* [PATCH] libpng security updates
@ 2010-07-23 10:06 Henning Heinold
2010-07-23 10:06 ` [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED Henning Heinold
0 siblings, 1 reply; 3+ messages in thread
From: Henning Heinold @ 2010-07-23 10:06 UTC (permalink / raw)
To: openembedded-devel
Hi,
this fixes libpng security bugs, removes insecure versions and converts the recipe to BBCLASSEXTENDED.
Henning Heinold (1):
libpng: update to version 1.2.44 because of CVE-2010-1205 and convert
to BBCLASSEXTENDED
recipes/libpng/libpng-native.inc | 5 -----
recipes/libpng/libpng-native_1.2.37.bb | 6 ------
recipes/libpng/libpng-native_1.2.40.bb | 9 ---------
recipes/libpng/libpng-native_1.2.41.bb | 6 ------
recipes/libpng/libpng-native_1.2.42.bb | 6 ------
recipes/libpng/libpng.inc | 6 +++++-
recipes/libpng/libpng_1.2.37.bb | 8 --------
recipes/libpng/libpng_1.2.40.bb | 8 --------
recipes/libpng/libpng_1.2.41.bb | 8 --------
recipes/libpng/libpng_1.2.42.bb | 8 --------
recipes/libpng/libpng_1.2.44.bb | 8 ++++++++
11 files changed, 13 insertions(+), 65 deletions(-)
delete mode 100644 recipes/libpng/libpng-native.inc
delete mode 100644 recipes/libpng/libpng-native_1.2.37.bb
delete mode 100644 recipes/libpng/libpng-native_1.2.40.bb
delete mode 100644 recipes/libpng/libpng-native_1.2.41.bb
delete mode 100644 recipes/libpng/libpng-native_1.2.42.bb
delete mode 100644 recipes/libpng/libpng_1.2.37.bb
delete mode 100644 recipes/libpng/libpng_1.2.40.bb
delete mode 100644 recipes/libpng/libpng_1.2.41.bb
delete mode 100644 recipes/libpng/libpng_1.2.42.bb
create mode 100644 recipes/libpng/libpng_1.2.44.bb
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED
2010-07-23 10:06 [PATCH] libpng security updates Henning Heinold
@ 2010-07-23 10:06 ` Henning Heinold
2010-07-23 12:12 ` Koen Kooi
0 siblings, 1 reply; 3+ messages in thread
From: Henning Heinold @ 2010-07-23 10:06 UTC (permalink / raw)
To: openembedded-devel
---
recipes/libpng/libpng-native.inc | 5 -----
recipes/libpng/libpng-native_1.2.37.bb | 6 ------
recipes/libpng/libpng-native_1.2.40.bb | 9 ---------
recipes/libpng/libpng-native_1.2.41.bb | 6 ------
recipes/libpng/libpng-native_1.2.42.bb | 6 ------
recipes/libpng/libpng.inc | 6 +++++-
recipes/libpng/libpng_1.2.37.bb | 8 --------
recipes/libpng/libpng_1.2.40.bb | 8 --------
recipes/libpng/libpng_1.2.41.bb | 8 --------
recipes/libpng/libpng_1.2.42.bb | 8 --------
recipes/libpng/libpng_1.2.44.bb | 8 ++++++++
11 files changed, 13 insertions(+), 65 deletions(-)
delete mode 100644 recipes/libpng/libpng-native.inc
delete mode 100644 recipes/libpng/libpng-native_1.2.37.bb
delete mode 100644 recipes/libpng/libpng-native_1.2.40.bb
delete mode 100644 recipes/libpng/libpng-native_1.2.41.bb
delete mode 100644 recipes/libpng/libpng-native_1.2.42.bb
delete mode 100644 recipes/libpng/libpng_1.2.37.bb
delete mode 100644 recipes/libpng/libpng_1.2.40.bb
delete mode 100644 recipes/libpng/libpng_1.2.41.bb
delete mode 100644 recipes/libpng/libpng_1.2.42.bb
create mode 100644 recipes/libpng/libpng_1.2.44.bb
diff --git a/recipes/libpng/libpng-native.inc b/recipes/libpng/libpng-native.inc
deleted file mode 100644
index a515346..0000000
--- a/recipes/libpng/libpng-native.inc
+++ /dev/null
@@ -1,5 +0,0 @@
