Openembedded Core Discussions
 help / color / mirror / Atom feed
* [PATCH 0/2] libpng upgrade
@ 2011-07-19 16:29 Scott Garman
  2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Scott Garman @ 2011-07-19 16:29 UTC (permalink / raw)
  To: openembedded-core; +Cc: Scott Garman

Hello,

This upgrade to libpng addresses some security vulnerabilities. It
has been build tested on all five of our qemu MACHINEs.

The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:

  bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib sgarman/libpng-upgrade
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/libpng-upgrade

Scott Garman (2):
  libpng: upgrade to v1.2.46
  distro-tracking: update libpng

 .../conf/distro/include/distro_tracking_fields.inc |   10 +++++-----
 .../libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb}  |   11 ++++++-----
 2 files changed, 11 insertions(+), 10 deletions(-)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb} (55%)




^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 1/2] libpng: upgrade to v1.2.46
  2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
@ 2011-07-19 16:29 ` Scott Garman
  2011-07-19 16:29 ` [PATCH 2/2] distro-tracking: update libpng Scott Garman
  2011-07-20 16:56 ` [PATCH 0/2] libpng upgrade Saul Wold
  2 siblings, 0 replies; 4+ messages in thread
From: Scott Garman @ 2011-07-19 16:29 UTC (permalink / raw)
  To: openembedded-core; +Cc: Scott Garman

This addresses the following security advisories:

* CVE-2011-2690
* CVE-2011-2692

This fixes bug [YOCTO #1255]

The LICENSE and png.h checksum changes were due to trivial changes
in the files.

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb}  |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.44.bb => libpng_1.2.46.bb} (55%)

diff --git a/meta/recipes-multimedia/libpng/libpng_1.2.44.bb b/meta/recipes-multimedia/libpng/libpng_1.2.46.bb
similarity index 55%
rename from meta/recipes-multimedia/libpng/libpng_1.2.44.bb
rename to meta/recipes-multimedia/libpng/libpng_1.2.46.bb
index d81a5c1..57d9037 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.2.44.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.2.46.bb
@@ -1,16 +1,17 @@
+SUMMARY = "PNG Library"
 DESCRIPTION = "PNG Library"
 HOMEPAGE = "http://www.libpng.org/"
 SECTION = "libs"
 LICENSE = "Libpng"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a294a2bb08b7f25558119edbfd6b2e92 \
-                    file://png.h;startline=172;endline=261;md5=3253923f0093658f470e52a06ddcf4e7"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=21b4b6e3523afa9f03f00b43b991dad0 \
+                    file://png.h;startline=172;endline=261;md5=996460063a9bf2de35b2d61d2776dabc"
 DEPENDS = "zlib"
 PR = "r0"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/libpng-${PV}.tar.bz2"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/libpng12/${PV}/libpng-${PV}.tar.bz2"
 
-SRC_URI[md5sum] = "e3ac7879d62ad166a6f0c7441390d12b"
-SRC_URI[sha256sum] = "b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215"
+SRC_URI[md5sum] = "e8b43dc78ef95b3949af7f961d76874b"
+SRC_URI[sha256sum] = "a5e796e1802b2e221498bda09ff9850bc7ec9068b6788948cc2c42af213914d8"
 
 inherit autotools binconfig pkgconfig
 
-- 
1.7.1




^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] distro-tracking: update libpng
  2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
  2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
@ 2011-07-19 16:29 ` Scott Garman
  2011-07-20 16:56 ` [PATCH 0/2] libpng upgrade Saul Wold
  2 siblings, 0 replies; 4+ messages in thread
From: Scott Garman @ 2011-07-19 16:29 UTC (permalink / raw)
  To: openembedded-core; +Cc: Scott Garman

