Patch-ID# 114818-07


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security gnome libpng graphics tetex
Synopsis: GNOME 2.0.0: libpng Patch
Date: Oct/03/2008


Install Requirements: NA

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product: GNOME

Unbundled Release: 2.0.0

Xref: This patch available for x86 as 114819

Topic:

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
480908715143342
490182215171290
497946015192455
501969915203119
507522715219072
655590015396092


Changes incorporated in this version: 6555900

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/lib/pkgconfig/libpng.pc
/usr/lib/pkgconfig/libpng12.pc
/usr/sfw/bin/libpng-config
/usr/sfw/bin/libpng12-config
/usr/sfw/include/libpng
/usr/sfw/include/libpng12/png.h
/usr/sfw/include/libpng12/pngconf.h
/usr/sfw/include/png.h
/usr/sfw/include/pngconf.h
/usr/sfw/lib/libpng.so
/usr/sfw/lib/libpng.so.2
/usr/sfw/lib/libpng.so.2.1.0.15
/usr/sfw/lib/libpng.so.3
/usr/sfw/lib/libpng.so.3.1.2.5
/usr/sfw/lib/libpng10.so
/usr/sfw/lib/libpng10.so.0
/usr/sfw/lib/libpng10.so.0.1.0.15
/usr/sfw/lib/libpng12.so
/usr/sfw/lib/libpng12.so.0
/usr/sfw/lib/libpng12.so.0.1.2.5
/usr/sfw/share/man/man3/libpng.3 (deleted)
/usr/sfw/share/man/man3/libpngpf.3 (deleted)
/usr/sfw/share/man/man5/png.5 (deleted)

Problem Description:

6555900 libpng: needs to be upgraded due to security vulnerability (DoS to linking apps), 
        CERT VU#684664
 
(from 114818-06)
 
5075227 multiple vulnerabilities in libpng [CAN-2004-0597]
 
(from 114818-05)
 
5019699 libpng12.pc has invalid prefix value which causes build failure when used
 
(from 114818-04)
 
4979460 Patches 114818-03 & 114819-03 causing S9U6 nightly build failures
 
(from 114818-03)
 
4901822 tetex 2.0.2 needs libpng 1.2.5 version for correct rendering of png images within tex documents.
 
(from 114818-02)
 
Remove 64bit binaries
 
(from 114818-01)
 
4809087 libpng buffer overflow


Patch Installation Instructions:
--------------------------------
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
scripts provided with Solaris.  Any other special or non-generic
installation instructions should be described below as special
instructions.  The following example installs a patch to a standalone
machine:
 
	example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
	example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
NOTE 1:  To get the 64-bit support for tetex (bugID 4901822), please
         also install one of the following patches:
 
         For S9 thru S9U3:  
         114820-02 (or greater)  GNOME 2.0.0: 64bit libpng patch
 
         For S9U4 or later:
         114822-01 (or greater)  GNOME 2.0.2: 64bit libpng patch
 
NOTE 2:  To get the complete fix for bugID 6555900 (libpng: needs to be
         upgraded due to security vulnerability, DoS to linking apps,
         CERT VU#684664), please also install the following patch:
 
	 139382-01 (or greater)  GNOME 2.0.2: libpng Patch


README -- Last modified date: Saturday, November 10, 2012