Pick commit per NVD report.
Add two patches to apply it cleanly.
(From OE-Core rev: 4e03bed20bceb455cb46dcf9564ad5a8525b207d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit per NVD report.
(From OE-Core rev: e8fbb7521e0113c467e07ba473a46612709c5311)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit per NVD report.
(From OE-Core rev: f3bdbd782eed2b597927df489a7d38a22fbba5ed)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit per NVD report.
Add two patches to apply it cleanly.
(From OE-Core rev: 285a495b8b0e8fa93a0a0884f466f1adca76a28a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Install libpng test-suite to run it as a ptest.
As the test-suite takes more than 30 seconds to run,
add libpng-ptest to PTESTS_SLOW in ptest-packagelists.inc
(From OE-Core rev: 1b52b7ebe5f8fb490088622181cdb95e6b7f5a29)
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Currently we're hitting permanent redirects on the urls. Tweak them
to avoid that overhead/noise/inefficiency.
(From OE-Core rev: 6b81db486e760483cf373559dc0b5ee71e410b09)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
Fixed the implementation of the macro function png_check_sig().
(From OE-Core rev: b92fb50237f394cae663e4e88b1b85f30693439e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE_STATUS was set for those components, but meanwhile databases are updated
with corrected information, so setting the CVE_STATUS is not needed anymore.
(From OE-Core rev: 5ec6057cfa66ceeb33bec013e320f8e3fa7d7ecf)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
- Added SIMD-optimized code for the Loongarch LSX hardware.
- Fixed the run-time discovery of MIPS MSA hardware.
- Fixed an off-by-one error in the function 'png_do_check_palette_indexes',
which failed to recognize errors that might have existed in the first
column of a broken palette-encoded image. This was a benign regression
accidentally introduced in libpng-1.6.33. No pixel was harmed.
- Fixed, improved and modernized the contrib/pngminus programs, i.e.,
png2pnm.c and pnm2png.c
- Removed old and peculiar portability hacks that were meant to silence
warnings issued by gcc version 7.1 alone.
- Fixed and modernized the CMake file, and raised the minimum required
CMake version from 3.1 to 3.6.
- Allowed the configure script to disable the building of auxiliary tools
and tests, thus catching up with the CMake file.
- Fixed a build issue on Mac.
- Moved the Autoconf macro files to scripts/autoconf.
- Moved the CMake files (except for the main CMakeLists.txt) to
scripts/cmake and moved the list of their contributing authors to
scripts/cmake/AUTHORS.md
- Updated the CI configurations and scripts.
- Relicensed the CI scripts to the MIT License.
- Improved the test coverage.
License-Update: Copyright year updated to 2024.
(From OE-Core rev: 4e0ec5769416938a22f64dc4767480acf76fd247)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
NEON is enabled for aarch64 by default, so, to ensure consistency with
arm32, reference to libpng-1.6.38/configure, added
enable_hardware_optimizations option for aarch64.
(From OE-Core rev: 12e68d5824849fa20f0e3fe8fc1921da111bb6fb)
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* Changed the error handler of oversized chunks (i.e. larger than
PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
* Fixed a buffer overflow error in contrib/tools/pngfix.
* Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
* Disabled the ARM Neon optimizations by default in the CMake file,
following the default behavior of the configure script.
* Allowed configure.ac to work with the trunk version of autoconf.
* Removed the support for "install" targets from the legacy makefiles;
removed the obsolete makefile.cegcc.
* Cleaned up the code and updated the internal documentation.
(From OE-Core rev: 19799cb50a00561b318cba1c8c20737f20e4a47f)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License checksum changed to to copyright year changes.
(From OE-Core rev: 47719f3195156aadc23dd4abdba38acfa3f77a1f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Multiple files have " ," instead of ", " in expressions. This changes
them to conform to the way the rest of them are done.
Found and corrected via:
git ls-files | xargs sed --follow-symlinks -i 's/ ,d/, d/g'
(From OE-Core rev: 36c3afd2dd8bded02ea8f255e89a09ebd75c795b)
Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LICENSE file contains all the license information so there is no
need to also include it from the png.h file (and additionally some
lines were left out from the latter).
License-Update: Remove duplicate license information
(From OE-Core rev: 5a0df07de5f18e701bdcb6004c9883838cb0d5c9)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng
recipe.
(From OE-Core rev: 341e43ebd935daeb592cb073bf00f80c49a8ec2d)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removed patch was upsteamed.
License checksums were changed due to modified copyright year and fixed
typo in LICENSE file (see @fef895aa28 and @8da8257d0b).
