[packages] libpng: fix 1-bit interlaced images information disclosure vulnerability...
authorNicolas Thill <nico@openwrt.org>
Thu, 9 Jul 2009 14:43:21 +0000 (14:43 +0000)
committerNicolas Thill <nico@openwrt.org>
Thu, 9 Jul 2009 14:43:21 +0000 (14:43 +0000)
 - CVE-2009-2042

SVN-Revision: 16752

libs/libpng/Makefile
libs/libpng/patches/901-cve-2009-2042.patch [new file with mode: 0644]

index 6ce0daf..77b9809 100644 (file)
@@ -1,5 +1,5 @@
 # 
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2009 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libpng
 PKG_VERSION:=1.2.29
-PKG_RELEASE:=1
+PKG_RELEASE:=1.1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=@SF/libpng
diff --git a/libs/libpng/patches/901-cve-2009-2042.patch b/libs/libpng/patches/901-cve-2009-2042.patch
new file mode 100644 (file)
index 0000000..7ddc48e
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
+
+--- a/pngrutil.c
++++ b/pngrutil.c
+@@ -3150,6 +3150,8 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED
+    {
+      png_free(png_ptr,png_ptr->big_row_buf);
+      png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64);
++     if (png_ptr->interlaced)
++       png_memset(png_ptr->big_row_buf, 0, png_ptr->rowbytes + 64);
+      png_ptr->row_buf = png_ptr->big_row_buf+32;
+      png_ptr->old_big_row_buf_size = row_bytes+64;
+    }