[PATCH] libpng security updates

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] libpng security updates
@ 2010-07-23 10:06 Henning Heinold
  2010-07-23 10:06 ` [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED Henning Heinold
  0 siblings, 1 reply; 3+ messages in thread
From: Henning Heinold @ 2010-07-23 10:06 UTC (permalink / raw)
  To: openembedded-devel

Hi,

this fixes libpng security bugs, removes insecure versions and converts the recipe to BBCLASSEXTENDED.

Henning Heinold (1):
  libpng: update to version 1.2.44 because of CVE-2010-1205 and convert
    to BBCLASSEXTENDED

 recipes/libpng/libpng-native.inc       |    5 -----
 recipes/libpng/libpng-native_1.2.37.bb |    6 ------
 recipes/libpng/libpng-native_1.2.40.bb |    9 ---------
 recipes/libpng/libpng-native_1.2.41.bb |    6 ------
 recipes/libpng/libpng-native_1.2.42.bb |    6 ------
 recipes/libpng/libpng.inc              |    6 +++++-
 recipes/libpng/libpng_1.2.37.bb        |    8 --------
 recipes/libpng/libpng_1.2.40.bb        |    8 --------
 recipes/libpng/libpng_1.2.41.bb        |    8 --------
 recipes/libpng/libpng_1.2.42.bb        |    8 --------
 recipes/libpng/libpng_1.2.44.bb        |    8 ++++++++
 11 files changed, 13 insertions(+), 65 deletions(-)
 delete mode 100644 recipes/libpng/libpng-native.inc
 delete mode 100644 recipes/libpng/libpng-native_1.2.37.bb
 delete mode 100644 recipes/libpng/libpng-native_1.2.40.bb
 delete mode 100644 recipes/libpng/libpng-native_1.2.41.bb
 delete mode 100644 recipes/libpng/libpng-native_1.2.42.bb
 delete mode 100644 recipes/libpng/libpng_1.2.37.bb
 delete mode 100644 recipes/libpng/libpng_1.2.40.bb
 delete mode 100644 recipes/libpng/libpng_1.2.41.bb
 delete mode 100644 recipes/libpng/libpng_1.2.42.bb
 create mode 100644 recipes/libpng/libpng_1.2.44.bb



^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED
  2010-07-23 10:06 [PATCH] libpng security updates Henning Heinold
@ 2010-07-23 10:06 ` Henning Heinold
  2010-07-23 12:12   ` Koen Kooi
  0 siblings, 1 reply; 3+ messages in thread
From: Henning Heinold @ 2010-07-23 10:06 UTC (permalink / raw)
  To: openembedded-devel

---
 recipes/libpng/libpng-native.inc       |    5 -----
 recipes/libpng/libpng-native_1.2.37.bb |    6 ------
 recipes/libpng/libpng-native_1.2.40.bb |    9 ---------
 recipes/libpng/libpng-native_1.2.41.bb |    6 ------
 recipes/libpng/libpng-native_1.2.42.bb |    6 ------
 recipes/libpng/libpng.inc              |    6 +++++-
 recipes/libpng/libpng_1.2.37.bb        |    8 --------
 recipes/libpng/libpng_1.2.40.bb        |    8 --------
 recipes/libpng/libpng_1.2.41.bb        |    8 --------
 recipes/libpng/libpng_1.2.42.bb        |    8 --------
 recipes/libpng/libpng_1.2.44.bb        |    8 ++++++++
 11 files changed, 13 insertions(+), 65 deletions(-)
 delete mode 100644 recipes/libpng/libpng-native.inc
 delete mode 100644 recipes/libpng/libpng-native_1.2.37.bb
 delete mode 100644 recipes/libpng/libpng-native_1.2.40.bb
 delete mode 100644 recipes/libpng/libpng-native_1.2.41.bb
 delete mode 100644 recipes/libpng/libpng-native_1.2.42.bb
 delete mode 100644 recipes/libpng/libpng_1.2.37.bb
 delete mode 100644 recipes/libpng/libpng_1.2.40.bb
 delete mode 100644 recipes/libpng/libpng_1.2.41.bb
 delete mode 100644 recipes/libpng/libpng_1.2.42.bb
 create mode 100644 recipes/libpng/libpng_1.2.44.bb

