HCoop / jackhill / guix / guix.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a82c90) | patch
gnu: optipng: Update to 0.7.7 [security fixes].
authorTobias Geerinckx-Rice <me@tobias.gr>
Fri, 23 Feb 2018 13:24:42 +0000 (14:24 +0100)
committerTobias Geerinckx-Rice <me@tobias.gr>
Fri, 23 Feb 2018 15:00:04 +0000 (16:00 +0100)
commitbbf8832f160120d4f78b563653db49ab715e7c6c
tree217482b39ebfd4aa03f7810e1cccb18c05a66ddftree | snapshot (tar.gz zip)
parent5a82c904004d6db4bc3b2d294e6dacb5ac0139f8commit | diff
gnu: optipng: Update to 0.7.7 [security fixes].

This release claims to fix 2 vulnerabilities:
- ‘an integer overflow vulnerability in the TIFF decoder’
  (CVE-2017-1000229, previously patched in Guix), and
- ‘a buffer overflow vulnerability in the GIF decoder’.

* gnu/packages/image.scm (optipng): Update to 0.7.7.
[source]: Remove patch.
[arguments]: Substitute INVOKE for SYSTEM* and end phase with #t.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
gnu/local.mk diff | blob | blame | history
gnu/packages/image.scm diff | blob | blame | history
gnu/packages/patches/optipng-CVE-2017-1000229.patch [deleted file] blob | blame | history
jackhill's copy of GNU Guix: https://guix.gnu.org/