rpms/OpenEXR/devel OpenEXR.spec,1.27,1.28

[Rex Dieter]

Author: rdieter

Update of /cvs/pkgs/rpms/OpenEXR/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30969

Modified Files:
	OpenEXR.spec 
Log Message:
* Wed Jul 29 2009 Rex Dieter <rdieter at fedoraproject.org> 1.6.1-8
- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)
- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)



Index: OpenEXR.spec
===================================================================
RCS file: /cvs/pkgs/rpms/OpenEXR/devel/OpenEXR.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- OpenEXR.spec	24 Jul 2009 15:42:36 -0000	1.27
+++ OpenEXR.spec	29 Jul 2009 18:19:19 -0000	1.28
@@ -6,7 +6,7 @@
 
 Name:	 OpenEXR
 Version: 1.6.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: A high dynamic-range (HDR) image file format
 
 Group:	 System Environment/Libraries
@@ -22,6 +22,12 @@ Provides:  openexr = %{version}-%{releas
 Patch1: OpenEXR-1.6.1-pkgconfig.patch
 Patch2: openexr-1.6.1-gcc43.patch
 
+## upstream patches
+Patch100: openexr-1.6.1-CVS-2009-1720-1.patch 
+Patch101: openexr-1.6.1-CVS-2009-1720-2.patch
+Patch102: openexr-CVE-2009-1721-drew-yao-proposed-fix.patch
+
+
 BuildRequires:  automake libtool
 BuildRequires:  ilmbase-devel
 BuildRequires:  zlib-devel
@@ -44,7 +50,7 @@ Summary: Headers and libraries for build
 Group:	 Development/Libraries
 Obsoletes: openexr-devel < %{version}-%{release}
 Provides:  openexr-devel = %{version}-%{release}
-Requires: %{name}-libs = %{version}-%{release}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Requires: ilmbase-devel
 Requires: pkgconfig
 %description devel
@@ -63,6 +69,12 @@ Group:   System Environment/Libraries
 %patch1 -p1 -b .pkgconfig
 %patch2 -p1 -b .gcc43
 
+pushd IlmImf
+%patch100 -p2 -b .CVE-2009-1720-1
+%patch101 -p2 -b .CVE-2009-1720-2
+%patch102 -p0 -b .CVE-2009-1721
+popd
+
 # work to remove rpaths, recheck on new releases
 aclocal -Im4
 libtoolize --force
@@ -103,15 +115,9 @@ rm -rf rpmdocs/examples/.deps
 rm -rf $RPM_BUILD_ROOT
 
 
-%if 0%{?libs}
-%post libs -p /sbin/ldconfig
+%post %{?libs:libs} -p /sbin/ldconfig
 
-%postun libs -p /sbin/ldconfig
-%else
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
-%endif
+%postun %{?libs:libs}  -p /sbin/ldconfig
 
 
 %files
@@ -123,19 +129,23 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(-,root,root,-)
 %endif
 %doc AUTHORS ChangeLog LICENSE NEWS README
-%{_libdir}/lib*.so.*
+%{_libdir}/libIlmImf.so.6*
 
 %files devel
 %defattr(-,root,root,-)
 #omit for now, they're mostly useless, and include multilib conflicts (#342781)
 #doc rpmdocs/examples 
-%{_datadir}/aclocal/*
+%{_datadir}/aclocal/openexr.m4
 %{_includedir}/OpenEXR/*
-%{_libdir}/lib*.so
-%{_libdir}/pkgconfig/*
+%{_libdir}/libIlmImf.so
+%{_libdir}/pkgconfig/OpenEXR.pc
 
 
 %changelog
+* Wed Jul 29 2009 Rex Dieter <rdieter at fedoraproject.org> 1.6.1-8
+- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)
+- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.1-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild