revoke last changes and added Security Fix (CAN-2002-1363) for png

kde-qt/kde-qt.patch

@@ -1,5 +1,61 @@
---- src/3rdparty/libpng/pngrtran.c.orig	Wed Oct  2 20:20:24 2002
-+++ src/3rdparty/libpng/pngrtran.c	Wed Jan 15 11:30:23 2003
+Index: src/3rdparty/libpng/pngconf.h
+--- src/3rdparty/libpng/pngconf.h.orig	2003-05-13 09:08:31 +0200
++++ src/3rdparty/libpng/pngconf.h	2004-07-02 09:03:26 +0200
+@@ -251,10 +251,6 @@
+ #      define PNG_SAVE_BSD_SOURCE
+ #      undef _BSD_SOURCE
+ #    endif
+-#    ifdef _SETJMP_H
+-      __png.h__ already includes setjmp.h;
+-      __dont__ include it again.;
+-#    endif
+ #  endif /* __linux__ */
+ 
+    /* include setjmp.h for error handling */
+Index: src/3rdparty/libpng/pngerror.c
+--- src/3rdparty/libpng/pngerror.c.orig	2003-05-13 09:08:31 +0200
++++ src/3rdparty/libpng/pngerror.c	2004-07-02 09:03:26 +0200
+@@ -135,10 +135,13 @@
+       buffer[iout] = 0;
+    else
+    {
++      png_size_t len;
++      if ((len = png_strlen(error_message)) > 63)
++          len = 63;
+       buffer[iout++] = ':';
+       buffer[iout++] = ' ';
+-      png_memcpy(buffer+iout, error_message, 64);
+-      buffer[iout+63] = 0;
++      png_memcpy(buffer+iout, error_message, len);
++      buffer[iout+len] = 0;
+    }
+ }
+ 
+Index: src/3rdparty/libpng/pngrtran.c
+--- src/3rdparty/libpng/pngrtran.c.orig	2003-05-13 09:08:31 +0200
++++ src/3rdparty/libpng/pngrtran.c	2004-07-02 09:03:26 +0200
+@@ -1889,8 +1889,8 @@
+          /* This changes the data from GG to GGXX */
+          if (flags & PNG_FLAG_FILLER_AFTER)
+          {
+-            png_bytep sp = row + (png_size_t)row_width;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 2;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 1; i < row_width; i++)
+             {
+                *(--dp) = hi_filler;
+@@ -1907,8 +1907,8 @@
+          /* This changes the data from GG to XXGG */
+          else
+          {
+-            png_bytep sp = row + (png_size_t)row_width;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 2;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 0; i < row_width; i++)
+             {
+                *(--dp) = *(--sp);
 @@ -1965,8 +1965,8 @@
           /* This changes the data from RRGGBB to RRGGBBXX */
           if (flags & PNG_FLAG_FILLER_AFTER)
@@ -22,26 +78,3 @@
              for (i = 0; i < row_width; i++)
              {
                 *(--dp) = *(--sp);
-
-Steve G <linux_4ever@yahoo.com>
-Libpng accesses memory that is out of bounds when creating an error message
-
-Index: pngerror.c
---- src/3rdparty/libpng/pngerror.c.orig	2002-10-03 13:32:27.000000000 +0200
-+++ src/3rdparty/libpng/pngerror.c	2004-04-28 13:24:22.000000000 +0200
-@@ -135,10 +135,13 @@
-       buffer[iout] = 0;
-    else
-    {
-+      png_size_t len;
-+      if ((len = png_strlen(error_message)) > 63)
-+          len = 63;
-       buffer[iout++] = ':';
-       buffer[iout++] = ' ';
--      png_memcpy(buffer+iout, error_message, 64);
--      buffer[iout+63] = 0;
-+      png_memcpy(buffer+iout, error_message, len);
-+      buffer[iout+len] = 0;
-    }
- }
- 

kde-qt/kde-qt.spec

@@ -34,7 +34,7 @@ Class:        EVAL
 Group:        KDE
 License:      GPL
 Version:      3.2.3
-Release:      20040701
+Release:      20040702
 
 #   list of sources
 Source0:      ftp://ftp.trolltech.com/pub/qt/source/qt-x11-free-%{version}.tar.bz2
@@ -44,8 +44,8 @@ Patch0:       kde-qt.patch
 #   build information
 Prefix:       %{l_prefix}
 BuildRoot:    %{l_buildroot}
-BuildPreReq:  OpenPKG, openpkg >= 20040130, X11, gcc, png, mng, jpeg, zlib
-PreReq:       OpenPKG, openpkg >= 20040130, X11, png, mng, jpeg, zlib
+BuildPreReq:  OpenPKG, openpkg >= 20040130, X11, gcc
+PreReq:       OpenPKG, openpkg >= 20040130, X11
 AutoReq:      no
 AutoReqProv:  no
 
@@ -144,8 +144,7 @@ AutoReqProv:  no
         -docdir %{l_prefix}/share/kde/qt/doc \
         -datadir %{l_prefix}/share/kde/qt/data \
         -release -shared -stl -sm \
-        -system-zlib -system-libpng \
-        -system-libjpeg -system-libmng -qt-gif \
+        -qt-zlib -qt-libpng -qt-libjpeg -qt-libmng -qt-gif \
         -no-nis -no-cups -no-nas-sound -no-xinerama \
         -xrender -no-xft -no-tablet -no-xkb \
         -disable-opengl -enable-sql \