fivedev/harbour-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2012-02-20 10:47 UTC+0100 Viktor Szakats (harbour syenar.net)

Browse Source 
* src/3rd/png/Makefile
  * src/3rd/png/*
    * 1.5.8 -> 1.5.9 (using hb3rdpat)
    ; Fixed vulnerability: CVE-2011-3026
This commit is contained in:
Viktor Szakats
2012-02-20 09:48:01 +00:00
parent a02472a5ee
commit 685141001b
12 changed files with 59 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
harbour/ChangeLog
View File

@@ -16,6 +16,12 @@
The license applies to all entries newer than 2009-04-28.
*/
2012-02-20 10:47 UTC+0100 Viktor Szakats (harbour syenar.net)
* src/3rd/png/Makefile
* src/3rd/png/*
* 1.5.8 -> 1.5.9 (using hb3rdpat)
; Fixed vulnerability: CVE-2011-3026
2012-02-19 11:17 UTC+0100 Viktor Szakats (harbour syenar.net)
* config/global.mk
* added detection of homebrew package manager on darwin (untested)

4
harbour/src/3rd/png/LICENSE
View File

@@ -10,7 +10,7 @@ this sentence.
This code is released under the libpng license.
libpng versions 1.2.6, August 15, 2004, through 1.5.8, February 1, 2012, are
libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are
Copyright (c) 2004, 2006-2011 Glenn Randers-Pehrson, and are
distributed according to the same disclaimer and license as libpng-1.2.5
with the following individual added to the list of Contributing Authors
@@ -108,4 +108,4 @@ certification mark of the Open Source Initiative.
Glenn Randers-Pehrson
glennrp at users.sourceforge.net
February 1, 2012
February 18, 2012

4
harbour/src/3rd/png/Makefile
View File

@@ -69,8 +69,8 @@ else
endif
# ORIGIN http://www.libpng.org/pub/png/libpng.html
# VER 1.5.8
# URL http://prdownloads.sourceforge.net/libpng/libpng-1.5.8.tar.gz?download
# VER 1.5.9
# URL http://prdownloads.sourceforge.net/libpng/libpng-1.5.9.tar.gz?download
# DIFF png.dif
#
# MAP LICENSE

6
harbour/src/3rd/png/png.c
View File

@@ -14,7 +14,7 @@
#include "pngpriv.h"
/* Generate a compiler error if there is an old png.h in the search path. */
typedef png_libpng_version_1_5_8 Your_png_h_is_not_version_1_5_8;
typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9;
/* Tells libpng that we have already handled the first "num_bytes" bytes
* of the PNG file signature. If the PNG data is embedded into another
@@ -655,13 +655,13 @@ png_get_copyright(png_const_structp png_ptr)
#else
# ifdef __STDC__
return PNG_STRING_NEWLINE \
"libpng version 1.5.8 - February 1, 2012" PNG_STRING_NEWLINE \
"libpng version 1.5.9 - February 18, 2012" PNG_STRING_NEWLINE \
"Copyright (c) 1998-2011 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
PNG_STRING_NEWLINE;
# else
return "libpng version 1.5.8 - February 1, 2012\
return "libpng version 1.5.9 - February 18, 2012\
Copyright (c) 1998-2011 Glenn Randers-Pehrson\
Copyright (c) 1996-1997 Andreas Dilger\
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";

10
harbour/src/3rd/png/png.dif
View File

@@ -1,7 +1,7 @@
diff -urN png.orig\png.h png\png.h
--- png.orig\png.h Tue Feb 07 22:32:20 2012
+++ png\png.h Tue Feb 07 22:32:20 2012
@@ -425,7 +425,7 @@
--- png.orig\png.h Mon Feb 20 10:45:12 2012
+++ png\png.h Mon Feb 20 10:45:13 2012
@@ -429,7 +429,7 @@
/* If pnglibconf.h is missing, you can
* copy scripts/pnglibconf.h.prebuilt to pnglibconf.h
*/
@@ -11,8 +11,8 @@ diff -urN png.orig\png.h png\png.h
#ifndef PNG_VERSION_INFO_ONLY
diff -urN png.orig\pnglconf.h png\pnglconf.h
--- png.orig\pnglconf.h Tue Feb 07 22:32:20 2012
+++ png\pnglconf.h Tue Feb 07 22:32:20 2012
--- png.orig\pnglconf.h Mon Feb 20 10:45:12 2012
+++ png\pnglconf.h Mon Feb 20 10:45:13 2012
@@ -21,7 +21,11 @@
#ifndef PNGLCONF_H
#define PNGLCONF_H

24
harbour/src/3rd/png/png.h
View File

@@ -1,7 +1,7 @@
/* png.h - header file for PNG reference library
*
* libpng version 1.5.8 - February 1, 2012
* libpng version 1.5.9 - February 18, 2012
* Copyright (c) 1998-2012 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@@ -11,7 +11,7 @@
* Authors and maintainers:
* libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
* libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger
* libpng versions 0.97, January 1998, through 1.5.8 - February 1, 2012: Glenn
* libpng versions 0.97, January 1998, through 1.5.9 - February 18, 2012: Glenn
* See also "Contributing Authors", below.
*
* Note about libpng version numbers:
@@ -168,6 +168,10 @@
* 1.5.7 15 10507 15.so.15.7[.0]
* 1.5.8beta01 15 10508 15.so.15.8[.0]
* 1.5.8rc01 15 10508 15.so.15.8[.0]
* 1.5.8 15 10508 15.so.15.8[.0]
* 1.5.9beta01-02 15 10509 15.so.15.9[.0]
* 1.5.9rc01 15 10509 15.so.15.9[.0]
* 1.5.9 15 10509 15.so.15.9[.0]
*
* Henceforth the source version will match the shared-library major
* and minor numbers; the shared-library major version number will be
@@ -199,7 +203,7 @@
*
* This code is released under the libpng license.
*
* libpng versions 1.2.6, August 15, 2004, through 1.5.8, February 1, 2012, are
* libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are
* Copyright (c) 2004, 2006-2012 Glenn Randers-Pehrson, and are
* distributed according to the same disclaimer and license as libpng-1.2.5
* with the following individual added to the list of Contributing Authors:
@@ -311,13 +315,13 @@
* Y2K compliance in libpng:
* =========================
*
* February 1, 2012
* February 18, 2012
*
* Since the PNG Development group is an ad-hoc body, we can't make
* an official declaration.
*
* This is your unofficial assurance that libpng from version 0.71 and
* upward through 1.5.8 are Y2K compliant. It is my belief that
* upward through 1.5.9 are Y2K compliant. It is my belief that
* earlier versions were also Y2K compliant.
*
* Libpng only has two year fields. One is a 2-byte unsigned integer
@@ -375,9 +379,9 @@
*/
/* Version information for png.h - this should match the version in png.c */
#define PNG_LIBPNG_VER_STRING "1.5.8"
#define PNG_LIBPNG_VER_STRING "1.5.9"
#define PNG_HEADER_VERSION_STRING \
" libpng version 1.5.8 - February 1, 2012\n"
" libpng version 1.5.9 - February 18, 2012\n"
#define PNG_LIBPNG_VER_SONUM 15
#define PNG_LIBPNG_VER_DLLNUM 15
@@ -385,7 +389,7 @@
/* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */
#define PNG_LIBPNG_VER_MAJOR 1
#define PNG_LIBPNG_VER_MINOR 5
#define PNG_LIBPNG_VER_RELEASE 8
#define PNG_LIBPNG_VER_RELEASE 9
/* This should match the numeric part of the final component of
* PNG_LIBPNG_VER_STRING, omitting any leading zero:
@@ -416,7 +420,7 @@
* version 1.0.0 was mis-numbered 100 instead of 10000). From
* version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release
*/
#define PNG_LIBPNG_VER 10508 /* 1.5.8 */
#define PNG_LIBPNG_VER 10509 /* 1.5.9 */
/* Library configuration: these options cannot be changed after
* the library has been built.
@@ -538,7 +542,7 @@ extern "C" {
/* This triggers a compiler error in png.c, if png.c and png.h
* do not agree upon the version number.
*/
typedef char* png_libpng_version_1_5_8;
typedef char* png_libpng_version_1_5_9;
/* Three color definitions. The order of the red, green, and blue, (and the
* exact size) is not important, although the size of the fields need to

2
harbour/src/3rd/png/pngconf.h
View File

@@ -1,7 +1,7 @@
/* pngconf.h - machine configurable file for libpng
*
* libpng version 1.5.8 - February 1, 2012
* libpng version 1.5.9 - February 18, 2012
*
* Copyright (c) 1998-2012 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)

2
harbour/src/3rd/png/pngerror.c
View File

@@ -1,7 +1,7 @@
/* pngerror.c - stub functions for i/o and memory allocation
*
* Last changed in libpng 1.5.7 [February 1, 2012]
* Last changed in libpng 1.5.8 [February 1, 2011]
* Copyright (c) 1998-2012 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)

4
harbour/src/3rd/png/pnglconf.h
View File

@@ -3,7 +3,7 @@
/* pnglibconf.h - library build configuration */
/* Libpng 1.5.8 - February 1, 2012 */
/* Libpng 1.5.9 - February 18, 2012 */
/* Copyright (c) 1998-2011 Glenn Randers-Pehrson */
@@ -58,8 +58,6 @@
#define PNG_FIXED_POINT_SUPPORTED
#define PNG_FLOATING_ARITHMETIC_SUPPORTED
#define PNG_FLOATING_POINT_SUPPORTED
#define PNG_FORMAT_AFIRST_SUPPORTED
#define PNG_FORMAT_BGR_SUPPORTED
#define PNG_gAMA_SUPPORTED
#define PNG_HANDLE_AS_UNKNOWN_SUPPORTED
#define PNG_hIST_SUPPORTED

19
harbour/src/3rd/png/pngpread.c
View File

@@ -1,7 +1,7 @@
/* pngpread.c - read a png file in push mode
*
* Last changed in libpng 1.5.7 [December 15, 2011]
* Last changed in libpng 1.5.9 [February 18, 2012]
* Copyright (c) 1998-2011 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@@ -730,8 +730,7 @@ png_push_save_buffer(png_structp png_ptr)
new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
old_buffer = png_ptr->save_buffer;
png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
(png_size_t)new_max);
png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, new_max);
if (png_ptr->save_buffer == NULL)
{
@@ -1201,6 +1200,7 @@ png_push_process_row(png_structp png_ptr)
void /* PRIVATE */
png_read_push_finish_row(png_structp png_ptr)
{
#ifdef PNG_READ_INTERLACING_SUPPORTED
/* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
/* Start of interlace block */
@@ -1219,6 +1219,7 @@ png_read_push_finish_row(png_structp png_ptr)
* it, uncomment it here and in png.h
static PNG_CONST png_byte FARDATA png_pass_height[] = {8, 8, 4, 4, 2, 2, 1};
*/
#endif
png_ptr->row_number++;
if (png_ptr->row_number < png_ptr->num_rows)
@@ -1285,8 +1286,7 @@ png_push_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32
}
#endif
png_ptr->current_text = (png_charp)png_malloc(png_ptr,
(png_size_t)(length + 1));
png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1);
png_ptr->current_text[length] = '\0';
png_ptr->current_text_ptr = png_ptr->current_text;
png_ptr->current_text_size = (png_size_t)length;
@@ -1384,8 +1384,7 @@ png_push_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32
}
#endif
png_ptr->current_text = (png_charp)png_malloc(png_ptr,
(png_size_t)(length + 1));
png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1);
png_ptr->current_text[length] = '\0';
png_ptr->current_text_ptr = png_ptr->current_text;
png_ptr->current_text_size = (png_size_t)length;
@@ -1586,8 +1585,7 @@ png_push_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32
}
#endif
png_ptr->current_text = (png_charp)png_malloc(png_ptr,
(png_size_t)(length + 1));
png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1);
png_ptr->current_text[length] = '\0';
png_ptr->current_text_ptr = png_ptr->current_text;
png_ptr->current_text_size = (png_size_t)length;
@@ -1732,8 +1730,7 @@ png_push_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32
*/
PNG_CSTRING_FROM_CHUNK(png_ptr->unknown_chunk.name, png_ptr->chunk_name);
/* The following cast should be safe because of the check above. */
png_ptr->unknown_chunk.size = (png_size_t)length;
png_ptr->unknown_chunk.size = length;
if (length == 0)
png_ptr->unknown_chunk.data = NULL;

