libpng16/libpng16.spec

164 lines
4.9 KiB
RPMSpec
Raw Normal View History

#
# spec file for package libpng16
#
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define debug_build 0
%define asan_build 0
%define major 1
%define minor 6
%define micro 36
%define branch %{major}%{minor}
%define libname libpng%{branch}-%{branch}
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
%define debug_package_requires %{libname} = %{version}-%{release}
Name: libpng16
Version: %{major}.%{minor}.%{micro}
Release: 0
Summary: Library for the Portable Network Graphics Format (PNG)
License: Zlib
Group: Development/Libraries/C and C++
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
Url: http://www.libpng.org/pub/png/libpng.html
Source0: http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz
Source2: libpng16.keyring
Source3: rpm-macros.libpng-tools
Source4: baselibs.conf
BuildRequires: libtool
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
BuildRequires: pkgconfig
BuildRequires: zlib-devel
%package -n %{libname}
Summary: Library for the Portable Network Graphics Format (PNG)
Group: System/Libraries
Provides: libpng = %{version}
%package devel
Summary: Development tools for applications which will use libpng
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
Requires: glibc-devel
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
Requires: pkgconfig
Requires: zlib-devel
Recommends: libpng%{branch}-compat-devel
#
%package compat-devel
Summary: Development tools for applications which will use libpng
Group: Development/Libraries/C and C++
Requires: libpng%{branch}-devel = %{version}
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
Conflicts: libpng-devel
Provides: libpng-devel = %{version}
Obsoletes: libpng-devel < 1.2.44
%package tools
Summary: Tools for Manipulating PNG Images
Group: Productivity/Graphics/Other
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
Conflicts: libpng-tools
Provides: libpng-tools = %{version}
%description
libpng is the official reference library for the Portable Network
Graphics format (PNG).
%description -n %{libname}
libpng is the official reference library for the Portable Network
Graphics format (PNG).
%description devel
The libpng%{branch}-devel package includes the header files, libraries,
configuration files and development tools necessary for compiling and
linking programs which will manipulate PNG files using libpng%{branch}.
libpng is the official reference library for the Portable Network
Graphics (PNG) format.
%description compat-devel
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
The libpng%{branch}-compat-devel package contains unversioned symlinks
to the header files, libraries, configuration files and development
tools necessary for compiling and linking programs that don't care
about libpng version.
%description tools
Package consists of low level tools for manipulating and fixing particular
PNG files.
%prep
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
%setup -q -n libpng-%{version}
%build
# PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
export LDFLAGS="-Wl,-z,relro,-z,now"
%if %{debug_build}
export CFLAGS="$CFLAGS -O0"
%endif
%configure \
--disable-static
%if %{asan_build}
sed -i -e 's/^\(CFLAGS.*\)$/\1 -fsanitize=address/' \
-e 's/\(^LIBS =.*\)/\1 -lasan/' Makefile
%endif
make %{?_smp_mflags}
%check
%if %{asan_build}
# ASAN needs /proc to be mounted
exit 0
%endif
make -j1 check
%install
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
%make_install
rm %{buildroot}/%{_libdir}/libpng*.la
mkdir -p %{buildroot}%{_sysconfdir}/rpm
cp -a %{SOURCE3} \
%{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools
%if %{debug_build} ||%{asan_build}
install -m755 .libs/pngcp %{buildroot}/%{_bindir}
%endif
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files -n %{libname}
%{_libdir}/libpng%{branch}.so.*
%files devel
%{_bindir}/libpng%{branch}-config
%{_includedir}/libpng%{branch}
%{_libdir}/libpng%{branch}.so
%{_libdir}/pkgconfig/libpng%{branch}.pc
%doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt
%files compat-devel
%{_bindir}/libpng-config
%{_includedir}/*.h
%{_libdir}/libpng.so
%{_libdir}/pkgconfig/libpng.pc
Accepting request 570288 from home:avindra - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP chunk. * Removed redundant tests * Added an interlaced version of each file in contrib/pngsuite. * Relocate new memset() call in pngrutil.c * Add support for loading images with associated alpha in the Simplified API * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc * Add end_info structure and png_read_end() to the libpng fuzzer - includes 1.6.32: * Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". * Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). * Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). * Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. * Updated contrib/libtests/pngunknown.c with eXIf chunk. * Initialized btoa[] in pngstest.c * Stop memory leak when returning from png_handle_eXIf() with an error * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). * Update libpng.3 and libpng-manual.txt about eXIf functions. * Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. * Removed png_get_eXIf_1() and png_set_eXIf_1(). * Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue (Fixes CVE-2017-12652) * Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. * Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). * Revised symlink creation, no longer using deprecated cmake LOCATION feature * Fixed five-byte error in the calculation of IDAT maximum possible size. * Moved chunk-length check into a png_check_chunk_length() private function * Moved bad pngs from tests to contrib/libtests/crashers * Moved testing of bad pngs into a separate tests/pngtest-badpngs script * Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. * Require cmake-3.0.2 in CMakeLists.txt * Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). * Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. * Make pngtest --strict, --relax, --xfail options imply -m (multiple). * Removed unused chunk_name parameter from png_check_chunk_length(). * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' leak. * Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. * Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". * Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. * Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). * Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms * Added contrib/oss-fuzz directory which contains files used by the oss-fuzz project - cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/570288 OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=102
2018-01-29 07:59:18 +01:00
%{_mandir}/man3/libpng.3%{ext_man}
%{_mandir}/man3/libpngpf.3%{ext_man}
%{_mandir}/man5/png.5%{ext_man}
%files tools
%{_bindir}/png-fix-itxt
%{_bindir}/pngfix
%if %{debug_build} || %{asan_build}
%{_bindir}/pngcp
%endif
%{_sysconfdir}/rpm/macros.libpng-tools
%changelog