Revbump for CVE-2011-3328, till proper apng patch is rolled out

Package-Manager: portage-2.2.0_alpha59/cvs/Linux x86_64
author: Kacper Kowalik <xarthisius@gentoo.org> 2011-09-23 18:25:09 +0000
committer: Kacper Kowalik <xarthisius@gentoo.org> 2011-09-23 18:25:09 +0000
commit: 3b7532cee15cd48904b1017394f443d561f92a15 (patch)
tree: 838cd3c54799cc80a484e575aa3a2b567b2ed1e0 /media-libs
parent: Version bump (diff)
download: historical-3b7532cee15cd48904b1017394f443d561f92a15.tar.gz
historical-3b7532cee15cd48904b1017394f443d561f92a15.tar.bz2
historical-3b7532cee15cd48904b1017394f443d561f92a15.zip
4 files changed, 41 insertions, 8 deletions
diff --git a/media-libs/libpng/ChangeLog b/media-libs/libpng/ChangeLog
index 33b33303c872..2bb583c4cd79 100644
--- a/media-libs/libpng/ChangeLog
+++ b/media-libs/libpng/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-libs/libpng
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.302 2011/09/20 20:31:14 grobian Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.303 2011/09/23 18:25:09 xarthisius Exp $
+
+*libpng-1.5.4-r1 (23 Sep 2011)
+
+  23 Sep 2011; Kacper Kowalik <xarthisius@gentoo.org> -libpng-1.5.4.ebuild,
+  +libpng-1.5.4-r1.ebuild, +files/libpng-1.5.4-CVE-2011-3328.patch:
+  Revbump for CVE-2011-3328, till proper apng patch is rolled out
 
   20 Sep 2011; Fabian Groffen <grobian@gentoo.org> libpng-1.4.8-r2.ebuild:
   Fix installation on Darwin
diff --git a/media-libs/libpng/Manifest b/media-libs/libpng/Manifest
index 7787854dc002..421f42608abf 100644
--- a/media-libs/libpng/Manifest
+++ b/media-libs/libpng/Manifest
@@ -3,6 +3,7 @@ Hash: SHA1
 
 AUX libpng-1.2.45-build.patch 384 RMD160 a6567731f964f8a78a2c2be44112761417e4799c SHA1 580afbf794330d33298b62fa84a3da1468c05c43 SHA256 980df151b1b785ab24b86b0e512340b7040c7ac02b58cc835170000b90cfdf7c
 AUX libpng-1.4.8-build.patch 272 RMD160 1f2a9395316c55637ae80207ef589422f2860a6d SHA1 3fb8182441b87f738c019ef2e8d8650042c71d32 SHA256 68342741c0bc08ee30abdbfb808e0c0065851ad5483a3982121ca8be8b7009e6
+AUX libpng-1.5.4-CVE-2011-3328.patch 912 RMD160 1424614deb663702a4018585099006524e947b5d SHA1 40230b3a020bd7c95bf8ae427e280577292d16ba SHA256 90d8ed6891e9c770112eb29b8edc4fddab1dfb880d7de6283156b1b8716bd505
 DIST libpng-1.2.45.tar.xz 539972 RMD160 c1294734d1912d84ac8dd2a53095d7345bd6ca99 SHA1 77d744bd5704c0218b8587014d0d205e4fe95cdf SHA256 befc6d2ddebae760f79bf9f88fecce42f88f2fc5962223da7bceb535cf2e5e9b
 DIST libpng-1.2.46.tar.xz 541808 RMD160 1ae035fb9bd06fa71adf736b1d4b6d152df0a3f6 SHA1 89fbe2bfb031d7c3ec65ee46041fe602c8f79f32 SHA256 f6f3ddc53bcb8cdd224f1d3642150df38aa5e8e9d509b0cedf793638c9269d65
 DIST libpng-1.4.7-apng.patch.gz 10437 RMD160 f0e2e8862f057fcc1be7ce26063fc58e58774720 SHA1 8286b869d0adabc77d25ca5fca3d4895b8b9618f SHA256 2e3db25f04cf3bdc193b04e431b8cca31d3d7d3616cee0bd7e58c0a46715e09d
@@ -15,13 +16,15 @@ EBUILD libpng-1.2.46.ebuild 995 RMD160 cbc778dc4f81dbfef9cf275e776e01dff731bbd2
 EBUILD libpng-1.4.8-r1.ebuild 1426 RMD160 88c5a3c9cd84e43aaad1eb059f15b4774d6deb48 SHA1 9522542c4f4a2e5a4f3cf2142f3729fc439d6e0b SHA256 367a1591ba92868095f461498ab1600ff2b771c0211804906dd5f6fb515490f2
 EBUILD libpng-1.4.8-r2.ebuild 1369 RMD160 531f587ba91f30eb15135f613068aed99545600f SHA1 bc4b9405b9d7533dd7ece78f7e39542b61d2d6b0 SHA256 ec52f045d997fc9bfb1fa2fe3686489956395c6f079b9a815e2cec32fbf497d2
 EBUILD libpng-1.4.8.ebuild 1467 RMD160 023570d161ac3f93c09893c2292a605ec079418b SHA1 6e2808c79a8c2cebdafa56611c7236d9aa2c195c SHA256 8447d796a9d51d3ed14b91aad3b39d82c4ea1ce0b0d35f8b3fcb6ce2a7abf5c1
-EBUILD libpng-1.5.4.ebuild 1412 RMD160 7edb0df74eedaa4d0778942872a24e9225e51088 SHA1 bb38d4bef6c80939d0907a034ac7b1c8dafa95f4 SHA256 d7e86ac30ec35d34a2e3a0ebe0f7bff6044b31fe949671f49e3ae3be354f958f
-MISC ChangeLog 40634 RMD160 7b41385cdbb16a792c82ac1cef76e5fadd1accc3 SHA1 23b4d54bb1f1e8df355fe14b3ef65b4b846d37f6 SHA256 cd2c50a7d61fb7eec657ecb623c3062710dd2f665418ca15ec4d38e11ea9c6ed
+EBUILD libpng-1.5.4-r1.ebuild 1463 RMD160 27b6c8dd18f3169fb359c3bec9b433693d67b5de SHA1 faa68726cc46b698db204b4120fe2e0d1ce37af9 SHA256 40a8a4cd20697bcc2fb08fb1248db7515841039d9bfdfd9307fbd34c2cb21be6
+MISC ChangeLog 40880 RMD160 8b32537536e5911d255768ac3bfe00663d674c5c SHA1 fa165d6271ca50f04a1a1e85ca0b674df5cebf42 SHA256 27dffb5dfe02bb45bebea2ff754240a753dc20d8c205b0d77b4b609a6da7553d
 MISC metadata.xml 247 RMD160 61ce1843d85a1ab05dc7838ac15375b0fb4f35bd SHA1 0a4b634f99126e9ebc485ad949b41df5a11f2fb0 SHA256 6646b71692ca41b7b944a2f6e044942baf8b8258ca073b555160e57b9eb39af8
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (Darwin)
+Version: GnuPG v2.0.18 (GNU/Linux)
 
