- rel 9; CVE 2009-1364 fixed

Changed files:
    libwmf-0.2.8.4-useafterfree.patch -> 1.1
    libwmf.spec -> 1.91

diff --git a/libwmf-0.2.8.4-useafterfree.patch b/libwmf-0.2.8.4-useafterfree.patch
new file mode 100644 (file)
index 0000000..328c541
--- /dev/null
+++ b/libwmf-0.2.8.4-useafterfree.patch
@@ -0,0 +1,10 @@
+--- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list   2009-04-24 04:06:44.000000000 -0400
++++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c      2009-04-24 04:08:30.000000000 -0400
+@@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe
+       {       more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
+               if (more == 0) return;
+               im->clip->max += 8;
++                im->clip->list = more;
+       }
+       im->clip->list[im->clip->count] = (*rect);
+       im->clip->count++;

diff --git a/libwmf.spec b/libwmf.spec
index fab92d7a668267d4af86fb27a641f88de23c0994..8070a37f260b654c4ac55b57b73120e5c1824f7b 100644 (file)
--- a/libwmf.spec
+++ b/libwmf.spec
@@ -1,6 +1,4 @@
 #
-# http://www.securityfocus.com/bid/18751/info
-#
 # Conditional build:
 %bcond_without gtk             # without gtk-loader package (which requires gtk+2-devel)
 %bcond_without static_libs     # don't build static version of library
@@ -19,10 +17,8 @@ Patch0:              %{name}-fontmap-pld.patch
 Patch1:                %{name}-includes.patch
 Patch2:                %{name}-segv.patch
 Patch3:                %{name}-png12.patch
+Patch4:                %{name}-0.2.8.4-useafterfree.patch
 URL:           http://wvware.sourceforge.net/
-# Fix in RH:
-# http://securitytracker.com/alerts/2009/Apr/1022156.html
-BuildRequires: security(CVE-2009-1364)
 BuildRequires: autoconf >= 2.59-9
 BuildRequires: automake
 BuildRequires: expat-devel
@@ -108,6 +104,7 @@ Moduł wczytujący WMF dla biblioteki gdk_pixbuf 2.x
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 rm configure.in