Closed Bug 1230757 Opened 4 years ago Closed 4 years ago

Update in-tree libpng to version 1.6.21


(Core :: ImageLib, defect)

Not set



Tracking Status
firefox47 --- fixed


(Reporter: glennrp+bmo, Assigned: glennrp+bmo)




(2 files, 4 obsolete files)

Libpng-1.6.20 was released on December 3, 2015. It's a security release to fix CVE-2015-8472; mozilla is not vulnerable to that CVE when using either the embedded libpng or the system libpng.
Assignee: nobody → glennrp+bmo
Depends on: 1224244
Please "try" both patches together.
Flags: needinfo?(ryanvm)
Flags: needinfo?(ryanvm)
Libpng-1.6.21 has been released.
Summary: Update in-tree libpng to version 1.6.20 → Update in-tree libpng to version 1.6.21
Attachment #8696379 - Attachment is obsolete: true
Attachment #8696380 - Attachment is obsolete: true
Please "try" the v01 patches
Flags: needinfo?(ryanvm)
Try gave mixed results.  Three of the five Windows builds failed and some reftests failed; none seem to be related to libpng. Would it be worthwhile rerunning the Windows builds in case it was some kind of transient problem?
Flags: needinfo?(ryanvm)
The reftest failures are known intermittents and the Windows build failures were a known issue that we can't easily work around without re-pushing to Try. I'm inclined to just call the run good based on the runs that did run successfully.
Flags: needinfo?(ryanvm)
Attachment #8708689 - Flags: review?(seth)
Attachment #8708690 - Flags: review?(seth)
Comment on attachment 8708689 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 01, libpng)

Review of attachment 8708689 [details] [diff] [review]:

Looks good! Thanks for doing this, Glenn.

::: media/libpng/CHANGES
@@ +5476,5 @@
> +  In projects/vstudio, combined readme.txt and WARNING into README.txt
> +
> +Version 1.6.21rc02 [January 7, 2016]
> +  Relocated assert() in contrib/tools/pngfix.c, bug found by American
> +    Fuzzy Lop, reported by Brian Carpenter.

Heh, fun to see an acquaintance pop up in the change log.
Attachment #8708689 - Flags: review?(seth) → review+
Comment on attachment 8708690 [details] [diff] [review]
V01 update embedded libpng to version 1.6.21 (part 02,

Review of attachment 8708690 [details] [diff] [review]:

Thumbs up.
Attachment #8708690 - Flags: review?(seth) → review+
Keywords: checkin-needed
has problems to apply:

(eg '1-3,5', or 's' to toggle the sort order between id & patch description) 2
adding 1230757 to series file
renamed 1230757 -> v01-1231757-part02-configure-libpng-1.6.20.diff
applying v01-1231757-part02-configure-libpng-1.6.20.diff
patching file
Hunk #1 FAILED at 45
1 out of 1 hunks FAILED -- saving rejects to file
patch failed, unable to continue (try -v)
patch failed, rejects left in working directory
errors during apply, please fix and qrefresh v01-1231757-part02-configure-libpng-1.6.20.diff
Flags: needinfo?(glennrp+bmo)
s/ should fix it
Flags: needinfo?(cbook)
Patch instead of
Attachment #8708690 - Attachment is obsolete: true
Flags: needinfo?(glennrp+bmo)
Attachment #8724096 - Attachment description: V01 update embedded libpng to version 1.6.21 (part 02, → V02 update embedded libpng to version 1.6.21 (part 02,
MOZPNG value was wrong (010622 should be 010621)
Attachment #8724096 - Attachment is obsolete: true
Please checkin v03 not v02
Thanks, Pulsebot.
Flags: needinfo?(cbook)
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
Blocks: 1275901
You need to log in before you can comment on or make changes to this bug.