Hi,
On Tue, Aug 28, 2012 at 4:25 PM, Nobuhiro Iwamatsu <iwamatsu@nigauri.org> wrote:
> Hi,
>
> On Thu, Aug 23, 2012 at 12:25 AM, Moritz Mühlenhoff <jmm@inutil.org> wrote:
>> Adam D. Barratt <adam@adam-barratt.org.uk> schrieb:
>>> Control: tags -1 + moreinfo
>>>
>>> On Fri, 2012-07-13 at 13:03 +1000, Aníbal Monsalve Salazar wrote:
>>>> Please unblock libpng (with udeb binary package).
>>>>
>>>> Upstream released libpng 1.2.50 to fix CVE-2012-3386 recently. I
>>>> extracted the relevant change. The debdiff is below.
>>> [...]
>>>> +--- a/Makefile.in 2012-03-29 15:47:09.000000000 +1100
>>>> ++++ b/Makefile.in 2012-07-10 10:37:13.000000000 +1000
>>>> +@@ -1146,7 +1146,7 @@ distcheck: dist
>>>> + *.zip*) \
>>>> + unzip $(distdir).zip ;;\
>>>> + esac
>>>> +- chmod -R a-w $(distdir); chmod a+w $(distdir)
>>>> ++ chmod -R a-w $(distdir); chmod u+w $(distdir)
>>>
>>> Is this code ever actually executed at any point during building or
>>> using the Debian package?
>>
>> This shouldn't be needed, since this issue is already fixed
>> in automake.
>>
>
> I see. This is fixed upstream in versions 1.11.6 and 1.12.2.
> I will remove this patch, and I upload again.
>
I uploaded libpng 1.2.49-3.
Because version 1.2.49-1 was built with automake 1.11.4-1, this has a problem.
But 1.2.49-3 was build with automake 1.11.6-1, this problem is fixed.
Could you unblock libpng 1.2.49-3?
Best regards,
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
Attachment:
libpng_1.2.49-3.debdiff
Description: Binary data