28 Oct
2016
28 Oct
'16
15:35
Hello community, here is the log from the commit of package libpng12.5745 for openSUSE:13.2:Update checked in at 2016-10-28 17:35:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/libpng12.5745 (Old) and /work/SRC/openSUSE:13.2:Update/.libpng12.5745.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libpng12.5745" Changes: -------- New Changes file: --- /dev/null 2016-10-27 01:54:32.792041256 +0200 +++ /work/SRC/openSUSE:13.2:Update/.libpng12.5745.new/libpng12.changes 2016-10-28 17:35:27.000000000 +0200 @@ -0,0 +1,608 @@ +------------------------------------------------------------------- +Thu Oct 20 11:49:33 UTC 2016 - pgajdos@suse.com + +- security update: + * CVE-2015-8540 [bsc#958791] + + libpng12-CVE-2015-8540.patch + +------------------------------------------------------------------- +Thu Dec 3 16:16:45 UTC 2015 - pgajdos@suse.com + +- security update: + * CVE-2015-8126 fixed incompletely [bsc#954980] + + libpng15-CVE-2015-8126-complete.patch + +------------------------------------------------------------------- +Mon Nov 16 14:03:28 UTC 2015 - pgajdos@suse.com + +- security update: + * CVE-2015-8126 [bsc#954980] + * CVE-2015-7981 [bsc#952051] + +------------------------------------------------------------------- +Tue Apr 22 14:12:09 UTC 2014 - pgajdos@suse.com + +- security update: + * CVE-2013-7353.patch [bnc#873124] + * CVE-2013-7354.patch [bnc#873123] + +------------------------------------------------------------------- +Fri Feb 7 07:43:01 UTC 2014 - pgajdos@suse.com + +- updated to 1.2.51: + Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS(). + Replaced AM_CONFIG_HEADER(config.h) with + AC_CONFIG_HEADERS([config.h]) in configure.ac + Changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h. + Avoid a possible memory leak in contrib/gregbook/readpng.c + Revised libpng.3 so that "doclifter" can process it. + Changed '"%s"m' to '"%s" m' in png_debug macros to improve portability + among compilers. + Rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1 + Removed potentially misleading warning from png_check_IHDR(). + Quiet set-but-not-used warnings in pngset.c + Quiet an uninitialized memory warning from VC2013 in png_get_png(). + Quiet unused variable warnings from clang by porting PNG_UNUSED() from + libpng-1.4.6. + Added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile + Added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c + +------------------------------------------------------------------- +Wed Apr 17 20:38:16 UTC 2013 - coolo@suse.com + +- add conflicts in -32bit package + +------------------------------------------------------------------- +Mon Apr 15 13:01:16 UTC 2013 - mmeister@suse.com + +- Added url as source. + Please see http://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Wed Oct 24 19:01:46 UTC 2012 - jengelh@inai.de + +- Add missing baselib requires for compat-devel-32bit + +------------------------------------------------------------------- +Wed Jul 11 08:14:32 UTC 2012 - pgajdos@suse.com + +- updated to 1.2.50: + Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. + +------------------------------------------------------------------- +Thu Mar 29 13:23:52 UTC 2012 - pgajdos@suse.com + +- updated to 1.2.49: [bnc#754745] + Revised png_set_text_2() to avoid potential memory corruption (fixes + CVE-2011-3048). + Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice. + +------------------------------------------------------------------- +Wed Mar 14 11:22:02 UTC 2012 - pgajdos@suse.com + +- updated to 1.2.48: + * fixed CVE-2011-3045 [bnc#752008] + +------------------------------------------------------------------- +Mon Feb 20 09:33:11 UTC 2012 - pgajdos@suse.com + +- updated to 1.2.47: + * fixed CVE-2011-3026 [bnc#747311] + +------------------------------------------------------------------- +Thu Dec 1 10:47:40 UTC 2011 - idoenmez@suse.de + +- Name field shouldn't contain a macro + +------------------------------------------------------------------- +Thu Dec 1 10:26:12 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Wed Oct 5 14:00:55 UTC 2011 - uli@suse.com + +- cross-build fix: use %configure macro + +------------------------------------------------------------------- +Tue Jul 12 14:51:49 UTC 2011 - pgajdos@novell.com + +- updated to 1.2.46: + * fixed CVE-2011-2501 [bnc#702578] + +------------------------------------------------------------------- +Mon Aug 30 14:26:10 UTC 2010 - coolo@novell.com + +- fix baselibs.conf after previous change + +------------------------------------------------------------------- +Thu Jul 29 15:09:48 CEST 2010 - pgajdos@suse.cz + +- add devel packages to baselibs.conf [bnc#625883] + +------------------------------------------------------------------- +Mon Jun 28 18:43:48 CEST 2010 - pgajdos@suse.cz + +- updated to 1.2.44: fixed libpng overflow (CVE-2010-1205) + and memory leak [bnc#617866] + +------------------------------------------------------------------- +Fri Jun 4 13:11:14 UTC 2010 - coolo@novell.com + +- remove the devel packages from baselibs.conf, not convinced of + their usefulness + +------------------------------------------------------------------- +Sat Apr 24 11:38:21 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Thu Feb 25 09:55:15 CET 2010 - pgajdos@suse.cz + +- updated to 1.2.43 (fixes [bnc#585403]): + * Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added + to pngconf.h in version 1.2.41. + * Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin + and contrib/pngminim/*/makefile + * Relocated png_do_chop() to its original position in pngrtran.c; the + change in version 1.2.41beta08 caused transparency to be handled wrong + in some 16-bit datastreams (Yusaku Sugai). + * Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt + (revising changes made in 1.2.41) + * Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED + in pngset.c to be consistent with other changes in version 1.2.38. + * Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr + in pngtest.c + +------------------------------------------------------------------- +Mon Dec 14 20:31:24 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Dec 7 09:43:11 CET 2009 - pgajdos@suse.cz + +- updated to 1.2.41: + contains numerous cleanups, some new compile-time warnings about + direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable), + a new xcode build project, and a minor performance improvement + (avoid building 16-bit gamma tables when not needed) + +------------------------------------------------------------------- +Tue Nov 24 14:16:32 CET 2009 - pgajdos@suse.cz + +- updated to 1.2.40: + Removed an extra png_debug() recently added to png_write_find_filter(). + Fixed incorrect #ifdef in pngset.c regarding unknown chunk support. + Various bugfixes and improvements to CMakeLists.txt (Philip Lowman) + +------------------------------------------------------------------- +Tue Nov 3 19:09:28 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Thu Aug 13 15:56:07 CEST 2009 - pgajdos@suse.cz + +- updated to 1.2.39: + * Added a prototype for png_64bit_product() in png.c + * Avoid a possible NULL dereference in debug build, + in png_set_text_2() + * Relocated new png_64_bit_product() prototype into png.h + * Replaced *.tar.lzma with *.txz in distribution. + * Reject attempt to write iCCP chunk with negative embedded + profile length. + +------------------------------------------------------------------- ++++ 411 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.libpng12.5745.new/libpng12.changes New: ---- baselibs.conf libpng-1.2.51-CVE-2013-7353.patch libpng-1.2.51-CVE-2013-7354.patch libpng-1.2.51.tar.xz libpng12-CVE-2015-7981.patch libpng12-CVE-2015-8126-complete.patch libpng12-CVE-2015-8126.patch libpng12-CVE-2015-8540.patch libpng12.changes libpng12.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng12.spec ++++++ # # spec file for package libpng12 # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # %define major 1 %define minor 2 %define micro 51 %define branch %{major}%{minor} %define libname libpng%{branch}-0 Name: libpng12 Url: http://www.libpng.org/pub/png/libpng.html Version: %{major}.%{minor}.%{micro} Release: 0 Summary: Library for the Portable Network Graphics Format (PNG) License: Zlib Group: System/Libraries Source: http://downloads.sourceforge.net/project/libpng/%{name}/%{version}/libpng-%{version}.tar.xz Source2: baselibs.conf Patch0: libpng-1.2.51-CVE-2013-7353.patch Patch1: libpng-1.2.51-CVE-2013-7354.patch Patch2: libpng12-CVE-2015-8126.patch Patch3: libpng12-CVE-2015-7981.patch Patch4: libpng12-CVE-2015-8126-complete.patch Patch5: libpng12-CVE-2015-8540.patch BuildRequires: libtool BuildRequires: pkg-config BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires %{libname} = %{version}-%{release} %package -n %{libname} Summary: Library for the Portable Network Graphics Format (PNG) # bug437293 Group: System/Libraries %ifarch ppc64 Obsoletes: libpng-64bit %endif # Obsoletes: libpng < %{version} Provides: libpng = %{version}-%{release} %package devel Summary: Development Tools for applications which will use the Libpng Group: Development/Libraries/C and C++ Requires: %{libname} = %{version} Requires: glibc-devel Requires: pkg-config Requires: zlib-devel Recommends: libpng%{branch}-compat-devel # bug437293 %ifarch ppc64 Obsoletes: libpng-devel-64bit %endif # %package compat-devel Summary: Development Tools for applications which will use the Libpng Group: Development/Libraries/C and C++ Requires: libpng%{branch}-devel = %{version} Provides: libpng-devel = %{version} Obsoletes: libpng-devel < 1.2.43 Conflicts: otherproviders(libpng-devel) %description libpng is the official reference library for the Portable Network Graphics format (PNG). %description -n %{libname} libpng is the official reference library for the Portable Network Graphics format (PNG). %description devel The libpng%{branch}-devel package includes the header files, libraries, configuration files and development tools necessary for compiling and linking programs which will manipulate PNG files using libpng%{branch}. libpng is the official reference library for the Portable Network Graphics (PNG) format. %description compat-devel The libpng%{branch}-compat-devel package contains unversioned symlinks to the header files, libraries, configuration files and development tools necessary for compiling and linking programs that don't care about libpng version. %prep %setup -n libpng-%{version} %patch0 %patch1 %patch2 %patch3 %patch4 %patch5 -p1 %build # We'll never use the old pgcc-2.95.1 with the buggy -O3, so having # the -O3 that is originally used should work. # Substitute the -O2 to -O3 because I'm not sure if simply appending # it will preserve(not override) the detailed opt flags used in RPM_OPT_FLAGS: %configure CFLAGS="`echo $RPM_OPT_FLAGS|sed 's/-O2/-O3/'` -DPNG_SKIP_SETJMP_CHECK" \ --prefix=/usr \ --libdir=%{_libdir} \ --mandir=%{_mandir} \ --disable-static \ --with-libpng-compat=no %check make check %install make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %files -n %{libname} %defattr(-,root,root) %{_libdir}/libpng%{branch}.so.* %files devel %defattr(-,root,root) %{_bindir}/libpng%{branch}-config %{_includedir}/libpng%{branch} %{_libdir}/libpng%{branch}.so %{_libdir}/pkgconfig/libpng%{branch}.pc %doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt %files compat-devel %defattr(-,root,root) %{_bindir}/libpng-config %{_includedir}/*.h %{_libdir}/libpng.so %{_libdir}/pkgconfig/libpng.pc %doc %{_mandir}/man3/libpng.3.gz %doc %{_mandir}/man3/libpngpf.3.gz %doc %{_mandir}/man5/png.5.gz %changelog ++++++ baselibs.conf ++++++ libpng12-0 obsoletes "libpng-< " provides "libpng- = " libpng12-devel requires -libpng12- requires "libpng12-0- = " libpng12-compat-devel requires -libpng12-compat- requires "libpng12-devel- = " conflicts "libpng-devel- " provides "libpng-devel- " ++++++ libpng-1.2.51-CVE-2013-7353.patch ++++++ http://sourceforge.net/p/libpng/code/ci/1a3d6e3cf3082a0da998dbf402d384a589488859 http://sourceforge.net/p/libpng/code/ci/77a817bfc298a221e3e623acf73c2a1e726c4ec6 http://sourceforge.net/p/libpng/code/ci/bec9ca9b8aa0cf16d2cde1757379afbe9adbe7d9 Index: pngset.c =================================================================== --- pngset.c.orig 2014-04-22 16:08:23.458978035 +0200 +++ pngset.c 2014-04-22 16:09:15.921977136 +0200 @@ -986,9 +986,17 @@ if (png_ptr == NULL || info_ptr == NULL || num_unknowns == 0) return; - np = (png_unknown_chunkp)png_malloc_warn(png_ptr, - (png_uint_32)((info_ptr->unknown_chunks_num + num_unknowns) * - png_sizeof(png_unknown_chunk))); + if (num_unknowns < 0 || + num_unknowns > INT_MAX-info_ptr->unknown_chunks_num || + (unsigned int)/*SAFE*/(num_unknowns +/*SAFE*/ + info_ptr->unknown_chunks_num) >= + PNG_SIZE_MAX/png_sizeof(png_unknown_chunk)) + np=NULL; + + else + np = (png_unknown_chunkp)png_malloc_warn(png_ptr, + (png_size_t)(info_ptr->unknown_chunks_num + num_unknowns) * + png_sizeof(png_unknown_chunk)); if (np == NULL) { png_warning(png_ptr, ++++++ libpng-1.2.51-CVE-2013-7354.patch ++++++ http://sourceforge.net/p/libpng/code/ci/798d3de5f66b6df6d6605f968da641c24725b15e http://sourceforge.net/p/libpng/code/ci/77a0a2ea113e699c7021caf1a530d2e2dd90b497 Index: pngset.c =================================================================== --- pngset.c.orig 2014-04-24 14:13:43.144134631 +0200 +++ pngset.c 2014-04-24 14:23:31.461124549 +0200 @@ -664,6 +664,17 @@ /* Make sure we have enough space in the "text" array in info_struct * to hold all of the incoming text_ptr objects. */ + + if (num_text < 0 || + num_text > INT_MAX - info_ptr->num_text - 8 || + (unsigned int)/*SAFE*/(num_text +/*SAFE*/ + info_ptr->num_text + 8) >= + PNG_SIZE_MAX/png_sizeof(png_text)) + { + png_warning(png_ptr, "too many text chunks"); + return(0); + } + if (info_ptr->num_text + num_text > info_ptr->max_text) { int old_max_text = info_ptr->max_text; @@ -921,9 +932,19 @@ if (png_ptr == NULL || info_ptr == NULL) return; - np = (png_sPLT_tp)png_malloc_warn(png_ptr, - (info_ptr->splt_palettes_num + nentries) * - (png_uint_32)png_sizeof(png_sPLT_t)); + if (nentries < 0 || + nentries > INT_MAX-info_ptr->splt_palettes_num || + (unsigned int)/*SAFE*/(nentries +/*SAFE*/ + info_ptr->splt_palettes_num) >= + PNG_SIZE_MAX/png_sizeof(png_sPLT_t)) + np=NULL; + + else + + np = (png_sPLT_tp)png_malloc_warn(png_ptr, + (info_ptr->splt_palettes_num + nentries) * + (png_size_t)png_sizeof(png_sPLT_t)); + if (np == NULL) { png_warning(png_ptr, "No memory for sPLT palettes."); ++++++ libpng12-CVE-2015-7981.patch ++++++ --- pngset.c +++ pngset.c @@ -837,6 +837,15 @@ (png_ptr->mode & PNG_WROTE_tIME)) return; + if (mod_time->month == 0 || mod_time->month > 12 || + mod_time->day == 0 || mod_time->day > 31 || + mod_time->hour > 23 || mod_time->minute > 59 || + mod_time->second > 60) + { + png_warning(png_ptr, "Ignoring invalid time value"); + return; + } + png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time)); info_ptr->valid |= PNG_INFO_tIME; } ++++++ libpng12-CVE-2015-8126-complete.patch ++++++ https://github.com/glennrp/libpng/commit/0a9afc12dea0949c2040a42ad1342f7a4b6296f2 --- pngset.c +++ pngset.c @@ -520,8 +520,8 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, if (png_ptr == NULL || info_ptr == NULL) return; - max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? - (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; if (num_palette < 0 || num_palette > (int) max_palette_length) { ++++++ libpng12-CVE-2015-8126.patch ++++++ >From 81f44665cce4cb1373f049a76f3904e981b7a766 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Thu, 29 Oct 2015 09:26:41 -0500 Subject: [PATCH] [libpng16] Reject attempt to write over-length PLTE chunk Index: pngwutil.c =================================================================== --- pngwutil.c.orig 2015-11-16 14:39:45.517740820 +0100 +++ pngwutil.c 2015-11-16 14:46:45.926414642 +0100 @@ -575,17 +575,20 @@ #ifdef PNG_USE_LOCAL_ARRAYS PNG_PLTE; #endif - png_uint_32 i; + png_uint_32 max_palette_length, i; png_colorp pal_ptr; png_byte buf[3]; png_debug(1, "in png_write_PLTE"); + max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + if (( #ifdef PNG_MNG_FEATURES_SUPPORTED !(png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) && #endif - num_pal == 0) || num_pal > 256) + num_pal == 0) || num_pal > max_palette_length) { if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) { Index: pngrutil.c =================================================================== --- pngrutil.c.orig 2014-02-06 04:52:35.000000000 +0100 +++ pngrutil.c 2015-11-16 14:39:45.518740834 +0100 @@ -503,7 +503,7 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) { png_color palette[PNG_MAX_PALETTE_LENGTH]; - int num, i; + int max_palette_length, num, i; #ifdef PNG_POINTER_INDEXING_SUPPORTED png_colorp pal_ptr; #endif @@ -557,6 +557,19 @@ num = (int)length / 3; + /* If the palette has 256 or fewer entries but is too large for the bit + * depth, we don't issue an error, to preserve the behavior of previous + * libpng versions. We silently truncate the unused extra palette entries + * here. + */ + if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) + max_palette_length = (1 << png_ptr->bit_depth); + else + max_palette_length = PNG_MAX_PALETTE_LENGTH; + + if (num > max_palette_length) + num = max_palette_length; + #ifdef PNG_POINTER_INDEXING_SUPPORTED for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++) { Index: pngset.c =================================================================== --- pngset.c.orig 2015-11-16 14:39:45.509740712 +0100 +++ pngset.c 2015-11-16 14:39:45.518740834 +0100 @@ -446,12 +446,17 @@ png_colorp palette, int num_palette) { + png_uint_32 max_palette_length; + png_debug1(1, "in %s storage function", "PLTE"); if (png_ptr == NULL || info_ptr == NULL) return; - if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH) + max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + + if (num_palette < 0 || num_palette > (int) max_palette_length) { if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) png_error(png_ptr, "Invalid palette length"); ++++++ libpng12-CVE-2015-8540.patch ++++++ --- a/pngwutil.c +++ b/pngwutil.c @@ -1580,7 +1580,7 @@ { png_warning(png_ptr, "trailing spaces removed from keyword"); - while (*kp == ' ') + while (key_len && *kp == ' ') { *(kp--) = '\0'; key_len--;