From patchwork Fri Dec 30 13:28:43 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gustavo Zacarias <gustavo@zacarias.com.ar>
X-Patchwork-Id: 709783
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3tqnPg0lnCz9ssP
	for <incoming@patchwork.ozlabs.org>;
	Sat, 31 Dec 2016 00:29:27 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=zacarias.com.ar header.i=@zacarias.com.ar
	header.b="cWwFPU/f"; dkim-atps=neutral
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 72A29862BD;
	Fri, 30 Dec 2016 13:29:25 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id VqD8un_lt14s; Fri, 30 Dec 2016 13:29:24 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id E85FB8625C;
	Fri, 30 Dec 2016 13:29:23 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 203031C0423
	for <buildroot@lists.busybox.net>;
	Fri, 30 Dec 2016 13:29:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 1F0EC858EF
	for <buildroot@lists.busybox.net>;
	Fri, 30 Dec 2016 13:29:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id eEMWCFP3GaTD for <buildroot@lists.busybox.net>;
	Fri, 30 Dec 2016 13:29:21 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from www.zacarias.com.ar (www.zacarias.com.ar [176.9.42.171])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 36B7A8580C
	for <buildroot@busybox.net>; Fri, 30 Dec 2016 13:29:21 +0000 (UTC)
Received: from asgard (cpe-190-55-196-87.telecentro-reversos.com.ar
	[190.55.196.87] (may be forged)) (authenticated bits=0)
	by www.zacarias.com.ar (8.15.2/8.15.2) with ESMTPSA id uBUDSiVv010920
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
	Fri, 30 Dec 2016 13:28:49 GMT
DMARC-Filter: OpenDMARC Filter v1.3.1 www.zacarias.com.ar uBUDSiVv010920
Authentication-Results: zacarias.com.ar;
	dmarc=fail header.from=zacarias.com.ar
Authentication-Results: zacarias.com.ar;
	spf=pass smtp.mailfrom=gustavo@zacarias.com.ar
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zacarias.com.ar;
	s=dkey; t=1483104533;
	bh=VIkSiigVjAGGwy6z76c/br2dNOvk417raHCa1S8L79w=;
	h=From:To:Cc:Subject:Date;
	b=cWwFPU/fSLNvbo9xjPGtg92hKPxsm3TsTa4/N+5eI3yDs0x/0mWFG8ppemO/fFtq1
	ABmhbD5Kj4KB9lRElTx4LXGgU3HJ9v9iqJbFJGlyF7kG2wiTvTNYu6I5SNQ2YEwzrc
	L4eSSjIbwwyCx6s4w/GeZl1bBJTjmZKgymATolGU=
Received: by asgard (sSMTP sendmail emulation);
	Fri, 30 Dec 2016 10:28:43 -0300
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Date: Fri, 30 Dec 2016 10:28:43 -0300
Message-Id: <20161230132843.8991-1-gustavo@zacarias.com.ar>
X-Mailer: git-send-email 2.10.2
X-Virus-Scanned: clamav-milter 0.99 at www
X-Virus-Status: Clean
Subject: [Buildroot] [PATCH] libpng: security bump to version 1.6.27
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fixes a NULL pointer dereference bug in png_set_text_2()
CVE not assigned yet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/libpng/libpng.hash | 6 +++---
 package/libpng/libpng.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/libpng/libpng.hash b/package/libpng/libpng.hash
index d2c377d..237a54f 100644
--- a/package/libpng/libpng.hash
+++ b/package/libpng/libpng.hash
@@ -1,4 +1,4 @@
-# From http://sourceforge.net/projects/libpng/files/libpng16/1.6.26/
-sha1 7a50569b26d57db9810409a59f1b87f8a8e387a3 libpng-1.6.26.tar.xz
+# From http://sourceforge.net/projects/libpng/files/libpng16/1.6.27/
+sha1 af5d742f5d0a6492133aed7790bb43e8854cca64 libpng-1.6.27.tar.xz
 # Locally computed:
-sha256 266743a326986c3dbcee9d89b640595f6b16a293fd02b37d8c91348d317b73f9  libpng-1.6.26.tar.xz
+sha256 fca2ffd97336356cdab9bfa8936b9d6dfd580a70205e5dfead3ac42cb054b57b  libpng-1.6.27.tar.xz
diff --git a/package/libpng/libpng.mk b/package/libpng/libpng.mk
index abb4928..4b3a4ad 100644
--- a/package/libpng/libpng.mk
+++ b/package/libpng/libpng.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBPNG_VERSION = 1.6.26
+LIBPNG_VERSION = 1.6.27
 LIBPNG_SERIES = 16
 LIBPNG_SOURCE = libpng-$(LIBPNG_VERSION).tar.xz
 LIBPNG_SITE = http://downloads.sourceforge.net/project/libpng/libpng${LIBPNG_SERIES}/$(LIBPNG_VERSION)