Pullup ticket #3449 - requested by wiz

graphics/png security update.

Revisions pulled up:
- graphics/png/Makefile                                         1.132-1.137
- graphics/png/distinfo                                         1.78-1.84
- graphics/png/patches/patch-pngconf.h                          0

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue Apr  5 12:47:56 UTC 2011

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo
   Removed Files:
   	pkgsrc/graphics/png/patches: patch-pngconf.h

   Log Message:
   Update to 1.5.2:

   Version 1.5.2beta01 [February 13, 2011]
     More -Wshadow fixes for older gcc compilers.  Older gcc versions apparently
       check formal parameters names in function declarations (as well as
       definitions) to see if they match a name in the global namespace.
     Revised PNG_EXPORTA macro to not use an empty parameter, to accommodate the
       old VisualC++ preprocessor.
     Turned on interlace handling in png_read_png().
     Fixed gcc pendantic warnings.
     Handle longjmp in Cygwin.
     Fixed png_get_current_row_number() in the interlaced case.
     Cleaned up ALPHA flags and transformations.
     Implemented expansion to 16 bits.

   Version 1.5.2beta02 [February 19, 2011]
     Fixed mistake in the descriptions of user read_transform and write_transform
       function prototypes in the manual.  The row_info struct is png_row_infop.
     Reverted png_get_current_row_number() to previous (1.5.2beta01) behavior.
     Corrected png_get_current_row_number documentation
     Fixed the read/write row callback documentation.
       This documents the current behavior, where the callback is called after
       every row with information pertaining to the next row.

   Version 1.5.2beta03 [March 3, 2011]
     Fixed scripts/makefile.vcwin32
     Updated contrib/pngsuite/README to add the word "modify".
     Define PNG_ALLOCATED to blank when _MSC_VER<1300.

   Version 1.5.2rc01 [March 19, 2011]
     Define remaining attributes to blank when MSC_VER<1300.
     ifdef out mask arrays in pngread.c when interlacing is not supported.

   Version 1.5.2rc02 [March 22, 2011]
     Added a hint to try CPP=/bin/cpp if "cpp -E" fails in scripts/pnglibconf.mak
       and in contrib/pngminim/*/makefile, eg., on SunOS 5.10, and removed "strip"
       from the makefiles.
     Fixed a bug (present since libpng-1.0.7) that makes png_handle_sPLT() fail
       to compile when PNG_NO_POINTER_INDEXING is defined (Chubanov Kirill)

   Version 1.5.2rc03 [March 24, 2011]
     Don't include standard header files in png.h while building the symbol table,
       to avoid cpp failure on SunOS (introduced PNG_BUILDING_SYMBOL_TABLE macro).

   Version 1.5.2 [March 31, 2011]

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue May  3 09:07:35 UTC 2011

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Update to 1.5.3beta04 to fix a regression reported on tech-pkg (see beta03,
   last entry).

   Version 1.5.3beta01 [April 1, 2011]
     Re-initialize the zlib compressor before compressing non-IDAT chunks.
     Added API functions to set parameters for zlib compression of non-IDAT
       chunks.

   Version 1.5.3beta02 [April 3, 2011]
     Updated scripts/symbols.def with new API functions.
     Only compile the new zlib re-initializing code when text or iCCP is
       supported, using PNG_WRITE_COMPRESSED_TEXT_SUPPORTED macro.
     Improved the optimization of the zlib CMF byte (see libpng-1.2.6beta03).
     Optimize the zlib CMF byte in non-IDAT compressed chunks

   Version 1.5.3beta03 [April 16, 2011]
     Fixed gcc -ansi -pedantic compile. A strict ANSI system does not have
       snprintf, and the "__STRICT_ANSI__" detects that condition more reliably
       than __STDC__ (John Bowler).
     Removed the PNG_PTR_NORETURN attribute because it too dangerous. It tells
       the compiler that a user supplied callback (the error handler) does not
       return, yet there is no guarantee in practice that the application code
       will correctly implement the error handler because the compiler only
       issues a warning if there is a mistake (John Bowler).
     Removed the no-longer-used PNG_DEPSTRUCT macro.
     Updated the zlib version to 1.2.5 in the VStudio project.
     Fixed 64-bit builds where png_uint_32 is smaller than png_size_t in
       pngwutil.c (John Bowler).
     Fixed bug with stripping the filler or alpha channel when writing, that
       was introduced in libpng-1.5.2beta01 (bug report by Andrew Church).

