aboutsummaryrefslogtreecommitdiff
path: root/berlin.guixsd.org.pub
blob: f156a37b087958f5c68e4aa8cd8d8c78db93849a (about) (plain) 
1
2
3
4
5
6

(public-key 
 (ecc 
  (curve Ed25519)
  (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)
  )
 )
generated by cgit
ame='ignorews' onchange='this.form.submit();'>mode:
authorMarius Bakke <mbakke@fastmail.com>2017-09-20 18:49:26 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-09-20 18:49:26 +0200
commit58366883f2f1516a4a02f5b4e2a70e86481827b5 (patch)
treefa67d714c4596164b341118132728a48135f4759 /gnu/packages/patches
parentf40aef6b3b56e1e5fb6e6ac29bd372000e13982f (diff)
parent9a1c4a981bdd7eeca76aaf73a57d6841918821c2 (diff)
downloadguix-58366883f2f1516a4a02f5b4e2a70e86481827b5.tar.gz
guix-58366883f2f1516a4a02f5b4e2a70e86481827b5.zip
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/bluez-CVE-2017-1000250.patch42
-rw-r--r--gnu/packages/patches/calibre-drop-unrar.patch49
-rw-r--r--gnu/packages/patches/csound-header-ordering.patch20
-rw-r--r--gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch85
-rw-r--r--gnu/packages/patches/file-CVE-2017-1000249.patch27
-rw-r--r--gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch14
-rw-r--r--gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch13
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch137
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch80
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch72
-rw-r--r--gnu/packages/patches/httpd-CVE-2017-9798.patch22
-rw-r--r--gnu/packages/patches/libarchive-CVE-2017-14166.patch45
-rw-r--r--gnu/packages/patches/libzip-CVE-2017-12858.patch45
-rw-r--r--gnu/packages/patches/meson-for-build-rpath.patch24
-rw-r--r--gnu/packages/patches/newsbeuter-CVE-2017-14500.patch43
-rw-r--r--gnu/packages/patches/openfoam-4.1-cleanup.patch243
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14151.patch46
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14152.patch38
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14164.patch89
-rw-r--r--gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch32
-rw-r--r--gnu/packages/patches/python-acme-dont-use-openssl-rand.patch28
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-13711.patch89
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-14167.patch69
-rw-r--r--gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch355
-rw-r--r--gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch355
-rw-r--r--gnu/packages/patches/ruby-rubygems-2612-ruby24.patch437
-rw-r--r--gnu/packages/patches/ruby-rubygems-2613-ruby24.patch355
27 files changed, 1238 insertions, 1616 deletions
diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch
new file mode 100644
index 0000000000..81f209d7b2
--- /dev/null
+++ b/gnu/packages/patches/bluez-CVE-2017-1000250.patch
@@ -0,0 +1,42 @@
+Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/875633
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446
+Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342
+Forwarded: no
+Author: Armis Security <security@armis.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-09-13
+
+--- a/src/sdpd-request.c
++++ b/src/sdpd-request.c
+@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r
+ /* continuation State exists -> get from cache */
+ sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
+ if (pCache) {
+- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+- pResponse = pCache->data;
+- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+- buf->data_size += sent;
+- cstate->cStateValue.maxBytesSent += sent;
+- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
+- cstate_size = sdp_set_cstate_pdu(buf, NULL);
+- else
+- cstate_size = sdp_set_cstate_pdu(buf, cstate);
++ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
++ status = SDP_INVALID_CSTATE;
++ SDPDBG("Got bad cstate with invalid size");
++ } else {
++ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
++ pResponse = pCache->data;
++ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
++ buf->data_size += sent;
++ cstate->cStateValue.maxBytesSent += sent;
++ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
++ cstate_size = sdp_set_cstate_pdu(buf, NULL);
++ else
++ cstate_size = sdp_set_cstate_pdu(buf, cstate);
++ }
+ } else {
+ status = SDP_INVALID_CSTATE;
+ SDPDBG("Non-null continuation state, but null cache buffer");
diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch
deleted file mode 100644
index adf977b183..0000000000
--- a/gnu/packages/patches/calibre-drop-unrar.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Recreated old debian patch on the latest calibre version
-
-From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001
