Hello community, here is the log from the commit of package libpng14 for openSUSE:11.3 checked in at Tue Aug 2 18:27:23 CEST 2011.
-------- --- old-versions/11.3/all/libpng14/libpng14.changes 2010-06-28 18:39:04.000000000 +0200 +++ 11.3/libpng14/libpng14.changes 2011-07-28 14:53:20.000000000 +0200 @@ -1,0 +2,9 @@ +Thu Jul 28 12:50:50 UTC 2011 - pgaj...@novell.com + +- fixed + * CVE-2011-2501 [bnc#702578] + * CVE-2011-2690 [bnc#706387] + * CVE-2011-2691 [bnc#706388] + * CVE-2011-2692 [bnc#706389] + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/libpng14 Destination is old-versions/11.3/UPDATES/all/libpng14 calling whatdependson for 11.3-i586 New: ---- libpng14-1.4.3-CVE-2011-2501.patch libpng14-1.4.3-CVE-2011-2690.patch libpng14-1.4.3-CVE-2011-2691.patch libpng14-1.4.3-CVE-2011-2692.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng14.spec ++++++ --- /var/tmp/diff_new_pack.L9l1Hv/_old 2011-08-02 18:27:00.000000000 +0200 +++ /var/tmp/diff_new_pack.L9l1Hv/_new 2011-08-02 18:27:00.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libpng14 (Version 1.4.3) +# spec file for package libpng14 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,10 +28,14 @@ Group: System/Libraries Url: http://www.libpng.org/pub/png/libpng.html Version: %{major}.%{minor}.%{micro} -Release: 2 +Release: 3.<RELEASE2> Summary: Library for the Portable Network Graphics Format (PNG) Source: libpng-%{version}.tar.bz2 Source2: baselibs.conf +Patch0: libpng14-1.4.3-CVE-2011-2501.patch +Patch1: libpng14-1.4.3-CVE-2011-2691.patch +Patch2: libpng14-1.4.3-CVE-2011-2692.patch +Patch3: libpng14-1.4.3-CVE-2011-2690.patch BuildRequires: pkg-config zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires %{libname} = %{version}-%{release} @@ -95,6 +99,10 @@ %prep %setup -n libpng-%{version} +%patch0 +%patch1 +%patch2 +%patch3 %build ./autogen.sh ++++++ libpng14-1.4.3-CVE-2011-2501.patch ++++++ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af --- pngerror.c +++ pngerror.c @@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp { buffer[iout++] = ':'; buffer[iout++] = ' '; - png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT); - buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0'; + + iin = 0; + while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0') + buffer[iout++] = error_message[iin++]; + + /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */ + buffer[iout] = '\0'; } } ++++++ libpng14-1.4.3-CVE-2011-2690.patch ++++++ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blobdiff;f=pngrtran.c;h=6bce578dfad3d9121d35cf4893298bb2fce5cd84;hp=0a01db8ba91694f7e27428be157f760e7c5fbc27;hb=cc1d4d0dbc727f60b7ae5320776c05e668fd40e3;hpb=070434c04512948f7eb4acf09a36a6f06000f456 Index: pngrtran.c =================================================================== --- pngrtran.c.orig +++ pngrtran.c @@ -660,10 +660,14 @@ void PNGAPI png_set_rgb_to_gray(png_structp png_ptr, int error_action, double red, double green) { - int red_fixed = (int)((float)red*100000.0 + 0.5); - int green_fixed = (int)((float)green*100000.0 + 0.5); + int red_fixed, green_fixed; if (png_ptr == NULL) return; + if (red > 21474.83647 || red < -21474.83648 || + green > 21474.83647 || green < -21474.83648) + png_error(png_ptr, "ignoring out of range rgb_to_gray coefficients"); + red_fixed = (int)((float)red*100000.0 + 0.5); + green_fixed = (int)((float)green*100000.0 + 0.5); png_set_rgb_to_gray_fixed(png_ptr, error_action, red_fixed, green_fixed); } #endif ++++++ libpng14-1.4.3-CVE-2011-2691.patch ++++++ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261 --- pngerror.c +++ pngerror.c @@ -87,12 +87,17 @@ png_error(png_structp png_ptr, png_const_charp error_message) void PNGAPI png_err(png_structp png_ptr) { + /* Prior to 1.4.8 the error_fn received a NULL pointer, expressed + * erroneously as '\0', instead of the empty string "". This was + * apparently an error, introduced in libpng-1.2.20, and png_default_error + * will crash in this case. + */ if (png_ptr != NULL && png_ptr->error_fn != NULL) - (*(png_ptr->error_fn))(png_ptr, '\0'); + (*(png_ptr->error_fn))(png_ptr, ""); /* If the custom handler doesn't exist, or if it returns, use the default handler, which will not return. */ - png_default_error(png_ptr, '\0'); + png_default_error(png_ptr, ""); } #endif /* PNG_ERROR_TEXT_SUPPORTED */ ++++++ libpng14-1.4.3-CVE-2011-2692.patch ++++++ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 Index: pngrutil.c =================================================================== --- pngrutil.c.orig +++ pngrutil.c @@ -1810,6 +1810,14 @@ png_handle_sCAL(png_structp png_ptr, png return; } + /* Need unit type, width, \0, height: minimum 4 bytes */ + else if (length < 4) + { + png_warning(png_ptr, "sCAL chunk too short"); + png_crc_finish(png_ptr, length); + return; + } + png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)", length + 1); png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org