Compare commits
No commits in common. "c8" and "c9s" have entirely different histories.
28
.gitignore
vendored
28
.gitignore
vendored
@ -1 +1,27 @@
|
|||||||
SOURCES/libpng-1.6.34.tar.xz
|
/libpng-1.5.13.tar.bz2
|
||||||
|
/libpng-1.6.2.tar.gz
|
||||||
|
/libpng-1.6.3.tar.gz
|
||||||
|
/libpng-1.6.6.tar.gz
|
||||||
|
/libpng-1.6.8.tar.gz
|
||||||
|
/libpng-1.6.10.tar.gz
|
||||||
|
/libpng-1.6.12.tar.gz
|
||||||
|
/libpng-1.6.14.tar.gz
|
||||||
|
/libpng-1.6.16.tar.gz
|
||||||
|
/libpng-1.6.17.tar.gz
|
||||||
|
/libpng-1.6.18.tar.gz
|
||||||
|
/libpng-1.6.19.tar.gz
|
||||||
|
/libpng-1.6.20.tar.gz
|
||||||
|
/libpng-1.6.21.tar.gz
|
||||||
|
/libpng-1.6.22.tar.gz
|
||||||
|
/libpng-1.6.23.tar.gz
|
||||||
|
/libpng-1.6.24.tar.gz
|
||||||
|
/libpng-1.6.25.tar.gz
|
||||||
|
/libpng-1.6.26.tar.gz
|
||||||
|
/libpng-1.6.27.tar.gz
|
||||||
|
/libpng-1.6.28.tar.gz
|
||||||
|
/libpng-1.6.29.tar.xz
|
||||||
|
/libpng-1.6.31.tar.xz
|
||||||
|
/libpng-1.6.34.tar.xz
|
||||||
|
/libpng-1.6.35.tar.gz
|
||||||
|
/libpng-1.6.36.tar.gz
|
||||||
|
/libpng-1.6.37.tar.gz
|
||||||
|
|||||||
@ -1 +0,0 @@
|
|||||||
45de4ec996ffcc3e18037e7c128abe95f4d0292a SOURCES/libpng-1.6.34.tar.xz
|
|
||||||
@ -1,34 +0,0 @@
|
|||||||
From 9821583a771bfe2c75b7449d8ff83cb348291b3f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Cosmin Truta <ctruta@gmail.com>
|
|
||||||
Date: Sun, 17 Jun 2018 22:56:29 -0400
|
|
||||||
Subject: [PATCH] Fix the calculation of row_factor in png_check_chunk_length
|
|
||||||
|
|
||||||
(Bug report by Thuan Pham, SourceForge issue #278)
|
|
||||||
---
|
|
||||||
pngrutil.c | 9 ++++++---
|
|
||||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/pngrutil.c b/pngrutil.c
|
|
||||||
index 8692933..eab2973 100644
|
|
||||||
--- a/pngrutil.c
|
|
||||||
+++ b/pngrutil.c
|
|
||||||
@@ -3149,10 +3149,13 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length)
|
|
||||||
{
|
|
||||||
png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
|
|
||||||
size_t row_factor =
|
|
||||||
- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
|
|
||||||
- + 1 + (png_ptr->interlaced? 6: 0));
|
|
||||||
+ (size_t)png_ptr->width
|
|
||||||
+ * (size_t)png_ptr->channels
|
|
||||||
+ * (png_ptr->bit_depth > 8? 2: 1)
|
|
||||||
+ + 1
|
|
||||||
+ + (png_ptr->interlaced? 6: 0);
|
|
||||||
if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
|
|
||||||
- idat_limit=PNG_UINT_31_MAX;
|
|
||||||
+ idat_limit = PNG_UINT_31_MAX;
|
|
||||||
else
|
|
||||||
idat_limit = png_ptr->height * row_factor;
|
|
||||||
row_factor = row_factor > 32566? 32566 : row_factor;
|
|
||||||
--
|
|
||||||
2.17.1
|
|
||||||
|
|
||||||
@ -1,12 +0,0 @@
|
|||||||
diff --git a/libpng-config.in b/libpng-config.in
|
|
||||||
index 3739eb9..7f6b2cc 100644
|
|
||||||
--- a/libpng-config.in
|
|
||||||
+++ b/libpng-config.in
|
|
||||||
@@ -13,7 +13,6 @@
|
|
||||||
|
|
||||||
version=`pkg-config --modversion libpng`
|
|
||||||
prefix=`pkg-config --variable prefix libpng`
|
|
||||||
-exec_prefix=`pkg-config --variable exec_prefix libpng`
|
|
||||||
libdir=`pkg-config --variable libdir libpng`
|
|
||||||
includedir=`pkg-config --variable includedir libpng`
|
|
||||||
libs="-lpng@PNGLIB_MAJOR@@PNGLIB_MINOR@"
|
|
||||||
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-9
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||||
@ -39,7 +39,7 @@ diff --git a/pngset.c b/pngset.c
|
|||||||
index 4b78b8960c..47883684e4 100644
|
index 4b78b8960c..47883684e4 100644
|
||||||
--- a/pngset.c
|
--- a/pngset.c
|
||||||
+++ b/pngset.c
|
+++ b/pngset.c
|
||||||
@@ -1002,25 +1002,33 @@
|
@@ -1155,25 +1155,33 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
|
||||||
|
|
||||||
if (trans_alpha != NULL)
|
if (trans_alpha != NULL)
|
||||||
{
|
{
|
||||||
@ -60,7 +60,7 @@ index 4b78b8960c..47883684e4 100644
|
|||||||
+ /* Allocate info_ptr's copy of the transparency data. */
|
+ /* Allocate info_ptr's copy of the transparency data. */
|
||||||
info_ptr->trans_alpha = png_voidcast(png_bytep,
|
info_ptr->trans_alpha = png_voidcast(png_bytep,
|
||||||
png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
||||||
memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
|
memcpy(info_ptr->trans_alpha, trans_alpha, (size_t)num_trans);
|
||||||
+
|
+
|
||||||
+ /* Allocate an independent copy for png_struct, so that the
|
+ /* Allocate an independent copy for png_struct, so that the
|
||||||
+ * lifetime of png_ptr->trans_alpha is decoupled from the
|
+ * lifetime of png_ptr->trans_alpha is decoupled from the
|
||||||
@ -73,7 +73,7 @@ index 4b78b8960c..47883684e4 100644
|
|||||||
+ png_free(png_ptr, png_ptr->trans_alpha);
|
+ png_free(png_ptr, png_ptr->trans_alpha);
|
||||||
+ png_ptr->trans_alpha = png_voidcast(png_bytep,
|
+ png_ptr->trans_alpha = png_voidcast(png_bytep,
|
||||||
+ png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
+ png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
||||||
+ memcpy(png_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
|
+ memcpy(png_ptr->trans_alpha, trans_alpha, (size_t)num_trans);
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
@ -2,7 +2,7 @@ diff --git a/pngset.c b/pngset.c
|
|||||||
index 47883684e4..dccc6498d7 100644
|
index 47883684e4..dccc6498d7 100644
|
||||||
--- a/pngset.c
|
--- a/pngset.c
|
||||||
+++ b/pngset.c
|
+++ b/pngset.c
|
||||||
@@ -1006,9 +1006,13 @@
|
@@ -1159,9 +1159,13 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
|
||||||
|
|
||||||
if (num_trans > 0 && num_trans <= PNG_MAX_PALETTE_LENGTH)
|
if (num_trans > 0 && num_trans <= PNG_MAX_PALETTE_LENGTH)
|
||||||
{
|
{
|
||||||
@ -14,14 +14,14 @@ index 47883684e4..dccc6498d7 100644
|
|||||||
info_ptr->trans_alpha = png_voidcast(png_bytep,
|
info_ptr->trans_alpha = png_voidcast(png_bytep,
|
||||||
png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
||||||
+ memset(info_ptr->trans_alpha, 0xff, PNG_MAX_PALETTE_LENGTH);
|
+ memset(info_ptr->trans_alpha, 0xff, PNG_MAX_PALETTE_LENGTH);
|
||||||
memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
|
memcpy(info_ptr->trans_alpha, trans_alpha, (size_t)num_trans);
|
||||||
|
|
||||||
/* Allocate an independent copy for png_struct, so that the
|
/* Allocate an independent copy for png_struct, so that the
|
||||||
@@ -1024,6 +1028,7 @@
|
@@ -1177,6 +1181,7 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
|
||||||
png_free(png_ptr, png_ptr->trans_alpha);
|
png_free(png_ptr, png_ptr->trans_alpha);
