Fix from upstream for CVE-2008-1382 #217047.

Package-Manager: portage-2.2_pre5
author: Mike Frysinger <vapier@gentoo.org> 2008-04-14 03:04:30 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2008-04-14 03:04:30 +0000
commit: 207f44983f2dca1f4acf482df169d0a0f7ea5031 (patch)
tree: 193e0220b1d67237dc4e0f2d802fa9f2a43ff960 /media-libs/libpng
parent: Drop stable keywords for amd64, bug 217582 (diff)
download: historical-207f44983f2dca1f4acf482df169d0a0f7ea5031.tar.gz
historical-207f44983f2dca1f4acf482df169d0a0f7ea5031.tar.bz2
historical-207f44983f2dca1f4acf482df169d0a0f7ea5031.zip
4 files changed, 243 insertions, 5 deletions
diff --git a/media-libs/libpng/ChangeLog b/media-libs/libpng/ChangeLog
index 84653be6d682..ff694a79f047 100644
--- a/media-libs/libpng/ChangeLog
+++ b/media-libs/libpng/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-libs/libpng
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.188 2008/04/07 20:43:18 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.189 2008/04/14 03:04:29 vapier Exp $
+
+*libpng-1.2.26-r1 (14 Apr 2008)
+
+  14 Apr 2008; Mike Frysinger <vapier@gentoo.org>
+  +files/libpng-1.2.26-CVE-2008-1382.patch, +libpng-1.2.26-r1.ebuild:
+  Fix from upstream for CVE-2008-1382 #217047.
 
   07 Apr 2008; Raúl Porcel <armin76@gentoo.org> libpng-1.2.25.ebuild:
   ia64 stable wrt #215978
diff --git a/media-libs/libpng/Manifest b/media-libs/libpng/Manifest
index d8b2d1fa3870..9911a9f676ad 100644
--- a/media-libs/libpng/Manifest
+++ b/media-libs/libpng/Manifest
@@ -2,16 +2,18 @@
 Hash: SHA1
 
 AUX libpng-1.2.24-pngconf-setjmp.patch 395 RMD160 149318b2941f0bee3c6de5075cad6725cbc34486 SHA1 19529489561af86a4c5ac6c6ed0246a7f2f09dd8 SHA256 7930a95a0f29b1c7afca8e11f4008341ad2cd30703ca67166416e0c24ebe198a
+AUX libpng-1.2.26-CVE-2008-1382.patch 7815 RMD160 e1aeff5aa392d376bfda21b1e94f918a2aff31d6 SHA1 a62c914bb75ba5921cec1511ffa7a033cfbdedfe SHA256 fbd1cb3e0812ba4fed90e3b06aee98109e98b7048ebed8f7086b8ee54807bfcb
 DIST libpng-1.2.25.tar.bz2 638262 RMD160 fc087e62e95116d59cf3a6880035f1d9e630ae6c SHA1 0afb5738eab00f721e3fbeb9ed76dbdb2b53204f SHA256 2e92eada0c32d5e49da5617d389e43bc27a18bdca4b8d7badb7fee931d157ce0
 DIST libpng-1.2.26.tar.lzma 500072 RMD160 d9c733cb2354e9bb6d5e7145d91581c4acbeb1ca SHA1 6422456bcf8ed99c9acc0439f0a6738ad3b63b44 SHA256 6ac3c121ae5f5f76c14a50cf4aff68a4b51f1bda976eae1d706cbc4fda7173e1
 EBUILD libpng-1.2.25.ebuild 1019 RMD160 9c9ee4cbcc9e875c89e8cc87d18b7a006ae6c127 SHA1 1d4fa2d8694d748815074dbfeab746c981717b43 SHA256 b1283abb550611f4557d7a00e4de763235383ae9fc3af0a6cee0fc4aa0df50c7
+EBUILD libpng-1.2.26-r1.ebuild 1132 RMD160 39f2a526497d6937d25c053d4228742d7e3642bc SHA1 f7204849c6392b2ab96cffa1de9d4d210cace02f SHA256 1fccaa3244304ba3d0372ae4a4ef495ef1c822a08071d1945865c3b0559341be
 EBUILD libpng-1.2.26.ebuild 1074 RMD160 81e9defa8ce5387414cd213bfec55b16c167a8fd SHA1 883290065365b9aaba8ec00b828c63378d420591 SHA256 e730a2356ed902a14e9f1c43c77794575529bc34196bc4e62b3798217467a661
-MISC ChangeLog 25810 RMD160 a4f21cc17a6a546e577577b567daa52c754030a3 SHA1 6cfaf8062e99af2fd10ac72e7f163c44693e465e SHA256 0a55b2b0abbcb2c40aa56f75a65812bda969382fcfbd6ca295b47a7f2be761f8
+MISC ChangeLog 26010 RMD160 9e34c0b55e9a733f921fe05a8b6d5e00e4b552e8 SHA1 7b8c104bfa0bea0afe940988fd41f4784de05298 SHA256 d5ac892594204561e760e59b4f084524161cd0d76c7b2c72334cfdebe4655410
