[arch-commits] Commit in libpng/trunk (CVE-2011-3026.patch PKGBUILD)
Ionut Biru
ibiru at archlinux.org
Mon Feb 20 11:03:50 UTC 2012
Date: Monday, February 20, 2012 @ 06:03:50
Author: ibiru
Revision: 150692
update to 1.5.9
Modified:
libpng/trunk/PKGBUILD
Deleted:
libpng/trunk/CVE-2011-3026.patch
---------------------+
CVE-2011-3026.patch | 26 --------------------------
PKGBUILD | 17 ++++++-----------
2 files changed, 6 insertions(+), 37 deletions(-)
Deleted: CVE-2011-3026.patch
===================================================================
--- CVE-2011-3026.patch 2012-02-20 11:01:31 UTC (rev 150691)
+++ CVE-2011-3026.patch 2012-02-20 11:03:50 UTC (rev 150692)
@@ -1,26 +0,0 @@
-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026
-http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?r1=121492&r2=121491&pathrev=121492
-
-Check for both truncation (64-bit platforms) and integer overflow.
-
---- a/pngrutil.c 2012-02-01 16:00:34.000000000 +1100
-+++ b/pngrutil.c 2012-02-16 09:05:45.000000000 +1100
-@@ -457,8 +457,16 @@ png_decompress_chunk(png_structp png_ptr
- {
- /* Success (maybe) - really uncompress the chunk. */
- png_size_t new_size = 0;
-- png_charp text = (png_charp)png_malloc_warn(png_ptr,
-- prefix_size + expanded_size + 1);
-+ png_charp text = NULL;
-+ /* Need to check for both truncation (64-bit platforms) and integer
-+ * overflow.
-+ */
-+ if (prefix_size + expanded_size > prefix_size &&
-+ prefix_size + expanded_size < 0xffffffffU)
-+ {
-+ png_charp text = (png_charp)png_malloc_warn(png_ptr,
-+ prefix_size + expanded_size + 1);
-+ }
-
- if (text != NULL)
- {
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2012-02-20 11:01:31 UTC (rev 150691)
+++ PKGBUILD 2012-02-20 11:03:50 UTC (rev 150692)
@@ -5,9 +5,9 @@
# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
pkgname=libpng
-pkgver=1.5.8
-_apngver=1.5.8
-pkgrel=2
+pkgver=1.5.9
+_apngver=1.5.9
+pkgrel=1
pkgdesc="A collection of routines used to create PNG format graphics files"
arch=('i686' 'x86_64')
url="http://www.libpng.org/pub/png/libpng.html"
@@ -15,11 +15,9 @@
depends=('zlib' 'sh')
options=('!libtool')
source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.xz"
- "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz"
- CVE-2011-3026.patch)
-md5sums=('0f7ae352beadaff78073733905613041'
- '158772fecdc6d8591bcd382c04da334c'
- 'e3f19c889e57135eed66d0a3a22e2912')
+ "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz")
+md5sums=('05d9ab3705c34954c0032b71318b678a'
+ '268f7db97b292d5f14a24ea7940f6f1c')
build() {
cd "$srcdir/$pkgname-$pkgver"
@@ -28,9 +26,6 @@
# see http://sourceforge.net/projects/libpng-apng/
patch -p1 -i "$srcdir/libpng-$_apngver-apng.patch"
- #CVE-2011-3026
- patch -Np1 -i "$srcdir/CVE-2011-3026.patch"
-
./configure --prefix=/usr
make
}
More information about the arch-commits
mailing list