Created attachment 238389 [details] pngcheck-3.0.3.patch * Update to 3.0.3 * Update distinfo Changelog: http://www.libpng.org/pub/png/src/pngcheck-3.0.3.CHANGELOG Tested via poudriere for 13.1-amd64, 13.1-i386, 12.3-amd64 and 12.3-i386. Passes portlint.
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field. Thanks!
Shouldn't this be MFH to 2022Q4?
I'm not sure what the policy for that is. The changelog says "probable vulnerability" for the one change made to fix a crash bug. If that is enough to get it pushed to quarterly as well, then by all means, feel free to do so.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b8043938e1787fbecc95a9e1737a7938e0057a9e commit b8043938e1787fbecc95a9e1737a7938e0057a9e Author: Naram Qashat <cyberbotx@cyberbotx.com> AuthorDate: 2022-11-28 06:36:33 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-11-29 06:35:29 +0000 graphics/pngcheck: Update to 3.0.3 ChangeLog: http://www.libpng.org/pub/png/src/pngcheck-3.0.3.CHANGELOG Fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data. PR: 268031 Reported by: cyberbotx@cyberbotx.com (maintainer) MFH: 2022Q4 (bugfix release) graphics/pngcheck/Makefile | 2 +- graphics/pngcheck/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
Committed and merged to 2022Q4, Thanks!
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a3e4f9c867043aa66fc45544e50cfcab4fe03c5d commit a3e4f9c867043aa66fc45544e50cfcab4fe03c5d Author: Naram Qashat <cyberbotx@cyberbotx.com> AuthorDate: 2022-11-28 06:36:33 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-11-29 06:38:30 +0000 graphics/pngcheck: Update to 3.0.3 ChangeLog: http://www.libpng.org/pub/png/src/pngcheck-3.0.3.CHANGELOG Fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data. PR: 268031 Reported by: cyberbotx@cyberbotx.com (maintainer) MFH: 2022Q4 (bugfix release) (cherry picked from commit b8043938e1787fbecc95a9e1737a7938e0057a9e) graphics/pngcheck/Makefile | 2 +- graphics/pngcheck/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)