New upstream release 1.6.35 (#1552349)

2018-10-10 17:49:42 +02:00 · 2018-10-10 17:49:42 +02:00 · 31e1c96398
commit 31e1c96398
parent 5bedc9e43f
4 changed files with 8 additions and 44 deletions
--- a/.gitignore
+++ b/.gitignore
@ -22,3 +22,4 @@
 /libpng-1.6.29.tar.xz
 /libpng-1.6.31.tar.xz
 /libpng-1.6.34.tar.xz
+/libpng-1.6.35.tar.gz
--- a/libpng-CVE-2018-13785.patch
+++ b/libpng-CVE-2018-13785.patch
@ -1,35 +0,0 @@
-From 3a50b3eca60a9e2c80c1f08d268ed628d80eb5ba Mon Sep 17 00:00:00 2001
-From: Cosmin Truta <ctruta@gmail.com>
-Date: Sun, 17 Jun 2018 22:56:29 -0400
-Subject: [PATCH] [libpng16] Fix the calculation of row_factor in
- png_check_chunk_length
-
-(Bug report by Thuan Pham, SourceForge issue #278)
---
- pngrutil.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/pngrutil.c b/pngrutil.c
-index 8692933..eab2973 100644
--- a/pngrutil.c
-+++ b/pngrutil.c
-@@ -3149,10 +3149,13 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length)
-    {
-       png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
-       size_t row_factor =
-         (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
-          + 1 + (png_ptr->interlaced? 6: 0));
-+         (size_t)png_ptr->width
-+         * (size_t)png_ptr->channels
-+         * (png_ptr->bit_depth > 8? 2: 1)
-+         + 1
-+         + (png_ptr->interlaced? 6: 0);
-       if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
-         idat_limit=PNG_UINT_31_MAX;
-+         idat_limit = PNG_UINT_31_MAX;
-       else
-          idat_limit = png_ptr->height * row_factor;
-       row_factor = row_factor > 32566? 32566 : row_factor;
-- 
-2.17.1
-
--- a/libpng.spec
+++ b/libpng.spec
@ -1,20 +1,16 @@
 Summary:       A library of functions for manipulating PNG image format files
 Name:          libpng
 Epoch:         2
-Version:       1.6.34
-Release:       6%{?dist}
+Version:       1.6.35
+Release:       1%{?dist}
 License:       zlib
 Group:         System Environment/Libraries
 URL:           http://www.libpng.org/pub/png/

-# Note: non-current tarballs get moved to the history/ subdirectory,
-# so look there if you fail to retrieve the version you want
-Source0:       https://ftp-osl.osuosl.org/pub/libpng/src/libpng16/libpng-%{version}.tar.xz
+Source0:       https://github.com/glennrp/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:       pngusr.dfa
 Patch0:        libpng-multilib.patch
 Patch1:        libpng-fix-arm-neon.patch
-Patch2:        libpng-CVE-2018-13785.patch
-

 BuildRequires: gcc
 BuildRequires: zlib-devel
@ -69,7 +65,6 @@ cp -p %{SOURCE1} .

 %patch0 -p1
 %patch1 -p1 -b .arm
-%patch2 -p1 -b .CVE-2018-13785

 %build
 autoreconf -vif
@ -111,6 +106,9 @@ make check
 %{_bindir}/pngfix

 %changelog
+* Wed Oct 10 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.35-1
+- New upstream release 1.6.35 (#1552349)
+
 * Wed Aug 01 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.34-6
 - Fix CVE-2018-13785 (#1599944)

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (libpng-1.6.34.tar.xz) = 89407c5abc1623faaa3992fc1e4a62def671d9a7401108dfceee895d5f16fe7030090bea89b34a36d377d8e6a5d40046886991f663ce075d1a2d31bf9eaf3c51
+SHA512 (libpng-1.6.35.tar.gz) = 1b6e2664bd80726e8f6ef7ea4f23d311a883841086a4a60700dfd11621130808c24487c744c8a942219980eb29b244e81965aebfc4ab7f637693f537f4e8e148