April 2014 - mingw - Fedora mailing-lists

[Bug 1086514] New: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1086514 Bug ID: 1086514 Summary: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe

1 21

[Bug 1086516] New: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1086516 Bug ID: 1086516 Summary: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe

1 29

[Bug 851819] New: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation
by Red Hat Bugzilla 07 Feb '16

07 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=851819 Bug ID: 851819 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: t.sailer(a)alumni.ethz.ch Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://sailer.fedorapeople.org/mingw-sparsehash.spec SRPM URL: http://sailer.fedorapeople.org/mingw-sparsehash-2.0.2-1.fc17.src.rpm Description: MinGW Extremely memory-efficient C++ hash_map implementation Approved MinGW packaging guidelines are here: http://fedoraproject.org/wiki/Packaging/MinGW -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 858062] New: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows - QtActiveQt component
by Red Hat Bugzilla 16 Jul '15

16 Jul '15

https://bugzilla.redhat.com/show_bug.cgi?id=858062 Bug ID: 858062 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows - QtActiveQt component Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: erik-fedora(a)vanpienbroek.nl Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtactiveqt/mingw-qt5-qtac… SRPM URL: http://ftd4linux.nl/contrib/mingw-qt5-qtactiveqt-5.0.0-0.1.beta1.fc17.src.r… Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug.

1 26

[Bug 1057910] New: Review Request: mingw-qt5-qtserialport - Qt5 for Windows - QtSerialPort component
by Red Hat Bugzilla 27 Jun '15

27 Jun '15

https://bugzilla.redhat.com/show_bug.cgi?id=1057910 Bug ID: 1057910 Summary: Review Request: mingw-qt5-qtserialport - Qt5 for Windows - QtSerialPort component Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody(a)fedoraproject.org Reporter: erik-fedora(a)vanpienbroek.nl QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, package-review(a)lists.fedoraproject.org Spec URL: http://svn.nntpgrab.nl/svn/fedora_cross/mingw-qt5-qtserialport/mingw-qt5-qt… SRPM URL: http://koji.vanpienbroek.nl/kojifiles/packages/mingw-qt5-qtserialport/5.2.0… Koji scratch build: http://koji.vanpienbroek.nl/koji/buildinfo?buildID=187 Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=cAZZzKe8ME&a=cc_unsubscribe

1 4

[Bug 858085] New: Review Request: mingw-qt5-qtxmlpatterns - Qt5 for Windows - QtXmlPatterns component
by Red Hat Bugzilla 12 Apr '15

12 Apr '15

https://bugzilla.redhat.com/show_bug.cgi?id=858085 Bug ID: 858085 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-qt5-qtxmlpatterns - Qt5 for Windows - QtXmlPatterns component Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: erik-fedora(a)vanpienbroek.nl Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtxmlpatterns/mingw-qt5-q… SRPM URL: http://ftd4linux.nl/contrib/mingw-qt5-qtxmlpatterns-5.0.0-0.1.beta1.fc17.sr… Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug.

1 24

[Bug 858058] New: Review Request: mingw-qt5-qtbase - Qt5 for Windows - QtBase component
by Red Hat Bugzilla 25 Mar '15

25 Mar '15

https://bugzilla.redhat.com/show_bug.cgi?id=858058 Bug ID: 858058 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-qt5-qtbase - Qt5 for Windows - QtBase component Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: erik-fedora(a)vanpienbroek.nl Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtbase/mingw-qt5-qtbase.s… SRPM URL: http://ftd4linux.nl/contrib/mingw-qt5-qtbase-5.0.0-0.10.beta1.fc17.src.rpm Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug.

1 42

[Bug 858063] New: Review Request: mingw-qt5-qtconnectivity - Qt5 for Windows - QtConnectivity component
by Red Hat Bugzilla 25 Mar '15

25 Mar '15

https://bugzilla.redhat.com/show_bug.cgi?id=858063 Bug ID: 858063 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-qt5-qtconnectivity - Qt5 for Windows - QtConnectivity component Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: erik-fedora(a)vanpienbroek.nl Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtconnectivity/mingw-qt5-… SRPM URL: http://ftd4linux.nl/contrib/mingw-qt5-qtconnectivity-5.0.0-0.1.beta1.fc17.s… Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug.

1 11

[Bug 1057911] New: Review Request: mingw-qt5-qtwinextras - Qt5 for Windows - QtWinExtras component
by Red Hat Bugzilla 23 Mar '15

23 Mar '15

https://bugzilla.redhat.com/show_bug.cgi?id=1057911 Bug ID: 1057911 Summary: Review Request: mingw-qt5-qtwinextras - Qt5 for Windows - QtWinExtras component Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody(a)fedoraproject.org Reporter: erik-fedora(a)vanpienbroek.nl QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, package-review(a)lists.fedoraproject.org Spec URL: http://svn.nntpgrab.nl/svn/fedora_cross/mingw-qt5-qtwinextras/mingw-qt5-qtw… SRPM URL: http://koji.vanpienbroek.nl/kojifiles/packages/mingw-qt5-qtwinextras/5.2.0/… Koji scratch build: http://koji.vanpienbroek.nl/koji/buildinfo?buildID=198 Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=c6y1436GF0&a=cc_unsubscribe

1 12

[Bug 786151] New: Review request: mingw-pkg-config - MinGW Windows pkg-config tool for cross compiling
by Red Hat Bugzilla 13 Mar '15

13 Mar '15

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: Review request: mingw-pkg-config - MinGW Windows pkg-config tool for cross compiling https://bugzilla.redhat.com/show_bug.cgi?id=786151 Summary: Review request: mingw-pkg-config - MinGW Windows pkg-config tool for cross compiling Product: Fedora Version: rawhide Platform: Unspecified OS/Version: Unspecified Status: NEW Severity: unspecified Priority: unspecified Component: Package Review AssignedTo: nobody(a)fedoraproject.org ReportedBy: erik-fedora(a)vanpienbroek.nl QAContact: extras-qa(a)fedoraproject.org CC: notting(a)redhat.com, fedora-mingw(a)lists.fedoraproject.org, package-review(a)lists.fedoraproject.org Classification: Fedora Story Points: --- Type: --- Regression: --- Mount Type: --- Documentation: --- Spec URL: http://ftd4linux.nl/contrib/mingw-pkg-config.spec SRPM URL: http://ftd4linux.nl/contrib/mingw-pkg-config-0.26-1.fc16.src.rpm Description: The pkgconfig tool determines compilation options. For each required library, it reads the configuration file and outputs the necessary compiler and linker flags. This package contains pkg-config tool for cross compiling with the MinGW toolchain. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 11

[Bug 599567] New: mingw32-gcc should not drag in mingw32-pthreads
by Red Hat Bugzilla 18 Feb '15

18 Feb '15

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: mingw32-gcc should not drag in mingw32-pthreads https://bugzilla.redhat.com/show_bug.cgi?id=599567 Summary: mingw32-gcc should not drag in mingw32-pthreads Product: Fedora Version: 13 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: low Component: mingw32-gcc AssignedTo: rjones(a)redhat.com ReportedBy: eblake(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: berrange(a)redhat.com, rjones(a)redhat.com, kalev(a)smartlink.ee, fedora-mingw(a)lists.fedoraproject.org Classification: Fedora Target Release: --- Description of problem: mingw32-gcc currently drags in a dependency on mingw32-pthreads, which in turn forces some namespace pollution due to its buggy <pthread.h> header. It would be much nicer if the mingw32-pthreads package remained optional, since it can interfere with cross-compilation efforts to mingw. Version-Release number of selected component (if applicable): mingw32-gcc-4.4.2-2.fc13.x86_64 mingw32-pthreads-2.8.0-10.fc13.noarch How reproducible: Always Steps to Reproduce: 1. Install mingw32-gcc Actual results: mingw32-pthreads gets sucked in as a required dependency to the cross-compiler. Expected results: Mere presence of the cross-compiler shouldn't force the existence of a broken <pthread.h>. Either the compiler needs to be built without mingw32-pthreads, or mingw32-pthreads needs to be split into two packages (runtime dependency of the compiler, vs. development library that installs <pthread.h> for situations that actually want to use this library in spite of its current upstream flaws). Additional info: -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 15

[Bug 641423] New: mingw32-gcc installs files both inside and outside the sysroot
by Red Hat Bugzilla 18 Feb '15

18 Feb '15

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: mingw32-gcc installs files both inside and outside the sysroot https://bugzilla.redhat.com/show_bug.cgi?id=641423 Summary: mingw32-gcc installs files both inside and outside the sysroot Product: Fedora Version: 13 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: low Component: mingw32-gcc AssignedTo: rjones(a)redhat.com ReportedBy: pbonzini(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: rjones(a)redhat.com, kalev(a)smartlink.ee, fedora-mingw(a)lists.fedoraproject.org Classification: Fedora Target Release: --- Description of problem: mingw32-gcc is a strange hybrid package that installs files both inside and outside the sysroot. The files in the sysroot should be separated in mingw32-libgcc. Version-Release number of selected component (if applicable): mingw32-gcc-4.4.2-2.fc13.x86_64 Additional info: This makes the following packages depend incorrectly on mingw32-gcc: * mingw32-gettext (directly) * mingw32-pthreads (directly) * mingw32-atk (indirectly) * mingw32-glib2 (indirectly) * mingw32-gtk2 (indirectly) * mingw32-pango (indirectly) -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 11

