Accepting request 347335 from graphics

- update to 1.6.20: Avoid potential pointer overflow/underflow in png_handle_sPLT() and png_handle_pCAL() (Bug report by John Regehr). Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 vulnerability. Backported tests from libpng-1.7.0beta69. Fixed an error in handling of bad zlib CMINFO field in pngfix, found by American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't immediately fault a bad CMINFO field; instead a 'too far back' error happens later (at least some times). pngfix failed to limit CMINFO to the allowed values but then assumed that window_bits was in range, triggering an assert. The bug is mostly harmless; the PNG file cannot be fixed. In libpng 1.6 zlib initialization was changed to use the window size in the zlib stream, not a fixed value. This causes some invalid images, where CINFO is too large, to display 'correctly' if the rest of the data is valid. This provides a workaround for zlib versions where the error arises (ones that support the API change to use the window size in the stream). OBS-URL: https://build.opensuse.org/request/show/347335 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=26
2015-12-09 18:33:24 +00:00 · 2015-12-09 18:33:24 +00:00 · 9e790ed05a
commit 9e790ed05a
parent 0e7cee7f13 5646b27ba7
6 changed files with 45 additions and 21 deletions
--- a/libpng-1.6.19.tar.xz
+++ b/libpng-1.6.19.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:311c5657f53516986c67713c946f616483e3cdb52b8b2ee26711be74e8ac35e8
 size 941280
--- a/libpng-1.6.19.tar.xz.asc
+++ b/libpng-1.6.19.tar.xz.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAABAgAGBQJWRJdjAAoJEPVJhL+hbGQPfQgQAKr/BrU1ZGbvJjyQ6dxGDKjN
 bshmoTp+u+B24qUmjM0mYFGiv2WeHIvSvaao0YEfL/u7S9+NINT1sL1+0K5PT+ZF
 DgEy4R3OqvEUlnix3nTJ7UgIf9iPBniq747Xv+N3NMc2dzUMATbqyma1MNiGQpvE
 pDuYQhIGauydimXlhqzYMm7/sE54j7uf1ecYxIsKHHLyIKy7Pwog+c5Rjb5BTjVS
 tGx+TCSGsWbMy+hw74/h8ESkjjd6Bk4+S+aEzCoUoAdUCu3ziOSqVAdWN3z++w8S
 1vM9lhguYvatz2hgLeHgngc3NvAeJLV5sOCUUqsxA+pilIlV6Tcmr/tmNsAWnWe5
 nO5iJ4YnU+7CZYrX5V47AijaLtRDzXh07sdwefpooyEB+OUYKprNVi+jH9PFAFId
 GLIiize/PevkeOheMMkafOyESEzD9zS9lPFgCIfRl+qZSKGLjA8Cq0QA56I1E60F
 i6w2j9U3VAHUi+PcrBO3BTsUkVc8H2OWsClCwMlyYxkb4exgDAxV3XbnUdTXuF9A
 ABQn1H/dLFmJcyLKRY+pQ7+XCWz/nnDQhIIFlwnlZH/lMzR4e6gtnjOBXDOZUS3W
 vlTjx2OcxVEXFiafhKvHFk0fsnJscXinB88HpSrb/83aEOc++eMq6wmwySK1zf0T
 TuCarcJ0DZkGmLBg2bRC
 =XCSM
 -----END PGP SIGNATURE-----
--- a/libpng-1.6.20.tar.xz
+++ b/libpng-1.6.20.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:55c5959e9f3484d96141a3226c53bc9da42a4845e70879d3e1d6e94833d1918b
 size 942672
--- a/libpng-1.6.20.tar.xz.asc
+++ b/libpng-1.6.20.tar.xz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAABAgAGBQJWYEXlAAoJEPVJhL+hbGQP2YwP/02NCjKPni/pgQMTgmfs8Dgg
 Wsotwy5/SKmtFmGScfSyF+0UI2sVzTyy/16udNs2noyza2T0uTXk2KX2vwxB463I
 QRha8EZb53dwzUHJhNI6Z3UAk5uOGHUnGUysBhQ6K5DiEHAmHmGtHVchxpow0gjU
 DAG30+PTC57NxNWV1/qEuGM1ht+yjH4as0haxxYw46jFAuN0CQyE4SUTNgh05m7A
 AGmIJyE/Vi+zEfWbhofAIa6m32+LFUtq06JGK8hVcgmBLctG8BGX1RwImq7Jorin
 AEuB4XUk5B5a6gRTDp1UWinw1McXC6xdepfq42RhfT/mkvw2LQR7gdfPBFntj9xs
 OXxZCWUHfWgTgFyM1m7tjiYsM+UGO49+xELtoLj2nRFLEKFhrJ1cBZG7h0Zu5DnT
 +BFZI88g6Uc7YY5G2MBLHMhVSgO6cWl+VxMlpRQr9ARrMHHqv3kQzKP9cpPde24x
 xFQC+cZ8a0ja+rzzJPJvaSrNl9gZOL3GHDnOUThbzzP9zPRhxaaD6L6rxnMROFbE
 3uW16UlDeMwtpy+EQcOiEQ89PyJEvwrHnIDlgHqydFHqtf/FQbeFrTvSXD1fne8k
 oI/oTJRobxIAxv9ce92mFyc3FKrlalhW6lu+s0LysBwu+7Ax2+eKr92aUZ/WBj1e
 SVynvw5LBFVB7z8N6M+m
 =mMQk
 -----END PGP SIGNATURE-----
--- a/libpng16.changes
+++ b/libpng16.changes
@ -1,3 +1,27 @@
 -------------------------------------------------------------------
 Thu Dec  3 15:11:03 UTC 2015 - pgajdos@suse.com
 - update to 1.6.20:
  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
    png_handle_pCAL() (Bug report by John Regehr).
  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
    vulnerability.
  Backported tests from libpng-1.7.0beta69.
  Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
    American Fuzzy Lop, reported by Brian Carpenter.  inflate() doesn't
    immediately fault a bad CMINFO field; instead a 'too far back' error
    happens later (at least some times).  pngfix failed to limit CMINFO to
    the allowed values but then assumed that window_bits was in range,
    triggering an assert. The bug is mostly harmless; the PNG file cannot
    be fixed.
  In libpng 1.6 zlib initialization was changed to use the window size
    in the zlib stream, not a fixed value. This causes some invalid images,
    where CINFO is too large, to display 'correctly' if the rest of the
    data is valid.  This provides a workaround for zlib versions where the
    error arises (ones that support the API change to use the window size
    in the stream).
 -------------------------------------------------------------------
 Fri Nov 13 07:25:01 UTC 2015 - pgajdos@suse.com
--- a/libpng16.spec
+++ b/libpng16.spec
@ -19,7 +19,7 @@
 #
 %define major   1
 %define minor   6
-%define micro   19
+%define micro   20
 %define branch  %{major}%{minor}
 %define libname libpng%{branch}-%{branch}