[libpng/f17] Update to libpng 1.5.9

Tom Lane tgl at fedoraproject.org
Sun Mar 11 23:15:07 UTC 2012 

commit d7cb5330bd696fd38ea79658346de0ff9bf57fcc
Author: Tom Lane <tgl at redhat.com>
Date:   Sun Mar 11 19:07:20 2012 -0400

    Update to libpng 1.5.9

 .gitignore                    |    4 ++--
 libpng-cve-2011-3026-15.patch |   27 ---------------------------
 libpng-cve-2011-3026.patch    |   24 ------------------------
 libpng.spec                   |   18 ++++++++----------
 sources                       |    4 ++--
 5 files changed, 12 insertions(+), 65 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index cf32646..7c7fa79 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-/libpng-1.5.8.tar.bz2
-/libpng-1.2.46.tar.bz2
+/libpng-1.5.9.tar.bz2
+/libpng-1.2.48.tar.bz2
diff --git a/libpng.spec b/libpng.spec
index fc4274a..4f5cc5e 100644
--- a/libpng.spec
+++ b/libpng.spec
@@ -1,8 +1,8 @@
 Summary: A library of functions for manipulating PNG image format files
 Name: libpng
 Epoch: 2
-Version: 1.5.8
-Release: 2%{?dist}
+Version: 1.5.9
+Release: 1%{?dist}
 License: zlib
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -12,7 +12,7 @@ URL: http://www.libpng.org/pub/png/
 # be recompiled.  The compatibility library is placed in a separate
 # sub-RPM, libpng-compat.  There is no support for recompiling source code
 # against the old version.
-%global prevversion 1.2.46
+%global prevversion 1.2.48
 
 # Note: non-current tarballs get moved to the history/ subdirectory,
 # so look there if you fail to retrieve the version you want
@@ -21,8 +21,6 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
 Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{prevversion}.tar.bz2
 
 Patch0: libpng-multilib.patch
-Patch1: libpng-cve-2011-3026-15.patch
-Patch2: libpng-cve-2011-3026.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel, pkgconfig
@@ -44,7 +42,7 @@ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: zlib-devel pkgconfig
 # TEMPORARILY pretend that we supply libpng12.pc; this is just to avoid
 # dependency failures during the rebuild cycle for libpng 1.5
-Provides: pkgconfig(libpng12) = 1.2.46
+Provides: pkgconfig(libpng12) = %{prevversion}
 
 %description devel
 The libpng-devel package contains header files and documentation necessary
@@ -75,13 +73,9 @@ This package contains shared libraries (only) for libpng 1.2.x.
 %setup -q
 
 %patch0 -p1
-%patch1 -p1
 
 tar xfj %{SOURCE1}
 
-# patch the compat package: -p0 is intentional here
-%patch2 -p0
-
 %build
 %configure
 make %{?_smp_mflags}
@@ -146,6 +140,10 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Sun Mar 11 2012 Tom Lane <tgl at redhat.com> 2:1.5.9-1
+- Update to libpng 1.5.9 and 1.2.48, for minor security issues (CVE-2011-3045)
+Resolves: #801667
+
 * Thu Feb 16 2012 Tom Lane <tgl at redhat.com> 2:1.5.8-2
 - Fix CVE-2011-3026
 Resolves: #791183
diff --git a/sources b/sources
index 16270b5..329779f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-3b0aac862a247eeabecca44674686dfc  libpng-1.5.8.tar.bz2
-e8b43dc78ef95b3949af7f961d76874b  libpng-1.2.46.tar.bz2
+684ba5f05da436a99c6303a83c7856d6  libpng-1.5.9.tar.bz2
+7612af5660cd4b5e8c433ce53bea01a7  libpng-1.2.48.tar.bz2

More information about the scm-commits mailing list