[Bug 623338] New: mingw32-glib2 may need to be rebuilt against Python 2.7 in F14 and rawhide
by Red Hat Bugzilla 18 Feb '15

18 Feb '15

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: mingw32-glib2 may need to be rebuilt against Python 2.7 in F14 and rawhide https://bugzilla.redhat.com/show_bug.cgi?id=623338 Summary: mingw32-glib2 may need to be rebuilt against Python 2.7 in F14 and rawhide Product: Fedora Version: 14 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: low Component: mingw32-glib2 AssignedTo: rjones(a)redhat.com ReportedBy: dmalcolm(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: lfarkas(a)lfarkas.org, t.sailer(a)alumni.ethz.ch, rjones(a)redhat.com, fedora-mingw(a)lists.fedoraproject.org Depends on: 623233 Blocks: 619913 Classification: Fedora Target Release: --- This is an automatically-filed bug. mingw32-glib2-2.24.1-1.fc14 contains one or more .pyc files, but has not been rebuilt since Python 2.7 was built for Fedora, and thus the .pyc files presumably are for Python 2.6. Python 2.7 changed the bytecode format, so usage of those files will typically fail (see e.g. bug 621726). The package needs to be rebuilt against python 2.7 in both F14 and devel. Information on the new "dist-git" system can be seen here: http://fedoraproject.org/wiki/Using_Fedora_GIT Information on common difficulties with Python 2.7 rebuilds can be seen here: https://fedoraproject.org/wiki/Features/Python_2.7 Once it's been successfully rebuilt for F14, an update needs to be filed to get the rebuild into F14: https://admin.fedoraproject.org/updates/new/ Please add this bug to the update, to make it easy to track what's been done, and what's left to do. I'm sorry that this component was not handled by the mass rebuild. (This may be due to bug 623233) -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 8

[Bug 1092759] New: gzseek calls can incorrectly position the file.
by Red Hat Bugzilla 19 Jan '15

19 Jan '15

https://bugzilla.redhat.com/show_bug.cgi?id=1092759 Bug ID: 1092759 Summary: gzseek calls can incorrectly position the file. Product: Fedora Version: 19 Component: mingw-zlib Assignee: rjones(a)redhat.com Reporter: tsteven4(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Created attachment 890969 --> https://bugzilla.redhat.com/attachment.cgi?id=890969&action=edit zlib gzseek test case Description of problem: gzseek can incorrectly hit EOF, causing subsequent gzread calls to fail. Version-Release number of selected component (if applicable): mingw32-zlib-1.2.7-2.fc19.noarch How reproducible: 100% Steps to Reproduce: 1. unzip test case zlib_test2.zip provided. 2. run test2 script to compile the test case. 3. execute test case by running testz2.exe under windows. testz2.exe, zlib1.dll and test.data all need to be in the directory testz2.exe is executed from. Actual results: Got 0 Expected results: Got 4 Additional info: A possible patch with zlib 1.2.8 is listed below, although this might be a configuration problem. offset, which is of type z_off64_t, ends up being 32 bits as configured. --- gzlib.c 2013-03-24 23:47:59.000000000 -0600 +++ gzlib.patch.c 2014-04-27 15:34:38.496808069 -0600 @@ -393,7 +393,7 @@ /* if within raw area while reading, just go there */ if (state->mode == GZ_READ && state->how == COPY && state->x.pos + offset >= 0) { - ret = LSEEK(state->fd, offset - state->x.have, SEEK_CUR); + ret = LSEEK(state->fd, offset - (z_off64_t)state->x.have, SEEK_CUR); if (ret == -1) return -1; state->x.have = 0; I have reported this to zlib(a)gzip.org but haven't received any response yet. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=t37ShhxD8T&a=cc_unsubscribe

1 5

[Bug 961303] New: Review Request: mingw-winpthreads - MinGW pthread library
by Red Hat Bugzilla 23 Dec '14

