rpms/glib2/F-8 cve-2008-2371.patch,NONE,1.1 glib2.spec,1.145,1.146

Matthias Clasen (mclasen) fedora-extras-commits at redhat.com
Wed Jul 2 14:36:22 UTC 2008 

Author: mclasen

Update of /cvs/extras/rpms/glib2/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18761

Modified Files:
	glib2.spec 
Added Files:
	cve-2008-2371.patch 
Log Message:
Fix cve-2008-2371


cve-2008-2371.patch:

--- NEW FILE cve-2008-2371.patch ---
diff -up glib-2.14.6/glib/pcre/pcre_compile.c.cve-2008-2371 glib-2.14.6/glib/pcre/pcre_compile.c
--- glib-2.14.6/glib/pcre/pcre_compile.c.cve-2008-2371	2008-07-02 10:30:50.000000000 -0400
+++ glib-2.14.6/glib/pcre/pcre_compile.c	2008-07-02 10:32:19.000000000 -0400
@@ -4701,7 +4701,7 @@ we set the flag only if there is a liter
                (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
             {
             cd->external_options = newoptions;
-            options = newoptions;
+            options = *optionsptr = newoptions;
             }
          else
             {


Index: glib2.spec
===================================================================
RCS file: /cvs/extras/rpms/glib2/F-8/glib2.spec,v
retrieving revision 1.145
retrieving revision 1.146
diff -u -r1.145 -r1.146
--- glib2.spec	7 Feb 2008 07:01:53 -0000	1.145
+++ glib2.spec	2 Jul 2008 14:35:45 -0000	1.146
@@ -3,7 +3,7 @@
 Summary: A library of handy utility functions
 Name: glib2
 Version: 2.14.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://www.gtk.org
@@ -14,6 +14,8 @@
 BuildRequires: pkgconfig >= 1:0.14
 BuildRequires: gettext
 
+Patch0: cve-2008-2371.patch
+
 %description 
 GLib is the low-level core library that forms the basis
 for projects such as GTK+ and GNOME. It provides data structure
@@ -45,6 +47,7 @@
 
 %prep
 %setup -q -n glib-%{version}
+%patch0 -p1 -b .cve-2008-2371
 
 %build
 for i in config.guess config.sub ; do
@@ -117,6 +120,9 @@
 %{_libdir}/lib*.a
 
 %changelog
+* Wed Jul  2 2008 Matthias Clasen <mclasen at redhat.com> - 2.14.6-2
+- Fix a heap-based buffer overflow in PCRE (CVE-2008-2371)
+
 * Thu Feb  7 2008 Matthias Clasen <mclasen at redhat.com> - 2.14.6-1
 - Update to 2.14.6 (fixes a buffer overflow in PCRE)

More information about the fedora-extras-commits mailing list