From 3063cf7ec4d453597d66d0a06aa47e21d4075e2de1c386a326cfaa162615de34 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Fri, 30 Jun 2017 15:52:07 +0000 Subject: [PATCH] - update to 1.6.30: Revised documentation of png_get_error_ptr() in the libpng manual. Document need to check for integer overflow when allocating a pixel buffer for multiple rows in contrib/gregbook, contrib/pngminus, example.c, and in the manual (suggested by Jaeseung Choi). This is similar to the bug reported against pngquant in CVE-2016-5735. Check for integer overflow in contrib/visupng and contrib/tools/genpng. Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt. Avoid writing an empty IDAT when the last IDAT exactly fills the compression buffer (bug report by Brian Baird). This bug was introduced in libpng-1.6.0. Add a reference to the libpng.download site in README. OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=94 --- libpng-1.6.29.tar.xz | 3 --- libpng-1.6.29.tar.xz.asc | 17 ----------------- libpng-1.6.30.tar.xz | 3 +++ libpng-1.6.30.tar.xz.asc | 17 +++++++++++++++++ libpng16.changes | 16 ++++++++++++++++ libpng16.spec | 2 +- 6 files changed, 37 insertions(+), 21 deletions(-) delete mode 100644 libpng-1.6.29.tar.xz delete mode 100644 libpng-1.6.29.tar.xz.asc create mode 100644 libpng-1.6.30.tar.xz create mode 100644 libpng-1.6.30.tar.xz.asc diff --git a/libpng-1.6.29.tar.xz b/libpng-1.6.29.tar.xz deleted file mode 100644 index c71ea69..0000000 --- a/libpng-1.6.29.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4245b684e8fe829ebb76186327bb37ce5a639938b219882b53d64bd3cfc5f239 -size 987652 diff --git a/libpng-1.6.29.tar.xz.asc b/libpng-1.6.29.tar.xz.asc deleted file mode 100644 index ad4012f..0000000 --- a/libpng-1.6.29.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJYyqcMAAoJEPVJhL+hbGQPO5sP/14yKmKz8Rtdl6CeVozBRS0n -4mT2etPAIvKJ3saGCJKwZAQaTQWWhK0jHnwHwjx2iHCG9bZyMNeXsWcDaiA+spW6 -CYnc6+5nTtTY2rCsUpbUyTCwmppNGeWJ78zhqlJLAHJHhBYrXxCWKgxtOs+XiYiH -Bz0sb6IgLvz6IOMRlucIJ3pH11cRkCLQyJ9WB2pFB5jjuU04H/l1aKsC2zLfliRR -KXuzPxwsGOGn10n7IG4uBFxVALomMQQYsruENc08gAd6zxfIdyHQtBiRB1lqOqJg -N9wCi1LGPWeufwnBk2LE8u95B/CooiVc6SfL1UmlJkeZxlzu7ikCbPEdeA3m3gcD -YJ3N77md3xdd9vwFXReN8b83pmUosv05kGuiOw3z1uW23g/49VChWFS5y3z0qYAM -DzslkhxqMxou50V4eUPusULERljGQpYRyzLTeMRa5rH3bfvoba/h9BxTJXZz395J -nR0hLZ93ANGlCV+h2oTjxZpNE8L9aul3sJeIGx7vqiKDm4JNtl2TG4sCFxf5ZncY -v1Gn3nwEpu+hYo/PsCK7KH1kca+V0Iw64JvNqghBEEM8DlmhxXAb61IQCeINe88Z -B+xXElXCIZJKgJzL0Nm78jKeYL+CLacnmpEgFIkTwxwaCcDEpDIyeHMrfxNaP0kB -rMuqwfPejDxFuGagvY0a -=oZw/ ------END PGP SIGNATURE----- diff --git a/libpng-1.6.30.tar.xz b/libpng-1.6.30.tar.xz new file mode 100644 index 0000000..f49f8f3 --- /dev/null +++ b/libpng-1.6.30.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:267c332ffff70cc599d3929207869f698798f1df143aa5f9597b007c14353666 +size 988608 diff --git a/libpng-1.6.30.tar.xz.asc b/libpng-1.6.30.tar.xz.asc new file mode 100644 index 0000000..e6ac28f --- /dev/null +++ b/libpng-1.6.30.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJZU/sVAAoJEPVJhL+hbGQPxNwP/jyKzen8CVdWwPRvsFC/lT5x +a1jlXlV3ejdIlX/PF7kfPKb8ZdbRTXkpky6nYAi64vgbUrR1ZzUqd/M1BBnenOWo +t63V7oiRec/ELdDPP/c3ccuv3oykdmC7lexqQbcJGsooRK9mm7/M8RE2FTgd58LV +DmwOzJeTnEFJVs25SlteWx77eLApheP3bfJdnYnhm3a40a1e4Tb3rgz1Nmi0lrHG +2y4Khkf4fTMkXxU+CzuidAEGa8GLBhwLoedPP4VjcHvZ3eAMXIfTXEaD2qHuU53S +SIiWjlujPY30fPDDB2bobIv7mQvTTqSpCeHSmIV+XwLRwylpm1kSSRYew3CPSpOd +8mXigv7hAg8gpjBgZ2bQoGs2ss8JIzU7Pellwdjoy1V8uDJWJHWogFzpuVCPuz6u +vvs16XmjxteXM8ndMOzKkACbHKYJLZ6Eb0GtE6hHTF8bnvrzHld7TDFQg2x1PYGM +quO7mYjhFEzqOH8ZRvL1pBXOj/bf2zAH8EIG7s3gO/N3JkExvu/JuLKRxrWU8HbU +rjlC/Xchdq4ffhaanj0DDFf9Gdtn8z0xBBFiqwtybOWunDyoFXenWf0TRvNZyv54 +vOPmN4l6VWGeepLLQ3lZYF3mMlus69uoX47yQI5OuFijHoT/NIqrnMdQUCBcPcuJ +ATGjcBKUCYcDPbQFX2zK +=OctP +-----END PGP SIGNATURE----- diff --git a/libpng16.changes b/libpng16.changes index dc85a2c..a49f99c 100644 --- a/libpng16.changes +++ b/libpng16.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Jun 30 15:48:21 UTC 2017 - pgajdos@suse.com + +- update to 1.6.30: + Revised documentation of png_get_error_ptr() in the libpng manual. + Document need to check for integer overflow when allocating a pixel + buffer for multiple rows in contrib/gregbook, contrib/pngminus, + example.c, and in the manual (suggested by Jaeseung Choi). This + is similar to the bug reported against pngquant in CVE-2016-5735. + Check for integer overflow in contrib/visupng and contrib/tools/genpng. + Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt. + Avoid writing an empty IDAT when the last IDAT exactly fills the + compression buffer (bug report by Brian Baird). This bug was + introduced in libpng-1.6.0. + Add a reference to the libpng.download site in README. + ------------------------------------------------------------------- Thu Mar 16 20:21:47 UTC 2017 - pgajdos@suse.com diff --git a/libpng16.spec b/libpng16.spec index 95b80eb..f4ee9f4 100644 --- a/libpng16.spec +++ b/libpng16.spec @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 29 +%define micro 30 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch}