Fedora 33: pngcheck 2020-f3a397cbf8
Summary
pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the
internal 32-bit CRCs [checksums] and decompressing the image data); it can
optionally dump almost all of the chunk-level information in the image in
human-readable form. For example, it can be used to print the basic statistics
about an image (dimensions, bit depth, etc.); to list the color and
transparency info in its palette (assuming it has one); or to extract the
embedded text annotations. This is a command-line program with batch
capabilities.
The current release supports all PNG, MNG and JNG chunks, including the newly
approved sTER stereo-layout chunk. It correctly reports errors in all but two
of the images in Chris Nokleberg's brokensuite-20061204.
Previous fix for buffer overrun printing the contents of the sPLT chunk in
certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly
fixed now. ---- Security fix for multiple buffer overflows from crafted file
input (RHBZ#1902786,1902806,1902810: no CVE yet assigned), and for buffer
overrun printing the contents of the sPLT chunk in certain malformed inputs
(RHBZ#1905775: no tracking bug or CVE yet assigned); also, new eXIf support and
assorted small bug fixes
* Mon Dec 14 2020 Benjamin A. Beasley - 2.4.0-5
- Previous fix for buffer overrun printing the contents of the sPLT chunk in
certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly
fixed now.
* Sun Dec 13 2020 Benjamin A. Beasley - 2.4.0-4
- Bounds-check all accesses into enumerated-value name arrays; a malformed file
could have caused a buffer overrun in several of these cases. (RHBZ#1902810)
- Fix buffer overrun when print_buffer() is passed a nonpositive size, which
can occur in practice for certain malformed inputs. (RHBZ#1902810)
- In some cases, the chunk length from the file data (sz) is used to index into
the read buffer without sufficient bounds-checking, leading to a buffer
overrun. Fix this for PPLT, hIST, sCAL, FRAM, SAVE, nEED, PAST, DISC, DROP,
DBYK, ORDR, and SEEK chunks. (RHBZ#1902810)
- Fix buffer overrun printing the contents of the sPLT chunk in certain
malformed inputs. (RHBZ#1905775)
- Backport fix for off-by-one bug in check_magic() from 3.0.0
- Backport fix for zlib version warnings going to stdout from 3.0.0
- Use name macro when referencing patches.
- Add BR on make in anticipation of
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot.
- New upstream version 2.4.0
- Added new license file for main package (same MIT-style license)
- Drop format-security patch, now upstreamed
- Use upstreamed man pages; no need to generate with help2man anymore
- Add rpmlintrc rules for -extras subpackage
- Add rpmlintrc file to suppress spurious rpmlint warnings
[ 1 ] Bug #1902806 - pngcheck: Multiple buffer overflows from crafted file input
https://bugzilla.redhat.com/show_bug.cgi?id=1902806
su -c 'dnf upgrade --advisory FEDORA-2020-f3a397cbf8' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2020-f3a397cbf8 2020-12-23 01:18:30.481735 Product : Fedora 33 Version : 2.4.0 Release : 5.fc33 URL : http://www.libpng.org/pub/png/apps/pngcheck.html Summary : Verifies the integrity of PNG, JNG and MNG files Description : pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities. The current release supports all PNG, MNG and JNG chunks, including the newly approved sTER stereo-layout chunk. It correctly reports errors in all but two of the images in Chris Nokleberg's brokensuite-20061204. Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly fixed now. ---- Security fix for multiple buffer overflows from crafted file input (RHBZ#1902786,1902806,1902810: no CVE yet assigned), and for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775: no tracking bug or CVE yet assigned); also, new eXIf support and assorted small bug fixes * Mon Dec 14 2020 Benjamin A. Beasley - 2.4.0-5 - Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly fixed now. * Sun Dec 13 2020 Benjamin A. Beasley - 2.4.0-4 - Bounds-check all accesses into enumerated-value name arrays; a malformed file could have caused a buffer overrun in several of these cases. (RHBZ#1902810) - Fix buffer overrun when print_buffer() is passed a nonpositive size, which can occur in practice for certain malformed inputs. (RHBZ#1902810) - In some cases, the chunk length from the file data (sz) is used to index into the read buffer without sufficient bounds-checking, leading to a buffer overrun. Fix this for PPLT, hIST, sCAL, FRAM, SAVE, nEED, PAST, DISC, DROP, DBYK, ORDR, and SEEK chunks. (RHBZ#1902810) - Fix buffer overrun printing the contents of the sPLT chunk in certain malformed inputs. (RHBZ#1905775) - Backport fix for off-by-one bug in check_magic() from 3.0.0 - Backport fix for zlib version warnings going to stdout from 3.0.0 - Use name macro when referencing patches. - Add BR on make in anticipation of https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot. - New upstream version 2.4.0 - Added new license file for main package (same MIT-style license) - Drop format-security patch, now upstreamed - Use upstreamed man pages; no need to generate with help2man anymore - Add rpmlintrc rules for -extras subpackage - Add rpmlintrc file to suppress spurious rpmlint warnings [ 1 ] Bug #1902806 - pngcheck: Multiple buffer overflows from crafted file input https://bugzilla.redhat.com/show_bug.cgi?id=1902806 su -c 'dnf upgrade --advisory FEDORA-2020-f3a397cbf8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References