From 7d96e07570dd143f9280bef26c33de0cf01cc3af77319cfd87d4ee7cbae1f076 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Mon, 31 Dec 2018 09:48:16 +0000 Subject: [PATCH] - update to 1.6.36: Replaced the remaining uses of png_size_t with size_t (Cosmin) Fixed the calculation of row_factor in png_check_chunk_length (reported by Thuan Pham in SourceForge issue #278) Added missing parentheses to a macro definition (suggested by "irwir" in GitHub issue #216) Optimized png_do_expand_palette for ARM processors. Improved performance by around 10-22% on a recent ARM Chromebook. (Contributed by Richard Townsend, ARM Holdings) Fixed manipulation of machine-specific optimization options. (Contributed by Vicki Pfau) Used memcpy instead of manual pointer arithmetic on Intel SSE2. (Contributed by Samuel Williams) Fixed build errors with MSVC on ARM64. (Contributed by Zhijie Liang) Fixed detection of libm in CMakeLists. (Contributed by Cameron Cawley) Fixed incorrect creation of pkg-config file in CMakeLists. (Contributed by Kyle Bentley) Fixed the CMake build on Windows MSYS by avoiding symlinks. Fixed a build warning on OpenBSD. (Contributed by Theo Buehler) Fixed various typos in comments. (Contributed by "luz.paz") Raised the minimum required CMake version from 3.0.2 to 3.1. Removed yet more of the vestigial support for pre-ANSI C compilers. Removed ancient makefiles for ancient systems that have been broken across all previous libpng-1.6.x versions. Removed the Y2K compliance statement and the export control information. OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=111 --- libpng-1.6.34.tar.xz | 3 --- libpng-1.6.34.tar.xz.asc | 17 --------------- libpng-1.6.36.tar.xz | 3 +++ libpng16-CVE-2018-13785.patch | 13 ------------ libpng16.changes | 39 +++++++++++++++++++++++++++++++++++ libpng16.spec | 9 +++----- 6 files changed, 45 insertions(+), 39 deletions(-) delete mode 100644 libpng-1.6.34.tar.xz delete mode 100644 libpng-1.6.34.tar.xz.asc create mode 100644 libpng-1.6.36.tar.xz delete mode 100644 libpng16-CVE-2018-13785.patch diff --git a/libpng-1.6.34.tar.xz b/libpng-1.6.34.tar.xz deleted file mode 100644 index 37392a1..0000000 --- a/libpng-1.6.34.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2f1e960d92ce3b3abd03d06dfec9637dfbd22febf107a536b44f7a47c60659f6 -size 997968 diff --git a/libpng-1.6.34.tar.xz.asc b/libpng-1.6.34.tar.xz.asc deleted file mode 100644 index 12f0764..0000000 --- a/libpng-1.6.34.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJZzghsAAoJEPVJhL+hbGQPxfAP/iNKJV+UC3f6zNE62jPCjNVg -Gx3pOhWHMw2+mkN8NxlI7L5qPRj/zJ2G0iso2CVXBRzcb21aNMZ+Jx4/mQ1p2qPT -olupBl3mug/zucdUVSxsN0g2i7/atvxHX3fjkCjoNsNpkcBWPGZFhE5yZZTYU5Oz -qNrfluwkV+jC2XWqMw/B40Mahw4LwmbvzXeduaBxxNXDM7nund0vsEdoGYeI/NZx -G106dg+hmalJq1084M+SHyOiDa4xh1CAdpeJnwaL1IMjsbzyALZezUxx2PqrwwVg -WgLuSfPRZjNBFLZJxCBM1Y49QiON90NQzdZqeCA+0nNDQZtQAKPEI/zGadWZHBKd -4H5d19VvmYo2dPsvBoK5t8QSXeSEreTGsryQcKRbNvbzxMSBNdHN/C6zg13Kuteg -1xyx9jTtS59Ir+oOkE9EhXSAhEp4baPzFqjIwK2NON6/+gv9BYywVwc6cTfCz2rR -NgXaxe5/8qCZCb1DM6ZmgbhlLtXUrOLED49zX5ndcHpGBAQx5HVj7GRNn6VcSw1U -Ljk+S9r2A7g/mEzNqzeHcqpMSCjSt59RpQXvDfTI7vF1lxRqmNGMG1W9Sjk0DKe7 -nPI7a/wAf6S8gU+VhPOHhj3I/B4e4IrBuwWj4NGaUO0RBbDwWYPXLrrDoMC7FBW7 -Z+dSb9Tb6/Ihc3NXkJFI -=qQuX ------END PGP SIGNATURE----- diff --git a/libpng-1.6.36.tar.xz b/libpng-1.6.36.tar.xz new file mode 100644 index 0000000..2217d1c --- /dev/null +++ b/libpng-1.6.36.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eceb924c1fa6b79172fdfd008d335f0e59172a86a66481e09d4089df872aa319 +size 1012544 diff --git a/libpng16-CVE-2018-13785.patch b/libpng16-CVE-2018-13785.patch deleted file mode 100644 index f87c22b..0000000 --- a/libpng16-CVE-2018-13785.