Accepting request 571330 from graphics

- check with -j1 - Fix SRPM group and grammar issues. - removed obsoleted Obsoletes - update to 1.6.34: * Removed contrib/pngsuite/i*.png; some of these were incorrect and caused test failures. - includes 1.6.33: * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing parenthesis in contrib/pngminus/pnm2png.c * Fixed off-by-one error in png_do_check_palette_indexes() * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc to fix shortlived oss-fuzz issue 3234. * Compute a larger limit on IDAT because some applications write a deflate buffer for each row * Use current date (DATE) instead of release-date (RDATE) in last changed date of contrib/oss-fuzz files. * Enabled ARM support in CMakeLists.txt * Fixed incorrect typecast of some arguments to png_malloc() and png_calloc() that were png_uint_32 instead of png_alloc_size_t * Use pnglibconf.h.prebuilt when building for ANDROID with cmake * Initialize memory allocated by png_inflate to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due to truncated iTXt or zTXt chunk. * Initialize memory allocated by png_read_buffer to zero, using memset, to stop an oss-fuzz "use of uninitialized value" detection in png_icc_check_tag_table() due to truncated iCCP OBS-URL: https://build.opensuse.org/request/show/571330 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=37
2018-02-01 20:26:04 +00:00 · 2018-02-01 20:26:04 +00:00 · 9ffc4f8852
commit 9ffc4f8852
parent 096fdd65d9 dae74ca9f5
6 changed files with 168 additions and 61 deletions
--- a/libpng-1.6.31.tar.xz
+++ b/libpng-1.6.31.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:232a602de04916b2b5ce6f901829caf419519e6a16cc9cd7c1c91187d3ee8b41
-size 991824
--- a/libpng-1.6.31.tar.xz.asc
+++ b/libpng-1.6.31.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJZecSyAAoJEPVJhL+hbGQPJnYQAKrynYRwq4L7tBi+JpQRtLzf
-C2kXVB3kKxLsCBViy/PsDoo8Fl6NdY1t+OCaQmM4YGzBQpYLIDx76SICH1j/tHAI
-uLDbfJRxYMXudC3DdqN5+6A3t2/uDP2Y9zP6WtC70Ns06za5w6pvl2izCSAJABo/
-TM2BjBJD30ZTpgVVlvhtLEJbiKtdmFQdrpcFIDOOiKGNTuPhOE/DTcs9eGYppgOl
-kbrfJkrXCUq8dMbC0LCIMliksZARbhucTEykC2cbgMKD8iSvcCsaUUOlVHdbuP1k
-a1AJ1zRboAT4+3xlwGVzSR0ilnrQ1fnC+jf0ztx8HnjRBFF3McOULcgpsjsy9V2E
-UsRGVtGO4A829fEjHpXiGkdvcJfWekxbxjXmxOD3g79w4KVrQaAJ5ht0Q+p8iOYl
-cBFcHvDYS5+BlMszr1VdUcH0aeRZKzVnpFGXYi5/DFrotBo0OeZMp1yYOOLeiDFQ
-fQUlGg3KNnPDVIML2GxSfyEuAZ/luEI4zYHPEe0hHv1x5IEFDY30oYVeCQbg2sfa
-p+1ejLOhZ/sJag098Pd4+8l2StqOIETNf0ma+8l5KqHBSECvrBrexAQkr6dT550S
-4lft2wn9+JAYJkVvc9IWcQQZ1pTwFQPFA1eL5PLCfJXu1DP3/f7kyn0nEoGjc3Uu
-+Ga+Ec0Tz6dNDgfvaDNX
-=Ac3P
-----END PGP SIGNATURE-----
--- a/libpng-1.6.34.tar.xz
+++ b/libpng-1.6.34.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f1e960d92ce3b3abd03d06dfec9637dfbd22febf107a536b44f7a47c60659f6
+size 997968
--- a/libpng-1.6.34.tar.xz.asc
+++ b/libpng-1.6.34.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJZzghsAAoJEPVJhL+hbGQPxfAP/iNKJV+UC3f6zNE62jPCjNVg
+Gx3pOhWHMw2+mkN8NxlI7L5qPRj/zJ2G0iso2CVXBRzcb21aNMZ+Jx4/mQ1p2qPT
+olupBl3mug/zucdUVSxsN0g2i7/atvxHX3fjkCjoNsNpkcBWPGZFhE5yZZTYU5Oz
+qNrfluwkV+jC2XWqMw/B40Mahw4LwmbvzXeduaBxxNXDM7nund0vsEdoGYeI/NZx
+G106dg+hmalJq1084M+SHyOiDa4xh1CAdpeJnwaL1IMjsbzyALZezUxx2PqrwwVg
+WgLuSfPRZjNBFLZJxCBM1Y49QiON90NQzdZqeCA+0nNDQZtQAKPEI/zGadWZHBKd
+4H5d19VvmYo2dPsvBoK5t8QSXeSEreTGsryQcKRbNvbzxMSBNdHN/C6zg13Kuteg
+1xyx9jTtS59Ir+oOkE9EhXSAhEp4baPzFqjIwK2NON6/+gv9BYywVwc6cTfCz2rR
+NgXaxe5/8qCZCb1DM6ZmgbhlLtXUrOLED49zX5ndcHpGBAQx5HVj7GRNn6VcSw1U
+Ljk+S9r2A7g/mEzNqzeHcqpMSCjSt59RpQXvDfTI7vF1lxRqmNGMG1W9Sjk0DKe7
+nPI7a/wAf6S8gU+VhPOHhj3I/B4e4IrBuwWj4NGaUO0RBbDwWYPXLrrDoMC7FBW7
+Z+dSb9Tb6/Ihc3NXkJFI
+=qQuX
+-----END PGP SIGNATURE-----
--- a/libpng16.changes
+++ b/libpng16.changes
@ -1,3 +1,129 @@
+-------------------------------------------------------------------
+Wed Jan 31 09:57:56 UTC 2018 - pgajdos@suse.com
+
+- check with -j1
+
+-------------------------------------------------------------------
+Tue Jan 30 21:56:04 UTC 2018 - jengelh@inai.de
+
+- Fix SRPM group and grammar issues.
+
+-------------------------------------------------------------------
+Tue Jan 30 15:32:19 UTC 2018 - pgajdos@suse.com
+
+- removed obsoleted Obsoletes
+
+-------------------------------------------------------------------
+Sun Jan 28 02:00:45 UTC 2018 - avindra@opensuse.org
+
+- update to 1.6.34:
+  * Removed contrib/pngsuite/i*.png; some of these were incorrect
+    and caused test failures.
+- includes 1.6.33:
+  * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
+    missing parenthesis in contrib/pngminus/pnm2png.c
+  * Fixed off-by-one error in png_do_check_palette_indexes()
+  * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
+    to fix shortlived oss-fuzz issue 3234.
+  * Compute a larger limit on IDAT because some applications write
+    a deflate buffer for each row
+  * Use current date (DATE) instead of release-date (RDATE) in last
+    changed date of contrib/oss-fuzz files.
+  * Enabled ARM support in CMakeLists.txt
+  * Fixed incorrect typecast of some arguments to png_malloc() and
+    png_calloc() that were png_uint_32 instead of png_alloc_size_t
+  * Use pnglibconf.h.prebuilt when building for ANDROID with cmake
+  * Initialize memory allocated by png_inflate to zero, using
+    memset, to stop an oss-fuzz "use of uninitialized value"
+    detection in png_set_text_2() due to truncated iTXt or zTXt
+    chunk.
+  * Initialize memory allocated by png_read_buffer to zero, using
+    memset, to stop an oss-fuzz "use of uninitialized value"
+    detection in png_icc_check_tag_table() due to truncated iCCP
+    chunk.
+  * Removed redundant tests
+  * Added an interlaced version of each file in contrib/pngsuite.
+  * Relocate new memset() call in pngrutil.c
+  * Add support for loading images with associated alpha in the
+    Simplified API
+  * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32
+    state
+  * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
+  * Add end_info structure and png_read_end() to the libpng fuzzer
+- includes 1.6.32:
+  * Avoid possible NULL dereference in png_handle_eXIf when
+    benign_errors are allowed. Avoid leaking the input buffer
+    "eXIf_buf".
+  * Eliminated png_ptr->num_exif member from pngstruct.h and added
+    num_exif to arguments for png_get_eXIf() and png_set_eXIf().
+  * Added calls to png_handle_eXIf(() in pngread.c and
+    png_write_eXIf() in pngwrite.c, and made various other fixes
+    to png_write_eXIf().