diff --git a/recipes/libpng/libpng-native.inc b/recipes/libpng/libpng-native.inc
deleted file mode 100644
index a515346..0000000
--- a/recipes/libpng/libpng-native.inc
+++ /dev/null
@@ -1,5 +0,0 @@
-inherit native
-
-DEPENDS = "zlib-native"
-
-INHIBIT_NATIVE_STAGE_INSTALL = "1"
diff --git a/recipes/libpng/libpng-native_1.2.37.bb b/recipes/libpng/libpng-native_1.2.37.bb
deleted file mode 100644
index 3c36b52..0000000
--- a/recipes/libpng/libpng-native_1.2.37.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
diff --git a/recipes/libpng/libpng-native_1.2.40.bb b/recipes/libpng/libpng-native_1.2.40.bb
deleted file mode 100644
index 6f0222d..0000000
--- a/recipes/libpng/libpng-native_1.2.40.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
-
-SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
-SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
diff --git a/recipes/libpng/libpng-native_1.2.41.bb b/recipes/libpng/libpng-native_1.2.41.bb
deleted file mode 100644
index 3c36b52..0000000
--- a/recipes/libpng/libpng-native_1.2.41.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
diff --git a/recipes/libpng/libpng-native_1.2.42.bb b/recipes/libpng/libpng-native_1.2.42.bb
deleted file mode 100644
index 3c36b52..0000000
--- a/recipes/libpng/libpng-native_1.2.42.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-require libpng_${PV}.bb
-require libpng-native.inc
-
-PR = "r1"
-
-FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
diff --git a/recipes/libpng/libpng.inc b/recipes/libpng/libpng.inc
index fc1feb8..0053071 100644
--- a/recipes/libpng/libpng.inc
+++ b/recipes/libpng/libpng.inc
@@ -3,11 +3,14 @@ HOMEPAGE = "http://www.libpng.org/"
 LICENSE = "libpng"
 SECTION = "libs"
 PRIORITY = "required"
+
 DEPENDS = "zlib"
 
 INC_PR = "r2"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=tarball"
+BBCLASSEXTEND = "native"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=libpng"
 S = "${WORKDIR}/libpng-${PV}"
 