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: libpng-1.6.34/pngrutil.c -=================================================================== ---- libpng-1.6.34.orig/pngrutil.c 2017-09-29 10:40:57.000000000 +0200 -+++ libpng-1.6.34/pngrutil.c 2018-08-01 09:59:02.399741891 +0200 -@@ -3149,7 +3149,7 @@ png_check_chunk_length(png_const_structr - { - png_alloc_size_t idat_limit = PNG_UINT_31_MAX; - size_t row_factor = -- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) -+ ((size_t)png_ptr->width * (size_t)png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) - + 1 + (png_ptr->interlaced? 6: 0)); - if (png_ptr->height > PNG_UINT_32_MAX/row_factor) - idat_limit=PNG_UINT_31_MAX; diff --git a/libpng16.changes b/libpng16.changes index 14139c3..660fd75 100644 --- a/libpng16.changes +++ b/libpng16.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Mon Dec 31 09:41:53 UTC 2018 - Petr Gajdos + +- update to 1.6.36: + Replaced the remaining uses of png_size_t with size_t (Cosmin) + Fixed the calculation of row_factor in png_check_chunk_length + (reported by Thuan Pham in SourceForge issue #278) + Added missing parentheses to a macro definition + (suggested by "irwir" in GitHub issue #216) + Optimized png_do_expand_palette for ARM processors. + Improved performance by around 10-22% on a recent ARM Chromebook. + (Contributed by Richard Townsend, ARM Holdings) + Fixed manipulation of machine-specific optimization options. + (Contributed by Vicki Pfau) + Used memcpy instead of manual pointer arithmetic on Intel SSE2. + (Contributed by Samuel Williams) + Fixed build errors with MSVC on ARM64. + (Contributed by Zhijie Liang) + Fixed detection of libm in CMakeLists. + (Contributed by Cameron Cawley) + Fixed incorrect creation of pkg-config file in CMakeLists. + (Contributed by Kyle Bentley) + Fixed the CMake build on Windows MSYS by avoiding symlinks. + Fixed a build warning on OpenBSD. + (Contributed by Theo Buehler) + Fixed various typos in comments. + (Contributed by "luz.paz") + Raised the minimum required CMake version from 3.0.2 to 3.1. + Removed yet more of the vestigial support for pre-ANSI C compilers. + Removed ancient makefiles for ancient systems that have been broken + across all previous libpng-1.6.x versions. + Removed the Y2K compliance statement and the export control + information. + Applied various code style and documentation fixes. +- removed patches + * libpng16-CVE-2018-13785.patch (upstreamed) +- cannot find upstream tarball signature, asked upstream for + clarification + ------------------------------------------------------------------- Wed Aug 1 08:01:23 UTC 2018 - pgajdos@suse.com diff --git a/libpng16.spec b/libpng16.spec index fd34ecf..81bb922 100644 --- a/libpng16.spec +++ b/libpng16.spec @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # %define major 1 %define minor 6 -%define micro 34 +%define micro 36 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} %define debug_package_requires %{libname} = %{version}-%{release} @@ -30,12 +30,10 @@ Summary: Library for the Portable Network Graphics Format (PNG) License: Zlib Group: Development/Libraries/C and C++ Url: http://www.libpng.org/pub/png/libpng.html -Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz -Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc +Source0: http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz Source2: libpng16.keyring Source3: rpm-macros.libpng-tools Source4: baselibs.conf -Patch0: libpng16-CVE-2018-13785.patch BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: zlib-devel @@ -97,7 +95,6 @@ PNG files. %prep %setup -q -n libpng-%{version} -%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1