~ruther/guix-local

864738baaa7bb75c08647ccfc684736479e67f7f — Efraim Flashner 9 years ago 913059a 
gnu: libpng: Update to 1.6.28.

* gnu/packages/image.scm (libpng): Update to 1.6.28.
[source]: Remove patch.
* gnu/packages/patches/libpng-CVE-2016-10087.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
patch browse .tar.gz 
3 files changed, 2 insertions(+), 41 deletions(-)

M gnu/local.mk
M gnu/packages/image.scm
D gnu/packages/patches/libpng-CVE-2016-10087.patch

M gnu/local.mk => gnu/local.mk +0 -1
@@ 685,7 685,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/libmad-armv7-thumb-pt2.patch		\
  %D%/packages/patches/libmad-frame-length.patch		\
  %D%/packages/patches/libmad-mips-newgcc.patch			\
  %D%/packages/patches/libpng-CVE-2016-10087.patch		\
  %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch		\
  %D%/packages/patches/libtar-CVE-2013-4420.patch \
  %D%/packages/patches/libtheora-config-guess.patch		\


M gnu/packages/image.scm => gnu/packages/image.scm +2 -3
@@ 65,7 65,7 @@
(define-public libpng
  (package
   (name "libpng")
   (version "1.6.25")
   (version "1.6.28")
   (source (origin
            (method url-fetch)
            (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"


@@ 76,9 76,8 @@
                       (string-append
                        "ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
                        "/libpng16/libpng-" version ".tar.xz")))
            (patches (search-patches "libpng-CVE-2016-10087.patch"))
            (sha256
             (base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
             (base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"))))
   (build-system gnu-build-system)

   ;; libpng.la says "-lz", so propagate it.


D gnu/packages/patches/libpng-CVE-2016-10087.patch => gnu/packages/patches/libpng-CVE-2016-10087.patch +0 -37
@@ 1,37 0,0 @@
Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
http://seclists.org/oss-sec/2016/q4/777

Patch adapted from upstream source repository:

https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/

From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Thu, 29 Dec 2016 07:51:33 -0600
Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
 png_set_text_2()

(bug report and patch by Patrick Keshishian).
---
 ANNOUNCE | 2 ++
 CHANGES  | 2 ++
 png.c    | 1 +
 3 files changed, 5 insertions(+)

diff --git a/png.c b/png.c
index 8afc28fc2..2e05de159 100644
--- a/png.c
+++ b/png.c
@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
          png_free(png_ptr, info_ptr->text);
          info_ptr->text = NULL;
          info_ptr->num_text = 0;
+         info_ptr->max_text = 0;
       }
    }
 #endif
-- 
2.11.0