import libpng15-1.5.30-7.el8

c8 imports/c8/libpng15-1.5.30-7.el8
CentOS Sources 5 years ago committed by MSVSphere Packaging Team
commit 60923810ff

1
.gitignore vendored

@ -0,0 +1 @@
SOURCES/libpng-1.5.30.tar.xz

@ -0,0 +1 @@
d3736c0235721b089abc72462fc6d961f75c972e SOURCES/libpng-1.5.30.tar.xz

@ -0,0 +1,21 @@
diff --git a/pngset.c b/pngset.c
index 4177e62..3876103 100644
--- a/pngset.c
+++ b/pngset.c
@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
return;
}
}
+ if ((num_palette > 0 && palette == NULL) ||
+ (num_palette == 0
+ # ifdef PNG_MNG_FEATURES_SUPPORTED
+ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
+ # endif
+ ))
+ {
+ png_error(png_ptr, "Invalid palette");
+ return;
+ }
/* It may not actually be necessary to set png_ptr->palette here;
* we do it for backward compatibility with the way the png_handle_tRNS

@ -0,0 +1,34 @@
From 1748e52e41b7bd8bde8cc917053c39bd6849c17d Mon Sep 17 00:00:00 2001
From: Cosmin Truta <ctruta@gmail.com>
Date: Sun, 17 Jun 2018 22:56:29 -0400
Subject: [PATCH] Fix the calculation of row_factor in png_check_chunk_length
(Bug report by Thuan Pham, SourceForge issue #278)
---
pngrutil.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/pngrutil.c b/pngrutil.c
index d5a344d..1e90863 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -2839,10 +2839,13 @@ png_check_chunk_length(png_structp png_ptr, png_uint_32 length)
{
png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
size_t row_factor =
- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
- + 1 + (png_ptr->interlaced? 6: 0));
+ (size_t)png_ptr->width
+ * (size_t)png_ptr->channels
+ * (png_ptr->bit_depth > 8? 2: 1)
+ + 1
+ + (png_ptr->interlaced? 6: 0);
if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
- idat_limit=PNG_UINT_31_MAX;
+ idat_limit = PNG_UINT_31_MAX;
else
idat_limit = png_ptr->height * row_factor;
row_factor = row_factor > 32566? 32566 : row_factor;
--
2.17.1

@ -0,0 +1,6 @@
# Enable use of "safe" default limits on image size and chunk size.
#option SAFE_LIMITS on
# However, the default defaults seem a tad too restrictive for general
# purpose use, so back them off a little.
setting USER_CHUNK_CACHE_MAX default 1000
setting USER_CHUNK_MALLOC_MAX default 1000000000

@ -0,0 +1,58 @@
Summary: Old version of libpng, needed to run old binaries
Name: libpng15
Version: 1.5.30
Release: 7%{?dist}
License: zlib
URL: http://www.libpng.org/pub/png/
# Note: non-current tarballs get moved to the history/ subdirectory,
# so look there if you fail to retrieve the version you want
Source0: https://ftp-osl.osuosl.org/pub/libpng/src/libpng15/libpng-%{version}.tar.xz
Source1: pngusr.dfa
Patch0: libpng15-CVE-2013-6954.patch
Patch1: libpng15-CVE-2018-13785.patch
BuildRequires: gcc
BuildRequires: zlib-devel
%description
The libpng15 package provides libpng 1.5, an older version of the libpng.
library for manipulating PNG (Portable Network Graphics) image format files.
This version should be used only if you are unable to use the current
version of libpng.
%prep
%setup -q -n libpng-%{version}
%patch0 -p1
%patch1 -p1
# Provide pngusr.dfa for build.
cp -p %{SOURCE1} .
%build
%configure --disable-static
make %{?_smp_mflags} DFA_XTRA=pngusr.dfa
%install
make DESTDIR=$RPM_BUILD_ROOT install
# We don't ship .la files.
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
rm -rf $RPM_BUILD_ROOT%{_libdir}/libpng*.so
rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libpng.pc
rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libpng15.pc
rm -rf $RPM_BUILD_ROOT%{_mandir}/*
rm -rf $RPM_BUILD_ROOT%{_includedir}/*
rm -rf $RPM_BUILD_ROOT%{_bindir}/*
%files
%doc LICENSE
%{_libdir}/libpng15.so.*
%changelog
* Thu Jun 06 2019 Nikola Forró <nforro@redhat.com> - 1.5.30-7
- New package for RHEL 8.1.0
resolves: #1687581
Loading…
Cancel
Save