avahi: add patch for security fix

libwmf: add patch for security fix 


git-svn-id: http://trac.vinelinux.org/repos/projects/specs@3707 ec354946-7b23-47d6-9f5a-488ba84defc7

a/avahi/avahi-vl.spec

@@ -7,7 +7,7 @@ Summary:        Local network service discovery
 Summary(ja):	ローカルネットワークサービス検出システム
 Name:           avahi
 Version:        0.6.25
-Release: 	4%{?_dist_release}
+Release: 	5%{?_dist_release}
 Group:          System Environment/Base
 License:        LGPL
 URL:            http://avahi.org
@@ -15,6 +15,10 @@ URL:            http://avahi.org
 Source0:        %{name}-%{version}.tar.gz
 Patch10:	avahi-0.6.25-vine.patch
 
+# security fixes
+Patch110:	avahi-0.6.2x-CVE-2010-2244.patch
+Patch120:	avahi-0.6-CVE-2011-1002.patch
+
 BuildRoot:	%{_tmppath}/%{name}-%{version}-root
 BuildRequires:  gtk2-devel, qt-devel, libglade2-devel, glib2-devel
 BuildRequires:  qt4-devel
@@ -308,6 +312,11 @@ necessary for developing programs using avahi.
 %setup -q
 %patch10 -p1 -b .vine
 
+# security fixes
+%patch110 -p1 -b .CVE-2010-2244
+%patch120 -p1 -b .CVE-2011-1002
+
+
 %build
 autoreconf -i
 
@@ -613,6 +622,10 @@ fi
 %endif
 
 %changelog
+* Tue Apr 26 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.6.25-5
+- add patch120 for fix CVE-2011-1002 (incorrect fix CVE-2010-2244)
+- add patch110 for fix CVE-2010-2244 (DNS packets)
+
 * Sun Sep 26 2010 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.6.25-4
 - rebuild with rpm-4.8.1 for pkg-config file
 

lib/libw/libwmf/libwmf-vl.spec

@@ -1,13 +1,38 @@
 Summary: A .wmf file converter.
 Name: libwmf
 Version: 0.2.8.4
-Release: 5%{?_dist_release}
+Release: 6%{?_dist_release}
 License: GPL
 Group: System Environment/Libraries
 URL: http://wvware.sourceforge.net/libwmf.html
 Source0: http://prdownloads.sourceforge.net/wvware/libwmf-%{version}.tar.gz
+
+# fix CVE-2006-3376
 Patch0: libwmf-0.2.8.4-CVE-2006-3376.patch
+# fix CVE-2009-1364 (embedded GD graphics library)
 Patch1: libwmf-0.2.8.4-realloc.patch
+# adapt to standalone gdk-pixbuf
+Patch8: libwmf-0.2.8.4-pixbufloaderdir.patch
+# CVE-2007-0455
+Patch9:  libwmf-0.2.8.4-CVE-2007-0455.patch
+# CVE-2007-3472
+Patch10: libwmf-0.2.8.4_CVE-2007-3472.patch
+# CVE-2007-3473
+Patch11: libwmf-0.2.8.4-CVE-2007-3473.patch
+# CVE-2006-2906 affects GIFs, which is not implemented here
+# CVE-2006-4484 affects GIFs, which is not implemented here
+# CVE-2007-3474 affects GIFs, which is not implemented here
+# CVE-2007-3475 affects GIFs, which is not implemented here
+# CVE-2007-3476 affects GIFs, which is not implemented here
+# CVE-2007-3477
+Patch12: libwmf-0.2.8.4-CVE-2007-3477.patch
+# CVE-2007-3478 affects shared ttf files across threads, which is not implemented here
+# CVE-2007-2756
+Patch13: libwmf-0.2.8.4-CVE-2007-2756.patch
+# CAN-2004-0941
+Patch14: libwmf-0.2.8.4-CAN-2004-0941.patch
+# CVE-2009-3546
+Patch15: libwmf-0.2.8.4-CVE-2009-3546.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: libxml2-devel
@@ -24,6 +49,9 @@ Requires: ghostscript
 Requires: gtk2 >= 2.10.0
 Requires: freetype2 >= 2.1.7
 
+Vendor:         Project Vine
+Distribution:   Vine Linux
+
 %description
 The libwmf library provides routines for converting Microsoft(R) .wmf
 format files. Currently libwmf includes bindings for converting .wmf
@@ -51,6 +79,14 @@ libraries necessary for developing programs using libwmf.
 %patch0 -p1 -b .CVE-2006-3376
 %patch1 -p1 -b .CVE-2009-1364
 
+%patch8 -p1 -b .pixbufloaderdir
+%patch9  -p1 -b .CVE-2007-0455
+%patch10 -p0 -b .CVE-2007-3472
+%patch11 -p1 -b .CVE-2007-3473
+%patch12 -p1 -b .CVE-2007-3477
+%patch13 -p1 -b .CVE-2007-2756
+%patch14 -p1 -b .CAN-2004-0941
+%patch15 -p1 -b .CVE-2009-3546
 
 %build
 %configure --without-expat --with-x --disable-static
@@ -96,6 +132,10 @@ rm -rf %{buildroot}
 #{_libdir}/gtk-2.0/*/loaders/*a
 
 %changelog
+* Tue Apr 26 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.2.8.4-6
+- add patch8 - patch15 from fc14 to fix many security issues
+- add vendor/distr tag
+
 * Sat Sep 25 2010 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.2.8.4-5
 - add BuildRequires: zlib-devel, libX11-devel, libXt-devel, xorg-x11-proto-devel
 - add Requires: zlib-devel, libX11-devel (devel package)