 inherit autotools pkgconfig binconfig
@@ -19,3 +22,4 @@ FILES_libpng12 = "${libdir}/libpng12.so.*"
 FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la \
 		${libdir}/*.a ${libdir}/pkgconfig \
 		${datadir}/aclocal ${bindir} ${sbindir}"
+
diff --git a/recipes/libpng/libpng_1.2.37.bb b/recipes/libpng/libpng_1.2.37.bb
deleted file mode 100644
index 950ebb4..0000000
--- a/recipes/libpng/libpng_1.2.37.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "6d1ee0888dbb711214943cb19c294b49"
-SRC_URI[tarball.sha256sum] = "682960b55527b54bada90e959c2d42679444a1db43677c77eb645a29645f86d1"
diff --git a/recipes/libpng/libpng_1.2.40.bb b/recipes/libpng/libpng_1.2.40.bb
deleted file mode 100644
index 80d87bc..0000000
--- a/recipes/libpng/libpng_1.2.40.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
-SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
diff --git a/recipes/libpng/libpng_1.2.41.bb b/recipes/libpng/libpng_1.2.41.bb
deleted file mode 100644
index 2389915..0000000
--- a/recipes/libpng/libpng_1.2.41.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "2faa7f8d81e6a35beb991cb75edbf056"
-SRC_URI[tarball.sha256sum] = "a172c5afe4668a31eb090d14be7fc2811a9fec8568a785badd30280f47a27e00"
diff --git a/recipes/libpng/libpng_1.2.42.bb b/recipes/libpng/libpng_1.2.42.bb
deleted file mode 100644
index d37f7e3..0000000
--- a/recipes/libpng/libpng_1.2.42.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require libpng.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://makefile_fix.patch"
-
-SRC_URI[tarball.md5sum] = "9a5cbe9798927fdf528f3186a8840ebe"
-SRC_URI[tarball.sha256sum] = "a044c4632a236bbf99527da81977577929a173c1f7f68a70a81ea2ea7cffa6a7"
diff --git a/recipes/libpng/libpng_1.2.44.bb b/recipes/libpng/libpng_1.2.44.bb
new file mode 100644
index 0000000..4ba7b20
--- /dev/null
+++ b/recipes/libpng/libpng_1.2.44.bb
@@ -0,0 +1,8 @@
+require libpng.inc
+
+PR = "${INC_PR}.0"
+
+SRC_URI += "file://makefile_fix.patch"
+
+SRC_URI[libpng.md5sum] = "e3ac7879d62ad166a6f0c7441390d12b"
+SRC_URI[libpng.sha256sum] = "b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215"
-- 
1.7.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED
  2010-07-23 10:06 ` [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED Henning Heinold
@ 2010-07-23 12:12   ` Koen Kooi
  0 siblings, 0 replies; 3+ messages in thread
From: Koen Kooi @ 2010-07-23 12:12 UTC (permalink / raw)
  To: openembedded-devel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 23-07-10 12:06, Henning Heinold wrote:
> ---
>  recipes/libpng/libpng-native.inc       |    5 -----
>  recipes/libpng/libpng-native_1.2.37.bb |    6 ------
>  recipes/libpng/libpng-native_1.2.40.bb |    9 ---------
>  recipes/libpng/libpng-native_1.2.41.bb |    6 ------
>  recipes/libpng/libpng-native_1.2.42.bb |    6 ------
>  recipes/libpng/libpng.inc              |    6 +++++-
>  recipes/libpng/libpng_1.2.37.bb        |    8 --------
>  recipes/libpng/libpng_1.2.40.bb        |    8 --------
>  recipes/libpng/libpng_1.2.41.bb        |    8 --------
>  recipes/libpng/libpng_1.2.42.bb        |    8 --------
>  recipes/libpng/libpng_1.2.44.bb        |    8 ++++++++
>  11 files changed, 13 insertions(+), 65 deletions(-)
>  delete mode 100644 recipes/libpng/libpng-native.inc
>  delete mode 100644 recipes/libpng/libpng-native_1.2.37.bb
>  delete mode 100644 recipes/libpng/libpng-native_1.2.40.bb
>  delete mode 100644 recipes/libpng/libpng-native_1.2.41.bb
>  delete mode 100644 recipes/libpng/libpng-native_1.2.42.bb
>  delete mode 100644 recipes/libpng/libpng_1.2.37.bb
>  delete mode 100644 recipes/libpng/libpng_1.2.40.bb
>  delete mode 100644 recipes/libpng/libpng_1.2.41.bb
>  delete mode 100644 recipes/libpng/libpng_1.2.42.bb
>  create mode 100644 recipes/libpng/libpng_1.2.44.bb
> 
> diff --git a/recipes/libpng/libpng-native.inc b/recipes/libpng/libpng-native.inc
> deleted file mode 100644
> index a515346..0000000
> --- a/recipes/libpng/libpng-native.inc
> +++ /dev/null
> @@ -1,5 +0,0 @@
> -inherit native
> -
> -DEPENDS = "zlib-native"
> -
> -INHIBIT_NATIVE_STAGE_INSTALL = "1"
> diff --git a/recipes/libpng/libpng-native_1.2.37.bb b/recipes/libpng/libpng-native_1.2.37.bb
> deleted file mode 100644
> index 3c36b52..0000000
> --- a/recipes/libpng/libpng-native_1.2.37.bb
