fix cve

CVE-2019-6129.patch

@@ -0,0 +1,23 @@
+From a0ca4293454ef65e67efca5dc440c601d2835e90 Mon Sep 17 00:00:00 2001
+From: tangyaofang <tangyaofang6666@163.com>
+Date: Mon, 10 Jun 2019 11:30:15 +0800
+Subject: [PATCH] Repair of CVE-2019-6129
+
+---
+ contrib/tools/pngcp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/tools/pngcp.c b/contrib/tools/pngcp.c
+index 16d4e7f4d..a02d5b7ff 100644
+--- a/contrib/tools/pngcp.c
++++ b/contrib/tools/pngcp.c
+@@ -506,7 +506,7 @@ static void
+ display_clean_read(struct display *dp)
+ {
+    if (dp->read_pp != NULL)
+-      png_destroy_read_struct(&dp->read_pp, NULL, NULL);
++      png_destroy_read_struct(&dp->read_pp, (dp->ip!=NULL ? &dp->ip : NULL), NULL);
+ 
+    if (dp->fp != NULL)
+    {
+

libpng.spec

@@ -1,7 +1,7 @@
 Name:           libpng
 Epoch:          2
 Version:        1.6.36
-Release:        3
+Release:        4
 Summary:        A library of functions for manipulating PNG image format files
 License:        zlib
 URL:            http://www.libpng.org/pub/png/libpng.html
@@ -12,6 +12,7 @@ Patch0:         libpng-multilib.patch
 Patch1:         libpng-fix-arm-neon.patch
 Patch2:         libpng-CVE-2019-7317.patch
 Patch3:		libpng-CVE-2018-14550.patch
+Patch4:         CVE-2019-6129.patch
 
 BuildRequires:  zlib-devel autoconf automake libtool
 Provides:       libpng-tools
@@ -77,6 +78,12 @@ make check
 %{_mandir}/man*/*
 
 %changelog
+* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.6.36-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix cve
+
 * Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.6.36-3
 - Type:bugfix
 - ID:NA