[libpng/f20] Fix CVE-2013-6954 (#1056853), CVE-2014-0333 (#1070987)

Petr Hracek phracek at fedoraproject.org
Wed May 21 19:42:02 UTC 2014


commit 4105f5f8f3ce6f5946728dbb7aa374e90777418a
Author: Petr Hracek <phracek at redhat.com>
Date:   Wed May 21 21:16:18 2014 +0200

    Fix CVE-2013-6954 (#1056853), CVE-2014-0333 (#1070987)

 libpng-CVE-2013-6954.patch |   27 +++++++++++++++++++++++++++
 libpng-CVE-2014-0333.patch |   12 ++++++++++++
 libpng.spec                |   10 +++++++++-
 3 files changed, 48 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2013-6954.patch b/libpng-CVE-2013-6954.patch
new file mode 100644
index 0000000..e832a76
--- /dev/null
+++ b/libpng-CVE-2013-6954.patch
@@ -0,0 +1,27 @@
+diff --git a/pngrtran.c b/pngrtran.c
+index 5c6bbd3..fa46280 100644
+--- a/pngrtran.c
++++ b/pngrtran.c
+@@ -1942,6 +1942,9 @@ png_read_transform_info(png_structrp png_ptr, png_inforp info_ptr)
+ 
+          info_ptr->bit_depth = 8;
+          info_ptr->num_trans = 0;
++
++         if (png_ptr->palette == NULL)
++            png_error (png_ptr, "Palette is NULL in indexed image");
+       }
+       else
+       {
+diff --git a/pngset.c b/pngset.c
+index 7e355d1..9ed2de9 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -527,7 +527,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
+ #        endif
+       ))
+    {
+-      png_chunk_report(png_ptr, "Invalid palette", PNG_CHUNK_ERROR);
++      png_error(png_ptr, "Invalid palette");
+       return;
+    }
+ 
diff --git a/libpng-CVE-2014-0333.patch b/libpng-CVE-2014-0333.patch
new file mode 100644
index 0000000..9bfbbd7
--- /dev/null
+++ b/libpng-CVE-2014-0333.patch
@@ -0,0 +1,12 @@
+diff --git a/pngpread.c b/pngpread.c
+index 0169ecb..4fce7c0 100644
+--- a/pngpread.c
++++ b/pngpread.c
+@@ -234,6 +234,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
+          png_error(png_ptr, "Missing PLTE before IDAT");
+ 
+       png_ptr->mode |= PNG_HAVE_IDAT;
++      png_ptr->process_mode = PNG_READ_IDAT_MODE;
+ 
+       if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
+          if (png_ptr->push_length == 0)
diff --git a/libpng.spec b/libpng.spec
index adaff45..3b8b6ee 100644
--- a/libpng.spec
+++ b/libpng.spec
@@ -2,7 +2,7 @@ Summary: A library of functions for manipulating PNG image format files
 Name: libpng
 Epoch: 2
 Version: 1.6.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: zlib
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -14,6 +14,8 @@ Source0: ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng16/libpng-%{versio
 Source1: pngusr.dfa
 
 Patch0: libpng-multilib.patch
+Patch1: libpng-CVE-2013-6954.patch
+Patch2: libpng-CVE-2014-0333.patch
 
 BuildRequires: zlib-devel, pkgconfig, libtool
 BuildRequires: autoconf >= 2.68
@@ -68,6 +70,8 @@ The libpng-tools package contains tools used by the authors of libpng.
 cp -p %{SOURCE1} .
 
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
 
 %build
 autoreconf -vi
@@ -110,6 +114,10 @@ make check
 %{_bindir}/pngfix
 
 %changelog
+* Wed May 21 2014 Petr Hracek <phracek at redhat.com> - 2:1.6.6-3
+- Fix CVE-2013-6954 (#1056853)
+- Fix CVE-2014-0333 (#1070987)
+
 * Wed Sep 25 2013 Petr Hracek <phracek at redhat.com> - 2:1.6.6-2
 - Correct BuildRequires on autoconf to 2.68 (#1008101)
 


More information about the scm-commits mailing list