Pullup ticket #5955 - requested by taca graphics/png: security update Revisions pulled up: - graphics/png/Makefile 1.198 - graphics/png/distinfo 1.142 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Wed Apr 17 07:05:21 UTC 2019 Modified Files: pkgsrc/graphics/png: Makefile distinfo Log Message: png: update to 1.6.37. This is largely a bugfix-only release. Most importantly, it contains a fix for a use-after-free vulnerability (CVE-2019-7317) affecting the simplified libpng API, and a fix for a memory leak affecting the ARM NEON implementation of the palette-to-RGB(A) expansion. To generate a diff of this commit: cvs rdiff -u -r1.197 -r1.198 pkgsrc/graphics/png/Makefile cvs rdiff -u -r1.141 -r1.142 pkgsrc/graphics/png/distinfodiff -r1.197 -r1.197.4.1 pkgsrc/graphics/png/Makefile
(spz)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.197 2018/12/02 12:43:23 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.197.4.1 2019/05/12 20:19:19 spz Exp $ | |
2 | 2 | |||
3 | DISTNAME= libpng-1.6.36 | 3 | DISTNAME= libpng-1.6.37 | |
4 | PKGNAME= ${DISTNAME:S/lib//} | 4 | PKGNAME= ${DISTNAME:S/lib//} | |
5 | CATEGORIES= graphics | 5 | CATEGORIES= graphics | |
6 | MASTER_SITES= https://ftp-osl.osuosl.org/pub/libpng/src/archive/xz/libpng16/ | 6 | MASTER_SITES= https://ftp-osl.osuosl.org/pub/libpng/src/archive/xz/libpng16/ | |
7 | MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=libpng/} | 7 | MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=libpng/} | |
8 | MASTER_SITES+= ftp://ftp.fu-berlin.de/unix/graphics/png/src/libpng16/ | 8 | MASTER_SITES+= ftp://ftp.fu-berlin.de/unix/graphics/png/src/libpng16/ | |
9 | EXTRACT_SUFX= .tar.xz | 9 | EXTRACT_SUFX= .tar.xz | |
10 | 10 | |||
11 | MAINTAINER= wiz@NetBSD.org | 11 | MAINTAINER= wiz@NetBSD.org | |
12 | HOMEPAGE= http://www.libpng.org/pub/png/libpng.html | 12 | HOMEPAGE= http://www.libpng.org/pub/png/libpng.html | |
13 | COMMENT= Library for manipulating PNG images | 13 | COMMENT= Library for manipulating PNG images | |
14 | LICENSE= zlib | 14 | LICENSE= zlib | |
15 | 15 | |||
16 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes |
@@ -1,7 +1,7 @@ | @@ -1,7 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.141 2018/12/02 12:43:23 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.141.4.1 2019/05/12 20:19:19 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (libpng-1.6.36.tar.xz) = aec9548c8319104226cc4c31d1f5e524f1b55295 | 3 | SHA1 (libpng-1.6.37.tar.xz) = 3ab93fabbf4c27e1c4724371df408d9a1bd3f656 | |
4 | RMD160 (libpng-1.6.36.tar.xz) = baafcb54ff4913da18c349b14d9a1e98973b17c0 | 4 | RMD160 (libpng-1.6.37.tar.xz) = 7d68b596480e994aeccb2794df48a3613f1de9c4 | |
5 | SHA512 (libpng-1.6.36.tar.xz) = a86ee977df69748e5039fb0ead883f1d3f88b8a701fa24cf8e62dd77c5871bb46397d794fa33ec1d0be1ac488246832ad79d0e6117ac093bdce1b2a1cfcb2bb0 | 5 | SHA512 (libpng-1.6.37.tar.xz) = 59e8c1059013497ae616a14c3abbe239322d3873c6ded0912403fc62fb260561768230b6ab997e2cccc3b868c09f539fd13635616b9fa0dd6279a3f63ec7e074 | |
6 | Size (libpng-1.6.36.tar.xz) = 1012544 bytes | 6 | Size (libpng-1.6.37.tar.xz) = 1012272 bytes | |
7 | SHA1 (patch-pngpriv.h) = 3da29edb5d89ab26b9787a71b87c3fd8f451ea39 | 7 | SHA1 (patch-pngpriv.h) = 3da29edb5d89ab26b9787a71b87c3fd8f451ea39 |