diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-25 13:41:33 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-25 15:58:48 +0000 |
commit | 7f7d47bce8ceac1f164300401f93e3b4befe3dd7 (patch) | |
tree | d5a2fa2a2a0296d632e7fd712212e64c32f68397 | |
parent | 12e19cfdf63e21ad183d3c25b59d01c563b97753 (diff) | |
download | aports-7f7d47bce8ceac1f164300401f93e3b4befe3dd7.tar.bz2 aports-7f7d47bce8ceac1f164300401f93e3b4befe3dd7.tar.xz |
main/libpng: security fix for CVE-2013-6954
fixes #2697
-rw-r--r-- | main/libpng/APKBUILD | 11 | ||||
-rw-r--r-- | main/libpng/libpng15-CVE-2013-6954.patch | 35 |
2 files changed, 44 insertions, 2 deletions
diff --git a/main/libpng/APKBUILD b/main/libpng/APKBUILD index b869d7b692..d95456366d 100644 --- a/main/libpng/APKBUILD +++ b/main/libpng/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libpng pkgver=1.5.12 -pkgrel=0 +pkgrel=1 pkgdesc="Portable Network Graphics library" url="http://www.libpng.org/" arch="all" @@ -13,12 +13,18 @@ makedepends="$depends_dev gawk" subpackages="$pkgname-doc $pkgname-dev" source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz http://downloads.sourceforge.net/project/libpng-apng/libpng15/$pkgver/libpng-$pkgver-apng.patch.gz + libpng15-CVE-2013-6954.patch " _builddir="$srcdir/$pkgname-$pkgver" prepare() { cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done gunzip -c "$srcdir"/libpng-$pkgver-apng.patch.gz | patch -p1 || return 1 } @@ -37,4 +43,5 @@ package() { } md5sums="8ea7f60347a306c5faf70b977fa80e28 libpng-1.5.12.tar.gz -7f2924b1fe0cca9080e18b8720443716 libpng-1.5.12-apng.patch.gz" +7f2924b1fe0cca9080e18b8720443716 libpng-1.5.12-apng.patch.gz +8cdbf47318e9f4710a957a4704f1dd6e libpng15-CVE-2013-6954.patch" diff --git a/main/libpng/libpng15-CVE-2013-6954.patch b/main/libpng/libpng15-CVE-2013-6954.patch new file mode 100644 index 0000000000..9619d8a931 --- /dev/null +++ b/main/libpng/libpng15-CVE-2013-6954.patch @@ -0,0 +1,35 @@ +diff --git a/pngrtran.c b/pngrtran.c +index 5673193..04eecee 100644 +--- a/pngrtran.c ++++ b/pngrtran.c +@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr) + + info_ptr->bit_depth = 8; + info_ptr->num_trans = 0; ++ ++ if (png_ptr->palette == NULL) ++ png_error (png_ptr, "Palette is NULL in indexed image"); + } + else + { +diff --git a/pngset.c b/pngset.c +index 4177e62..3876103 100644 +--- a/pngset.c ++++ b/pngset.c +@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr, + return; + } + } ++ if ((num_palette > 0 && palette == NULL) || ++ (num_palette == 0 ++ # ifdef PNG_MNG_FEATURES_SUPPORTED ++ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 ++ # endif ++ )) ++ { ++ png_error(png_ptr, "Invalid palette"); ++ return; ++ } + + /* It may not actually be necessary to set png_ptr->palette here; + * we do it for backward compatibility with the way the png_handle_tRNS |