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> diff --git a/recipes/libpng/libpng-native_1.2.40.bb b/recipes/libpng/libpng-native_1.2.40.bb
> deleted file mode 100644
> index 6f0222d..0000000
> --- a/recipes/libpng/libpng-native_1.2.40.bb
> +++ /dev/null
> @@ -1,9 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> -
> -SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
> -SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
> diff --git a/recipes/libpng/libpng-native_1.2.41.bb b/recipes/libpng/libpng-native_1.2.41.bb
> deleted file mode 100644
> index 3c36b52..0000000
> --- a/recipes/libpng/libpng-native_1.2.41.bb
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> diff --git a/recipes/libpng/libpng-native_1.2.42.bb b/recipes/libpng/libpng-native_1.2.42.bb
> deleted file mode 100644
> index 3c36b52..0000000
> --- a/recipes/libpng/libpng-native_1.2.42.bb
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -require libpng_${PV}.bb
> -require libpng-native.inc
> -
> -PR = "r1"
> -
> -FILESDIR = "${@os.path.dirname(bb.data.getVar('FILE',d,1))}/libpng-${PV}"
> diff --git a/recipes/libpng/libpng.inc b/recipes/libpng/libpng.inc
> index fc1feb8..0053071 100644
> --- a/recipes/libpng/libpng.inc
> +++ b/recipes/libpng/libpng.inc
> @@ -3,11 +3,14 @@ HOMEPAGE = "http://www.libpng.org/"
>  LICENSE = "libpng"
>  SECTION = "libs"
>  PRIORITY = "required"
> +
>  DEPENDS = "zlib"
>  
>  INC_PR = "r2"
>  
> -SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=tarball"
> +BBCLASSEXTEND = "native"
> +
> +SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2;name=libpng"
>  S = "${WORKDIR}/libpng-${PV}"
>  
>  inherit autotools pkgconfig binconfig
> @@ -19,3 +22,4 @@ FILES_libpng12 = "${libdir}/libpng12.so.*"
>  FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la \
>  		${libdir}/*.a ${libdir}/pkgconfig \
>  		${datadir}/aclocal ${bindir} ${sbindir}"
> +
> diff --git a/recipes/libpng/libpng_1.2.37.bb b/recipes/libpng/libpng_1.2.37.bb
> deleted file mode 100644
> index 950ebb4..0000000
> --- a/recipes/libpng/libpng_1.2.37.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "6d1ee0888dbb711214943cb19c294b49"
> -SRC_URI[tarball.sha256sum] = "682960b55527b54bada90e959c2d42679444a1db43677c77eb645a29645f86d1"
> diff --git a/recipes/libpng/libpng_1.2.40.bb b/recipes/libpng/libpng_1.2.40.bb
> deleted file mode 100644
> index 80d87bc..0000000
> --- a/recipes/libpng/libpng_1.2.40.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "29bbd1c3cbe54b04bfc2bda43067ccb5"
> -SRC_URI[tarball.sha256sum] = "a6197352ad5b79a9a1ce0dd59f5e737cfbf909e0f3c5f64631cf0d93549e4e40"
> diff --git a/recipes/libpng/libpng_1.2.41.bb b/recipes/libpng/libpng_1.2.41.bb
> deleted file mode 100644
> index 2389915..0000000
> --- a/recipes/libpng/libpng_1.2.41.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "2faa7f8d81e6a35beb991cb75edbf056"
> -SRC_URI[tarball.sha256sum] = "a172c5afe4668a31eb090d14be7fc2811a9fec8568a785badd30280f47a27e00"
> diff --git a/recipes/libpng/libpng_1.2.42.bb b/recipes/libpng/libpng_1.2.42.bb
> deleted file mode 100644
> index d37f7e3..0000000
> --- a/recipes/libpng/libpng_1.2.42.bb
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -require libpng.inc
> -
> -PR = "${INC_PR}.0"
> -
> -SRC_URI += "file://makefile_fix.patch"
> -
> -SRC_URI[tarball.md5sum] = "9a5cbe9798927fdf528f3186a8840ebe"
> -SRC_URI[tarball.sha256sum] = "a044c4632a236bbf99527da81977577929a173c1f7f68a70a81ea2ea7cffa6a7"
> diff --git a/recipes/libpng/libpng_1.2.44.bb b/recipes/libpng/libpng_1.2.44.bb
> new file mode 100644
> index 0000000..4ba7b20
> --- /dev/null
> +++ b/recipes/libpng/libpng_1.2.44.bb
> @@ -0,0 +1,8 @@
> +require libpng.inc
> +
> +PR = "${INC_PR}.0"
> +
> +SRC_URI += "file://makefile_fix.patch"
> +
> +SRC_URI[libpng.md5sum] = "e3ac7879d62ad166a6f0c7441390d12b"
> +SRC_URI[libpng.sha256sum] = "b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFMSYccMkyGM64RGpERAsHsAJ95LFlFpQbSQVhk4k2//Xg+LLB4ywCfVYJL
DqCp5nRnfWUgq3xc/lAONYs=
=Fu4g
-----END PGP SIGNATURE-----




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-07-23 12:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-23 10:06 [PATCH] libpng security updates Henning Heinold
2010-07-23 10:06 ` [PATCH] libpng: update to version 1.2.44 because of CVE-2010-1205 and convert to BBCLASSEXTENDED Henning Heinold
2010-07-23 12:12   ` Koen Kooi

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.