-From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
-Date: Sat, 13 May 2017 21:12:12 +1000
-Subject: [PATCH] Remove unrar extension
-
----
- setup/extensions.json | 11 -----------
- src/calibre/ebooks/metadata/archive.py | 2 +-
- 2 files changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/setup/extensions.json b/setup/extensions.json
-index 1f6d1fb5fd..127390450f 100644
---- a/setup/extensions.json
-+++ b/setup/extensions.json
-@@ -211,16 +211,5 @@
- "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c",
- "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h",
- "libraries": "mtp"
-- },
-- {
-- "name": "unrar",
-- "sources": "unrar/rar.cpp unrar/strlist.cpp unrar/strfn.cpp unrar/pathfn.cpp unrar/savepos.cpp unrar/smallfn.cpp unrar/global.cpp unrar/file.cpp unrar/filefn.cpp unrar/filcreat.cpp unrar/archive.cpp unrar/arcread.cpp unrar/unicode.cpp unrar/system.cpp unrar/isnt.cpp unrar/crypt.cpp unrar/crc.cpp unrar/rawread.cpp unrar/encname.cpp unrar/resource.cpp unrar/match.cpp unrar/timefn.cpp unrar/rdwrfn.cpp unrar/consio.cpp unrar/options.cpp unrar/ulinks.cpp unrar/errhnd.cpp unrar/rarvm.cpp unrar/secpassword.cpp unrar/rijndael.cpp unrar/getbits.cpp unrar/sha1.cpp unrar/extinfo.cpp unrar/extract.cpp unrar/volume.cpp unrar/list.cpp unrar/find.cpp unrar/unpack.cpp unrar/cmddata.cpp unrar/filestr.cpp unrar/scantree.cpp calibre/utils/unrar.cpp",
-- "inc_dirs": "unrar",
-- "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE",
-- "windows_defines": "SILENT RARDLL UNRAR",
-- "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE",
-- "haiku_libraries": "bsd",
-- "optimize_level": 2,
-- "windows_libraries": "User32 Advapi32 kernel32 Shell32"
- }
- ]
-diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py
-index f5c0b7bed3..32257dcdae 100644
---- a/src/calibre/ebooks/metadata/archive.py
-+++ b/src/calibre/ebooks/metadata/archive.py
-@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin):
- description = _('Extract common e-book formats from archive files '
- '(ZIP/RAR). Also try to autodetect if they are actually '
- 'CBZ/CBR files.')
-- file_types = set(['zip', 'rar'])
-+ file_types = set(['zip'])
- supported_platforms = ['windows', 'osx', 'linux']
- on_import = True
-
---
-2.12.2
-
diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch
deleted file mode 100644
index 3640d123dd..0000000000
--- a/gnu/packages/patches/csound-header-ordering.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Prevent compilation issues with boost-1.60.0.
-
-Reported upstream at https://github.com/csound/csound/issues/570
-
---- Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-04-25 14:06:22.995646234 -0500
-+++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-12-21 10:31:58.182362640 -0600
-@@ -117,11 +117,12 @@
- // d = sys_variables(12);
- // gnor = a*(x.^3) + b*(x.^2) + c*x + d;
-
--#include <OpcodeBase.hpp>
- #include <boost/numeric/ublas/vector.hpp>
- using namespace boost::numeric;
- #include <cmath>
-
-+#include <OpcodeBase.hpp>
-+
- #undef CS_KSMPS
- #define CS_KSMPS (opds.insdshead->ksmps)
-
diff --git a/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
new file mode 100644
index 0000000000..7e45d30129
--- /dev/null
+++ b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
@@ -0,0 +1,85 @@
+This patch fixes a remote code execution vulnerability reported here:
+
+ https://bugs.gnu.org/28350
+ http://www.openwall.com/lists/oss-security/2017/09/11/1
+
+From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
+From: Lars Ingebrigtsen <larsi@gnus.org>
+Date: Fri, 8 Sep 2017 20:23:31 -0700
+Subject: Remove unsafe enriched mode translations
+
+* lisp/gnus/mm-view.el (mm-inline-text):
+Do not worry about enriched or richtext type.
+* lisp/textmodes/enriched.el (enriched-translations):
+Remove translations for FUNCTION, display (Bug#28350).
+(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+---
+ lisp/gnus/mm-view.el | 4 ----
+ lisp/textmodes/enriched.el | 32 --------------------------------
+ 2 files changed, 36 deletions(-)
+
+diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
+index e5859d0..77ad271 100644
+--- a/lisp/gnus/mm-view.el
++++ b/lisp/gnus/mm-view.el
+@@ -383,10 +383,6 @@
+ (goto-char (point-max))))
+ (save-restriction
+ (narrow-to-region b (point))
+- (when (member type '("enriched" "richtext"))
+- (set-text-properties (point-min) (point-max) nil)
+- (ignore-errors
+- (enriched-decode (point-min) (point-max))))
+ (mm-handle-set-undisplayer
+ handle
+ `(lambda ()
+diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
+index beb6c6d..a8f0d38 100644
+--- a/lisp/textmodes/enriched.el
++++ b/lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.")
