libpng: update to 1.6.37

Removed patch was upsteamed. License checksums were changed due to modified copyright year and fixed typo in LICENSE file (see @fef895aa28 and @8da8257d0b). (From OE-Core rev: cfd21faa77fe81205ad0eb80c47fce37f5d1e2b1) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> 2019-04-23 00:45:15 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-04-23 23:30:19 +0100
commit: c0407a8ecb4eaa3bf7644483112627cf44c2041d (patch)
tree: 34ede189a0c7b3071eca9881d4a2e4c81c88cb19 /meta
parent: 6d61833b755ba72bb7b532da623ee0f4769012b3 (diff)
download: poky-c0407a8ecb4eaa3bf7644483112627cf44c2041d.tar.gz
2 files changed, 5 insertions, 26 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
deleted file mode 100644
index 6ee1f8da30..0000000000
--- a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Use-after-free detected with static analysis.
-CVE: CVE-2019-7317
-Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-diff --git a/png.c b/png.c
-index 9d9926f638..efd1aecfbd 100644
--- a/png.c
-+++ b/png.c
-@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
-    if (image != NULL && image->opaque != NULL &&
-       image->opaque->error_buf == NULL)
-    {
-      /* Ignore errors here: */
-      (void)png_safe_execute(image, png_image_free_function, image);
-+      png_image_free_function(image);
-       image->opaque = NULL;
-    }
- }
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
index a586237888..66af2f3d60 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
@@ -2,17 +2,16 @@ SUMMARY = "PNG image format decoding library"
 HOMEPAGE = "http://www.libpng.org/"
 SECTION = "libs"
 LICENSE = "Libpng"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=12b4ec50384c800bc568f519671b120c \
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b0085051bf265bac2bfc38bc89f50000\
-                    file://png.h;endline=144;md5=15ae15f53376306868259924a9db4e05 \
+                    file://png.h;endline=144;md5=8acd23d544623816b097e07be0139509\
                    "
 DEPENDS = "zlib"
 LIBV = "16"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
-           file://CVE-2019-7317.patch"
+SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9"
-SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"
+SRC_URI[sha256sum] = "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca"
-SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
 MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/${PV}/"
author	Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>	2019-04-23 00:45:15 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-04-23 23:30:19 +0100
commit	c0407a8ecb4eaa3bf7644483112627cf44c2041d (patch)
tree	34ede189a0c7b3071eca9881d4a2e4c81c88cb19 /meta
parent	6d61833b755ba72bb7b532da623ee0f4769012b3 (diff)
download	poky-c0407a8ecb4eaa3bf7644483112627cf44c2041d.tar.gz

diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch deleted file mode 100644 index 6ee1f8da30..0000000000 --- a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch +++ /dev/null
@@ -1,20 +0,0 @@
1	Use-after-free detected with static analysis.
2
3	CVE: CVE-2019-7317
4	Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
5	Signed-off-by: Ross Burton <ross.burton@intel.com>
6
7	diff --git a/png.c b/png.c
8	index 9d9926f638..efd1aecfbd 100644
9	--- a/png.c
10	+++ b/png.c
11	@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
12	if (image != NULL && image->opaque != NULL &&
13	image->opaque->error_buf == NULL)
14	{
15	- /* Ignore errors here: */
16	- (void)png_safe_execute(image, png_image_free_function, image);
17	+ png_image_free_function(image);
18	image->opaque = NULL;
19	}
20	}


diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb index a586237888..66af2f3d60 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.36.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
@@ -2,17 +2,16 @@ SUMMARY = "PNG image format decoding library"
2	HOMEPAGE = "http://www.libpng.org/"	2	HOMEPAGE = "http://www.libpng.org/"
3	SECTION = "libs"	3	SECTION = "libs"
4	LICENSE = "Libpng"	4	LICENSE = "Libpng"
5	LIC_FILES_CHKSUM = "file://LICENSE;md5=12b4ec50384c800bc568f519671b120c \	5	LIC_FILES_CHKSUM = "file://LICENSE;md5=b0085051bf265bac2bfc38bc89f50000\
6	file://png.h;endline=144;md5=15ae15f53376306868259924a9db4e05 \	6	file://png.h;endline=144;md5=8acd23d544623816b097e07be0139509\
7	"	7	"
8	DEPENDS = "zlib"	8	DEPENDS = "zlib"
9		9
10	LIBV = "16"	10	LIBV = "16"
11		11
12	SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \	12	SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
13	file://CVE-2019-7317.patch"	13	SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9"
14	SRC_URI[md5sum] = "df2be2d29c40937fe1f5349b16bc2826"	14	SRC_URI[sha256sum] = "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca"
15	SRC_URI[sha256sum] = "eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319"
16		15
17	MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/${PV}/"	16	MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/${PV}/"
18		17