Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).

14 years ago · d3842962c9
parent eec472beb9
commit d3842962c9
2 changed files with 63 additions and 1 deletions
--- a/libpng-CVE-2011-2501.patch
+++ b/libpng-CVE-2011-2501.patch
@ -0,0 +1,49 @@
+Patch from:
+
+  http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af
+
+to fix:
+
+  https://bugzilla.redhat.com/show_bug.cgi?id=717510
+  https://bugzilla.redhat.com/show_bug.cgi?id=717511
+  CVE-2011-2501
+
+I have modified this patch to remove the changes to ANNOUNCE
+and CHANGES files, and the hunk in pngerror.c which just updates
+a comment.
+
+  - RWMJ.
+
+From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Tue, 7 Jun 2011 14:58:07 -0500
+Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
+
+(Bug report by Frank Busse, related to CVE-2004-0421).
+---
+ ANNOUNCE   |    6 ++++--
+ CHANGES    |    4 +++-
+ pngerror.c |   11 ++++++++---
+ 3 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/pngerror.c
+++ b/pngerror.c
+@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+    {
+       buffer[iout++] = ':';
+       buffer[iout++] = ' ';
+-      png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+-      buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
+
+      iin = 0;
+      while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
+         buffer[iout++] = error_message[iin++];
+
+      /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
+      buffer[iout] = '\0';
+    }
+ }
+ 
+-- 
+1.7.0.1
+
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@ -6,7 +6,7 @@

 Name:           mingw32-libpng
 Version:        1.4.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        MinGW Windows Libpng library

 License:        zlib
@ -14,6 +14,14 @@ URL:            http://www.libpng.org/pub/png/
 Source0:        ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
 Patch2:         mingw32-libpng-fix-invalid-exports.patch

+# https://bugzilla.redhat.com/show_bug.cgi?id=717510
+# https://bugzilla.redhat.com/show_bug.cgi?id=717511
+# CVE-2011-2501
+#
+# *** NOTE *** When updating the package, please ensure the
+# new version either contains this fix, or this patch is retained.
+Patch3:         libpng-CVE-2011-2501.patch
+
 Group:          Development/Libraries
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

@ -41,6 +49,8 @@ MinGW Windows Libpng library.
 # issue more to find out the real cause, but this will do for now
 %patch2 -p0

+%patch3 -p1
+

 %build
 %{_mingw32_configure}
@ -81,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Wed Jun 29 2011 Richard W.M. Jones <rjones@redhat.com> - 1.4.3-3
+- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild