diff options
| author | Joshua Lock <josh@linux.intel.com> | 2011-10-13 11:54:24 -0700 |
|---|---|---|
| committer | Joshua Lock <josh@linux.intel.com> | 2011-10-14 09:38:40 -0700 |
| commit | e3e50d2c69a5e78c32ca9717e313c6c79f7efd97 (patch) | |
| tree | 06949101028fe10c745399b7413a88276bb6e3f7 /meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch | |
| parent | e5cce8a57d40a16a5133c1a394ab0f3717741344 (diff) | |
| download | poky-e3e50d2c69a5e78c32ca9717e313c6c79f7efd97.tar.gz | |
libpng: backport security fixes
This patch includes various security fixes from upstream (though the patches
were taken from Debian's packaging) to address the following CVE issues:
libpng CVE-2011-2690
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2690
libpng CVE-2011-2692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2692
libpng CVE-2011-2501
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2501
Signed-off-by: Joshua Lock <josh@linux.intel.com>
Diffstat (limited to 'meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch')
| -rw-r--r-- | meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch b/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch new file mode 100644 index 0000000000..f38a222170 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | This patch is taken from upstream and is a fix for CVE CVE-2011-2690 | ||
| 2 | |||
| 3 | Description: fix denial of service and possible arbitrary code | ||
| 4 | execution via crafted PNG image | ||
| 5 | Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5 | ||
| 6 | |||
| 7 | Upstream-Status: Backport | ||
| 8 | |||
| 9 | Signed-off-by: Joshua Lock <josh@linux.intel.com> | ||
| 10 | |||
| 11 | Index: libpng-1.2.44/pngrtran.c | ||
| 12 | =================================================================== | ||
| 13 | --- libpng-1.2.44.orig/pngrtran.c 2011-07-26 08:18:55.489498092 -0400 | ||
| 14 | +++ libpng-1.2.44/pngrtran.c 2011-07-26 08:19:02.079498092 -0400 | ||
| 15 | @@ -676,10 +676,21 @@ | ||
| 16 | png_set_rgb_to_gray(png_structp png_ptr, int error_action, double red, | ||
| 17 | double green) | ||
| 18 | { | ||
| 19 | - int red_fixed = (int)((float)red*100000.0 + 0.5); | ||
| 20 | - int green_fixed = (int)((float)green*100000.0 + 0.5); | ||
| 21 | + int red_fixed, green_fixed; | ||
| 22 | if (png_ptr == NULL) | ||
| 23 | return; | ||
| 24 | + if (red > 21474.83647 || red < -21474.83648 || | ||
| 25 | + green > 21474.83647 || green < -21474.83648) | ||
| 26 | + { | ||
| 27 | + png_warning(png_ptr, "ignoring out of range rgb_to_gray coefficients"); | ||
| 28 | + red_fixed = -1; | ||
| 29 | + green_fixed = -1; | ||
| 30 | + } | ||
| 31 | + else | ||
| 32 | + { | ||
| 33 | + red_fixed = (int)((float)red*100000.0 + 0.5); | ||
| 34 | + green_fixed = (int)((float)green*100000.0 + 0.5); | ||
| 35 | + } | ||
| 36 | png_set_rgb_to_gray_fixed(png_ptr, error_action, red_fixed, green_fixed); | ||
| 37 | } | ||
| 38 | #endif | ||