+  * Changed name of png_get_eXIF and png_set_eXIf() to
+    png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
+    breaking API compatibility with libpng-1.6.31.
+  * Updated contrib/libtests/pngunknown.c with eXIf chunk.
+  * Initialized btoa[] in pngstest.c
+  * Stop memory leak when returning from png_handle_eXIf() with an
+    error
+  * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
+  * Update libpng.3 and libpng-manual.txt about eXIf functions.
+  * Restored png_get_eXIf() and png_set_eXIf() to maintain API
+    compatability.
+  * Removed png_get_eXIf_1() and png_set_eXIf_1().
+  * Check length of all chunks except IDAT against user limit to
+    fix an OSS-fuzz issue (Fixes CVE-2017-12652)
+  * Check length of IDAT against maximum possible IDAT size,
+    accounting for height, rowbytes, interlacing and zlib/deflate
+    overhead.
+  * Restored png_get_eXIf_1() and png_set_eXIf_1(), because
+    strlen(eXIf_buf) does not work (the eXIf chunk data can
+    contain zeroes).
+  * Revised symlink creation, no longer using deprecated cmake
+    LOCATION feature
+  * Fixed five-byte error in the calculation of IDAT maximum
+    possible size.
+  * Moved chunk-length check into a png_check_chunk_length()
+    private function
+  * Moved bad pngs from tests to contrib/libtests/crashers
+  * Moved testing of bad pngs into a separate
+    tests/pngtest-badpngs script
+  * Added the --xfail (expected FAIL) option to pngtest.c. It
+    writes XFAIL in the output but PASS for the libpng test.
+  * Require cmake-3.0.2 in CMakeLists.txt
+  * Fix "const" declaration info_ptr argument to png_get_eXIf_1()
+    and the num_exif argument to png_get_eXIf_1()
+  * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
+  * Added huge_IDAT.png and empty_ancillary_chunks.png to
+    testpngs/crashers.
+  * Make pngtest --strict, --relax, --xfail options imply -m
+    (multiple).
+  * Removed unused chunk_name parameter from png_check_chunk_length().
+  * Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
+    leak.
+  * Initialize profile_header[] in png_handle_iCCP() to fix
+    OSS-fuzz issue.
+  * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
+    OSS-fuzz UMR.
+  * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
+  * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
+    to account for the minimum 'deflate' stream, and relocate the
+    test to a point after the keyword has been read.
+  * Check that the eXIf chunk has at least 2 bytes and begins with
+    "II" or "MM".
+  * Added a set of "huge_xxxx_chunk.png" files to
+    contrib/testpngs/crashers, one for each known chunk type, with
+    length = 2GB-1.
+  * Check for 0 return from png_get_rowbytes() and added some
+    (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
+    issues (162705, 162706, and 162707).
+  * Renamed chunks in contrib/testpngs/crashers to avoid having
+    files whose names differ only in case; this causes problems with
+    some platforms
+  * Added contrib/oss-fuzz directory which contains files used by
+    the oss-fuzz project
+- cleanup with spec-cleaner
+
 -------------------------------------------------------------------
 Mon Aug  7 09:46:11 UTC 2017 - pgajdos@suse.com

--- a/libpng16.spec
+++ b/libpng16.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libpng16
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -19,67 +19,53 @@
 #
 %define major   1
 %define minor   6
-%define micro   31
+%define micro   34
 %define branch  %{major}%{minor}
 %define libname libpng%{branch}-%{branch}
-
+%define debug_package_requires %{libname} = %{version}-%{release}
 Name:           libpng16
-Url:            http://www.libpng.org/pub/png/libpng.html
 Version:        %{major}.%{minor}.%{micro}
 Release:        0
 Summary:        Library for the Portable Network Graphics Format (PNG)
 License:        Zlib
-Group:          System/Libraries
+Group:          Development/Libraries/C and C++
+Url:            http://www.libpng.org/pub/png/libpng.html
 Source0:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz
 Source1:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc
 Source2:        libpng16.keyring
 Source3:        rpm-macros.libpng-tools
 Source4:        baselibs.conf
-#BuildRequires:  gpg-offline
 BuildRequires:  libtool
-BuildRequires:  pkg-config
+BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%define debug_package_requires %{libname} = %{version}-%{release}

 %package -n %{libname}
 Summary:        Library for the Portable Network Graphics Format (PNG)
-# bug437293
 Group:          System/Libraries
-%ifarch ppc64
-Obsoletes:      libpng-64bit
-%endif
-#
-Obsoletes:      libpng < %{version}
-Provides:       libpng = %{version}-%{release}

 %package devel
-Summary:        Development Tools for applications which will use the Libpng
+Summary:        Development tools for applications which will use libpng
 Group:          Development/Libraries/C and C++
 Requires:       %{libname} = %{version}
 Requires:       glibc-devel
-Requires:       pkg-config
+Requires:       pkgconfig
 Requires:       zlib-devel
 Recommends:     libpng%{branch}-compat-devel
-# bug437293
-%ifarch ppc64
-Obsoletes:      libpng-devel-64bit
-%endif
 #

 %package compat-devel
-Summary:        Development Tools for applications which will use the Libpng
+Summary:        Development tools for applications which will use libpng
 Group:          Development/Libraries/C and C++
 Requires:       libpng%{branch}-devel = %{version}
+Conflicts:      libpng-devel
 Provides:       libpng-devel = %{version}
 Obsoletes:      libpng-devel < 1.2.44
-Conflicts:      otherproviders(libpng-devel)

 %package tools
 Summary:        Tools for Manipulating PNG Images
 Group:          Productivity/Graphics/Other
+Conflicts:      libpng-tools
 Provides:       libpng-tools = %{version}
-Conflicts:      otherproviders(libpng-tools)

 %description
 libpng is the official reference library for the Portable Network
@ -108,11 +94,11 @@ Package consists of low level tools for manipulating and fixing particular
 PNG files.

 %prep
-%setup -n libpng-%{version}
+%setup -q -n libpng-%{version}

 %build
 # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1
-export CFLAGS="%optflags -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
+export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
 export LDFLAGS="-Wl,-z,relro,-z,now"

 %configure \
@ -120,25 +106,22 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
 make %{?_smp_mflags}

 %check
-make check
+make -j1 check

 %install
-make install DESTDIR=$RPM_BUILD_ROOT 
-rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la
+%make_install
+rm %{buildroot}/%{_libdir}/libpng*.la
 mkdir -p %{buildroot}%{_sysconfdir}/rpm
 cp -a %{SOURCE3} \
      %{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools

 %post -n %{libname} -p /sbin/ldconfig
-
 %postun -n %{libname} -p /sbin/ldconfig

 %files -n %{libname}
-%defattr(-,root,root)
 %{_libdir}/libpng%{branch}.so.*

 %files devel
-%defattr(-,root,root)
 %{_bindir}/libpng%{branch}-config
 %{_includedir}/libpng%{branch}
 %{_libdir}/libpng%{branch}.so
@ -146,17 +129,15 @@ cp -a %{SOURCE3} \
 %doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt

 %files compat-devel
-%defattr(-,root,root)
 %{_bindir}/libpng-config
 %{_includedir}/*.h
 %{_libdir}/libpng.so
 %{_libdir}/pkgconfig/libpng.pc
-%doc %{_mandir}/man3/libpng.3.gz
-%doc %{_mandir}/man3/libpngpf.3.gz
-%doc %{_mandir}/man5/png.5.gz
+%{_mandir}/man3/libpng.3%{ext_man}
+%{_mandir}/man3/libpngpf.3%{ext_man}
+%{_mandir}/man5/png.5%{ext_man}

 %files tools
-%defattr(-,root,root)
 %{_bindir}/png-fix-itxt
 %{_bindir}/pngfix
 %{_sysconfdir}/rpm/macros.libpng-tools