[arch-commits] Commit in libpng/repos (6 files)
Ionut Biru
ibiru at archlinux.org
Fri Feb 17 13:27:23 UTC 2012
Date: Friday, February 17, 2012 @ 08:27:22
Author: ibiru
Revision: 150423
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
libpng/repos/extra-i686/CVE-2011-3026.patch
(from rev 150422, libpng/trunk/CVE-2011-3026.patch)
libpng/repos/extra-i686/PKGBUILD
(from rev 150422, libpng/trunk/PKGBUILD)
libpng/repos/extra-x86_64/CVE-2011-3026.patch
(from rev 150422, libpng/trunk/CVE-2011-3026.patch)
libpng/repos/extra-x86_64/PKGBUILD
(from rev 150422, libpng/trunk/PKGBUILD)
Deleted:
libpng/repos/extra-i686/PKGBUILD
libpng/repos/extra-x86_64/PKGBUILD
----------------------------------+
extra-i686/CVE-2011-3026.patch | 26 +++++++++++
extra-i686/PKGBUILD | 87 +++++++++++++++++++------------------
extra-x86_64/CVE-2011-3026.patch | 26 +++++++++++
extra-x86_64/PKGBUILD | 87 +++++++++++++++++++------------------
4 files changed, 144 insertions(+), 82 deletions(-)
Copied: libpng/repos/extra-i686/CVE-2011-3026.patch (from rev 150422, libpng/trunk/CVE-2011-3026.patch)
===================================================================
--- extra-i686/CVE-2011-3026.patch (rev 0)
+++ extra-i686/CVE-2011-3026.patch 2012-02-17 13:27:22 UTC (rev 150423)
@@ -0,0 +1,26 @@
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026
+http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?r1=121492&r2=121491&pathrev=121492
+
+Check for both truncation (64-bit platforms) and integer overflow.
+
+--- a/pngrutil.c 2012-02-01 16:00:34.000000000 +1100
++++ b/pngrutil.c 2012-02-16 09:05:45.000000000 +1100
+@@ -457,8 +457,16 @@ png_decompress_chunk(png_structp png_ptr
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+- png_charp text = (png_charp)png_malloc_warn(png_ptr,
+- prefix_size + expanded_size + 1);
++ png_charp text = NULL;
++ /* Need to check for both truncation (64-bit platforms) and integer
++ * overflow.
++ */
++ if (prefix_size + expanded_size > prefix_size &&
++ prefix_size + expanded_size < 0xffffffffU)
++ {
++ png_charp text = (png_charp)png_malloc_warn(png_ptr,
++ prefix_size + expanded_size + 1);
++ }
+
+ if (text != NULL)
+ {
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2012-02-17 13:21:33 UTC (rev 150422)
+++ extra-i686/PKGBUILD 2012-02-17 13:27:22 UTC (rev 150423)
@@ -1,41 +0,0 @@
-# $Id$
-# Maintainer: Jan de Groot <jgc at archlinux.org>
-# Contributor: dorphell <dorphell at archlinux.org>
-# Contributor: Travis Willard <travis at archlinux.org>
-# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
-
-pkgname=libpng
-pkgver=1.5.8
-_apngver=1.5.7
-pkgrel=1
-pkgdesc="A collection of routines used to create PNG format graphics files"
-arch=('i686' 'x86_64')
-url="http://www.libpng.org/pub/png/libpng.html"
-license=('custom')
-depends=('zlib' 'sh')
-options=('!libtool')
-source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.xz"
- "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz")
-md5sums=('0f7ae352beadaff78073733905613041'
- '6c6a674048cec94db1bc35decf0d142c')
-
-build() {
- cd "$srcdir/$pkgname-$pkgver"
-
- # Add animated PNG (apng) support
- # see http://sourceforge.net/projects/libpng-apng/
- patch -p1 -i "$srcdir/libpng-$_apngver-apng.patch"
-
- ./configure --prefix=/usr
- make
-}
-
-package() {
- cd "$srcdir/$pkgname-$pkgver"
- make DESTDIR="$pkgdir" install
-
- cd contrib/pngminus
- make PNGLIB="-L$pkgdir/usr/lib -lpng" -f makefile.std png2pnm pnm2png
- install -m755 png2pnm pnm2png "$pkgdir/usr/bin/"
- install -D -m644 ../../LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
-}
Copied: libpng/repos/extra-i686/PKGBUILD (from rev 150422, libpng/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2012-02-17 13:27:22 UTC (rev 150423)
@@ -0,0 +1,46 @@
+# $Id$
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+# Contributor: dorphell <dorphell at archlinux.org>
+# Contributor: Travis Willard <travis at archlinux.org>
+# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
+
+pkgname=libpng
+pkgver=1.5.8
+_apngver=1.5.8
+pkgrel=2
+pkgdesc="A collection of routines used to create PNG format graphics files"
+arch=('i686' 'x86_64')
+url="http://www.libpng.org/pub/png/libpng.html"
+license=('custom')
+depends=('zlib' 'sh')
+options=('!libtool')
+source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.xz"
+ "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz"
+ CVE-2011-3026.patch)
+md5sums=('0f7ae352beadaff78073733905613041'
+ '158772fecdc6d8591bcd382c04da334c'
+ 'e3f19c889e57135eed66d0a3a22e2912')
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ # Add animated PNG (apng) support
+ # see http://sourceforge.net/projects/libpng-apng/
+ patch -p1 -i "$srcdir/libpng-$_apngver-apng.patch"
+
+ #CVE-2011-3026
+ patch -Np1 -i "$srcdir/CVE-2011-3026.patch"
+
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make DESTDIR="$pkgdir" install
+
+ cd contrib/pngminus
+ make PNGLIB="-L$pkgdir/usr/lib -lpng" -f makefile.std png2pnm pnm2png
+ install -m755 png2pnm pnm2png "$pkgdir/usr/bin/"
+ install -D -m644 ../../LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+}
Copied: libpng/repos/extra-x86_64/CVE-2011-3026.patch (from rev 150422, libpng/trunk/CVE-2011-3026.patch)
===================================================================
--- extra-x86_64/CVE-2011-3026.patch (rev 0)
+++ extra-x86_64/CVE-2011-3026.patch 2012-02-17 13:27:22 UTC (rev 150423)
@@ -0,0 +1,26 @@
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026
+http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?r1=121492&r2=121491&pathrev=121492
+
+Check for both truncation (64-bit platforms) and integer overflow.
