Fix CVE-2017-11590:

https://bugzilla.gnome.org/show_bug.cgi?id=785479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590

Patch copied from upstream source repository:

https://git.gnome.org/browse/libgxps/commit/?id=9d5d292055250ed298f3b89dc332d6db4003a031

From 9d5d292055250ed298f3b89dc332d6db4003a031 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Wed, 26 Jul 2017 16:23:37 +0200
Subject: archive: Check for pathname being NULL before dereferencing

Check whether "archive_entry_pathname ()" returns a non-NULL pathname
before using it to avoid a NULL pointer being dereferenced.

https://bugzilla.gnome.org/show_bug.cgi?id=785479
---
 libgxps/gxps-archive.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
index acf8d7d..e763773 100644
--- a/libgxps/gxps-archive.c
+++ b/libgxps/gxps-archive.c
@@ -257,6 +257,7 @@ gxps_archive_initable_init (GInitable     *initable,
 	GXPSArchive          *archive;
 	ZipArchive           *zip;
 	struct archive_entry *entry;
+	const gchar          *pathname;
 
 	archive = GXPS_ARCHIVE (initable);
 
@@ -281,7 +282,9 @@ gxps_archive_initable_init (GInitable     *initable,
 
         while (gxps_zip_archive_iter_next (zip, &entry)) {
                 /* FIXME: We can ignore directories here */
-                g_hash_table_add (archive->entries, g_strdup (archive_entry_pathname (entry)));
+                pathname = archive_entry_pathname (entry);
+                if (pathname != NULL)
+                        g_hash_table_add (archive->entries, g_strdup (pathname));
                 archive_read_data_skip (zip->archive);
         }
 
-- 
cgit v0.12

tion value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=555b90861901243af8e8a35584625f098a475ea0'>root</a>/<a href='/guix/log/tests?id=555b90861901243af8e8a35584625f098a475ea0'>tests</a>/<a href='/guix/log/tests/graph.scm?id=555b90861901243af8e8a35584625f098a475ea0'>graph.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/graph.scm?id=555b90861901243af8e8a35584625f098a475ea0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-10-20 16:30:15 +0200'>2020-10-20</span></td><td><a href='/guix/commit/tests/graph.scm?id=a9fd59dbd2d32e08c9479ac026b99b5c1dbbb0db'>graph: Adjust test for recent OCaml changes.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-05-22 01:29:39 +0200'>2020-05-22</span></td><td><a href='/guix/commit/tests/graph.scm?id=ce0be5675b702b2ff89aed1772ebb42af4150243'>packages: Introduce &lt;content-hash&gt; and use it in &lt;origin&gt;.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-05-11 23:30:55 +0200'>2020-05-11</span></td><td><a href='/guix/commit/tests/graph.scm?id=36c2192414dfcc43db767106cede2cc1d0e6e556'>graph: Add 'shortest-path'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-05-11 23:30:55 +0200'>2020-05-11</span></td><td><a href='/guix/commit/tests/graph.scm?id=724020213664239ec5c92d04f5fee44c25408a7f'>graph: reference/referrer node types work with graph traversal.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-02-05 16:18:58 +0100'>2020-02-05</span></td><td><a href='/guix/commit/tests/graph.scm?id=312df1d40cf2d61fc96b32efedc16d958718fc48'>tests: Adjust reverse-bag graph test to recent OCaml changes.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-03-23 23:16:55 +0100'>2019-03-23</span></td><td><a href='/guix/commit/tests/graph.scm?id=8c14f7f8a7ab0722bf4c9f92fd28ae85514d564f'>Merge branch 'staging' into core-updates</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-03-23 18:15:36 +0100'>2019-03-23</span></td><td><a href='/guix/commit/tests/graph.scm?id=2b81eac01e5828c6fce61b3cafc0f78e7a0ab891'>graph: Add the 'reverse-bag' graph.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-09-22 22:40:12 +0200'>2018-09-22</span></td><td><a href='/guix/commit/tests/graph.scm?id=a2b2070b679ff7e92d856c7d6775f5f67ce4792d'>bootstrap: %bootstrap-inputs: Wrap input lists into thunks.</a><span class='msg-avail'>...</span></td><td>Jan Nieuwenhuizen</td></tr>

Age	Commit message (Expand)	Author
2020-10-20	graph: Adjust test for recent OCaml changes....	Ludovic Courtès
2020-05-22	packages: Introduce <content-hash> and use it in <origin>....	Ludovic Courtès
2020-05-11	graph: Add 'shortest-path'....	Ludovic Courtès
2020-05-11	graph: reference/referrer node types work with graph traversal....	Ludovic Courtès
2020-02-05	tests: Adjust reverse-bag graph test to recent OCaml changes....	Ludovic Courtès
2019-03-23	Merge branch 'staging' into core-updates	Marius Bakke
2019-03-23	graph: Add the 'reverse-bag' graph....	Ludovic Courtès
2018-09-22	bootstrap: %bootstrap-inputs: Wrap input lists into thunks....	Jan Nieuwenhuizen