From 4dca59897d35acf82a4b0738adb5bc2ee83e4c462f72a3f9812adbf83889b2a3 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Fri, 6 Jun 2014 06:24:33 +0000 Subject: [PATCH 1/3] - updated to 1.6.11: * fixed CVE-2014-0333 * other bugfixes - removed libpng16-1.6.6-CVE-2014-0333.patch (upstreamed) OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=55 --- libpng-1.6.11.tar.xz | 3 +++ libpng-1.6.11.tar.xz.asc | 17 +++++++++++++++++ libpng-1.6.9.tar.xz | 3 --- libpng-1.6.9.tar.xz.asc | 17 ----------------- libpng16-1.6.9-CVE-2014-0333.patch | 11 ----------- libpng16.changes | 8 ++++++++ libpng16.spec | 4 +--- 7 files changed, 29 insertions(+), 34 deletions(-) create mode 100644 libpng-1.6.11.tar.xz create mode 100644 libpng-1.6.11.tar.xz.asc delete mode 100644 libpng-1.6.9.tar.xz delete mode 100644 libpng-1.6.9.tar.xz.asc delete mode 100644 libpng16-1.6.9-CVE-2014-0333.patch diff --git a/libpng-1.6.11.tar.xz b/libpng-1.6.11.tar.xz new file mode 100644 index 0000000..eab7091 --- /dev/null +++ b/libpng-1.6.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:007ee60b943f20ab13f55c4a590e978cd918a69c4024c1af0d2f34eb16f4b69d +size 900748 diff --git a/libpng-1.6.11.tar.xz.asc b/libpng-1.6.11.tar.xz.asc new file mode 100644 index 0000000..10e0e04 --- /dev/null +++ b/libpng-1.6.11.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJTkIujAAoJEPVJhL+hbGQPUCIP/1t/mTnHafSekfL8gUCFIc6I +t+QD6He/msWExG0ECR2BaCuStP207UoAdMDnFm6nutAiHl7dZ43+Ns/j7GU6L9dE +qlK94m4y7hgIYfMhJO8d3h4avSVqfLhmlpIfwYGlL4HzF3PkVXdMY4/FLiL7L+5c +ptpvnHmV4Ekj8UBLxYPZ6Ij5lyN6gaMrfEHGzyy3MhVfVK3pgh1Gq2SkDVKfYzao +i1tBBkkCCODjcqJyOXXxWHPYcIgkqqtH7M1xqXBIQ578qTqab4oZpmmIIbjQyXVP +FfxQ4Xc93Sog9D5pblBMfN2P5c8nitBshZOr2DAJ8dCevgMqbe8zXoaFqNev5eOM +LXvDbcHiWMpcgbu7qz2kqYNMLUKNyabEDHRFo39t4tBAFDiWiUCzy+699epnz98U +tl+4VU0NgiOrhCv+gWB9nIm39y5ERJwPb8HDtPr4Ahy6v1ygSTSPWqJn8FNhQ28j +ZphspWANFSr0mDMTFtjc8Oi4Ys68Zf9kl0muZwqpzAolRjPRTraoFvOgfZukj2Tk +dglDv4oHKxLt13OrvhGqoEBzxyjACQLUWT+eV0QtxZJLDqhFj1YB0BLcmkEryJZE +gDa+hgyE7oH95t87g8MneGWb8ZC5qopgLeyXXpsQvwKVgZvRNigVOKVIRSREdFUu ++LfIIXoycq4th6YAxvyp +=TXj6 +-----END PGP SIGNATURE----- diff --git a/libpng-1.6.9.tar.xz b/libpng-1.6.9.tar.xz deleted file mode 100644 index 5231844..0000000 --- a/libpng-1.6.9.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fde3a676fe6878c15bfe7849f3209c5cf5fbe1fbbf0063541f0b81eb1022274a -size 885824 diff --git a/libpng-1.6.9.tar.xz.asc b/libpng-1.6.9.tar.xz.asc deleted file mode 100644 index acebdd2..0000000 --- a/libpng-1.6.9.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJS85jBAAoJEPVJhL+hbGQPOucP/2lyr4+JJbmu39L9p4fVxHhU -505+8fJFfPLo/WdjS8fj/Tp8wPVNViXShGVYvOs9xK7PuBsCtGgu0c0YU3/BPpmN -JOLvzjKpV5NJCykBVxkHWptHxVUNCNrBeiCTgKvmRxHkWxbWD/DjMp3q8ewtWfdH -iMCEzzmpGDYttGeRpH2pZ+y5L/ulvsQ/nm1BmMwhGxewhOIri5T9SeRJl+urDSSx -35DEmgbCi8lX3/oOVxpnoL7fYPcdiwUGRLCqFm6D4Oho1XbmK94buCZZoFT2aKeK -O79mxGHt7NWMiHFqngHUgGL58DuD0ieJnKYYuRRQG+eycHbLmrEdVp6O6uY3lw7e -Q0OBliRq+ocResSexeURYHf5BJ6G/N+e10tmir6nhVqIl5MFdZZVOyQFtRCysdpu -jAzlWnM51SqkiDi9ZjUkm887Ol6JHSWiCJEdrmkLQAazFrxVDE8tmr50FGdFglWl -ZE8IwhJovBsDag4dfA/ruu0ooXGhIo6F08OF64yYcs/RF9hWQIHTv7/cneP/gChO -2LJfQZedUGcZbzonMxZVzeftXs2zzMCgk18v1WlRMH9Obj4QjTZe9tRsoK+V82sD -QLdXzd8Kzw70dNKsIRbqpAq3aEIjZxJzWu8VaCkIEEqH47w3o3efOslTljSeRTLL -OXSuJnFqEGheFz6lUE7l -=H68A ------END PGP SIGNATURE----- diff --git a/libpng16-1.6.9-CVE-2014-0333.patch b/libpng16-1.6.9-CVE-2014-0333.patch deleted file mode 100644 index a994d77..0000000 --- a/libpng16-1.6.9-CVE-2014-0333.patch +++ /dev/null @@ -1,11 +0,0 @@ -http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752 ---- pngpread.c -+++ pngpread.c -@@ -234,6 +234,7 @@ - png_error(png_ptr, "Missing PLTE before IDAT"); - - png_ptr->mode |= PNG_HAVE_IDAT; -+ png_ptr->process_mode = PNG_READ_IDAT_MODE; - - if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT)) - if (png_ptr->push_length == 0) diff --git a/libpng16.changes b/libpng16.changes index 3de9d24..7c2f0f0 100644 --- a/libpng16.changes +++ b/libpng16.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Jun 6 06:19:35 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.11: + * fixed CVE-2014-0333 + * other bugfixes +- removed libpng16-1.6.6-CVE-2014-0333.patch (upstreamed) + ------------------------------------------------------------------- Tue Mar 4 09:58:48 UTC 2014 - pgajdos@suse.com diff --git a/libpng16.spec b/libpng16.spec index d53694f..12972f9 100644 --- a/libpng16.spec +++ b/libpng16.spec @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 9 +%define micro 11 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -35,7 +35,6 @@ Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{versio Source2: libpng16.keyring Source3: rpm-macros.libpng-tools Source4: baselibs.conf -Patch0: libpng16-1.6.9-CVE-2014-0333.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -111,7 +110,6 @@ PNG files. %prep %setup -n libpng-%{version} -%patch0 %build export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" From d80e3bc45ae604ab113bcfbaa5fae94112fb75dc34b34b05ed4d03b059f22301 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 12 Jun 2014 05:44:17 +0000 Subject: [PATCH 2/3] - updated to 1.6.12: * bugfixes, almost build-related only OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=56 --- libpng-1.6.11.tar.xz | 3 --- libpng-1.6.11.tar.xz.asc | 17 ----------------- libpng-1.6.12.tar.xz | 3 +++ libpng-1.6.12.tar.xz.asc | 17 +++++++++++++++++ libpng16.changes | 6 ++++++ libpng16.spec | 2 +- 6 files changed, 27 insertions(+), 21 deletions(-) delete mode 100644 libpng-1.6.11.tar.xz delete mode 100644 libpng-1.6.11.tar.xz.asc create mode 100644 libpng-1.6.12.tar.xz create mode 100644 libpng-1.6.12.tar.xz.asc diff --git a/libpng-1.6.11.tar.xz b/libpng-1.6.11.tar.xz deleted file mode 100644 index eab7091..0000000 --- a/libpng-1.6.11.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:007ee60b943f20ab13f55c4a590e978cd918a69c4024c1af0d2f34eb16f4b69d -size 900748 diff --git a/libpng-1.6.11.tar.xz.asc b/libpng-1.6.11.tar.xz.asc deleted file mode 100644 index 10e0e04..0000000 --- a/libpng-1.6.11.