ports/opt (3.2): [notify] libpng: updated to 1.6.27. Fix for CVE-2016-10087.

crux at crux.nu crux at crux.nu
Mon Jan 2 20:59:32 UTC 2017


commit 6c7570bde7d56962a8b188c157e8129419c9f16e
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Mon Jan 2 21:58:13 2017 +0100

    [notify] libpng: updated to 1.6.27. Fix for CVE-2016-10087.
    
    Advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087

diff --git a/libpng/.footprint b/libpng/.footprint
index 8dde1e1..3e11396 100644
--- a/libpng/.footprint
+++ b/libpng/.footprint
@@ -18,9 +18,9 @@ lrwxrwxrwx	root/root	usr/lib/libpng.la -> libpng16.la
 lrwxrwxrwx	root/root	usr/lib/libpng.so -> libpng16.so
 -rw-r--r--	root/root	usr/lib/libpng16.a
 -rwxr-xr-x	root/root	usr/lib/libpng16.la
-lrwxrwxrwx	root/root	usr/lib/libpng16.so -> libpng16.so.16.26.0
-lrwxrwxrwx	root/root	usr/lib/libpng16.so.16 -> libpng16.so.16.26.0
--rwxr-xr-x	root/root	usr/lib/libpng16.so.16.26.0
+lrwxrwxrwx	root/root	usr/lib/libpng16.so -> libpng16.so.16.27.0
+lrwxrwxrwx	root/root	usr/lib/libpng16.so.16 -> libpng16.so.16.27.0
+-rwxr-xr-x	root/root	usr/lib/libpng16.so.16.27.0
 drwxr-xr-x	root/root	usr/lib/pkgconfig/
 lrwxrwxrwx	root/root	usr/lib/pkgconfig/libpng.pc -> libpng16.pc
 -rw-r--r--	root/root	usr/lib/pkgconfig/libpng16.pc
diff --git a/libpng/.md5sum b/libpng/.md5sum
index 32dd94c..87bcd77 100644
--- a/libpng/.md5sum
+++ b/libpng/.md5sum
@@ -1,2 +1,2 @@
-faed9bb495d2e12dd0c9ec561ca60cd8  libpng-1.6.26.tar.xz
-ce372fe75b670f1f714ef5588f57e1a4  libpng-apng.patch
+90099cb7dfb36bf223f4791429d45c6a  libpng-1.6.27.tar.xz
+493e3dfbf217a6fd8f3f4d9e4691bb9c  libpng-apng.patch
diff --git a/libpng/Pkgfile b/libpng/Pkgfile
index 94a28e6..7ac3bd1 100644
--- a/libpng/Pkgfile
+++ b/libpng/Pkgfile
@@ -4,7 +4,7 @@
 # Depends on:  zlib
 
 name=libpng
-version=1.6.26
+version=1.6.27
 release=1
 source=(http://download.sourceforge.net/$name/$name-$version.tar.xz \
         $name-apng.patch)
diff --git a/libpng/libpng-apng.patch b/libpng/libpng-apng.patch
index 58fdafd..d1b1806 100644
--- a/libpng/libpng-apng.patch
+++ b/libpng/libpng-apng.patch
@@ -299,8 +299,8 @@ Index: png.c
  #else
  #  ifdef __STDC__
     return PNG_STRING_NEWLINE \
--      "libpng version 1.6.26 - October 20, 2016" PNG_STRING_NEWLINE \
-+      "libpng version 1.6.26+apng - October 20, 2016" PNG_STRING_NEWLINE \
+-      "libpng version 1.6.27 - December 29, 2016" PNG_STRING_NEWLINE \
++      "libpng version 1.6.27+apng - December 29, 2016" PNG_STRING_NEWLINE \
        "Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson" \
        PNG_STRING_NEWLINE \
        "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
@@ -310,8 +310,8 @@ Index: png.c
 +      "Portions Copyright (c) 2006-2007 Andrew Smith" PNG_STRING_NEWLINE \
 +      "Portions Copyright (c) 2008-2016 Max Stepin" PNG_STRING_NEWLINE ;
  #  else
--   return "libpng version 1.6.26 - October 20, 2016\
-+   return "libpng version 1.6.26+apng - October 20, 2016\
+-   return "libpng version 1.6.27 - December 29, 2016\
++   return "libpng version 1.6.27+apng - December 29, 2016\
        Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson\
        Copyright (c) 1996-1997 Andreas Dilger\
 -      Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
@@ -342,11 +342,11 @@ Index: png.h
   */
  
  /* Version information for png.h - this should match the version in png.c */
--#define PNG_LIBPNG_VER_STRING "1.6.26"
--#define PNG_HEADER_VERSION_STRING " libpng version 1.6.26 - October 20, 2016\n"
-+#define PNG_LIBPNG_VER_STRING "1.6.26+apng"
+-#define PNG_LIBPNG_VER_STRING "1.6.27"
+-#define PNG_HEADER_VERSION_STRING " libpng version 1.6.27 - December 29, 2016\n"
++#define PNG_LIBPNG_VER_STRING "1.6.27+apng"
 +#define PNG_HEADER_VERSION_STRING \
-+     " libpng version 1.6.26+apng - October 20, 2016\n"
++     " libpng version 1.6.27+apng - December 29, 2016\n"
  
  #define PNG_LIBPNG_VER_SONUM   16
  #define PNG_LIBPNG_VER_DLLNUM  16



More information about the CRUX mailing list