On Thu, 15 Aug 2002, Paul (NCC/CS) wrote:

> running 1.5.2  on a sparc 2 and trying to build gv.
> It couldn't fetch libpng-1.0.10 from any of the sites
> it tried.
>
> Shouldn't this distfile be available?

That distribution contained errors which could allegedly lead to a
system running a web browser being compromised by a hostile web site.
The package vulnerabilites file gives these two URI's:

  http://online.securityfocus.com/bid/5409
  ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207

> Do I have to ugrade my package source tree?

Yes, upgrade.

> What should I do please?

The current pkgsrc, which will soon be tagged as 1.6, has been
extensively tested on NetBSD 1.5.2/1.5.3, and should serve you very
well. In general, current pkgsrc supports any system that you're
likely to still want to run. (We haven't formally given up on 1.4.2
yet, although who knows how many packages really work on that.)

> Please cc me as I'm not subscribed to list.
> Thankyou,


Frederick