Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1557692360299350"
MIME-Version: 1.0
Date: Sun, 12 May 2019 20:19:20 +0000
From: "S.P.Zeidler" <spz@netbsd.org>
Subject: CVS commit: [pkgsrc-2019Q1] pkgsrc/graphics/png
To: pkgsrc-changes@NetBSD.org
Reply-To: spz@netbsd.org
Message-Id: <20190512201920.144C0FB16@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1557692360299350
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	spz
Date:		Sun May 12 20:19:20 UTC 2019

Modified Files:
	pkgsrc/graphics/png [pkgsrc-2019Q1]: Makefile distinfo

Log Message:
Pullup ticket #5955 - requested by taca
graphics/png: security update

Revisions pulled up:
- graphics/png/Makefile                                         1.198
- graphics/png/distinfo                                         1.142

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Apr 17 07:05:21 UTC 2019

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   png: update to 1.6.37.

   This is largely a bugfix-only release. Most importantly, it contains
   a fix for a use-after-free vulnerability (CVE-2019-7317) affecting
   the simplified libpng API, and a fix for a memory leak affecting the
   ARM NEON implementation of the palette-to-RGB(A) expansion.

   To generate a diff of this commit:
   cvs rdiff -u -r1.197 -r1.198 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.141 -r1.142 pkgsrc/graphics/png/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.197 -r1.197.4.1 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.141 -r1.141.4.1 pkgsrc/graphics/png/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1557692360299350
Content-Disposition: inline
Content-Length: 1728
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/graphics/png/Makefile
diff -u pkgsrc/graphics/png/Makefile:1.197 pkgsrc/graphics/png/Makefile:1.197.4.1
--- pkgsrc/graphics/png/Makefile:1.197	Sun Dec  2 12:43:23 2018
+++ pkgsrc/graphics/png/Makefile	Sun May 12 20:19:19 2019
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.197 2018/12/02 12:43:23 wiz Exp $
+# $NetBSD: Makefile,v 1.197.4.1 2019/05/12 20:19:19 spz Exp $
 
-DISTNAME=	libpng-1.6.36
+DISTNAME=	libpng-1.6.37
 PKGNAME=	${DISTNAME:S/lib//}
 CATEGORIES=	graphics
 MASTER_SITES=	https://ftp-osl.osuosl.org/pub/libpng/src/archive/xz/libpng16/

Index: pkgsrc/graphics/png/distinfo
diff -u pkgsrc/graphics/png/distinfo:1.141 pkgsrc/graphics/png/distinfo:1.141.4.1
--- pkgsrc/graphics/png/distinfo:1.141	Sun Dec  2 12:43:23 2018
+++ pkgsrc/graphics/png/distinfo	Sun May 12 20:19:19 2019
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.141 2018/12/02 12:43:23 wiz Exp $
+$NetBSD: distinfo,v 1.141.4.1 2019/05/12 20:19:19 spz Exp $
 
-SHA1 (libpng-1.6.36.tar.xz) = aec9548c8319104226cc4c31d1f5e524f1b55295
-RMD160 (libpng-1.6.36.tar.xz) = baafcb54ff4913da18c349b14d9a1e98973b17c0
-SHA512 (libpng-1.6.36.tar.xz) = a86ee977df69748e5039fb0ead883f1d3f88b8a701fa24cf8e62dd77c5871bb46397d794fa33ec1d0be1ac488246832ad79d0e6117ac093bdce1b2a1cfcb2bb0
-Size (libpng-1.6.36.tar.xz) = 1012544 bytes
+SHA1 (libpng-1.6.37.tar.xz) = 3ab93fabbf4c27e1c4724371df408d9a1bd3f656
+RMD160 (libpng-1.6.37.tar.xz) = 7d68b596480e994aeccb2794df48a3613f1de9c4
+SHA512 (libpng-1.6.37.tar.xz) = 59e8c1059013497ae616a14c3abbe239322d3873c6ded0912403fc62fb260561768230b6ab997e2cccc3b868c09f539fd13635616b9fa0dd6279a3f63ec7e074
+Size (libpng-1.6.37.tar.xz) = 1012272 bytes
 SHA1 (patch-pngpriv.h) = 3da29edb5d89ab26b9787a71b87c3fd8f451ea39


--_----------=_1557692360299350--