3 files changed, 0 insertions, 216 deletions
diff --git a/libraries/libglpng/patches/libglpng-1.45-CVE-2010-1519.patch b/libraries/libglpng/patches/libglpng-1.45-CVE-2010-1519.patch
deleted file mode 100644
index bc45ffe48f..0000000000
--- a/libraries/libglpng/patches/libglpng-1.45-CVE-2010-1519.patch
+++ /dev/null
@@ -1,159 +0,0 @@
-diff -up libglpng-1.45.orig/src/glpng.c.cve libglpng-1.45.orig/src/glpng.c
---- libglpng-1.45.orig/src/glpng.c.cve	2010-09-10 14:13:37.105046660 +0200
-+++ libglpng-1.45.orig/src/glpng.c	2010-09-10 14:14:46.158045715 +0200
-@@ -28,6 +28,7 @@
- #include <GL/glpng.h>
- #include <GL/gl.h>
- #include <stdlib.h>
-+#include <stdint.h>
- #include <math.h>
- #include <png.h>
- 
-@@ -259,9 +260,9 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa
- 	png_structp png;
- 	png_infop   info;
- 	png_infop   endinfo;
--	png_bytep   data;
--   png_bytep  *row_p;
--   double	fileGamma;
-+	png_bytep   data = NULL;
-+	png_bytep  *row_p = NULL;
-+	double      fileGamma;
- 
- 	png_uint_32 width, height;
- 	int depth, color;
-@@ -274,13 +275,19 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa
- 	if (!png_check_sig(header, 8)) return 0;
- 
- 	png = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL);
-+	if (!png) return 0;
- 	info = png_create_info_struct(png);
-+	if (!info) return 0;
- 	endinfo = png_create_info_struct(png);
-+	if (!endinfo) return 0;
- 
- 	// DH: added following lines
- 	if (setjmp(png->jmpbuf))
- 	{
-+error:
- 		png_destroy_read_struct(&png, &info, &endinfo);
-+		free(data);
-+		free(row_p);
- 		return 0;
- 	}
- 	// ~DH
-@@ -303,8 +310,16 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa
- 
- 	png_read_update_info(png, info);
- 
-+	/* HDG: We allocate all the png data in one linear array, thus
-+	   height * png_get_rowbytes() may not be > PNG_UINT_32_MAX !
-+	   This check fixes CVE-2010-1519. */
-+	if ((uint64_t)height * png_get_rowbytes(png, info) > PNG_UINT_32_MAX)
-+		goto error;
-+
- 	data = (png_bytep) malloc(png_get_rowbytes(png, info)*height);
- 	row_p = (png_bytep *) malloc(sizeof(png_bytep)*height);
-+	if (!data || !row_p)
-+		goto error;
- 
- 	for (i = 0; i < height; i++) {
- 		if (StandardOrientation)
-@@ -315,6 +330,7 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa
- 
- 	png_read_image(png, row_p);
- 	free(row_p);
-+	row_p = NULL;
- 
- 	if (color == PNG_COLOR_TYPE_PALETTE) {
- 		int cols;
-@@ -365,9 +381,10 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 	png_structp png;
- 	png_infop   info;
- 	png_infop   endinfo;
--	png_bytep   data, data2;
--   png_bytep  *row_p;
--   double	fileGamma;
-+	png_bytep   data = NULL;
-+	png_bytep   data2 = NULL;
-+	png_bytep  *row_p = NULL;
-+	double      fileGamma;
- 
- 	png_uint_32 width, height, rw, rh;
- 	int depth, color;
-@@ -378,13 +395,20 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 	if (!png_check_sig(header, 8)) return 0;
- 
- 	png = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL);
-+	if (!png) return 0;
- 	info = png_create_info_struct(png);
-+	if (!info) return 0;
- 	endinfo = png_create_info_struct(png);
-+	if (!endinfo) return 0;
- 
- 	// DH: added following lines
- 	if (setjmp(png->jmpbuf))
- 	{
-+error:
- 		png_destroy_read_struct(&png, &info, &endinfo);
-+		free(data);
-+		free(data2);
-+		free(row_p);
- 		return 0;
- 	}
- 	// ~DH
-@@ -442,8 +466,16 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 
- 	png_read_update_info(png, info);
- 
-+	/* HDG: We allocate all the png data in one linear array, thus
-+	   height * png_get_rowbytes() may not be > PNG_UINT_32_MAX !