|
||||||
png_ptr->trans_alpha = png_voidcast(png_bytep,
|
png_ptr->trans_alpha = png_voidcast(png_bytep,
|
||||||
png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
|
||||||
+ memset(png_ptr->trans_alpha, 0xff, PNG_MAX_PALETTE_LENGTH);
|
+ memset(png_ptr->trans_alpha, 0xff, PNG_MAX_PALETTE_LENGTH);
|
||||||
memcpy(png_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
|
memcpy(png_ptr->trans_alpha, trans_alpha, (size_t)num_trans);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
60
libpng-1.6-CVE-2026-33636.patch
Normal file
60
libpng-1.6-CVE-2026-33636.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
diff --git a/arm/palette_neon_intrinsics.c b/arm/palette_neon_intrinsics.c
|
||||||
|
index 3068e9b6e6..f3355bef59 100644
|
||||||
|
--- a/arm/palette_neon_intrinsics.c
|
||||||
|
+++ b/arm/palette_neon_intrinsics.c
|
||||||
|
@@ -79,7 +79,7 @@ png_do_expand_palette_rgba8_neon(png_structrp png_ptr, png_row_infop row_info,
|
||||||
|
*/
|
||||||
|
*ddp = *ddp - ((pixels_per_chunk * sizeof(png_uint_32)) - 1);
|
||||||
|
|
||||||
|
- for (i = 0; i < row_width; i += pixels_per_chunk)
|
||||||
|
+ for (i = 0; i + pixels_per_chunk <= row_width; i += pixels_per_chunk)
|
||||||
|
{
|
||||||
|
uint32x4_t cur;
|
||||||
|
png_bytep sp = *ssp - i, dp = *ddp - (i << 2);
|
||||||
|
@@ -89,13 +89,12 @@ png_do_expand_palette_rgba8_neon(png_structrp png_ptr, png_row_infop row_info,
|
||||||
|
cur = vld1q_lane_u32(riffled_palette + *(sp - 0), cur, 3);
|
||||||
|
vst1q_u32((void *)dp, cur);
|
||||||
|
}
|
||||||
|
- if (i != row_width)
|
||||||
|
- {
|
||||||
|
- /* Remove the amount that wasn't processed. */
|
||||||
|
- i -= pixels_per_chunk;
|
||||||
|
- }
|
||||||
|
|
||||||
|
- /* Decrement output pointers. */
|
||||||
|
+ /* Undo the pre-adjustment of *ddp before the pointer handoff,
|
||||||
|
+ * so the scalar fallback in pngrtran.c receives a dp that points
|
||||||
|
+ * to the correct position.
|
||||||
|
+ */
|
||||||
|
+ *ddp = *ddp + (pixels_per_chunk * 4 - 1);
|
||||||
|
*ssp = *ssp - i;
|
||||||
|
*ddp = *ddp - (i << 2);
|
||||||
|
return i;
|
||||||
|
@@ -120,7 +119,7 @@ png_do_expand_palette_rgb8_neon(png_structrp png_ptr, png_row_infop row_info,
|
||||||
|
/* Seeking this back by 8 pixels x 3 bytes. */
|
||||||
|
*ddp = *ddp - ((pixels_per_chunk * sizeof(png_color)) - 1);
|
||||||
|
|
||||||
|
- for (i = 0; i < row_width; i += pixels_per_chunk)
|
||||||
|
+ for (i = 0; i + pixels_per_chunk <= row_width; i += pixels_per_chunk)
|
||||||
|
{
|
||||||
|
uint8x8x3_t cur;
|
||||||
|
png_bytep sp = *ssp - i, dp = *ddp - ((i << 1) + i);
|
||||||
|
@@ -135,13 +134,11 @@ png_do_expand_palette_rgb8_neon(png_structrp png_ptr, png_row_infop row_info,
|
||||||
|
vst3_u8((void *)dp, cur);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (i != row_width)
|
||||||
|
- {
|
||||||
|
- /* Remove the amount that wasn't processed. */
|
||||||
|
- i -= pixels_per_chunk;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* Decrement output pointers. */
|
||||||
|
+ /* Undo the pre-adjustment of *ddp before the pointer handoff,
|
||||||
|
+ * so the scalar fallback in pngrtran.c receives a dp that points
|
||||||
|
+ * to the correct position.
