From 858b9afeaf1b41dc524b50c568dccb38c8ef4e73 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 30 Dec 2016 14:29:48 -0500
Subject: gnu: libpng: Mention CVE-2016-10087.

* gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: Rename to ...
* gnu/packages/patches/libpng-CVE-2016-10087.patch: ... this.
* gnu/local.mk (dist_patch_DATA): Adjust.
* gnu/packages/image.scm (libpng/fixed)[source]: Use renamed patch.
---
 gnu/packages/patches/libpng-CVE-2016-10087.patch   | 37 ++++++++++++++++++++++
 .../patches/libpng-fix-null-ptr-dereference.patch  | 36 ---------------------
 2 files changed, 37 insertions(+), 36 deletions(-)
 create mode 100644 gnu/packages/patches/libpng-CVE-2016-10087.patch
 delete mode 100644 gnu/packages/patches/libpng-fix-null-ptr-dereference.patch

(limited to 'gnu/packages/patches')

diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch
new file mode 100644
index 0000000000..8093b3e448
--- /dev/null
+++ b/gnu/packages/patches/libpng-CVE-2016-10087.patch
@@ -0,0 +1,37 @@
+Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
+http://seclists.org/oss-sec/2016/q4/777
+
+Patch adapted from upstream source repository:
+
+https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
+
+From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Thu, 29 Dec 2016 07:51:33 -0600
+Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
+ png_set_text_2()
+
+(bug report and patch by Patrick Keshishian).
+---
+ ANNOUNCE | 2 ++
+ CHANGES  | 2 ++
+ png.c    | 1 +
+ 3 files changed, 5 insertions(+)
+
+diff --git a/png.c b/png.c
+index 8afc28fc2..2e05de159 100644
+--- a/png.c
++++ b/png.c
+@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
+          png_free(png_ptr, info_ptr->text);
+          info_ptr->text = NULL;
+          info_ptr->num_text = 0;
++         info_ptr->max_text = 0;
+       }
+    }
+ #endif
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch
deleted file mode 100644
index 192459162b..0000000000
--- a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix a null pointer dereference in png_set_text_2():
-
-http://seclists.org/oss-sec/2016/q4/777
-
-Patch adapted from upstream source repository:
-
-https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
-
-From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
-From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
-Date: Thu, 29 Dec 2016 07:51:33 -0600
-Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
- png_set_text_2()
-
-(bug report and patch by Patrick Keshishian).
----
- ANNOUNCE | 2 ++
- CHANGES  | 2 ++
- png.c    | 1 +
- 3 files changed, 5 insertions(+)
-
-diff --git a/png.c b/png.c
-index 8afc28fc2..2e05de159 100644
---- a/png.c
-+++ b/png.c
-@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
-          png_free(png_ptr, info_ptr->text);
-          info_ptr->text = NULL;
-          info_ptr->num_text = 0;
-+         info_ptr->max_text = 0;
-       }
-    }
- #endif
--- 
-2.11.0
-
-- 
cgit v1.2.3