   Version 1.5.3beta04 [April 27, 2011]
     Updated pngtest.png with the new zlib CMF optimization.
     Cleaned up conditional compilation code and of background/gamma handling
       Internal changes only except a new option to avoid compiling the
       png_build_grayscale_palette API (which is not used at all internally.)
       The main change is to move the transform tests (READ_TRANSFORMS,
       WRITE_TRANSFORMS) up one level to the caller of the APIs.  This avoids
       calls to spurious functions if all transforms are disabled and slightly
       simplifies those functions.  Pngvalid modified to handle this.
       A minor change is to stop the strip_16 and expand_16 interfaces from
       disabling each other; this allows the future alpha premultiplication
       code to use 16-bit intermediate values while still producing 8-bit output.
       png_do_background and png_do_gamma have been simplified to take a single
       pointer to the png_struct rather than pointers to every item required
       from the png_struct. This makes no practical difference to the internal
       code.
     A serious bug in the pngvalid internal routine 'standard_display_init' has
       been fixed - this failed to initialize the red channel and accidentally
       initialized the alpha channel twice.
     Changed png_struct jmp_buf member name from png_jmpbuf to tmp_jmpbuf to
       avoid a clash with the png_jmpbuf macro on some platforms.

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Fri May  6 07:19:23 UTC 2011

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Changes 1.5.3beta05:
   * Added the "_POSIX_SOURCE" feature test macro to ensure libpng sees the
     correct API. _POSIX_SOURCE is defined in pngpriv.h, pngtest.c and
     pngvalid.c to ensure that POSIX conformant systems disable non-POSIX APIs.
   * Removed png_snprintf and added formatted warning messages.  This change adds
     internal APIs to allow png_warning messages to have parameters without
     requiring the host OS to implement snprintf.  As a side effect the
     dependency of the tIME-supporting RFC1132 code on stdio is removed and
     PNG_NO_WARNINGS does actually work now.
   * Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib "CMF" byte
     optimization configureable.
   * IDAT compression failed if preceded by a compressed text chunk (bug
     introduced in libpng-1.5.3beta01-02).  This was because the attempt to
     reset the zlib stream in png_write_IDAT happened after the first IDAT
     chunk had been deflated - much too late.  In this change internal
     functions were added to claim/release the z_stream and, hopefully, make
     the code more robust.  Also deflateEnd checking is added - previously
     libpng would ignore an error at the end of the stream.

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Sun May  8 06:02:43 UTC 2011

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Switch to use default EXTRACT_SUFX for distfile, .tar.gz is the only long term
   provided archive for libpng beta release.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun May  8 09:09:20 UTC 2011

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Update to 1.5.3beta06:
   Version 1.5.3beta06 [May 8, 2011]
     Removed the -D_ALL_SOURCE from definitions for AIX in CMakeLists.txt
     Implemented premultiplied alpha support: png_set_alpha_mode API

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun May  8 09:11:08 UTC 2011

   Modified Files:
   	pkgsrc/graphics/png: distinfo

   Log Message:
   regen for targz change

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Jun  8 06:58:59 UTC 2011

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Update to 1.5.3rc02 for a security fix.

   Version 1.5.3beta07 [May 11, 2011]
     Added expand_16 support to the high level interface.
     Added named value and 'flag' gamma support to png_set_gamma.  Made a minor
       change from the previous (unreleased) ABI/API to hide the exact value used
       for Macs - it's not a good idea to embed this in the ABI!
     Moved macro definitions for PNG_HAVE_IHDR, PNG_HAVE_PLTE, and PNG_AFTER_IDAT
       from pngpriv.h to png.h because they must be visible to applications
       that call png_set_unknown_chunks().
     Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
       before IDAT.

   Version 1.5.3beta08 [May 16, 2011]
     Improved "pngvalid --speed" to exclude more of pngvalid from the time.
     Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt
     The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative
       parameters are supplied by the caller), while in the absence of cHRM
       sRGB/Rec 709 values are still used.
     The bKGD chunk no longer overwrites the background value set by
       png_set_background(), allowing the latter to be used before the file
       header is read. It never performed any useful function to override
       the default anyway.
     Added memory overwrite and palette image checks to pngvalid.c
       Previously palette image code was poorly checked. Since the transformation
       code has a special palette path in most cases this was a severe weakness.
     Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
       expanding an indexed image, always expand to RGBA if transparency is
       present.

