guix-devel/gnu/packages/patches/graphicsmagick-CVE-2016-511...

Fix CVE-2016-5118 (popen() shell vulnerability via filename).

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118

Upstream patch copied from the bug announcement:
http://seclists.org/oss-sec/2016/q2/432
https://marc.info/?l=oss-security&m=146455222600609&w=2

diff -r 33200fc645f6 magick/blob.c
--- a/magick/blob.c	Sat Nov 07 14:49:16 2015 -0600
+++ b/magick/blob.c	Sun May 29 14:12:57 2016 -0500
@@ -68,6 +68,7 @@
 */
 #define DefaultBlobQuantum  65541
 
+#undef HAVE_POPEN
 
 /*
   Enum declarations.
gnu: graphicsmagick: Fix CVE-2016-5118. * gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/imagemagick.scm (graphicsmagick): Use it. 2016-05-30 05:36:37 +02:00			`Fix CVE-2016-5118 (popen() shell vulnerability via filename).`

			`https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118`

			`Upstream patch copied from the bug announcement:`
			`http://seclists.org/oss-sec/2016/q2/432`
			`https://marc.info/?l=oss-security&m=146455222600609&w=2`

			`diff -r 33200fc645f6 magick/blob.c`
			`--- a/magick/blob.c Sat Nov 07 14:49:16 2015 -0600`
			`+++ b/magick/blob.c Sun May 29 14:12:57 2016 -0500`
			`@@ -68,6 +68,7 @@`
			`*/`
			`#define DefaultBlobQuantum 65541`

			`+#undef HAVE_POPEN`

			`/*`
			`Enum declarations.`