| Name: | pngcheck |
|---|---|
| Version: | 2.4.0 |
| Release: | 5.el8 |
| Architecture: | aarch64 |
| Group: | Unspecified |
| Size: | 156456 |
| License: | MIT |
| RPM: | pngcheck-2.4.0-5.el8.aarch64.rpm |
| Source RPM: | pngcheck-2.4.0-5.el8.src.rpm |
| Build Date: | Wed Dec 30 2020 |
| Build Host: | ca-buildarm05 |
| Vendor: | Oracle America |
| URL: | http://www.libpng.org/pub/png/apps/pngcheck.html |
| Summary: | Verifies the integrity of PNG, JNG and MNG files |
| Description: | pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities. The current release supports all PNG, MNG and JNG chunks, including the newly approved sTER stereo-layout chunk. It correctly reports errors in all but two of the images in Chris Nokleberg's brokensuite-20061204. |
- Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly fixed now.
- Bounds-check all accesses into enumerated-value name arrays; a malformed file could have caused a buffer overrun in several of these cases. (RHBZ#1902810) - Fix buffer overrun when print_buffer() is passed a nonpositive size, which can occur in practice for certain malformed inputs. (RHBZ#1902810) - In some cases, the chunk length from the file data (sz) is used to index into the read buffer without sufficient bounds-checking, leading to a buffer overrun. Fix this for PPLT, hIST, sCAL, FRAM, SAVE, nEED, PAST, DISC, DROP, DBYK, ORDR, and SEEK chunks. (RHBZ#1902810) - Fix buffer overrun printing the contents of the sPLT chunk in certain malformed inputs. (RHBZ#1905775) - Backport fix for off-by-one bug in check_magic() from 3.0.0 - Backport fix for zlib version warnings going to stdout from 3.0.0 - Use name macro when referencing patches. - Add BR on make in anticipation of https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot. - New upstream version 2.4.0 - Added new license file for main package (same MIT-style license) - Drop format-security patch, now upstreamed - Use upstreamed man pages; no need to generate with help2man anymore - Add rpmlintrc rules for -extras subpackage - Add rpmlintrc file to suppress spurious rpmlint warnings
- Fix null pointer dereference in pngcheck when -f is given and the sCAL chunk is missing the pixel height.
- Fix buffer overflow (RHBZ #1897485)
- Add _hardened_build macro for EPEL
- Work around Makefile.unx not actually using LDFLAGS; this fixes hardened build (PIE)
- Initial import (#1886858)