28 Oct
2016
28 Oct
'16
15:35
Hello community,
here is the log from the commit of package libpng12.5745 for openSUSE:13.2:Update checked in at 2016-10-28 17:35:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/libpng12.5745 (Old)
and /work/SRC/openSUSE:13.2:Update/.libpng12.5745.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpng12.5745"
Changes:
--------
New Changes file:
--- /dev/null 2016-10-27 01:54:32.792041256 +0200
+++ /work/SRC/openSUSE:13.2:Update/.libpng12.5745.new/libpng12.changes 2016-10-28 17:35:27.000000000 +0200
@@ -0,0 +1,608 @@
+-------------------------------------------------------------------
+Thu Oct 20 11:49:33 UTC 2016 - pgajdos@suse.com
+
+- security update:
+ * CVE-2015-8540 [bsc#958791]
+ + libpng12-CVE-2015-8540.patch
+
+-------------------------------------------------------------------
+Thu Dec 3 16:16:45 UTC 2015 - pgajdos@suse.com
+
+- security update:
+ * CVE-2015-8126 fixed incompletely [bsc#954980]
+ + libpng15-CVE-2015-8126-complete.patch
+
+-------------------------------------------------------------------
+Mon Nov 16 14:03:28 UTC 2015 - pgajdos@suse.com
+
+- security update:
+ * CVE-2015-8126 [bsc#954980]
+ * CVE-2015-7981 [bsc#952051]
+
+-------------------------------------------------------------------
+Tue Apr 22 14:12:09 UTC 2014 - pgajdos@suse.com
+
+- security update:
+ * CVE-2013-7353.patch [bnc#873124]
+ * CVE-2013-7354.patch [bnc#873123]
+
+-------------------------------------------------------------------
+Fri Feb 7 07:43:01 UTC 2014 - pgajdos@suse.com
+
+- updated to 1.2.51:
+ Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS().
+ Replaced AM_CONFIG_HEADER(config.h) with
+ AC_CONFIG_HEADERS([config.h]) in configure.ac
+ Changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h.
+ Avoid a possible memory leak in contrib/gregbook/readpng.c
+ Revised libpng.3 so that "doclifter" can process it.
+ Changed '"%s"m' to '"%s" m' in png_debug macros to improve portability
+ among compilers.
+ Rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1
+ Removed potentially misleading warning from png_check_IHDR().
+ Quiet set-but-not-used warnings in pngset.c
+ Quiet an uninitialized memory warning from VC2013 in png_get_png().
+ Quiet unused variable warnings from clang by porting PNG_UNUSED() from
+ libpng-1.4.6.
+ Added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile
+ Added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c
+
+-------------------------------------------------------------------
+Wed Apr 17 20:38:16 UTC 2013 - coolo@suse.com
+
+- add conflicts in -32bit package
+
+-------------------------------------------------------------------
+Mon Apr 15 13:01:16 UTC 2013 - mmeister@suse.com
+
+- Added url as source.
+ Please see http://en.opensuse.org/SourceUrls
+
+-------------------------------------------------------------------
+Wed Oct 24 19:01:46 UTC 2012 - jengelh@inai.de
+
+- Add missing baselib requires for compat-devel-32bit
+
+-------------------------------------------------------------------
+Wed Jul 11 08:14:32 UTC 2012 - pgajdos@suse.com
+
+- updated to 1.2.50:
+ Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
+
+-------------------------------------------------------------------
+Thu Mar 29 13:23:52 UTC 2012 - pgajdos@suse.com
+
+- updated to 1.2.49: [bnc#754745]
+ Revised png_set_text_2() to avoid potential memory corruption (fixes
+ CVE-2011-3048).
+ Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice.
