From 858b9afeaf1b41dc524b50c568dccb38c8ef4e73 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 30 Dec 2016 14:29:48 -0500 Subject: gnu: libpng: Mention CVE-2016-10087. * gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: Rename to ... * gnu/packages/patches/libpng-CVE-2016-10087.patch: ... this. * gnu/local.mk (dist_patch_DATA): Adjust. * gnu/packages/image.scm (libpng/fixed)[source]: Use renamed patch. --- gnu/local.mk | 2 +- gnu/packages/image.scm | 2 +- gnu/packages/patches/libpng-CVE-2016-10087.patch | 37 ++++++++++++++++++++++ .../patches/libpng-fix-null-ptr-dereference.patch | 36 --------------------- 4 files changed, 39 insertions(+), 38 deletions(-) create mode 100644 gnu/packages/patches/libpng-CVE-2016-10087.patch delete mode 100644 gnu/packages/patches/libpng-fix-null-ptr-dereference.patch diff --git a/gnu/local.mk b/gnu/local.mk index b7c182fbf6..69633131e6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -675,7 +675,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ - %D%/packages/patches/libpng-fix-null-ptr-dereference.patch \ + %D%/packages/patches/libpng-CVE-2016-10087.patch \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 687596f966..ab4d3b0e57 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -95,7 +95,7 @@ library. It supports almost all PNG features and is extensible.") (source (origin (inherit (package-source libpng)) - (patches (search-patches "libpng-fix-null-ptr-dereference.patch")))))) + (patches (search-patches "libpng-CVE-2016-10087.patch")))))) (define-public libpng-1.2 (package diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch new file mode 100644 index 0000000000..8093b3e448 --- /dev/null +++ b/gnu/packages/patches/libpng-CVE-2016-10087.patch @@ -0,0 +1,37 @@ +Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 +http://seclists.org/oss-sec/2016/q4/777 + +Patch adapted from upstream source repository: + +https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ + +From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson +Date: Thu, 29 Dec 2016 07:51:33 -0600 +Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in + png_set_text_2() + +(bug report and patch by Patrick Keshishian). +--- + ANNOUNCE | 2 ++ + CHANGES | 2 ++ + png.c | 1 + + 3 files changed, 5 insertions(+) + +diff --git a/png.c b/png.c +index 8afc28fc2..2e05de159 100644 +--- a/png.c ++++ b/png.c +@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, + png_free(png_ptr, info_ptr->text); + info_ptr->text = NULL; + info_ptr->num_text = 0; ++ info_ptr->max_text = 0; + } + } + #endif +-- +2.11.0 + diff --git a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch deleted file mode 100644 index 192459162b..0000000000 --- a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix a null pointer dereference in png_set_text_2(): - -http://seclists.org/oss-sec/2016/q4/777 - -Patch adapted from upstream source repository: - -https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ - -From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson -Date: Thu, 29 Dec 2016 07:51:33 -0600 -Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in - png_set_text_2() - -(bug report and patch by Patrick Keshishian). ---- - ANNOUNCE | 2 ++ - CHANGES | 2 ++ - png.c | 1 + - 3 files changed, 5 insertions(+) - -diff --git a/png.c b/png.c -index 8afc28fc2..2e05de159 100644 ---- a/png.c -+++ b/png.c -@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, - png_free(png_ptr, info_ptr->text); - info_ptr->text = NULL; - info_ptr->num_text = 0; -+ info_ptr->max_text = 0; - } - } - #endif --- -2.11.0 - -- cgit v1.2.3