Hello community, here is the log from the commit of package libpng14 for openSUSE:11.4 checked in at Mon Feb 20 14:56:49 CET 2012.
-------- --- old-versions/11.4/UPDATES/all/libpng14/libpng14.changes 2011-07-26 17:34:08.000000000 +0200 +++ 11.4/libpng14/libpng14.changes 2012-02-20 12:34:18.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Feb 20 11:33:22 UTC 2012 - pgaj...@suse.com + +- fixed + * CVE-2011-3026 [bnc#747311] + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- libpng14-1.4.4-CVE-2011-3026.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng14.spec ++++++ --- /var/tmp/diff_new_pack.Q2eUZ0/_old 2012-02-20 14:56:38.000000000 +0100 +++ /var/tmp/diff_new_pack.Q2eUZ0/_new 2012-02-20 14:56:38.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libpng14 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ Group: System/Libraries Url: http://www.libpng.org/pub/png/libpng.html Version: %{major}.%{minor}.%{micro} -Release: 3.<RELEASE4> +Release: 3.<RELEASE6> Summary: Library for the Portable Network Graphics Format (PNG) Source: libpng-%{version}.tar.bz2 Source2: baselibs.conf @@ -37,6 +37,7 @@ Patch2: libpng14-1.4.4-CVE-2011-2691.patch Patch3: libpng14-1.4.4-CVE-2011-2692.patch Patch4: libpng14-1.4.4-CVE-2011-2690.patch +Patch5: libpng14-1.4.4-CVE-2011-3026.patch BuildRequires: pkg-config zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires %{libname} = %{version}-%{release} @@ -105,6 +106,7 @@ %patch2 %patch3 %patch4 +%patch5 -p1 %build ./autogen.sh ++++++ libpng14-1.4.4-CVE-2011-3026.patch ++++++ Index: libpng-1.4.4/pngrutil.c =================================================================== --- libpng-1.4.4.orig/pngrutil.c +++ libpng-1.4.4/pngrutil.c @@ -325,15 +325,18 @@ png_decompress_chunk(png_structp png_ptr /* Now check the limits on this chunk - if the limit fails the * compressed data will be removed, the prefix will remain. */ + if (prefix_size >= (~(png_size_t)0) - 1 || + expanded_size >= (~(png_size_t)0) - 1 - prefix_size #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED - if (png_ptr->user_chunk_malloc_max && + || (png_ptr->user_chunk_malloc_max && (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1)) #else # ifdef PNG_USER_CHUNK_MALLOC_MAX - if ((PNG_USER_CHUNK_MALLOC_MAX > 0) && + || ((PNG_USER_CHUNK_MALLOC_MAX > 0) && prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1) # endif #endif + ) png_warning(png_ptr, "Exceeded size limit while expanding chunk"); /* If the size is zero either there was an error and a message @@ -341,11 +344,7 @@ png_decompress_chunk(png_structp png_ptr * and we have nothing to do - the code will exit through the * error case below. */ -#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ - defined(PNG_USER_CHUNK_MALLOC_MAX) - else -#endif - if (expanded_size > 0) + else if (expanded_size > 0) { /* Success (maybe) - really uncompress the chunk. */ png_size_t new_size = 0; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
