[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/08: gnu: libpng: Update to 1.6.28.
From: |
Efraim Flashner |
Subject: |
02/08: gnu: libpng: Update to 1.6.28. |
Date: |
Mon, 20 Feb 2017 06:05:17 -0500 (EST) |
efraim pushed a commit to branch core-updates
in repository guix.
commit 864738baaa7bb75c08647ccfc684736479e67f7f
Author: Efraim Flashner <address@hidden>
Date: Mon Feb 20 09:48:09 2017 +0200
gnu: libpng: Update to 1.6.28.
* gnu/packages/image.scm (libpng): Update to 1.6.28.
[source]: Remove patch.
* gnu/packages/patches/libpng-CVE-2016-10087.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/image.scm | 5 ++--
gnu/packages/patches/libpng-CVE-2016-10087.patch | 37 ------------------------
3 files changed, 2 insertions(+), 41 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 2c513de..db15273 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -685,7 +685,6 @@ dist_patch_DATA =
\
%D%/packages/patches/libmad-armv7-thumb-pt2.patch \
%D%/packages/patches/libmad-frame-length.patch \
%D%/packages/patches/libmad-mips-newgcc.patch \
- %D%/packages/patches/libpng-CVE-2016-10087.patch \
%D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtheora-config-guess.patch \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 82d9091..cbdc1b3 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -65,7 +65,7 @@
(define-public libpng
(package
(name "libpng")
- (version "1.6.25")
+ (version "1.6.28")
(source (origin
(method url-fetch)
(uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
@@ -76,9 +76,8 @@
(string-append
"ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
"/libpng16/libpng-" version ".tar.xz")))
- (patches (search-patches "libpng-CVE-2016-10087.patch"))
(sha256
- (base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
+ (base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"))))
(build-system gnu-build-system)
;; libpng.la says "-lz", so propagate it.
diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch
b/gnu/packages/patches/libpng-CVE-2016-10087.patch
deleted file mode 100644
index 8093b3e..0000000
--- a/gnu/packages/patches/libpng-CVE-2016-10087.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
-http://seclists.org/oss-sec/2016/q4/777
-
-Patch adapted from upstream source repository:
-
-https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
-
-From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
-From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
-Date: Thu, 29 Dec 2016 07:51:33 -0600
-Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
- png_set_text_2()
-
-(bug report and patch by Patrick Keshishian).
----
- ANNOUNCE | 2 ++
- CHANGES | 2 ++
- png.c | 1 +
- 3 files changed, 5 insertions(+)
-
-diff --git a/png.c b/png.c
-index 8afc28fc2..2e05de159 100644
---- a/png.c
-+++ b/png.c
-@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp
info_ptr, png_uint_32 mask,
- png_free(png_ptr, info_ptr->text);
- info_ptr->text = NULL;
- info_ptr->num_text = 0;
-+ info_ptr->max_text = 0;
- }
- }
- #endif
---
-2.11.0
-
- branch core-updates updated (8f8f250 -> 3b88f37), Efraim Flashner, 2017/02/20
- 03/08: gnu: coreutils: Don't run tests in parallel., Efraim Flashner, 2017/02/20
- 01/08: gnu: libpng: Update source urls., Efraim Flashner, 2017/02/20
- 04/08: gnu: bash: Update to patch level 12., Efraim Flashner, 2017/02/20
- 06/08: gnu: %bootstrap-coreutils&co: Patch egrep/fgrep to work regardless of $PATH., Efraim Flashner, 2017/02/20
- 05/08: Merge remote-tracking branch 'origin/master' into core-updates, Efraim Flashner, 2017/02/20
- 02/08: gnu: libpng: Update to 1.6.28.,
Efraim Flashner <=
- 08/08: gnu: Add bootstrap-binaries for 'aarch64-linux'., Efraim Flashner, 2017/02/20
- 07/08: daemon: Ensure proper alignment on the stack., Efraim Flashner, 2017/02/20