+ (full "flushboth")
+ (center "center"))
+ (PARAMETER (t "param")) ; Argument of preceding annotation
+- ;; The following are not part of the standard:
+- (FUNCTION (enriched-decode-foreground "x-color")
+- (enriched-decode-background "x-bg-color")
+- (enriched-decode-display-prop "x-display"))
+ (read-only (t "x-read-only"))
+- (display (nil enriched-handle-display-prop))
+ (unknown (nil format-annotate-value))
+ ; (font-size (2 "bigger") ; unimplemented
+ ; (-2 "smaller"))
+@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found."
+ (message "Warning: no color specified for <x-bg-color>")
+ nil))
+
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+- "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value. Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open. Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+- (let ((annotation "x-display")
+- (param (prin1-to-string (or old new))))
+- (if (null old)
+- (cons nil (list (list annotation param)))
+- (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+- "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+- (let ((prop (when (stringp param)
+- (condition-case ()
+- (car (read-from-string param))
+- (error nil)))))
+- (unless prop
+- (message "Warning: invalid <x-display> parameter %s" param))
+- (list start end 'display prop)))
+
+ ;;; enriched.el ends here
diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch
new file mode 100644
index 0000000000..505acf1592
--- /dev/null
+++ b/gnu/packages/patches/file-CVE-2017-1000249.patch
@@ -0,0 +1,27 @@
+https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch
+http://openwall.com/lists/oss-security/2017/09/05/3
+
+The patch is minorly modified to apply to file-5.30
+
+From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sun, 27 Aug 2017 07:55:02 +0000
+Subject: [PATCH] Fix always true condition (Thomas Jarosch)
+
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 81451827..5f425c97 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ size_t noff, size_t doff, int *flags)
+ {
+ if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
+- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
++ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
+ uint8_t desc[20];
+ const char *btype;
+ uint32_t i;
diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch
new file mode 100644
index 0000000000..d9f0cc1212
--- /dev/null
+++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch
@@ -0,0 +1,14 @@
+Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8327>.
+
+--- a/util.c 2014-06-20 19:26:18 +0000
++++ b/util.c 2015-10-30 15:45:03 +0000
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+
+
+-const char* shellescapes = "|<>&!$\'\"#*?()[]{}";
++const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
+
+ const char * temp_dir()
+ {
+
diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch
new file mode 100644
index 0000000000..d3c3024220
--- /dev/null
+++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch
@@ -0,0 +1,13 @@
+Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8560>.
+
+--- a/util.c 2015-10-30 15:45:03 +0000
++++ b/util.c 2015-12-12 23:27:21 +0000
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+
+
+-const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
+
+ const char * temp_dir()
+ {
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
new file mode 100644
index 0000000000..dbcaea1343
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
@@ -0,0 +1,137 @@
+http://www.openwall.com/lists/oss-security/2017/09/01/6
+
+CVE-2017-11403:
+http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
+
+CVE-2017-14103:
+http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
+# Date 1503875721 14400
+# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2
+# Parent f0f2ea85a2930f3b6dcd72352719adb9660f2aad
+Attempt to fix Issue 440.