|
||||||
|
+ */
|
||||||
|
+ *ddp = *ddp + (pixels_per_chunk * 3 - 1);
|
||||||
|
*ssp = *ssp - i;
|
||||||
|
*ddp = *ddp - ((i << 1) + i);
|
||||||
|
return i;
|
||||||
@ -1,57 +1,59 @@
|
|||||||
|
%bcond_without check
|
||||||
|
|
||||||
Summary: A library of functions for manipulating PNG image format files
|
Summary: A library of functions for manipulating PNG image format files
|
||||||
Name: libpng
|
Name: libpng
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Version: 1.6.34
|
Version: 1.6.37
|
||||||
Release: 11%{?dist}
|
Release: 17%{?dist}
|
||||||
License: zlib
|
License: zlib
|
||||||
Group: System Environment/Libraries
|
|
||||||
URL: http://www.libpng.org/pub/png/
|
URL: http://www.libpng.org/pub/png/
|
||||||
|
|
||||||
# Note: non-current tarballs get moved to the history/ subdirectory,
|
Source0: https://github.com/glennrp/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
# so look there if you fail to retrieve the version you want
|
|
||||||
Source0: https://ftp-osl.osuosl.org/pub/libpng/src/libpng16/libpng-%{version}.tar.xz
|
|
||||||
Source1: pngusr.dfa
|
Source1: pngusr.dfa
|
||||||
Patch0: libpng-multilib.patch
|
Patch0: libpng-multilib.patch
|
||||||
Patch1: libpng-fix-arm-neon.patch
|
Patch1: libpng-fix-arm-neon.patch
|
||||||
Patch2: libpng-CVE-2018-13785.patch
|
# from upstream, for <1.6.51, RHEL-131594
|
||||||
Patch3: libpng-coverity.patch
|
|
||||||
# from upstream, for <1.6.51, RHEL-131422
|
|
||||||
# https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643
|
# https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643
|
||||||
Patch4: libpng-1.6-CVE-2025-64720.patch
|
Patch2: libpng-1.6-CVE-2025-64720.patch
|
||||||
# from upstream, for <1.6.51, RHEL-131435
|
# from upstream, for <1.6.51, RHEL-131603
|
||||||
# https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d
|
# https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d
|
||||||
Patch5: libpng-1.6-CVE-2025-65018_p1of2.patch
|
Patch3: libpng-1.6-CVE-2025-65018_p1of2.patch
|
||||||
# https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
|
# https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
|
||||||
Patch6: libpng-1.6-CVE-2025-65018_p2of2.patch
|
Patch4: libpng-1.6-CVE-2025-65018_p2of2.patch
|
||||||
# from upstream, for <1.6.52, RHEL-133212
|
# from upstream, for <1.6.52, RHEL-133294
|
||||||
# https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1
|
# https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1
|
||||||
Patch7: libpng-1.6-CVE-2025-66293_p1of2.patch
|
Patch5: libpng-1.6-CVE-2025-66293_p1of2.patch
|
||||||
# https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a
|
# https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a
|
||||||
Patch8: libpng-1.6-CVE-2025-66293_p2of2.patch
|
Patch6: libpng-1.6-CVE-2025-66293_p2of2.patch
|
||||||
# from upstream, for <1.6.54, RHEL-148852
|
# from upstream, for <1.6.54, RHEL-147356
|
||||||
# https://github.com/pnggroup/libpng/commit/e4f7ad4ea2
|
# https://github.com/pnggroup/libpng/commit/e4f7ad4ea2
|
||||||
Patch9: libpng-1.6-cve-2026-22695.patch
|
Patch7: libpng-1.6-cve-2026-22695.patch
|
||||||
# from upstream, for <1.6.54, RHEL-146659
|
# from upstream, for <1.6.54, RHEL-149000
|
||||||
# https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072
|
# https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072
|
||||||
Patch10: libpng-1.6-cve-2026-22801.patch
|