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.7 (GNU/Linux)
 
-iD8DBQFH/Zucj9hvisErhMIRAoWUAJ9eBRukULSFdIWCtb+9NXl3IaBu7gCfQWw9
-1sd6xWMcJI/nauzr7sa8R08=
-=Rj9B
+iD8DBQFIAsnEj9hvisErhMIRAtT1AJ4oVKQMD+uZ8ajm692j/U+Epu5IRgCg0DW6
+2amqbrc37x7bUIfWbVn3RL8=
+=uEXn
 -----END PGP SIGNATURE-----
diff --git a/media-libs/libpng/files/libpng-1.2.26-CVE-2008-1382.patch b/media-libs/libpng/files/libpng-1.2.26-CVE-2008-1382.patch
new file mode 100644
index 000000000000..df002ea14155
--- /dev/null
+++ b/media-libs/libpng/files/libpng-1.2.26-CVE-2008-1382.patch
@@ -0,0 +1,191 @@
+diff -ru4N libpng-1.2.26/png.h libpng-1.2.27beta01/png.h
+--- libpng-1.2.26/png.h	2008-04-02 12:27:29.867681595 -0500
++++ libpng-1.2.27beta01/png.h	2008-04-05 21:41:14.644268554 -0500
+@@ -180,8 +180,11 @@
+  *    1.0.31                  10    10031  10.so.0.31[.0]
+  *    1.2.25                  13    10225  12.so.0.25[.0]
+  *    1.2.26beta01-06         13    10226  12.so.0.26[.0]
+  *    1.2.26rc01              13    10226  12.so.0.26[.0]
++ *    1.2.26                  13    10226  12.so.0.26[.0]
++ *    1.0.32                  10    10032  10.so.0.32[.0]
++ *    1.2.27beta01            13    10227  12.so.0.27[.0]
+  *
+  *    Henceforth the source version will match the shared-library major
+  *    and minor numbers; the shared-library major version number will be
+  *    used for changes in backward compatibility, as it is intended.  The
+diff -ru4N libpng-1.2.26/pngpread.c libpng-1.2.27beta01/pngpread.c
+--- libpng-1.2.26/pngpread.c	2008-04-05 21:37:29.944173338 -0500
++++ libpng-1.2.27beta01/pngpread.c	2008-04-05 21:41:14.898914350 -0500
+@@ -1,8 +1,8 @@
+ 
+ /* pngpread.c - read a png file in push mode
+  *
+- * Last changed in libpng 1.2.26 [April 2, 2008]
++ * Last changed in libpng 1.2.27 [April 6, 2008]
+  * For conditions of distribution and use, see copyright notice in png.h
+  * Copyright (c) 1998-2008 Glenn Randers-Pehrson
+  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
+  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
+@@ -1501,11 +1501,16 @@
+                  (png_charp)png_ptr->chunk_name, 
+                  png_sizeof(png_ptr->unknown_chunk.name));
+       png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1]='\0';
+ 
+-      png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
+       png_ptr->unknown_chunk.size = (png_size_t)length;
+-      png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
++      if (length == 0)
++         png_ptr->unknown_chunk.data = NULL;
++      else
++      {
++         png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
++         png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
++      }
+ #if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
+       if(png_ptr->read_user_chunk_fn != NULL)
+       {
+          /* callback to user unknown chunk handler */
+@@ -1526,10 +1531,13 @@
+       }
+       else
+ #endif
+         png_set_unknown_chunks(png_ptr, info_ptr, &png_ptr->unknown_chunk, 1);
+-      png_free(png_ptr, png_ptr->unknown_chunk.data);
+-      png_ptr->unknown_chunk.data = NULL;
++      if (png_ptr->unknown_chunk.data)
++      {
++        png_free(png_ptr, png_ptr->unknown_chunk.data);
++        png_ptr->unknown_chunk.data = NULL;
++      }
+    }
+    else
+ #endif
+       skip=length;
+diff -ru4N libpng-1.2.26/pngrutil.c libpng-1.2.27beta01/pngrutil.c
+--- libpng-1.2.26/pngrutil.c	2008-04-05 21:37:32.785260077 -0500
++++ libpng-1.2.27beta01/pngrutil.c	2008-04-05 21:41:15.202296784 -0500
+@@ -1,8 +1,8 @@
+ 
+ /* pngrutil.c - utilities to read a PNG file
+  *
+- * Last changed in libpng 1.2.26 [April 2, 2008]
++ * Last changed in libpng 1.2.27 [April 6, 2008]
+  * For conditions of distribution and use, see copyright notice in png.h
+  * Copyright (c) 1998-2008 Glenn Randers-Pehrson
+  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
+  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
+@@ -2226,11 +2226,16 @@
+        png_memcpy((png_charp)png_ptr->unknown_chunk.name,
+                   (png_charp)png_ptr->chunk_name, 
+                   png_sizeof(png_ptr->unknown_chunk.name));
+        png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1] = '\0';
+-       png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
+        png_ptr->unknown_chunk.size = (png_size_t)length;
+-       png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
++       if (length == 0)
++         png_ptr->unknown_chunk.data = NULL;
++       else
++       {
++         png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
++         png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
++       }
+ #if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
+        if(png_ptr->read_user_chunk_fn != NULL)
+        {
+           /* callback to user unknown chunk handler */
+@@ -2251,10 +2256,13 @@
+        }
+        else
+ #endif
+          png_set_unknown_chunks(png_ptr, info_ptr, &png_ptr->unknown_chunk, 1);
+-       png_free(png_ptr, png_ptr->unknown_chunk.data);
+-       png_ptr->unknown_chunk.data = NULL;
++       if (png_ptr->unknown_chunk.data)
++       {
++         png_free(png_ptr, png_ptr->unknown_chunk.data);
++         png_ptr->unknown_chunk.data = NULL;
++       }
+    }
+    else
+ #endif
+       skip = length;
+diff -ru4N libpng-1.2.26/pngset.c libpng-1.2.27beta01/pngset.c
+--- libpng-1.2.26/pngset.c	2008-04-02 12:27:30.621225067 -0500
++++ libpng-1.2.27beta01/pngset.c	2008-04-05 21:41:15.248946598 -0500
+@@ -1,8 +1,8 @@
+ 
+ /* pngset.c - storage of image information into info struct
+  *
+- * Last changed in libpng 1.2.25 [February 18, 2008]
++ * Last changed in libpng 1.2.27 [April 6, 2008]
+  * For conditions of distribution and use, see copyright notice in png.h
+  * Copyright (c) 1998-2008 Glenn Randers-Pehrson
+  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
+  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
+@@ -1039,30 +1039,33 @@
+     info_ptr->unknown_chunks=NULL;
+ 
+     for (i = 0; i < num_unknowns; i++)
+     {
+-        png_unknown_chunkp to = np + info_ptr->unknown_chunks_num + i;
+-        png_unknown_chunkp from = unknowns + i;
++       png_unknown_chunkp to = np + info_ptr->unknown_chunks_num + i;
++       png_unknown_chunkp from = unknowns + i;
+ 
+-        png_memcpy((png_charp)to->name, 
+-                   (png_charp)from->name, 
+-                   png_sizeof(from->name));
+-        to->name[png_sizeof(to->name)-1] = '\0';
++       png_memcpy((png_charp)to->name, 
++                  (png_charp)from->name, 
++                  png_sizeof(from->name));
++       to->name[png_sizeof(to->name)-1] = '\0';
++       to->size = from->size;
++       /* note our location in the read or write sequence */
++       to->location = (png_byte)(png_ptr->mode & 0xff);
+ 
+-        to->data = (png_bytep)png_malloc_warn(png_ptr, from->size);
+-        if (to->data == NULL)
+-        {
+-           png_warning(png_ptr,
++       if (from->size == 0)
++          to->data=NULL;
++       else
++       {
++          to->data = (png_bytep)png_malloc_warn(png_ptr, from->size);
++          if (to->data == NULL)
++          {
++             png_warning(png_ptr,
+               "Out of memory while processing unknown chunk.");
+-        }
+-        else
+-        {
+-           png_memcpy(to->data, from->data, from->size);
+-           to->size = from->size;
+-
+-           /* note our location in the read or write sequence */
+-           to->location = (png_byte)(png_ptr->mode & 0xff);
+-        }
++             to->size=0;
++          }
++          else
++             png_memcpy(to->data, from->data, from->size);
++       }
+     }
+ 
+     info_ptr->unknown_chunks = np;
+     info_ptr->unknown_chunks_num += num_unknowns;
+diff -ru4N libpng-1.2.26/pngwrite.c libpng-1.2.27beta01/pngwrite.c
+--- libpng-1.2.26/pngwrite.c	2008-04-02 12:27:30.775542734 -0500
++++ libpng-1.2.27beta01/pngwrite.c	2008-04-05 21:41:15.402698604 -0500
+@@ -111,8 +111,10 @@
+             !(up->location & PNG_HAVE_IDAT) &&
+             ((up->name[3] & 0x20) || keep == PNG_HANDLE_CHUNK_ALWAYS ||
+             (png_ptr->flags & PNG_FLAG_KEEP_UNSAFE_CHUNKS)))
+          {
++            if (up->size == 0)
++               png_warning(png_ptr, "Writing zero-length unknown chunk");
+             png_write_chunk(png_ptr, up->name, up->data, up->size);
+          }
+        }
+    }
diff --git a/media-libs/libpng/libpng-1.2.26-r1.ebuild b/media-libs/libpng/libpng-1.2.26-r1.ebuild
new file mode 100644
index 000000000000..a7c2fc477a75
--- /dev/null
+++ b/media-libs/libpng/libpng-1.2.26-r1.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.2.26-r1.ebuild,v 1.1 2008/04/14 03:04:29 vapier Exp $
+
+inherit libtool multilib eutils
+
+DESCRIPTION="Portable Network Graphics library"
+HOMEPAGE="http://www.libpng.org/"
+SRC_URI="mirror://sourceforge/libpng/${P}.tar.lzma"
+
+LICENSE="as-is"
+SLOT="1.2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND="sys-libs/zlib"
+DEPEND="${RDEPEND}
+	app-arch/lzma-utils"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${PN}-1.2.24-pngconf-setjmp.patch
+	epatch "${FILESDIR}"/${P}-CVE-2008-1382.patch #217047
+	# So we get sane .so versioning on FreeBSD
+	elibtoolize
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die
+	dodoc ANNOUNCE CHANGES KNOWNBUG README TODO Y2KINFO
+}
+
+pkg_postinst() {
+	# the libpng authors really screwed around between 1.2.1 and 1.2.3
+	if [[ -f ${ROOT}/usr/$(get_libdir)/libpng.so.3.1.2.1 ]] ; then
+		rm -f "${ROOT}"/usr/$(get_libdir)/libpng.so.3.1.2.1
+	fi
+}
author	Mike Frysinger <vapier@gentoo.org>	2008-04-14 03:04:30 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2008-04-14 03:04:30 +0000
commit	207f44983f2dca1f4acf482df169d0a0f7ea5031 (patch)
tree	193e0220b1d67237dc4e0f2d802fa9f2a43ff960 /media-libs/libpng
parent	Drop stable keywords for amd64, bug 217582 (diff)
download	historical-207f44983f2dca1f4acf482df169d0a0f7ea5031.tar.gz historical-207f44983f2dca1f4acf482df169d0a0f7ea5031.tar.bz2 historical-207f44983f2dca1f4acf482df169d0a0f7ea5031.zip