the normal case when BUILDLINK_DEPENDS.<pkg> isn't specified, it receives
a value only once due to the multiple inclusion protection in the
bulldlink3.mk files. In the case where a package includes several
buildlink3.mk files that each want a slightly different version of another
dependency, having BUILDLINK_DEPENDS.<pkg> be a list allows for the
strictest <pkg> dependency to be matched.
images (and bump package to 1.2.5nb2). The following is taken directly
from the png-implement mailing list...
Date: Fri, 20 Dec 2002 11:26:31 -0500
From: Glenn Randers-Pehrson <glennrp@comcast.net>
Reply-To: png-implement@ccrc.wustl.edu
To: png-implement@ccrc.wustl.edu
Subject: Re: [png-implement] bug in png_read_filler() with 16-bit samples
At 01:01 AM 12/5/02 -0500, Glenn Randers-Pehrson wrote:
>A bug has turned up in png_read_filler() with 16-bit samples.
>The starting offsets for the loops are calculated incorrectly
>which causes a buffer overrun beyond the beginning of the row
>buffer.
>
>To fix, at lines 1968 and 1990,
>change "row_width * 3" to "row_width * 6"
>and at lines 1969 and 1991,
>change "row_width;" to "row_width * 2;"
This is only half of the story. Adding an alpha channel to
16-bit *grayscale* images with png_do_read_filler() exhibits
the same bug, and pngcrush crashes if I try to do it.
To fix, at lines 1892, 1893, 1910, and 1911 of pngrtran.c
change "row_width" to "row_width * 2"
Note that applications that do not add an alpha channel via
png_set_filler(), and any applications that do, but reduce 16-bit
samples to 8 bit via png_set_strip_16() are invulnerable to
the bug. Pngcrush is the only application that I know of
that uses png_set_filler() without also using png_set_strip_16().
Glenn
--
Send the message body "help" to png-implement-request@ccrc.wustl.edu
reported to the png-implement mailing list by Glenn Randers-Pehrson:
ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212
[Glenn Randers-Pehrson is the original author and chief maintainer of
libpng.]
From the discussion in the archive, it appears to be unlikely that the
bug could be exploited by a malicious web-server, chiefly because the
operation that triggers it is more likely to be carried out by an image
manipulation program (i.e. pngcrush), than by a web browser.
* Changed png_error() to png_warning() about
"Too much data" in pngpread.c and about
"Extra compressed data" in pngrutil.c.
* Prevent png_ptr->pass from exceeding 7 in
png_push_finish_row().
* Updated png.c and pnggccrd.c handling of return from
png_mmx_support() [Doesn't apply to the package.]
* Only issue png_warning() about "Too much data" in
pngpread.c when avail_in is nonzero.
* Relocated two misplaced PNGAPI lines in pngtest.c
Update submitted by Stefan Krüger in PR/18926.
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
and png_set_text_2(), call for a minor version bump in the shared library.
Update "BUILDLINK_DEPENDS" to current level. Also make the shared library
versions visible in the top-level "Makefile", and add a top-level "test"
target to invoke "pngtest" in ${WRKSRC}.
The following is culled from the extensive "CHANGES" file, ommitting
all make system and doc changes, and some bug fixes for bugs that weren't
present in 1.2.1. See "CHANGES" for complete details:
Added setjmp() at the end of png_create_*_struct_2() in case user forgets
to put one in their application.
Exported png_zalloc(), png_zfree(), png_default_read(), png_default_write(),
png_default_flush(), and png_push_fill_buffer() and included them in
module definition files.
Revised prototype for png_default_flush()
Typos in *.def files (png_default_read|write -> png_default_read|write_data)
Once more restored png_zalloc and png_zfree to regular nonexported form.
Restored png_default_read|write_data, png_default_flush, png_read_fill_buffer
to nonexported form, but with PNGAPI, and removed them from module def files.
