Bug 268031 - graphics/pngcheck: Update to 3.0.3
Summary: graphics/pngcheck: Update to 3.0.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Fernando Apesteguía
URL: http://www.libpng.org/pub/png/src/png...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-28 05:48 UTC by Naram Qashat
Modified: 2022-11-29 06:43 UTC (History)
1 user (show)

See Also:
fernape: merge-quarterly+

Attachments
pngcheck-3.0.3.patch (877 bytes, patch)
2022-11-28 05:48 UTC, Naram Qashat 		cyberbotx: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Naram Qashat 2022-11-28 05:48:54 UTC 
Created attachment 238389 [details]
pngcheck-3.0.3.patch

* Update to 3.0.3
* Update distinfo

Changelog: http://www.libpng.org/pub/png/src/pngcheck-3.0.3.CHANGELOG

Tested via poudriere for 13.1-amd64, 13.1-i386, 12.3-amd64 and 12.3-i386. Passes portlint.
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2022-11-28 06:40:00 UTC 
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.


Thanks!
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2022-11-28 06:40:58 UTC 
Shouldn't this be MFH to 2022Q4?
Comment 3 Naram Qashat 2022-11-28 06:46:57 UTC 
I'm not sure what the policy for that is. The changelog says "probable vulnerability" for the one change made to fix a crash bug. If that is enough to get it pushed to quarterly as well, then by all means, feel free to do so.
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-11-29 06:40:19 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b8043938e1787fbecc95a9e1737a7938e0057a9e

commit b8043938e1787fbecc95a9e1737a7938e0057a9e
Author:     Naram Qashat <cyberbotx@cyberbotx.com>
AuthorDate: 2022-11-28 06:36:33 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-29 06:35:29 +0000

    graphics/pngcheck: Update to 3.0.3

    ChangeLog: http://www.libpng.org/pub/png/src/pngcheck-3.0.3.CHANGELOG

     Fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced
     images with extra compressed data beyond the nominal end of the image data.

    PR:             268031
    Reported by:    cyberbotx@cyberbotx.com (maintainer)
    MFH:            2022Q4 (bugfix release)

 graphics/pngcheck/Makefile | 2 +-
 graphics/pngcheck/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2022-11-29 06:42:54 UTC 
Committed and merged to 2022Q4,

Thanks!
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-11-29 06:43:21 UTC 
A commit in branch 2022Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a3e4f9c867043aa66fc45544e50cfcab4fe03c5d

commit a3e4f9c867043aa66fc45544e50cfcab4fe03c5d
Author:     Naram Qashat <cyberbotx@cyberbotx.com>
AuthorDate: 2022-11-28 06:36:33 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-29 06:38:30 +0000

    graphics/pngcheck: Update to 3.0.3

    ChangeLog: http://www.libpng.org/pub/png/src/pngcheck-3.0.3.CHANGELOG

     Fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced
     images with extra compressed data beyond the nominal end of the image data.

    PR:             268031
    Reported by:    cyberbotx@cyberbotx.com (maintainer)
    MFH:            2022Q4 (bugfix release)

    (cherry picked from commit b8043938e1787fbecc95a9e1737a7938e0057a9e)

 graphics/pngcheck/Makefile | 2 +-
 graphics/pngcheck/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)