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../conf/distro/include/distro_tracking_fields.inc |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/distro/include/distro_tracking_fields.inc b/meta/conf/distro/include/distro_tracking_fields.inc
index efb4c0b..2f078c9 100644
--- a/meta/conf/distro/include/distro_tracking_fields.inc
+++ b/meta/conf/distro/include/distro_tracking_fields.inc
@@ -255,14 +255,14 @@ RECIPE_MAINTAINER_pn-neon = "Dongxiao Xu <dongxiao.xu@intel.com>"
 
 RECIPE_STATUS_pn-libpng = "green"
 RECIPE_DEPENDENCY_CHECK_pn-libpng = "not done"
-RECIPE_LATEST_VERSION_pn-libpng = "1.4.5"
-RECIPE_NO_UPDATE_REASON_pn-libpng = "1.4.3 has API compatibility issue, e.g. break libmatchbox. choose 1.2.44 instead"
+RECIPE_LATEST_VERSION_pn-libpng = "1.5.4"
+RECIPE_NO_UPDATE_REASON_pn-libpng = "1.4.3 and later changes the API and breaks libmatchbox. Sticking with the 1.2.x series instead"
 RECIPE_PATCH_pn-libpng+makefile = "by RP; 2008; to define ECHO explicitly for lbitool 2.2.2. need check whether it's still valide for new libtool. candidate for upstream"
 RECIPE_INTEL_SECTION_pn-libpng = "base libs"
-RECIPE_TIME_BETWEEN_LAST_TWO_RELEASES_pn-libpng = "1 month"
-RECIPE_LATEST_RELEASE_DATE_pn-libpng = "06/2010"
+RECIPE_TIME_BETWEEN_LAST_TWO_RELEASES_pn-libpng = "unknown"
+RECIPE_LATEST_RELEASE_DATE_pn-libpng = "07/2011"
 RECIPE_COMMENTS_pn-libpng = ""
-RECIPE_LAST_UPDATE_pn-libpng = "Jul 20, 2010"
+RECIPE_LAST_UPDATE_pn-libpng = "Jul 18, 2011"
 RECIPE_MAINTAINER_pn-libpng = "Scott Garman <scott.a.garman@intel.com>"
 
 RECIPE_STATUS_pn-libidn = "green"
-- 
1.7.1




^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] libpng upgrade
  2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
  2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
  2011-07-19 16:29 ` [PATCH 2/2] distro-tracking: update libpng Scott Garman
@ 2011-07-20 16:56 ` Saul Wold
  2 siblings, 0 replies; 4+ messages in thread
From: Saul Wold @ 2011-07-20 16:56 UTC (permalink / raw)
  To: Patches and discussions about the oe-core layer; +Cc: Scott Garman

On 07/19/2011 09:29 AM, Scott Garman wrote:
> Hello,
>
> This upgrade to libpng addresses some security vulnerabilities. It
> has been build tested on all five of our qemu MACHINEs.
>
> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>
>    bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib sgarman/libpng-upgrade
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/libpng-upgrade
>
> Scott Garman (2):
>    libpng: upgrade to v1.2.46
>    distro-tracking: update libpng
>
>   .../conf/distro/include/distro_tracking_fields.inc |   10 +++++-----
>   .../libpng/{libpng_1.2.44.bb =>  libpng_1.2.46.bb}  |   11 ++++++-----
>   2 files changed, 11 insertions(+), 10 deletions(-)
>   rename meta/recipes-multimedia/libpng/{libpng_1.2.44.bb =>  libpng_1.2.46.bb} (55%)
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>

Merged into OE-Core

Thanks
	Sau!



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-07-20 17:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-19 16:29 [PATCH 0/2] libpng upgrade Scott Garman
2011-07-19 16:29 ` [PATCH 1/2] libpng: upgrade to v1.2.46 Scott Garman
2011-07-19 16:29 ` [PATCH 2/2] distro-tracking: update libpng Scott Garman
2011-07-20 16:56 ` [PATCH 0/2] libpng upgrade Saul Wold

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox