Hello community, here is the log from the commit of package libpng12.4351 for openSUSE:13.1:Update checked in at 2015-12-14 09:19:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/libpng12.4351 (Old) and /work/SRC/openSUSE:13.1:Update/.libpng12.4351.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpng12.4351" Changes: -------- New Changes file: --- /dev/null 2015-11-02 12:10:47.524024255 +0100 +++ /work/SRC/openSUSE:13.1:Update/.libpng12.4351.new/libpng12.changes 2015-12-14 09:19:58.000000000 +0100 @@ -0,0 +1,580 @@ +------------------------------------------------------------------- +Thu Dec 3 16:23:46 UTC 2015 - [email protected] + +- security update: + * CVE-2015-8126 fixed incompletely [bsc#954980] + + libpng15-CVE-2015-8126-complete.patch + +------------------------------------------------------------------- +Mon Nov 16 14:09:47 UTC 2015 - [email protected] + +- security update: + * CVE-2015-8126 [bsc#954980] + * CVE-2015-7981 [bsc#952051] + +------------------------------------------------------------------- +Tue Apr 22 14:34:38 UTC 2014 - [email protected] + +- security update: + * CVE-2013-7353.patch [bnc#873124] + * CVE-2013-7354.patch [bnc#873123] + +------------------------------------------------------------------- +Wed Apr 17 20:38:16 UTC 2013 - [email protected] + +- add conflicts in -32bit package + +------------------------------------------------------------------- +Mon Apr 15 13:01:16 UTC 2013 - [email protected] + +- Added url as source. + Please see http://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Wed Oct 24 19:01:46 UTC 2012 - [email protected] + +- Add missing baselib requires for compat-devel-32bit + +------------------------------------------------------------------- +Wed Jul 11 08:14:32 UTC 2012 - [email protected] + +- updated to 1.2.50: + Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. + +------------------------------------------------------------------- +Thu Mar 29 13:23:52 UTC 2012 - [email protected] + +- updated to 1.2.49: [bnc#754745] + Revised png_set_text_2() to avoid potential memory corruption (fixes + CVE-2011-3048). + Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice. + +------------------------------------------------------------------- +Wed Mar 14 11:22:02 UTC 2012 - [email protected] + +- updated to 1.2.48: + * fixed CVE-2011-3045 [bnc#752008] + +------------------------------------------------------------------- +Mon Feb 20 09:33:11 UTC 2012 - [email protected] + +- updated to 1.2.47: + * fixed CVE-2011-3026 [bnc#747311] + +------------------------------------------------------------------- +Thu Dec 1 10:47:40 UTC 2011 - [email protected] + +- Name field shouldn't contain a macro + +------------------------------------------------------------------- +Thu Dec 1 10:26:12 UTC 2011 - [email protected] + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Wed Oct 5 14:00:55 UTC 2011 - [email protected] + +- cross-build fix: use %configure macro + +------------------------------------------------------------------- +Tue Jul 12 14:51:49 UTC 2011 - [email protected] + +- updated to 1.2.46: + * fixed CVE-2011-2501 [bnc#702578] + +------------------------------------------------------------------- +Mon Aug 30 14:26:10 UTC 2010 - [email protected] + +- fix baselibs.conf after previous change + +------------------------------------------------------------------- +Thu Jul 29 15:09:48 CEST 2010 - [email protected] + +- add devel packages to baselibs.conf [bnc#625883] + +------------------------------------------------------------------- +Mon Jun 28 18:43:48 CEST 2010 - [email protected] + +- updated to 1.2.44: fixed libpng overflow (CVE-2010-1205) + and memory leak [bnc#617866] + +------------------------------------------------------------------- +Fri Jun 4 13:11:14 UTC 2010 - [email protected] + +- remove the devel packages from baselibs.conf, not convinced of + their usefulness + +------------------------------------------------------------------- +Sat Apr 24 11:38:21 UTC 2010 - [email protected] + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Thu Feb 25 09:55:15 CET 2010 - [email protected] + +- updated to 1.2.43 (fixes [bnc#585403]): + * Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added + to pngconf.h in version 1.2.41. + * Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin + and contrib/pngminim/*/makefile + * Relocated png_do_chop() to its original position in pngrtran.c; the + change in version 1.2.41beta08 caused transparency to be handled wrong + in some 16-bit datastreams (Yusaku Sugai). + * Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt + (revising changes made in 1.2.41) + * Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED + in pngset.c to be consistent with other changes in version 1.2.38. + * Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr + in pngtest.c + +------------------------------------------------------------------- +Mon Dec 14 20:31:24 CET 2009 - [email protected] + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Dec 7 09:43:11 CET 2009 - [email protected] + +- updated to 1.2.41: + contains numerous cleanups, some new compile-time warnings about + direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable), + a new xcode build project, and a minor performance improvement + (avoid building 16-bit gamma tables when not needed) + +------------------------------------------------------------------- +Tue Nov 24 14:16:32 CET 2009 - [email protected] + +- updated to 1.2.40: + Removed an extra png_debug() recently added to png_write_find_filter(). + Fixed incorrect #ifdef in pngset.c regarding unknown chunk support. + Various bugfixes and improvements to CMakeLists.txt (Philip Lowman) + +------------------------------------------------------------------- +Tue Nov 3 19:09:28 UTC 2009 - [email protected] + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Thu Aug 13 15:56:07 CEST 2009 - [email protected] + +- updated to 1.2.39: + * Added a prototype for png_64bit_product() in png.c + * Avoid a possible NULL dereference in debug build, + in png_set_text_2() + * Relocated new png_64_bit_product() prototype into png.h + * Replaced *.tar.lzma with *.txz in distribution. + * Reject attempt to write iCCP chunk with negative embedded + profile length. + +------------------------------------------------------------------- +Mon Jul 20 13:59:43 CEST 2009 - [email protected] + +- updated to 1.2.38: + * Revised libpng*.txt and libpng.3 to mention calling png_set_IHDR() + multiple times and to specify the sample order in the tRNS chunk, + because the ISO PNG specification has a typo in the tRNS table. + * Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to + PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism + available for ignoring known chunks even when not saving unknown chunks. + * Adopted preference for consistent use of "#ifdef" and "#ifndef" versus + "#if defined()" and "if !defined()" where possible. + * Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of + pngconf.h, and moved the various unknown chunk macro definitions + outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks. + +------------------------------------------------------------------- +Thu Jun 4 15:16:17 CEST 2009 - [email protected] + +- updated to 1.2.37: + * fixed bug with new png_memset() of the big_row_buffer + +------------------------------------------------------------------- +Tue May 12 17:38:21 CEST 2009 - [email protected] + +- updated to 1.2.36 (see CHANGES) + +------------------------------------------------------------------- +Mon Feb 23 11:20:10 CET 2009 - [email protected] ++++ 383 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.libpng12.4351.new/libpng12.changes New: ---- baselibs.conf libpng-1.2.50-CVE-2013-7353.patch libpng-1.2.50-CVE-2013-7354.patch libpng-1.2.50.tar.bz2 libpng12-CVE-2015-7981.patch libpng12-CVE-2015-8126-complete.patch libpng12-CVE-2015-8126.patch libpng12.changes libpng12.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng12.spec ++++++ # # spec file for package libpng12 # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # %define major 1 %define minor 2 %define micro 50 %define branch %{major}%{minor} %define libname libpng%{branch}-0 Name: libpng12 Url: http://www.libpng.org/pub/png/libpng.html Version: %{major}.%{minor}.%{micro} Release: 0 Summary: Library for the Portable Network Graphics Format (PNG) License: Zlib Group: System/Libraries Source: http://downloads.sourceforge.net/project/libpng/%{name}/%{version}/libpng-%{version}.tar.bz2 Source2: baselibs.conf Patch0: libpng-1.2.50-CVE-2013-7353.patch Patch1: libpng-1.2.50-CVE-2013-7354.patch Patch2: libpng12-CVE-2015-8126.patch Patch3: libpng12-CVE-2015-7981.patch Patch4: libpng12-CVE-2015-8126-complete.patch BuildRequires: libtool BuildRequires: pkg-config BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires %{libname} = %{version}-%{release} %package -n %{libname} Summary: Library for the Portable Network Graphics Format (PNG) Group: System/Libraries # bug437293 %ifarch ppc64 Obsoletes: libpng-64bit %endif # Obsoletes: libpng < %{version} Provides: libpng = %{version}-%{release} %package devel Summary: Development