-inherit native
-
-DEPENDS = "zlib-native"
-
-INHIBIT_NATIVE_STAGE_INSTALL = "1"
diff --git a/recipes/libpng/libpng-native_1.2.37.bb b/recipes/libpng/libpng-native_1.2.37.bb
deleted file mode 100644
index 3c36b52..0000000
--- a/recipes/libpng/libpng-native_1.2.37.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
diff --git a/recipes/libpng/libpng-native_1.2.40.bb b/recipes/libpng/libpng-native_1.2.40.bb
deleted file mode 100644
index 6f0222d..0000000
--- a/recipes/libpng/libpng-native_1.2.40.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
-
-SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
-SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
diff --git a/recipes/libpng/libpng-native_1.2.41.bb b/recipes/libpng/libpng-native_1.2.41.bb
deleted file mode 100644
index 3c36b52..0000000
--- a/recipes/libpng/libpng-native_1.2.41.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
diff --git a/recipes/libpng/libpng-native_1.2.42.bb b/recipes/libpng/libpng-native_1.2.42.bb
deleted file mode 100644
index 3c36b52..0000000
--- a/recipes/libpng/libpng-native_1.2.42.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
diff --git a/recipes/libpng/libpng.inc b/recipes/libpng/libpng.inc
index fc1feb8..0053071 100644
--- a/recipes/libpng/libpng.inc
+++ b/recipes/libpng/libpng.inc
@@ -3,11 +3,14 @@ HOMEPAGE = "http://www.libpng.org/"
LICENSE = "libpng"
SECTION = "libs"
PRIORITY = "required"
+
DEPENDS = "zlib"
INC_PR = "r2"
-SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=tarball"
+BBCLASSEXTEND = "native"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=libpng"
S = "${WORKDIR}/libpng-${PV}"
inherit autotools pkgconfig binconfig
@@ -19,3 +22,4 @@ FILES_libpng12 = "${libdir}/libpng12.so.*"
FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la \
${libdir}/*.a ${libdir}/pkgconfig \
${datadir}/aclocal ${bindir} ${sbindir}"
+
diff --git a/recipes/libpng/libpng_1.2.37.bb b/recipes/libpng/libpng_1.2.37.bb
deleted file mode 100644
index 950ebb4..0000000
--- a/recipes/libpng/libpng_1.2.37.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "6d1ee0888dbb711214943cb19c294b49"
-SRC_URI[tarball.sha256sum] = "682960b55527b54bada90e959c2d42679444a1db43677c77eb645a29645f86d1"
diff --git a/recipes/libpng/libpng_1.2.40.bb b/recipes/libpng/libpng_1.2.40.bb
deleted file mode 100644
index 80d87bc..0000000
--- a/recipes/libpng/libpng_1.2.40.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
-SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
diff --git a/recipes/libpng/libpng_1.2.41.bb b/recipes/libpng/libpng_1.2.41.bb
deleted file mode 100644
index 2389915..0000000
--- a/recipes/libpng/libpng_1.2.41.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "2faa7f8d81e6a35beb991cb75edbf056"
-SRC_URI[tarball.sha256sum] = "a172c5afe4668a31eb090d14be7fc2811a9fec8568a785badd30280f47a27e00"
diff --git a/recipes/libpng/libpng_1.2.42.bb b/recipes/libpng/libpng_1.2.42.bb
deleted file mode 100644
index d37f7e3..0000000
--- a/recipes/libpng/libpng_1.2.42.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "9a5cbe9798927fdf528f3186a8840ebe"
-SRC_URI[tarball.sha256sum] = "a044c4632a236bbf99527da81977577929a173c1f7f68a70a81ea2ea7cffa6a7"
