Age | Commit message (Collapse) | Author | Files | Lines |
|
graphics/png: security update
Revisions pulled up:
- graphics/png/Makefile 1.144-1.146
- graphics/png/distinfo 1.91-1.93
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Sat Feb 18 15:16:59 UTC 2012
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Added Files:
pkgsrc/graphics/png/patches: patch-CVE-2011-3026
Log Message:
fix possible buffer overflow due to integer overflow in malloc()
size calculation (2011-3026), patch from Chromium via Redhat/Debian
bump PKGREV
To generate a diff of this commit:
cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/graphics/png/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/png/patches/patch-CVE-2011-3026
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Feb 18 15:42:57 UTC 2012
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Removed Files:
pkgsrc/graphics/png/patches: patch-CVE-2011-3026
Log Message:
Update to 1.5.9rc01, which includes the official patch for CVE-2011-3026.
Version 1.5.9beta01 [February 3, 2012]
Rebuilt configure scripts in the tar distributions.
Version 1.5.9beta02 [February 16, 2012]
Removed two unused definitions from scripts/pnglibconf.h.prebuilt
Removed some unused arrays (with #ifdef) from png_read_push_finish_row().
Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h
Version 1.5.9rc01 [February 17, 2012]
Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
on iCCP chunk length. Also removed spurious casts that may hide problems
on 16-bit systems.
To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.91 -r1.92 pkgsrc/graphics/png/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/png/patches/patch-CVE-2011-3026
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Feb 19 09:26:39 UTC 2012
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update "libpng" package to version 1.5.9. There are no change since
version 1.5.9rc01 except of the minor detail that you can actually
fetch the distfile.
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/png/distinfo
|
|
graphics/png: security update
Revisions pulled up:
- graphics/png/Makefile 1.143
- graphics/png/distinfo 1.90
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Feb 1 23:05:19 UTC 2012
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update to 1.5.8:
Version 1.5.8beta01 [January 15, 2011]
Removed '#include config.h"' from contrib/libtests/pngvalid.c. It's not
needed and causes trouble for VPATH building.
Moved AC_MSG_CHECKING([if libraries can be versioned]) later to the proper
location in configure.ac (Gilles Espinasse).
Fix bug in pngerror.c: some long warnings were being improperly truncated
(bug introduced in libpng-1.5.3beta05).
Version 1.5.8rc01 [January 21, 2012]
No changes.
Version 1.5.8rc02 [January 25, 2012]
Fixed Min/GW uninstall to remove libpng.dll.a
Conditionalize the install rules for MINGW and CYGWIN in CMakeLists.txt
|
|
vigra (which is 1.8.0) to fix build with recent libpng.
I'm not sure if the resolution handling changes (search for "254") are
desirable or not. if something goes wrong, try reverting that.
The package should probably be changed to use pkgsrc vigra, but I
don't want to do that right now.
|
|
graphics/libv4l and updateing PLIST.Linux
|
|
|
|
|
|
|
|
|
|
memory allocation error; both could lead to heap buffer overflows
(CVE-2011-4516, CVE-2011-4517)
bump PKGREV
|
|
|
|
changes:
-based on DCRaw v 9.06
-New Traditional Chinese translation
-Port UFRaw to OpenSolaris
|
|
this switches to the new 2.14 release branch -- many new features
and UI improvements
|
|
no glitz here).
Rejustify long lines while here.
|
|
X headers' include guards, which changed at some point. Hack it to
recognize what's there nowadays as well as the old symbol.
While here, deploy INSTALLATION_DIRS to work around apparent dir
permission problems in the package's own install logic.
|
|
Changes:
* MetaPost now adheres to the openin_any / openout_any settings in
texmf.cnf
* In some cases 'readfrom' made the file's path be prepended to the
actually read string from the file.
* The 'prologues:=3 output' with embedded labels was unreliable,
especially when the resulting eps was included into a TeX document
via dvips.
* 'newinternal numeric' has been fixed, it generated an error in
metapost 1.211.
* Label regeneration sometimes failed to run when the file time stamps
were close together.
* Reallocation of the string pool during output file name creation
('outputtemplate') could cause corruption in the created file's name.
|
|
|
|
|
|
|
|
Changes since the last public release (1.5.6):
Added support for ARM processor (Mans Rullgard)
Fixed bug in pngvalid on early allocation failure; fixed type cast in
pngmem.c; pngvalid would attempt to call png_error() if the allocation
of a png_struct or png_info failed. This would probably have led to a
crash. The pngmem.c implementation of png_malloc() included a cast
to png_size_t which would fail on large allocations on 16-bit systems.