+
+-------------------------------------------------------------------
+Wed Mar 14 11:22:02 UTC 2012 - pgajdos@suse.com
+
+- updated to 1.2.48:
+ * fixed CVE-2011-3045 [bnc#752008]
+
+-------------------------------------------------------------------
+Mon Feb 20 09:33:11 UTC 2012 - pgajdos@suse.com
+
+- updated to 1.2.47:
+ * fixed CVE-2011-3026 [bnc#747311]
+
+-------------------------------------------------------------------
+Thu Dec 1 10:47:40 UTC 2011 - idoenmez@suse.de
+
+- Name field shouldn't contain a macro
+
+-------------------------------------------------------------------
+Thu Dec 1 10:26:12 UTC 2011 - coolo@suse.com
+
+- add libtool as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Wed Oct 5 14:00:55 UTC 2011 - uli@suse.com
+
+- cross-build fix: use %configure macro
+
+-------------------------------------------------------------------
+Tue Jul 12 14:51:49 UTC 2011 - pgajdos@novell.com
+
+- updated to 1.2.46:
+ * fixed CVE-2011-2501 [bnc#702578]
+
+-------------------------------------------------------------------
+Mon Aug 30 14:26:10 UTC 2010 - coolo@novell.com
+
+- fix baselibs.conf after previous change
+
+-------------------------------------------------------------------
+Thu Jul 29 15:09:48 CEST 2010 - pgajdos@suse.cz
+
+- add devel packages to baselibs.conf [bnc#625883]
+
+-------------------------------------------------------------------
+Mon Jun 28 18:43:48 CEST 2010 - pgajdos@suse.cz
+
+- updated to 1.2.44: fixed libpng overflow (CVE-2010-1205)
+ and memory leak [bnc#617866]
+
+-------------------------------------------------------------------
+Fri Jun 4 13:11:14 UTC 2010 - coolo@novell.com
+
+- remove the devel packages from baselibs.conf, not convinced of
+ their usefulness
+
+-------------------------------------------------------------------
+Sat Apr 24 11:38:21 UTC 2010 - coolo@novell.com
+
+- buildrequire pkg-config to fix provides
+
+-------------------------------------------------------------------
+Thu Feb 25 09:55:15 CET 2010 - pgajdos@suse.cz
+
+- updated to 1.2.43 (fixes [bnc#585403]):
+ * Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added
+ to pngconf.h in version 1.2.41.
+ * Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin
+ and contrib/pngminim/*/makefile
+ * Relocated png_do_chop() to its original position in pngrtran.c; the
+ change in version 1.2.41beta08 caused transparency to be handled wrong
+ in some 16-bit datastreams (Yusaku Sugai).
+ * Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt
+ (revising changes made in 1.2.41)
+ * Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED
+ in pngset.c to be consistent with other changes in version 1.2.38.
+ * Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr
+ in pngtest.c
+
+-------------------------------------------------------------------
+Mon Dec 14 20:31:24 CET 2009 - jengelh@medozas.de
+
+- add baselibs.conf as a source
+
+-------------------------------------------------------------------
+Mon Dec 7 09:43:11 CET 2009 - pgajdos@suse.cz
+
+- updated to 1.2.41:
+ contains numerous cleanups, some new compile-time warnings about
+ direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable),
+ a new xcode build project, and a minor performance improvement
+ (avoid building 16-bit gamma tables when not needed)
+
+-------------------------------------------------------------------
+Tue Nov 24 14:16:32 CET 2009 - pgajdos@suse.cz
+
+- updated to 1.2.40:
+ Removed an extra png_debug() recently added to png_write_find_filter().
+ Fixed incorrect #ifdef in pngset.c regarding unknown chunk support.
+ Various bugfixes and improvements to CMakeLists.txt (Philip Lowman)
+
+-------------------------------------------------------------------
+Tue Nov 3 19:09:28 UTC 2009 - coolo@novell.com
+
+- updated patches to apply with fuzz=0
+
+-------------------------------------------------------------------
+Thu Aug 13 15:56:07 CEST 2009 - pgajdos@suse.cz
+
+- updated to 1.2.39:
+ * Added a prototype for png_64bit_product() in png.c
+ * Avoid a possible NULL dereference in debug build,
+ in png_set_text_2()
+ * Relocated new png_64_bit_product() prototype into png.h
+ * Replaced *.tar.lzma with *.txz in distribution.
+ * Reject attempt to write iCCP chunk with negative embedded
+ profile length.
