Bug 123186 - [PATCH]graphics/png: update to 1.2.27
Summary: [PATCH]graphics/png: update to 1.2.27
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Andrey A. Chernov
Depends on:
Reported: 2008-04-29 04:20 UTC by bf
Modified: 2008-04-29 13:10 UTC (History)
0 users

See Also:

file.diff (1.25 KB, patch)
2008-04-29 04:20 UTC, bf
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description bf 2008-04-29 04:20:00 UTC
Update to 1.2.27, released 29 April 2008.  Relevant changes:

  Fixed bug (introduced in libpng-1.0.5h) with handling zero-length
    unknown chunks.
  Added more information about png_set_keep_unknown_chunks() to the
  Reject tRNS chunk with out-of-range samples instead of masking off
    the invalid high bits as done in since libpng-1.2.19beta5.
  Revised documentation about unknown chunk and user chunk handling.
  Keep tRNS chunk with out-of-range samples and issue a png_warning().
  Added check for NULL ptr in TURBOC version of png_free_default().
  Removed several unnecessary checks for NULL before calling png_free().
  Revised png_set_tRNS() so that calling it twice removes and invalidates
    the previous call.
  Revised pngtest to check for out-of-range tRNS samples.
  Avoid changing color_type from GRAY to RGB by

Since this fixes CVE-2008-1382 (see, for example, 


), the security/vuxml database should be updated to show that this version of the port is not insecure.  Also, it's probably time to switch to USE_LDCONFIG, but since my last proposed changes in this direction were rejected, I'll let the maintainer/portmgr worry about it.  This is related to PR ports/122869, but the proposed update in this PR is to a later stable version.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer 2008-04-29 04:20:06 UTC
Responsible Changed
From-To: freebsd-ports-bugs->ache

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2008-04-29 13:09:10 UTC
ache        2008-04-29 12:09:06 UTC

  FreeBSD ports repository

  Modified files:
    graphics/png         Makefile distinfo 
    graphics/png/files   patch-ab 
  Upgrade to 1.2.27
  It fix CVE-2008-1382
  PR:             123186
  Submitted by:   bf <bf2006a@yahoo.com>
  Revision  Changes    Path
  1.87      +1 -1      ports/graphics/png/Makefile
  1.40      +3 -3      ports/graphics/png/distinfo
  1.13      +1 -1      ports/graphics/png/files/patch-ab
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Andrey A. Chernov freebsd_committer 2008-04-29 13:10:07 UTC
State Changed
From-To: open->closed