(From OE-Core rev: cfd21faa77fe81205ad0eb80c47fce37f5d1e2b1)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For changes, see:
https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES
License-Update: Added authors to license, formatting, version changes,
export classification clarification and a new libpng2 license with
clarification:
The new libpng license comprises the terms and conditions from the zlib
license, and the disclaimer from the Boost license. The legacy libpng
license license, used until libpng-1.6.35, is appended to the
new license, following the precedent established in the Python Software
Foundation License version 2.
(From OE-Core rev: 099aecfaa3baf6b24c2b751da92d7d2fa0266bf9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: copyright years updated
(From OE-Core rev: 2c245d0ddc230360be949b96fb123698541753ac)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: License file changes are due to updates in Version and Copyright date
(From OE-Core rev: cdf16bb9751603fdb0340c03ef43f193918d31df)
Signed-off-by: youngseok <earwigz32@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License file changes are due to updates in Version and Copyright date
(From OE-Core rev: 44676c90863c3864182c088ca51bec3bdc8dce29)
Signed-off-by: youngseokyoon <earwigz32@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.6.31 fixes pngpriv.h to work around failure to compile
arm/filter_neon.S.This bug was introduced in libpng-1.6.30beta01
No changes in License.The license checksums changed because of
update in Copyright dates in LICENSE and png.h files.
(From OE-Core rev: 8319dce16210ebe2d89cd1e0926ad937909bc9ea)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
MIRRORS needs to be pairs of values for the original URL to match and the
location find it on the mirror.
(From OE-Core rev: a649f3da630e8ca2d3ca58b610f3918720dd5229)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The Gentoo mirror also deletes old versions when they're not used, so revert
back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to
handle new releases moving the version we want.
Original idea by Maxin B. John <maxin.john@intel.com>.
(From OE-Core rev: 791a3493c88c9c249f21f6d893b2061e1d8a0af6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1) Upgrade libpng from 1.6.28 to 1.6.29.
2) License checksum changed,since the copyright date and contributing authors were updated.
(From OE-Core rev: 1a8438601db2e7fd367b6927f6fa4e03cb74854a)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This upgrade fixes the vulnerability: CVE-2016-10087
License file changes are due to updates in Package Version
and Copyright date. ie:
'libpng version 1.6.28, January 5, 2017'
(From OE-Core rev: 94bb606b9f21b7fe4c5d7e9ae3fda17da047ece5)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License file changes are due to updates in Version and Copyright date
(From OE-Core rev: f231bd63ab82575b2ad6ccfd0a3f5da76b56a125)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Updates in License files are due to changes in Copyright date
and Version.
Ensure all tools are packaged into $PN-tools.
(From OE-Core rev: e28b6042b1a81fe449b772b4698ad139edf46332)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.6.22 -> 1.6.23
License files changes are due to updates in Copyright date and Version
(From OE-Core rev: 83a43b1bd124b6306e0f852ad3961f4672fbc7dd)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.6.21 -> 1.6.22
License files updates are not real license changes (updates in Copyright
date and Version)
(From OE-Core rev: 5bbde5aa0815eac84b0a16bd9efbd5507eb9c3b3)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.6.20 -> 1.6.21
License file updates contain new dates and versions. Update checksums
to reflect it.
(From OE-Core rev: 55fb8957fd8f9d2c34674514e652d79b2229bc3c)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update SRC_URI to use GENTOO_MIRROR as SOURCEFORGE_MIRROR continue
to move around the release files.
[YOCTO #8739]
(From OE-Core rev: 780a3739d651a14e1ef9de141e517b77171979d7)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Version 1.6.20beta01 [November 20, 2015]
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Version 1.6.20beta02 [November 23, 2015]
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Version 1.6.20beta03 [November 24, 2015]
Backported tests from libpng-1.7.0beta69.
Version 1.6.20rc01 [November 26, 2015]
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
Version 1.6.20rc02 [November 29, 2015]
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Version 1.6.20 [December 3, 2015]
No changes.
(From OE-Core rev: ead74a1fdfbc5b5a00683d74a8b0ff2adf4856be)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.6.17 -> 1.6.19
No changes in License.The license checksums changed because of update
in Copyright dates and other restructuring in png.h
(From OE-Core rev: abee587c0b165ff42e9754839adedda0d5240a73)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License checksum changed because of date change like below
-libpng versions 1.2.6, August 15, 2004, through 1.6.13, August 21, 2014, are
+libpng versions 1.2.6, August 15, 2004, through 1.6.16, December 22, 2014, are
Change-Id: I7a2a950ef06c0bd8950a65b273bde5c214e6d3c7
(From OE-Core rev: 929ccf90d9cbf6a10a263b59e5f02b0542d73899)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
