rpms/libpng/FC-5 libpng-splt-bug.patch, NONE, 1.1 libpng-trns-bug.patch, NONE, 1.1 libpng.spec, 1.27, 1.28
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed May 23 21:47:11 UTC 2007
- Previous message (by thread): rpms/libpng/FC-6 libpng-splt-bug.patch, NONE, 1.1 libpng-trns-bug.patch, NONE, 1.1 libpng.spec, 1.38, 1.39
- Next message (by thread): rpms/docbook-utils/devel docbook-utils-2ndspaces.patch, NONE, 1.1 docbook-utils.spec, 1.22, 1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tgl
Update of /cvs/dist/rpms/libpng/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv15653
Modified Files:
libpng.spec
Added Files:
libpng-splt-bug.patch libpng-trns-bug.patch
Log Message:
Add patches for CVE-2006-5793, CVE-2007-2445
libpng-splt-bug.patch:
pngset.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE libpng-splt-bug.patch ---
Fix for CVE-2006-5793 --- potential SIGSEGV due to copying past the end of
memory. (This is already applied in libpng 1.2.16 and up.)
diff -Naur libpng-1.2.10.orig/pngset.c libpng-1.2.10/pngset.c
--- libpng-1.2.10.orig/pngset.c 2006-04-23 14:45:34.000000000 -0400
+++ libpng-1.2.10/pngset.c 2007-05-13 10:04:38.000000000 -0400
@@ -976,10 +976,10 @@
/* TODO: use png_malloc_warn */
png_strcpy(to->name, from->name);
to->entries = (png_sPLT_entryp)png_malloc(png_ptr,
- from->nentries * png_sizeof(png_sPLT_t));
+ from->nentries * png_sizeof(png_sPLT_entry));
/* TODO: use png_malloc_warn */
png_memcpy(to->entries, from->entries,
- from->nentries * png_sizeof(png_sPLT_t));
+ from->nentries * png_sizeof(png_sPLT_entry));
to->nentries = from->nentries;
to->depth = from->depth;
}
libpng-trns-bug.patch:
pngrutil.c | 3 +++
1 files changed, 3 insertions(+)
--- NEW FILE libpng-trns-bug.patch ---
Fix for CVE-2007-2445 --- libpng crashes if CRC error is detected in
a grayscale tRNS chunk, because png_handle_tRNS leaves inconsistent state
which eventually leads to attempting to free() unallocated memory.
diff -Naur libpng-1.2.16.orig/pngrutil.c libpng-1.2.16/pngrutil.c
--- libpng-1.2.16.orig/pngrutil.c 2007-01-31 08:22:35.000000000 -0500
+++ libpng-1.2.16/pngrutil.c 2007-05-12 17:07:41.000000000 -0400
@@ -1314,7 +1314,10 @@
}
if (png_crc_finish(png_ptr, 0))
+ {
+ png_ptr->num_trans = 0;
return;
+ }
png_set_tRNS(png_ptr, info_ptr, readbuf, png_ptr->num_trans,
&(png_ptr->trans_values));
Index: libpng.spec
===================================================================
RCS file: /cvs/dist/rpms/libpng/FC-5/libpng.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- libpng.spec 11 Feb 2006 04:11:17 -0000 1.27
+++ libpng.spec 23 May 2007 21:47:09 -0000 1.28
@@ -1,12 +1,15 @@
Summary: A library of functions for manipulating PNG image format files.
Name: libpng
Version: 1.2.8
-Release: 2.2.1
+Release: 3%{?dist}
License: OSI certified
Group: System Environment/Libraries
Source: ftp://swrinde.nde.swri.edu/pub/png/src/libpng-%{version}.tar.bz2
Patch0: libpng-rhconf.patch
-Buildroot: %{_tmppath}/%{name}-%{version}-root
+Patch2: libpng-trns-bug.patch
+Patch3: libpng-splt-bug.patch
+
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildPrereq: zlib-devel
Provides: libpng.so.3
URL: http://www.libpng.org/pub/png/
@@ -27,7 +30,7 @@
%package devel
Summary: Development tools for programs to manipulate PNG image format files.
Group: Development/Libraries
-Requires: libpng = %{epoch}:%{version}, zlib-devel
+Requires: libpng = %{epoch}:%{version}-%{release}, zlib-devel, pkgconfig
%description devel
The libpng-devel package contains the header files and static
@@ -43,6 +46,8 @@
ln -s scripts/makefile.linux Makefile
%patch0 -p1 -b .rhconf
+%patch2 -p1
+%patch3 -p1
%build
make ZLIBLIB=%{_libdir} RPM_OPT_FLAGS="$RPM_OPT_FLAGS" LIBPATH=%{_libdir}
@@ -75,6 +80,14 @@
rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed May 23 2007 Tom Lane <tgl at redhat.com> 2:1.2.8-3
+- Add patch to fix CVE-2006-5793
+Related: #215405
+- Add patch to fix CVE-2007-2445
+Related: #239542
+- Require pkgconfig in the -devel subpackage
+Resolves: #217903
+
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 2:1.2.8-2.2.1
- bump again for double-long bug on ppc(64)
- Previous message (by thread): rpms/libpng/FC-6 libpng-splt-bug.patch, NONE, 1.1 libpng-trns-bug.patch, NONE, 1.1 libpng.spec, 1.38, 1.39
- Next message (by thread): rpms/docbook-utils/devel docbook-utils-2ndspaces.patch, NONE, 1.1 docbook-utils.spec, 1.22, 1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list