commit e3e6d6df4cb76eb73fcd5e4f9426a36c33ab2af9 Author: Richard W.M. Jones rjones@redhat.com Date: Wed Jun 29 10:35:04 2011 +0100
Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511). (cherry picked from commit d3842962c9533415d668efe7751864cd7a5df2aa)
libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++ mingw32-libpng.spec | 15 ++++++++++++- 2 files changed, 63 insertions(+), 1 deletions(-) --- diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch new file mode 100644 index 0000000..487d8fd --- /dev/null +++ b/libpng-CVE-2011-2501.patch @@ -0,0 +1,49 @@ +Patch from: + + http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdif... + +to fix: + + https://bugzilla.redhat.com/show_bug.cgi?id=717510 + https://bugzilla.redhat.com/show_bug.cgi?id=717511 + CVE-2011-2501 + +I have modified this patch to remove the changes to ANNOUNCE +and CHANGES files, and the hunk in pngerror.c which just updates +a comment. + + - RWMJ. + +From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> +Date: Tue, 7 Jun 2011 14:58:07 -0500 +Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer() + +(Bug report by Frank Busse, related to CVE-2004-0421). +--- + ANNOUNCE | 6 ++++-- + CHANGES | 4 +++- + pngerror.c | 11 ++++++++--- + 3 files changed, 15 insertions(+), 6 deletions(-) + +--- a/pngerror.c ++++ b/pngerror.c +@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp + { + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT); +- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0'; ++ ++ iin = 0; ++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0') ++ buffer[iout++] = error_message[iin++]; ++ ++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */ ++ buffer[iout] = '\0'; + } + } + +-- +1.7.0.1 + diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec index 803d4a4..5d944e6 100644 --- a/mingw32-libpng.spec +++ b/mingw32-libpng.spec @@ -6,7 +6,7 @@
Name: mingw32-libpng Version: 1.4.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: MinGW Windows Libpng library
License: zlib @@ -14,6 +14,14 @@ URL: http://www.libpng.org/pub/png/ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2 Patch2: mingw32-libpng-fix-invalid-exports.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=717510 +# https://bugzilla.redhat.com/show_bug.cgi?id=717511 +# CVE-2011-2501 +# +# *** NOTE *** When updating the package, please ensure the +# new version either contains this fix, or this patch is retained. +Patch3: libpng-CVE-2011-2501.patch + Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -41,6 +49,8 @@ MinGW Windows Libpng library. # issue more to find out the real cause, but this will do for now %patch2 -p0
+%patch3 -p1 +
%build %{_mingw32_configure} @@ -81,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog +* Wed Jun 29 2011 Richard W.M. Jones rjones@redhat.com - 1.4.3-3 +- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511). + * Tue Feb 08 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild