libwmf-0.2.8.4-useafterfree.patch (NEW...

arekm Sun, 12 Jul 2009 12:17:04 -0700

Author: arekm                        Date: Sun Jul 12 19:16:56 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 9; CVE 2009-1364 fixed


---- Files affected:
packages/libwmf:
   libwmf.spec (1.90 -> 1.91) , libwmf-0.2.8.4-useafterfree.patch (NONE -> 1.1) 
 (NEW)

---- Diffs:

================================================================
Index: packages/libwmf/libwmf.spec
diff -u packages/libwmf/libwmf.spec:1.90 packages/libwmf/libwmf.spec:1.91
--- packages/libwmf/libwmf.spec:1.90    Sun Jul 12 15:16:22 2009
+++ packages/libwmf/libwmf.spec Sun Jul 12 21:16:51 2009
@@ -1,7 +1,5 @@
 # $Revision$, $Date$
 #
-# http://www.securityfocus.com/bid/18751/info
-#
 # Conditional build:
 %bcond_without gtk             # without gtk-loader package (which requires 
gtk+2-devel)
 %bcond_without static_libs     # don't build static version of library
@@ -20,10 +18,8 @@
 Patch1:                %{name}-includes.patch
 Patch2:                %{name}-segv.patch
 Patch3:                %{name}-png12.patch
+Patch4:                %{name}-0.2.8.4-useafterfree.patch
 URL:           http://wvware.sourceforge.net/
-# Fix in RH:
-# http://securitytracker.com/alerts/2009/Apr/1022156.html
-BuildRequires: security(CVE-2009-1364)
 BuildRequires: autoconf >= 2.59-9
 BuildRequires: automake
 BuildRequires: expat-devel
@@ -109,6 +105,7 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 rm configure.in
@@ -190,6 +187,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.91  2009/07/12 19:16:51  arekm
+- rel 9; CVE 2009-1364 fixed
+
 Revision 1.90  2009/07/12 13:16:22  arekm
 - release 9
 

================================================================
Index: packages/libwmf/libwmf-0.2.8.4-useafterfree.patch
diff -u /dev/null packages/libwmf/libwmf-0.2.8.4-useafterfree.patch:1.1
--- /dev/null   Sun Jul 12 21:16:56 2009
+++ packages/libwmf/libwmf-0.2.8.4-useafterfree.patch   Sun Jul 12 21:16:51 2009
@@ -0,0 +1,10 @@
+--- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list   
2009-04-24 04:06:44.000000000 -0400
++++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c      2009-04-24 04:08:30.000000000 
-0400
+@@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe
+       {       more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof 
(gdClipRectangle));
+               if (more == 0) return;
+               im->clip->max += 8;
++                im->clip->list = more;
+       }
+       im->clip->list[im->clip->count] = (*rect);
+       im->clip->count++;
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/libwmf/libwmf.spec?r1=1.90&r2=1.91&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

packages: libwmf/libwmf.spec, libwmf/libwmf-0.2.8.4-useafterfree.patch (NEW...

Reply via email to