OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 29-Jun-2004 10:15:36
Branch: HEAD Handle: -NONE-
Modified files:
openpkg-src/png png.patch png.spec
Log:
include security fix extension, more details about fixes plus some
package cleanups
Summary:
Revision Changes Path
1.4 +32 -4 openpkg-src/png/png.patch
1.36 +9 -5 openpkg-src/png/png.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/png/png.patch
============================================================================
$ cvs diff -u -r1.3 -r1.4 png.patch
--- openpkg-src/png/png.patch 27 May 2004 08:14:27 -0000 1.3
+++ openpkg-src/png/png.patch 29 Jun 2004 08:15:36 -0000 1.4
@@ -1,5 +1,31 @@
---- pngrtran.c.orig Wed Oct 2 20:20:24 2002
-+++ pngrtran.c Wed Jan 15 11:30:23 2003
+Security Fix (CAN-2002-1363):
+Possible buffer overflows.
+
+Index: pngrtran.c
+--- pngrtran.c.orig 2002-10-03 13:32:29 +0200
++++ pngrtran.c 2004-06-29 10:06:10 +0200
+@@ -1889,8 +1889,8 @@
+ /* This changes the data from GG to GGXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1907,8 +1907,8 @@
+ /* This changes the data from GG to XXGG */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
@@ -1965,8 +1965,8 @@
/* This changes the data from RRGGBB to RRGGBBXX */
if (flags & PNG_FLAG_FILLER_AFTER)
@@ -23,8 +49,10 @@
{
*(--dp) = *(--sp);
-Steve G <[EMAIL PROTECTED]>
-Libpng accesses memory that is out of bounds when creating an error message
+-----------------------------------------------------------------------------
+
+Security Fix (Steve G <[EMAIL PROTECTED]>):
+Access to memory that is out of bounds when creating an error message.
Index: pngerror.c
--- pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/png/png.spec
============================================================================
$ cvs diff -u -r1.35 -r1.36 png.spec
--- openpkg-src/png/png.spec 27 May 2004 08:14:27 -0000 1.35
+++ openpkg-src/png/png.spec 29 Jun 2004 08:15:36 -0000 1.36
@@ -25,7 +25,7 @@
# package information
Name: png
-Summary: PNG Image Format with Lossless Compression
+Summary: Portable Network Graphics (PNG) Image Format Library
URL: http://www.libpng.org/pub/png/
Vendor: Greg Roelofs
Packager: The OpenPKG Project
@@ -34,7 +34,7 @@
Group: Graphics
License: BSD
Version: 1.2.5
-Release: 20040527
+Release: 20040629
# list of sources
Source0:
http://osdn.dl.sourceforge.net/sourceforge/libpng/libpng-%{version}.tar.gz
@@ -49,9 +49,13 @@
AutoReqProv: no
%description
- The Portable Network Graphics (PNG) format is a new image format
- with lossless compression. It was invented to replace the GIF
- format.
+ The Portable Network Graphics (PNG) format is a image format with
+ lossless compression. It was designed to replace the older and
+ simpler GIF format and, to some extent, the much more complex TIFF
+ format. PNG supports up to 48-bit truecolor or 16-bit grayscale
+ saving, alpha channels (variable transparency), gamma correction
+ (cross-platform control of image brightness), and two-dimensional
+ interlacing (a method of progressive display).
%track
prog png = {
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
