From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 1/2] gnu: libpng: Fix a null pointer dereference [fixes security issue]. Date: Thu, 29 Dec 2016 13:42:21 -0500 Message-ID: <20161229184221.GA23768@jasmine> References: <1f9d01a3e412ef0677a4487d56eaa382ed86004c.1483034687.git.leo@famulari.name> <87inq2wq0n.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53204) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cMfeo-00013p-AN for guix-devel@gnu.org; Thu, 29 Dec 2016 13:42:31 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cMfek-0000sk-6y for guix-devel@gnu.org; Thu, 29 Dec 2016 13:42:30 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:48270) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cMfek-0000sS-2b for guix-devel@gnu.org; Thu, 29 Dec 2016 13:42:26 -0500 Content-Disposition: inline In-Reply-To: <87inq2wq0n.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Marius Bakke Cc: guix-devel@gnu.org --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 29, 2016 at 07:26:16PM +0100, Marius Bakke wrote: > Leo Famulari writes: >=20 > > * gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. > > * gnu/packages/image.scm (libpng)[replacement]: New field. > > (libpng/fixed): New variable. >=20 > That was quick! Both patches LGTM. I realized that since libpng-1.2 only has one user, it's not necessary to graft the update. So I simply updated it to 1.2.57. Thanks for the review! --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlhlWQ0ACgkQJkb6MLrK fwg2ow/8CeMod0vsc7kZ/RQ/Xtk+Gh9jNelzax1aBwfYgYwZ79D1aeidO2jVTeK3 Ge64kFh7gQYp9/xMlCuimPLt70YugX5k0mFGhd5KG/g8VZJtA72XfoWlpIGzaMj6 TeMr7Kr/o1tWJM9/SWZUZGV5PF4reAZOMgRTLLDUvC2sXv1S2PuDuA7XrFXScgKl R2sXm6ETRVQUNNwkYfiE3xV4qUyAM6BB4P3AAGMTmDD/Y5OnI1JrcWlg//zPvYhf fLVv4MMtbLDW5sXZYuADBBL6IVN5cO8Dqy35RxSB1zun3WF8SV0HPevlY4QicC84 reedY/iIulMrpfL4KV67fzmnaRCnbg8ak25h7aMbvf3e2g8u0gNpfoj9NKgt2jv7 8EoxAcqSTgiYSoQW5Qm/B2gSAlHAVLIKG9n386NYqq2uE0zIAoSttk3tqNuakQek hoPMiHZVQQssboShzxMj4ezSz/mtsZBRIC354nM+xFcFPxraiFPyGCUTwp/pWhKJ YXwtJS1gpgLQ+dzyJgeDApDdpJ4no3OXDjM40cB7pcus+IujkVcT8eCT/AA1MWUn hXqvWtHDDKMk29nlZ9IO43KzWI+ekgQ90BM1HACD/7rBBuOMT/m+2xnb2TsQfae7 pkEQa1DyCU+JPDfk0fV2mx2nTTB0x2EIxdGq7BMz8cgFkEK8F20= =WDOU -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF--