Path to this page:
Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/graphics/png
From: S.P.Zeidler
Date: 2012-02-19 14:56:37
Message id: 20120219135637.2146B175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3687 - requested by tron
graphics/png: security update
Revisions pulled up:
- graphics/png/Makefile 1.144-1.146
- graphics/png/distinfo 1.91-1.93
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Sat Feb 18 15:16:59 UTC 2012
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Added Files:
pkgsrc/graphics/png/patches: patch-CVE-2011-3026
Log Message:
fix possible buffer overflow due to integer overflow in malloc()
size calculation (2011-3026), patch from Chromium via Redhat/Debian
bump PKGREV
To generate a diff of this commit:
cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/graphics/png/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/png/patches/patch-CVE-2011-3026
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Feb 18 15:42:57 UTC 2012
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Removed Files:
pkgsrc/graphics/png/patches: patch-CVE-2011-3026
Log Message:
Update to 1.5.9rc01, which includes the official patch for CVE-2011-3026.
Version 1.5.9beta01 [February 3, 2012]
Rebuilt configure scripts in the tar distributions.
Version 1.5.9beta02 [February 16, 2012]
Removed two unused definitions from scripts/pnglibconf.h.prebuilt
Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h
Version 1.5.9rc01 [February 17, 2012]
Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
on iCCP chunk length. Also removed spurious casts that may hide problems
on 16-bit systems.
To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.91 -r1.92 pkgsrc/graphics/png/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/png/patches/patch-CVE-2011-3026
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Feb 19 09:26:39 UTC 2012
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update "libpng" package to version 1.5.9. There are no change since
version 1.5.9rc01 except of the minor detail that you can actually
fetch the distfile.
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/png/distinfo
Files: