Re: Looking for testers: RPM 4.9 alpha
by Erik van Pienbroek
Panu Matilainen schreef op vr 26-11-2010 om 13:20 [+0200]:
> In particular, I'm interested in feedback on the new, pluggable and
> enhanced dependency extration system. Documentation is scarce at the
> moment but some background and examples can be found here:
> http://laiskiainen.org/blog/?p=35
All mingw32 packages in Fedora contain these set of instructions in
the .spec files:
%global _use_internal_dependency_generator 0
%global __find_requires %{_mingw32_findrequires}
%global __find_provides %{_mingw32_findprovides}
Does this new dependency extraction system make these kind of
instructions obsolete?
If I understand your blog entry correctly then we (the Fedora MinGW SIG)
are recommended to use something like this:
%__mingw32_provides %{_mingw32_findprovides}
%__mingw32_requires %{_mingw32_findrequires}
Is this correct or do you recommend something different?
The macros %{_mingw32_findrequires} and %{_mingw32_findprovides} are
mentioned in the file /etc/rpm/macros.mingw32 which is part of the
mingw32-filesystem package. Both refer to a small shell script which
uses the i686-pc-mingw32-objdump tool to extract dependency information.
Kind regards,
Erik van Pienbroek
12 years, 8 months
[Bug 717510] New: CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=717510
Summary: CVE-2011-2501 libpng: regression of CVE-2004-0421 in
1.2.23+ [fedora-all]
Product: Fedora
Version: 14
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Component: mingw32-libpng
AssignedTo: rjones(a)redhat.com
ReportedBy: huzaifas(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org
Blocks: 717084
Classification: Fedora
Story Points: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=717084
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please only close it when all
affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 9 months
[Bug 717511] New: CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=717511
Summary: CVE-2011-2501 libpng: regression of CVE-2004-0421 in
1.2.23+ [epel-5]
Product: Fedora EPEL
Version: el5
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Component: mingw32-libpng
AssignedTo: rjones(a)redhat.com
ReportedBy: huzaifas(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org
Blocks: 717084
Classification: Fedora
Story Points: ---
epel-5 tracking bug for mingw32-libpng: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 9 months
mingw-filesystem-scripts
by Farkas Levente
hi,
why there is a mingw-filesystem-scripts package and not move everything
into mingw-filesystem?
i don't see any rational reason for this.
--
Levente "Si vis pacem para bellum!"
12 years, 9 months
gstreamer conclusion
by Farkas Levente
hi,
after almost finish all gstreamer rebuild:
- gstreamer-plugins-base
add rtsp patch without it rstp not usable on windows. already upstream:
https://bugzilla.gnome.org/show_bug.cgi?id=610916
- mingw-gstreamer-plugins-bad
add gst-plugins-bad-d3d.patch the new d3dvideosink. already upstream:
https://bugzilla.gnome.org/show_bug.cgi?id=651782
https://bugzilla.gnome.org/show_bug.cgi?id=652035
unfortunately it's not compile with mingw-64 trunk, just only 1.0, but
the fix is on the way into mingw64 trunk.
- mingw-gstreamer-ffmpeg
not in the svn repo since not in fedora, but a good conclusion that
before the new marcos this was working (ie with %_mingw32_configure):
---------------------------
%mingw_configure "--enable-shared" "--disable-static"
"--with-ffmpeg-extra-configure='--disable-pthreads --enable-w32threads
--disable-muxer=matroska --disable-demuxer=matroska'"
---------------------------
see the last parameter has "''", but it's no longer works. the only
workaround i found is:
---------------------------
export with_ffmpeg_extra_configure='--disable-pthreads
--enable-w32threads --disable-muxer=matroska --disable-demuxer=matroska'
%mingw_configure "--enable-shared" "--disable-static"
---------------------------
do i add mingw-gstreamer-ffmpeg to the svn?
--
Levente "Si vis pacem para bellum!"
12 years, 9 months
[mingw32-libpng/el6] Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
by Richard W.M. Jones
commit 42e32108638beab06a4f4cf02b8116aac4eb3ca1
Author: Richard W.M. Jones <rjones(a)redhat.com>
Date: Wed Jun 29 10:35:04 2011 +0100
Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
(Cherry picked from commit d3842962c9533415d668efe7751864cd7a5df2aa).
libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++
mingw32-libpng.spec | 15 ++++++++++++-
2 files changed, 63 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch
new file mode 100644
index 0000000..487d8fd
--- /dev/null
+++ b/libpng-CVE-2011-2501.patch
@@ -0,0 +1,49 @@
+Patch from:
+
+ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit...
+
+to fix:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=717510
+ https://bugzilla.redhat.com/show_bug.cgi?id=717511
+ CVE-2011-2501
+
+I have modified this patch to remove the changes to ANNOUNCE
+and CHANGES files, and the hunk in pngerror.c which just updates
+a comment.
+
+ - RWMJ.
+
+From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Tue, 7 Jun 2011 14:58:07 -0500
+Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
+
+(Bug report by Frank Busse, related to CVE-2004-0421).
+---
+ ANNOUNCE | 6 ++++--
+ CHANGES | 4 +++-
+ pngerror.c | 11 ++++++++---
+ 3 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/pngerror.c
++++ b/pngerror.c
+@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+ {
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
++
++ iin = 0;
++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
++ buffer[iout++] = error_message[iin++];
++
++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
++ buffer[iout] = '\0';
+ }
+ }
+
+--
+1.7.0.1
+
diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec
index 381bd41..7cd5934 100644
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@@ -6,7 +6,7 @@
Name: mingw32-libpng
Version: 1.2.37
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: MinGW Windows Libpng library
License: zlib
@@ -15,6 +15,14 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz
Patch0: libpng-multilib.patch
Patch1: libpng-pngconf.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=717510
+# https://bugzilla.redhat.com/show_bug.cgi?id=717511
+# CVE-2011-2501
+#
+# *** NOTE *** When updating the package, please ensure the
+# new version either contains this fix, or this patch is retained.
+Patch3: libpng-CVE-2011-2501.patch
+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -36,6 +44,8 @@ MinGW Windows Libpng library.
%patch0 -p1
%patch1 -p1
+%patch3 -p1
+
%build
%{_mingw32_configure}
@@ -78,6 +88,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 29 2011 Richard W.M. Jones <rjones(a)redhat.com> - 1.2.37-3
+- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
+
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.2.37-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
12 years, 10 months
[mingw32-libpng/el5] Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
by Richard W.M. Jones
commit d5822ee6b6d826070134edd3a9e1480b5df83496
Author: Richard W.M. Jones <rjones(a)redhat.com>
Date: Wed Jun 29 10:35:04 2011 +0100
Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
(Cherry picked from commit d3842962c9533415d668efe7751864cd7a5df2aa).
libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++
mingw32-libpng.spec | 16 +++++++++++++-
2 files changed, 64 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch
new file mode 100644
index 0000000..487d8fd
--- /dev/null
+++ b/libpng-CVE-2011-2501.patch
@@ -0,0 +1,49 @@
+Patch from:
+
+ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit...
+
+to fix:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=717510
+ https://bugzilla.redhat.com/show_bug.cgi?id=717511
+ CVE-2011-2501
+
+I have modified this patch to remove the changes to ANNOUNCE
+and CHANGES files, and the hunk in pngerror.c which just updates
+a comment.
+
+ - RWMJ.
+
+From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Tue, 7 Jun 2011 14:58:07 -0500
+Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
+
+(Bug report by Frank Busse, related to CVE-2004-0421).
+---
+ ANNOUNCE | 6 ++++--
+ CHANGES | 4 +++-
+ pngerror.c | 11 ++++++++---
+ 3 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/pngerror.c
++++ b/pngerror.c
+@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+ {
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
++
++ iin = 0;
++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
++ buffer[iout++] = error_message[iin++];
++
++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
++ buffer[iout] = '\0';
+ }
+ }
+
+--
+1.7.0.1
+
diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec
index f73d0dc..c9d5a67 100644
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@@ -6,7 +6,7 @@
Name: mingw32-libpng
Version: 1.2.37
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MinGW Windows Libpng library
License: zlib
@@ -15,6 +15,14 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz
Patch0: libpng-multilib.patch
Patch1: libpng-pngconf.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=717510
+# https://bugzilla.redhat.com/show_bug.cgi?id=717511
+# CVE-2011-2501
+#
+# *** NOTE *** When updating the package, please ensure the
+# new version either contains this fix, or this patch is retained.
+Patch3: libpng-CVE-2011-2501.patch
+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -36,6 +44,9 @@ MinGW Windows Libpng library.
%patch0 -p1
%patch1 -p1
+%patch3 -p1
+
+
%build
%{_mingw32_configure}
make
@@ -76,6 +87,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 29 2011 Richard W.M. Jones <rjones(a)redhat.com> - 1.2.37-2
+- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
+
* Tue Jun 9 2009 Richard W.M. Jones <rjones(a)redhat.com> - 1.2.37-1
- New upstream version 1.2.37 to fix SECURITY bug RHBZ#504782.
12 years, 10 months
[mingw32-libpng/f14] Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
by Richard W.M. Jones
commit 976e3a597cfb13fb9e6c2a06f782392c1c3ea944
Author: Richard W.M. Jones <rjones(a)redhat.com>
Date: Wed Jun 29 10:35:04 2011 +0100
Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
(Cherry picked from commit d3842962c9533415d668efe7751864cd7a5df2aa).
libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++
mingw32-libpng.spec | 15 ++++++++++++-
2 files changed, 63 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch
new file mode 100644
index 0000000..487d8fd
--- /dev/null
+++ b/libpng-CVE-2011-2501.patch
@@ -0,0 +1,49 @@
+Patch from:
+
+ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit...
+
+to fix:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=717510
+ https://bugzilla.redhat.com/show_bug.cgi?id=717511
+ CVE-2011-2501
+
+I have modified this patch to remove the changes to ANNOUNCE
+and CHANGES files, and the hunk in pngerror.c which just updates
+a comment.
+
+ - RWMJ.
+
+From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Tue, 7 Jun 2011 14:58:07 -0500
+Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
+
+(Bug report by Frank Busse, related to CVE-2004-0421).
+---
+ ANNOUNCE | 6 ++++--
+ CHANGES | 4 +++-
+ pngerror.c | 11 ++++++++---
+ 3 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/pngerror.c
++++ b/pngerror.c
+@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+ {
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
++
++ iin = 0;
++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
++ buffer[iout++] = error_message[iin++];
++
++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
++ buffer[iout] = '\0';
+ }
+ }
+
+--
+1.7.0.1
+
diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec
index da69a01..073a023 100644
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@@ -6,7 +6,7 @@
Name: mingw32-libpng
Version: 1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MinGW Windows Libpng library
License: zlib
@@ -14,6 +14,14 @@ URL: http://www.libpng.org/pub/png/
Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
Patch2: mingw32-libpng-fix-invalid-exports.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=717510
+# https://bugzilla.redhat.com/show_bug.cgi?id=717511
+# CVE-2011-2501
+#
+# *** NOTE *** When updating the package, please ensure the
+# new version either contains this fix, or this patch is retained.
+Patch3: libpng-CVE-2011-2501.patch
+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -41,6 +49,8 @@ MinGW Windows Libpng library.
# issue more to find out the real cause, but this will do for now
%patch2 -p0
+%patch3 -p1
+
%build
%{_mingw32_configure}
@@ -81,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 29 2011 Richard W.M. Jones <rjones(a)redhat.com> - 1.4.3-2
+- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
+
* Sun Jul 4 2010 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 1.4.3-1
- Update to 1.4.3
- Fixes CVE-2010-1205 (BZ #608238)
12 years, 10 months
[mingw32-libpng/f15] Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511). (cherry picked from commit d3842962c953341
by Richard W.M. Jones
commit e3e6d6df4cb76eb73fcd5e4f9426a36c33ab2af9
Author: Richard W.M. Jones <rjones(a)redhat.com>
Date: Wed Jun 29 10:35:04 2011 +0100
Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
(cherry picked from commit d3842962c9533415d668efe7751864cd7a5df2aa)
libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++
mingw32-libpng.spec | 15 ++++++++++++-
2 files changed, 63 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch
new file mode 100644
index 0000000..487d8fd
--- /dev/null
+++ b/libpng-CVE-2011-2501.patch
@@ -0,0 +1,49 @@
+Patch from:
+
+ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit...
+
+to fix:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=717510
+ https://bugzilla.redhat.com/show_bug.cgi?id=717511
+ CVE-2011-2501
+
+I have modified this patch to remove the changes to ANNOUNCE
+and CHANGES files, and the hunk in pngerror.c which just updates
+a comment.
+
+ - RWMJ.
+
+From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Tue, 7 Jun 2011 14:58:07 -0500
+Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
+
+(Bug report by Frank Busse, related to CVE-2004-0421).
+---
+ ANNOUNCE | 6 ++++--
+ CHANGES | 4 +++-
+ pngerror.c | 11 ++++++++---
+ 3 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/pngerror.c
++++ b/pngerror.c
+@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+ {
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
++
++ iin = 0;
++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
++ buffer[iout++] = error_message[iin++];
++
++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
++ buffer[iout] = '\0';
+ }
+ }
+
+--
+1.7.0.1
+
diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec
index 803d4a4..5d944e6 100644
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@@ -6,7 +6,7 @@
Name: mingw32-libpng
Version: 1.4.3
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: MinGW Windows Libpng library
License: zlib
@@ -14,6 +14,14 @@ URL: http://www.libpng.org/pub/png/
Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
Patch2: mingw32-libpng-fix-invalid-exports.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=717510
+# https://bugzilla.redhat.com/show_bug.cgi?id=717511
+# CVE-2011-2501
+#
+# *** NOTE *** When updating the package, please ensure the
+# new version either contains this fix, or this patch is retained.
+Patch3: libpng-CVE-2011-2501.patch
+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -41,6 +49,8 @@ MinGW Windows Libpng library.
# issue more to find out the real cause, but this will do for now
%patch2 -p0
+%patch3 -p1
+
%build
%{_mingw32_configure}
@@ -81,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 29 2011 Richard W.M. Jones <rjones(a)redhat.com> - 1.4.3-3
+- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
12 years, 10 months