libpng: backport security fixes

This patch includes various security fixes from upstream (though the patches
were taken from Debian's packaging) to address the following CVE issues:

libpng CVE-2011-2690
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2690
libpng CVE-2011-2692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2692
libpng CVE-2011-2501
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2501

Signed-off-by: Joshua Lock <josh@linux.intel.com>

1 files changed, 29 insertions, 0 deletions

diff --git a/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch
new file mode 100644
index 0000000000..5a0f51e269
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch
@@ -0,0 +1,29 @@
+This patch is taken from upstream and is a fix for CVE CVE-2011-2962
+
+Description: fix denial of service and possible arbitrary code
+ execution via invalid sCAL chunks
+Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
+
+Upstream-Status: Backport
+
+Signed-off-by: Joshua Lock <josh@linux.intel.com>
+
+Index: libpng-1.2.44/pngrutil.c
+===================================================================
+--- libpng-1.2.44.orig/pngrutil.c       2011-07-26 08:19:22.619498085 -0400
++++ libpng-1.2.44/pngrutil.c    2011-07-26 08:19:26.909498086 -0400
+@@ -1812,6 +1812,14 @@
+       return;
+    }
+ 
++   /* Need unit type, width, \0, height: minimum 4 bytes */
++   else if (length < 4)
++   {
++      png_warning(png_ptr, "sCAL chunk too short");
++      png_crc_finish(png_ptr, length);
++      return;
++   }
++
+    png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)",
+       length + 1);
+    png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1);