23 Dec '14

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=961303 Bug ID: 961303 Summary: Review Request: mingw-winpthreads - MinGW pthread library Product: Fedora Version: rawhide Component: Package Review Severity: unspecified Priority: unspecified Assignee: nobody(a)fedoraproject.org Reporter: erik-fedora(a)vanpienbroek.nl QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Category: --- Spec URL: http://svn.nntpgrab.nl/svn/fedora_cross/mingw-winpthreads/mingw-winpthreads… SRPM URL: http://kojipkgs.fedoraproject.org//work/tasks/3113/5353113/mingw-winpthread… Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=5353109 Description: The POSIX 1003.1-2001 standard defines an application programming interface (API) for writing multithreaded applications. This interface is known more commonly as pthreads. A good number of modern operating systems include a threading library of some kind: Solaris (UI) threads, Win32 threads, DCE threads, DECthreads, or any of the draft revisions of the pthreads standard. The trend is that most of these systems are slowly adopting the pthreads standard API, with application developers following suit to reduce porting woes. Win32 does not, and is unlikely to ever, support pthreads natively. This project seeks to provide a freely available and high-quality solution to this problem. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=rqAnBiqMYf&a=cc_unsubscribe

1 14

[Bug 1046027] New: ld asserts on trying to link -lws2_32 to a DLL (win64 target)
by Red Hat Bugzilla 04 Dec '14

04 Dec '14

https://bugzilla.redhat.com/show_bug.cgi?id=1046027 Bug ID: 1046027 Summary: ld asserts on trying to link -lws2_32 to a DLL (win64 target) Product: Fedora Version: rawhide Component: mingw-binutils Assignee: rjones(a)redhat.com Reporter: dkholia(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, ktietz(a)redhat.com, rjones(a)redhat.com See http://sourceforge.net/mailarchive/message.php?msg_id=31592989 for details. To reproduce the problem, build https://github.com/magnumripper/JohnTheRipper/tree/bleeding-jumbo code base. $ rpm -qa | grep -i mingw mingw64-winpthreads-3.0.999-0.1.trunk.r6379.20131120.fc21.noarch mingw64-gdb-7.6-2.fc20.noarch mingw64-libgomp-4.8.2-1.fc21.x86_64 mingw-binutils-generic-2.23.52.0.1-2.fc20.x86_64 mingw64-headers-3.0.999-0.2.trunk.r6388.20131129.fc21.noarch mingw64-crt-3.0.999-0.2.trunk.r6388.20131129.fc21.noarch mingw64-gcc-c++-4.8.2-1.fc21.x86_64 mingw64-wine-gecko-2.24-1.fc21.noarch mingw64-binutils-2.23.52.0.1-2.fc20.x86_64 mingw64-pkg-config-0.28-2.fc20.x86_64 mingw64-openssl-1.0.1e-4.fc20.noarch mingw64-openssl-static-1.0.1e-4.fc20.noarch mingw64-filesystem-99-3.fc20.noarch mingw64-zlib-1.2.8-2.fc20.noarch mingw64-expat-2.1.0-5.fc20.noarch mingw64-cpp-4.8.2-1.fc21.x86_64 mingw64-win-iconv-0.0.4-3.fc20.noarch mingw64-gcc-4.8.2-1.fc21.x86_64 mingw-filesystem-base-99-3.fc20.noarch -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nHKYTxqmKY&a=cc_unsubscribe

1 4

[Bug 889716] New: pthread header files are installed not to the root of "include" directory
by Red Hat Bugzilla 01 Sep '14

01 Sep '14

Product: Fedora EPEL https://bugzilla.redhat.com/show_bug.cgi?id=889716 Bug ID: 889716 Summary: pthread header files are installed not to the root of "include" directory Product: Fedora EPEL Version: el5 Component: mingw32-pthreads Severity: low Priority: unspecified Reporter: max.salov(a)gmail.com Description of problem: Header files are installed into /usr/i686-pc-mingw32/sys-root/mingw/include/pthread/ directory instead of /usr/i686-pc-mingw32/sys-root/mingw/include/. As a result pthread.h header file is not accessible with #include <pthread.h> directive. If use #include <pthread/pthread.h>, other headers from pthread library are not found during compilation process, because are included without directory prefix (e.g. #include <sched.h>, not #include <pthread/sched.h>). The only way to use mingw32-pthread I see is to add -I/usr/i686-pc-mingw32/sys-root/mingw/include/pthread/ to CFLAGS and use #include <pthread.h> directive. Version-Release number of selected component (if applicable): 2.8.0-4.el5 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8vnwgOGS8H&a=cc_unsubscribe

