 pkgsrc/graphics/png/distinfo
   cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/png/patches/patch-CVE-2011-3026

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sun Feb 19 09:26:39 UTC 2012

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Update "libpng" package to version 1.5.9. There are no change since
   version 1.5.9rc01 except of the minor detail that you can actually
   fetch the distfile.

   To generate a diff of this commit:
   cvs rdiff -u -r1.145 -r1.146 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/png/distinfo

Files:
RevisionActionfile
1.141.2.2modifypkgsrc/graphics/png/Makefile
1.89.2.2modifypkgsrc/graphics/png/distinfo