1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch b/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch
new file mode 100644
index 0000000000..f38a222170
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch
@@ -0,0 +1,38 @@
+This patch is taken from upstream and is a fix for CVE CVE-2011-2690
+Description: fix denial of service and possible arbitrary code
+ execution via crafted PNG image
+Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
+Upstream-Status: Backport
+Signed-off-by: Joshua Lock <josh@linux.intel.com>
+Index: libpng-1.2.44/pngrtran.c
+===================================================================
+--- libpng-1.2.44.orig/pngrtran.c       2011-07-26 08:18:55.489498092 -0400
+++ libpng-1.2.44/pngrtran.c    2011-07-26 08:19:02.079498092 -0400
+@@ -676,10 +676,21 @@
+ png_set_rgb_to_gray(png_structp png_ptr, int error_action, double red,
+    double green)
+ {
+-   int red_fixed = (int)((float)red*100000.0 + 0.5);
+-   int green_fixed = (int)((float)green*100000.0 + 0.5);
+   int red_fixed, green_fixed;
+    if (png_ptr == NULL)
+       return;
+   if (red > 21474.83647 || red < -21474.83648 ||
+       green > 21474.83647 || green < -21474.83648)
+   {
+      png_warning(png_ptr, "ignoring out of range rgb_to_gray coefficients");
+      red_fixed = -1;
+      green_fixed = -1;
+   }
+   else
+   {
+      red_fixed = (int)((float)red*100000.0 + 0.5);
+      green_fixed = (int)((float)green*100000.0 + 0.5);
+   }
+    png_set_rgb_to_gray_fixed(png_ptr, error_action, red_fixed, green_fixed);
+ }
+ #endif

diff --git a/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch b/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch new file mode 100644 index 0000000000..f38a222170 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/03-CVE-2011-2690.patch
@@ -0,0 +1,38 @@
	1	This patch is taken from upstream and is a fix for CVE CVE-2011-2690
	2
	3	Description: fix denial of service and possible arbitrary code
	4	execution via crafted PNG image
	5	Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
	6
	7	Upstream-Status: Backport
	8
	9	Signed-off-by: Joshua Lock <josh@linux.intel.com>
	10
	11	Index: libpng-1.2.44/pngrtran.c
	12	===================================================================
	13	--- libpng-1.2.44.orig/pngrtran.c 2011-07-26 08:18:55.489498092 -0400
	14	+++ libpng-1.2.44/pngrtran.c 2011-07-26 08:19:02.079498092 -0400
	15	@@ -676,10 +676,21 @@
	16	png_set_rgb_to_gray(png_structp png_ptr, int error_action, double red,
	17	double green)
	18	{
	19	- int red_fixed = (int)((float)red*100000.0 + 0.5);
	20	- int green_fixed = (int)((float)green*100000.0 + 0.5);
	21	+ int red_fixed, green_fixed;
	22	if (png_ptr == NULL)
	23	return;
	24	+ if (red > 21474.83647 \|\| red < -21474.83648 \|\|
	25	+ green > 21474.83647 \|\| green < -21474.83648)
	26	+ {
	27	+ png_warning(png_ptr, "ignoring out of range rgb_to_gray coefficients");
	28	+ red_fixed = -1;
	29	+ green_fixed = -1;
	30	+ }
	31	+ else
	32	+ {
	33	+ red_fixed = (int)((float)red*100000.0 + 0.5);
	34	+ green_fixed = (int)((float)green*100000.0 + 0.5);
	35	+ }
	36	png_set_rgb_to_gray_fixed(png_ptr, error_action, red_fixed, green_fixed);
	37	}
	38	#endif