Tools for applications which will use the Libpng Group: Development/Libraries/C and C++ Requires: %{libname} = %{version} Requires: glibc-devel Requires: pkg-config Requires: zlib-devel Recommends: libpng%{branch}-compat-devel # bug437293 %ifarch ppc64 Obsoletes: libpng-devel-64bit %endif # %package compat-devel Summary: Development Tools for applications which will use the Libpng Group: Development/Libraries/C and C++ Requires: libpng%{branch}-devel = %{version} Provides: libpng-devel = %{version} Obsoletes: libpng-devel < 1.2.43 Conflicts: otherproviders(libpng-devel) %description libpng is the official reference library for the Portable Network Graphics format (PNG). %description -n %{libname} libpng is the official reference library for the Portable Network Graphics format (PNG). %description devel The libpng%{branch}-devel package includes the header files, libraries, configuration files and development tools necessary for compiling and linking programs which will manipulate PNG files using libpng%{branch}. libpng is the official reference library for the Portable Network Graphics (PNG) format. %description compat-devel The libpng%{branch}-compat-devel package contains unversioned symlinks to the header files, libraries, configuration files and development tools necessary for compiling and linking programs that don't care about libpng version. %prep %setup -n libpng-%{version} %patch0 %patch1 %patch2 %patch3 %patch4 %build # We'll never use the old pgcc-2.95.1 with the buggy -O3, so having # the -O3 that is originally used should work. # Substitute the -O2 to -O3 because I'm not sure if simply appending # it will preserve(not override) the detailed opt flags used in RPM_OPT_FLAGS: %configure CFLAGS="`echo $RPM_OPT_FLAGS|sed 's/-O2/-O3/'` -DPNG_SKIP_SETJMP_CHECK" \ --prefix=/usr \ --libdir=%{_libdir} \ --mandir=%{_mandir} \ --disable-static \ --with-libpng-compat=no %check make check %install make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %files -n %{libname} %defattr(-,root,root) %{_libdir}/libpng%{branch}.so.* %files devel %defattr(-,root,root) %{_bindir}/libpng%{branch}-config %{_includedir}/libpng%{branch} %{_libdir}/libpng%{branch}.so %{_libdir}/pkgconfig/libpng%{branch}.pc %doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt %files compat-devel %defattr(-,root,root) %{_bindir}/libpng-config %{_includedir}/*.h %{_libdir}/libpng.so %{_libdir}/pkgconfig/libpng.pc %doc %{_mandir}/man3/libpng.3.gz %doc %{_mandir}/man3/libpngpf.3.gz %doc %{_mandir}/man5/png.5.gz %changelog ++++++ baselibs.conf ++++++ libpng12-0 obsoletes "libpng-<targettype> < <version>" provides "libpng-<targettype> = <version>" libpng12-devel requires -libpng12-<targettype> requires "libpng12-0-<targettype> = <version>" libpng12-compat-devel requires -libpng12-compat-<targettype> requires "libpng12-devel-<targettype> = <version>" conflicts "libpng-devel-<targettype>" provides "libpng-devel-<targettype>" ++++++ libpng-1.2.50-CVE-2013-7353.patch ++++++ http://sourceforge.net/p/libpng/code/ci/1a3d6e3cf3082a0da998dbf402d384a589488859 http://sourceforge.net/p/libpng/code/ci/77a817bfc298a221e3e623acf73c2a1e726c4ec6 http://sourceforge.net/p/libpng/code/ci/bec9ca9b8aa0cf16d2cde1757379afbe9adbe7d9 Index: pngset.c =================================================================== --- pngset.c.orig 2014-04-22 16:08:23.458978035 +0200 +++ pngset.c 2014-04-22 16:09:15.921977136 +0200 @@ -986,9 +986,17 @@ if (png_ptr == NULL || info_ptr == NULL || num_unknowns == 0) return; - np = (png_unknown_chunkp)png_malloc_warn(png_ptr, - (png_uint_32)((info_ptr->unknown_chunks_num + num_unknowns) * - png_sizeof(png_unknown_chunk))); + if (num_unknowns < 0 || + num_unknowns > INT_MAX-info_ptr->unknown_chunks_num || + (unsigned int)/*SAFE*/(num_unknowns +/*SAFE*/ + info_ptr->unknown_chunks_num) >= + PNG_SIZE_MAX/png_sizeof(png_unknown_chunk)) + np=NULL; + + else + np = (png_unknown_chunkp)png_malloc_warn(png_ptr, + (png_size_t)(info_ptr->unknown_chunks_num + num_unknowns) * + png_sizeof(png_unknown_chunk)); if (np == NULL) { png_warning(png_ptr, ++++++ libpng-1.2.50-CVE-2013-7354.patch ++++++ http://sourceforge.net/p/libpng/code/ci/798d3de5f66b6df6d6605f968da641c24725b15e http://sourceforge.net/p/libpng/code/ci/77a0a2ea113e699c7021caf1a530d2e2dd90b497 Index: pngset.c =================================================================== --- pngset.c.orig 2014-04-24 14:13:43.144134631 +0200 +++ pngset.c 2014-04-24 14:23:31.461124549 +0200 @@ -664,6 +664,17 @@ /* Make sure we have enough space in the "text" array in info_struct * to hold all of the incoming