Fix for the preprocessor of the Intel C compiler. The preprocessor
splits adjacent @ signs with a space; this changes the concatentation
token from @-@-@ to PNG_JOIN; that should work with all compiler
preprocessors.
Paeth filter speed improvements from work by Siarhei Siamashka. This
changes the 'Paeth' reconstruction function to improve the GCC code
generation on x86. The changes are only part of the suggested ones;
just the changes that definitely improve speed and remain simple.
The changes also slightly increase the clarity of the code.
Check compression_type parameter in png_get_iCCP and remove spurious
casts. The compression_type parameter is always assigned to, so must
be non-NULL. The cast of the profile length potentially truncated the
value unnecessarily on a 16-bit int system, so the cast of the (byte)
compression type to (int) is specified by ANSI-C anyway.
Fixed FP division by zero in pngvalid.c; the 'test_pixel' code left
the sBIT fields in the test pixel as 0, which resulted in a floating
point division by zero which was irrelevant but causes systems where
FP exceptions cause a crash. Added code to pngvalid to turn on FP
exceptions if the appropriate glibc support is there to ensure this is
tested in the future.
Added versioning to pnglibconf.h comments.
Installed more accurate linear to sRGB conversion tables. The slightly
modified tables reduce the number of 16-bit values that
convert to an off-by-one 8-bit value. The "makesRGB.c" code that was used
to generate the tables is now in a contrib/sRGBtables sub-directory.
Added run-time detection of NEON support.
Multiple transform bug fixes plus a work-round for double gamma correction.
libpng does not support more than one transform that requires linear data
at once - if this is tried typically the results is double gamma
correction. Since the simplified APIs can need rgb to gray combined with
a compose operation it is necessary to do one of these outside the main
libpng transform code. This check-in also contains fixes to various bugs
in compose and rgb to gray (on palette).
Fixes for C++ compilation using g++ When libpng source is compiled
using g++. The compiler imposes C++ rules on the C source; thus it
is desireable to make the source work with either C or C++ rules
without throwing away useful error information. This change adds
png_voidcast to allow C semantic (void*) cases or the corresponding
C++ static_cast operation, as appropriate.
Added --noexecstack to assembler file compilation. GCC does not set
this on assembler compilation, even though it does on C compilation.
This creates security issues if assembler code is enabled; the
work-around is to set it by default in the flags for $(CCAS)
Removed "zTXt" from warning in generic chunk decompression function.
Validate time settings passed to pngset() and png_convert_to_rfc1123()
(Frank Busse).
Added MINGW support to CMakeLists.txt
Reject invalid compression flag or method when reading the iTXt chunk.
Moved pngvalid.c into contrib/libtests
Rebuilt Makefile.in, configure, etc., with autoconf-2.68
Replaced an "#if" with "#ifdef" in pngrtran.c
Revised #if PNG_DO_BC block in png.c (use #ifdef and add #else)
Revised pngconf.h to use " __declspec(restrict)" only when MSC_VER >= 1400,
as in libpng-1.5.4.
Put CRLF line endings in the owatcom project files.
Updated CMakeLists.txt to account for the relocation of pngvalid.c
Minor fixes to pngvalid.c for gcc 4.6.2 compatibility to remove warnings
reported by earlier versions.
|
|
Bump PKGREVISION.
|
|
Changes are unknown.
|
|
|
|
On DragonFly, X11BASE equals LOCALBASE meaning any detected binaries on
X11BASE came from pkgsrc itself and not the native platform as intended.
The result is that x11/xwininfo was not getting added to the DEPENDS list
after that package was installed.
|
|
|
|
|
|
|
|
|
|
Required for default linking behavior of binutils 2.22 ld
|
|
|
|
Required for default linking behavior of binutils 2.22 ld
|
|
Required for default linking behavior of binutils 2.22 ld
|
|
Required for default linking behavior of binutils 2.22 ld
It's kind of ugly to tag it on to the LINK_PTHREAD variable, but renaming
that variable could satisfy the pedants.
|
|
Required for default linking behavior of binutils 2.22 ld
|
|
|
|
S_IRUSR and S_IWUSR are defined in <sys/stat.h> on DragonFly, but the
conftest for the Cache Server wasn't pulling that header in. After
patching the conftest, the package builds normally. There was no need
to patch the source itself, so it was a bad test.
