From bbf8832f160120d4f78b563653db49ab715e7c6c Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Fri, 23 Feb 2018 14:24:42 +0100
Subject: gnu: optipng: Update to 0.7.7 [security fixes].
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This release claims to fix 2 vulnerabilities:
- ‘an integer overflow vulnerability in the TIFF decoder’
  (CVE-2017-1000229, previously patched in Guix), and
- ‘a buffer overflow vulnerability in the GIF decoder’.

* gnu/packages/image.scm (optipng): Update to 0.7.7.
[source]: Remove patch.
[arguments]: Substitute INVOKE for SYSTEM* and end phase with #t.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk | 1 -
 1 file changed, 1 deletion(-)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 2fd7e2478f..cd1926a665 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -950,7 +950,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
-  %D%/packages/patches/optipng-CVE-2017-1000229.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
-- 
cgit v1.2.3