[arch-commits] Commit in libpng/trunk (CVE-2011-3026.patch PKGBUILD)
Ionut Biru
ibiru at archlinux.org
Fri Feb 17 13:21:33 UTC 2012
Date: Friday, February 17, 2012 @ 08:21:33
Author: ibiru
Revision: 150422
fix CVE-2011-3026
Added:
libpng/trunk/CVE-2011-3026.patch
Modified:
libpng/trunk/PKGBUILD
---------------------+
CVE-2011-3026.patch | 26 ++++++++++++++++++++++++++
PKGBUILD | 13 +++++++++----
2 files changed, 35 insertions(+), 4 deletions(-)
Added: CVE-2011-3026.patch
===================================================================
--- CVE-2011-3026.patch (rev 0)
+++ CVE-2011-3026.patch 2012-02-17 13:21:33 UTC (rev 150422)
@@ -0,0 +1,26 @@
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026
+http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?r1=121492&r2=121491&pathrev=121492
+
+Check for both truncation (64-bit platforms) and integer overflow.
+
+--- a/pngrutil.c 2012-02-01 16:00:34.000000000 +1100
++++ b/pngrutil.c 2012-02-16 09:05:45.000000000 +1100
+@@ -457,8 +457,16 @@ png_decompress_chunk(png_structp png_ptr
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+- png_charp text = (png_charp)png_malloc_warn(png_ptr,
+- prefix_size + expanded_size + 1);
++ png_charp text = NULL;
++ /* Need to check for both truncation (64-bit platforms) and integer
++ * overflow.
++ */
++ if (prefix_size + expanded_size > prefix_size &&
++ prefix_size + expanded_size < 0xffffffffU)
++ {
++ png_charp text = (png_charp)png_malloc_warn(png_ptr,
++ prefix_size + expanded_size + 1);
++ }
+
+ if (text != NULL)
+ {
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2012-02-17 13:03:41 UTC (rev 150421)
+++ PKGBUILD 2012-02-17 13:21:33 UTC (rev 150422)
@@ -6,8 +6,8 @@
pkgname=libpng
pkgver=1.5.8
-_apngver=1.5.7
-pkgrel=1
+_apngver=1.5.8
+pkgrel=2
pkgdesc="A collection of routines used to create PNG format graphics files"
arch=('i686' 'x86_64')
url="http://www.libpng.org/pub/png/libpng.html"
@@ -15,9 +15,11 @@
depends=('zlib' 'sh')
options=('!libtool')
source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.xz"
- "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz")
+ "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz"
+ CVE-2011-3026.patch)
md5sums=('0f7ae352beadaff78073733905613041'
- '6c6a674048cec94db1bc35decf0d142c')
+ '158772fecdc6d8591bcd382c04da334c'
+ 'e3f19c889e57135eed66d0a3a22e2912')
build() {
cd "$srcdir/$pkgname-$pkgver"
@@ -26,6 +28,9 @@
# see http://sourceforge.net/projects/libpng-apng/
patch -p1 -i "$srcdir/libpng-$_apngver-apng.patch"
+ #CVE-2011-3026
+ patch -Np1 -i "$srcdir/CVE-2011-3026.patch"
+
./configure --prefix=/usr
make
}
More information about the arch-commits
mailing list