5 changed files with 36 additions and 40 deletions
--- a/CVE-2019-6129.patch
+++ b/CVE-2019-6129.patch
@ -0,0 +1,23 @@
+From a0ca4293454ef65e67efca5dc440c601d2835e90 Mon Sep 17 00:00:00 2001
+From: tangyaofang <tangyaofang6666@163.com>
+Date: Mon, 10 Jun 2019 11:30:15 +0800
+Subject: [PATCH] Repair of CVE-2019-6129
+
+---
+ contrib/tools/pngcp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/tools/pngcp.c b/contrib/tools/pngcp.c
+index 16d4e7f4d..a02d5b7ff 100644
+--- a/contrib/tools/pngcp.c
+++ b/contrib/tools/pngcp.c
+@@ -506,7 +506,7 @@ static void
+ display_clean_read(struct display *dp)
+ {
+    if (dp->read_pp != NULL)
+-      png_destroy_read_struct(&dp->read_pp, NULL, NULL);
+      png_destroy_read_struct(&dp->read_pp, (dp->ip!=NULL ? &dp->ip : NULL), NULL);
+ 
+    if (dp->fp != NULL)
+    {
+
--- a/libpng-1.6.37.tar.gz
+++ b/libpng-1.6.37.tar.gz
--- a/libpng-1.6.40.tar.gz
+++ b/libpng-1.6.40.tar.gz
--- a/libpng-fix-arm-neon.patch
+++ b/libpng-fix-arm-neon.patch
@ -10,7 +10,7 @@ index 4fb0778..930bf50 100644
          AC_DEFINE([PNG_ARM_NEON_OPT], [0],
                    [Disable ARM Neon optimizations])
          # Prevent inclusion of the assembler files below:
-          enable_arm_neon=no ;;
+          enable_arm_neon=no;;
       check)
 +         AC_DEFINE([PNG_ARM_NEON], [], [ARM NEON support])
          AC_DEFINE([PNG_ARM_NEON_CHECK_SUPPORTED], [],
--- a/libpng.spec
+++ b/libpng.spec
@ -1,6 +1,6 @@
 Name:           libpng
 Epoch:          2
-Version:        1.6.40
+Version:        1.6.37
 Release:        1
 Summary:        A library of functions for manipulating PNG image format files
 License:        zlib
@ -10,8 +10,11 @@ Source1:        pngusr.dfa

 Patch0:         libpng-multilib.patch
 Patch1:         libpng-fix-arm-neon.patch
+Patch2:         CVE-2019-6129.patch

 BuildRequires:  zlib-devel autoconf automake libtool
+Provides:       libpng-tools
+Obsoletes:      libpng-tools

 %description
 The libpng package contains libraries used by other programs for reading and writing PNG format files.
@ -22,26 +25,13 @@ with many improvements and extensions and lack of patent problems.
 Summary:        Development files for libpng
 Requires:       %{name}%{?_isa} = %{epoch}:%{version}-%{release} zlib-devel%{?_isa} pkgconfig%{?_isa}

+Provides:       libpng-static
+Obsoletes:      libpng-static
+
 %description    devel
 The libpng-devel package contains libraries and header files for developing
 applications that using the PNG library.

-%package static
-Summary:       Static PNG image format file library
-Requires:      %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
- 
-%description static
-The libpng-static package contains the statically linkable version of libpng.
-Linking to static libraries is discouraged for most applications, but it is
-necessary for some boot packages.
- 
-%package tools
-Summary:       Tools for PNG image format file library
-Requires:      %{name}%{?_isa} = %{epoch}:%{version}-%{release}
- 
-%description tools
-The libpng-tools package contains tools used by the authors of libpng.
-
 %package        help
 Summary:        Help documents for libpng

@ -62,7 +52,9 @@ autoreconf -vif
 rm -f %{buildroot}%{_libdir}/*.la

 %check
+%if %{?_with_check:1}%{!?_with_check:0}
 make check
+%endif

 %ldconfig_post
 %ldconfig_postun
@ -73,36 +65,17 @@ make check
 %{_libdir}/libpng16.so.*

 %files devel
+%{_bindir}/*
 %{_includedir}/*
 %{_libdir}/libpng*.so
+%{_libdir}/libpng*.a
 %{_libdir}/pkgconfig/libpng*.pc

-%files static
-%{_libdir}/libpng*.a
- 
-%files tools
-%{_bindir}/*
-
 %files help
-%doc libpng-manual.txt TODO CHANGES
+%doc libpng-manual.txt example.c TODO CHANGES
 %{_mandir}/man*/*

 %changelog
-* Thu Jul 13 2023 jiangxinyu <jiangxinyu@kylinoss.cn> - 1.6.40-1
- Update package to version 1.6.40
-
-* Thu Dec 15 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.6.38-2
- remove example.c from help
-
-* Thu Nov 03 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.6.38-1
- update 1.6.38
-
-* Tue Mar 29 2022 liuyumeng <liuyumeng5@h-partners.com> - 1.6.37-3
- enable test and fix failed tests
-
-* Sat Dec 25 2021 hanhui <hanhui15@huawei.com> - 1.6.37-2
- DESC:split tools and static packages
-
 * Mon May 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.6.37-1
 - Type:requirement
 - ID:NA