All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/2] libpng upgrade
@ 2011-07-19 16:29 Scott Garman
  2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Scott Garman @ 2011-07-19 16:29 UTC (permalink / raw)
  To: openembedded-core; +Cc: Scott Garman

Hello,

This upgrade to libpng addresses some security vulnerabilities. It
has been build tested on all five of our qemu MACHINEs.

The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:

  bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib sgarman/libpng-upgrade
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/libpng-upgrade

Scott Garman (2):
  libpng: upgrade to v1.2.46
  distro-tracking: update libpng

 .../conf/distro/include/distro_tracking_fields.inc |   10 +++++-----
 .../libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb}  |   11 ++++++-----
 2 files changed, 11 insertions(+), 10 deletions(-)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb} (55%)




^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 1/2] libpng: upgrade to v1.2.46
  2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
@ 2011-07-19 16:29 ` Scott Garman
  2011-07-19 16:29 ` [PATCH 2/2] distro-tracking: update libpng Scott Garman
  2011-07-20 16:56 ` [PATCH 0/2] libpng upgrade Saul Wold
  2 siblings, 0 replies; 4+ messages in thread
From: Scott Garman @ 2011-07-19 16:29 UTC (permalink / raw)
  To: openembedded-core; +Cc: Scott Garman

This addresses the following security advisories:

* CVE-2011-2690
* CVE-2011-2692

This fixes bug [YOCTO #1255]

The LICENSE and png.h checksum changes were due to trivial changes
in the files.

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb}  |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb} (55%)

diff --git a/meta/recipes-multimedia/libpng/libpng_1.2.44.bb b/meta/recipes-multimedia/libpng/libpng_1.2.46.bb
similarity index 55%
rename from meta/recipes-multimedia/libpng/libpng_1.2.44.bb
rename to meta/recipes-multimedia/libpng/libpng_1.2.46.bb
index d81a5c1..57d9037 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.2.44.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.2.46.bb
@@ -1,16 +1,17 @@
+SUMMARY = "PNG Library"
 DESCRIPTION = "PNG Library"
 HOMEPAGE = "http://www.libpng.org/"
 SECTION = "libs"
 LICENSE = "Libpng"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a294a2bb08b7f25558119edbfd6b2e92 \
-                    file://png.h;startline=172;endline=261;md5=3253923f0093658f470e52a06ddcf4e7"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=21b4b6e3523afa9f03f00b43b991dad0 \
+                    file://png.h;startline=172;endline=261;md5=996460063a9bf2de35b2d61d2776dabc"
 DEPENDS = "zlib"
 PR = "r0"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/libpng12/${PV}/libpng-${PV}.tar.bz2"
 
-SRC_URI[md5sum] = "e3ac7879d62ad166a6f0c7441390d12b"
-SRC_URI[sha256sum] = "b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215"
+SRC_URI[md5sum] = "e8b43dc78ef95b3949af7f961d76874b"
+SRC_URI[sha256sum] = "a5e796e1802b2e221498bda09ff9850bc7ec9068b6788948cc2c42af213914d8"
 
 inherit autotools binconfig pkgconfig
 
-- 
1.7.1




^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] distro-tracking: update libpng
  2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
  2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
@ 2011-07-19 16:29 ` Scott Garman
  2011-07-20 16:56 ` [PATCH 0/2] libpng upgrade Saul Wold
  2 siblings, 0 replies; 4+ messages in thread
From: Scott Garman @ 2011-07-19 16:29 UTC (permalink / raw)
  To: openembedded-core; +Cc: Scott Garman

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../conf/distro/include/distro_tracking_fields.inc |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/distro/include/distro_tracking_fields.inc b/meta/conf/distro/include/distro_tracking_fields.inc
index efb4c0b..2f078c9 100644
--- a/meta/conf/distro/include/distro_tracking_fields.inc
+++ b/meta/conf/distro/include/distro_tracking_fields.inc
@@ -255,14 +255,14 @@ RECIPE_MAINTAINER_pn-neon = "Dongxiao Xu <dongxiao.xu@intel.com>"
 
 RECIPE_STATUS_pn-libpng = "green"
 RECIPE_DEPENDENCY_CHECK_pn-libpng = "not done"
-RECIPE_LATEST_VERSION_pn-libpng = "1.4.5"
-RECIPE_NO_UPDATE_REASON_pn-libpng = "1.4.3 has API compatibility issue, e.g. break libmatchbox. choose 1.2.44 instead"
+RECIPE_LATEST_VERSION_pn-libpng = "1.5.4"
+RECIPE_NO_UPDATE_REASON_pn-libpng = "1.4.3 and later changes the API and breaks libmatchbox. Sticking with the 1.2.x series instead"
 RECIPE_PATCH_pn-libpng+makefile = "by RP; 2008; to define ECHO explicitly for lbitool 2.2.2. need check whether it's still valide for new libtool. candidate for upstream"
 RECIPE_INTEL_SECTION_pn-libpng = "base libs"
-RECIPE_TIME_BETWEEN_LAST_TWO_RELEASES_pn-libpng = "1 month"
-RECIPE_LATEST_RELEASE_DATE_pn-libpng = "06/2010"
+RECIPE_TIME_BETWEEN_LAST_TWO_RELEASES_pn-libpng = "unknown"
+RECIPE_LATEST_RELEASE_DATE_pn-libpng = "07/2011"
 RECIPE_COMMENTS_pn-libpng = ""
-RECIPE_LAST_UPDATE_pn-libpng = "Jul 20, 2010"
+RECIPE_LAST_UPDATE_pn-libpng = "Jul 18, 2011"
 RECIPE_MAINTAINER_pn-libpng = "Scott Garman <scott.a.garman@intel.com>"
 
 RECIPE_STATUS_pn-libidn = "green"
-- 
1.7.1




^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] libpng upgrade
  2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
  2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
  2011-07-19 16:29 ` [PATCH 2/2] distro-tracking: update libpng Scott Garman
@ 2011-07-20 16:56 ` Saul Wold
  2 siblings, 0 replies; 4+ messages in thread
From: Saul Wold @ 2011-07-20 16:56 UTC (permalink / raw)
  To: Patches and discussions about the oe-core layer; +Cc: Scott Garman

On 07/19/2011 09:29 AM, Scott Garman wrote:
> Hello,
>
> This upgrade to libpng addresses some security vulnerabilities. It
> has been build tested on all five of our qemu MACHINEs.
>
> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>
>    bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib sgarman/libpng-upgrade
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/libpng-upgrade
>
> Scott Garman (2):
>    libpng: upgrade to v1.2.46
>    distro-tracking: update libpng
>
>   .../conf/distro/include/distro_tracking_fields.inc |   10 +++++-----
>   .../libpng/{libpng_1.2.44.bb =>  libpng_1.2.46.bb}  |   11 ++++++-----
>   2 files changed, 11 insertions(+), 10 deletions(-)
>   rename meta/recipes-multimedia/libpng/{libpng_1.2.44.bb =>  libpng_1.2.46.bb} (55%)
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>

Merged into OE-Core

Thanks
	Sau!



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-07-20 17:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
2011-07-19 16:29 ` [PATCH 2/2] distro-tracking: update libpng Scott Garman
2011-07-20 16:56 ` [PATCH 0/2] libpng upgrade Saul Wold

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.