+
+-------------------------------------------------------------------
++++ 411 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.2:Update/.libpng12.5745.new/libpng12.changes
New:
----
baselibs.conf
libpng-1.2.51-CVE-2013-7353.patch
libpng-1.2.51-CVE-2013-7354.patch
libpng-1.2.51.tar.xz
libpng12-CVE-2015-7981.patch
libpng12-CVE-2015-8126-complete.patch
libpng12-CVE-2015-8126.patch
libpng12-CVE-2015-8540.patch
libpng12.changes
libpng12.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libpng12.spec ++++++
#
# spec file for package libpng12
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
#
%define major 1
%define minor 2
%define micro 51
%define branch %{major}%{minor}
%define libname libpng%{branch}-0
Name: libpng12
Url: http://www.libpng.org/pub/png/libpng.html
Version: %{major}.%{minor}.%{micro}
Release: 0
Summary: Library for the Portable Network Graphics Format (PNG)
License: Zlib
Group: System/Libraries
Source: http://downloads.sourceforge.net/project/libpng/%{name}/%{version}/libpng-%{version}.tar.xz
Source2: baselibs.conf
Patch0: libpng-1.2.51-CVE-2013-7353.patch
Patch1: libpng-1.2.51-CVE-2013-7354.patch
Patch2: libpng12-CVE-2015-8126.patch
Patch3: libpng12-CVE-2015-7981.patch
Patch4: libpng12-CVE-2015-8126-complete.patch
Patch5: libpng12-CVE-2015-8540.patch
BuildRequires: libtool
BuildRequires: pkg-config
BuildRequires: zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires %{libname} = %{version}-%{release}
%package -n %{libname}
Summary: Library for the Portable Network Graphics Format (PNG)
# bug437293
Group: System/Libraries
%ifarch ppc64
Obsoletes: libpng-64bit
%endif
#
Obsoletes: libpng < %{version}
Provides: libpng = %{version}-%{release}
%package devel
Summary: Development Tools for applications which will use the Libpng
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
Requires: glibc-devel
Requires: pkg-config
Requires: zlib-devel
Recommends: libpng%{branch}-compat-devel
# bug437293
%ifarch ppc64
Obsoletes: libpng-devel-64bit
%endif
#
%package compat-devel
Summary: Development Tools for applications which will use the Libpng
Group: Development/Libraries/C and C++
Requires: libpng%{branch}-devel = %{version}
Provides: libpng-devel = %{version}
Obsoletes: libpng-devel < 1.2.43
Conflicts: otherproviders(libpng-devel)
%description
libpng is the official reference library for the Portable Network
Graphics format (PNG).
%description -n %{libname}
libpng is the official reference library for the Portable Network
Graphics format (PNG).
%description devel
The libpng%{branch}-devel package includes the header files, libraries,
configuration files and development tools necessary for compiling and
linking programs which will manipulate PNG files using libpng%{branch}.
libpng is the official reference library for the Portable Network
Graphics (PNG) format.
%description compat-devel
The libpng%{branch}-compat-devel package contains unversioned symlinks
to the header files, libraries, configuration files and development
tools necessary for compiling and linking programs that don't care
about libpng version.
