From 56171df203fbc734ae0f5e6c719892673de68d64 Mon Sep 17 00:00:00 2001 From: Kacper Kowalik Date: Fri, 23 Sep 2011 18:25:09 +0000 Subject: Revbump for CVE-2011-3328, till proper apng patch is rolled out (Portage version: 2.2.0_alpha59/cvs/Linux x86_64) --- media-libs/libpng/ChangeLog | 8 +++- .../libpng/files/libpng-1.5.4-CVE-2011-3328.patch | 23 +++++++++++ media-libs/libpng/libpng-1.5.4-r1.ebuild | 48 ++++++++++++++++++++++ media-libs/libpng/libpng-1.5.4.ebuild | 47 --------------------- 4 files changed, 78 insertions(+), 48 deletions(-) create mode 100644 media-libs/libpng/files/libpng-1.5.4-CVE-2011-3328.patch create mode 100644 media-libs/libpng/libpng-1.5.4-r1.ebuild delete mode 100644 media-libs/libpng/libpng-1.5.4.ebuild (limited to 'media-libs') diff --git a/media-libs/libpng/ChangeLog b/media-libs/libpng/ChangeLog index 33b33303c872..2bb583c4cd79 100644 --- a/media-libs/libpng/ChangeLog +++ b/media-libs/libpng/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-libs/libpng # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.302 2011/09/20 20:31:14 grobian Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.303 2011/09/23 18:25:09 xarthisius Exp $ + +*libpng-1.5.4-r1 (23 Sep 2011) + + 23 Sep 2011; Kacper Kowalik -libpng-1.5.4.ebuild, + +libpng-1.5.4-r1.ebuild, +files/libpng-1.5.4-CVE-2011-3328.patch: + Revbump for CVE-2011-3328, till proper apng patch is rolled out 20 Sep 2011; Fabian Groffen libpng-1.4.8-r2.ebuild: Fix installation on Darwin diff --git a/media-libs/libpng/files/libpng-1.5.4-CVE-2011-3328.patch b/media-libs/libpng/files/libpng-1.5.4-CVE-2011-3328.patch new file mode 100644 index 000000000000..bcfdc119b193 --- /dev/null +++ b/media-libs/libpng/files/libpng-1.5.4-CVE-2011-3328.patch @@ -0,0 +1,23 @@ +--- pngrutil.c.orig 2011-09-23 20:20:43.974170436 +0200 ++++ pngrutil.c 2011-09-23 20:21:41.308119496 +0200 +@@ -1037,12 +1037,14 @@ + */ + png_uint_32 w = y_red + y_green + y_blue; + +- png_ptr->rgb_to_gray_red_coeff = (png_uint_16)(((png_uint_32)y_red * +- 32768)/w); +- png_ptr->rgb_to_gray_green_coeff = (png_uint_16)(((png_uint_32)y_green +- * 32768)/w); +- png_ptr->rgb_to_gray_blue_coeff = (png_uint_16)(((png_uint_32)y_blue * +- 32768)/w); ++ if (w != 0) { ++ png_ptr->rgb_to_gray_red_coeff = (png_uint_16)(((png_uint_32)y_red * ++ 32768)/w); ++ png_ptr->rgb_to_gray_green_coeff = (png_uint_16)(((png_uint_32)y_green ++ * 32768)/w); ++ png_ptr->rgb_to_gray_blue_coeff = (png_uint_16)(((png_uint_32)y_blue * ++ 32768)/w); ++ } + } + } + #endif diff --git a/media-libs/libpng/libpng-1.5.4-r1.ebuild b/media-libs/libpng/libpng-1.5.4-r1.ebuild new file mode 100644 index 000000000000..85c4a0a6c61f --- /dev/null +++ b/media-libs/libpng/libpng-1.5.4-r1.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.5.4-r1.ebuild,v 1.1 2011/09/23 18:25:09 xarthisius Exp $ + +EAPI=4 + +inherit eutils libtool multilib + +DESCRIPTION="Portable Network Graphics library" +HOMEPAGE="http://www.libpng.org/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz + apng? ( mirror://sourceforge/${PN}-apng/${PN}-devel/${PV}/${P}-apng.patch.gz )" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="apng static-libs" + +RDEPEND="sys-libs/zlib" +DEPEND="${RDEPEND} + app-arch/xz-utils" + +DOCS=( ANNOUNCE CHANGES libpng-manual.txt README TODO ) + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2011-3328.patch + use apng && epatch "${WORKDIR}"/${P}-apng.patch + elibtoolize +} + +src_configure() { + econf $(use_enable static-libs static) +} + +src_install() { + default + find "${ED}" -name '*.la' -exec rm -f {} + +} + +pkg_preinst() { + has_version ${CATEGORY}/${PN}:1.4 && return 0 + preserve_old_lib /usr/$(get_libdir)/libpng14$(get_libname 14) +} + +pkg_postinst() { + has_version ${CATEGORY}/${PN}:1.4 && return 0 + preserve_old_lib_notify /usr/$(get_libdir)/libpng14$(get_libname 14) +} diff --git a/media-libs/libpng/libpng-1.5.4.ebuild b/media-libs/libpng/libpng-1.5.4.ebuild deleted file mode 100644 index 8a94c7fd1ba3..000000000000 --- a/media-libs/libpng/libpng-1.5.4.ebuild +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.5.4.ebuild,v 1.2 2011/09/17 17:52:35 ssuominen Exp $ - -EAPI=4 - -inherit eutils libtool multilib - -DESCRIPTION="Portable Network Graphics library" -HOMEPAGE="http://www.libpng.org/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz - apng? ( mirror://sourceforge/${PN}-apng/${PN}-devel/${PV}/${P}-apng.patch.gz )" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -IUSE="apng static-libs" - -RDEPEND="sys-libs/zlib" -DEPEND="${RDEPEND} - app-arch/xz-utils" - -DOCS=( ANNOUNCE CHANGES libpng-manual.txt README TODO ) - -src_prepare() { - use apng && epatch "${WORKDIR}"/${P}-apng.patch - elibtoolize -} - -src_configure() { - econf $(use_enable static-libs static) -} - -src_install() { - default - find "${ED}" -name '*.la' -exec rm -f {} + -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:1.4 && return 0 - preserve_old_lib /usr/$(get_libdir)/libpng14$(get_libname 14) -} - -pkg_postinst() { - has_version ${CATEGORY}/${PN}:1.4 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/libpng14$(get_libname 14) -} -- cgit v1.2.3-65-gdbad