-iEYEARECAAYFAk54+BgACgkQX3X2B8XHTomCIgCfYKWJumn8DBnY1MQl9AI9nF1T
-KQAAnRGgnoNp/fD24Ilvyz6fQPOir0SW
-=hUBK
+iJwEAQECAAYFAk58zw0ACgkQIiMqcbOVdxR+pQP/ayLU9JrK6hDBzc0aS2AUfwBb
+rOUph+Ehcwsj8lXd0zq1+QhnSQZaC/H2AxSM+COM2NSgWnrizXOdI2WS0r5VSeML
+RqwFIG+a3sd+tf/HKtQZRc0LhEJ3c4BYfRHDb0fry43dfClq3FFnyo0JuMRxHI7W
+qJYKUD9QiDJv8e+/Vl4=
+=Z2S2
 -----END PGP SIGNATURE-----
diff --git a/media-libs/libpng/files/libpng-1.5.4-CVE-2011-3328.patch b/media-libs/libpng/files/libpng-1.5.4-CVE-2011-3328.patch
new file mode 100644
index 000000000000..bcfdc119b193
--- /dev/null
+++ b/media-libs/libpng/files/libpng-1.5.4-CVE-2011-3328.patch
@@ -0,0 +1,23 @@
+--- pngrutil.c.orig	2011-09-23 20:20:43.974170436 +0200
++++ pngrutil.c	2011-09-23 20:21:41.308119496 +0200
+@@ -1037,12 +1037,14 @@
+           */
+          png_uint_32 w = y_red + y_green + y_blue;
+ 
+-         png_ptr->rgb_to_gray_red_coeff   = (png_uint_16)(((png_uint_32)y_red *
+-            32768)/w);
+-         png_ptr->rgb_to_gray_green_coeff = (png_uint_16)(((png_uint_32)y_green
+-            * 32768)/w);
+-         png_ptr->rgb_to_gray_blue_coeff  = (png_uint_16)(((png_uint_32)y_blue *
+-            32768)/w);
++         if (w != 0) {
++            png_ptr->rgb_to_gray_red_coeff   = (png_uint_16)(((png_uint_32)y_red *
++               32768)/w);
++            png_ptr->rgb_to_gray_green_coeff = (png_uint_16)(((png_uint_32)y_green
++               * 32768)/w);
++            png_ptr->rgb_to_gray_blue_coeff  = (png_uint_16)(((png_uint_32)y_blue *
++               32768)/w);
++         }
+       }
+    }
+ #endif
diff --git a/media-libs/libpng/libpng-1.5.4.ebuild b/media-libs/libpng/libpng-1.5.4-r1.ebuild
index 8a94c7fd1ba3..85c4a0a6c61f 100644
--- a/media-libs/libpng/libpng-1.5.4.ebuild
+++ b/media-libs/libpng/libpng-1.5.4-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.5.4.ebuild,v 1.2 2011/09/17 17:52:35 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.5.4-r1.ebuild,v 1.1 2011/09/23 18:25:09 xarthisius Exp $
 
 EAPI=4
 
@@ -23,6 +23,7 @@ DEPEND="${RDEPEND}
 DOCS=( ANNOUNCE CHANGES libpng-manual.txt README TODO )
 
 src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2011-3328.patch
 	use apng && epatch "${WORKDIR}"/${P}-apng.patch
 	elibtoolize
 }
author	Kacper Kowalik <xarthisius@gentoo.org>	2011-09-23 18:25:09 +0000
committer	Kacper Kowalik <xarthisius@gentoo.org>	2011-09-23 18:25:09 +0000
commit	3b7532cee15cd48904b1017394f443d561f92a15 (patch)
tree	838cd3c54799cc80a484e575aa3a2b567b2ed1e0 /media-libs
parent	Version bump (diff)
download	historical-3b7532cee15cd48904b1017394f443d561f92a15.tar.gz historical-3b7532cee15cd48904b1017394f443d561f92a15.tar.bz2 historical-3b7532cee15cd48904b1017394f443d561f92a15.zip