PaulHowarth/Blog/2015-02-27

Friday 27th February 2015

Fedora Project

  • Updated libpng10 to 1.0.63 in F-20, F-21, F-22, Rawhide and EPEL-6:

    • Issue a png_error() instead of a png_warning() when width is potentially too large for the architecture, in case the calling application has overridden the default 1,000,000-column limit (fixes CVE-2014-9495 and CVE-2015-0973)

    • Quieted some harmless warnings from Coverity-scan
    • Display user limits in the output from pngtest (not packaged)

    • Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000; it only affects the maximum memory that can be allocated to an ancillary chunk, and does not limit the size of IDAT data, which is instead limited by PNG_USER_WIDTH_MAX

    • Rebuilt configure scripts with automake-1.15 and libtool-2.4.6

  • Rebuilt perl-Compress-Raw-Lzma for xz-5.2.1 in Rawhide

Local Packages

  • Updated libpng10 to 1.0.63 as per the Fedora version

  • Rebuilt perl-Compress-Raw-Lzma for xz-5.2.1

  • Updated perl-Net-DNS to 0.83:

  • Rebuilt sendmail (8.15.1) to keep in sync with Rawhide

  • Updated xz to 5.2.1 in F-22 and Rawhide:

    • Fixed a compression-ratio regression in fast mode of LZMA1 and LZMA2; the bug is present in 5.1.4beta and 5.2.0 releases

    • Fixed a portability problem in xz that affected at least OpenBSD

    • Fixed xzdiff to be compatible with FreeBSD's mktemp, which differs from most other mktemp implementations

    • Changed CPU core count detection to use cpuset_getaffinity() on FreeBSD


Recent