Date: Monday, February 20, 2012 @ 06:03:50 Author: ibiru Revision: 150692
update to 1.5.9 Modified: libpng/trunk/PKGBUILD Deleted: libpng/trunk/CVE-2011-3026.patch ---------------------+ CVE-2011-3026.patch | 26 -------------------------- PKGBUILD | 17 ++++++----------- 2 files changed, 6 insertions(+), 37 deletions(-) Deleted: CVE-2011-3026.patch =================================================================== --- CVE-2011-3026.patch 2012-02-20 11:01:31 UTC (rev 150691) +++ CVE-2011-3026.patch 2012-02-20 11:03:50 UTC (rev 150692) @@ -1,26 +0,0 @@ -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026 -http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?r1=121492&r2=121491&pathrev=121492 - -Check for both truncation (64-bit platforms) and integer overflow. - ---- a/pngrutil.c 2012-02-01 16:00:34.000000000 +1100 -+++ b/pngrutil.c 2012-02-16 09:05:45.000000000 +1100 -@@ -457,8 +457,16 @@ png_decompress_chunk(png_structp png_ptr - { - /* Success (maybe) - really uncompress the chunk. */ - png_size_t new_size = 0; -- png_charp text = (png_charp)png_malloc_warn(png_ptr, -- prefix_size + expanded_size + 1); -+ png_charp text = NULL; -+ /* Need to check for both truncation (64-bit platforms) and integer -+ * overflow. -+ */ -+ if (prefix_size + expanded_size > prefix_size && -+ prefix_size + expanded_size < 0xffffffffU) -+ { -+ png_charp text = (png_charp)png_malloc_warn(png_ptr, -+ prefix_size + expanded_size + 1); -+ } - - if (text != NULL) - { Modified: PKGBUILD =================================================================== --- PKGBUILD 2012-02-20 11:01:31 UTC (rev 150691) +++ PKGBUILD 2012-02-20 11:03:50 UTC (rev 150692) @@ -5,9 +5,9 @@ # Contributor: Douglas Soares de Andrade <[email protected]> pkgname=libpng -pkgver=1.5.8 -_apngver=1.5.8 -pkgrel=2 +pkgver=1.5.9 +_apngver=1.5.9 +pkgrel=1 pkgdesc="A collection of routines used to create PNG format graphics files" arch=('i686' 'x86_64') url="http://www.libpng.org/pub/png/libpng.html"; @@ -15,11 +15,9 @@ depends=('zlib' 'sh') options=('!libtool') source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.xz"; - "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz"; - CVE-2011-3026.patch) -md5sums=('0f7ae352beadaff78073733905613041' - '158772fecdc6d8591bcd382c04da334c' - 'e3f19c889e57135eed66d0a3a22e2912') + "http://downloads.sourceforge.net/sourceforge/libpng-apng/libpng-$_apngver-apng.patch.gz";) +md5sums=('05d9ab3705c34954c0032b71318b678a' + '268f7db97b292d5f14a24ea7940f6f1c') build() { cd "$srcdir/$pkgname-$pkgver" @@ -28,9 +26,6 @@ # see http://sourceforge.net/projects/libpng-apng/ patch -p1 -i "$srcdir/libpng-$_apngver-apng.patch" - #CVE-2011-3026 - patch -Np1 -i "$srcdir/CVE-2011-3026.patch" - ./configure --prefix=/usr make }
