[mingw32-libpng] Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
by Richard W.M. Jones
commit d3842962c9533415d668efe7751864cd7a5df2aa
Author: Richard W.M. Jones <rjones(a)redhat.com>
Date: Wed Jun 29 10:35:04 2011 +0100
Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
libpng-CVE-2011-2501.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++
mingw32-libpng.spec | 15 ++++++++++++-
2 files changed, 63 insertions(+), 1 deletions(-)
---
diff --git a/libpng-CVE-2011-2501.patch b/libpng-CVE-2011-2501.patch
new file mode 100644
index 0000000..487d8fd
--- /dev/null
+++ b/libpng-CVE-2011-2501.patch
@@ -0,0 +1,49 @@
+Patch from:
+
+ http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit...
+
+to fix:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=717510
+ https://bugzilla.redhat.com/show_bug.cgi?id=717511
+ CVE-2011-2501
+
+I have modified this patch to remove the changes to ANNOUNCE
+and CHANGES files, and the hunk in pngerror.c which just updates
+a comment.
+
+ - RWMJ.
+
+From 65e6d5a34f49acdb362a0625a706c6b914e670af Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Tue, 7 Jun 2011 14:58:07 -0500
+Subject: [PATCH] [master] Fixed 1-byte uninitialized memory reference in png_format_buffer()
+
+(Bug report by Frank Busse, related to CVE-2004-0421).
+---
+ ANNOUNCE | 6 ++++--
+ CHANGES | 4 +++-
+ pngerror.c | 11 ++++++++---
+ 3 files changed, 15 insertions(+), 6 deletions(-)
+
+--- a/pngerror.c
++++ b/pngerror.c
+@@ -186,8 +186,13 @@ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp
+ {
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT);
+- buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0';
++
++ iin = 0;
++ while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0')
++ buffer[iout++] = error_message[iin++];
++
++ /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */
++ buffer[iout] = '\0';
+ }
+ }
+
+--
+1.7.0.1
+
diff --git a/mingw32-libpng.spec b/mingw32-libpng.spec
index 803d4a4..5d944e6 100644
--- a/mingw32-libpng.spec
+++ b/mingw32-libpng.spec
@@ -6,7 +6,7 @@
Name: mingw32-libpng
Version: 1.4.3
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: MinGW Windows Libpng library
License: zlib
@@ -14,6 +14,14 @@ URL: http://www.libpng.org/pub/png/
Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
Patch2: mingw32-libpng-fix-invalid-exports.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=717510
+# https://bugzilla.redhat.com/show_bug.cgi?id=717511
+# CVE-2011-2501
+#
+# *** NOTE *** When updating the package, please ensure the
+# new version either contains this fix, or this patch is retained.
+Patch3: libpng-CVE-2011-2501.patch
+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -41,6 +49,8 @@ MinGW Windows Libpng library.
# issue more to find out the real cause, but this will do for now
%patch2 -p0
+%patch3 -p1
+
%build
%{_mingw32_configure}
@@ -81,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 29 2011 Richard W.M. Jones <rjones(a)redhat.com> - 1.4.3-3
+- Include fix for CVE-2011-2501 (RHBZ#717510, RHBZ#717511).
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
12 years, 9 months
Heads up: GCC 4.6 in rawhide (F16)
by Kalev Lember
Hello,
I updated mingw32-gcc from 4.5.3 to 4.6.1 in rawhide yesterday.
I would expect minor compile problems with some packages as each new
version of gcc usually gets stricter. The native gcc was already updated
to 4.6 in F15, so in most cases it should be possible to just get
patches from the corresponding native packages to fix build errors with
mingw32- packages.
--
Kalev
12 years, 9 months
[mingw32-filesystem] Set Boost_COMPILER to -gcc46 in cmake toolchain file
by Kalev Lember
commit f88e1d894715daed51ba8dd4470e8267d82638fb
Author: Kalev Lember <kalev(a)smartlink.ee>
Date: Tue Jun 28 11:35:38 2011 +0300
Set Boost_COMPILER to -gcc46 in cmake toolchain file
Toolchain-mingw32.cmake | 2 +-
mingw32-filesystem.spec | 5 ++++-
2 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/Toolchain-mingw32.cmake b/Toolchain-mingw32.cmake
index 6c9c932..66ef563 100644
--- a/Toolchain-mingw32.cmake
+++ b/Toolchain-mingw32.cmake
@@ -22,4 +22,4 @@ SET(QT_LIBRARY_DIR ${CMAKE_FIND_ROOT_PATH}/lib)
SET(CMAKE_RC_COMPILER /usr/bin/i686-pc-mingw32-windres)
# override boost library suffix which defaults to -mgw
-SET(Boost_COMPILER -gcc45)
+SET(Boost_COMPILER -gcc46)
diff --git a/mingw32-filesystem.spec b/mingw32-filesystem.spec
index 3b711eb..0bcaabe 100644
--- a/mingw32-filesystem.spec
+++ b/mingw32-filesystem.spec
@@ -2,7 +2,7 @@
Name: mingw32-filesystem
Version: 69
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: MinGW base filesystem and environment
Group: Development/Libraries
@@ -170,6 +170,9 @@ install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_datadir}/mingw32
%changelog
+* Tue Jun 28 2011 Kalev Lember <kalev(a)smartlink.ee> - 69-3
+- Set Boost_COMPILER to -gcc46 in cmake toolchain file
+
* Sun May 29 2011 Kalev Lember <kalev(a)smartlink.ee> - 69-2
- Make sure the -debuginfo subpackages are mingw32- prefixed
even if the base package is mingw-
12 years, 9 months
[Bug 633846] New: [abrt] mingw32-binutils-2.19.51.0.14-1.fc12: pe_implied_import_dll: Process /usr/i686-pc-mingw32/bin/ld was killed by signal 11 (SIGSEGV)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: [abrt] mingw32-binutils-2.19.51.0.14-1.fc12: pe_implied_import_dll: Process /usr/i686-pc-mingw32/bin/ld was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=633846
Summary: [abrt] mingw32-binutils-2.19.51.0.14-1.fc12:
pe_implied_import_dll: Process
/usr/i686-pc-mingw32/bin/ld was killed by signal 11
(SIGSEGV)
Product: Fedora
Version: 13
Platform: x86_64
OS/Version: Linux
Status: NEW
Status Whiteboard: abrt_hash:c2017a691dd6713c319ddb7df56a5c5e8dfb1ea0
Severity: medium
Priority: low
Component: mingw32-binutils
AssignedTo: rjones(a)redhat.com
ReportedBy: gilboad(a)gmail.com
QAContact: extras-qa(a)fedoraproject.org
CC: rjones(a)redhat.com, kalev(a)smartlink.ee,
fedora-mingw(a)lists.fedoraproject.org
Classification: Fedora
abrt version: 1.1.13
architecture: x86_64
Attached file: backtrace
cmdline:
/usr/lib64/gcc/i686-pc-mingw32/4.4.2/../../../../i686-pc-mingw32/bin/ld
--sysroot=/usr/i686-pc-mingw32/sys-root --subsystem console -Bdynamic -o
obj/windows-mingw-user/i686/release/spkinstall.exe
/usr/i686-pc-mingw32/sys-root/mingw/lib/crt2.o
/usr/lib64/gcc/i686-pc-mingw32/4.4.2/crtbegin.o
-L/home/gilboa/work/OSS/SVN/SPK/output/windows-mingw-user/i686/lib
-L/home/gilboa/work/OSS/SVN/SPK/output/windows-mingw-user/i686/bin
-L/usr/lib64/gcc/i686-pc-mingw32/4.4.2
-L/usr/lib64/gcc/i686-pc-mingw32/4.4.2/../../../../i686-pc-mingw32/lib
-L/usr/i686-pc-mingw32/sys-root/mingw/lib -lstdc++ -lansi7zip -lzlibm -lspk
obj/windows-mingw-user/i686/release/spkinstall.o -lstdc++ -lmingwthrd -lmingw32
-lgcc_eh -lgcc -lmoldname -lmingwex -lmsvcrt -luser32 -lkernel32 -ladvapi32
-lshell32 -lmingwthrd -lmingw32 -lgcc_eh -lgcc -lmoldname -lmingwex -lmsvcrt
/usr/lib64/gcc/i686-pc-mingw32/4.4.2/crtfastmath.o
/usr/lib64/gcc/i686-pc-mingw32/4.4.2/crtend.o
component: mingw32-binutils
crash_function: pe_implied_import_dll
executable: /usr/i686-pc-mingw32/bin/ld
kernel: 2.6.34.6-54.fc13.x86_64
package: mingw32-binutils-2.19.51.0.14-1.fc12
rating: 4
reason: Process /usr/i686-pc-mingw32/bin/ld was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)
time: 1284474412
uid: 800
comment
-----
I'm helping a friend port his project to Linux, moving it my my build system.
(Which supports gcc, mingw and VS)
Attempting to build the project using mingw causes gcc to crash during link.
The same project builds just fine under gcc/Linux.
I suspect that something is broken with the generated DLL.
I'm waiting for his approval before sending upload a tarball of the offending
code.
(Most likely something in my own build system is the cause of the problem.)
- Gilboa
How to reproduce
-----
1. Build project.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 9 months
define versus global !?
by Farkas Levente
hi,
sorry for cross posting but may be someone on the packaging/rpm side can
help me. i'm getting really angry about the debug packages:-)
does anybody who can tell me the real reason of why:
------------------------------------
%define __debug_install_post %{mingw_debug_install_post}
------------------------------------
works why
------------------------------------
%global __debug_install_post %{mingw_debug_install_post}
------------------------------------
not?
imho if i can know the answer to this question i can solve my only
remaining issue with generated spec file for mingw.
if why this in the spec file working:
------------------------------------
%define __debug_install_post %{mingw_debug_install_post}
------------------------------------
while this not:
test:
------------------------------------
echo "%define __debug_install_post %{mingw_debug_install_post}"
------------------------------------
and in the spec file:
------------------------------------
%global test sh /tmp/test
%{expand:%(%{test})}
------------------------------------
???
the same thing is working for all other macro except for
__debug_install_post.
thanks in advance.
regards.
--
Levente "Si vis pacem para bellum!"
12 years, 9 months
[Bug 643801] New: Internal error: Segmentation fault (program ld) when compiling Google Go
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Internal error: Segmentation fault (program ld) when compiling Google Go
https://bugzilla.redhat.com/show_bug.cgi?id=643801
Summary: Internal error: Segmentation fault (program ld) when
compiling Google Go
Product: Fedora
Version: 13
Platform: x86_64
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: mingw32-gcc
AssignedTo: rjones(a)redhat.com
ReportedBy: fullung(a)gmail.com
QAContact: extras-qa(a)fedoraproject.org
CC: rjones(a)redhat.com, kalev(a)smartlink.ee,
fedora-mingw(a)lists.fedoraproject.org
Classification: Fedora
Description of problem:
mingw32-gcc's ld segfaults when compiling Google Go.
Version-Release number of selected component (if applicable):
mingw32-gcc-4.4.2-2.fc13.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Read http://golang.org/doc/install.html
2. hg clone -r release https://go.googlecode.com/hg/ go (might need tip)
3. cd go
4. hg patch --no-commit go_make_mingw.diff
5. cd src
6. AR=i686-pc-mingw32-ar GOHOSTARCH=386 CC=i686-pc-mingw32-gcc GOOS=windows
GOARCH=386 ./make.bash
Actual results:
quietgcc -o 8g -L"/home/alberts/go"/lib ../8l/enam.o list.o galign.o gobj.o
ggen.o gsubr.o cgen.o cgen64.o cplx.o peep.o reg.o ../gc/gc.a -lbio -l9 -lm
i686-pc-mingw32-gcc: Internal error: Segmentation fault (program ld)
Please submit a full bug report.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
Expected results:
8g command should compile
Additional info:
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 9 months
[mingw32-gcc] Update to 4.6.1
by Kalev Lember
commit 49c46e1dedcd81c8f4c82e374327b1911e425c54
Author: Kalev Lember <kalev(a)smartlink.ee>
Date: Tue Jun 28 11:12:18 2011 +0300
Update to 4.6.1
.gitignore | 1 +
mingw32-gcc.spec | 22 +++++++++++++++-------
sources | 2 +-
3 files changed, 17 insertions(+), 8 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 23e47ac..a5eff51 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
gcc-4.5.1.tar.bz2
/gcc-4.5.3.tar.bz2
+/gcc-4.6.1.tar.bz2
diff --git a/mingw32-gcc.spec b/mingw32-gcc.spec
index 849aca1..a439b07 100644
--- a/mingw32-gcc.spec
+++ b/mingw32-gcc.spec
@@ -1,8 +1,8 @@
%global __os_install_post /usr/lib/rpm/brp-compress %{nil}
Name: mingw32-gcc
-Version: 4.5.3
-Release: 3%{?dist}
+Version: 4.6.1
+Release: 1%{?dist}
Summary: MinGW Windows cross-compiler (GCC) for C
License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions
@@ -137,10 +137,10 @@ mkdir -p $RPM_BUILD_ROOT/lib
ln -sf ..%{_prefix}/bin/%{_mingw32_target}-cpp \
$RPM_BUILD_ROOT/lib/%{_mingw32_target}-cpp
-# libtool installs DLL files of runtime libraries into $(libdir)/../bin,
-# but we need them in _mingw32_bindir.
+# Move runtime dll files to _mingw32_bindir.
mkdir -p $RPM_BUILD_ROOT%{_mingw32_bindir}
-mv $RPM_BUILD_ROOT%{_bindir}/*.dll \
+mv $RPM_BUILD_ROOT%{_libdir}/gcc/%{_mingw32_target}/%{version}/*.dll \
+ $RPM_BUILD_ROOT%{_libdir}/gcc/%{_mingw32_target}/*.dll \
$RPM_BUILD_ROOT%{_mingw32_bindir}
# Don't want the *.la files.
@@ -152,7 +152,6 @@ popd
%files
%{_bindir}/%{_mingw32_target}-gcc
%{_bindir}/%{_mingw32_target}-gcc-%{version}
-%{_bindir}/%{_mingw32_target}-gccbug
%{_bindir}/%{_mingw32_target}-gcov
%{_prefix}/%{_mingw32_target}/lib/libiberty.a
%dir %{_libdir}/gcc/%{_mingw32_target}
@@ -182,6 +181,8 @@ popd
%dir %{_libexecdir}/gcc/%{_mingw32_target}/%{version}/install-tools
%{_libexecdir}/gcc/%{_mingw32_target}/%{version}/install-tools/*
%{_libexecdir}/gcc/%{_mingw32_target}/%{version}/lto-wrapper
+%{_libexecdir}/gcc/%{_mingw32_target}/%{version}/lto1
+%{_libexecdir}/gcc/%{_mingw32_target}/%{version}/liblto_plugin.so*
%{_mingw32_bindir}/libgcc_s_sjlj-1.dll
%{_mingw32_bindir}/libgomp-1.dll
%{_mingw32_bindir}/libssp-0.dll
@@ -218,7 +219,7 @@ popd
%{_libdir}/gcc/%{_mingw32_target}/%{version}/libobjc.a
%{_libdir}/gcc/%{_mingw32_target}/%{version}/libobjc.dll.a
%{_libexecdir}/gcc/%{_mingw32_target}/%{version}/cc1obj
-%{_mingw32_bindir}/libobjc-2.dll
+%{_mingw32_bindir}/libobjc-3.dll
%files objc++
@@ -230,7 +231,10 @@ popd
%{_mandir}/man1/%{_mingw32_target}-gfortran.1*
%{_libdir}/gcc/%{_mingw32_target}/%{version}/libgfortran.a
%{_libdir}/gcc/%{_mingw32_target}/%{version}/libgfortran.dll.a
+%{_libdir}/gcc/%{_mingw32_target}/%{version}/libgfortran.spec
%{_libdir}/gcc/%{_mingw32_target}/%{version}/libgfortranbegin.a
+%{_libdir}/gcc/%{_mingw32_target}/%{version}/libquadmath.a
+%{_libdir}/gcc/%{_mingw32_target}/%{version}/libquadmath.dll.a
%dir %{_libdir}/gcc/%{_mingw32_target}/%{version}/finclude
%{_libdir}/gcc/%{_mingw32_target}/%{version}/finclude/omp_lib.f90
%{_libdir}/gcc/%{_mingw32_target}/%{version}/finclude/omp_lib.h
@@ -238,9 +242,13 @@ popd
%{_libdir}/gcc/%{_mingw32_target}/%{version}/finclude/omp_lib_kinds.mod
%{_libexecdir}/gcc/%{_mingw32_target}/%{version}/f951
%{_mingw32_bindir}/libgfortran-3.dll
+%{_mingw32_bindir}/libquadmath-0.dll
%changelog
+* Mon Jun 27 2011 Kalev Lember <kalev(a)smartlink.ee> - 4.6.1-1
+- Update to 4.6.1
+
* Sat May 21 2011 Kalev Lember <kalev(a)smartlink.ee> - 4.5.3-3
- Rebuilt with automatic dep extraction and removed all manual
mingw32(...) provides / requires
diff --git a/sources b/sources
index 1e11f67..1305632 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-8e0b5c12212e185f3e4383106bfa9cc6 gcc-4.5.3.tar.bz2
+c57a9170c677bf795bdc04ed796ca491 gcc-4.6.1.tar.bz2
12 years, 9 months
[Bug 609162] New: CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images [fedora-all]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=609162
Summary: CVE-2010-2249 libpng: Memory leak when processing
Physical Scale (sCAL) images [fedora-all]
Product: Fedora
Version: 13
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Component: mingw32-libpng
AssignedTo: rjones(a)redhat.com
ReportedBy: jlieskov(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org
Blocks: 608644
Classification: Fedora
Target Release: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=608644
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please only close it when all
affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 9 months