Patch8: libpng-1.6-cve-2026-22801.patch
|
||||||
# from upstream, for <1.6.55, RHEL-148338
|
# from upstream, for <1.6.55, RHEL-148328
|
||||||
# https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
|
# https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
|
||||||
Patch11: libpng-1.6-cve-2026-25646.patch
|
Patch9: libpng-1.6-cve-2026-25646.patch
|
||||||
# from upstream, for <1.6.56 (fix), for <1.6.58 (regression fix), RHEL-161436
|
# from upstream, for <1.6.56, RHEL-161307
|
||||||
|
# https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3
|
||||||
|
Patch10: libpng-1.6-CVE-2026-33636.patch
|
||||||
|
# from upstream, for <1.6.56 (fix), for <1.6.58 (regression fix), RHEL-161456
|
||||||
# https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb
|
# https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb
|
||||||
Patch13: libpng-1.6-CVE-2026-33416_p1of5.patch
|
Patch12: libpng-1.6-CVE-2026-33416_p1of5.patch
|
||||||
# https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25
|
# https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25
|
||||||
Patch14: libpng-1.6-CVE-2026-33416_p2of5.patch
|
Patch13: libpng-1.6-CVE-2026-33416_p2of5.patch
|
||||||
# https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667
|
# https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667
|
||||||
Patch15: libpng-1.6-CVE-2026-33416_p3of5.patch
|
Patch14: libpng-1.6-CVE-2026-33416_p3of5.patch
|
||||||
# https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1
|
# https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1
|
||||||
Patch16: libpng-1.6-CVE-2026-33416_p4of5.patch
|
Patch15: libpng-1.6-CVE-2026-33416_p4of5.patch
|
||||||
# regression fix for 7ea9eea8 (part 3)
|
# regression fix for 7ea9eea8 (part 3)
|
||||||
# https://github.com/pnggroup/libpng/commit/d4c4e49eb5c8981075ec2cd946428758c0cda6ac
|
# https://github.com/pnggroup/libpng/commit/d4c4e49eb5c8981075ec2cd946428758c0cda6ac
|
||||||
Patch17: libpng-1.6-CVE-2026-33416_p5of5.patch
|
Patch16: libpng-1.6-CVE-2026-33416_p5of5.patch
|
||||||
|
|
||||||
|
BuildRequires: gcc
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
BuildRequires: autoconf automake libtool
|
BuildRequires: autoconf automake libtool
|
||||||
|
BuildRequires: make
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The libpng package contains a library of functions for creating and
|
The libpng package contains a library of functions for creating and
|
||||||
@ -65,9 +67,8 @@ files.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development tools for programs to manipulate PNG image format files
|
Summary: Development tools for programs to manipulate PNG image format files
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
Requires: zlib-devel%{?_isa} pkgconfig%{?_isa}
|
Requires: zlib-devel%{?_isa} pkgconfig
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
The libpng-devel package contains header files and documentation necessary
|
The libpng-devel package contains header files and documentation necessary
|
||||||
@ -79,7 +80,6 @@ the libpng package.
|
|||||||
|
|
||||||
%package static
|
%package static
|
||||||
Summary: Static PNG image format file library
|
Summary: Static PNG image format file library
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
|
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description static
|
%description static
|
||||||
@ -89,7 +89,6 @@ necessary for some boot packages.
