1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch
new file mode 100644
index 0000000000..5a0f51e269
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch
@@ -0,0 +1,29 @@
+This patch is taken from upstream and is a fix for CVE CVE-2011-2962
+Description: fix denial of service and possible arbitrary code
+ execution via invalid sCAL chunks
+Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
+Upstream-Status: Backport
+Signed-off-by: Joshua Lock <josh@linux.intel.com>
+Index: libpng-1.2.44/pngrutil.c
+===================================================================
+--- libpng-1.2.44.orig/pngrutil.c       2011-07-26 08:19:22.619498085 -0400
+++ libpng-1.2.44/pngrutil.c    2011-07-26 08:19:26.909498086 -0400
+@@ -1812,6 +1812,14 @@
+       return;
+    }
+ 
+   /* Need unit type, width, \0, height: minimum 4 bytes */
+   else if (length < 4)
+   {
+      png_warning(png_ptr, "sCAL chunk too short");
+      png_crc_finish(png_ptr, length);
+      return;
+   }
+
+    png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)",
+       length + 1);
+    png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1);

diff --git a/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch new file mode 100644 index 0000000000..5a0f51e269 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch
@@ -0,0 +1,29 @@
	1	This patch is taken from upstream and is a fix for CVE CVE-2011-2962
	2
	3	Description: fix denial of service and possible arbitrary code
	4	execution via invalid sCAL chunks
	5	Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
	6
	7	Upstream-Status: Backport
	8
	9	Signed-off-by: Joshua Lock <josh@linux.intel.com>
	10
	11	Index: libpng-1.2.44/pngrutil.c
	12	===================================================================
	13	--- libpng-1.2.44.orig/pngrutil.c 2011-07-26 08:19:22.619498085 -0400
	14	+++ libpng-1.2.44/pngrutil.c 2011-07-26 08:19:26.909498086 -0400
	15	@@ -1812,6 +1812,14 @@
	16	return;
	17	}
	18
	19	+ /* Need unit type, width, \0, height: minimum 4 bytes */
	20	+ else if (length < 4)
	21	+ {
	22	+ png_warning(png_ptr, "sCAL chunk too short");
	23	+ png_crc_finish(png_ptr, length);
	24	+ return;
	25	+ }
	26	+
	27	png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)",
	28	length + 1);
	29	png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1);