Removed "PNGAPI" from png_zalloc() and png_zfree() in png.c
Plugged various memory leaks; added png_malloc_warn() and png_set_text_2()
functions.
Plugged memory leak of png_ptr->current_text (Matt Holgate).
Check for buffer overflow before reading CRC in pngpread.c (Warwick Allison)
Plugged memory leak of row_buf in pngtest.c when there is a png_error().
Detect buffer overflow in pngpread.c when IDAT is corrupted with extra data.
Changed png_warning() to png_error() when width is too large to process.
shared library version, and in the dependendency information for hundreds of
other packages. [Update to png itself was supplied by Thomas Wizner.]
Relevant changes since 1.0.12, extracted from the "CHANGES" file:
Re-enabled PNG_MNG_FEATURES_SUPPORTED and enabled PNG_ASSEMBLER_CODE_SUPPORTED
by default.
Added runtime selection of MMX features.
Added png_set_strip_error_numbers function and related macros.
Added a check for attempts to read or write PLTE in grayscale PNG datastreams.
Enabled user memory function by default.
Modified png_create_struct so it passes user mem_ptr to user memory allocator.
Increased png_mng_features flag from png_byte to png_uint_32.
Check for missing profile length field in iCCP chunk and free chunk_data
in case of truncated iCCP chunk.
Revised contrib/gregbook/rpng*-x.c to avoid a memory leak and to exit cleanly
if user attempts to run it on an 8-bit display.
Updated contrib/gregbook
Use png_malloc instead of png_zalloc to allocate palette in pngset.c
Added some typecasts to eliminate gcc 3.0 warnings. Changed prototypes
of png_write_oFFS width and height from png_uint_32 to png_int_32.
Updated example.c
Revised prototypes for png_debug_malloc and png_debug_free in pngtest.c
Revised contrib/gregbook
Revised pnggccrd.c to conditionally compile some thread-unsafe code only
when PNG_THREAD_UNSAFE_OK is defined.
Added tests to prevent pngwutil.c from writing a bKGD or tRNS chunk with
value exceeding 2^bit_depth-1
Replaced calls to fprintf(stderr,...) with png_warning() in pnggccrd.c
Removed restriction that do_invert_mono only operate on 1-bit opaque files
Changed a png_warning() to png_debug() in pnggccrd.c
Fixed contrib/gregbook/rpng-x.c, rpng2-x.c to avoid crash with XFreeGC().
Include background_1 in png_struct regardless of gamma support.
Revised example.c to provide more details about using row_callback().
Added type cast to each NULL appearing in a function call, except for
WINCE functions.
Removed type casts from all NULLs.
Simplified png_create_struct_2().
Revised png_create_info_struct() and png_creat_struct_2().
Added error message if png_write_info() was omitted.
Type cast NULLs appearing in function calls when _NO_PROTO or
PNG_TYPECAST_NULL is defined.
Type cast NULLs appearing in function calls except when PNG_NO_TYPECAST_NULL
is defined.
Changed typecast of "size" argument to png_size_t in pngmem.c calls to
the user malloc_fn, to agree with the prototype in png.h
Added a pop/push operation to pnggccrd.c, to preserve Eflag (Maxim Sobolev)
Added a pop/push operation to pngvcrd.c, to preserve Eflag.
Always allocate 256-entry internal palette, hist, and trans arrays, to
avoid out-of-bounds memory reference caused by invalid PNG datastreams.
Added a check for prefix_length > data_length in iCCP chunk handler.
. Added some never-to-be-executed code in pnggccrd.c to quiet compiler
warnings.
. Added a check for attempts to read or write PLTE in grayscale PNG
datastreams.
. Eliminated the png_error about apps using png_read|write_init(). Instead,
libpng will reallocate the png_struct and info_struct if they are too small.
This achieves future binary compatibility for old applications written for
libpng-0.88 and earlier. Expanded the warnings about incompatible library
and application.
