png: update to 1.6.37.

This is largely a bugfix-only release. Most importantly, it contains
a fix for a use-after-free vulnerability (CVE-2019-7317) affecting
the simplified libpng API, and a fix for a memory leak affecting the
ARM NEON implementation of the palette-to-RGB(A) expansion.

2 files changed, 7 insertions, 7 deletions

diff --git a/graphics/png/Makefile b/graphics/png/Makefile
index 46215eec215..4832843fe88 100644
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.197 2018/12/02 12:43:23 wiz Exp $
+# $NetBSD: Makefile,v 1.198 2019/04/17 07:05:20 wiz Exp $
 
-DISTNAME=	libpng-1.6.36
+DISTNAME=	libpng-1.6.37
 PKGNAME=	${DISTNAME:S/lib//}
 CATEGORIES=	graphics
 MASTER_SITES=	https://ftp-osl.osuosl.org/pub/libpng/src/archive/xz/libpng16/
diff --git a/graphics/png/distinfo b/graphics/png/distinfo
index 7716ce52d82..b51231e30ff 100644
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.141 2018/12/02 12:43:23 wiz Exp $
+$NetBSD: distinfo,v 1.142 2019/04/17 07:05:20 wiz Exp $
 
-SHA1 (libpng-1.6.36.tar.xz) = aec9548c8319104226cc4c31d1f5e524f1b55295
-RMD160 (libpng-1.6.36.tar.xz) = baafcb54ff4913da18c349b14d9a1e98973b17c0
-SHA512 (libpng-1.6.36.tar.xz) = a86ee977df69748e5039fb0ead883f1d3f88b8a701fa24cf8e62dd77c5871bb46397d794fa33ec1d0be1ac488246832ad79d0e6117ac093bdce1b2a1cfcb2bb0
-Size (libpng-1.6.36.tar.xz) = 1012544 bytes
+SHA1 (libpng-1.6.37.tar.xz) = 3ab93fabbf4c27e1c4724371df408d9a1bd3f656
+RMD160 (libpng-1.6.37.tar.xz) = 7d68b596480e994aeccb2794df48a3613f1de9c4
+SHA512 (libpng-1.6.37.tar.xz) = 59e8c1059013497ae616a14c3abbe239322d3873c6ded0912403fc62fb260561768230b6ab997e2cccc3b868c09f539fd13635616b9fa0dd6279a3f63ec7e074
+Size (libpng-1.6.37.tar.xz) = 1012272 bytes
 SHA1 (patch-pngpriv.h) = 3da29edb5d89ab26b9787a71b87c3fd8f451ea39