|
|
Changes from previous:
----------------------
Sept. 24, 2011 - Version 8.65 (production release)
- Added a few new CanonModelID's
- Added a new Sony/Minolta LensType
- Added a new Canon LensType (thanks Klaus Reinfeld)
- Added a number of new Olympus ArtFilter/MagicFilter values
- Included new .args files in distribution: exif2iptc.args and iptc2exif.args
- Enhanced writing of date/time tags to recognize "now" for the current time
- Improved decoding of H264 Gain
- Minor improvement to -htmlDump for some invalid IFD entries
- Allow PostScript date/time tags to be written without the -n option
- Allow NikonCapture:ExposureAdj2 to be written without the -n option
- Fixed problem introduced in version 8.62 where DateTimeOriginal in IFD0 of
NEF images was no longer updated when shifting times
- Fixed problem where keywords could be duplicated when exporting to XMP while
using the MWG module
- Fixed problem reading PDF images with extra whitespace before xref table
- Fixed format problem in CSV output for filenames containing a comma or quote
- Fixed problem reading concatenated AVI videos
Sept. 10, 2011 - Version 8.64
- Added 2 new ACDSee XMP tags (thanks Hannes Leubbers)
- Added a new Sony FileFormat value
- Added a new CanonModelID
- Added a few new Pentax DigitalFilter and ImageTone values
- Enhanced -execute option to allow a command ID number to be added
- Enhanced -csv and -json import features to also key on canonical SourceFile
path (requires Cwd module)
- Improved Composite LensID logic for some Sony cameras
- Fixed misleading error message when using -if option on file that doesn't
exist
- Fixed problems decoding a number of inconsistent tags in the Sigma SD1 maker
notes
Aug. 27, 2011 - Version 8.63
- Added support for a number of new Open Document file extensions
- Added a few new CanonModelID and SonyModelID values
- Added a new Ricoh GXR LensID
- Added a new Sony/Minolta LensType (thanks Mladen Sever)
- Added patch to read the improperly formatted DateTimeOriginal in AVI videos
written by the Kodak Easyshare Sport camera
- API Changes:
- Added QuickTimeUTC option
Aug. 21, 2011 - Version 8.62 - "JPEG2000 Update"
- Added read support for JPEG2000 codestream format (J2C)
- Added a few new Nikon LensID's (thanks Robert Rottmerhusen)
- Added a few new Pentax LensType's
- Added a few new Sony/Minolta LensType's (thanks Wolfram for 2 of these)
- Added two new Sony Teleconverter values (thanks Wolfram)
- Decode a few more JPEG2000 UUID's written by Adobe JPEG2000 plugin
- Decode additional JPEG2000 ColorSpecification information
- Recognize a few more JPEG2000 file extensions
- Updated some CanonModelID's
- Tolerate extra comma at end of line in imported -csv files
- Changed name of Kodak Type9 SerialNumber tag to UnknownNumber
- Fixed bug which in rare situations could result in an erroneous "IFD pointer
references previous IFD" warning
- Fixed another memory leak when writing and removed circular references from
ExifTool object to prevent future bugs like this
- Fixed problem in Windows where values in the -X (XML) output containing
CR+LF were converted to CR+CR+LF
- Fixed superfluous warning which could occur when using += to decrement a
numerical tag
- Fixed an incorrectly spelt Pentax city name (thanks John Francis)
July 16, 2011 - Version 8.61
- Added the ability to increment/decrement tags with numerical values using +=
- Added support for Extensis Portfolio XMP tags plus a number of non-standard
and/or undocumented XMP-xmp and XMP-xmpMM tags
- Added read support for Microsoft Compiled HTML (CHM) format
- Added read support for Ogg Video (OGV) files
- Added new LensType values for Pentax (thanks Heike Herrmann), Sony/Minolta
(thanks Fabio Suprani and Florian Knorn), Nikon (thanks Jens Kriese),
Olympus and Sigma cameras
- Added a new QuickTime VendorID
- Recognize DEX (Dalvik Executable) files
- Identify Windows 64-bit EXE/DLL files and relax EXE validation
- Validate date/time values when reading NMEA GPS log files
- Changed decoding of CFAPattern to return a string of numbers with -n option
- Extract all unknown makernote blocks as undef, regardless of actual format
- Improved print conversion of Pentax ShakeReduction
- Fixed problem processing some Ogg files with multiple streams
- Fixed incorrect namespace URI for stArea (used by MWG 2.0 regions)
- Fixed problem with spaces in -geotag path when using wildcards
- Fixed problem writing PDF:Keywords list items individually if they contain
special characters
- API Changes:
- Enhanced SetNewValue() to allow increment/decrement of numerical tags
|
|
* install manual page.
