summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Ahlberg <aliz@gentoo.org>2003-01-08 14:26:45 +0000
committerDaniel Ahlberg <aliz@gentoo.org>2003-01-08 14:26:45 +0000
commita466d96b1c15212453c20c65d923ea770a72b36a (patch)
tree8ae46ec748a4623ce7b0e97545c44b75414f067f /media-libs
parentenable on alpha (diff)
downloadgentoo-2-a466d96b1c15212453c20c65d923ea770a72b36a.tar.gz
gentoo-2-a466d96b1c15212453c20c65d923ea770a72b36a.tar.bz2
gentoo-2-a466d96b1c15212453c20c65d923ea770a72b36a.zip
Security update
Diffstat (limited to 'media-libs')
-rw-r--r--media-libs/libpng/ChangeLog8
-rw-r--r--media-libs/libpng/files/digest-libpng-1.0.12-r21
-rw-r--r--media-libs/libpng/files/digest-libpng-1.2.5-r21
-rw-r--r--media-libs/libpng/files/libpng-1.0.12-gentoo.diff72
-rw-r--r--media-libs/libpng/files/libpng-1.2.5-gentoo.diff42
-rw-r--r--media-libs/libpng/libpng-1.0.12-r2.ebuild38
-rw-r--r--media-libs/libpng/libpng-1.2.5-r2.ebuild54
7 files changed, 215 insertions, 1 deletions
diff --git a/media-libs/libpng/ChangeLog b/media-libs/libpng/ChangeLog
index 9f9a22acd08c..3d117cfbf222 100644
--- a/media-libs/libpng/ChangeLog
+++ b/media-libs/libpng/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for media-libs/libpng
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.16 2002/12/22 22:12:30 foser Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/ChangeLog,v 1.17 2003/01/08 14:26:45 aliz Exp $
+
+*libpng-1.2.5-r2 (08 Jan 2003)
+*libpng-1.0.12-r2 (08 Jan 2003)
+
+ 08 Jan 2003; Daniel Ahlberg <aliz@gentoo.rg> libpng-1.0.12-r2.ebuild, libpng-1.2.5-r2.ebuild :
+ Applied Debian patch to fix buffer overflows.
*libpng-1.2.5-r1 (21 Dec 2002)
diff --git a/media-libs/libpng/files/digest-libpng-1.0.12-r2 b/media-libs/libpng/files/digest-libpng-1.0.12-r2
new file mode 100644
index 000000000000..bce57ca614dc
--- /dev/null
+++ b/media-libs/libpng/files/digest-libpng-1.0.12-r2
@@ -0,0 +1 @@
+MD5 b0878f194188dd543e99650e190220b6 libpng-1.0.12.tar.bz2 356932
diff --git a/media-libs/libpng/files/digest-libpng-1.2.5-r2 b/media-libs/libpng/files/digest-libpng-1.2.5-r2
new file mode 100644
index 000000000000..794c1d47d26f
--- /dev/null
+++ b/media-libs/libpng/files/digest-libpng-1.2.5-r2
@@ -0,0 +1 @@
+MD5 3fc28af730f12ace49b14568de4ad934 libpng-1.2.5.tar.bz2 378030
diff --git a/media-libs/libpng/files/libpng-1.0.12-gentoo.diff b/media-libs/libpng/files/libpng-1.0.12-gentoo.diff
new file mode 100644
index 000000000000..34e8f65df2ee
--- /dev/null
+++ b/media-libs/libpng/files/libpng-1.0.12-gentoo.diff
@@ -0,0 +1,72 @@
+--- libpng-1.0.12.orig/pngconf.h
++++ libpng-1.0.12/pngconf.h
+@@ -243,8 +243,13 @@
+ # undef _BSD_SOURCE
+ # endif
+ # ifdef _SETJMP_H
+- __png.h__ already includes setjmp.h;
+- __dont__ include it again.;
++/* Explanation added by debian maintainer Philippe Troin <phil@fifi.org>.
++ There are two versions of setjmp, depending wether or not we compile for
++ BSD. They are incompatible and can cause crashes. The PNG people force
++ here a unique behavior for setjmp. It fou get the error below,
++ then include <png.h> before <setjmp.h>.
++*/
++#error png.h already includes setjmp.h with some additional fixup.
