From 22146031cc3ac8db49f693dd098c4469d2218fa2 Mon Sep 17 00:00:00 2001 From: Petr Hracek Date: Tue, 28 Jan 2014 15:47:44 +0100 Subject: [PATCH] Adding CVE-2013-6954 patch --- libpng12-CVE-2013-6954.patch | 35 +++++++++++++++++++++++++++++++++++ libpng12.spec | 9 +++++++-- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 libpng12-CVE-2013-6954.patch diff --git a/libpng12-CVE-2013-6954.patch b/libpng12-CVE-2013-6954.patch new file mode 100644 index 0000000..afd80ef --- /dev/null +++ b/libpng12-CVE-2013-6954.patch @@ -0,0 +1,35 @@ +diff --git a/pngrtran.c b/pngrtran.c +index 7f0ff92..b57ce81 100644 +--- a/pngrtran.c ++++ b/pngrtran.c +@@ -1216,6 +1216,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr) + info_ptr->color_type = PNG_COLOR_TYPE_RGB; + info_ptr->bit_depth = 8; + info_ptr->num_trans = 0; ++ ++ if (png_ptr->palette == NULL) ++ png_error (png_ptr, "Palette is NULL in indexed image"); + } + else + { +diff --git a/pngset.c b/pngset.c +index 72d89fc..b1ce91d 100644 +--- a/pngset.c ++++ b/pngset.c +@@ -461,6 +461,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr, + return; + } + } ++ if ((num_palette > 0 && palette == NULL) || ++ (num_palette == 0 ++ # ifdef PNG_MNG_FEATURES_SUPPORTED ++ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 ++ # endif ++ )) ++ { ++ png_error(png_ptr, "Invalid palette"); ++ return; ++ } + + /* It may not actually be necessary to set png_ptr->palette here; + * we do it for backward compatibility with the way the png_handle_tRNS diff --git a/libpng12.spec b/libpng12.spec index a05850b..de81cdc 100644 --- a/libpng12.spec +++ b/libpng12.spec @@ -1,7 +1,7 @@ Summary: Old version of libpng, needed to run old binaries Name: libpng12 Version: 1.2.50 -Release: 5%{?dist} +Release: 6%{?dist} License: zlib Group: System Environment/Libraries URL: http://www.libpng.org/pub/png/ @@ -15,6 +15,7 @@ Source: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2 Patch0: libpng12-multilib.patch Patch1: libpng12-pngconf.patch +Patch2: libpng12-CVE-2013-6954.patch BuildRequires: zlib-devel, pkgconfig @@ -39,6 +40,7 @@ for developing programs using libpng12. %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %configure \ @@ -80,8 +82,11 @@ rm -fv $RPM_BUILD_ROOT%{_mandir}/man3/{libpng,libpngpf}.3* %{_libdir}/pkgconfig/libpng12.pc %changelog +* Tue Jan 28 2014 Petr Hracek - 1.2.50-6 +- Adding CVE-2013-6954 patch + * Sun Aug 18 2013 Rex Dieter - 1.2.50-5 -- -devel: fix so we can drop Conflicts: libpng-devel +- devel: fix so we can drop Conflicts: libpng-devel - drop libpng-compat stuff * Sat Aug 03 2013 Fedora Release Engineering - 1.2.50-4