Hi, On Tue, Aug 28, 2012 at 4:25 PM, Nobuhiro Iwamatsu <iwama...@nigauri.org> wrote: > Hi, > > On Thu, Aug 23, 2012 at 12:25 AM, Moritz Mühlenhoff <j...@inutil.org> wrote: >> Adam D. Barratt <a...@adam-barratt.org.uk> schrieb: >>> Control: tags -1 + moreinfo >>> >>> On Fri, 2012-07-13 at 13:03 +1000, AnÃbal Monsalve Salazar wrote: >>>> Please unblock libpng (with udeb binary package). >>>> >>>> Upstream released libpng 1.2.50 to fix CVE-2012-3386 recently. I >>>> extracted the relevant change. The debdiff is below. >>> [...] >>>> +--- a/Makefile.in 2012-03-29 15:47:09.000000000 +1100 >>>> ++++ b/Makefile.in 2012-07-10 10:37:13.000000000 +1000 >>>> +@@ -1146,7 +1146,7 @@ distcheck: dist >>>> + *.zip*) \ >>>> + unzip $(distdir).zip ;;\ >>>> + esac >>>> +- chmod -R a-w $(distdir); chmod a+w $(distdir) >>>> ++ chmod -R a-w $(distdir); chmod u+w $(distdir) >>> >>> Is this code ever actually executed at any point during building or >>> using the Debian package? >> >> This shouldn't be needed, since this issue is already fixed >> in automake. >> > > I see. This is fixed upstream in versions 1.11.6 and 1.12.2. > I will remove this patch, and I upload again. >
I uploaded libpng 1.2.49-3.
Because version 1.2.49-1 was built with automake 1.11.4-1, this has a problem.
But 1.2.49-3 was build with automake 1.11.6-1, this problem is fixed.
Could you unblock libpng 1.2.49-3?
Best regards,
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
libpng_1.2.49-3.debdiff
Description: Binary data