+ # endif
+ # endif /* __linux__ */
+
+--- libpng-1.0.12.orig/pngget.c
++++ libpng-1.0.12/pngget.c
+@@ -566,9 +566,9 @@
+ channels++;
+ pixel_depth = *bit_depth * channels;
+ rowbytes_per_pixel = (pixel_depth + 7) >> 3;
+- if ((*width > PNG_MAX_UINT/rowbytes_per_pixel))
++ if ((*width > (PNG_MAX_UINT/rowbytes_per_pixel) - 64))
+ {
+- png_warning(png_ptr,
++ png_error(png_ptr,
+ "Width too large for libpng to process image data.");
+ }
+ return (1);
+--- libpng-1.0.12.orig/pngpread.c
++++ libpng-1.0.12/pngpread.c
+@@ -736,6 +736,13 @@
+ }
+ if (!(png_ptr->zstream.avail_out))
+ {
++ if ((
++#if defined(PNG_READ_INTERLACING_SUPPORTED)
++ png_ptr->interlaced && png_ptr->pass > 6) ||
++ (!png_ptr->interlaced &&
++#endif
++ png_ptr->row_number == png_ptr->num_rows-1))
++ png_error(png_ptr, "Too much data in IDAT chunks");
+ png_push_process_row(png_ptr);
+ png_ptr->zstream.avail_out = (uInt)png_ptr->irowbytes;
+ png_ptr->zstream.next_out = png_ptr->row_buf;
+--- libpng-1.0.12.orig/pngrtran.c
++++ libpng-1.0.12/pngrtran.c
+@@ -1924,8 +1924,8 @@
+ /* This changes the data from RRGGBB to RRGGBBXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1946,8 +1946,8 @@
+ /* This changes the data from RRGGBB to XXRRGGBB */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
diff --git a/media-libs/libpng/files/libpng-1.2.5-gentoo.diff b/media-libs/libpng/files/libpng-1.2.5-gentoo.diff
new file mode 100644
index 000000000000..755cd8a79fa6
--- /dev/null
+++ b/media-libs/libpng/files/libpng-1.2.5-gentoo.diff
@@ -0,0 +1,42 @@
+--- libpng3-1.2.5.orig/pngrtran.c
++++ libpng3-1.2.5/pngrtran.c
+@@ -1930,7 +1930,7 @@
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+ png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep dp = sp + (png_size_t)row_width ;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = lo_filler;
+@@ -1947,7 +1947,7 @@
+ else
+ {
+ png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep dp = sp + (png_size_t)row_width ;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
+@@ -1965,8 +1965,8 @@
+ /* This changes the data from RRGGBB to RRGGBBXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1987,8 +1987,8 @@
+ /* This changes the data from RRGGBB to XXRRGGBB */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
diff --git a/media-libs/libpng/libpng-1.0.12-r2.ebuild b/media-libs/libpng/libpng-1.0.12-r2.ebuild
new file mode 100644
index 000000000000..e04afd839304
--- /dev/null
+++ b/media-libs/libpng/libpng-1.0.12-r2.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.0.12-r2.ebuild,v 1.1 2003/01/08 14:26:45 aliz Exp $
+
+S=${WORKDIR}/${P}
+DESCRIPTION="libpng"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+HOMEPAGE="http://www.libpng.org/"
+SLOT="1.0"
+LICENSE="as-is"
+KEYWORDS="x86 ppc sparc "
+
+DEPEND=">=sys-libs/zlib-1.1.3-r2"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+
+ patch -p1 < ${FILESDIR}/${P}-gentoo.diff
+
+ sed -e "s:ZLIBLIB=../zlib:ZLIBLIB=/usr/lib:" \
+ -e "s:ZLIBINC=../zlib:ZLIBINC=/usr/include:" \
+ -e "s:prefix=/usr:prefix=${D}/usr:" \
+ -e "s/-O3/${CFLAGS}/" \
+ scripts/makefile.linux > Makefile
+
+}
+
+src_compile() {
+ make || die
+}
+
+src_install() {
+ dodir /usr/{include,lib}
+ make install prefix=${D}/usr || die
+ doman *.[35]
+ dodoc ANNOUNCE CHANGES KNOWNBUG LICENSE README TODO Y2KINFO
+}
diff --git a/media-libs/libpng/libpng-1.2.5-r2.ebuild b/media-libs/libpng/libpng-1.2.5-r2.ebuild
new file mode 100644
index 000000000000..9f21b9ec9621
--- /dev/null
+++ b/media-libs/libpng/libpng-1.2.5-r2.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libpng/libpng-1.2.5-r2.ebuild,v 1.1 2003/01/08 14:26:45 aliz Exp $
+
+inherit flag-o-matic
+
+S=${WORKDIR}/${P}
+DESCRIPTION="Portable Network Graphics library"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+HOMEPAGE="http://www.libpng.org/"
+
+SLOT="1.2"
+LICENSE="as-is"
+KEYWORDS="x86 ppc sparc alpha"
+
+DEPEND="sys-libs/zlib"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+
+ patch -p1 < ${FILESDIR}/${P}-gentoo.diff
+
+ replace-flags "-march=k6*" "-march=i586"
+
+ sed -e "s:ZLIBLIB=.*:ZLIBLIB=/usr/lib:" \
+ -e "s:ZLIBINC=.*:ZLIBINC=/usr/include:" \
+ -e "s/-O3/${CFLAGS}/" \
+ -e "s:prefix=/usr/local:prefix=/usr:" \
+ -e "s:OBJSDLL = :OBJSDLL = -lz -lm :" \
+ scripts/makefile.linux > Makefile
+
+}
+
+src_compile() {
+ emake || die
+}
+
+src_install() {
+ dodir /usr/{include,lib}
+ dodir /usr/share/man
+ make \
+ DESTDIR=${D} \
+ MANPATH=/usr/share/man \
+ install || die
+
+ doman *.[35]
+ dodoc ANNOUNCE CHANGES KNOWNBUG LICENSE README TODO Y2KINFO
+}
+
+pkg_postinst() {
+ # the libpng authors really screwed around between 1.2.1 and 1.2.3
+ [ -f /usr/lib/libpng.so.3.1.2.1 ] && rm /usr/lib/libpng.so.3.1.2.1
+}