Friday 27th February 2015
Fedora Project
Updated libpng10 to 1.0.63 in F-20, F-21, F-22, Rawhide and EPEL-6:
Issue a png_error() instead of a png_warning() when width is potentially too large for the architecture, in case the calling application has overridden the default 1,000,000-column limit (fixes CVE-2014-9495 and CVE-2015-0973)
- Quieted some harmless warnings from Coverity-scan
Display user limits in the output from pngtest (not packaged)
Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000; it only affects the maximum memory that can be allocated to an ancillary chunk, and does not limit the size of IDAT data, which is instead limited by PNG_USER_WIDTH_MAX
Rebuilt configure scripts with automake-1.15 and libtool-2.4.6
Rebuilt perl-Compress-Raw-Lzma for xz-5.2.1 in Rawhide
Local Packages
Updated libpng10 to 1.0.63 as per the Fedora version
Rebuilt perl-Compress-Raw-Lzma for xz-5.2.1
Updated perl-Net-DNS to 0.83:
Fix CPAN RT#101798: AUTOLOAD error confusing w/o reference to object class
Fix CPAN RT#101709: Provide separate control of IPv6 tests
Fix CPAN RT#101675: MX record with 0 preference fails to parse
Fix CPAN RT#101405: Install tests fail for v0.81 on Perl 5.21.7
Rebuilt sendmail (8.15.1) to keep in sync with Rawhide
Updated xz to 5.2.1 in F-22 and Rawhide:
Fixed a compression-ratio regression in fast mode of LZMA1 and LZMA2; the bug is present in 5.1.4beta and 5.2.0 releases
Fixed a portability problem in xz that affected at least OpenBSD
Fixed xzdiff to be compatible with FreeBSD's mktemp, which differs from most other mktemp implementations
Changed CPU core count detection to use cpuset_getaffinity() on FreeBSD