[libpng/f20] Fix CVE-2013-6954 (#1056853), CVE-2014-0333 (#1070987)
Petr Hracek
phracek at fedoraproject.org
Wed May 21 19:42:02 UTC 2014
commit 4105f5f8f3ce6f5946728dbb7aa374e90777418a
Author: Petr Hracek <phracek at redhat.com>
Date: Wed May 21 21:16:18 2014 +0200
Fix CVE-2013-6954 (#1056853), CVE-2014-0333 (#1070987)
libpng-CVE-2013-6954.patch | 27 +++++++++++++++++++++++++++
libpng-CVE-2014-0333.patch | 12 ++++++++++++
libpng.spec | 10 +++++++++-
3 files changed, 48 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2013-6954.patch b/libpng-CVE-2013-6954.patch
new file mode 100644
index 0000000..e832a76
--- /dev/null
+++ b/libpng-CVE-2013-6954.patch
@@ -0,0 +1,27 @@
+diff --git a/pngrtran.c b/pngrtran.c
+index 5c6bbd3..fa46280 100644
+--- a/pngrtran.c
++++ b/pngrtran.c
+@@ -1942,6 +1942,9 @@ png_read_transform_info(png_structrp png_ptr, png_inforp info_ptr)
+
+ info_ptr->bit_depth = 8;
+ info_ptr->num_trans = 0;
++
++ if (png_ptr->palette == NULL)
++ png_error (png_ptr, "Palette is NULL in indexed image");
+ }
+ else
+ {
+diff --git a/pngset.c b/pngset.c
+index 7e355d1..9ed2de9 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -527,7 +527,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
+ # endif
+ ))
+ {
+- png_chunk_report(png_ptr, "Invalid palette", PNG_CHUNK_ERROR);
++ png_error(png_ptr, "Invalid palette");
+ return;
+ }
+
diff --git a/libpng-CVE-2014-0333.patch b/libpng-CVE-2014-0333.patch
new file mode 100644
index 0000000..9bfbbd7
--- /dev/null
+++ b/libpng-CVE-2014-0333.patch
@@ -0,0 +1,12 @@
+diff --git a/pngpread.c b/pngpread.c
+index 0169ecb..4fce7c0 100644
+--- a/pngpread.c
++++ b/pngpread.c
+@@ -234,6 +234,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
+ png_error(png_ptr, "Missing PLTE before IDAT");
+
+ png_ptr->mode |= PNG_HAVE_IDAT;
++ png_ptr->process_mode = PNG_READ_IDAT_MODE;
+
+ if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
+ if (png_ptr->push_length == 0)
diff --git a/libpng.spec b/libpng.spec
index adaff45..3b8b6ee 100644
--- a/libpng.spec
+++ b/libpng.spec
@@ -2,7 +2,7 @@ Summary: A library of functions for manipulating PNG image format files
Name: libpng
Epoch: 2
Version: 1.6.6
-Release: 2%{?dist}
+Release: 3%{?dist}
License: zlib
Group: System Environment/Libraries
URL: http://www.libpng.org/pub/png/
@@ -14,6 +14,8 @@ Source0: ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng16/libpng-%{versio
Source1: pngusr.dfa
Patch0: libpng-multilib.patch
+Patch1: libpng-CVE-2013-6954.patch
+Patch2: libpng-CVE-2014-0333.patch
BuildRequires: zlib-devel, pkgconfig, libtool
BuildRequires: autoconf >= 2.68
@@ -68,6 +70,8 @@ The libpng-tools package contains tools used by the authors of libpng.
cp -p %{SOURCE1} .
%patch0 -p1
+%patch1 -p1
+%patch2 -p1
%build
autoreconf -vi
@@ -110,6 +114,10 @@ make check
%{_bindir}/pngfix
%changelog
+* Wed May 21 2014 Petr Hracek <phracek at redhat.com> - 2:1.6.6-3
+- Fix CVE-2013-6954 (#1056853)
+- Fix CVE-2014-0333 (#1070987)
+
* Wed Sep 25 2013 Petr Hracek <phracek at redhat.com> - 2:1.6.6-2
- Correct BuildRequires on autoconf to 2.68 (#1008101)
More information about the scm-commits
mailing list