OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 29-Jun-2004 10:18:10
Branch: OPENPKG_1_3_SOLID Handle: -NONE-
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/png png.patch png.spec
Log:
apply extended security fix and a cleanup patch from CURRENT
Summary:
Revision Changes Path
1.1.10.2 +45 -4 openpkg-src/png/png.patch
1.29.2.2.2.3+1 -1 openpkg-src/png/png.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/png/png.patch
============================================================================
$ cvs diff -u -r1.1.10.1 -r1.1.10.2 png.patch
--- openpkg-src/png/png.patch 29 Apr 2004 19:56:26 -0000 1.1.10.1
+++ openpkg-src/png/png.patch 29 Jun 2004 08:18:09 -0000 1.1.10.2
@@ -1,5 +1,31 @@
---- pngrtran.c.orig Wed Oct 2 20:20:24 2002
-+++ pngrtran.c Wed Jan 15 11:30:23 2003
+Security Fix (CAN-2002-1363):
+Possible buffer overflows.
+
+Index: pngrtran.c
+--- pngrtran.c.orig 2002-10-03 13:32:29 +0200
++++ pngrtran.c 2004-06-29 10:06:10 +0200
+@@ -1889,8 +1889,8 @@
+ /* This changes the data from GG to GGXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1907,8 +1907,8 @@
+ /* This changes the data from GG to XXGG */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
@@ -1965,8 +1965,8 @@
/* This changes the data from RRGGBB to RRGGBBXX */
if (flags & PNG_FLAG_FILLER_AFTER)
@@ -23,8 +49,10 @@
{
*(--dp) = *(--sp);
-Steve G <[EMAIL PROTECTED]>
-Libpng accesses memory that is out of bounds when creating an error message
+-----------------------------------------------------------------------------
+
+Security Fix (Steve G <[EMAIL PROTECTED]>):
+Access to memory that is out of bounds when creating an error message.
Index: pngerror.c
--- pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200
@@ -45,3 +73,16 @@
}
}
+--- pngconf.h.orig 2004-05-27 09:42:21.000000000 +0200
++++ pngconf.h 2004-05-27 09:43:22.000000000 +0200
+@@ -251,10 +251,6 @@
+ # define PNG_SAVE_BSD_SOURCE
+ # undef _BSD_SOURCE
+ # endif
+-# ifdef _SETJMP_H
+- __png.h__ already includes setjmp.h;
+- __dont__ include it again.;
+-# endif
+ # endif /* __linux__ */
+
+ /* include setjmp.h for error handling */
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/png/png.spec
============================================================================
$ cvs diff -u -r1.29.2.2.2.2 -r1.29.2.2.2.3 png.spec
--- openpkg-src/png/png.spec 29 Apr 2004 19:56:26 -0000 1.29.2.2.2.2
+++ openpkg-src/png/png.spec 29 Jun 2004 08:18:09 -0000 1.29.2.2.2.3
@@ -33,7 +33,7 @@
Group: Graphics
License: BSD
Version: 1.2.5
-Release: 1.3.1
+Release: 1.3.2
# list of sources
Source0:
http://osdn.dl.sourceforge.net/sourceforge/libpng/libpng-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
