added Security Fix (CAN-2002-1363) for png

pdflib/pdflib.patch

@@ -11,31 +11,6 @@ Index: config/mkmainlib.inc
  	    $(LIBTOOL) -n --finish $(libdir);\
  	else\
 
---- libs/png/pngrtran.c.orig	Wed Oct  2 20:20:24 2002
-+++ libs/png/pngrtran.c	Wed Jan 15 11:30:23 2003
-@@ -1965,8 +1965,8 @@
-          /* This changes the data from RRGGBB to RRGGBBXX */
-          if (flags & PNG_FLAG_FILLER_AFTER)
-          {
--            png_bytep sp = row + (png_size_t)row_width * 3;
--            png_bytep dp = sp  + (png_size_t)row_width;
-+            png_bytep sp = row + (png_size_t)row_width * 6;
-+            png_bytep dp = sp  + (png_size_t)row_width * 2;
-             for (i = 1; i < row_width; i++)
-             {
-                *(--dp) = hi_filler;
-@@ -1987,8 +1987,8 @@
-          /* This changes the data from RRGGBB to XXRRGGBB */
-          else
-          {
--            png_bytep sp = row + (png_size_t)row_width * 3;
--            png_bytep dp = sp  + (png_size_t)row_width;
-+            png_bytep sp = row + (png_size_t)row_width * 6;
-+            png_bytep dp = sp  + (png_size_t)row_width * 2;
-             for (i = 0; i < row_width; i++)
-             {
-                *(--dp) = *(--sp);
-
 Steve G <linux_4ever@yahoo.com>
 Libpng accesses memory that is out of bounds when creating an error message
 
@@ -58,3 +33,50 @@ Index: pngerror.c
     }
  }
  
+Index: libs/png/pngrtran.c
+--- libs/png/pngrtran.c.orig	2004-01-26 14:30:33 +0100
++++ libs/png/pngrtran.c	2004-07-01 12:10:25 +0200
+@@ -1890,8 +1890,8 @@
+          /* This changes the data from GG to GGXX */
+          if (flags & PNG_FLAG_FILLER_AFTER)
+          {
+-            png_bytep sp = row + (png_size_t)row_width;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 2;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 1; i < row_width; i++)
+             {
+                *(--dp) = hi_filler;
+@@ -1908,8 +1908,8 @@
+          /* This changes the data from GG to XXGG */
+          else
+          {
+-            png_bytep sp = row + (png_size_t)row_width;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 2;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 0; i < row_width; i++)
+             {
+                *(--dp) = *(--sp);
+@@ -1966,8 +1966,8 @@
+          /* This changes the data from RRGGBB to RRGGBBXX */
+          if (flags & PNG_FLAG_FILLER_AFTER)
+          {
+-            png_bytep sp = row + (png_size_t)row_width * 3;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 6;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 1; i < row_width; i++)
+             {
+                *(--dp) = hi_filler;
+@@ -1988,8 +1988,8 @@
+          /* This changes the data from RRGGBB to XXRRGGBB */
+          else
+          {
+-            png_bytep sp = row + (png_size_t)row_width * 3;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 6;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 0; i < row_width; i++)
+             {
+                *(--dp) = *(--sp);

pdflib/pdflib.spec

@@ -38,7 +38,7 @@ Class:        BASE
 Group:        Graphics
 License:      PDFlib
 Version:      %{V_long}
-Release:      20040625
+Release:      20040701
 
 #   list of sources
 Source0:      http://www.pdflib.com/products/pdflib/download/%{V_comp}src/PDFlib-Lite-%{V_long}.tar.gz