[mingw32-libpng/f14] Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
Richard W.M. Jones
rjones at fedoraproject.org
Wed Jun 29 09:42:08 UTC 2011
commit 976e3a597cfb13fb9e6c2a06f782392c1c3ea944
Author: Richard W.M. Jones <rjones at redhat.com>
Date: Wed Jun 29 10:35:04 2011 +0100
Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
(Cherry picked from commit d3842962c9533415d668efe7751864cd7a5df2aa).
libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++
mingw32-libpng.spec | 15 ++++++++++++-
2 files changed, 63 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch
new file mode 100644
index 0000000..487d8fd
--- /dev/null
+++ b/libpng-CVE-2011-2501.patch
@@ -0,0 +1,49 @@
+Patch from:
+
+ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af
+
+to fix:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=717510
+ https://bugzilla.redhat.com/show_bug.cgi?id=717511
+ CVE-2011-2501
+
+I have modified this patch to remove the changes to ANNOUNCE
+and CHANGES files, and the hunk in pngerror.c which just updates
+a comment.
+
+ - RWMJ.
+
+From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Tue, 7 Jun 2011 14:58:07 -0500
+Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
+
+(Bug report by Frank Busse, related to CVE-2004-0421).
+---
+ ANNOUNCE | 6 ++++--
+ CHANGES | 4 +++-
+ pngerror.c | 11 ++++++++---
+ 3 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/pngerror.c
++++ b/pngerror.c
+@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+ {
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
++
++ iin = 0;
++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
++ buffer[iout++] = error_message[iin++];
++
++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
++ buffer[iout] = '\0';
+ }
+ }
+
+--
+1.7.0.1
+
diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec
index da69a01..073a023 100644
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@@ -6,7 +6,7 @@
Name: mingw32-libpng
Version: 1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MinGW Windows Libpng library
License: zlib
@@ -14,6 +14,14 @@ URL: http://www.libpng.org/pub/png/
Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
Patch2: mingw32-libpng-fix-invalid-exports.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=717510
+# https://bugzilla.redhat.com/show_bug.cgi?id=717511
+# CVE-2011-2501
+#
+# *** NOTE *** When updating the package, please ensure the
+# new version either contains this fix, or this patch is retained.
+Patch3: libpng-CVE-2011-2501.patch
+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -41,6 +49,8 @@ MinGW Windows Libpng library.
# issue more to find out the real cause, but this will do for now
%patch2 -p0
+%patch3 -p1
+
%build
%{_mingw32_configure}
@@ -81,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 29 2011 Richard W.M. Jones <rjones at redhat.com> - 1.4.3-2
+- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
+
* Sun Jul 4 2010 Erik van Pienbroek <epienbro at fedoraproject.org> - 1.4.3-1
- Update to 1.4.3
- Fixes CVE-2010-1205 (BZ #608238)
More information about the mingw
mailing list