%prep
%setup -n libpng-%{version}
%patch0
%patch1
%patch2
%patch3
%patch4
%patch5 -p1
%build
# We'll never use the old pgcc-2.95.1 with the buggy -O3, so having
# the -O3 that is originally used should work.
# Substitute the -O2 to -O3 because I'm not sure if simply appending
# it will preserve(not override) the detailed opt flags used in RPM_OPT_FLAGS:
%configure CFLAGS="`echo $RPM_OPT_FLAGS|sed 's/-O2/-O3/'` -DPNG_SKIP_SETJMP_CHECK" \
--prefix=/usr \
--libdir=%{_libdir} \
--mandir=%{_mandir} \
--disable-static \
--with-libpng-compat=no
%check
make check
%install
make install DESTDIR=$RPM_BUILD_ROOT
rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files -n %{libname}
%defattr(-,root,root)
%{_libdir}/libpng%{branch}.so.*
%files devel
%defattr(-,root,root)
%{_bindir}/libpng%{branch}-config
%{_includedir}/libpng%{branch}
%{_libdir}/libpng%{branch}.so
%{_libdir}/pkgconfig/libpng%{branch}.pc
%doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt
%files compat-devel
%defattr(-,root,root)
%{_bindir}/libpng-config
%{_includedir}/*.h
%{_libdir}/libpng.so
%{_libdir}/pkgconfig/libpng.pc
%doc %{_mandir}/man3/libpng.3.gz
%doc %{_mandir}/man3/libpngpf.3.gz
%doc %{_mandir}/man5/png.5.gz
%changelog
++++++ baselibs.conf ++++++
libpng12-0
obsoletes "libpng- < "
provides "libpng- = "
libpng12-devel
requires -libpng12-
requires "libpng12-0- = "
libpng12-compat-devel
requires -libpng12-compat-
requires "libpng12-devel- = "
conflicts "libpng-devel-"
provides "libpng-devel-"
++++++ libpng-1.2.51-CVE-2013-7353.patch ++++++
http://sourceforge.net/p/libpng/code/ci/1a3d6e3cf3082a0da998dbf402d384a589488859
http://sourceforge.net/p/libpng/code/ci/77a817bfc298a221e3e623acf73c2a1e726c4ec6
http://sourceforge.net/p/libpng/code/ci/bec9ca9b8aa0cf16d2cde1757379afbe9adbe7d9
Index: pngset.c
===================================================================
--- pngset.c.orig 2014-04-22 16:08:23.458978035 +0200
+++ pngset.c 2014-04-22 16:09:15.921977136 +0200
@@ -986,9 +986,17 @@
if (png_ptr == NULL || info_ptr == NULL || num_unknowns == 0)
return;
- np = (png_unknown_chunkp)png_malloc_warn(png_ptr,
- (png_uint_32)((info_ptr->unknown_chunks_num + num_unknowns) *
- png_sizeof(png_unknown_chunk)));
+ if (num_unknowns < 0 ||
+ num_unknowns > INT_MAX-info_ptr->unknown_chunks_num ||
+ (unsigned int)/*SAFE*/(num_unknowns +/*SAFE*/
+ info_ptr->unknown_chunks_num) >=
+ PNG_SIZE_MAX/png_sizeof(png_unknown_chunk))
+ np=NULL;
+
+ else
+ np = (png_unknown_chunkp)png_malloc_warn(png_ptr,
+ (png_size_t)(info_ptr->unknown_chunks_num + num_unknowns) *
+ png_sizeof(png_unknown_chunk));
if (np == NULL)
{
png_warning(png_ptr,
++++++ libpng-1.2.51-CVE-2013-7354.patch ++++++
http://sourceforge.net/p/libpng/code/ci/798d3de5f66b6df6d6605f968da641c24725b15e
http://sourceforge.net/p/libpng/code/ci/77a0a2ea113e699c7021caf1a530d2e2dd90b497
Index: pngset.c
===================================================================
--- pngset.c.orig 2014-04-24 14:13:43.144134631 +0200
+++ pngset.c 2014-04-24 14:23:31.461124549 +0200
@@ -664,6 +664,17 @@
/* Make sure we have enough space in the "text" array in info_struct
* to hold all of the incoming text_ptr objects.
*/
+
+ if (num_text < 0 ||
+ num_text > INT_MAX - info_ptr->num_text - 8 ||
+ (unsigned int)/*SAFE*/(num_text +/*SAFE*/
+ info_ptr->num_text + 8) >=
+ PNG_SIZE_MAX/png_sizeof(png_text))
+ {
+ png_warning(png_ptr, "too many text chunks");
+ return(0);
+ }
+
if (info_ptr->num_text + num_text > info_ptr->max_text)
{
int old_max_text = info_ptr->max_text;
@@ -921,9 +932,19 @@
if (png_ptr == NULL || info_ptr == NULL)
return;
- np = (png_sPLT_tp)png_malloc_warn(png_ptr,
- (info_ptr->splt_palettes_num + nentries) *
- (png_uint_32)png_sizeof(png_sPLT_t));
+ if (nentries < 0 ||
+ nentries > INT_MAX-info_ptr->splt_palettes_num ||
+ (unsigned int)/*SAFE*/(nentries +/*SAFE*/
+ info_ptr->splt_palettes_num) >=
+ PNG_SIZE_MAX/png_sizeof(png_sPLT_t))
+ np=NULL;
+
+ else
+
+ np = (png_sPLT_tp)png_malloc_warn(png_ptr,
+ (info_ptr->splt_palettes_num + nentries) *
+ (png_size_t)png_sizeof(png_sPLT_t));
+
if (np == NULL)
{
png_warning(png_ptr, "No memory for sPLT palettes.");