+
+diff -ru a/coders/png.c b/coders/png.c
+--- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500
++++ b/coders/png.c 2017-09-10 11:31:56.543194173 -0400
+@@ -3106,7 +3106,9 @@
+ if (length > PNG_MAX_UINT || count == 0)
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(CorruptImageError,CorruptImage,image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ "chunk length (%lu) > PNG_MAX_UINT",length);
++ return ((Image*)NULL);
+ }
+
+ chunk=(unsigned char *) NULL;
+@@ -3117,13 +3119,16 @@
+ if (chunk == (unsigned char *) NULL)
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
+- image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " Could not allocate chunk memory");
++ return ((Image*)NULL);
+ }
+ if (ReadBlob(image,length,chunk) < length)
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(CorruptImageError,CorruptImage,image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " chunk reading was incomplete");
++ return ((Image*)NULL);
+ }
+ p=chunk;
+ }
+@@ -3198,7 +3203,7 @@
+ jng_width, jng_height);
+ MagickFreeMemory(chunk);
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++ return ((Image *)NULL);
+ }
+
+ /* Temporarily set width and height resources to match JHDR */
+@@ -3233,8 +3238,9 @@
+ if (color_image == (Image *) NULL)
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
+- image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " could not open color_image blob");
++ return ((Image *)NULL);
+ }
+ if (logging)
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+@@ -3245,7 +3251,9 @@
+ if (status == MagickFalse)
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(CoderError,UnableToOpenBlob,color_image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " could not open color_image blob");
++ return ((Image *)NULL);
+ }
+
+ if (!image_info->ping && jng_color_type >= 12)
+@@ -3255,17 +3263,18 @@
+ if (alpha_image_info == (ImageInfo *) NULL)
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(ResourceLimitError,
+- MemoryAllocationFailed, image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " could not allocate alpha_image_info",length);
++ return ((Image *)NULL);
+ }
+ GetImageInfo(alpha_image_info);
+ alpha_image=AllocateImage(alpha_image_info);
+ if (alpha_image == (Image *) NULL)
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+- ThrowReaderException(ResourceLimitError,
+- MemoryAllocationFailed,
+- alpha_image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " could not allocate alpha_image");
++ return ((Image *)NULL);
+ }
+ if (logging)
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+@@ -3277,7 +3286,9 @@
+ {
+ DestroyJNGInfo(color_image_info,alpha_image_info);
+ DestroyImage(alpha_image);
+- ThrowReaderException(CoderError,UnableToOpenBlob,image);
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " could not allocate alpha_image blob");
++ return ((Image *)NULL);
+ }
+ if (jng_alpha_compression_method == 0)
+ {
+@@ -3613,6 +3624,8 @@
+ alpha_image = (Image *)NULL;
+ DestroyImageInfo(alpha_image_info);
+ alpha_image_info = (ImageInfo *)NULL;
++ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++ " Destroy the JNG image");
+ DestroyImage(jng_image);
+ jng_image = (Image *)NULL;
+ }
+@@ -5146,8 +5159,8 @@
+
+ if (image == (Image *) NULL)
+ {
+- DestroyImageList(previous);
+ CloseBlob(previous);
++ DestroyImageList(previous);
+ MngInfoFreeStruct(mng_info,&have_mng_structure);
+ return((Image *) NULL);
+ }
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
new file mode 100644
index 0000000000..46f6b032c7
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
@@ -0,0 +1,80 @@
+http://openwall.com/lists/oss-security/2017/08/28/5
+http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503268616 18000
+# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072
+# Parent 83a5b946180835f260bcb91e3d06327a8e2577e3
+PNM: For binary formats, verify sufficient backing file data before memory request.
+
+diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c
+--- a/coders/pnm.c Sun Aug 20 17:31:35 2017 -0500
++++ b/coders/pnm.c Sun Aug 20 17:36:56 2017 -0500
+@@ -569,7 +569,7 @@
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u",
+ image->colors);
+ }
+- number_pixels=image->columns*image->rows;
++ number_pixels=MagickArraySize(image->columns,image->rows);
+ if (number_pixels == 0)
+ ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
+ if (image->storage_class == PseudoClass)
+@@ -858,14 +858,14 @@
+ if (1 == bits_per_sample)
+ {
+ /* PBM */
+- bytes_per_row=((image->columns+7) >> 3);
++ bytes_per_row=((image->columns+7U) >> 3);
+ import_options.grayscale_miniswhite=MagickTrue;
+ quantum_type=GrayQuantum;
+ }
+ else
+ {
+ /* PGM & XV_332 */
+- bytes_per_row=((bits_per_sample+7)/8)*image->columns;
++ bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns);
+ if (XV_332_Format == format)
+ {
+ quantum_type=IndexQuantum;
+@@ -878,7 +878,8 @@
+ }
+ else
+ {
+- bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns;
++ bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel),
++ image->columns);
+ if (3 == samples_per_pixel)
+ {
+ /* PPM */
+@@ -915,6 +916,28 @@
+ is_monochrome=MagickFalse;
+ }
+ }
++
++ /* Validate file size before allocating memory */
++ if (BlobIsSeekable(image))
++ {
++ const magick_off_t file_size = GetBlobSize(image);
++ const magick_off_t current_offset = TellBlob(image);
++ if ((file_size > 0) &&
++ (current_offset > 0) &&
++ (file_size > current_offset))
++ {
++ const magick_off_t remaining = file_size-current_offset;
++ const magick_off_t needed = (magick_off_t) image->rows *
++ (magick_off_t) bytes_per_row;
++ if ((remaining < (magick_off_t) bytes_per_row) ||
++ (remaining < needed))
++ {
++ ThrowException(exception,CorruptImageError,UnexpectedEndOfFile,
++ image->filename);
++ break;
++ }
++ }
++ }
+
+ scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1);
+ if (scanline_set == (ThreadViewDataSet *) NULL)
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
new file mode 100644