libpng: security bump to version 1.6.15

Message ID	1416941543-5545-1-git-send-email-gustavo@zacarias.com.ar
State	Accepted
Commit	b89ce67523b6c18ded565b36fcc09876434cd026
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: Gustavo Zacarias <gustavo@zacarias.com.ar> To: buildroot@busybox.net Date: Tue, 25 Nov 2014 15:52:23 -0300 Message-Id: <1416941543-5545-1-git-send-email-gustavo@zacarias.com.ar> Subject: [Buildroot] [PATCH] libpng: security bump to version 1.6.15 Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>

Message ID

1416941543-5545-1-git-send-email-gustavo@zacarias.com.ar

State

Accepted

Commit

b89ce67523b6c18ded565b36fcc09876434cd026

Headers

From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Date: Tue, 25 Nov 2014 15:52:23 -0300
Message-Id: <1416941543-5545-1-git-send-email-gustavo@zacarias.com.ar>
Subject: [Buildroot] [PATCH] libpng: security bump to version 1.6.15
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Commit Message

Gustavo Zacarias Nov. 25, 2014, 6:52 p.m. UTC

Fixes an out-of-bounds memory access in png_user_version_check().

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 .../libpng/{libpng-01-disable-tools.patch => 0001-disable-tools.patch} | 0
 ...g-02-ignore-symbol-prefix.patch => 0002-ignore-symbol-prefix.patch} | 0
 package/libpng/libpng.hash                                             | 3 +++
 package/libpng/libpng.mk                                               | 2 +-
 4 files changed, 4 insertions(+), 1 deletion(-)
 rename package/libpng/{libpng-01-disable-tools.patch => 0001-disable-tools.patch} (100%)
 rename package/libpng/{libpng-02-ignore-symbol-prefix.patch => 0002-ignore-symbol-prefix.patch} (100%)
 create mode 100644 package/libpng/libpng.hash

Comments

Peter Korsgaard Nov. 25, 2014, 9:33 p.m. UTC | #1

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Fixes an out-of-bounds memory access in png_user_version_check().
 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

diff --git a/package/libpng/libpng-01-disable-tools.patch b/package/libpng/0001-disable-tools.patch
similarity index 100%
rename from package/libpng/libpng-01-disable-tools.patch
rename to package/libpng/0001-disable-tools.patch
diff --git a/package/libpng/libpng-02-ignore-symbol-prefix.patch b/package/libpng/0002-ignore-symbol-prefix.patch
similarity index 100%
rename from package/libpng/libpng-02-ignore-symbol-prefix.patch
rename to package/libpng/0002-ignore-symbol-prefix.patch
diff --git a/package/libpng/libpng.hash b/package/libpng/libpng.hash
new file mode 100644
index 0000000..37f6067
--- /dev/null
+++ b/package/libpng/libpng.hash
@@ -0,0 +1,3 @@ 
+# From http://sourceforge.net/projects/libpng/files/libpng16/1.6.15/
+md5	a95cb387c53215b034203b41ec57c7e5	libpng-1.6.15.tar.xz
+sha1	bddeac8ca97fbcf54d6d32c6eefed5d94b49df88	libpng-1.6.15.tar.xz
diff --git a/package/libpng/libpng.mk b/package/libpng/libpng.mk
index 99510ca..67bf141 100644
--- a/package/libpng/libpng.mk
+++ b/package/libpng/libpng.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-LIBPNG_VERSION = 1.6.12
+LIBPNG_VERSION = 1.6.15
 LIBPNG_SERIES = 16
 LIBPNG_SOURCE = libpng-$(LIBPNG_VERSION).tar.xz
 LIBPNG_SITE = http://downloads.sourceforge.net/project/libpng/libpng${LIBPNG_SERIES}/$(LIBPNG_VERSION)

libpng: security bump to version 1.6.15

Commit Message

Comments

Patch