rpms/libpng10/devel libpng-1.0.26-soname.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 libpng10.spec, 1.6, 1.7 sources, 1.3, 1.4 libpng-1.0.21-soname.patch, 1.1, NONE

Paul Howarth (pghmcfc) fedora-extras-commits at redhat.com
Sun May 20 13:01:55 UTC 2007 

Author: pghmcfc

Update of /cvs/pkgs/rpms/libpng10/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3444

Modified Files:
	.cvsignore libpng10.spec sources 
Added Files:
	libpng-1.0.26-soname.patch 
Removed Files:
	libpng-1.0.21-soname.patch 
Log Message:
update to 1.0.26 to address DoS issue (#240398, CVE-2007-2445)

libpng-1.0.26-soname.patch:

--- NEW FILE libpng-1.0.26-soname.patch ---
--- libpng-1.0.26/ltmain.sh	2006-06-05 16:12:42.000000000 +0100
+++ libpng-1.0.26/ltmain.sh	2007-05-20 13:34:19.000000000 +0100
@@ -3270,7 +3270,7 @@
 	esac
 
 	case $revision in
-	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]|[0-9].[0-9][0-9]) ;;
 	*)
 	  $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
 	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
--- libpng-1.0.26/Makefile.am	2007-05-16 00:51:00.000000000 +0100
+++ libpng-1.0.26/Makefile.am	2007-05-20 13:39:09.000000000 +0100
@@ -45,7 +45,7 @@
 	-version-number 0:@PNGLIB_RELEASE@:0
 # -rpath is needed as automake doesn't know the directory
 libpng_la_LDFLAGS = -rpath '$(libdir)' -no-undefined -export-dynamic \
-	-version-number 2:@PNGLIB_RELEASE@:0
+	-version-number 2:1:0. at PNGLIB_RELEASE@
 
 if HAVE_LD_VERSION_SCRIPT
   # Versioned symbols and restricted exports
--- libpng-1.0.26/Makefile.in	2007-05-16 00:51:12.000000000 +0100
+++ libpng-1.0.26/Makefile.in	2007-05-20 13:39:36.000000000 +0100
@@ -298,7 +298,7 @@
 	0:@PNGLIB_RELEASE@:0 $(am__append_1) $(am__append_2)
 # -rpath is needed as automake doesn't know the directory
 libpng_la_LDFLAGS = -rpath '$(libdir)' -no-undefined -export-dynamic \
-	-version-number 2:@PNGLIB_RELEASE@:0
+	-version-number 2:1:0. at PNGLIB_RELEASE@
 
 @HAVE_LD_VERSION_SCRIPT_FALSE at libpng10_la_DEPENDENCIES = libpng.sym
 @HAVE_LD_VERSION_SCRIPT_TRUE at libpng10_la_DEPENDENCIES = libpng.vers


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/libpng10/devel/.cvsignore,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- .cvsignore	21 Nov 2006 08:33:02 -0000	1.3
+++ .cvsignore	20 May 2007 13:01:19 -0000	1.4
@@ -1 +1 @@
-libpng-1.0.21.tar.bz2
+libpng-1.0.26.tar.bz2


Index: libpng10.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libpng10/devel/libpng10.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- libpng10.spec	25 Mar 2007 17:16:53 -0000	1.6
+++ libpng10.spec	20 May 2007 13:01:19 -0000	1.7
@@ -1,12 +1,12 @@
 Summary:	Old version of libpng, needed to run old binaries
 Name:		libpng10
-Version:	1.0.21
-Release:	2%{?dist}
+Version:	1.0.26
+Release:	1%{?dist}
 License:	zlib/libpng License
 Group:		System Environment/Libraries
 URL:		http://www.libpng.org/pub/png/libpng.html
 Source:		ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-%{version}.tar.bz2
-Patch0:		libpng-1.0.21-soname.patch
+Patch0:		libpng-1.0.26-soname.patch
 Patch1:		libpng-1.0.20-pngconf.patch
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	zlib-devel
@@ -61,7 +61,7 @@
 %{__install} -p -m 644 README TODO CHANGES LICENSE Y2KINFO \
 	%{buildroot}%{_docdir}/%{name}-%{version}/
 # Docs for devel package
-%{__install} -p -m 644 example.c libpng.txt \
+%{__install} -p -m 644 example.c libpng-%{version}.txt \
 	%{buildroot}%{_docdir}/%{name}-%{version}/
 
 # Unpackaged files
@@ -103,12 +103,17 @@
 %files devel
 %defattr(-,root,root,-)
 %doc %{_docdir}/%{name}-%{version}/example.c
-%doc %{_docdir}/%{name}-%{version}/libpng.txt
+%doc %{_docdir}/%{name}-%{version}/libpng-%{version}.txt
 %{_includedir}/libpng10/
 %{_libdir}/libpng10.so
 %{_libdir}/pkgconfig/libpng10.pc
 
 %changelog
+* Sun May 20 2007 Paul Howarth <paul at city-fan.org> 1.0.26-1
+- update to 1.0.26 to address DoS issue (#240398, CVE-2007-2445)
+- update soname patch
+- libpng.txt now has a versioned filename
+
 * Sun Mar 25 2007 Paul Howarth <paul at city-fan.org> 1.0.21-2
 - Own directory %%{_docdir}/%%{name}-%%{version} (#233869)
 - Describe license as "zlib/libpng" rather than just "zlib"


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/libpng10/devel/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sources	21 Nov 2006 08:33:02 -0000	1.3
+++ sources	20 May 2007 13:01:19 -0000	1.4
@@ -1 +1 @@
-17cca7846f8019acfb8fc1868ea99d2e  libpng-1.0.21.tar.bz2
+fa7b89dc93bd1ec7a39d9e74a2223be7  libpng-1.0.26.tar.bz2


--- libpng-1.0.21-soname.patch DELETED ---

More information about the fedora-extras-commits mailing list