diff options
author | Daniel Ahlberg <aliz@gentoo.org> | 2003-01-08 14:26:45 +0000 |
---|---|---|
committer | Daniel Ahlberg <aliz@gentoo.org> | 2003-01-08 14:26:45 +0000 |
commit | a466d96b1c15212453c20c65d923ea770a72b36a (patch) | |
tree | 8ae46ec748a4623ce7b0e97545c44b75414f067f /media-libs | |
parent | enable on alpha (diff) | |
download | gentoo-2-a466d96b1c15212453c20c65d923ea770a72b36a.tar.gz gentoo-2-a466d96b1c15212453c20c65d923ea770a72b36a.tar.bz2 gentoo-2-a466d96b1c15212453c20c65d923ea770a72b36a.zip |
Security update
Diffstat (limited to 'media-libs')
-rw-r--r-- | media-libs/libpng/ChangeLog | 8 | ||||
-rw-r--r-- | media-libs/libpng/files/digest-libpng-1.0.12-r2 | 1 | ||||
-rw-r--r-- | media-libs/libpng/files/digest-libpng-1.2.5-r2 | 1 | ||||
-rw-r--r-- | media-libs/libpng/files/libpng-1.0.12-gentoo.diff | 72 | ||||
-rw-r--r-- | media-libs/libpng/files/libpng-1.2.5-gentoo.diff | 42 | ||||
-rw-r--r-- | media-libs/libpng/libpng-1.0.12-r2.ebuild | 38 | ||||
-rw-r--r-- | media-libs/libpng/libpng-1.2.5-r2.ebuild | 54 |
7 files changed, 215 insertions, 1 deletions
diff --git a/media-libs/libpng/ChangeLog b/media-libs/libpng/ChangeLog index 9f9a22acd08c..3d117cfbf222 100644 --- a/media-libs/libpng/ChangeLog +++ b/media-libs/libpng/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-libs/libpng # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL -# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.16 2002/12/22 22:12:30 foser Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.17 2003/01/08 14:26:45 aliz Exp $ + +*libpng-1.2.5-r2 (08 Jan 2003) +*libpng-1.0.12-r2 (08 Jan 2003) + + 08 Jan 2003; Daniel Ahlberg <aliz@gentoo.rg> libpng-1.0.12-r2.ebuild, libpng-1.2.5-r2.ebuild : + Applied Debian patch to fix buffer overflows. *libpng-1.2.5-r1 (21 Dec 2002) diff --git a/media-libs/libpng/files/digest-libpng-1.0.12-r2 b/media-libs/libpng/files/digest-libpng-1.0.12-r2 new file mode 100644 index 000000000000..bce57ca614dc --- /dev/null +++ b/media-libs/libpng/files/digest-libpng-1.0.12-r2 @@ -0,0 +1 @@ +MD5 b0878f194188dd543e99650e190220b6 libpng-1.0.12.tar.bz2 356932 diff --git a/media-libs/libpng/files/digest-libpng-1.2.5-r2 b/media-libs/libpng/files/digest-libpng-1.2.5-r2 new file mode 100644 index 000000000000..794c1d47d26f --- /dev/null +++ b/media-libs/libpng/files/digest-libpng-1.2.5-r2 @@ -0,0 +1 @@ +MD5 3fc28af730f12ace49b14568de4ad934 libpng-1.2.5.tar.bz2 378030 diff --git a/media-libs/libpng/files/libpng-1.0.12-gentoo.diff b/media-libs/libpng/files/libpng-1.0.12-gentoo.diff new file mode 100644 index 000000000000..34e8f65df2ee --- /dev/null +++ b/media-libs/libpng/files/libpng-1.0.12-gentoo.diff @@ -0,0 +1,72 @@ +--- libpng-1.0.12.orig/pngconf.h ++++ libpng-1.0.12/pngconf.h +@@ -243,8 +243,13 @@ + # undef _BSD_SOURCE + # endif + # ifdef _SETJMP_H +- __png.h__ already includes setjmp.h; +- __dont__ include it again.; ++/* Explanation added by debian maintainer Philippe Troin <phil@fifi.org>. ++ There are two versions of setjmp, depending wether or not we compile for ++ BSD. They are incompatible and can cause crashes. The PNG people force ++ here a unique behavior for setjmp. It fou get the error below, ++ then include <png.h> before <setjmp.h>. ++*/ ++#error png.h already includes setjmp.h with some additional fixup. + # endif + # endif /* __linux__ */ + +--- libpng-1.0.12.orig/pngget.c ++++ libpng-1.0.12/pngget.c +@@ -566,9 +566,9 @@ + channels++; + pixel_depth = *bit_depth * channels; + rowbytes_per_pixel = (pixel_depth + 7) >> 3; +- if ((*width > PNG_MAX_UINT/rowbytes_per_pixel)) ++ if ((*width > (PNG_MAX_UINT/rowbytes_per_pixel) - 64)) + { +- png_warning(png_ptr, ++ png_error(png_ptr, + "Width too large for libpng to process image data."); + } + return (1); +--- libpng-1.0.12.orig/pngpread.c ++++ libpng-1.0.12/pngpread.c +@@ -736,6 +736,13 @@ + } + if (!