rpms/libpng
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to libpng 1.5.9

Browse Source
This commit is contained in:
Tom Lane 2012-03-11 19:07:20 -04:00
parent 403f53232d
commit fab31ee76c
5 changed files with 12 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
/libpng-1.5.8.tar.bz2 /libpng-1.5.9.tar.bz2
/libpng-1.2.46.tar.bz2 /libpng-1.2.48.tar.bz2

27
libpng-cve-2011-3026-15.patch
View File

@ -1,27 +0,0 @@
Patch for CVE-2011-3026 in libpng 1.4 and up, from John Bowler.
diff -Naur libpng-1.5.8.orig/pngrutil.c libpng-1.5.8/pngrutil.c
--- libpng-1.5.8.orig/pngrutil.c 2012-02-01 00:00:34.000000000 -0500
+++ libpng-1.5.8/pngrutil.c 2012-02-16 13:26:51.627339765 -0500
@@ -432,15 +432,18 @@
/* Now check the limits on this chunk - if the limit fails the
* compressed data will be removed, the prefix will remain.
*/
+ if (prefix_size >= (~(png_size_t)0) - 1 ||
+ expanded_size >= (~(png_size_t)0) - 1 - prefix_size
#ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
- if (png_ptr->user_chunk_malloc_max &&
+ || (png_ptr->user_chunk_malloc_max &&
(prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
#else
# ifdef PNG_USER_CHUNK_MALLOC_MAX
- if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
+ || ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
# endif
#endif
+ )
png_warning(png_ptr, "Exceeded size limit while expanding chunk");
/* If the size is zero either there was an error and a message

24
libpng-cve-2011-3026.patch
View File

@ -1,24 +0,0 @@
Original Chromium patch for CVE-2011-3026.
diff -Naur libpng-1.2.46.orig/pngrutil.c libpng-1.2.46/pngrutil.c
--- libpng-1.2.46.orig/pngrutil.c 2011-07-09 06:30:23.000000000 -0400
+++ libpng-1.2.46/pngrutil.c 2012-02-16 10:28:14.433079740 -0500
@@ -363,8 +363,15 @@
{
/* Success (maybe) - really uncompress the chunk. */
png_size_t new_size = 0;
- png_charp text = png_malloc_warn(png_ptr,
- prefix_size + expanded_size + 1);
+ png_charp text = NULL;
+ /* Need to check for both truncation (64-bit platforms) and integer
+ * overflow.
+ */
+ if (prefix_size + expanded_size > prefix_size &&
+ prefix_size + expanded_size < 0xffffffffU)
+ {
+ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
+ }
if (text != NULL)
{

18
libpng.spec
View File

@ -1,8 +1,8 @@
Summary: A library of functions for manipulating PNG image format files Summary: A library of functions for manipulating PNG image format files
Name: libpng Name: libpng
Epoch: 2 Epoch: 2
Version: 1.5.8 Version: 1.5.9
Release: 2%{?dist} Release: 1%{?dist}
License: zlib License: zlib
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.libpng.org/pub/png/ URL: http://www.libpng.org/pub/png/
@ -12,7 +12,7 @@ URL: http://www.libpng.org/pub/png/
# be recompiled. The compatibility library is placed in a separate # be recompiled. The compatibility library is placed in a separate
# sub-RPM, libpng-compat. There is no support for recompiling source code # sub-RPM, libpng-compat. There is no support for recompiling source code
# against the old version. # against the old version.
%global prevversion 1.2.46 %global prevversion 1.2.48
# Note: non-current tarballs get moved to the history/ subdirectory, # Note: non-current tarballs get moved to the history/ subdirectory,
# so look there if you fail to retrieve the version you want # so look there if you fail to retrieve the version you want
@ -21,8 +21,6 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{prevversion}.tar.bz2 Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{prevversion}.tar.bz2
Patch0: libpng-multilib.patch Patch0: libpng-multilib.patch
Patch1: libpng-cve-2011-3026-15.patch
Patch2: libpng-cve-2011-3026.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel, pkgconfig BuildRequires: zlib-devel, pkgconfig
@ -44,7 +42,7 @@ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: zlib-devel pkgconfig Requires: zlib-devel pkgconfig
# TEMPORARILY pretend that we supply libpng12.pc; this is just to avoid # TEMPORARILY pretend that we supply libpng12.pc; this is just to avoid
# dependency failures during the rebuild cycle for libpng 1.5 # dependency failures during the rebuild cycle for libpng 1.5
Provides: pkgconfig(libpng12) = 1.2.46 Provides: pkgconfig(libpng12) = %{prevversion}
%description devel %description devel
The libpng-devel package contains header files and documentation necessary The libpng-devel package contains header files and documentation necessary
@ -75,13 +73,9 @@ This package contains shared libraries (only) for libpng 1.2.x.
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
tar xfj %{SOURCE1} tar xfj %{SOURCE1}
# patch the compat package: -p0 is intentional here
%patch2 -p0
%build %build
%configure %configure
make %{?_smp_mflags} make %{?_smp_mflags}
@ -146,6 +140,10 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Sun Mar 11 2012 Tom Lane <tgl@redhat.com> 2:1.5.9-1
- Update to libpng 1.5.9 and 1.2.48, for minor security issues (CVE-2011-3045)
Resolves: #801667
* Thu Feb 16 2012 Tom Lane <tgl@redhat.com> 2:1.5.8-2 * Thu Feb 16 2012 Tom Lane <tgl@redhat.com> 2:1.5.8-2
- Fix CVE-2011-3026 - Fix CVE-2011-3026
Resolves: #791183 Resolves: #791183

4
sources
View File

@ -1,2 +1,2 @@
3b0aac862a247eeabecca44674686dfc libpng-1.5.8.tar.bz2 684ba5f05da436a99c6303a83c7856d6 libpng-1.5.9.tar.bz2
e8b43dc78ef95b3949af7f961d76874b libpng-1.2.46.tar.bz2 7612af5660cd4b5e8c433ce53bea01a7 libpng-1.2.48.tar.bz2