Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id F0939A6663
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Fri, 20 Nov 2015 21:00:30 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 4086014A213; Fri, 20 Nov 2015 21:00:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 8702F14A210
	for <pkgsrc-changes@NetBSD.org>; Fri, 20 Nov 2015 21:00:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id 83qsEyCygGl5 for <pkgsrc-changes@NetBSD.org>;
	Fri, 20 Nov 2015 21:00:28 +0000 (UTC)
Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd])
	by mail.netbsd.org (Postfix) with ESMTP id B590814A20B
	for <pkgsrc-changes@NetBSD.org>; Fri, 20 Nov 2015 21:00:28 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id B051198; Fri, 20 Nov 2015 21:00:28 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Fri, 20 Nov 2015 21:00:28 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2015Q3] pkgsrc/graphics/png
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20151120210028.B051198@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Fri Nov 20 21:00:28 UTC 2015

Modified Files:
	pkgsrc/graphics/png [pkgsrc-2015Q3]: Makefile distinfo

Log Message:
Pullup ticket #4854 - requested by sevan
Pullup ticket #4856 - requested by he
graphics/png: security fix

Revisions pulled up:
- graphics/png/Makefile                                         1.179
- graphics/png/distinfo                                         1.124

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Thu Nov 12 16:12:19 UTC 2015

   Modified Files:
           pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   Update png to 1.6.19:

   Libpng 1.6.19 - November 12, 2015
   Changes since the last public release (1.6.18):
     Updated obsolete information about the simplified API macros in the
       manual pages (Bug report by Arc Riley).
     Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
     Rearranged png.h to put the major sections in the same order as
       in libpng17.
     Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
       PNG_WEIGHT_FACTOR macros.
     Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
       (Bug report by Viktor Szakats).  Several warnings remain and are
       unavoidable, where we test for overflow.
     Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
     Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
     Moved config.h.in~ from the "libpng_autotools_files" list to the
       "libpng_autotools_extra" list in autogen.sh because it was causing a
       false positive for missing files (bug report by Robert C. Seacord).
     Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
       to suppress clang warnings (Bug report by Viktor Szakats).
     Fixed some bad links in the man page.
     Changed "n bit" to "n-bit" in comments.
     Added signed/unsigned 16-bit safety net. This removes the dubious
       0x8000 flag definitions on 16-bit systems. They aren't supported
       yet the defs *probably* work, however it seems much safer to do this
       and be advised if anyone, contrary to advice, is building libpng 1.6
       on a 16-bit system. It also adds back various switch default clauses
       for GCC; GCC errors out if they are not present (with an appropriately
       high level of warnings).
     Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
       Seacord).
     Fixed the recently reported 1's complement security issue by replacing
       the value that is illegal in the PNG spec, in both signed and unsigned
       values, with 0. Illegal unsigned values (anything greater than or equal
       to  0x80000000) can still pass through, but since these are not illegal
       in ANSI-C (unlike 0x80000000 in the signed case) the checking that
       occurs later can catch them (John Bowler).
     Fixed png_save_int_32 when int is not 2's complement (John Bowler).
     Updated libpng16 with all the recent test changes from libpng17,
       including changes to pngvalid.c to ensure that the original,
       distributed, version of contrib/visupng/cexcept.h can be used
       (John Bowler).
     pngvalid contains the correction to the use of SAVE/STORE_
       UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
       tests contain the --strict option to detect warnings and the
       pngvalid-standard test has been corrected so that it does not
       turn on progressive-read. There is a separate test which does
       that. (John Bowler)
     Also made some signed/unsigned fixes.
     Make pngstest error limits version specific. Splitting the machine
       generated error structs out to a file allows the values to be updated
       without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
       slightly different error limits this simplifies maintenance. The
       makepngs.sh script has also been updated to more accurately reflect
       current problems in libpng 1.7 (John Bowler).
     Incorporated new test PNG files into make check.  tests/pngstest-*
       are changed so that the new test files are divided into 8 groups by
       gamma and alpha channel.  These tests have considerably better code
       and pixel-value coverage than contrib/pngsuite; however,coverage is
       still incomplete (John Bowler).
     Removed the '--strict' in 1.6 because of the double-gamma-correction
       warning, updated pngstest-errors.h for the errors detected with the
       new contrib/testspngs PNG test files (John Bowler).
     Worked around rgb-to-gray issues in libpng 1.6.  The previous
       attempts to ignore the errors in the code aren't quite enough to
       deal with the 'channel selection' encoding added to libpng 1.7; abort.
     Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
       macro, therefore the argument list cannot contain preprocessing
       directives.  Make sure pow is a function where this happens. This is
       a minimal safe fix, the issue only arises in non-performance-critical
       code (bug report by Curtis Leach, fix by John Bowler).
     Added sPLT support to pngtest.c
     Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
     Silently truncate over-length PLTE chunk while reading.
     Libpng incorrectly calculated the output rowbytes when the application
       decreased either the number of channels or the bit depth (or both) in
       a user transform.  This was safe; libpng overallocated buffer space
      (potentially by quite a lot; up to 4 times the amount required) but,
      from 1.5.4 on, resulted in a png_error (John Bowler).
     Fixed some inconsequential cut-and-paste typos in
   png_set_cHRM_XYZ_fixed().
     Clarified COPYRIGHT information to state explicitly that versions
       are derived from previous versions.
     Removed much of the long list of previous versions from png.h and
       libpng.3.


To generate a diff of this commit:
cvs rdiff -u -r1.178 -r1.178.2.1 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.122 -r1.122.2.1 pkgsrc/graphics/png/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.