commit
60923810ff
@ -0,0 +1 @@
|
|||||||
|
SOURCES/libpng-1.5.30.tar.xz
|
@ -0,0 +1 @@
|
|||||||
|
d3736c0235721b089abc72462fc6d961f75c972e SOURCES/libpng-1.5.30.tar.xz
|
@ -0,0 +1,21 @@
|
|||||||
|
diff --git a/pngset.c b/pngset.c
|
||||||
|
index 4177e62..3876103 100644
|
||||||
|
--- a/pngset.c
|
||||||
|
+++ b/pngset.c
|
||||||
|
@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ if ((num_palette > 0 && palette == NULL) ||
|
||||||
|
+ (num_palette == 0
|
||||||
|
+ # ifdef PNG_MNG_FEATURES_SUPPORTED
|
||||||
|
+ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
|
||||||
|
+ # endif
|
||||||
|
+ ))
|
||||||
|
+ {
|
||||||
|
+ png_error(png_ptr, "Invalid palette");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* It may not actually be necessary to set png_ptr->palette here;
|
||||||
|
* we do it for backward compatibility with the way the png_handle_tRNS
|
@ -0,0 +1,34 @@
|
|||||||
|
From 1748e52e41b7bd8bde8cc917053c39bd6849c17d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Cosmin Truta <ctruta@gmail.com>
|
||||||
|
Date: Sun, 17 Jun 2018 22:56:29 -0400
|
||||||
|
Subject: [PATCH] Fix the calculation of row_factor in png_check_chunk_length
|
||||||
|
|
||||||
|
(Bug report by Thuan Pham, SourceForge issue #278)
|
||||||
|
---
|
||||||
|
pngrutil.c | 9 ++++++---
|
||||||
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pngrutil.c b/pngrutil.c
|
||||||
|
index d5a344d..1e90863 100644
|
||||||
|
--- a/pngrutil.c
|
||||||
|
+++ b/pngrutil.c
|
||||||
|
@@ -2839,10 +2839,13 @@ png_check_chunk_length(png_structp png_ptr, png_uint_32 length)
|
||||||
|
{
|
||||||
|
png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
|
||||||
|
size_t row_factor =
|
||||||
|
- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
|
||||||
|
- + 1 + (png_ptr->interlaced? 6: 0));
|
||||||
|
+ (size_t)png_ptr->width
|
||||||
|
+ * (size_t)png_ptr->channels
|
||||||
|
+ * (png_ptr->bit_depth > 8? 2: 1)
|
||||||
|
+ + 1
|
||||||
|
+ + (png_ptr->interlaced? 6: 0);
|
||||||
|
if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
|
||||||
|
- idat_limit=PNG_UINT_31_MAX;
|
||||||
|
+ idat_limit = PNG_UINT_31_MAX;
|
||||||
|
else
|
||||||
|
idat_limit = png_ptr->height * row_factor;
|
||||||
|
row_factor = row_factor > 32566? 32566 : row_factor;
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
@ -0,0 +1,6 @@
|
|||||||
|
# Enable use of "safe" default limits on image size and chunk size.
|
||||||
|
#option SAFE_LIMITS on
|
||||||
|
# However, the default defaults seem a tad too restrictive for general
|
||||||
|
# purpose use, so back them off a little.
|
||||||
|
setting USER_CHUNK_CACHE_MAX default 1000
|
||||||
|
setting USER_CHUNK_MALLOC_MAX default 1000000000
|
@ -0,0 +1,58 @@
|
|||||||
|
Summary: Old version of libpng, needed to run old binaries
|
||||||
|
Name: libpng15
|
||||||
|
Version: 1.5.30
|
||||||
|
Release: 7%{?dist}
|
||||||
|
License: zlib
|
||||||
|
URL: http://www.libpng.org/pub/png/
|
||||||
|
|
||||||
|
# Note: non-current tarballs get moved to the history/ subdirectory,
|
||||||
|
# so look there if you fail to retrieve the version you want
|
||||||
|
Source0: https://ftp-osl.osuosl.org/pub/libpng/src/libpng15/libpng-%{version}.tar.xz
|
||||||
|
|
||||||
|
Source1: pngusr.dfa
|
||||||
|
|
||||||
|
Patch0: libpng15-CVE-2013-6954.patch
|
||||||
|
Patch1: libpng15-CVE-2018-13785.patch
|
||||||
|
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: zlib-devel
|
||||||
|
|
||||||
|
%description
|
||||||
|
The libpng15 package provides libpng 1.5, an older version of the libpng.
|
||||||
|
library for manipulating PNG (Portable Network Graphics) image format files.
|
||||||
|
This version should be used only if you are unable to use the current
|
||||||
|
version of libpng.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n libpng-%{version}
|
||||||
|
|
||||||
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
|
# Provide pngusr.dfa for build.
|
||||||
|
cp -p %{SOURCE1} .
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure --disable-static
|
||||||
|
make %{?_smp_mflags} DFA_XTRA=pngusr.dfa
|
||||||
|
|
||||||
|
%install
|
||||||
|
make DESTDIR=$RPM_BUILD_ROOT install
|
||||||
|
|
||||||
|
# We don't ship .la files.
|
||||||
|
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
rm -rf $RPM_BUILD_ROOT%{_libdir}/libpng*.so
|
||||||
|
rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libpng.pc
|
||||||
|
rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libpng15.pc
|
||||||
|
rm -rf $RPM_BUILD_ROOT%{_mandir}/*
|
||||||
|
rm -rf $RPM_BUILD_ROOT%{_includedir}/*
|
||||||
|
rm -rf $RPM_BUILD_ROOT%{_bindir}/*
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc LICENSE
|
||||||
|
%{_libdir}/libpng15.so.*
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Thu Jun 06 2019 Nikola Forró <nforro@redhat.com> - 1.5.30-7
|
||||||
|
- New package for RHEL 8.1.0
|
||||||
|
resolves: #1687581
|
Loading…
Reference in new issue