[freetype-freeworld] Update to 2.8 (matches Fedora freetype, rh#1450581)
by Kevin Kofler
commit 94c162cb043f863cfe288f0ee0da9395ac4f1060
Author: Kevin Kofler <kevin.kofler(a)chello.at>
Date: Sun May 28 10:04:30 2017 +0200
Update to 2.8 (matches Fedora freetype, rh#1450581)
* Sun May 28 2017 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.8-1
- Update to 2.8 (matches Fedora freetype, rh#1450581)
- Drop obsolete backported security patches
.gitignore | 1 +
freetype-freeworld.spec | 17 +++++++----------
sources | 2 +-
3 files changed, 9 insertions(+), 11 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 99558ca..3db64b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ freetype-2.6.tar.bz2
/freetype-2.6.5.tar.bz2
/freetype-2.7.tar.bz2
/freetype-2.7.1.tar.bz2
+/freetype-2.8.tar.bz2
diff --git a/freetype-freeworld.spec b/freetype-freeworld.spec
index ad2237b..12addd4 100644
--- a/freetype-freeworld.spec
+++ b/freetype-freeworld.spec
@@ -1,7 +1,7 @@
Summary: A free and portable font rendering engine
Name: freetype-freeworld
-Version: 2.7.1
-Release: 5%{?dist}
+Version: 2.8
+Release: 1%{?dist}
License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
URL: http://www.freetype.org
Source: http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.ta...
@@ -12,11 +12,7 @@ Patch21: freetype-2.3.0-enable-spr.patch
Patch46: freetype-2.2.1-enable-valid.patch
## Security fixes:
-# https://bugzilla.redhat.com/show_bug.cgi?id=1446500
-Patch94: freetype-2.7.1-protect-flex-handling.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1446073
-Patch95: freetype-2.7.1-safety-guard.patch
+# None yet
Provides: freetype-bytecode
Provides: freetype-subpixel
@@ -46,9 +42,6 @@ It transparently overrides the system library using ld.so.conf.d.
%patch46 -p1 -b .enable-valid
-%patch94 -p1 -b .protect-flex-handling
-%patch95 -p1 -b .safety-guard
-
%build
%configure --disable-static \
--with-zlib=yes \
@@ -91,6 +84,10 @@ echo "%{_libdir}/%{name}" \
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%changelog
+* Sun May 28 2017 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.8-1
+- Update to 2.8 (matches Fedora freetype, rh#1450581)
+- Drop obsolete backported security patches
+
* Thu May 04 2017 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.7.1-5
- Add freetype-2.7.1-protect-flex-handling.patch from Fedora freetype:
Better protect `flex' handling (CVE-2017-8105, rh#1446501)
diff --git a/sources b/sources
index 7ca1bc0..0a15c28 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b3230110e0cab777e0df7631837ac36e freetype-2.7.1.tar.bz2
+2413ac3eaf508ada019c63959ea81a92 freetype-2.8.tar.bz2
7 years, 6 months
[vlc/f24] (18 commits) ...Merge branch 'master' into f25
by Leigh Scott
Summary of changes:
942cfaa... Bump for today (*)
c507e73... Switch source url on purpose (*)
67f13a8... Clean merged patch, disable wayland runtime detection rever (*)
308f075... Update changelog (*)
feda414... Add BRs (*)
0640181... Fixup macosx (*)
ea52934... Rebuild for libvncserver .so version bump (*)
b40f741... Update to 20170316 (*)
37df6ab... Fixup typo (*)
fa65238... - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass (*)
