* [PATCH][meta-oe] libpng: update to 1.6.37
@ 2019-04-22 22:45 Oleksandr Kravchuk
0 siblings, 0 replies; only message in thread
From: Oleksandr Kravchuk @ 2019-04-22 22:45 UTC (permalink / raw)
To: openembedded-core; +Cc: Oleksandr Kravchuk
Removed patch was upsteamed.
License checksums were changed due to modified copyright year and fixed
typo in LICENSE file (see @fef895aa28 and @8da8257d0b).
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
---
.../libpng/libpng/CVE-2019-7317.patch | 20 -------------------
.../{libpng_1.6.36.bb => libpng_1.6.37.bb} | 11 +++++-----
2 files changed, 5 insertions(+), 26 deletions(-)
delete mode 100644 meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
rename meta/recipes-multimedia/libpng/{libpng_1.6.36.bb => libpng_1.6.37.bb} (70%)
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
deleted file mode 100644
index 6ee1f8da30..0000000000
--- a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Use-after-free detected with static analysis.
-
-CVE: CVE-2019-7317
-Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-diff --git a/png.c b/png.c
-index 9d9926f638..efd1aecfbd 100644
---- a/png.c
-+++ b/png.c
-@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
- if (image != NULL && image->opaque != NULL &&
- image->opaque->error_buf == NULL)
- {
-- /* Ignore errors here: */
-- (void)png_safe_execute(image, png_image_free_function, image);
-+ png_image_free_function(image);
- image->opaque = NULL;
- }
- }
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
similarity index 70%
rename from meta/recipes-multimedia/libpng/libpng_1.6.36.bb
rename to meta/recipes-multimedia/libpng/libpng_1.6.37.bb
index a586237888..66af2f3d60 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
@@ -2,17 +2,16 @@ SUMMARY = "PNG image format decoding library"
HOMEPAGE = "http://www.libpng.org/"
SECTION = "libs"
LICENSE = "Libpng"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=12b4ec50384c800bc568f519671b120c \
- file://png.h;endline=144;md5=15ae15f53376306868259924a9db4e05 \
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b0085051bf265bac2bfc38bc89f50000\
+ file://png.h;endline=144;md5=8acd23d544623816b097e07be0139509\
"
DEPENDS = "zlib"
LIBV = "16"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
- file://CVE-2019-7317.patch"
-SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
-SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
+SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9"
+SRC_URI[sha256sum] = "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca"
MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/${PV}/"
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-04-22 22:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-22 22:45 [PATCH][meta-oe] libpng: update to 1.6.37 Oleksandr Kravchuk
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.