. Modified png_create_struct so it passes user mem_ptr to user memory
allocator.
. Check for missing profile length field in iCCP chunk and free the chunk_data
in case of truncated iCCP chunk.
BUILDLINK_PREFIX.<pkgname>. This allows buildlink to find X11BASE packages
regardless of whether they were installed before or after xpkgwedge was
installed. Idea by Alistair Crooks <agc@pkgsrc.org>.
FOO_REQD=1.0 being converted to foo>=1.0, one can now directly specify
the dependency pattern as FOO_DEPENDS=foo>=1.0. This allows things like
JPEG_DEPENDS=jpeg-6b, or fancier expressions like for postgresql-lib.
Change existing FOO_REQD definitions in Makefiles to FOO_DEPENDS.
CXXFLAGS, and LDFLAGS by the buildlink.mk files so remove the extra
definitions to add them from the package Makefiles. As advised by the
bsd.buildlink.mk file, also ensure that the buildlink.mk files are
included prior to defining any package-specific CFLAGS/LDFLAGS to ensure
that the buildlink directories are at the head of the compiler search
paths.
linked from a particular package, and add a pre-configure target to
the buildlink.mk file to more painlessly use buildlink.mk files. A
${BUILDLINK_TARGETS} variable still exists in case a package _must_
define NO_CONFIGURE.
pkgsrc change: bump shared library major like it happened in libpng some
time ago -- our libtool'ified build didn't reflect this. Fixes pkg/12856
by Thor Simon. Note necessity of manual major/minor handling in Makefile,
to decrease chance that this will repeat in the future.
Changes since 1.0.10:
Added type casts on several png_malloc() calls (Dimitri Papadapoulos).
Removed a no-longer needed AIX work-around from pngconf.h
Changed several "//" single-line comments to C-style in pnggccrd.c
Removed PNGAPI from several functions whose prototypes did not have PNGAPI.
Updated scripts/pngos2.def
Added a check for NULL return from user's malloc_fn().
Removed some useless type casts of the NULL pointer.
Added makefile.netbsd [not used, since we're using libtool instead]
Moved some error checking from png_handle_IHDR to png_set_IHDR.
Added PNG_NO_READ_SUPPORTED and PNG_NO_WRITE_SUPPORTED macros.
Revised png_mmx_support() function in pnggccrd.c
Restored version 1.0.8 PNG_WRITE_EMPTY_PLTE_SUPPORTED behavior in pngwutil.c
Fixed memory leak in contrib/visupng/PngFile.c
Fixed bugs in png_combine_row() in pnggccrd.c and pngvcrd.c (C version)
Added warnings when retrieving or setting gamma=0.
Increased the first part of msg buffer from 16 to 18 in png_chunk_warning().
Fixed bug in progressive reading (pngpread.c) with small images (height < 8).
out of date - it was based on a.out OBJECT_FMT, and added entries in the
generated PLISTs to reflect the symlinks that ELF packages uses. It also
tried to be clever, and removed and recreated any symbolic links that were
created, which has resulted in some fun, especially with packages which
use dlopen(3) to load modules. Some recent changes to our ld.so to bring
it more into line with other Operating Systems also exposed some cracks.
+ Modify bsd.pkg.mk and its shared object handling, so that PLISTs now contain
the ELF symlinks.
+ Don't mess about with file system entries when handling shared objects in
bsd.pkg.mk, since it's likely that libtool and the BSD *.mk processing will
have got it right, and have a much better idea than we do.
+ Modify PLISTs to contain "ELF symlinks"
+ On a.out platforms, delete any "ELF symlinks" from the generated PLISTs
+ On ELF platforms, no extra processing needs to be done in bsd.pkg.mk
+ Modify print-PLIST target in bsd.pkg.mk to add dummy symlink entries on
a.out platforms
+ Update the documentation in Packages.txt
With many thanks to Thomas Klausner for keeping me honest with this.