9202f76... Update snapshot and rework library split (*)
0a786ea... Update to 20170427 (*)
3f4d73b... bump (*)
ddb959c... Rebuild for ffmpeg update (*)
a47ab76... Update to 20170523 snapshot (*)
5d47699... Rebuilt (*)
a124493... Revert "Add patch to fix potential heap buffer overflow" (*)
80f31d7... Merge branch 'master' into f25 (*)
(*) This commit already existed in another branch; no separate mail sent
7 years, 6 months
[vlc/f25: 17/17] Merge branch 'master' into f25
by Leigh Scott
commit 80f31d70f161fd7ff01de257be3dd4b2d9dfb8e9
Merge: a124493 5d47699
Author: leigh123linux <leigh123linux(a)googlemail.com>
Date: Sun May 28 02:31:14 2017 +0100
Merge branch 'master' into f25
0001-Fix-lirc-activation-after-detection.patch | 32 ---------
sources | 2 +-
vlc.spec | 93 +++++++++++++++++++++-----
3 files changed, 76 insertions(+), 51 deletions(-)
---
7 years, 6 months
[vlc/f25] (17 commits) ...Merge branch 'master' into f25
by Leigh Scott
Summary of changes:
942cfaa... Bump for today (*)
c507e73... Switch source url on purpose (*)
67f13a8... Clean merged patch, disable wayland runtime detection rever (*)
308f075... Update changelog (*)
feda414... Add BRs (*)
0640181... Fixup macosx (*)
ea52934... Rebuild for libvncserver .so version bump (*)
b40f741... Update to 20170316 (*)
37df6ab... Fixup typo (*)
fa65238... - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass (*)
9202f76... Update snapshot and rework library split (*)
0a786ea... Update to 20170427 (*)
3f4d73b... bump (*)
ddb959c... Rebuild for ffmpeg update (*)
a47ab76... Update to 20170523 snapshot (*)
5d47699... Rebuilt (*)
80f31d7... Merge branch 'master' into f25
(*) This commit already existed in another branch; no separate mail sent
7 years, 6 months
[vlc/f25] Revert "Add patch to fix potential heap buffer overflow"
by Leigh Scott
commit a12449319874471ba4420e503f2fec6ebaea5d54
Author: leigh123linux <leigh123linux(a)googlemail.com>
Date: Sun May 28 02:29:51 2017 +0100
Revert "Add patch to fix potential heap buffer overflow"
This reverts commit 0d8e7d84d7c91b69bfe17f0e234d5131e9bf210f.
fix_heap_buffer_overflow.patch | 42 ------------------------------------------
vlc.spec | 10 +---------
2 files changed, 1 insertion(+), 51 deletions(-)
---
diff --git a/vlc.spec b/vlc.spec
index cd57e59..ef15d0a 100644
--- a/vlc.spec
+++ b/vlc.spec
@@ -33,7 +33,7 @@
Summary: The cross-platform open-source multimedia framework, player and server
Name: vlc
Version: 3.0.0
-Release: 0.17%{?dist}
+Release: 0.16%{?dist}
License: GPLv2+
Group: Applications/Multimedia
URL: http://www.videolan.org
@@ -43,10 +43,6 @@ Source0: http://nightlies.videolan.org/build/source/vlc-%{version}%{?vlc_rc}.tar
Patch0: disable_hidpi_scaling.patch
Patch1: 0001-Fix-lirc-activation-after-detection.patch
Patch2: 0001-Revert-qt-add-Wayland-run-time-detection.patch
-# Fix potential heap buffer overflow
-# https://git.videolan.org/?p=vlc.git;a=commit;h=611398fc8d32f3fe4331f60b22...
-# https://git.videolan.org/?p=vlc.git;a=commit;h=f2b1f9e3538fc30ecc22b90bcb...
-Patch3: fix_heap_buffer_overflow.patch
BuildRequires: desktop-file-utils
BuildRequires: libappstream-glib
@@ -247,7 +243,6 @@ VLC media player extras modules.
