#1 Update to 1.6.37 (security vulnerability fix)
Opened 2 months ago by ferdnyc. Modified 2 months ago
rpms/ ferdnyc/mingw-libpng patch1  into  master

file modified
+6 -6

@@ -1,16 +1,13 @@ 

  %?mingw_package_header

  

  Name:           mingw-libpng

- Version:        1.6.29

- Release:        5%{?dist}

+ Version:        1.6.37

+ Release:        1%{?dist}

  Summary:        MinGW Windows Libpng library

  

  License:        zlib

  URL:            http://www.libpng.org/pub/png/

- # Note: non-current tarballs get moved to the history/ subdirectory,

- # so look there if you fail to retrieve the version you want

- Source0:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz

- 

+ Source0:        https://github.com/glennrp/libpng/archive/v%{version}/libpng-%{version}.tar.gz

  BuildArch:      noarch

  

  BuildRequires:  mingw32-filesystem >= 95

@@ -133,6 +130,9 @@ 

  

  

  %changelog

+ * Thu Jun 20 2019 FeRD (Frank Dana) <ferdnyc@gmail.com> - 1.6.37-1

+ - New upstream release 1.6.37, includes fix for CVE-2019-7317

+ 

  * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.29-5

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

  

This includes the fix for security vulnerability CVE-2019-7317, and is the same version Fedora's native libpng is already using.

The source URL is also updated from the previous FTP host to be the same as rpms/libpng. (Not that it looks particularly authoritative.)

Metadata