diff options
-rw-r--r-- | graphics/png/Makefile | 5 | ||||
-rw-r--r-- | graphics/png/distinfo | 9 | ||||
-rw-r--r-- | graphics/png/patches/patch-CVE-2011-3026 | 24 |
3 files changed, 6 insertions, 32 deletions
diff --git a/graphics/png/Makefile b/graphics/png/Makefile index 92836d5c5a7..283d79e18b8 100644 --- a/graphics/png/Makefile +++ b/graphics/png/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.144 2012/02/18 15:16:59 drochner Exp $ +# $NetBSD: Makefile,v 1.145 2012/02/18 15:42:57 wiz Exp $ -DISTNAME= libpng-1.5.8 +DISTNAME= libpng-1.5.9rc01 PKGNAME= ${DISTNAME:S/lib//} -PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \ ftp://ftp.fu-berlin.de/unix/graphics/png/src/ diff --git a/graphics/png/distinfo b/graphics/png/distinfo index f428bb7c298..aa724b31122 100644 --- a/graphics/png/distinfo +++ b/graphics/png/distinfo @@ -1,7 +1,6 @@ -$NetBSD: distinfo,v 1.91 2012/02/18 15:16:59 drochner Exp $ +$NetBSD: distinfo,v 1.92 2012/02/18 15:42:57 wiz Exp $ -SHA1 (libpng-1.5.8.tar.bz2) = 46fdc2ab3fef9cf0949b1d7374cda9ea37ed5419 -RMD160 (libpng-1.5.8.tar.bz2) = 643ef6a0720e51a1dc326971db35846d02bbca10 -Size (libpng-1.5.8.tar.bz2) = 865525 bytes -SHA1 (patch-CVE-2011-3026) = d91733f3d3a7305eb530c7bc37955231bfda9a21 +SHA1 (libpng-1.5.9rc01.tar.bz2) = abe3df6f1a79cf9b2666431d00faeb8cb2c7a745 +RMD160 (libpng-1.5.9rc01.tar.bz2) = 2349ee7b0e516c4dc0da6e5c533c2fd14be99069 +Size (libpng-1.5.9rc01.tar.bz2) = 854693 bytes SHA1 (patch-aa) = aaf79ebb8a18448c096c17ae9b02da02bc537db2 diff --git a/graphics/png/patches/patch-CVE-2011-3026 b/graphics/png/patches/patch-CVE-2011-3026 deleted file mode 100644 index 513e6fc2543..00000000000 --- a/graphics/png/patches/patch-CVE-2011-3026 +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-CVE-2011-3026,v 1.1 2012/02/18 15:16:59 drochner Exp $ - -from chromium rev.121492 - ---- pngrutil.c.orig 2012-02-01 05:00:34.000000000 +0000 -+++ pngrutil.c -@@ -457,8 +457,15 @@ png_decompress_chunk(png_structp png_ptr - { - /* Success (maybe) - really uncompress the chunk. */ - png_size_t new_size = 0; -- png_charp text = (png_charp)png_malloc_warn(png_ptr, -- prefix_size + expanded_size + 1); -+ png_charp text = NULL; -+ /* Need to check for both truncation (64-bit platforms) and integer -+ * overflow. -+ */ -+ if (prefix_size + expanded_size > prefix_size && -+ prefix_size + expanded_size < 0xffffffffU) -+ { -+ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1); -+ } - - if (text != NULL) - { |