From: Michael Tremer Date: Thu, 29 Dec 2016 16:04:29 +0000 (+0000) Subject: libpng: Update to version 1.2.57 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8fa523e028ecfa8acb33bac7d48f2fe9cb60a86e;p=people%2Fms%2Fipfire-2.x.git libpng: Update to version 1.2.57 These all fix a potential "NULL dereference" bug that has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened. Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/common/libpng b/config/rootfiles/common/libpng index c29eaa7db7..9a20880a1a 100644 --- a/config/rootfiles/common/libpng +++ b/config/rootfiles/common/libpng @@ -9,12 +9,12 @@ #usr/lib/libpng.la usr/lib/libpng.so usr/lib/libpng.so.3 -usr/lib/libpng.so.3.46.0 +usr/lib/libpng.so.3.57.0 #usr/lib/libpng12.a #usr/lib/libpng12.la usr/lib/libpng12.so usr/lib/libpng12.so.0 -usr/lib/libpng12.so.0.46.0 +usr/lib/libpng12.so.0.57.0 #usr/lib/pkgconfig/libpng.pc #usr/lib/pkgconfig/libpng12.pc #usr/share/man/man3/libpng.3 diff --git a/config/rootfiles/core/109/filelists/libpng b/config/rootfiles/core/109/filelists/libpng new file mode 120000 index 0000000000..8ef96e2c13 --- /dev/null +++ b/config/rootfiles/core/109/filelists/libpng @@ -0,0 +1 @@ +../../../common/libpng \ No newline at end of file diff --git a/lfs/libpng b/lfs/libpng index 707511867f..af2db684e6 100644 --- a/lfs/libpng +++ b/lfs/libpng @@ -24,7 +24,7 @@ include Config -VER = 1.2.46 +VER = 1.2.57 THISAPP = libpng-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 03ddfc17ad321db93f984581e9415d22 +$(DL_FILE)_MD5 = dfcda3603e29dcc11870c48f838ef75b install : $(TARGET)