From 79f13d627c5f49d08a9bd404d6629e635dea07f1 Mon Sep 17 00:00:00 2001 From: zhanglu Date: Sun, 12 Jan 2020 12:48:11 +0800 Subject: [PATCH] fix cve --- CVE-2019-6129.patch | 23 +++++++++++++++++++++++ libpng.spec | 9 ++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 CVE-2019-6129.patch diff --git a/CVE-2019-6129.patch b/CVE-2019-6129.patch new file mode 100644 index 0000000..04179b1 --- /dev/null +++ b/CVE-2019-6129.patch @@ -0,0 +1,23 @@ +From a0ca4293454ef65e67efca5dc440c601d2835e90 Mon Sep 17 00:00:00 2001 +From: tangyaofang +Date: Mon, 10 Jun 2019 11:30:15 +0800 +Subject: [PATCH] Repair of CVE-2019-6129 + +--- + contrib/tools/pngcp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/tools/pngcp.c b/contrib/tools/pngcp.c +index 16d4e7f4d..a02d5b7ff 100644 +--- a/contrib/tools/pngcp.c ++++ b/contrib/tools/pngcp.c +@@ -506,7 +506,7 @@ static void + display_clean_read(struct display *dp) + { + if (dp->read_pp != NULL) +- png_destroy_read_struct(&dp->read_pp, NULL, NULL); ++ png_destroy_read_struct(&dp->read_pp, (dp->ip!=NULL ? &dp->ip : NULL), NULL); + + if (dp->fp != NULL) + { + diff --git a/libpng.spec b/libpng.spec index 2d68376..7732b74 100644 --- a/libpng.spec +++ b/libpng.spec @@ -1,7 +1,7 @@ Name: libpng Epoch: 2 Version: 1.6.36 -Release: 3 +Release: 4 Summary: A library of functions for manipulating PNG image format files License: zlib URL: http://www.libpng.org/pub/png/libpng.html @@ -12,6 +12,7 @@ Patch0: libpng-multilib.patch Patch1: libpng-fix-arm-neon.patch Patch2: libpng-CVE-2019-7317.patch Patch3: libpng-CVE-2018-14550.patch +Patch4: CVE-2019-6129.patch BuildRequires: zlib-devel autoconf automake libtool Provides: libpng-tools @@ -77,6 +78,12 @@ make check %{_mandir}/man*/* %changelog +* Sun Jan 12 2020 openEuler Buildteam - 1.6.36-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix cve + * Tue Dec 31 2019 openEuler Buildteam - 1.6.36-3 - Type:bugfix - ID:NA -- Gitee