++++++ libpng12-CVE-2015-7981.patch ++++++
--- pngset.c
+++ pngset.c
@@ -837,6 +837,15 @@
(png_ptr->mode & PNG_WROTE_tIME))
return;
+ if (mod_time->month == 0 || mod_time->month > 12 ||
+ mod_time->day == 0 || mod_time->day > 31 ||
+ mod_time->hour > 23 || mod_time->minute > 59 ||
+ mod_time->second > 60)
+ {
+ png_warning(png_ptr, "Ignoring invalid time value");
+ return;
+ }
+
png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time));
info_ptr->valid |= PNG_INFO_tIME;
}
++++++ libpng12-CVE-2015-8126-complete.patch ++++++
https://github.com/glennrp/libpng/commit/0a9afc12dea0949c2040a42ad1342f7a4b6296f2
--- pngset.c
+++ pngset.c
@@ -520,8 +520,8 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
if (png_ptr == NULL || info_ptr == NULL)
return;
- max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
- (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
+ max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
+ (1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
if (num_palette < 0 || num_palette > (int) max_palette_length)
{
++++++ libpng12-CVE-2015-8126.patch ++++++
>From 81f44665cce4cb1373f049a76f3904e981b7a766 Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson
Date: Thu, 29 Oct 2015 09:26:41 -0500
Subject: [PATCH] [libpng16] Reject attempt to write over-length PLTE chunk
Index: pngwutil.c
===================================================================
--- pngwutil.c.orig 2015-11-16 14:39:45.517740820 +0100
+++ pngwutil.c 2015-11-16 14:46:45.926414642 +0100
@@ -575,17 +575,20 @@
#ifdef PNG_USE_LOCAL_ARRAYS
PNG_PLTE;
#endif
- png_uint_32 i;
+ png_uint_32 max_palette_length, i;
png_colorp pal_ptr;
png_byte buf[3];
png_debug(1, "in png_write_PLTE");
+ max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
+ (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
+
if ((
#ifdef PNG_MNG_FEATURES_SUPPORTED
!(png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) &&
#endif
- num_pal == 0) || num_pal > 256)
+ num_pal == 0) || num_pal > max_palette_length)
{
if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
{
Index: pngrutil.c
===================================================================
--- pngrutil.c.orig 2014-02-06 04:52:35.000000000 +0100
+++ pngrutil.c 2015-11-16 14:39:45.518740834 +0100
@@ -503,7 +503,7 @@
png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
png_color palette[PNG_MAX_PALETTE_LENGTH];
- int num, i;
+ int max_palette_length, num, i;
#ifdef PNG_POINTER_INDEXING_SUPPORTED
png_colorp pal_ptr;
#endif
@@ -557,6 +557,19 @@
num = (int)length / 3;
+ /* If the palette has 256 or fewer entries but is too large for the bit
+ * depth, we don't issue an error, to preserve the behavior of previous
+ * libpng versions. We silently truncate the unused extra palette entries
+ * here.
+ */
+ if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
+ max_palette_length = (1 << png_ptr->bit_depth);
+ else
+ max_palette_length = PNG_MAX_PALETTE_LENGTH;
+
+ if (num > max_palette_length)
+ num = max_palette_length;
+
#ifdef PNG_POINTER_INDEXING_SUPPORTED
for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++)
{
Index: pngset.c
===================================================================
--- pngset.c.orig 2015-11-16 14:39:45.509740712 +0100
+++ pngset.c 2015-11-16 14:39:45.518740834 +0100
@@ -446,12 +446,17 @@
png_colorp palette, int num_palette)
{
+ png_uint_32 max_palette_length;
+
png_debug1(1, "in %s storage function", "PLTE");
if (png_ptr == NULL || info_ptr == NULL)
return;
- if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH)
+ max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
+ (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
+
+ if (num_palette < 0 || num_palette > (int) max_palette_length)
{
if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
png_error(png_ptr, "Invalid palette length");
++++++ libpng12-CVE-2015-8540.patch ++++++
--- a/pngwutil.c
+++ b/pngwutil.c
@@ -1580,7 +1580,7 @@
{
png_warning(png_ptr, "trailing spaces removed from keyword");
- while (*kp == ' ')
+ while (key_len && *kp == ' ')
{
*(kp--) = '\0';
key_len--;