diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-02-02 10:29:02 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-02-02 10:29:16 +0000 |
commit | 7a7c3dc1ee28d4241d5ef12fb033da839898f056 (patch) | |
tree | 0df53b04fb235e57da9501c8a0d752fb9db94e85 | |
parent | 1ff989c299cfc585cf70cce7e48649a200ea9df8 (diff) | |
download | aports-7a7c3dc1ee28d4241d5ef12fb033da839898f056.tar.bz2 aports-7a7c3dc1ee28d4241d5ef12fb033da839898f056.tar.xz |
main/libpng: security upgrade to 1.5.21 (CVE-2014-9495,CVE-2015-0973)
fixes #3849
-rw-r--r-- | main/libpng/APKBUILD | 20 | ||||
-rw-r--r-- | main/libpng/libpng15-CVE-2013-6954.patch | 35 |
2 files changed, 8 insertions, 47 deletions
diff --git a/main/libpng/APKBUILD b/main/libpng/APKBUILD index 65d06ff680..3044e06549 100644 --- a/main/libpng/APKBUILD +++ b/main/libpng/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libpng -pkgver=1.5.15 -pkgrel=1 +pkgver=1.5.21 +pkgrel=0 pkgdesc="Portable Network Graphics library" url="http://www.libpng.org/" arch="all" @@ -13,7 +13,6 @@ makedepends="$depends_dev gawk" subpackages="$pkgname-doc $pkgname-dev" source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz http://downloads.sourceforge.net/project/libpng-apng/libpng15/$pkgver/libpng-$pkgver-apng.patch.gz - libpng15-CVE-2013-6954.patch " _builddir="$srcdir/$pkgname-$pkgver" @@ -42,12 +41,9 @@ package() { rm -f "$pkgdir"/usr/lib/*.la } -md5sums="ea24254980fd820964a710e4d2a947c7 libpng-1.5.15.tar.gz -3ae9ea7e4bd201f0b25e25cd6049b094 libpng-1.5.15-apng.patch.gz -8cdbf47318e9f4710a957a4704f1dd6e libpng15-CVE-2013-6954.patch" -sha256sums="726224b7a6b5ad0032078bf3fb5a84ffb5ad683a33a62d67f7be5eb5bc37d076 libpng-1.5.15.tar.gz -e6c46fafd5fbea6250daa07c1b7be2b9571a7cc4c99e985c594666a33de52f6b libpng-1.5.15-apng.patch.gz -0c039a6cf4476b239ffc9c9f92ed48aabc9678e30b9c982ab6996dfddf6696f2 libpng15-CVE-2013-6954.patch" -sha512sums="3d4f04bc33150177c9ca46543d92884dd3e6857494b99f7cc171fc90371b345495ae777b11bbed88978ec4a00daab632431b3efa78420b0abb659d5cf5690bc7 libpng-1.5.15.tar.gz -631f4bb60b5e0a09e8fcb794bb240d39beae832a6aca9dab2d382ba2444bb2f7cb5a72dd02976cbe0972371e4a6238aa00b017ac4d8956c5afc0ec8671dcdbd6 libpng-1.5.15-apng.patch.gz -d4b390479cadd7637f71e494709a7628671d61bacf10a522547f53be58acc08088e23867ae05047d7a9f53985c7eca78616f28ecec82e785fd18cde84ed9dd86 libpng15-CVE-2013-6954.patch" +md5sums="5a399a6dd143cb82cdb6c8d98c75fa42 libpng-1.5.21.tar.gz +c2db739bf068fe5ca66bbf184030b24d libpng-1.5.21-apng.patch.gz" +sha256sums="835ce1d42ea9f50eddf74754f2b06b1c0f7a1d8e46deb89b839a5ca018599793 libpng-1.5.21.tar.gz +fe78d77cea22017cfd9568e35ca4e721c7052dd12fb353396c78f2302d43b1b2 libpng-1.5.21-apng.patch.gz" +sha512sums="d59e733f7268480e5cd2816e3894d11bdf739a230c0d1a717eac23a5e2825ed50ed1eaeba7701ee049304ef992d87a13bd7dc52b29aa616de35b35d8ab21cc99 libpng-1.5.21.tar.gz +6fc6c043e24edaace05d46589c9d4be46741710b9656e6061c4c8d25e46a58f2b997377bdb0fbfd7df8ee1602b77a048233e7e9699e8c8bc383b940d04538965 libpng-1.5.21-apng.patch.gz" diff --git a/main/libpng/libpng15-CVE-2013-6954.patch b/main/libpng/libpng15-CVE-2013-6954.patch deleted file mode 100644 index 9619d8a931..0000000000 --- a/main/libpng/libpng15-CVE-2013-6954.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/pngrtran.c b/pngrtran.c -index 5673193..04eecee 100644 ---- a/pngrtran.c -+++ b/pngrtran.c -@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr) - - info_ptr->bit_depth = 8; - info_ptr->num_trans = 0; -+ -+ if (png_ptr->palette == NULL) -+ png_error (png_ptr, "Palette is NULL in indexed image"); - } - else - { -diff --git a/pngset.c b/pngset.c -index 4177e62..3876103 100644 ---- a/pngset.c -+++ b/pngset.c -@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr, - return; - } - } -+ if ((num_palette > 0 && palette == NULL) || -+ (num_palette == 0 -+ # ifdef PNG_MNG_FEATURES_SUPPORTED -+ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 -+ # endif -+ )) -+ { -+ png_error(png_ptr, "Invalid palette"); -+ return; -+ } - - /* It may not actually be necessary to set png_ptr->palette here; - * we do it for backward compatibility with the way the png_handle_tRNS |