|
|||||||
|
|
||||||
%package tools
|
%package tools
|
||||||
Summary: Tools for PNG image format file library
|
Summary: Tools for PNG image format file library
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description tools
|
%description tools
|
||||||
@ -102,36 +101,34 @@ cp -p %{SOURCE1} .
|
|||||||
|
|
||||||
%patch -P 0 -p1
|
%patch -P 0 -p1
|
||||||
%patch -P 1 -p1 -b .arm
|
%patch -P 1 -p1 -b .arm
|
||||||
%patch -P 2 -p1 -b .CVE-2018-13785
|
%patch -P 2 -p1 -b .CVE-2025-64720
|
||||||
%patch -P 3 -p1 -b .coverity
|
%patch -P 3 -p1 -b .CVE-2025-65018_p1of2
|
||||||
%patch -P 4 -p1 -b .CVE-2025-64720
|
%patch -P 4 -p1 -b .CVE-2025-65018_p2of2
|
||||||
%patch -P 5 -p1 -b .CVE-2025-65018_p1of2
|
%patch -P 5 -p1 -b .CVE-2025-66293_p1of2
|
||||||
%patch -P 6 -p1 -b .CVE-2025-65018_p2of2
|
%patch -P 6 -p1 -b .CVE-2025-66293_p2of2
|
||||||
%patch -P 7 -p1 -b .CVE-2025-66293_p1of2
|
%patch -P 7 -p1 -b .cve-2026-22695
|
||||||
%patch -P 8 -p1 -b .CVE-2025-66293_p2of2
|
%patch -P 8 -p1 -b .cve-2026-22801
|
||||||
%patch -P 9 -p1 -b .cve-2026-22695
|
%patch -P 9 -p1 -b .cve-2026-25646
|
||||||
%patch -P 10 -p1 -b .cve-2026-22801
|
%patch -P 10 -p1 -b .CVE-2026-33636
|
||||||
%patch -P 11 -p1 -b .cve-2026-25646
|
%patch -P 12 -p1 -b .CVE-2026-33416_p1of5
|
||||||
%patch -P 13 -p1 -b .CVE-2026-33416_p1of5
|
%patch -P 13 -p1 -b .CVE-2026-33416_p2of5
|
||||||
%patch -P 14 -p1 -b .CVE-2026-33416_p2of5
|
%patch -P 14 -p1 -b .CVE-2026-33416_p3of5
|
||||||
%patch -P 15 -p1 -b .CVE-2026-33416_p3of5
|
%patch -P 15 -p1 -b .CVE-2026-33416_p4of5
|
||||||
%patch -P 16 -p1 -b .CVE-2026-33416_p4of5
|
%patch -P 16 -p1 -b .CVE-2026-33416_p5of5
|
||||||
%patch -P 17 -p1 -b .CVE-2026-33416_p5of5
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -vif
|
autoreconf -vif
|
||||||
%configure
|
%configure
|
||||||
make %{?_smp_mflags} DFA_XTRA=pngusr.dfa
|
%make_build DFA_XTRA=pngusr.dfa
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make DESTDIR=$RPM_BUILD_ROOT install
