From bbf8832f160120d4f78b563653db49ab715e7c6c Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 23 Feb 2018 14:24:42 +0100 Subject: gnu: optipng: Update to 0.7.7 [security fixes]. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This release claims to fix 2 vulnerabilities: - ‘an integer overflow vulnerability in the TIFF decoder’ (CVE-2017-1000229, previously patched in Guix), and - ‘a buffer overflow vulnerability in the GIF decoder’. * gnu/packages/image.scm (optipng): Update to 0.7.7. [source]: Remove patch. [arguments]: Substitute INVOKE for SYSTEM* and end phase with #t. * gnu/packages/patches/optipng-CVE-2017-1000229.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- .../patches/optipng-CVE-2017-1000229.patch | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 gnu/packages/patches/optipng-CVE-2017-1000229.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/optipng-CVE-2017-1000229.patch b/gnu/packages/patches/optipng-CVE-2017-1000229.patch deleted file mode 100644 index 2cb3b2f21c..0000000000 --- a/gnu/packages/patches/optipng-CVE-2017-1000229.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fix CVE-2017-1000229: - -https://security-tracker.debian.org/tracker/CVE-2017-1000229 -https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000229.html -https://nvd.nist.gov/vuln/detail/CVE-2017-1000229 - -Patch copied from upstream bug tracker: -https://sourceforge.net/p/optipng/bugs/65/ - -diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c -index b4910ec..5f9b376 100644 ---- a/src/minitiff/tiffread.c -+++ b/src/minitiff/tiffread.c -@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp) - count = tiff_ptr->strip_offsets_count; - if (count == 0 || count > tiff_ptr->height) - goto err_invalid; -+ if (count > (size_t)-1 / sizeof(long)) -+ goto err_memory; - tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long)); - if (tiff_ptr->strip_offsets == NULL) - goto err_memory; -- cgit 1.4.1