rpms/libpng/devel libpng-trns-bug.patch, NONE, 1.1 libpng.spec, 1.39, 1.40

Tom Lane (tgl) fedora-extras-commits at redhat.com
Wed May 23 21:03:27 UTC 2007 

Author: tgl

Update of /cvs/pkgs/rpms/libpng/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24360

Modified Files:
	libpng.spec 
Added Files:
	libpng-trns-bug.patch 
Log Message:
Add patch to fix CVE-2007-2445

libpng-trns-bug.patch:

--- NEW FILE libpng-trns-bug.patch ---
Fix for CVE-2007-2445 --- libpng crashes if CRC error is detected in
a grayscale tRNS chunk, because png_handle_tRNS leaves inconsistent state
which eventually leads to attempting to free() unallocated memory.


diff -Naur libpng-1.2.16.orig/pngrutil.c libpng-1.2.16/pngrutil.c
--- libpng-1.2.16.orig/pngrutil.c	2007-01-31 08:22:35.000000000 -0500
+++ libpng-1.2.16/pngrutil.c	2007-05-12 17:07:41.000000000 -0400
@@ -1314,7 +1314,10 @@
    }
 
    if (png_crc_finish(png_ptr, 0))
+   {
+      png_ptr->num_trans = 0;
       return;
+   }
 
    png_set_tRNS(png_ptr, info_ptr, readbuf, png_ptr->num_trans,
       &(png_ptr->trans_values));


Index: libpng.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libpng/devel/libpng.spec,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- libpng.spec	12 Feb 2007 16:16:05 -0000	1.39
+++ libpng.spec	23 May 2007 21:02:52 -0000	1.40
@@ -2,7 +2,7 @@
 Name: libpng
 Epoch: 2
 Version: 1.2.16
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -10,6 +10,7 @@
 Source: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
 Patch0: libpng-multilib.patch
 Patch1: libpng-pngconf.patch
+Patch2: libpng-trns-bug.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel
@@ -53,6 +54,7 @@
 
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure
@@ -91,6 +93,10 @@
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Wed May 23 2007 Tom Lane <tgl at redhat.com> 2:1.2.16-2
+- Add patch to fix CVE-2007-2445
+Related: #239542
+
 * Mon Feb 12 2007 Tom Lane <tgl at redhat.com> 2:1.2.16-1
 - Update to libpng 1.2.16
 Resolves: #211705, #216706, #227334

More information about the fedora-extras-commits mailing list