-+	   This check fixes CVE-2010-1519. */
-+	if ((uint64_t)height * png_get_rowbytes(png, info) > PNG_UINT_32_MAX)
-+		goto error;
-+
- 	data = (png_bytep) malloc(png_get_rowbytes(png, info)*height);
- 	row_p = (png_bytep *) malloc(sizeof(png_bytep)*height);
-+	if (!data || !row_p)
-+		goto error;
- 
- 	for (i = 0; i < height; i++) {
- 		if (StandardOrientation)
-@@ -454,6 +486,7 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 
- 	png_read_image(png, row_p);
- 	free(row_p);
-+	row_p = NULL;
- 
- 	rw = SafeSize(width), rh = SafeSize(height);
- 
-@@ -461,6 +494,8 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 		const int channels = png_get_rowbytes(png, info)/width;
- 
- 		data2 = (png_bytep) malloc(rw*rh*channels);
-+		if (!data2)
-+			goto error;
- 
-  		/* Doesn't work on certain sizes */
- /* 		if (gluScaleImage(glformat, width, height, GL_UNSIGNED_BYTE, data, rw, rh, GL_UNSIGNED_BYTE, data2) != 0)
-@@ -471,6 +506,7 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 		width = rw, height = rh;
- 		free(data);
- 		data = data2;
-+		data2 = NULL;
- 	}
- 
- 	{ /* OpenGL stuff */
-@@ -540,6 +576,12 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 			png_bytep p, endp, q;
- 			int r, g, b, a;
- 
-+			/* HDG another potential 32 bit address overflow, the
-+			   original png had 3 channels and we are going to
-+			   4 channels now! */
-+			if ((uint64_t)width * height > (PNG_UINT_32_MAX >> 2))
-+				goto error;
-+
- 			p = data, endp = p+width*height*3;
- 			q = data2 = (png_bytep) malloc(sizeof(png_byte)*width*height*4);
- 
diff --git a/libraries/libglpng/patches/libglpng-1.45-extra_cflags.patch b/libraries/libglpng/patches/libglpng-1.45-extra_cflags.patch
deleted file mode 100644
index 16dd4db3fb..0000000000
--- a/libraries/libglpng/patches/libglpng-1.45-extra_cflags.patch
+++ /dev/null
@@ -1,9 +0,0 @@
-diff -Nur libglpng-1.45.orig/Makefile libglpng-1.45/Makefile
---- libglpng-1.45.orig/Makefile	2008-03-27 19:33:50.000000000 -0500
-+++ libglpng-1.45/Makefile	2009-07-03 14:53:28.900650418 -0500
-@@ -1,4 +1,4 @@
--CFLAGS=-Wall -g -O3 -fPIC -I$(shell pwd)/include
-+CFLAGS=-Wall -g $(EXTRA_CFLAGS) -I$(shell pwd)/include
- LDFLAGS=-lpng -lGL
- SHAREDLIBFLAGS=-shared
- DESTDIR=/usr/local
diff --git a/libraries/libglpng/patches/libglpng-1.45-libpng15.patch b/libraries/libglpng/patches/libglpng-1.45-libpng15.patch
deleted file mode 100644
index dcafea8fe3..0000000000
--- a/libraries/libglpng/patches/libglpng-1.45-libpng15.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff -up libglpng-1.45.orig/include/GL/glpng.h~ libglpng-1.45.orig/include/GL/glpng.h
---- libglpng-1.45.orig/include/GL/glpng.h~	2011-12-06 22:14:59.000000000 +0100
-+++ libglpng-1.45.orig/include/GL/glpng.h	2011-12-06 22:15:48.900673919 +0100
-@@ -57,7 +57,7 @@ extern "C" {
- #define PNG_SIMPLEMIPMAP PNG_SIMPLEMIPMAPS
- 
- /* Transparency parameters */
--#define PNG_CALLBACK  -3 /* Call the callback function to generate alpha   */
-+#define PNG_CALLBACK_FUNC -3 /* Call the callback function to generate alpha   */
- #define PNG_ALPHA     -2 /* Use alpha channel in PNG file, if there is one */
- #define PNG_SOLID     -1 /* No transparency                                */
- #define PNG_STENCIL    0 /* Sets alpha to 0 for r=g=b=0, 1 otherwise       */
-diff -up libglpng-1.45.orig/src/glpng.c~ libglpng-1.45.orig/src/glpng.c
---- libglpng-1.45.orig/src/glpng.c~	2011-12-06 19:38:53.000000000 +0100
-+++ libglpng-1.45.orig/src/glpng.c	2011-12-06 22:13:34.501354149 +0100
-@@ -282,7 +282,11 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa
- 	if (!endinfo) return 0;
- 
- 	// DH: added following lines
-+#if PNG_LIBPNG_VER >= 10400
-+	if (setjmp(png_jmpbuf(png)))
-+#else
- 	if (setjmp(png->jmpbuf))
-+#endif
- 	{
- error:
- 		png_destroy_read_struct(&png, &info, &endinfo);
-@@ -402,7 +406,11 @@ int APIENTRY pngLoadF(FILE *fp, int mipm
- 	if (!endinfo) return 0;
- 
- 	// DH: added following lines
-+#if PNG_LIBPNG_VER >= 10400
-+	if (setjmp(png_jmpbuf(png)))
-+#else
- 	if (setjmp(png->jmpbuf))
-+#endif
- 	{
- error:
- 		png_destroy_read_struct(&png, &info, &endinfo);
-@@ -603,7 +611,7 @@ error:
- 			#define ALPHA *q
- 
- 			switch (trans) {
--				case PNG_CALLBACK:
-+				case PNG_CALLBACK_FUNC:
- 					FORSTART
- 						ALPHA = AlphaCallback((unsigned char) r, (unsigned char) g, (unsigned char) b);
- 					FOREND