[libpng] Update to libpng 1.5.9
Tom Lane
tgl at fedoraproject.org
Sun Mar 11 23:07:48 UTC 2012
commit fab31ee76c1f106dd3f983a0ca8ba86d3a37b0fd
Author: Tom Lane <tgl at redhat.com>
Date: Sun Mar 11 19:07:20 2012 -0400
Update to libpng 1.5.9
.gitignore | 4 ++--
libpng-cve-2011-3026-15.patch | 27 ---------------------------
libpng-cve-2011-3026.patch | 24 ------------------------
libpng.spec | 18 ++++++++----------
sources | 4 ++--
5 files changed, 12 insertions(+), 65 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index cf32646..7c7fa79 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-/libpng-1.5.8.tar.bz2
-/libpng-1.2.46.tar.bz2
+/libpng-1.5.9.tar.bz2
+/libpng-1.2.48.tar.bz2
diff --git a/libpng.spec b/libpng.spec
index fc4274a..4f5cc5e 100644
--- a/libpng.spec
+++ b/libpng.spec
@@ -1,8 +1,8 @@
Summary: A library of functions for manipulating PNG image format files
Name: libpng
Epoch: 2
-Version: 1.5.8
-Release: 2%{?dist}
+Version: 1.5.9
+Release: 1%{?dist}
License: zlib
Group: System Environment/Libraries
URL: http://www.libpng.org/pub/png/
@@ -12,7 +12,7 @@ URL: http://www.libpng.org/pub/png/
# be recompiled. The compatibility library is placed in a separate
# sub-RPM, libpng-compat. There is no support for recompiling source code
# against the old version.
-%global prevversion 1.2.46
+%global prevversion 1.2.48
# Note: non-current tarballs get moved to the history/ subdirectory,
# so look there if you fail to retrieve the version you want
@@ -21,8 +21,6 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{prevversion}.tar.bz2
Patch0: libpng-multilib.patch
-Patch1: libpng-cve-2011-3026-15.patch
-Patch2: libpng-cve-2011-3026.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel, pkgconfig
@@ -44,7 +42,7 @@ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: zlib-devel pkgconfig
# TEMPORARILY pretend that we supply libpng12.pc; this is just to avoid
# dependency failures during the rebuild cycle for libpng 1.5
-Provides: pkgconfig(libpng12) = 1.2.46
+Provides: pkgconfig(libpng12) = %{prevversion}
%description devel
The libpng-devel package contains header files and documentation necessary
@@ -75,13 +73,9 @@ This package contains shared libraries (only) for libpng 1.2.x.
%setup -q
%patch0 -p1
-%patch1 -p1
tar xfj %{SOURCE1}
-# patch the compat package: -p0 is intentional here
-%patch2 -p0
-
%build
%configure
make %{?_smp_mflags}
@@ -146,6 +140,10 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
rm -rf $RPM_BUILD_ROOT
%changelog
+* Sun Mar 11 2012 Tom Lane <tgl at redhat.com> 2:1.5.9-1
+- Update to libpng 1.5.9 and 1.2.48, for minor security issues (CVE-2011-3045)
+Resolves: #801667
+
* Thu Feb 16 2012 Tom Lane <tgl at redhat.com> 2:1.5.8-2
- Fix CVE-2011-3026
Resolves: #791183
diff --git a/sources b/sources
index 16270b5..329779f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-3b0aac862a247eeabecca44674686dfc libpng-1.5.8.tar.bz2
-e8b43dc78ef95b3949af7f961d76874b libpng-1.2.46.tar.bz2
+684ba5f05da436a99c6303a83c7856d6 libpng-1.5.9.tar.bz2
+7612af5660cd4b5e8c433ce53bea01a7 libpng-1.2.48.tar.bz2
More information about the scm-commits
mailing list