From: Nicolas Thill Date: Thu, 9 Jul 2009 14:43:21 +0000 (+0000) Subject: [packages] libpng: fix 1-bit interlaced images information disclosure vulnerability... X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;hb=e3f9aae44c35438a760bff0934eb50e1f20e73aa [packages] libpng: fix 1-bit interlaced images information disclosure vulnerability, bump release number - CVE-2009-2042 SVN-Revision: 16752 --- diff --git a/libs/libpng/Makefile b/libs/libpng/Makefile index 6ce0daf5af..77b98095b2 100644 --- a/libs/libpng/Makefile +++ b/libs/libpng/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006 OpenWrt.org +# Copyright (C) 2006-2009 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libpng PKG_VERSION:=1.2.29 -PKG_RELEASE:=1 +PKG_RELEASE:=1.1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@SF/libpng diff --git a/libs/libpng/patches/901-cve-2009-2042.patch b/libs/libpng/patches/901-cve-2009-2042.patch new file mode 100644 index 0000000000..7ddc48eee5 --- /dev/null +++ b/libs/libpng/patches/901-cve-2009-2042.patch @@ -0,0 +1,13 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 + +--- a/pngrutil.c ++++ b/pngrutil.c +@@ -3150,6 +3150,8 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED + { + png_free(png_ptr,png_ptr->big_row_buf); + png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64); ++ if (png_ptr->interlaced) ++ png_memset(png_ptr->big_row_buf, 0, png_ptr->rowbytes + 64); + png_ptr->row_buf = png_ptr->big_row_buf+32; + png_ptr->old_big_row_buf_size = row_bytes+64; + }