- update to 1.6.20:
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Backported tests from libpng-1.7.0beta69.
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=75
This commit is contained in:
Git OBS Bridge
parent
35368c612d
commit
5646b27ba7
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:311c5657f53516986c67713c946f616483e3cdb52b8b2ee26711be74e8ac35e8
|
|
||||||
size 941280
|
|
||||||
@ -1,17 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQIcBAABAgAGBQJWRJdjAAoJEPVJhL+hbGQPfQgQAKr/BrU1ZGbvJjyQ6dxGDKjN
|
|
||||||
bshmoTp+u+B24qUmjM0mYFGiv2WeHIvSvaao0YEfL/u7S9+NINT1sL1+0K5PT+ZF
|
|
||||||
DgEy4R3OqvEUlnix3nTJ7UgIf9iPBniq747Xv+N3NMc2dzUMATbqyma1MNiGQpvE
|
|
||||||
pDuYQhIGauydimXlhqzYMm7/sE54j7uf1ecYxIsKHHLyIKy7Pwog+c5Rjb5BTjVS
|
|
||||||
tGx+TCSGsWbMy+hw74/h8ESkjjd6Bk4+S+aEzCoUoAdUCu3ziOSqVAdWN3z++w8S
|
|
||||||
1vM9lhguYvatz2hgLeHgngc3NvAeJLV5sOCUUqsxA+pilIlV6Tcmr/tmNsAWnWe5
|
|
||||||
nO5iJ4YnU+7CZYrX5V47AijaLtRDzXh07sdwefpooyEB+OUYKprNVi+jH9PFAFId
|
|
||||||
GLIiize/PevkeOheMMkafOyESEzD9zS9lPFgCIfRl+qZSKGLjA8Cq0QA56I1E60F
|
|
||||||
i6w2j9U3VAHUi+PcrBO3BTsUkVc8H2OWsClCwMlyYxkb4exgDAxV3XbnUdTXuF9A
|
|
||||||
ABQn1H/dLFmJcyLKRY+pQ7+XCWz/nnDQhIIFlwnlZH/lMzR4e6gtnjOBXDOZUS3W
|
|
||||||
vlTjx2OcxVEXFiafhKvHFk0fsnJscXinB88HpSrb/83aEOc++eMq6wmwySK1zf0T
|
|
||||||
TuCarcJ0DZkGmLBg2bRC
|
|
||||||
=XCSM
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
3
libpng-1.6.20.tar.xz
Normal file
3
libpng-1.6.20.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:55c5959e9f3484d96141a3226c53bc9da42a4845e70879d3e1d6e94833d1918b
|
||||||
|
size 942672
|
||||||
17
libpng-1.6.20.tar.xz.asc
Normal file
17
libpng-1.6.20.tar.xz.asc
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQIcBAABAgAGBQJWYEXlAAoJEPVJhL+hbGQP2YwP/02NCjKPni/pgQMTgmfs8Dgg
|
||||||
|
Wsotwy5/SKmtFmGScfSyF+0UI2sVzTyy/16udNs2noyza2T0uTXk2KX2vwxB463I
|
||||||
|
QRha8EZb53dwzUHJhNI6Z3UAk5uOGHUnGUysBhQ6K5DiEHAmHmGtHVchxpow0gjU
|
||||||
|
DAG30+PTC57NxNWV1/qEuGM1ht+yjH4as0haxxYw46jFAuN0CQyE4SUTNgh05m7A
|
||||||
|
AGmIJyE/Vi+zEfWbhofAIa6m32+LFUtq06JGK8hVcgmBLctG8BGX1RwImq7Jorin
|
||||||
|
AEuB4XUk5B5a6gRTDp1UWinw1McXC6xdepfq42RhfT/mkvw2LQR7gdfPBFntj9xs
|
||||||
|
OXxZCWUHfWgTgFyM1m7tjiYsM+UGO49+xELtoLj2nRFLEKFhrJ1cBZG7h0Zu5DnT
|
||||||
|
+BFZI88g6Uc7YY5G2MBLHMhVSgO6cWl+VxMlpRQr9ARrMHHqv3kQzKP9cpPde24x
|
||||||
|
xFQC+cZ8a0ja+rzzJPJvaSrNl9gZOL3GHDnOUThbzzP9zPRhxaaD6L6rxnMROFbE
|
||||||
|
3uW16UlDeMwtpy+EQcOiEQ89PyJEvwrHnIDlgHqydFHqtf/FQbeFrTvSXD1fne8k
|
||||||
|
oI/oTJRobxIAxv9ce92mFyc3FKrlalhW6lu+s0LysBwu+7Ax2+eKr92aUZ/WBj1e
|
||||||
|
SVynvw5LBFVB7z8N6M+m
|
||||||
|
=mMQk
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -1,3 +1,27 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 3 15:11:03 UTC 2015 - pgajdos@suse.com
|
||||||
|
|
||||||
|
- update to 1.6.20:
|
||||||
|
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
|
||||||
|
png_handle_pCAL() (Bug report by John Regehr).
|
||||||
|
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
|
||||||
|
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
|
||||||
|
vulnerability.
|
||||||
|
Backported tests from libpng-1.7.0beta69.
|
||||||
|
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
|
||||||
|
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
|
||||||
|
immediately fault a bad CMINFO field; instead a 'too far back' error
|
||||||
|
happens later (at least some times). pngfix failed to limit CMINFO to
|
||||||
|
the allowed values but then assumed that window_bits was in range,
|
||||||
|
triggering an assert. The bug is mostly harmless; the PNG file cannot
|
||||||
|
be fixed.
|
||||||
|
In libpng 1.6 zlib initialization was changed to use the window size
|
||||||
|
in the zlib stream, not a fixed value. This causes some invalid images,
|
||||||
|
where CINFO is too large, to display 'correctly' if the rest of the
|
||||||
|
data is valid. This provides a workaround for zlib versions where the
|
||||||
|
error arises (ones that support the API change to use the window size
|
||||||
|
in the stream).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 13 07:25:01 UTC 2015 - pgajdos@suse.com
|
Fri Nov 13 07:25:01 UTC 2015 - pgajdos@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -19,7 +19,7 @@
|
|||||||
#
|
#
|
||||||
%define major 1
|
%define major 1
|
||||||
%define minor 6
|
%define minor 6
|
||||||
%define micro 19
|
%define micro 20
|
||||||
%define branch %{major}%{minor}
|
%define branch %{major}%{minor}
|
||||||
%define libname libpng%{branch}-%{branch}
|
%define libname libpng%{branch}-%{branch}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user