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJTkIujAAoJEPVJhL+hbGQPUCIP/1t/mTnHafSekfL8gUCFIc6I -t+QD6He/msWExG0ECR2BaCuStP207UoAdMDnFm6nutAiHl7dZ43+Ns/j7GU6L9dE -qlK94m4y7hgIYfMhJO8d3h4avSVqfLhmlpIfwYGlL4HzF3PkVXdMY4/FLiL7L+5c -ptpvnHmV4Ekj8UBLxYPZ6Ij5lyN6gaMrfEHGzyy3MhVfVK3pgh1Gq2SkDVKfYzao -i1tBBkkCCODjcqJyOXXxWHPYcIgkqqtH7M1xqXBIQ578qTqab4oZpmmIIbjQyXVP -FfxQ4Xc93Sog9D5pblBMfN2P5c8nitBshZOr2DAJ8dCevgMqbe8zXoaFqNev5eOM -LXvDbcHiWMpcgbu7qz2kqYNMLUKNyabEDHRFo39t4tBAFDiWiUCzy+699epnz98U -tl+4VU0NgiOrhCv+gWB9nIm39y5ERJwPb8HDtPr4Ahy6v1ygSTSPWqJn8FNhQ28j -ZphspWANFSr0mDMTFtjc8Oi4Ys68Zf9kl0muZwqpzAolRjPRTraoFvOgfZukj2Tk -dglDv4oHKxLt13OrvhGqoEBzxyjACQLUWT+eV0QtxZJLDqhFj1YB0BLcmkEryJZE -gDa+hgyE7oH95t87g8MneGWb8ZC5qopgLeyXXpsQvwKVgZvRNigVOKVIRSREdFUu -+LfIIXoycq4th6YAxvyp -=TXj6 ------END PGP SIGNATURE----- diff --git a/libpng-1.6.12.tar.xz b/libpng-1.6.12.tar.xz new file mode 100644 index 0000000..27462ed --- /dev/null +++ b/libpng-1.6.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c32ff6d299d2686b65708d4c6c065242d8c2f3ed54890c47d518c3ef568e6c5e +size 902368 diff --git a/libpng-1.6.12.tar.xz.asc b/libpng-1.6.12.tar.xz.asc new file mode 100644 index 0000000..1559097 --- /dev/null +++ b/libpng-1.6.12.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJTmQhHAAoJEPVJhL+hbGQPaPcQAOiagST0Ps5Gv2kzyJlrfAqX +K/Walpd7r0K3Tb6ng8z17zPsxLw1i2fGPtooLOVa7MQJRtJBAGgd7Pc7xlTQif2g +FWsRdZ8KDG6YemNgktlDSuP8yoizQIghqIgA9yheK9JjoEg3LfleepwEDZol0eky +N1Du7MMHajt+gNRCeI+4ZPD9zzWXdRbnXgH/oDLwyJqIXygSEu9xCEL7ozkSkFeW +xsqGL36/whIqFFQ/F6OF4x8OjLDCuKGW4WYp8T2PDCWAliIisxOMtrwokxxEREV5 +5XZE0I12menJuMq72Vrb3cbWiJRNyzWd32zrhMNHJqi39odvrSyTGO8pUvw0KwNb +5ZeY+MEOD10oN7ORp/r74gQvc2GLNPTgdDPMgF9EuS3LlNqFQTZHt0DDUIuwpfvv +VlKy5roOq/ifF3FYe1CtH9aDlyiuV5V3Gcylb2ToPa6XiNIkvlR+4/zPGW+Aqtqb +I9UDWxuxrU47EaDhP0tDFsmsFsX6AsrrXuwFzpBRds5U5tIOtRTqk5M4Znth3Gla +qDYYJv1UK5FJiO6P7xmnqvA3VJ5bpdQsTY0bJ6ahcUDonlRg4I+C1tTsSnR2I3DK +Jcw19Pi/hAXzr9bbRZcOAqagT+F4fNScTe3EfhjuD9RSzN7eLjZbJU4EFgT7Kinh +p4KVv/eaKpFhErow0iF7 +=KfyV +-----END PGP SIGNATURE----- diff --git a/libpng16.changes b/libpng16.changes index 7c2f0f0..b064b82 100644 --- a/libpng16.changes +++ b/libpng16.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 12 05:38:48 UTC 2014 - pgajdos@suse.com + +- updated to 1.6.12: + * bugfixes, almost build-related only + ------------------------------------------------------------------- Fri Jun 6 06:19:35 UTC 2014 - pgajdos@suse.com diff --git a/libpng16.spec b/libpng16.spec index 12972f9..17e0520 100644 --- a/libpng16.spec +++ b/libpng16.spec @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 11 +%define micro 12 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} From 2c87a7b9e0537dd2072ac9c2e39ed2361f87ddcd7f06dbf5ca7a046353d36cf4 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 12 Jun 2014 13:58:55 +0000 Subject: [PATCH 3/3] - removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed) OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=57 --- libpng16.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpng16.changes b/libpng16.changes index b064b82..24c271f 100644 --- a/libpng16.changes +++ b/libpng16.changes @@ -10,7 +10,7 @@ Fri Jun 6 06:19:35 UTC 2014 - pgajdos@suse.com - updated to 1.6.11: * fixed CVE-2014-0333 * other bugfixes -- removed libpng16-1.6.6-CVE-2014-0333.patch (upstreamed) +- removed libpng16-1.6.9-CVE-2014-0333.patch (upstreamed) ------------------------------------------------------------------- Tue Mar 4 09:58:48 UTC 2014 - pgajdos@suse.com