From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Thu, 28 Feb 2019 20:29:00 +0100
Subject: [PATCH] netpbm: Fix CVE-2017-2586.

Copied verbatim from Debian[0].

[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2586.patch

---
diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
--- old/converter/other/svgtopam.c	2017-02-08 12:11:02.593690917 +0100
+++ new/converter/other/svgtopam.c	2017-02-08 12:13:05.192846469 +0100
@@ -676,7 +676,7 @@ stringToUint(const char *   const string
 
     /* TODO: move this to nstring.c */
 
-    if (strlen(string) == 0)
+    if (string == NULL || strlen(string) == 0)
         pm_asprintf(errorP, "Value is a null string");
     else {
         char * tailptr;
>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>refs</a><a class='active' href='/guix/log/gnu/packages/m4.scm'>log</a><a href='/guix/tree/gnu/packages/m4.scm?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>tree</a><a href='/guix/commit/gnu/packages/m4.scm?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>commit</a><a href='/guix/diff/gnu/packages/m4.scm?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/m4.scm'>
<input type='hidden' name='id' value='9e44a6f77615fa95990412a7b1dc2ba8086a5124'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>root</a>/<a href='/guix/log/gnu?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>gnu</a>/<a href='/guix/log/gnu/packages?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>packages</a>/<a href='/guix/log/gnu/packages/m4.scm?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124'>m4.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/m4.scm?id=9e44a6f77615fa95990412a7b1dc2ba8086a5124&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
ary uses of (guix grafts).</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-10-13 17:28:46 +0200'>2022-10-13</span></td><td><a href='/guix/commit/gnu/ci.scm?id=7c2b09f924788a9ed1b149830a4de4e2920d4618'>ci: Honor the system passed to image-&gt;job.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-10-11 16:05:31 +0200'>2022-10-11</span></td><td><a href='/guix/commit/gnu/ci.scm?id=22b9734b67b8f5946e09ed28843a9af26f345945'>Revert "guix system: Remove unused 'read-operating-system' procedure."</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-09-24 14:49:09 +0200'>2022-09-24</span></td><td><a href='/guix/commit/gnu/ci.scm?id=ebe9d660a55629f2506db124b0e016885fc61e5c'>gnu: Add compression module.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-08-17 11:29:38 +0200'>2022-08-17</span></td><td><a href='/guix/commit/gnu/ci.scm?id=5bbb9af5d99314a79d7f6535d9a3176c2c10e60b'>ci: Fix the images specification.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-08-09 15:16:06 +0200'>2022-08-09</span></td><td><a href='/guix/commit/gnu/ci.scm?id=5bce4c82422de6beb3ce6120ba1592be898c2b72'>build-system: Add 'channel-build-system'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-08-05 15:28:05 +0200'>2022-08-05</span></td><td><a href='/guix/commit/gnu/ci.scm?id=d11a432adffe9308eafec6b77cddd3145029109e'>guix system: Remove unused 'read-operating-system' procedure.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-05-25 09:27:25 +0200'>2022-05-25</span></td><td><a href='/guix/commit/gnu/ci.scm?id=dab819d5c4c55609efae098c8e3c2f2757c34e5b'>Move (gnu platform) and (gnu platforms ...) to guix/.</a><span class='msg-avail'>...</span></td><td>Josselin Poiret</td></tr>
<tr><td><span title='2022-05-22 15:15:33 +0200'>2022-05-22</span></td><td><a href='/guix/commit/gnu/ci.scm?id=dd970122ddf3679482f658f73dd68307496c6215'>ci: Do not rely on hardcoded cross-targets lists.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>

Age	Commit message (Expand)	Author
Ludovic Courtès
2022-10-13	ci: Honor the system passed to image->job....	Mathieu Othacehe
2022-10-11	Revert "guix system: Remove unused 'read-operating-system' procedure."...	Ludovic Courtès
2022-09-24	gnu: Add compression module....	Mathieu Othacehe
2022-08-17	ci: Fix the images specification....	Mathieu Othacehe
2022-08-09	build-system: Add 'channel-build-system'....	Ludovic Courtès
2022-08-05	guix system: Remove unused 'read-operating-system' procedure....	Ludovic Courtès
2022-05-25	Move (gnu platform) and (gnu platforms ...) to guix/....	Josselin Poiret
2022-05-22	ci: Do not rely on hardcoded cross-targets lists....	Mathieu Othacehe