From d3842962c9533415d668efe7751864cd7a5df2aa Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 29 Jun 2011 10:35:04 +0100 Subject: [PATCH] Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511). --- libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++ mingw32-libpng.spec | 15 +++++++++++- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 libpng-CVE-2011-2501.patch diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch new file mode 100644 index 0000000..487d8fd --- /dev/null +++ b/libpng-CVE-2011-2501.patch @@ -0,0 +1,49 @@ +Patch from: + + http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af + +to fix: + + https://bugzilla.redhat.com/show_bug.cgi?id=717510 + https://bugzilla.redhat.com/show_bug.cgi?id=717511 + CVE-2011-2501 + +I have modified this patch to remove the changes to ANNOUNCE +and CHANGES files, and the hunk in pngerror.c which just updates +a comment. + + - RWMJ. + +From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson +Date: Tue, 7 Jun 2011 14:58:07 -0500 +Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer() + +(Bug report by Frank Busse, related to CVE-2004-0421). +--- + ANNOUNCE | 6 ++++-- + CHANGES | 4 +++- + pngerror.c | 11 ++++++++--- + 3 files changed, 15 insertions(+), 6 deletions(-) + +--- a/pngerror.c ++++ b/pngerror.c +@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp + { + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT); +- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0'; ++ ++ iin = 0; ++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0') ++ buffer[iout++] = error_message[iin++]; ++ ++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */ ++ buffer[iout] = '\0'; + } + } + +-- +1.7.0.1 + diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec index 803d4a4..5d944e6 100644 --- a/mingw32-libpng.spec +++ b/mingw32-libpng.spec @@ -6,7 +6,7 @@ Name: mingw32-libpng Version: 1.4.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: MinGW Windows Libpng library License: zlib @@ -14,6 +14,14 @@ URL: http://www.libpng.org/pub/png/ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2 Patch2: mingw32-libpng-fix-invalid-exports.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=717510 +# https://bugzilla.redhat.com/show_bug.cgi?id=717511 +# CVE-2011-2501 +# +# *** NOTE *** When updating the package, please ensure the +# new version either contains this fix, or this patch is retained. +Patch3: libpng-CVE-2011-2501.patch + Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -41,6 +49,8 @@ MinGW Windows Libpng library. # issue more to find out the real cause, but this will do for now %patch2 -p0 +%patch3 -p1 + %build %{_mingw32_configure} @@ -81,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Jun 29 2011 Richard W.M. Jones - 1.4.3-3 +- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511). + * Tue Feb 08 2011 Fedora Release Engineering - 1.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild