[Bug 806271] New: CVE-2012-1144 freetype: insufficient checking of first outline point in TTF parser (#35689) [fedora-all]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2012-1144 freetype: insufficient checking of first outline point in TTF parser (#35689) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=806271
Summary: CVE-2012-1144 freetype: insufficient checking of first
outline point in TTF parser (#35689) [fedora-all]
Product: Fedora
Version: 16
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Component: mingw32-freetype
AssignedTo: rjones(a)redhat.com
ReportedBy: thoger(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org
Blocks: 800607
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=800607
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
11 years, 3 months
[Bug 851683] Review Request: mingw-gconf2 - MinGW Windows port of the GNOME 2.x Desktop Configuration Database System
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=851683
--- Comment #3 from greg.hellings(a)gmail.com ---
(In reply to comment #2)
> Taking for review
>
> The %global mingw_build_winXX lines can be removed as they're already
> enabled by default in mingw-filesystem
Sorry, this was an old spec build.
>
> The config.cache files which you use in the src.rpm shouldn't be necessary
> on Fedora. If building the libraries for the win64 target fails then it is
> probably caused by an outdated bundled libtool. In that case a
> BuildRequires: autoconf automake libtool and a 'autoreconf --install
> --force' in the %prep section should do the trick
Removed. This also introduces a BuildRequires on gobject-introspection-devel
>
> Is overriding the PATH before the %mingw_configure call still necessary?
Apparently not!
>
> Is the export ORBIT_IDL really necessary? The orbit2 package isn't mentioned
> as a BuildRequires
When I discovered how old Orbit was I removed the BR on it and this was an
artifact. Removed now.
>
> In the %mingw_configure call you used '--with-gtk=3.0' while there's only a
> BuildRequires: mingw32-gtk2 mingw64-gtk2 mentioned earlier in the .spec
> file. Shouldn't the BuildRequires point to gtk3?
Updated. Not sure how that managed to build with that.
>
> The %files section contains several unowned-folders, for example
> %{mingw32_includedir}/gconf, %{mingw32_includedir}/gconf/2,
> %{mingw32_libdir}/GConf, %{mingw32_libdir}/GConf/2 and
> %{mingw32_datadir}/sgml/gconf. You can use the RPM directive %dir to have
> these folders owned by this package
Done.
>
> The folders %{mingw32_datadir}/dbus-1, %{mingw32_datadir}/dbus-1/services,
> %{mingw64_datadir}/dbus-1 and %{mingw64_datadir}/dbus-1/services should be
> owned by the mingw-dbus package, but that isn't the case yet. A bug report
> should be filed for the mingw-dbus package so that the package maintainer of
> mingw-dbus can add those directory ownerships
Ought I to file that bug?
>
> The man-pages should be removed from this package as they duplicate the
> native dbus man pages. The sgml file also looks like a potential candidate
> to remove.
>
> The autostart files can be removed as well as this feature doesn't work on
> win32/win64 environments
>
> The folders %{mingw32_datadir}/locale and %{mingw64_datadir}/locale should
> NOT be owned by this package. Please use the %mingw_find_lang macro instead
> (see the packaging guidelines for an example how to use this)
Done. Done. Done.
GConf2 also released a 3.2.6 last week, so I took the opportunity to update to
that.
http://dl.thehellings.com/mingw32/gconf2/mingw-gconf2-3.2.6-1.fc18.src.rpm
http://dl.thehellings.com/mingw32/gconf2/mingw-gconf2.spec
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=mFjEA8wMVF&a=cc_unsubscribe
11 years, 3 months