commit 5011cfda15737a036ba28e18a7d64c5514f954c2 Author: Fredrik Rinnestam <fredrik@crux.nu> Date: Mon Jan 2 21:58:13 2017 +0100 [notify] libpng: updated to 1.6.27. Fix for CVE-2016-10087. Advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 diff --git a/libpng/.footprint b/libpng/.footprint index 8dde1e1..3e11396 100644 --- a/libpng/.footprint +++ b/libpng/.footprint @@ -18,9 +18,9 @@ lrwxrwxrwx root/root usr/lib/libpng.la -> libpng16.la lrwxrwxrwx root/root usr/lib/libpng.so -> libpng16.so -rw-r--r-- root/root usr/lib/libpng16.a -rwxr-xr-x root/root usr/lib/libpng16.la -lrwxrwxrwx root/root usr/lib/libpng16.so -> libpng16.so.16.26.0 -lrwxrwxrwx root/root usr/lib/libpng16.so.16 -> libpng16.so.16.26.0 --rwxr-xr-x root/root usr/lib/libpng16.so.16.26.0 +lrwxrwxrwx root/root usr/lib/libpng16.so -> libpng16.so.16.27.0 +lrwxrwxrwx root/root usr/lib/libpng16.so.16 -> libpng16.so.16.27.0 +-rwxr-xr-x root/root usr/lib/libpng16.so.16.27.0 drwxr-xr-x root/root usr/lib/pkgconfig/ lrwxrwxrwx root/root usr/lib/pkgconfig/libpng.pc -> libpng16.pc -rw-r--r-- root/root usr/lib/pkgconfig/libpng16.pc diff --git a/libpng/.md5sum b/libpng/.md5sum index 32dd94c..87bcd77 100644 --- a/libpng/.md5sum +++ b/libpng/.md5sum @@ -1,2 +1,2 @@ -faed9bb495d2e12dd0c9ec561ca60cd8 libpng-1.6.26.tar.xz -ce372fe75b670f1f714ef5588f57e1a4 libpng-apng.patch +90099cb7dfb36bf223f4791429d45c6a libpng-1.6.27.tar.xz +493e3dfbf217a6fd8f3f4d9e4691bb9c libpng-apng.patch diff --git a/libpng/.signature b/libpng/.signature index f15eb88..9f015eb 100644 --- a/libpng/.signature +++ b/libpng/.signature @@ -1,6 +1,6 @@ untrusted comment: verify with /etc/ports/opt.pub -RWSE3ohX2g5d/VLTMGbtQg5Tx2/y5DfVFpH0KEGg34zbQok0bT1ISNrX10T8fbpKI4nOfrDg7Fjq7V6Fo/o0Pv+KxneG3sJ2OQo= -SHA256 (Pkgfile) = 6e3e5df017471a0c669290c2ae5a371a132e99475887a6b4a060dd69d94fe5d2 -SHA256 (.footprint) = 71ffc20f8340b89ff4574d0b02efc08dce94b5f00022c0fa9f474e2ef5ecfc85 -SHA256 (libpng-1.6.26.tar.xz) = 266743a326986c3dbcee9d89b640595f6b16a293fd02b37d8c91348d317b73f9 -SHA256 (libpng-apng.patch) = f88299ef989c5de56ff4e5250a8bbc69a3f60137811afe895548fd84f721a8ea +RWSE3ohX2g5d/aD7O6KEG/arQmVDvMl6GYLIDUnvOv1pbp9AxMjts1clkK4mg5ah0E9gInifNlrj9p+ub47i+ApbajGla/0MtQU= +SHA256 (Pkgfile) = 48e5f0cd98cc940264916d8183cfe45cefed629e6ee93946bff286b605ca9290 +SHA256 (.footprint) = 8cf763aa03d8597cbbd23ed7c6b2fb7ac2f9a25231e5bb4b08d934d7de4fc32a +SHA256 (libpng-1.6.27.tar.xz) = fca2ffd97336356cdab9bfa8936b9d6dfd580a70205e5dfead3ac42cb054b57b +SHA256 (libpng-apng.patch) = c313747661a3dcd34b3946a8db6b3880499cdaa19ca7c4b0453c838648491d04 diff --git a/libpng/Pkgfile b/libpng/Pkgfile index 94a28e6..7ac3bd1 100644 --- a/libpng/Pkgfile +++ b/libpng/Pkgfile @@ -4,7 +4,7 @@ # Depends on: zlib name=libpng -version=1.6.26 +version=1.6.27 release=1 source=(http://download.sourceforge.net/$name/$name-$version.tar.xz \ $name-apng.patch) diff --git a/libpng/libpng-apng.patch b/libpng/libpng-apng.patch index 58fdafd..d1b1806 100644 --- a/libpng/libpng-apng.patch +++ b/libpng/libpng-apng.patch @@ -299,8 +299,8 @@ Index: png.c #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ -- "libpng version 1.6.26 - October 20, 2016" PNG_STRING_NEWLINE \ -+ "libpng version 1.6.26+apng - October 20, 2016" PNG_STRING_NEWLINE \ +- "libpng version 1.6.27 - December 29, 2016" PNG_STRING_NEWLINE \ ++ "libpng version 1.6.27+apng - December 29, 2016" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ @@ -310,8 +310,8 @@ Index: png.c + "Portions Copyright (c) 2006-2007 Andrew Smith" PNG_STRING_NEWLINE \ + "Portions Copyright (c) 2008-2016 Max Stepin" PNG_STRING_NEWLINE ; # else -- return "libpng version 1.6.26 - October 20, 2016\ -+ return "libpng version 1.6.26+apng - October 20, 2016\ +- return "libpng version 1.6.27 - December 29, 2016\ ++ return "libpng version 1.6.27+apng - December 29, 2016\ Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ - Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; @@ -342,11 +342,11 @@ Index: png.h */ /* Version information for png.h - this should match the version in png.c */ --#define PNG_LIBPNG_VER_STRING "1.6.26" --#define PNG_HEADER_VERSION_STRING " libpng version 1.6.26 - October 20, 2016\n" -+#define PNG_LIBPNG_VER_STRING "1.6.26+apng" +-#define PNG_LIBPNG_VER_STRING "1.6.27" +-#define PNG_HEADER_VERSION_STRING " libpng version 1.6.27 - December 29, 2016\n" ++#define PNG_LIBPNG_VER_STRING "1.6.27+apng" +#define PNG_HEADER_VERSION_STRING \ -+ " libpng version 1.6.26+apng - October 20, 2016\n" ++ " libpng version 1.6.27+apng - December 29, 2016\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16