rpms/libpng/devel libpng-ztxt-bug.patch, NONE, 1.1 libpng.spec, 1.46, 1.47

Tue Sep 9 19:32:41 UTC 2008

Author: tgl

Update of /cvs/pkgs/rpms/libpng/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3421

Modified Files:
	libpng.spec 
Added Files:
	libpng-ztxt-bug.patch 
Log Message:
Patch for CVE-2008-3964

libpng-ztxt-bug.patch:

--- NEW FILE libpng-ztxt-bug.patch ---
Patch for CVE-2008-3964


diff -ru4NwbB libpng-1.2.31/pngpread.c libpng-1.2.32beta01/pngpread.c
--- libpng-1.2.31/pngpread.c	2008-08-21 05:54:13.254898477 -0500
+++ libpng-1.2.32beta01/pngpread.c	2008-09-06 07:03:43.043602194 -0500
@@ -1278,9 +1278,9 @@
 
                tmp = text;
                text = (png_charp)png_malloc(png_ptr, text_size +
                   (png_uint_32)(png_ptr->zbuf_size 
-                  - png_ptr->zstream.avail_out));
+                  - png_ptr->zstream.avail_out + 1));
                png_memcpy(text, tmp, text_size);
                png_free(png_ptr, tmp);
                png_memcpy(text + text_size, png_ptr->zbuf,
                   png_ptr->zbuf_size - png_ptr->zstream.avail_out);


Index: libpng.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libpng/devel/libpng.spec,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- libpng.spec	23 Aug 2008 21:07:16 -0000	1.46
+++ libpng.spec	9 Sep 2008 19:32:10 -0000	1.47
@@ -2,7 +2,7 @@
 Name: libpng
 Epoch: 2
 Version: 1.2.31
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: zlib
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -10,6 +10,7 @@
 Source: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
 Patch0: libpng-multilib.patch
 Patch1: libpng-pngconf.patch
+Patch2: libpng-ztxt-bug.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel
@@ -53,6 +54,7 @@
 
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure
@@ -91,6 +93,10 @@
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Tue Sep  9 2008 Tom Lane <tgl at redhat.com> 2:1.2.31-2
+- Apply upstream patch for zTXT buffer overrun (CVE-2008-3964)
+Related: #461599
+
 * Sat Aug 23 2008 Tom Lane <tgl at redhat.com> 2:1.2.31-1
 - Update to libpng 1.2.31
 