30
harbour/src/3rd/png/pngrutil.c
View File

@@ -1,8 +1,8 @@
/* pngrutil.c - utilities to read a PNG file
*
* Last changed in libpng 1.5.7 [December 15, 2011]
* Copyright (c) 1998-2011 Glenn Randers-Pehrson
* Last changed in libpng 1.5.9 [February 18, 2012]
* Copyright (c) 1998-2012 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
@@ -432,15 +432,18 @@ png_decompress_chunk(png_structp png_ptr, int comp_type,
/* Now check the limits on this chunk - if the limit fails the
* compressed data will be removed, the prefix will remain.
*/
if (prefix_size >= (~(png_size_t)0) - 1 ||
expanded_size >= (~(png_size_t)0) - 1 - prefix_size
#ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
if (png_ptr->user_chunk_malloc_max &&
|| (png_ptr->user_chunk_malloc_max &&
(prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
#else
# ifdef PNG_USER_CHUNK_MALLOC_MAX
if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
|| ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
# endif
#endif
)
png_warning(png_ptr, "Exceeded size limit while expanding chunk");
/* If the size is zero either there was an error and a message
@@ -448,12 +451,7 @@ png_decompress_chunk(png_structp png_ptr, int comp_type,
* and we have nothing to do - the code will exit through the
* error case below.
*/
#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \
defined(PNG_USER_CHUNK_MALLOC_MAX)
else if (expanded_size > 0)
#else
if (expanded_size > 0)
#endif
{
/* Success (maybe) - really uncompress the chunk. */
png_size_t new_size = 0;
@@ -1279,7 +1277,7 @@ png_handle_iCCP(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_free(png_ptr, png_ptr->chunkdata);
png_ptr->chunkdata = (png_charp)png_malloc(png_ptr, length + 1);
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, skip))
@@ -1429,7 +1427,7 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
* that the PNG_MAX_MALLOC_64K test is enabled in this case, but this is a
* potential breakage point if the types in pngconf.h aren't exactly right.
*/
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, skip))
@@ -1956,7 +1954,7 @@ png_handle_pCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, 0))
@@ -2105,7 +2103,7 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
png_ptr->chunkdata[slength] = 0x00; /* Null terminate the last string */
@@ -2265,7 +2263,7 @@ png_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, skip))
@@ -2373,7 +2371,7 @@ png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, 0))
@@ -2504,7 +2502,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, 0))

6
harbour/src/3rd/png/pngstru.h
View File

@@ -5,7 +5,7 @@
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
* Last changed in libpng 1.5.5 [September 22, 2011]
* Last changed in libpng 1.5.9 [February 18, 2012]
*
* This code is released under the libpng license.
* For conditions of distribution and use, see the disclaimer
@@ -283,9 +283,7 @@ struct png_struct_def
#endif
/* New member added in libpng-1.0.4 (renamed in 1.0.9) */
#if defined(PNG_MNG_FEATURES_SUPPORTED) || \
defined(PNG_READ_EMPTY_PLTE_SUPPORTED) || \
defined(PNG_WRITE_EMPTY_PLTE_SUPPORTED)
#if defined(PNG_MNG_FEATURES_SUPPORTED)
/* Changed from png_byte to png_uint_32 at version 1.2.0 */
png_uint_32 mng_features_permitted;
#endif