rpms/libpng/devel libpng-ztxt-bug.patch, NONE, 1.1 libpng.spec, 1.46, 1.47
Tom Lane
tgl at fedoraproject.org
Tue Sep 9 19:32:41 UTC 2008
- Previous message (by thread): rpms/ruby-gnome2/devel import.log, NONE, 1.1 .cvsignore, 1.3, 1.4 ruby-gnome2.spec, 1.28, 1.29 sources, 1.3, 1.4 ruby-gnome2-0.17.0-rc1-newgtk-021303.patch, 1.1, NONE
- Next message (by thread): rpms/ricci/devel .cvsignore, 1.2, 1.3 ricci.spec, 1.3, 1.4 sources, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tgl
Update of /cvs/pkgs/rpms/libpng/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3421
Modified Files:
libpng.spec
Added Files:
libpng-ztxt-bug.patch
Log Message:
Patch for CVE-2008-3964
libpng-ztxt-bug.patch:
--- NEW FILE libpng-ztxt-bug.patch ---
Patch for CVE-2008-3964
diff -ru4NwbB libpng-1.2.31/pngpread.c libpng-1.2.32beta01/pngpread.c
--- libpng-1.2.31/pngpread.c 2008-08-21 05:54:13.254898477 -0500
+++ libpng-1.2.32beta01/pngpread.c 2008-09-06 07:03:43.043602194 -0500
@@ -1278,9 +1278,9 @@
tmp = text;
text = (png_charp)png_malloc(png_ptr, text_size +
(png_uint_32)(png_ptr->zbuf_size
- - png_ptr->zstream.avail_out));
+ - png_ptr->zstream.avail_out + 1));
png_memcpy(text, tmp, text_size);
png_free(png_ptr, tmp);
png_memcpy(text + text_size, png_ptr->zbuf,
png_ptr->zbuf_size - png_ptr->zstream.avail_out);
Index: libpng.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libpng/devel/libpng.spec,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- libpng.spec 23 Aug 2008 21:07:16 -0000 1.46
+++ libpng.spec 9 Sep 2008 19:32:10 -0000 1.47
@@ -2,7 +2,7 @@
Name: libpng
Epoch: 2
Version: 1.2.31
-Release: 1%{?dist}
+Release: 2%{?dist}
License: zlib
Group: System Environment/Libraries
URL: http://www.libpng.org/pub/png/
@@ -10,6 +10,7 @@
Source: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
Patch0: libpng-multilib.patch
Patch1: libpng-pngconf.patch
+Patch2: libpng-ztxt-bug.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel
@@ -53,6 +54,7 @@
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
%configure
@@ -91,6 +93,10 @@
rm -rf $RPM_BUILD_ROOT
%changelog
+* Tue Sep 9 2008 Tom Lane <tgl at redhat.com> 2:1.2.31-2
+- Apply upstream patch for zTXT buffer overrun (CVE-2008-3964)
+Related: #461599
+
* Sat Aug 23 2008 Tom Lane <tgl at redhat.com> 2:1.2.31-1
- Update to libpng 1.2.31
- Previous message (by thread): rpms/ruby-gnome2/devel import.log, NONE, 1.1 .cvsignore, 1.3, 1.4 ruby-gnome2.spec, 1.28, 1.29 sources, 1.3, 1.4 ruby-gnome2-0.17.0-rc1-newgtk-021303.patch, 1.1, NONE
- Next message (by thread): rpms/ricci/devel .cvsignore, 1.2, 1.3 ricci.spec, 1.3, 1.4 sources, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list