From 31e1c963980ddf2571b1b8c6cd46cd718fe3b83b Mon Sep 17 00:00:00 2001 From: Nikola Forró Date: Oct 10 2018 15:54:50 +0000 Subject: New upstream release 1.6.35 (#1552349) --- diff --git a/.gitignore b/.gitignore index 2808876..29d911b 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /libpng-1.6.29.tar.xz /libpng-1.6.31.tar.xz /libpng-1.6.34.tar.xz +/libpng-1.6.35.tar.gz diff --git a/libpng-CVE-2018-13785.patch b/libpng-CVE-2018-13785.patch deleted file mode 100644 index c05b1db..0000000 --- a/libpng-CVE-2018-13785.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3a50b3eca60a9e2c80c1f08d268ed628d80eb5ba Mon Sep 17 00:00:00 2001 -From: Cosmin Truta -Date: Sun, 17 Jun 2018 22:56:29 -0400 -Subject: [PATCH] [libpng16] Fix the calculation of row_factor in - png_check_chunk_length - -(Bug report by Thuan Pham, SourceForge issue #278) ---- - pngrutil.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/pngrutil.c b/pngrutil.c -index 8692933..eab2973 100644 ---- a/pngrutil.c -+++ b/pngrutil.c -@@ -3149,10 +3149,13 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) - { - png_alloc_size_t idat_limit = PNG_UINT_31_MAX; - size_t row_factor = -- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) -- + 1 + (png_ptr->interlaced? 6: 0)); -+ (size_t)png_ptr->width -+ * (size_t)png_ptr->channels -+ * (png_ptr->bit_depth > 8? 2: 1) -+ + 1 -+ + (png_ptr->interlaced? 6: 0); - if (png_ptr->height > PNG_UINT_32_MAX/row_factor) -- idat_limit=PNG_UINT_31_MAX; -+ idat_limit = PNG_UINT_31_MAX; - else - idat_limit = png_ptr->height * row_factor; - row_factor = row_factor > 32566? 32566 : row_factor; --- -2.17.1 - diff --git a/libpng.spec b/libpng.spec index b9bef8a..d7d4f09 100644 --- a/libpng.spec +++ b/libpng.spec @@ -1,20 +1,16 @@ Summary: A library of functions for manipulating PNG image format files Name: libpng Epoch: 2 -Version: 1.6.34 -Release: 6%{?dist} +Version: 1.6.35 +Release: 1%{?dist} License: zlib Group: System Environment/Libraries URL: http://www.libpng.org/pub/png/ -# Note: non-current tarballs get moved to the history/ subdirectory, -# so look there if you fail to retrieve the version you want -Source0: https://ftp-osl.osuosl.org/pub/libpng/src/libpng16/libpng-%{version}.tar.xz +Source0: https://github.com/glennrp/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Source1: pngusr.dfa Patch0: libpng-multilib.patch Patch1: libpng-fix-arm-neon.patch -Patch2: libpng-CVE-2018-13785.patch - BuildRequires: gcc BuildRequires: zlib-devel @@ -69,7 +65,6 @@ cp -p %{SOURCE1} . %patch0 -p1 %patch1 -p1 -b .arm -%patch2 -p1 -b .CVE-2018-13785 %build autoreconf -vif @@ -111,6 +106,9 @@ make check %{_bindir}/pngfix %changelog +* Wed Oct 10 2018 Nikola Forró - 2:1.6.35-1 +- New upstream release 1.6.35 (#1552349) + * Wed Aug 01 2018 Nikola Forró - 2:1.6.34-6 - Fix CVE-2018-13785 (#1599944) diff --git a/sources b/sources index 70c810c..5587c60 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libpng-1.6.34.tar.xz) = 89407c5abc1623faaa3992fc1e4a62def671d9a7401108dfceee895d5f16fe7030090bea89b34a36d377d8e6a5d40046886991f663ce075d1a2d31bf9eaf3c51 +SHA512 (libpng-1.6.35.tar.gz) = 1b6e2664bd80726e8f6ef7ea4f23d311a883841086a4a60700dfd11621130808c24487c744c8a942219980eb29b244e81965aebfc4ab7f637693f537f4e8e148