%patch0 -p1
%patch1 -p1
%patch2 -p1
-%patch3 -p1
%{?_with_bootstrap:
rm aclocal.m4 m4/lib*.m4 m4/lt*.m4 || :
./bootstrap
@@ -525,9 +520,6 @@ fi || :
%changelog
-* Sat May 27 2017 Leigh Scott <leigh123linux(a)googlemail.com> - 3.0.0-0.17
-- Add patch to fix potential heap buffer overflow
-
* Tue Jan 31 2017 Nicolas Chauvet <kwizart(a)gmail.com> - 3.0.0-0.16
- Add daala support
7 years, 6 months
[vlc/f25] Add patch to fix potential heap buffer overflow
by Leigh Scott
commit 0d8e7d84d7c91b69bfe17f0e234d5131e9bf210f
Author: leigh123linux <leigh123linux(a)googlemail.com>
Date: Sat May 27 09:35:15 2017 +0100
Add patch to fix potential heap buffer overflow
fix_heap_buffer_overflow.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
vlc.spec | 10 +++++++++-
2 files changed, 51 insertions(+), 1 deletion(-)
---
diff --git a/fix_heap_buffer_overflow.patch b/fix_heap_buffer_overflow.patch
new file mode 100644
index 0000000..b5b7d24
--- /dev/null
+++ b/fix_heap_buffer_overflow.patch
@@ -0,0 +1,42 @@
+--- a/modules/demux/subtitle.c
++++ b/modules/demux/subtitle.c
+@@ -1690,7 +1690,8 @@
+ if( !s )
+ return VLC_EGENERIC;
+
+- psz_orig = malloc( strlen( s ) + 1 );
++ size_t line_length = strlen( s );
++ psz_orig = malloc( line_length + 1 );
+ if( !psz_orig )
+ return VLC_ENOMEM;
+ psz_text = psz_orig;
+@@ -1730,6 +1731,8 @@
+ {
+ case 'S':
+ shift = isalpha( (unsigned char)psz_text[2] ) ? 6 : 2 ;
++ if ( shift > line_length )
++ continue;
+
+ if( sscanf( &psz_text[shift], "%d", &h ) )
+ {
+@@ -1767,6 +1770,8 @@
+
+ case 'T':
+ shift = isalpha( (unsigned char)psz_text[2] ) ? 8 : 2 ;
++ if ( shift > line_length )
++ continue;
+
+ sscanf( &psz_text[shift], "%d", &p_sys->jss.i_time_resolution );
+ break;
+@@ -1884,8 +1889,8 @@
+ if( (*(psz_text + 1 ) ) == '~' || (*(psz_text + 1 ) ) == '{' ||
+ (*(psz_text + 1 ) ) == '\\' )
+ psz_text++;
+- else if( *(psz_text + 1 ) == '\r' || *(psz_text + 1 ) == '\n' ||
+- *(psz_text + 1 ) == '\0' )
++ else if( ( *(psz_text + 1 ) == '\r' || *(psz_text + 1 ) == '\n' ) &&
++ *(psz_text + 1 ) != '\0' )
+ {
+ psz_text++;
+ }
+
diff --git a/vlc.spec b/vlc.spec
index ef15d0a..cd57e59 100644
--- a/vlc.spec
+++ b/vlc.spec
@@ -33,7 +33,7 @@
Summary: The cross-platform open-source multimedia framework, player and server
Name: vlc
Version: 3.0.0
-Release: 0.16%{?dist}
+Release: 0.17%{?dist}
License: GPLv2+
Group: Applications/Multimedia
URL: http://www.videolan.org
@@ -43,6 +43,10 @@ Source0: http://nightlies.videolan.org/build/source/vlc-%{version}%{?vlc_rc}.tar
Patch0: disable_hidpi_scaling.patch
Patch1: 0001-Fix-lirc-activation-after-detection.patch
Patch2: 0001-Revert-qt-add-Wayland-run-time-detection.patch
+# Fix potential heap buffer overflow
+# https://git.videolan.org/?p=vlc.git;a=commit;h=611398fc8d32f3fe4331f60b22...
+# https://git.videolan.org/?p=vlc.git;a=commit;h=f2b1f9e3538fc30ecc22b90bcb...
+Patch3: fix_heap_buffer_overflow.patch
BuildRequires: desktop-file-utils
BuildRequires: libappstream-glib
@@ -243,6 +247,7 @@ VLC media player extras modules.
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%{?_with_bootstrap:
rm aclocal.m4 m4/lib*.m4 m4/lt*.m4 || :
./bootstrap
@@ -520,6 +525,9 @@ fi || :
%changelog
+* Sat May 27 2017 Leigh Scott <leigh123linux(a)googlemail.com> - 3.0.0-0.17
+- Add patch to fix potential heap buffer overflow
+
* Tue Jan 31 2017 Nicolas Chauvet <kwizart(a)gmail.com> - 3.0.0-0.16
- Add daala support
7 years, 6 months