text_ptr objects. */ + + if (num_text < 0 || + num_text > INT_MAX - info_ptr->num_text - 8 || + (unsigned int)/*SAFE*/(num_text +/*SAFE*/ + info_ptr->num_text + 8) >= + PNG_SIZE_MAX/png_sizeof(png_text)) + { + png_warning(png_ptr, "too many text chunks"); + return(0); + } + if (info_ptr->num_text + num_text > info_ptr->max_text) { int old_max_text = info_ptr->max_text; @@ -921,9 +932,19 @@ if (png_ptr == NULL || info_ptr == NULL) return; - np = (png_sPLT_tp)png_malloc_warn(png_ptr, - (info_ptr->splt_palettes_num + nentries) * - (png_uint_32)png_sizeof(png_sPLT_t)); + if (nentries < 0 || + nentries > INT_MAX-info_ptr->splt_palettes_num || + (unsigned int)/*SAFE*/(nentries +/*SAFE*/ + info_ptr->splt_palettes_num) >= + PNG_SIZE_MAX/png_sizeof(png_sPLT_t)) + np=NULL; + + else + + np = (png_sPLT_tp)png_malloc_warn(png_ptr, + (info_ptr->splt_palettes_num + nentries) * + (png_size_t)png_sizeof(png_sPLT_t)); + if (np == NULL) { png_warning(png_ptr, "No memory for sPLT palettes."); ++++++ libpng12-CVE-2015-7981.patch ++++++ --- pngset.c +++ pngset.c @@ -837,6 +837,15 @@ (png_ptr->mode & PNG_WROTE_tIME)) return; + if (mod_time->month == 0 || mod_time->month > 12 || + mod_time->day == 0 || mod_time->day > 31 || + mod_time->hour > 23 || mod_time->minute > 59 || + mod_time->second > 60) + { + png_warning(png_ptr, "Ignoring invalid time value"); + return; + } + png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time)); info_ptr->valid |= PNG_INFO_tIME; } ++++++ libpng12-CVE-2015-8126-complete.patch ++++++ https://github.com/glennrp/libpng/commit/0a9afc12dea0949c2040a42ad1342f7a4b6296f2 --- pngset.c +++ pngset.c @@ -520,8 +520,8 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, if (png_ptr == NULL || info_ptr == NULL) return; - max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? - (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; if (num_palette < 0 || num_palette > (int) max_palette_length) { ++++++ libpng12-CVE-2015-8126.patch ++++++ >From 81f44665cce4cb1373f049a76f3904e981b7a766 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Date: Thu, 29 Oct 2015 09:26:41 -0500 Subject: [PATCH] [libpng16] Reject attempt to write over-length PLTE chunk Index: pngwutil.c =================================================================== --- pngwutil.c.orig 2015-11-16 14:39:45.517740820 +0100 +++ pngwutil.c 2015-11-16 14:46:45.926414642 +0100 @@ -575,17 +575,20 @@ #ifdef PNG_USE_LOCAL_ARRAYS PNG_PLTE; #endif - png_uint_32 i; + png_uint_32 max_palette_length, i; png_colorp pal_ptr; png_byte buf[3]; png_debug(1, "in png_write_PLTE"); + max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + if (( #ifdef PNG_MNG_FEATURES_SUPPORTED !(png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) && #endif - num_pal == 0) || num_pal > 256) + num_pal == 0) || num_pal > max_palette_length) { if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) { Index: pngrutil.c =================================================================== --- pngrutil.c.orig 2014-02-06 04:52:35.000000000 +0100 +++ pngrutil.c 2015-11-16 14:39:45.518740834 +0100 @@ -503,7 +503,7 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) { png_color palette[PNG_MAX_PALETTE_LENGTH]; - int num, i; + int max_palette_length, num, i; #ifdef PNG_POINTER_INDEXING_SUPPORTED png_colorp pal_ptr; #endif @@ -557,6 +557,19 @@ num = (int)length / 3; + /* If the palette has 256 or fewer entries but is too large for the bit + * depth, we don't issue an error, to preserve the behavior of previous + * libpng versions. We silently truncate the unused extra palette entries + * here. + */ + if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) + max_palette_length = (1 << png_ptr->bit_depth); + else + max_palette_length = PNG_MAX_PALETTE_LENGTH; + + if (num > max_palette_length) + num = max_palette_length; + #ifdef PNG_POINTER_INDEXING_SUPPORTED for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++) { Index: pngset.c =================================================================== --- pngset.c.orig 2015-11-16 14:39:45.509740712 +0100 +++ pngset.c 2015-11-16 14:39:45.518740834 +0100 @@ -446,12 +446,17 @@ png_colorp palette, int num_palette) { + png_uint_32 max_palette_length; + png_debug1(1, "in %s storage function", "PLTE"); if (png_ptr == NULL || info_ptr == NULL) return; - if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH) + max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + + if (num_palette < 0 || num_palette > (int) max_palette_length) { if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) png_error(png_ptr, "Invalid palette length");
