* Security update of graphics/png to 1.6.37:
CVE-2019-7317: use-after-free in png_image_free()
* Switch library soname from libpng16.so to libpng.so by changing
the primary name in the build. Bump major version.
Regression tests pass on amd64 and aarch64.
OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/png/Makefile,v
retrieving revision 1.122
diff -u -p -r1.122 Makefile
--- Makefile 13 Aug 2018 13:31:39 -0000 1.122
+++ Makefile 29 Apr 2019 19:18:58 -0000
@@ -2,7 +2,7 @@
COMMENT= library for manipulating PNG images
-VERSION= 1.6.35
+VERSION= 1.6.37
DISTNAME= libpng-${VERSION}
PKGNAME= png-${VERSION}
CATEGORIES= graphics
@@ -10,8 +10,8 @@ DPB_PROPERTIES= parallel
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/}
EXTRACT_SUFX= .tar.xz
-SHARED_LIBS= png16 17.5 \
- png 17.5
+SHARED_LIBS= png 18.0 \
+ png16 18.0
HOMEPAGE= http://www.libpng.org/pub/png/libpng.html
@@ -25,8 +25,6 @@ CONFIGURE_STYLE=gnu
post-install:
cd ${PREFIX}/lib; \
- ln -s libpng16.so.${LIBpng16_VERSION} libpng.so.${LIBpng_VERSION}; \
- rm libpng.la; cp -p libpng16.la libpng.la; \
- sed -i 's/libpng16/libpng/g' libpng.la
+ ln -s libpng.so.${LIBpng16_VERSION} libpng16.so.${LIBpng_VERSION}
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/png/distinfo,v
retrieving revision 1.59
diff -u -p -r1.59 distinfo
--- distinfo 13 Aug 2018 13:31:39 -0000 1.59
+++ distinfo 29 Apr 2019 19:18:58 -0000
@@ -1,2 +1,2 @@
-SHA256 (libpng-1.6.35.tar.xz) = I5EuyMlYSRftmwnFAjRl1xcJ3OCJvlA8eGf+xoqTvNc=
-SIZE (libpng-1.6.35.tar.xz) = 1014320
+SHA256 (libpng-1.6.37.tar.xz) = UF5wg001ODU3tkkeeuhkHxpL7Rh22/42EgH8gIaNiMo=
+SIZE (libpng-1.6.37.tar.xz) = 1012272
Index: patches/patch-Makefile_in
===================================================================
RCS file: patches/patch-Makefile_in
diff -N patches/patch-Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-Makefile_in 29 Apr 2019 19:18:58 -0000
@@ -0,0 +1,41 @@
+$OpenBSD$
+
+Set the library soname to libpng instead of libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@.
+
+Index: Makefile.in
+--- Makefile.in.orig
++++ Makefile.in
+@@ -761,7 +761,7 @@ EXTRA_SCRIPTS = libpng-config libpng@PNGLIB_MAJOR@@PNG
+ bin_SCRIPTS = @binconfigs@
+
+ # rules to build libpng, only build the old library on request
+-lib_LTLIBRARIES = libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@.la
++lib_LTLIBRARIES = libpng.la
+ # EXTRA_LTLIBRARIES= libpng.la
+ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_SOURCES = png.c pngerror.c \
+ pngget.c pngmem.c pngpread.c pngread.c pngrio.c pngrtran.c \
+@@ -1008,8 +1008,10 @@ powerpc/powerpc_init.lo: powerpc/$(am__dirstamp) \
+ powerpc/filter_vsx_intrinsics.lo: powerpc/$(am__dirstamp) \
+ powerpc/$(DEPDIR)/$(am__dirstamp)
+
+-libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@.la:
$(libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_OBJECTS)
$(libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES)
$(EXTRA_libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES)
++libpng.la: $(libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_OBJECTS)
$(libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES)
$(EXTRA_libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LINK) -rpath
$(libdir) $(libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_OBJECTS)
$(libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_LIBADD) $(LIBS)
++libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@.la: libpng.la
++ cp libpng.la $@
+ contrib/tools/$(am__dirstamp):
+ @$(MKDIR_P) contrib/tools
+ @: > contrib/tools/$(am__dirstamp)
+@@ -2383,9 +2385,9 @@ uninstall-libpng-pc:
+ install-library-links:
+ @set -x; cd '$(DESTDIR)$(libdir)';\
+ for ext in $(EXT_LIST); do\
+- rm -f "libpng.$$ext";\
+- if test -f "$(PNGLIB_BASENAME).$$ext"; then\
+- $(LN_S) "$(PNGLIB_BASENAME).$$ext" "libpng.$$ext" || exit 1;\
++ rm -f "$(PNGLIB_BASENAME).$$ext";\
++ if test -f "libpng.$$ext"; then\
++ $(LN_S) "libpng.$$ext" "$(PNGLIB_BASENAME).$$ext" || exit 1;\
+ fi;\
+ done
+
--
Christian "naddy" Weisgerber na...@mips.inka.de
