packages: libwmf/libwmf.spec, libwmf/libwmf-0.2.8.4-useafterfree.patch (NEW...

[arekm]

Author: arekm                        Date: Sun Jul 12 19:16:56 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 9; CVE 2009-1364 fixed

---- Files affected:
packages/libwmf:
   libwmf.spec (1.90 -> 1.91) , libwmf-0.2.8.4-useafterfree.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/libwmf/libwmf.spec
diff -u packages/libwmf/libwmf.spec:1.90 packages/libwmf/libwmf.spec:1.91
--- packages/libwmf/libwmf.spec:1.90	Sun Jul 12 15:16:22 2009
+++ packages/libwmf/libwmf.spec	Sun Jul 12 21:16:51 2009
@@ -1,7 +1,5 @@
 # $Revision$, $Date$
 #
-# http://www.securityfocus.com/bid/18751/info
-#
 # Conditional build:
 %bcond_without	gtk		# without gtk-loader package (which requires gtk+2-devel)
 %bcond_without	static_libs	# don't build static version of library
@@ -20,10 +18,8 @@
 Patch1:		%{name}-includes.patch
 Patch2:		%{name}-segv.patch
 Patch3:		%{name}-png12.patch
+Patch4:		%{name}-0.2.8.4-useafterfree.patch
 URL:		http://wvware.sourceforge.net/
-# Fix in RH:
-# http://securitytracker.com/alerts/2009/Apr/1022156.html
-BuildRequires:	security(CVE-2009-1364)
 BuildRequires:	autoconf >= 2.59-9
 BuildRequires:	automake
 BuildRequires:	expat-devel
@@ -109,6 +105,7 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 rm configure.in
@@ -190,6 +187,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.91  2009/07/12 19:16:51  arekm
+- rel 9; CVE 2009-1364 fixed
+
 Revision 1.90  2009/07/12 13:16:22  arekm
 - release 9
 

================================================================
Index: packages/libwmf/libwmf-0.2.8.4-useafterfree.patch
diff -u /dev/null packages/libwmf/libwmf-0.2.8.4-useafterfree.patch:1.1
--- /dev/null	Sun Jul 12 21:16:56 2009
+++ packages/libwmf/libwmf-0.2.8.4-useafterfree.patch	Sun Jul 12 21:16:51 2009
@@ -0,0 +1,10 @@
+--- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list	2009-04-24 04:06:44.000000000 -0400
++++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c	2009-04-24 04:08:30.000000000 -0400
+@@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe
+ 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
+ 		if (more == 0) return;
+ 		im->clip->max += 8;
++                im->clip->list = more;
+ 	}
+ 	im->clip->list[im->clip->count] = (*rect);
+ 	im->clip->count++;
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/libwmf/libwmf.spec?r1=1.90&r2=1.91&f=u