ports/opt (3.3): [notify] libpng: updated to 1.6.27. Fix for CVE-2016-10087.

crux at crux.nu crux at crux.nu
Mon Jan 2 20:58:14 UTC 2017


commit 5011cfda15737a036ba28e18a7d64c5514f954c2
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Mon Jan 2 21:58:13 2017 +0100

    [notify] libpng: updated to 1.6.27. Fix for CVE-2016-10087.
    
    Advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087

diff --git a/libpng/.footprint b/libpng/.footprint
index 8dde1e1..3e11396 100644
--- a/libpng/.footprint
+++ b/libpng/.footprint
@@ -18,9 +18,9 @@ lrwxrwxrwx	root/root	usr/lib/libpng.la -> libpng16.la
 lrwxrwxrwx	root/root	usr/lib/libpng.so -> libpng16.so
 -rw-r--r--	root/root	usr/lib/libpng16.a
 -rwxr-xr-x	root/root	usr/lib/libpng16.la
-lrwxrwxrwx	root/root	usr/lib/libpng16.so -> libpng16.so.16.26.0
-lrwxrwxrwx	root/root	usr/lib/libpng16.so.16 -> libpng16.so.16.26.0
--rwxr-xr-x	root/root	usr/lib/libpng16.so.16.26.0
+lrwxrwxrwx	root/root	usr/lib/libpng16.so -> libpng16.so.16.27.0
+lrwxrwxrwx	root/root	usr/lib/libpng16.so.16 -> libpng16.so.16.27.0
+-rwxr-xr-x	root/root	usr/lib/libpng16.so.16.27.0
 drwxr-xr-x	root/root	usr/lib/pkgconfig/
 lrwxrwxrwx	root/root	usr/lib/pkgconfig/libpng.pc -> libpng16.pc
 -rw-r--r--	root/root	usr/lib/pkgconfig/libpng16.pc
diff --git a/libpng/.md5sum b/libpng/.md5sum
index 32dd94c..87bcd77 100644
--- a/libpng/.md5sum
+++ b/libpng/.md5sum
@@ -1,2 +1,2 @@
-faed9bb495d2e12dd0c9ec561ca60cd8  libpng-1.6.26.tar.xz
-ce372fe75b670f1f714ef5588f57e1a4  libpng-apng.patch
+90099cb7dfb36bf223f4791429d45c6a  libpng-1.6.27.tar.xz
+493e3dfbf217a6fd8f3f4d9e4691bb9c  libpng-apng.patch
diff --git a/libpng/.signature b/libpng/.signature
index f15eb88..9f015eb 100644
--- a/libpng/.signature
+++ b/libpng/.signature
@@ -1,6 +1,6 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/VLTMGbtQg5Tx2/y5DfVFpH0KEGg34zbQok0bT1ISNrX10T8fbpKI4nOfrDg7Fjq7V6Fo/o0Pv+KxneG3sJ2OQo=
-SHA256 (Pkgfile) = 6e3e5df017471a0c669290c2ae5a371a132e99475887a6b4a060dd69d94fe5d2
-SHA256 (.footprint) = 71ffc20f8340b89ff4574d0b02efc08dce94b5f00022c0fa9f474e2ef5ecfc85
-SHA256 (libpng-1.6.26.tar.xz) = 266743a326986c3dbcee9d89b640595f6b16a293fd02b37d8c91348d317b73f9
-SHA256 (libpng-apng.patch) = f88299ef989c5de56ff4e5250a8bbc69a3f60137811afe895548fd84f721a8ea
+RWSE3ohX2g5d/aD7O6KEG/arQmVDvMl6GYLIDUnvOv1pbp9AxMjts1clkK4mg5ah0E9gInifNlrj9p+ub47i+ApbajGla/0MtQU=
+SHA256 (Pkgfile) = 48e5f0cd98cc940264916d8183cfe45cefed629e6ee93946bff286b605ca9290
+SHA256 (.footprint) = 8cf763aa03d8597cbbd23ed7c6b2fb7ac2f9a25231e5bb4b08d934d7de4fc32a
+SHA256 (libpng-1.6.27.tar.xz) = fca2ffd97336356cdab9bfa8936b9d6dfd580a70205e5dfead3ac42cb054b57b
+SHA256 (libpng-apng.patch) = c313747661a3dcd34b3946a8db6b3880499cdaa19ca7c4b0453c838648491d04
diff --git a/libpng/Pkgfile b/libpng/Pkgfile
index 94a28e6..7ac3bd1 100644
--- a/libpng/Pkgfile
+++ b/libpng/Pkgfile
@@ -4,7 +4,7 @@
 # Depends on:  zlib
 
 name=libpng
-version=1.6.26
+version=1.6.27
 release=1
 source=(http://download.sourceforge.net/$name/$name-$version.tar.xz \
         $name-apng.patch)
diff --git a/libpng/libpng-apng.patch b/libpng/libpng-apng.patch
index 58fdafd..d1b1806 100644
--- a/libpng/libpng-apng.patch
+++ b/libpng/libpng-apng.patch
@@ -299,8 +299,8 @@ Index: png.c
  #else
  #  ifdef __STDC__
     return PNG_STRING_NEWLINE \
--      "libpng version 1.6.26 - October 20, 2016" PNG_STRING_NEWLINE \
-+      "libpng version 1.6.26+apng - October 20, 2016" PNG_STRING_NEWLINE \
+-      "libpng version 1.6.27 - December 29, 2016" PNG_STRING_NEWLINE \
++      "libpng version 1.6.27+apng - December 29, 2016" PNG_STRING_NEWLINE \
        "Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson" \
        PNG_STRING_NEWLINE \
        "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
@@ -310,8 +310,8 @@ Index: png.c
 +      "Portions Copyright (c) 2006-2007 Andrew Smith" PNG_STRING_NEWLINE \
 +      "Portions Copyright (c) 2008-2016 Max Stepin" PNG_STRING_NEWLINE ;
  #  else
--   return "libpng version 1.6.26 - October 20, 2016\
-+   return "libpng version 1.6.26+apng - October 20, 2016\
+-   return "libpng version 1.6.27 - December 29, 2016\
++   return "libpng version 1.6.27+apng - December 29, 2016\
        Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson\
        Copyright (c) 1996-1997 Andreas Dilger\
 -      Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
@@ -342,11 +342,11 @@ Index: png.h
   */
  
  /* Version information for png.h - this should match the version in png.c */
--#define PNG_LIBPNG_VER_STRING "1.6.26"
--#define PNG_HEADER_VERSION_STRING " libpng version 1.6.26 - October 20, 2016\n"
-+#define PNG_LIBPNG_VER_STRING "1.6.26+apng"
+-#define PNG_LIBPNG_VER_STRING "1.6.27"
+-#define PNG_HEADER_VERSION_STRING " libpng version 1.6.27 - December 29, 2016\n"
++#define PNG_LIBPNG_VER_STRING "1.6.27+apng"
 +#define PNG_HEADER_VERSION_STRING \
-+     " libpng version 1.6.26+apng - October 20, 2016\n"
++     " libpng version 1.6.27+apng - December 29, 2016\n"
  
  #define PNG_LIBPNG_VER_SONUM   16
  #define PNG_LIBPNG_VER_DLLNUM  16



More information about the CRUX mailing list