Bump PKGREVISION.
|
|
|
|
1) Modified current patch to support DragonFly
2) Fixed includes for ffmeg headers
3) The API for ffmpeg's sample format changed, so tell it to use old API.
This can be removed when OpenSceneGraph version is upgraded
4) The PLIST was missing ffmpeg plugin. I guess it never built before.
|
|
|
|
The graphviz-dot-mode will do font locking, indentation, preview of
graphs and eases compilation/error location. There is support for
both GNU Emacs and XEmacs.
|
|
* New operations: spread, vignette, map-relative, noise-reduction, plasma,
fractal-trace, exr-save, lens-correct, emboss, cubism, ripple,
color-to-alpha, color-rotate, red-eye-removal, convolution-matrix,
deinterlace, polar-coordinates, lens-distortion, pixelise.
* Split GeglView GTK Widget into separate utility library
* build/test improvements.
* Buffer:
* Added lohalo resampler, API and infrastructure for doing non affine
resamplings.
|
|
Build improvements, remove blatantly wrong conversions from extensions,
made it possible to distinguish format_n formats from others, improvements
to vala/gobject introspection support.
|
|
|
|
This release adds the "-ow" option to overwrite the input file with the
compressed file. If an output filename is given on the command line, it will be
used as a temporary file and removed after compression. If not, "pngout.png" is
used as a temporary file
|
|
|
|
|
|
History
=======
0.7.0 (2011-11-19)
------------------
* Accept N/A rack-unit
* Add fontfamily attribute for switching fontface
* Fix bugs
0.6.1 (2011-11-06)
------------------
* [rackdiag] Support multiple racks rendering
* [rackdiag] Add rack attribute: unit-height, weight, ampere, ascending
* [rackdiag] Support putting multiple items to same rack-unit
0.6.0 (2011-11-06)
------------------
* Add rackdiag which supports genarating rack-structure diagram
* Add docutils extension
* Fix bugs
0.5.3 (2011-11-01)
------------------
* Add class feature (experimental)
0.5.2 (2011-11-01)
------------------
* Follow blockdiag-0.9.7 interface
0.5.1 (2011-10-19)
------------------
* Follow blockdiag-0.9.5 interface
0.5.0 (2011-10-07)
------------------
* Change shape of trunkline like a pipeline
* Add network attribute: color
* Add diagram attribute: default_network_color
|
|
History
=======
0.3.0 (2011-11-19)
------------------
* Add fontfamily attribute for switching fontface
* Fix bugs
0.2.4 (2011-11-10)
------------------
* Fix dependencies (do not depend PIL directly for pillow users)
0.2.3 (2011-11-06)
------------------
* Add docutils exetension
* Fix bugs
0.2.2 (2011-11-01)
------------------
* Add class feature (experimental)
0.2.1 (2011-11-01)
------------------
* Follow blockdiag-0.9.7 interface
0.2.0 (2011-10-19)
------------------
* Follow blockdiag-0.9.5 interface
0.1.9 (2011-10-11)
------------------
* Fix bugs
|
|
History
=======
0.7.1 (2011-11-30)
------------------
* Fix bugs
0.7.0 (2011-11-19)
------------------
* Add fontfamily attribute for switching fontface
* Fix bugs
0.6.3 (2011-11-06)
------------------
* Add docutils extention
* Fix bugs
0.6.2 (2011-11-01)
------------------
* Add class feature (experimental)
0.6.1 (2011-11-01)
------------------
* Follow blockdiag-0.9.7 interface
0.6.0 (2011-10-28)
------------------
* Add edge attributes: note, rightnote, leftnote, notecolor
* Add diagram atteribute: default_note_color
0.5.2 (2011-10-27)
------------------
* Implement auto edge height adjusting
* Fix bugs
0.5.1 (2011-10-24)
------------------
* Fix bugs
0.5.0 (2011-10-21)
------------------
* Add diagram attributes: activation, autonumber
* Add edge attribute: failed
* Add separator syntax
0.4.3 (2011-10-19)
------------------
* Follow blockdiag-0.9.5 interface
0.4.2 (2011-10-11)
------------------
* Fix bugs
|