Update to 1.4.8 (CVE-2011-2690, CVE-2011-2692)

14 years ago · af26964030
parent d3842962c9
commit af26964030
4 changed files with 9 additions and 63 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 libpng-1.4.3.tar.bz2
 /libpng-1.4.8.tar.xz
--- a/libpng-CVE-2011-2501.patch
+++ b/libpng-CVE-2011-2501.patch
@ -1,49 +0,0 @@
 Patch from:
  http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af
 to fix:
  https://bugzilla.redhat.com/show_bug.cgi?id=717510
  https://bugzilla.redhat.com/show_bug.cgi?id=717511
  CVE-2011-2501
 I have modified this patch to remove the changes to ANNOUNCE
 and CHANGES files, and the hunk in pngerror.c which just updates
 a comment.
  - RWMJ.
 From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
 From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
 Date: Tue, 7 Jun 2011 14:58:07 -0500
 Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
 (Bug report by Frank Busse, related to CVE-2004-0421).
 ---
 ANNOUNCE   |    6 ++++--
 CHANGES    |    4 +++-
 pngerror.c |   11 ++++++++---
 3 files changed, 15 insertions(+), 6 deletions(-)
 --- a/pngerror.c
 +++ b/pngerror.c
@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
    {
       buffer[iout++] = ':';
       buffer[iout++] = ' ';
 -      png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
 -      buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
 +
 +      iin = 0;
 +      while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
 +         buffer[iout++] = error_message[iin++];
 +
 +      /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
 +      buffer[iout] = '\0';
    }
 }
 -- 
 1.7.0.1
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@ -5,23 +5,15 @@
 %global __find_provides %{_mingw32_findprovides}
 Name:           mingw32-libpng
-Version:        1.4.3
+Version:        1.4.8
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        MinGW Windows Libpng library
 License:        zlib
 URL:            http://www.libpng.org/pub/png/
-Source0:        ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
+Source0:        ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.xz
 Patch2:         mingw32-libpng-fix-invalid-exports.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=717510
 # https://bugzilla.redhat.com/show_bug.cgi?id=717511
 # CVE-2011-2501
 #
 # *** NOTE *** When updating the package, please ensure the
 # new version either contains this fix, or this patch is retained.
 Patch3:         libpng-CVE-2011-2501.patch
 Group:          Development/Libraries
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -49,8 +41,6 @@ MinGW Windows Libpng library.
 # issue more to find out the real cause, but this will do for now
 %patch2 -p0
 %patch3 -p1
 %build
 %{_mingw32_configure}
@ -82,6 +72,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_mingw32_includedir}/libpng14
 %{_mingw32_includedir}/png.h
 %{_mingw32_includedir}/pngconf.h
 %{_mingw32_libdir}/libpng.dll.a
 %{_mingw32_libdir}/libpng.la
 %{_mingw32_libdir}/libpng14.a
 %{_mingw32_libdir}/libpng14.dll.a
@ -91,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
 %changelog
 * Fri Jul 22 2011 Kalev Lember <kalevlember@gmail.com> - 1.4.8-1
 - Update to 1.4.8 (CVE-2011-2690, CVE-2011-2692)
 * Wed Jun 29 2011 Richard W.M. Jones <rjones@redhat.com> - 1.4.3-3
 - Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
--- a/2
+++ b/2
@ -1 +1 @@
-9347eeda4241401f7da4dc9ba7f6a416  libpng-1.4.3.tar.bz2
+2ce595d571f2b06a9403ed5bcfa4ecbd  libpng-1.4.8.tar.xz
`@ -1 +1,2 @@`
	`libpng-1.4.3.tar.bz2`	`libpng-1.4.3.tar.bz2`
		`/libpng-1.4.8.tar.xz`
`@ -1 +1 @@`
	`9347eeda4241401f7da4dc9ba7f6a416 libpng-1.4.3.tar.bz2`	`2ce595d571f2b06a9403ed5bcfa4ecbd libpng-1.4.8.tar.xz`