(png_ptr->zstream.avail_out)) + { ++ if (( ++#if defined(PNG_READ_INTERLACING_SUPPORTED) ++ png_ptr->interlaced && png_ptr->pass > 6) || ++ (!png_ptr->interlaced && ++#endif ++ png_ptr->row_number == png_ptr->num_rows-1)) ++ png_error(png_ptr, "Too much data in IDAT chunks"); + png_push_process_row(png_ptr); + png_ptr->zstream.avail_out = (uInt)png_ptr->irowbytes; + png_ptr->zstream.next_out = png_ptr->row_buf; +--- libpng-1.0.12.orig/pngrtran.c ++++ libpng-1.0.12/pngrtran.c +@@ -1924,8 +1924,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1946,8 +1946,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); diff --git a/media-libs/libpng/files/libpng-1.2.5-gentoo.diff b/media-libs/libpng/files/libpng-1.2.5-gentoo.diff new file mode 100644 index 000000000000..755cd8a79fa6 --- /dev/null +++ b/media-libs/libpng/files/libpng-1.2.5-gentoo.diff @@ -0,0 +1,42 @@ +--- libpng3-1.2.5.orig/pngrtran.c ++++ libpng3-1.2.5/pngrtran.c +@@ -1930,7 +1930,7 @@ + if (flags & PNG_FLAG_FILLER_AFTER) + { + png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep dp = sp + (png_size_t)row_width ; + for (i = 1; i < row_width; i++) + { + *(--dp) = lo_filler; +@@ -1947,7 +1947,7 @@ + else + { + png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep dp = sp + (png_size_t)row_width ; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); +@@ -1965,8 +1965,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); diff --git a/media-libs/libpng/libpng-1.0.12-r2.ebuild b/media-libs/libpng/libpng-1.0.12-r2.ebuild new file mode 100644 index 000000000000..e04afd839304 --- /dev/null +++ b/media-libs/libpng/libpng-1.0.12-r2.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.0.12-r2.ebuild,v 1.1 2003/01/08 14:26:45 aliz Exp $ + +S=${WORKDIR}/${P} +DESCRIPTION="libpng" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" +HOMEPAGE="http://www.libpng.org/" +SLOT="1.0" +LICENSE="as-is" +KEYWORDS="x86 ppc sparc " + +DEPEND=">=sys-libs/zlib-1.1.3-r2" + +src_unpack() { + unpack ${A} + cd ${S} + + patch -p1 < ${FILESDIR}/${P}-gentoo.diff + + sed -e "s:ZLIBLIB=../zlib:ZLIBLIB=/usr/lib:" \ + -e "s:ZLIBINC=../zlib:ZLIBINC=/usr/include:" \ + -e "s:prefix=/usr:prefix=${D}/usr:" \ + -e "s/-O3/${CFLAGS}/" \ + scripts/makefile.linux > Makefile + +} + +src_compile() { + make || die +} + +src_install() { + dodir /usr/{include,lib} + make install prefix=${D}/usr || die + doman *.[35] + dodoc ANNOUNCE CHANGES KNOWNBUG LICENSE README TODO Y2KINFO +} diff --git a/media-libs/libpng/libpng-1.2.5-r2.ebuild b/media-libs/libpng/libpng-1.2.5-r2.ebuild new file mode 100644 index 000000000000..9f21b9ec9621 --- /dev/null +++ b/media-libs/libpng/libpng-1.2.5-r2.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.2.5-r2.ebuild,v 1.1 2003/01/08 14:26:45 aliz Exp $ + +inherit flag-o-matic + +S=${WORKDIR}/${P} +DESCRIPTION="Portable Network Graphics library" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" +HOMEPAGE="http://www.libpng.org/" + +SLOT="1.2" +LICENSE="as-is" +KEYWORDS="x86 ppc sparc alpha" + +DEPEND="sys-libs/zlib" + +src_unpack() { + unpack ${A} + cd ${S} + + patch -p1 < ${FILESDIR}/${P}-gentoo.diff + + replace-flags "-march=k6*" "-march=i586" + + sed -e "s:ZLIBLIB=.*:ZLIBLIB=/usr/lib:" \ + -e "s:ZLIBINC=.*:ZLIBINC=/usr/include:" \ + -e "s/-O3/${CFLAGS}/" \ + -e "s:prefix=/usr/local:prefix=/usr:" \ + -e "s:OBJSDLL = :OBJSDLL = -lz -lm :" \ + scripts/makefile.linux > Makefile + +} + +src_compile() { + emake || die +} + +src_install() { + dodir /usr/{include,lib} + dodir /usr/share/man + make \ + DESTDIR=${D} \ + MANPATH=/usr/share/man \ + install || die + + doman *.[35] + dodoc ANNOUNCE CHANGES KNOWNBUG LICENSE README TODO Y2KINFO +} + +pkg_postinst() { + # the libpng authors really screwed around between 1.2.1 and 1.2.3 + [ -f /usr/lib/libpng.so.3.1.2.1 ] && rm /usr/lib/libpng.so.3.1.2.1 +} |