Closed Bug 1230757 Opened 4 years ago Closed 4 years ago

Update in-tree libpng to version 1.6.21

Categories

(Core :: ImageLib, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla47
Tracking Status
firefox47 --- fixed

People

(Reporter: glennrp+bmo, Assigned: glennrp+bmo)

References

Details

Attachments

(2 files, 4 obsolete files)

Libpng-1.6.20 was released on December 3, 2015. It's a security release to fix CVE-2015-8472; mozilla is not vulnerable to that CVE when using either the embedded libpng or the system libpng.
Assignee: nobody → glennrp+bmo
Depends on: 1224244
Status: NEW → ASSIGNED
Please "try" both patches together.
Flags: needinfo?(ryanvm)
Flags: needinfo?(ryanvm)
Libpng-1.6.21 has been released.
Summary: Update in-tree libpng to version 1.6.20 → Update in-tree libpng to version 1.6.21
Attachment #8696379 - Attachment is obsolete: true
Attachment #8696380 - Attachment is obsolete: true
Please "try" the v01 patches
Flags: needinfo?(ryanvm)
Try gave mixed results.  Three of the five Windows builds failed and some reftests failed; none seem to be related to libpng. Would it be worthwhile rerunning the Windows builds in case it was some kind of transient problem?
Flags: needinfo?(ryanvm)
The reftest failures are known intermittents and the Windows build failures were a known issue that we can't easily work around without re-pushing to Try. I'm inclined to just call the run good based on the runs that did run successfully.
Flags: needinfo?(ryanvm)
Attachment #8708689 - Flags: review?(seth)
Attachment #8708690 - Flags: review?(seth)
Comment on attachment 8708689 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 01, libpng)

Review of attachment 8708689 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good! Thanks for doing this, Glenn.

::: media/libpng/CHANGES
@@ +5476,5 @@
> +  In projects/vstudio, combined readme.txt and WARNING into README.txt
> +
> +Version 1.6.21rc02 [January 7, 2016]
> +  Relocated assert() in contrib/tools/pngfix.c, bug found by American
> +    Fuzzy Lop, reported by Brian Carpenter.

Heh, fun to see an acquaintance pop up in the change log.
Attachment #8708689 - Flags: review?(seth) → review+
Comment on attachment 8708690 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 02, configure.in)

Review of attachment 8708690 [details] [diff] [review]:
-----------------------------------------------------------------

Thumbs up.
Attachment #8708690 - Flags: review?(seth) → review+
Keywords: checkin-needed
has problems to apply:

(eg '1-3,5', or 's' to toggle the sort order between id & patch description) 2
adding 1230757 to series file
renamed 1230757 -> v01-1231757-part02-configure-libpng-1.6.20.diff
applying v01-1231757-part02-configure-libpng-1.6.20.diff
patching file configure.in
Hunk #1 FAILED at 45
1 out of 1 hunks FAILED -- saving rejects to file configure.in.rej
patch failed, unable to continue (try -v)
patch failed, rejects left in working directory
errors during apply, please fix and qrefresh v01-1231757-part02-configure-libpng-1.6.20.diff
Flags: needinfo?(glennrp+bmo)
s/configure.in/old-configure.in should fix it
Flags: needinfo?(cbook)
Patch old-configure.in instead of configure.in
Attachment #8708690 - Attachment is obsolete: true
Flags: needinfo?(glennrp+bmo)
Attachment #8724096 - Attachment description: V01 update embedded libpng to version 1.6.21 (part 02, old-configure.in) → V02 update embedded libpng to version 1.6.21 (part 02, old-configure.in)
MOZPNG value was wrong (010622 should be 010621)
Attachment #8724096 - Attachment is obsolete: true
Please checkin v03 not v02
Thanks, Pulsebot.
Flags: needinfo?(cbook)
https://hg.mozilla.org/mozilla-central/rev/be199e2f9e39
https://hg.mozilla.org/mozilla-central/rev/ea5b889ec09d
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
Blocks: 1275901
You need to log in before you can comment on or make changes to this bug.