   Version 1.5.3beta09 [May 17, 2011]
     Reversed earlier 1.5.3 change of transformation order; move png_expand_16
       back where it was.  The change doesn't work because it requires 16-bit
       gamma tables when the code only generates 8-bit ones.  This fails
       silently; the libpng code just doesn't do any gamma correction.  Moving
       the tests back leaves the old, inaccurate, 8-bit gamma calculations, but
       these are clearly better than none!

   Version 1.5.3beta10 [May 20, 2011]

     png_set_background() and png_expand_16() did not work together correctly.
       This problem is present in 1.5.2; if png_set_background is called with
       need_expand false and the matching 16 bit color libpng erroneously just
       treats it as an 8-bit color because of where png_do_expand_16 is in the
       transform list.  This simple fix reduces the supplied colour to 8-bits,
       so it gets smashed, but this is better than the current behavior.
     Added tests for expand16, more fixes for palette image tests to pngvalid.
       Corrects the code for palette image tests and disables attempts to
       validate palette colors.

   Version 1.5.3rc01 [June 3, 2011]
     No changes.

   Version 1.5.3rc02 [June 7, 2011]
     Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
       report by Frank Busse, related to CVE-2004-0421).

3 files changed, 6 insertions, 30 deletions

diff --git a/graphics/png/Makefile b/graphics/png/Makefile
index 022c7378965..cf079db1b58 100644
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.131 2011/02/03 09:20:58 wiz Exp $
+# $NetBSD: Makefile,v 1.131.2.1 2011/06/08 09:49:24 sbd Exp $
 
-DISTNAME=	libpng-1.5.1
+DISTNAME=	libpng-1.5.3rc02
 PKGNAME=	${DISTNAME:S/lib//}
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libpng/} \
 		ftp://ftp.fu-berlin.de/unix/graphics/png/src/
-EXTRACT_SUFX=	.tar.bz2
 
 MAINTAINER=	wiz@NetBSD.org
 HOMEPAGE=	http://www.libpng.org/pub/png/libpng.html
diff --git a/graphics/png/distinfo b/graphics/png/distinfo
index 99d5e4dc2af..d6735a37db9 100644
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.77 2011/02/04 23:35:29 adam Exp $
+$NetBSD: distinfo,v 1.77.2.1 2011/06/08 09:49:24 sbd Exp $
 
-SHA1 (libpng-1.5.1.tar.bz2) = 750361f1cd693da53ef66624d5a8a6a431c40cd5
-RMD160 (libpng-1.5.1.tar.bz2) = 62ab2800b760ca642db094017f798590465bc5a3
-Size (libpng-1.5.1.tar.bz2) = 773560 bytes
+SHA1 (libpng-1.5.3rc02.tar.gz) = 0ccc3250fc9690e66355298f65919e252caf9cb1
+RMD160 (libpng-1.5.3rc02.tar.gz) = a70c0840a33ae0c17b2593bd1bc63fe10a2c52d4
+Size (libpng-1.5.3rc02.tar.gz) = 1004084 bytes
 SHA1 (patch-aa) = 0c4f4e594798384079a0ce2ee5d7a45e16366b12
-SHA1 (patch-pngconf.h) = 407106790dccb265d6d1e17d1c263b1f7c82eb68
diff --git a/graphics/png/patches/patch-pngconf.h b/graphics/png/patches/patch-pngconf.h
deleted file mode 100644
index b4b1035f4ac..00000000000
--- a/graphics/png/patches/patch-pngconf.h
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-pngconf.h,v 1.1 2011/02/04 23:35:29 adam Exp $
-
---- pngconf.h.orig	2011-02-04 23:31:35.000000000 +0000
-+++ pngconf.h
-@@ -287,7 +287,7 @@
-  * PNG_EXPORT function for every compiler.
-  */
- #ifndef PNG_FUNCTION
--#  ifdef __GNUC__
-+#  if defined(__GNUC__) && !defined(__clang__)
- #     define PNG_FUNCTION(type, name, args, attributes)\
-          attributes type name args
- #  else /* !GNUC */
-@@ -347,7 +347,7 @@
-    * functions in png.h will generate compiler warnings.  Added at libpng
-    * version 1.2.41.
-    */
--#  ifdef __GNUC__
-+#  if defined(__GNUC__) && !defined(__clang__)
- #    ifndef PNG_USE_RESULT
- #      define PNG_USE_RESULT __attribute__((__warn_unused_result__))
- #    endif