Update in-tree libpng to version 1.6.21

RESOLVED FIXED in Firefox 47

Status

()

Core
ImageLib
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Glenn Randers-Pehrson, Assigned: Glenn Randers-Pehrson)

Tracking

Trunk
mozilla47
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox47 fixed)

Details

Attachments

(2 attachments, 4 obsolete attachments)

(Assignee)

Description

2 years ago
Libpng-1.6.20 was released on December 3, 2015. It's a security release to fix CVE-2015-8472; mozilla is not vulnerable to that CVE when using either the embedded libpng or the system libpng.
(Assignee)

Updated

2 years ago
Assignee: nobody → glennrp+bmo
Depends on: 1224244
(Assignee)

Updated

2 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 1

2 years ago
Created attachment 8696379 [details] [diff] [review]
V00 update embedded libpng to version 1.6.20 (part 01, libpng)
(Assignee)

Comment 2

2 years ago
Created attachment 8696380 [details] [diff] [review]
V00 update embedded libpng to version 1.6.20 (part 02, configure.in)
(Assignee)

Comment 3

2 years ago
Please "try" both patches together.
Flags: needinfo?(ryanvm)
(Assignee)

Updated

2 years ago
Flags: needinfo?(ryanvm)
(Assignee)

Comment 4

2 years ago
Libpng-1.6.21 has been released.
Summary: Update in-tree libpng to version 1.6.20 → Update in-tree libpng to version 1.6.21
(Assignee)

Updated

2 years ago
Attachment #8696379 - Attachment is obsolete: true
(Assignee)

Updated

2 years ago
Attachment #8696380 - Attachment is obsolete: true
(Assignee)

Comment 5

2 years ago
Created attachment 8708689 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 01, libpng)
(Assignee)

Comment 6

2 years ago
Created attachment 8708690 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 02, configure.in)
(Assignee)

Comment 7

2 years ago
Please "try" the v01 patches
Flags: needinfo?(ryanvm)
(Assignee)

Comment 9

2 years ago
Try gave mixed results.  Three of the five Windows builds failed and some reftests failed; none seem to be related to libpng. Would it be worthwhile rerunning the Windows builds in case it was some kind of transient problem?
Flags: needinfo?(ryanvm)
The reftest failures are known intermittents and the Windows build failures were a known issue that we can't easily work around without re-pushing to Try. I'm inclined to just call the run good based on the runs that did run successfully.
Flags: needinfo?(ryanvm)
(Assignee)

Updated

2 years ago
Attachment #8708689 - Flags: review?(seth)
(Assignee)

Updated

2 years ago
Attachment #8708690 - Flags: review?(seth)
Comment on attachment 8708689 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 01, libpng)

Review of attachment 8708689 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good! Thanks for doing this, Glenn.

::: media/libpng/CHANGES
@@ +5476,5 @@
> +  In projects/vstudio, combined readme.txt and WARNING into README.txt
> +
> +Version 1.6.21rc02 [January 7, 2016]
> +  Relocated assert() in contrib/tools/pngfix.c, bug found by American
> +    Fuzzy Lop, reported by Brian Carpenter.

Heh, fun to see an acquaintance pop up in the change log.
Attachment #8708689 - Flags: review?(seth) → review+
Comment on attachment 8708690 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 02, configure.in)

Review of attachment 8708690 [details] [diff] [review]:
-----------------------------------------------------------------

Thumbs up.
Attachment #8708690 - Flags: review?(seth) → review+
(Assignee)

Updated

2 years ago
Keywords: checkin-needed
has problems to apply:

(eg '1-3,5', or 's' to toggle the sort order between id & patch description) 2
adding 1230757 to series file
renamed 1230757 -> v01-1231757-part02-configure-libpng-1.6.20.diff
applying v01-1231757-part02-configure-libpng-1.6.20.diff
patching file configure.in
Hunk #1 FAILED at 45
1 out of 1 hunks FAILED -- saving rejects to file configure.in.rej
patch failed, unable to continue (try -v)
patch failed, rejects left in working directory
errors during apply, please fix and qrefresh v01-1231757-part02-configure-libpng-1.6.20.diff
Flags: needinfo?(glennrp+bmo)
s/configure.in/old-configure.in should fix it
Flags: needinfo?(cbook)
(Assignee)

Comment 15

2 years ago
Created attachment 8724096 [details] [diff] [review]
V02 update embedded libpng to version 1.6.21 (part 02, old-configure.in)

Patch old-configure.in instead of configure.in
Attachment #8708690 - Attachment is obsolete: true
Flags: needinfo?(glennrp+bmo)
(Assignee)

Updated

2 years ago
Attachment #8724096 - Attachment description: V01 update embedded libpng to version 1.6.21 (part 02, old-configure.in) → V02 update embedded libpng to version 1.6.21 (part 02, old-configure.in)
(Assignee)

Comment 17

2 years ago
Created attachment 8724107 [details] [diff] [review]
V03 update embedded libpng to version 1.6.21 (part 02, old-configure.in)

MOZPNG value was wrong (010622 should be 010621)
Attachment #8724096 - Attachment is obsolete: true
(Assignee)

Comment 18

2 years ago
Please checkin v03 not v02
(Assignee)

Comment 20

2 years ago
Thanks, Pulsebot.
Flags: needinfo?(cbook)

Comment 21

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/be199e2f9e39
https://hg.mozilla.org/mozilla-central/rev/ea5b889ec09d
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox47: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
(Assignee)

Updated

2 years ago
Blocks: 1275901
You need to log in before you can comment on or make changes to this bug.