* gnu/packages/patches/libpng-1.2-fix-null-ptr-dereference.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libpng-1.2)[replacement]: New field. (libpng-1.2/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/image.scm | 9 ++++++ .../libpng-1.2-fix-null-ptr-dereference.patch | 36 ++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 gnu/packages/patches/libpng-1.2-fix-null-ptr-dereference.patch
diff --git a/gnu/local.mk b/gnu/local.mk index 38c1b0b94..fee497b0e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -676,6 +676,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ %D%/packages/patches/libpng-fix-null-ptr-dereference.patch \ + %D%/packages/patches/libpng-1.2-fix-null-ptr-dereference.patch \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 69eeaed58..a576ae71a 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -100,6 +100,7 @@ library. It supports almost all PNG features and is extensible.") (define-public libpng-1.2 (package (inherit libpng) + (replacement libpng-1.2/fixed) (version "1.2.56") (source (origin @@ -113,6 +114,14 @@ library. It supports almost all PNG features and is extensible.") (sha256 (base32 "1ghd03p353x0vi4dk83n1nlldg11w7vqdk3f99rkgfb82ic59ki4")))))) +(define libpng-1.2/fixed + (package + (inherit libpng-1.2) + (source + (origin + (inherit (package-source libpng-1.2)) + (patches (search-patches "libpng-1.2-fix-null-ptr-dereference.patch")))))) + (define-public libjpeg (package (name "libjpeg") diff --git a/gnu/packages/patches/libpng-1.2-fix-null-ptr-dereference.patch b/gnu/packages/patches/libpng-1.2-fix-null-ptr-dereference.patch new file mode 100644 index 000000000..e6220eed8 --- /dev/null +++ b/gnu/packages/patches/libpng-1.2-fix-null-ptr-dereference.patch @@ -0,0 +1,36 @@ +Fix a null pointer dereference in png_set_text_2(): + +http://seclists.org/oss-sec/2016/q4/777 + +Patch adapted from upstream source repository: + +https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ + +From 794a15fad6add4d636369d0b46f603a02995b2e2 Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> +Date: Thu, 29 Dec 2016 07:34:51 -0600 +Subject: [PATCH] [libpng12] Fixed a potential null pointer dereference in + png_set_text_2() + +(bug report and patch by Patrick Keshishian). +--- + ANNOUNCE | 2 ++ + CHANGES | 4 +++- + png.c | 1 + + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/png.c b/png.c +index 08d7e86b7..a4934d1d5 100644 +--- a/png.c ++++ b/png.c +@@ -393,6 +393,7 @@ png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask, + png_free(png_ptr, info_ptr->text); + info_ptr->text = NULL; + info_ptr->num_text=0; ++ info_ptr->max_text=0; + } + } + #endif +-- +2.11.0 + -- 2.11.0