[libpng15] Adding patch CVE-2013-6954 (#1056856)
Petr Hracek
phracek at fedoraproject.org
Wed Jan 29 09:19:12 UTC 2014
commit 438d5ea42a33f0393438fed82b5dd81affbf02c9
Author: Petr Hracek <phracek at redhat.com>
Date: Wed Jan 29 10:15:33 2014 +0100
Adding patch CVE-2013-6954 (#1056856)
libpng15-CVE-2013-6954.patch | 35 +++++++++++++++++++++++++++++++++++
libpng15.spec | 9 ++++++++-
2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/libpng15-CVE-2013-6954.patch b/libpng15-CVE-2013-6954.patch
new file mode 100644
index 0000000..9619d8a
--- /dev/null
+++ b/libpng15-CVE-2013-6954.patch
@@ -0,0 +1,35 @@
+diff --git a/pngrtran.c b/pngrtran.c
+index 5673193..04eecee 100644
+--- a/pngrtran.c
++++ b/pngrtran.c
+@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr)
+
+ info_ptr->bit_depth = 8;
+ info_ptr->num_trans = 0;
++
++ if (png_ptr->palette == NULL)
++ png_error (png_ptr, "Palette is NULL in indexed image");
+ }
+ else
+ {
+diff --git a/pngset.c b/pngset.c
+index 4177e62..3876103 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
+ return;
+ }
+ }
++ if ((num_palette > 0 && palette == NULL) ||
++ (num_palette == 0
++ # ifdef PNG_MNG_FEATURES_SUPPORTED
++ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
++ # endif
++ ))
++ {
++ png_error(png_ptr, "Invalid palette");
++ return;
++ }
+
+ /* It may not actually be necessary to set png_ptr->palette here;
+ * we do it for backward compatibility with the way the png_handle_tRNS
diff --git a/libpng15.spec b/libpng15.spec
index 7a6ef54..c40a95c 100644
--- a/libpng15.spec
+++ b/libpng15.spec
@@ -1,7 +1,7 @@
Summary: Old version of libpng, needed to run old binaries
Name: libpng15
Version: 1.5.17
-Release: 1%{?dist}
+Release: 2%{?dist}
License: zlib
Group: System Environment/Libraries
URL: http://www.libpng.org/pub/png/
@@ -12,6 +12,8 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/history/libpng15/libpng-%{versi
Source1: pngusr.dfa
+Patch0: libpng15-CVE-2013-6954.patch
+
BuildRequires: zlib-devel
%description
@@ -23,6 +25,8 @@ version of libpng.
%prep
%setup -q -n libpng-%{version}
+%patch0 -p1
+
# Provide pngusr.dfa for build.
cp -p %{SOURCE1} .
@@ -51,6 +55,9 @@ rm -rf $RPM_BUILD_ROOT%{_bindir}/*
%{_libdir}/libpng15.so.*
%changelog
+* Wed Jan 29 2014 Petr Hracek <phracek at redhat.com> - 1.5.17-2
+- Adding patch CVE-2013-6954 (#1056856)
+
* Fri Jul 26 2013 Petr Hracek <phracek at redhat.com> - 1.5.17-1
- Update to libpng 1.5.17 for minor bug fixes
More information about the scm-commits
mailing list