From: Daniel P. Berrange <"Daniel P. Berrange "> Date: Mon, 22 Sep 2008 21:55:55 +0000 (-0400) Subject: Pull in patches for libpng from rawhide X-Git-Url: http://git.annexia.org/?p=fedora-mingw.git;a=commitdiff_plain;h=386dd7b89bffcce87bcb4baad9701dd37ebeb6fe Pull in patches for libpng from rawhide --- diff --git a/libpng/compare.supp b/libpng/compare.supp new file mode 100644 index 0000000..5a1ce03 --- /dev/null +++ b/libpng/compare.supp @@ -0,0 +1 @@ +missing patch 'libpng-multilib.patch' diff --git a/libpng/libpng-pngconf.patch b/libpng/libpng-pngconf.patch new file mode 100644 index 0000000..dbaadcb --- /dev/null +++ b/libpng/libpng-pngconf.patch @@ -0,0 +1,42 @@ +diff -Naur libpng-1.2.29.orig/configure.ac libpng-1.2.29/configure.ac +--- libpng-1.2.29.orig/configure.ac 2008-05-08 07:58:11.000000000 -0400 ++++ libpng-1.2.29/configure.ac 2008-05-31 20:21:12.000000000 -0400 +@@ -63,7 +63,8 @@ + AC_MSG_CHECKING( + [if assembler code in pnggccrd.c can be compiled without PNG_NO_MMX_CODE]) + AC_TRY_COMPILE( +- [#include "$srcdir/pnggccrd.c"], ++ [#define PNG_CONFIGURE_LIBPNG ++ #include "$srcdir/pnggccrd.c"], + [return 0;], + AC_MSG_RESULT(yes) + LIBPNG_NO_MMX="", +diff -Naur libpng-1.2.29.orig/pngconf.h libpng-1.2.29/pngconf.h +--- libpng-1.2.29.orig/pngconf.h 2008-05-08 07:58:03.000000000 -0400 ++++ libpng-1.2.29/pngconf.h 2008-05-31 20:21:12.000000000 -0400 +@@ -35,6 +35,25 @@ + #ifdef HAVE_CONFIG_H + #include "config.h" + #endif ++#else ++/* pngconf.h is part of the exported API. When a libpng-using application ++ includes us, PNG_CONFIGURE_LIBPNG is of course not defined as we do not have ++ libpng's config.h available in this case. This means that we do not have the ++ defines added to config.h and the commandline by libpng's ./configure . ++ ++ For all defines from config.h not having them set is not a problem, however ++ ./configure also adds -DPNG_NO_ASSEMBLER_CODE to the CFLAGS when compiling ++ on a platform on which the MMX and SSE asm code in libpng is not supported. ++ ++ We do need this define as this define is used to determine whether or not ++ to define PNG_ASSEMBLER_CODE_SUPPORTED and other assembler related defines ++ and prototypes. PNG_ASSEMBLER_CODE_SUPPORTED in turn is used by applications ++ (ImageMagick for example) to determine whether or not they can use the asm ++ functions. Thus we need to define PNG_NO_ASSEMBLER_CODE here on platforms ++ on which the MMX and SSE asm code in libpng is not supported: */ ++#ifndef __i386__ /* change this if MMX/SSE become supported on x86_64! */ ++#define PNG_NO_ASSEMBLER_CODE ++#endif + #endif + + /* diff --git a/libpng/libpng-ztxt-bug.patch b/libpng/libpng-ztxt-bug.patch new file mode 100644 index 0000000..7168cf7 --- /dev/null +++ b/libpng/libpng-ztxt-bug.patch @@ -0,0 +1,17 @@ +Patch for CVE-2008-3964 + + +diff -ru4NwbB libpng-1.2.31/pngpread.c libpng-1.2.32beta01/pngpread.c +--- libpng-1.2.31/pngpread.c 2008-08-21 05:54:13.254898477 -0500 ++++ libpng-1.2.32beta01/pngpread.c 2008-09-06 07:03:43.043602194 -0500 +@@ -1278,9 +1278,9 @@ + + tmp = text; + text = (png_charp)png_malloc(png_ptr, text_size + + (png_uint_32)(png_ptr->zbuf_size +- - png_ptr->zstream.avail_out)); ++ - png_ptr->zstream.avail_out + 1)); + png_memcpy(text, tmp, text_size); + png_free(png_ptr, tmp); + png_memcpy(text + text_size, png_ptr->zbuf, + png_ptr->zbuf_size - png_ptr->zstream.avail_out); diff --git a/libpng/mingw-libpng.spec b/libpng/mingw-libpng.spec index 7e50225..96377d7 100644 --- a/libpng/mingw-libpng.spec +++ b/libpng/mingw-libpng.spec @@ -6,12 +6,15 @@ Name: mingw-libpng Version: 1.2.31 -Release: 3%{?dist} +Release: 4%{?dist} Summary: MinGW Windows Libpng library License: zlib URL: http://www.libpng.org/pub/png/ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2 +Patch1: libpng-pngconf.patch +Patch2: libpng-ztxt-bug.patch + Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -28,6 +31,8 @@ MinGW Windows Libpng library. %prep %setup -q -n libpng-%{version} +%patch1 -p1 +%patch2 -p1 %build %{_mingw_configure} @@ -68,6 +73,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Sep 22 2008 Daniel P. Berrange - 1.2.31-4 +- Add patches from rawhide RPM + * Sun Sep 21 2008 Richard W.M. Jones - 1.2.31-3 - Don't duplicate Fedora native manpages.