gnu: libpng: Update to 1.6.28.
* gnu/packages/image.scm (libpng): Update to 1.6.28. [source]: Remove patch. * gnu/packages/patches/libpng-CVE-2016-10087.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
913059a120
commit
864738baaa
|
@ -685,7 +685,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/libmad-armv7-thumb-pt2.patch \
|
%D%/packages/patches/libmad-armv7-thumb-pt2.patch \
|
||||||
%D%/packages/patches/libmad-frame-length.patch \
|
%D%/packages/patches/libmad-frame-length.patch \
|
||||||
%D%/packages/patches/libmad-mips-newgcc.patch \
|
%D%/packages/patches/libmad-mips-newgcc.patch \
|
||||||
%D%/packages/patches/libpng-CVE-2016-10087.patch \
|
|
||||||
%D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \
|
%D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \
|
||||||
%D%/packages/patches/libtar-CVE-2013-4420.patch \
|
%D%/packages/patches/libtar-CVE-2013-4420.patch \
|
||||||
%D%/packages/patches/libtheora-config-guess.patch \
|
%D%/packages/patches/libtheora-config-guess.patch \
|
||||||
|
|
|
@ -65,7 +65,7 @@
|
||||||
(define-public libpng
|
(define-public libpng
|
||||||
(package
|
(package
|
||||||
(name "libpng")
|
(name "libpng")
|
||||||
(version "1.6.25")
|
(version "1.6.28")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
|
(uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
|
||||||
|
@ -76,9 +76,8 @@
|
||||||
(string-append
|
(string-append
|
||||||
"ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
|
"ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
|
||||||
"/libpng16/libpng-" version ".tar.xz")))
|
"/libpng16/libpng-" version ".tar.xz")))
|
||||||
(patches (search-patches "libpng-CVE-2016-10087.patch"))
|
|
||||||
(sha256
|
(sha256
|
||||||
(base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
|
(base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
|
|
||||||
;; libpng.la says "-lz", so propagate it.
|
;; libpng.la says "-lz", so propagate it.
|
||||||
|
|
|
@ -1,37 +0,0 @@
|
||||||
Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
|
|
||||||
http://seclists.org/oss-sec/2016/q4/777
|
|
||||||
|
|
||||||
Patch adapted from upstream source repository:
|
|
||||||
|
|
||||||
https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
|
|
||||||
|
|
||||||
From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
|
|
||||||
Date: Thu, 29 Dec 2016 07:51:33 -0600
|
|
||||||
Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
|
|
||||||
png_set_text_2()
|
|
||||||
|
|
||||||
(bug report and patch by Patrick Keshishian).
|
|
||||||
---
|
|
||||||
ANNOUNCE | 2 ++
|
|
||||||
CHANGES | 2 ++
|
|
||||||
png.c | 1 +
|
|
||||||
3 files changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/png.c b/png.c
|
|
||||||
index 8afc28fc2..2e05de159 100644
|
|
||||||
--- a/png.c
|
|
||||||
+++ b/png.c
|
|
||||||
@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
|
|
||||||
png_free(png_ptr, info_ptr->text);
|
|
||||||
info_ptr->text = NULL;
|
|
||||||
info_ptr->num_text = 0;
|
|
||||||
+ info_ptr->max_text = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
--
|
|
||||||
2.11.0
|
|
||||||
|
|
Loading…
Reference in New Issue