diff --git a/recipes/libpng/libpng_1.2.44.bb b/recipes/libpng/libpng_1.2.44.bb
new file mode 100644
index 0000000..4ba7b20
--- /dev/null
+++ b/recipes/libpng/libpng_1.2.44.bb
@@ -0,0 +1,8 @@
+require libpng.inc
+
+PR = "${INC_PR}.0"
+
+SRC_URI += "file://makefile_fix.patch"
+
+SRC_URI[libpng.md5sum] = "e3ac7879d62ad166a6f0c7441390d12b"
+SRC_URI[libpng.sha256sum] = "b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215"
--
1.7.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED
2010-07-23 10:06 ` [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED Henning Heinold
@ 2010-07-23 12:12 ` Koen Kooi
0 siblings, 0 replies; 3+ messages in thread
From: Koen Kooi @ 2010-07-23 12:12 UTC (permalink / raw)
To: openembedded-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Acked-by: Koen Kooi <koen@openembedded.org>
On 23-07-10 12:06, Henning Heinold wrote:
> ---
> recipes/libpng/libpng-native.inc | 5 -----
> recipes/libpng/libpng-native_1.2.37.bb | 6 ------
> recipes/libpng/libpng-native_1.2.40.bb | 9 ---------
> recipes/libpng/libpng-native_1.2.41.bb | 6 ------
> recipes/libpng/libpng-native_1.2.42.bb | 6 ------
> recipes/libpng/libpng.inc | 6 +++++-
> recipes/libpng/libpng_1.2.37.bb | 8 --------
> recipes/libpng/libpng_1.2.40.bb | 8 --------
> recipes/libpng/libpng_1.2.41.bb | 8 --------
> recipes/libpng/libpng_1.2.42.bb | 8 --------
> recipes/libpng/libpng_1.2.44.bb | 8 ++++++++
> 11 files changed, 13 insertions(+), 65 deletions(-)
> delete mode 100644 recipes/libpng/libpng-native.inc
> delete mode 100644 recipes/libpng/libpng-native_1.2.37.bb
> delete mode 100644 recipes/libpng/libpng-native_1.2.40.bb
> delete mode 100644 recipes/libpng/libpng-native_1.2.41.bb
> delete mode 100644 recipes/libpng/libpng-native_1.2.42.bb
> delete mode 100644 recipes/libpng/libpng_1.2.37.bb
> delete mode 100644 recipes/libpng/libpng_1.2.40.bb
> delete mode 100644 recipes/libpng/libpng_1.2.41.bb
> delete mode 100644 recipes/libpng/libpng_1.2.42.bb
> create mode 100644 recipes/libpng/libpng_1.2.44.bb
>
> diff --git a/recipes/libpng/libpng-native.inc b/recipes/libpng/libpng-native.inc
> deleted file mode 100644
> index a515346..0000000
> --- a/recipes/libpng/libpng-native.inc
> +++ /dev/null
> @@ -1,5 +0,0 @@
> -inherit native
> -
> -DEPENDS = "zlib-native"
> -
> -INHIBIT_NATIVE_STAGE_INSTALL = "1"
> diff --git a/recipes/libpng/libpng-native_1.2.37.bb b/recipes/libpng/libpng-native_1.2.37.bb
> deleted file mode 100644
> index 3c36b52..0000000
> --- a/recipes/libpng/libpng-native_1.2.37.bb
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> diff --git a/recipes/libpng/libpng-native_1.2.40.bb b/recipes/libpng/libpng-native_1.2.40.bb
> deleted file mode 100644
> index 6f0222d..0000000
> --- a/recipes/libpng/libpng-native_1.2.40.bb
> +++ /dev/null
> @@ -1,9 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> -
> -SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
> -SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
> diff --git a/recipes/libpng/libpng-native_1.2.41.bb b/recipes/libpng/libpng-native_1.2.41.bb
> deleted file mode 100644
> index 3c36b52..0000000
> --- a/recipes/libpng/libpng-native_1.2.41.bb
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> diff --git a/recipes/libpng/libpng-native_1.2.42.bb b/recipes/libpng/libpng-native_1.2.42.bb