+
+--- a/pngrutil.c 2012-02-01 16:00:34.000000000 +1100
++++ b/pngrutil.c 2012-02-16 09:05:45.000000000 +1100
+@@ -457,8 +457,16 @@ png_decompress_chunk(png_structp png_ptr
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+- png_charp text = (png_charp)png_malloc_warn(png_ptr,
+- prefix_size + expanded_size + 1);
++ png_charp text = NULL;
++ /* Need to check for both truncation (64-bit platforms) and integer
++ * overflow.
++ */
++ if (prefix_size + expanded_size > prefix_size &&
++ prefix_size + expanded_size < 0xffffffffU)
++ {
++ png_charp text = (png_charp)png_malloc_warn(png_ptr,
++ prefix_size + expanded_size + 1);
++ }
+
+ if (text != NULL)
+ {
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2012-02-17 13:21:33 UTC (rev 150422)
+++ extra-x86_64/PKGBUILD 2012-02-17 13:27:22 UTC (rev 150423)
@@ -1,41 +0,0 @@
-# $Id$
-# Maintainer: Jan de Groot <jgc at archlinux.org>
-# Contributor: dorphell <dorphell at archlinux.org>
-# Contributor: Travis Willard <travis at archlinux.org>
-# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
-
-pkgname=libpng
-pkgver=1.5.8
-_apngver=1.5.7
-pkgrel=1
-pkgdesc="A collection of routines used to create PNG format graphics files"
-arch=('i686' 'x86_64')
-url="http://www.libpng.org/pub/png/libpng.html"
-license=('custom')
-depends=('zlib' 'sh')
-options=('!libtool')
-source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.xz"
- "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz")
-md5sums=('0f7ae352beadaff78073733905613041'
- '6c6a674048cec94db1bc35decf0d142c')
-
-build() {
- cd "$srcdir/$pkgname-$pkgver"
-
- # Add animated PNG (apng) support
- # see http://sourceforge.net/projects/libpng-apng/
- patch -p1 -i "$srcdir/libpng-$_apngver-apng.patch"
-
- ./configure --prefix=/usr
- make
-}
-
-package() {
- cd "$srcdir/$pkgname-$pkgver"
- make DESTDIR="$pkgdir" install
-
- cd contrib/pngminus
- make PNGLIB="-L$pkgdir/usr/lib -lpng" -f makefile.std png2pnm pnm2png
- install -m755 png2pnm pnm2png "$pkgdir/usr/bin/"
- install -D -m644 ../../LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
-}
Copied: libpng/repos/extra-x86_64/PKGBUILD (from rev 150422, libpng/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2012-02-17 13:27:22 UTC (rev 150423)
@@ -0,0 +1,46 @@
+# $Id$
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+# Contributor: dorphell <dorphell at archlinux.org>
+# Contributor: Travis Willard <travis at archlinux.org>
+# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
+
+pkgname=libpng
+pkgver=1.5.8
+_apngver=1.5.8
+pkgrel=2
+pkgdesc="A collection of routines used to create PNG format graphics files"
+arch=('i686' 'x86_64')
+url="http://www.libpng.org/pub/png/libpng.html"
+license=('custom')
+depends=('zlib' 'sh')
+options=('!libtool')
+source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.xz"
+ "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz"
+ CVE-2011-3026.patch)
+md5sums=('0f7ae352beadaff78073733905613041'
+ '158772fecdc6d8591bcd382c04da334c'
+ 'e3f19c889e57135eed66d0a3a22e2912')
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ # Add animated PNG (apng) support
+ # see http://sourceforge.net/projects/libpng-apng/
+ patch -p1 -i "$srcdir/libpng-$_apngver-apng.patch"
+
+ #CVE-2011-3026
+ patch -Np1 -i "$srcdir/CVE-2011-3026.patch"
+
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make DESTDIR="$pkgdir" install
+
+ cd contrib/pngminus
+ make PNGLIB="-L$pkgdir/usr/lib -lpng" -f makefile.std png2pnm pnm2png
+ install -m755 png2pnm pnm2png "$pkgdir/usr/bin/"
+ install -D -m644 ../../LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+}
More information about the arch-commits
mailing list