diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2017-02-20 09:48:09 +0200 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2017-02-20 10:54:25 +0200 |
| commit | 864738baaa7bb75c08647ccfc684736479e67f7f (patch) | |
| tree | bb7b8505c5a728d2547155370a4518eaf7d0c8fb | |
| parent | 913059a12034a11e7f16374ae6e3291da5860d1b (diff) | |
gnu: libpng: Update to 1.6.28.
* gnu/packages/image.scm (libpng): Update to 1.6.28.
[source]: Remove patch.
* gnu/packages/patches/libpng-CVE-2016-10087.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/image.scm | 5 | ||||
| -rw-r--r-- | gnu/packages/patches/libpng-CVE-2016-10087.patch | 37 |
3 files changed, 2 insertions, 41 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 2c513dee5c..db15273eb6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -685,7 +685,6 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ - %D%/packages/patches/libpng-CVE-2016-10087.patch \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 82d9091188..cbdc1b39dc 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -65,7 +65,7 @@ (define-public libpng (package (name "libpng") - (version "1.6.25") + (version "1.6.28") (source (origin (method url-fetch) (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" @@ -76,9 +76,8 @@ (string-append "ftp://ftp.simplesystems.org/pub/libpng/png/src/history" "/libpng16/libpng-" version ".tar.xz"))) - (patches (search-patches "libpng-CVE-2016-10087.patch")) (sha256 - (base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9")))) + (base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq")))) (build-system gnu-build-system) ;; libpng.la says "-lz", so propagate it. diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch deleted file mode 100644 index 8093b3e448..0000000000 --- a/gnu/packages/patches/libpng-CVE-2016-10087.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 -http://seclists.org/oss-sec/2016/q4/777 - -Patch adapted from upstream source repository: - -https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ - -From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> -Date: Thu, 29 Dec 2016 07:51:33 -0600 -Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in - png_set_text_2() - -(bug report and patch by Patrick Keshishian). ---- - ANNOUNCE | 2 ++ - CHANGES | 2 ++ - png.c | 1 + - 3 files changed, 5 insertions(+) - -diff --git a/png.c b/png.c -index 8afc28fc2..2e05de159 100644 ---- a/png.c -+++ b/png.c -@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, - png_free(png_ptr, info_ptr->text); - info_ptr->text = NULL; - info_ptr->num_text = 0; -+ info_ptr->max_text = 0; - } - } - #endif --- -2.11.0 - |