> deleted file mode 100644
> index 3c36b52..0000000
> --- a/recipes/libpng/libpng-native_1.2.42.bb
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> diff --git a/recipes/libpng/libpng.inc b/recipes/libpng/libpng.inc
> index fc1feb8..0053071 100644
> --- a/recipes/libpng/libpng.inc
> +++ b/recipes/libpng/libpng.inc
> @@ -3,11 +3,14 @@ HOMEPAGE = "http://www.libpng.org/"
> LICENSE = "libpng"
> SECTION = "libs"
> PRIORITY = "required"
> +
> DEPENDS = "zlib"
>
> INC_PR = "r2"
>
> -SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=tarball"
> +BBCLASSEXTEND = "native"
> +
> +SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=libpng"
> S = "${WORKDIR}/libpng-${PV}"
>
> inherit autotools pkgconfig binconfig
> @@ -19,3 +22,4 @@ FILES_libpng12 = "${libdir}/libpng12.so.*"
> FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la \
> ${libdir}/*.a ${libdir}/pkgconfig \
> ${datadir}/aclocal ${bindir} ${sbindir}"
> +
> diff --git a/recipes/libpng/libpng_1.2.37.bb b/recipes/libpng/libpng_1.2.37.bb
> deleted file mode 100644
> index 950ebb4..0000000
> --- a/recipes/libpng/libpng_1.2.37.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "6d1ee0888dbb711214943cb19c294b49"
> -SRC_URI[tarball.sha256sum] = "682960b55527b54bada90e959c2d42679444a1db43677c77eb645a29645f86d1"
> diff --git a/recipes/libpng/libpng_1.2.40.bb b/recipes/libpng/libpng_1.2.40.bb
> deleted file mode 100644
> index 80d87bc..0000000
> --- a/recipes/libpng/libpng_1.2.40.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
> -SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
> diff --git a/recipes/libpng/libpng_1.2.41.bb b/recipes/libpng/libpng_1.2.41.bb
> deleted file mode 100644
> index 2389915..0000000
> --- a/recipes/libpng/libpng_1.2.41.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "2faa7f8d81e6a35beb991cb75edbf056"
> -SRC_URI[tarball.sha256sum] = "a172c5afe4668a31eb090d14be7fc2811a9fec8568a785badd30280f47a27e00"
> diff --git a/recipes/libpng/libpng_1.2.42.bb b/recipes/libpng/libpng_1.2.42.bb
> deleted file mode 100644
> index d37f7e3..0000000
> --- a/recipes/libpng/libpng_1.2.42.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "9a5cbe9798927fdf528f3186a8840ebe"
> -SRC_URI[tarball.sha256sum] = "a044c4632a236bbf99527da81977577929a173c1f7f68a70a81ea2ea7cffa6a7"
> diff --git a/recipes/libpng/libpng_1.2.44.bb b/recipes/libpng/libpng_1.2.44.bb
> new file mode 100644
> index 0000000..4ba7b20
> --- /dev/null
> +++ b/recipes/libpng/libpng_1.2.44.bb
> @@ -0,0 +1,8 @@
> +require libpng.inc
> +
> +PR = "${INC_PR}.0"
> +
> +SRC_URI += "file://makefile_fix.patch"
> +
> +SRC_URI[libpng.md5sum] = "e3ac7879d62ad166a6f0c7441390d12b"
> +SRC_URI[libpng.sha256sum] = "b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFMSYccMkyGM64RGpERAsHsAJ95LFlFpQbSQVhk4k2//Xg+LLB4ywCfVYJL
DqCp5nRnfWUgq3xc/lAONYs=
=Fu4g
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-07-23 12:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-23 10:06 [PATCH] libpng security updates Henning Heinold
2010-07-23 10:06 ` [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED Henning Heinold
2010-07-23 12:12 ` Koen Kooi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.