[pkgsrc/trunk]: pkgsrc/graphics/png Security update to 1.4.3:

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/96ee5e797177
branches:  trunk
changeset: 576995:96ee5e797177
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sat Jun 26 19:11:32 2010 +0000

description:
Security update to 1.4.3:
Several versions of libpng through 1.4.2 (and through 1.2.43 in
the older series) contain a bug whereby progressive applications
such as web browsers (or the rpng2 demo app included in libpng)
could receive an extra row of image data beyond the height reported
in the header, potentially leading to an out-of-bounds write to
memory (depending on how the application is written) and the
possibility of execution of an attacker's code with the privileges
of the libpng user (including remote compromise in the case of a
libpng-based browser visiting a hostile web site). This vulnerability
has been assigned ID CVE-2010-1205  (via Mozilla).

An additional memory-leak bug, involving images with malformed sCAL
chunks, is also present; it could lead to an application crash
(denial of service) when viewing such images.

Both bugs are fixed in versions 1.4.3 and 1.2.44.

version 1.4.3beta01 [June 18, 2010]
  Added missing quotation marks in the aix block of configure.ac
  The new "vstudio" project was missing from the zip and 7z distributions.
  In pngpread.c: png_push_have_row() add check for new_row > height

version 1.4.3beta02 [June 18, 2010]
  Removed the now-redundant check for out-of-bounds new_row from example.c

version 1.4.3beta03 [June 18, 2010]
  In pngpread.c: png_push_finish_row() add check for too many rows.

version 1.4.3beta04 [June 19, 2010]
  In pngpread.c: png_push_process_row() add check for too many rows.
  Removed the checks added in beta01 and beta03, as they are now redundant.

version 1.4.3beta05 [June 20, 2010]
  Rewrote png_process_IDAT_data to consistently treat extra data as warnings
    and handle end conditions more cleanly.
  Removed the new (beta04) check in png_push_process_row().

version 1.4.3rc01 [June 21, 2010]
  Revised some comments in png_process_IDAT_data().

version 1.4.3rc02 [June 22, 2010]
  Changed char *msg to PNG_CONST char *msg in pngrutil.c
  Stop memory leak when reading a malformed sCAL chunk.
  Removed some trailing blanks.

version 1.4.3rc03 [June 23, 2010]
  Revised pngpread.c patch of beta05 to avoid an endless loop.

version 1.4.3 [June 26, 2010]
  Updated some of the "last changed" dates.

diffstat:

 graphics/png/Makefile |  4 ++--
 graphics/png/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (28 lines):

diff -r c18860600cf0 -r 96ee5e797177 graphics/png/Makefile
--- a/graphics/png/Makefile     Sat Jun 26 00:59:35 2010 +0000
+++ b/graphics/png/Makefile     Sat Jun 26 19:11:32 2010 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.123 2010/06/13 22:42:10 wiz Exp $
+# $NetBSD: Makefile,v 1.124 2010/06/26 19:11:32 wiz Exp $
 
-DISTNAME=      libpng-1.4.2
+DISTNAME=      libpng-1.4.3
 PKGNAME=       ${DISTNAME:S/lib//}
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libpng/} \
diff -r c18860600cf0 -r 96ee5e797177 graphics/png/distinfo
--- a/graphics/png/distinfo     Sat Jun 26 00:59:35 2010 +0000
+++ b/graphics/png/distinfo     Sat Jun 26 19:11:32 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.68 2010/06/13 22:42:10 wiz Exp $
+$NetBSD: distinfo,v 1.69 2010/06/26 19:11:33 wiz Exp $
 
-SHA1 (libpng-1.4.2.tar.bz2) = 2670d702bbeee7b28bd7e4814e460524731354c3
-RMD160 (libpng-1.4.2.tar.bz2) = a7bbad2394d93d57cea4ae26f870466bb553449e
-Size (libpng-1.4.2.tar.bz2) = 655710 bytes
+SHA1 (libpng-1.4.3.tar.bz2) = 82eda95439daaef6ed564b1532cf805b01759557
+RMD160 (libpng-1.4.3.tar.bz2) = ad0abc000e0a338d94ff7f8fe2b862d5944ec7bb
+Size (libpng-1.4.3.tar.bz2) = 658335 bytes
 SHA1 (patch-aa) = fc7f010f347cb77d8b478395a59ba4c4c1abd4b9
 SHA1 (patch-ac) = 44b167433e066556022d9b43fa33a7f887f83617
 SHA1 (patch-ae) = e9700e7d3dd536d80e47cffa20b412a6c69660be