Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-12-09 19:33:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpng16" Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2015-11-17 14:21:26.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-12-09 19:33:26.000000000 +0100 @@ -1,0 +2,24 @@ +Thu Dec 3 15:11:03 UTC 2015 - [email protected] + +- update to 1.6.20: + Avoid potential pointer overflow/underflow in png_handle_sPLT() and + png_handle_pCAL() (Bug report by John Regehr). + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr + not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 + vulnerability. + Backported tests from libpng-1.7.0beta69. + Fixed an error in handling of bad zlib CMINFO field in pngfix, found by + American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't + immediately fault a bad CMINFO field; instead a 'too far back' error + happens later (at least some times). pngfix failed to limit CMINFO to + the allowed values but then assumed that window_bits was in range, + triggering an assert. The bug is mostly harmless; the PNG file cannot + be fixed. + In libpng 1.6 zlib initialization was changed to use the window size + in the zlib stream, not a fixed value. This causes some invalid images, + where CINFO is too large, to display 'correctly' if the rest of the + data is valid. This provides a workaround for zlib versions where the + error arises (ones that support the API change to use the window size + in the stream). + +------------------------------------------------------------------- Old: ---- libpng-1.6.19.tar.xz libpng-1.6.19.tar.xz.asc New: ---- libpng-1.6.20.tar.xz libpng-1.6.20.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.AeguT0/_old 2015-12-09 19:33:27.000000000 +0100 +++ /var/tmp/diff_new_pack.AeguT0/_new 2015-12-09 19:33:27.000000000 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 19 +%define micro 20 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} ++++++ libpng-1.6.19.tar.xz -> libpng-1.6.20.tar.xz ++++++ ++++ 2680 lines of diff (skipped)
