Pullup ticket #3687 - requested by tron

graphics/png: security update

Revisions pulled up:
- graphics/png/Makefile                                         1.144-1.146
- graphics/png/distinfo                                         1.91-1.93

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	drochner
   Date:		Sat Feb 18 15:16:59 UTC 2012

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo
   Added Files:
   	pkgsrc/graphics/png/patches: patch-CVE-2011-3026

   Log Message:
   fix possible buffer overflow due to integer overflow in malloc()
   size calculation (2011-3026), patch from Chromium via Redhat/Debian
   bump PKGREV


   To generate a diff of this commit:
   cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.90 -r1.91 pkgsrc/graphics/png/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/png/patches/patch-CVE-2011-3026

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Feb 18 15:42:57 UTC 2012

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo
   Removed Files:
   	pkgsrc/graphics/png/patches: patch-CVE-2011-3026

   Log Message:
   Update to 1.5.9rc01, which includes the official patch for CVE-2011-3026.

   Version 1.5.9beta01 [February 3, 2012]
     Rebuilt configure scripts in the tar distributions.

   Version 1.5.9beta02 [February 16, 2012]
     Removed two unused definitions from scripts/pnglibconf.h.prebuilt
     Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
     Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h

   Version 1.5.9rc01 [February 17, 2012]
     Fixed CVE-2011-3026 buffer overrun bug.  Deal more correctly with the test
       on iCCP chunk length. Also removed spurious casts that may hide problems
       on 16-bit systems.


   To generate a diff of this commit:
   cvs rdiff -u -r1.144 -r1.145 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.91 -r1.92 pkgsrc/graphics/png/distinfo
   cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/png/patches/patch-CVE-2011-3026

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sun Feb 19 09:26:39 UTC 2012

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Update "libpng" package to version 1.5.9. There are no change since
   version 1.5.9rc01 except of the minor detail that you can actually
   fetch the distfile.


   To generate a diff of this commit:
   cvs rdiff -u -r1.145 -r1.146 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/png/distinfo

2 files changed, 6 insertions, 6 deletions

diff --git a/graphics/png/Makefile b/graphics/png/Makefile
index 8e95e4634ce..20028171948 100644
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.141.2.1 2012/02/05 22:56:27 tron Exp $
+# $NetBSD: Makefile,v 1.141.2.2 2012/02/19 13:56:36 spz Exp $
 
-DISTNAME=	libpng-1.5.8
+DISTNAME=	libpng-1.5.9
 PKGNAME=	${DISTNAME:S/lib//}
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libpng/} \
diff --git a/graphics/png/distinfo b/graphics/png/distinfo
index e286a3caf24..ee9130e27cb 100644
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.89.2.1 2012/02/05 22:56:27 tron Exp $
+$NetBSD: distinfo,v 1.89.2.2 2012/02/19 13:56:36 spz Exp $
 
-SHA1 (libpng-1.5.8.tar.bz2) = 46fdc2ab3fef9cf0949b1d7374cda9ea37ed5419
-RMD160 (libpng-1.5.8.tar.bz2) = 643ef6a0720e51a1dc326971db35846d02bbca10
-Size (libpng-1.5.8.tar.bz2) = 865525 bytes
+SHA1 (libpng-1.5.9.tar.bz2) = 844e6ebc739a332178a327e74ff7c42ddb93f442
+RMD160 (libpng-1.5.9.tar.bz2) = 02404bcbc695964c951905a489f1f0654b62670b
+Size (libpng-1.5.9.tar.bz2) = 865782 bytes
 SHA1 (patch-aa) = aaf79ebb8a18448c096c17ae9b02da02bc537db2