|
%make_install
|
||||||
|
|
||||||
# We don't ship .la files.
|
# We don't ship .la files.
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
|
||||||
|
%if 0%{?with_check}
|
||||||
%check
|
%check
|
||||||
#to run make check use "--with check"
|
|
||||||
%if %{?_with_check:1}%{!?_with_check:0}
|
|
||||||
make check
|
make check
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -158,33 +155,83 @@ make check
|
|||||||
%{_bindir}/pngfix
|
%{_bindir}/pngfix
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed May 13 2026 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.37-11
|
* Tue Jun 02 2026 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.37-17
|
||||||
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161344)
|
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161456)
|
||||||
|
|
||||||
* Thu Mar 05 2026 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.34-10
|
* Mon Apr 27 2026 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.37-16
|
||||||
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148338)
|
- fix CVE-2026-33636: out-of-bounds R/W in the palette expansion on ARM Neon (RHEL-161307)
|
||||||
- fix CVE-2026-22695: heap buffer over-read in png_image_finish_read (RHEL-148852)
|
|
||||||
- fix CVE-2026-22801: heap buffer over-read in png_image_write_*bit (RHEL-146659)
|
|
||||||
|
|
||||||
* Tue Dec 16 2025 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.34-9
|
* Tue Mar 03 2026 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.37-15
|
||||||
- CVE-2025-64720: buffer overflow (RHEL-131452)
|
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148411)
|
||||||
- CVE-2025-65018: heap buffer overflow (RHEL-131465)
|
|
||||||
- CVE-2025-66293: out-of-bounds read in png_image_read_composite (RHEL-133226)
|
|
||||||
|
|
||||||
* Thu Nov 28 2019 Nikola Forró <nforro@redhat.com> - 2:1.6.34-8
|
* Thu Feb 19 2026 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.37-14
|
||||||
- Remove redundant fix for CVE-2017-12652
|
- fix CVE-2026-22801: heap buffer over-read in png_image_write_*bit (RHEL-147356)
|
||||||
|
- fix CVE-2026-22695: heap buffer over-read in png_image_finish_read (RHEL-149000)
|
||||||
|
|
||||||
* Tue Nov 26 2019 Nikola Forró <nforro@redhat.com> - 2:1.6.34-7
|
* Wed Jan 21 2026 Michal Hlavinka <mhlavink@redhat.com> - 2:1.6.37-13
|
||||||
- Add upstream test suite and enable it in gating
|
- CVE-2025-64720: buffer overflow (RHEL-131594)
|
||||||
|
- CVE-2025-65018: heap buffer overflow (RHEL-131603)
|
||||||
|
- CVE-2025-66293: out-of-bounds read in png_image_read_composite (RHEL-133294)
|
||||||
|
|
||||||
* Fri Nov 22 2019 Nikola Forró <nforro@redhat.com> - 2:1.6.34-6
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2:1.6.37-12
|
||||||
- Fix CVE-2017-12652 (#1744871)
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.34-5
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:1.6.37-11
|
||||||
- Fix important Covscan defects (#1602588)
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
* Wed Aug 01 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.34-4
|
* Wed Mar 24 2021 Nikola Forró <nforro@redhat.com> - 2:1.6.37-10
|
||||||
- Fix CVE-2018-13785 (#1599952)
|
- Remove the aarch64 test workaround, the patches causing the failures
|
||||||
|
have been dropped in zlib-1.2.11-25
|
||||||
|
|
||||||
|
* Thu Feb 11 2021 Nikola Forró <nforro@redhat.com> - 2:1.6.37-9
|
||||||
|
- Run %check by default
|
||||||
|
|
||||||
|
* Fri Feb 05 2021 Nikola Forró <nforro@redhat.com> - 2:1.6.37-8
|
||||||
|
- Use proper pngtest.png reference image on aarch64
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.37-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Nov 02 2020 Nikola Forró <nforro@redhat.com> - 2:1.6.37-6
|
||||||
|
- Remove libpng-devel dependency on arch-specific pkgconfig (#1893523)
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.37-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 2:1.6.37-4
|
||||||
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.37-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.37-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed May 22 2019 Nikola Forró <nforro@redhat.com> - 2:1.6.37-1
|
||||||
|
- New upstream release 1.6.37
|
||||||
|
|
||||||
|
* Wed Feb 27 2019 Debarshi Ray <rishi@fedoraproject.org> - 2:1.6.36-1
|
||||||
|
- New upstream release 1.6.36
|
||||||
|
|
||||||
|
* Fri Feb 08 2019 Nikola Forró <nforro@redhat.com> - 2:1.6.35-3
|
||||||
|
- Fix CVE-2019-7317 (#1672411)
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.35-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Oct 10 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.35-1
|
||||||
|
- New upstream release 1.6.35 (#1552349)
|
||||||
|
|
||||||
|
* Wed Aug 01 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.34-6
|
||||||
|
- Fix CVE-2018-13785 (#1599944)
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.34-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Feb 20 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.34-4
|
||||||
|
- Add missing gcc build dependency
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.34-3
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.34-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
Loading…
Reference in New Issue
Block a user