1 1

[Bug 1056860] New: CVE-2013-6954 mingw32-libpng: libpng: unhandled zero-length PLTE chunk or NULL palette [epel-all]
by Red Hat Bugzilla 01 Sep '14

01 Sep '14

https://bugzilla.redhat.com/show_bug.cgi?id=1056860 Bug ID: 1056860 Summary: CVE-2013-6954 mingw32-libpng: libpng: unhandled zero-length PLTE chunk or NULL palette [epel-all] Product: Fedora EPEL Version: el6 Component: mingw32-libpng Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: huzaifas(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1045561 (CVE-2013-6954) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. Please note: this issue affects multiple supported versions of Fedora EPEL. Only one tracking bug has been filed; please ensure that it is only closed when all affected versions are fixed. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1045561 [Bug 1045561] CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VN68ejWjZh&a=cc_unsubscribe

1 3

[Bug 1043745] New: CVE-2013-6425 mingw32-pixman: pixman: integer underflow when handling trapezoids [epel-5]
by Red Hat Bugzilla 01 Sep '14

01 Sep '14

https://bugzilla.redhat.com/show_bug.cgi?id=1043745 Bug ID: 1043745 Summary: CVE-2013-6425 mingw32-pixman: pixman: integer underflow when handling trapezoids [epel-5] Product: Fedora EPEL Version: el5 Component: mingw32-pixman Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: rjones(a)redhat.com Reporter: huzaifas(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, kraxel(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1037975 (CVE-2013-6425) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. epel-5 tracking bug for mingw32-pixman: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1037975 [Bug 1037975] CVE-2013-6425 pixman: integer underflow when handling trapezoids -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dUydcKwZkZ&a=cc_unsubscribe

1 6

[Bug 1031741] New: CVE-2013-6629 mingw32-libjpeg: libjpeg: information leak (read of uninitialized memory) [epel-5]
by Red Hat Bugzilla 01 Sep '14

01 Sep '14

https://bugzilla.redhat.com/show_bug.cgi?id=1031741 Bug ID: 1031741 Summary: CVE-2013-6629 mingw32-libjpeg: libjpeg: information leak (read of uninitialized memory) [epel-5] Product: Fedora EPEL Version: el5 Component: mingw32-libjpeg Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: vdanen(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1031734 (CVE-2013-6629) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. epel-5 tracking bug for mingw32-libjpeg: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1031734 [Bug 1031734] CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ePkXw0rUxC&a=cc_unsubscribe

1 6

[Bug 858914] New: CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [epel-5]
by Red Hat Bugzilla 01 Sep '14

01 Sep '14

https://bugzilla.redhat.com/show_bug.cgi?id=858914 Bug ID: 858914 Keywords: Security, SecurityTracking Blocks: 822109 (CVE-2011-3102) QA Contact: extras-qa(a)fedoraproject.org Severity: low Version: el5 Priority: low CC: fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Assignee: rjones(a)redhat.com Summary: CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [epel-5] Regression: --- Story Points: --- Classification: Fedora OS: Linux Reporter: huzaifas(a)redhat.com Type: --- Documentation: --- Hardware: All Mount Type: --- Status: NEW Component: mingw32-libxml2 Product: Fedora EPEL This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include this bug ID and the bug IDs of this bug's parent bugs filed against the "Security Response" product (the top-level CVE bugs). Please mention the CVE IDs being fixed in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=822109 epel-5 tracking bug for mingw32-libxml2: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 795700] New: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5]
by Red Hat Bugzilla 01 Sep '14

01 Sep '14

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=795700 Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5] Product: Fedora EPEL Version: el5 Platform: All OS/Version: Linux Status: NEW Keywords: Security, SecurityTracking Severity: medium Priority: medium Component: mingw32-libxml2 AssignedTo: rjones(a)redhat.com ReportedBy: huzaifas(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: lfarkas(a)lfarkas.org, veillard(a)redhat.com, rjones(a)redhat.com, fedora-mingw(a)lists.fedoraproject.org Blocks: 787067 Classification: Fedora Story Points: --- Type: --- Regression: --- Mount Type: --- Documentation: --- This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include this bug ID and the bug IDs of this bug's parent bugs filed against the "Security Response" product (the top-level CVE bugs). Please mention the CVE IDs being fixed in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=787067 epel-5 tracking bug for mingw32-libxml2: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 2

[Bug 721312] New: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5]
by Red Hat Bugzilla 01 Sep '14

01 Sep '14

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=721312 Summary: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5] Product: Fedora EPEL Version: el5 Platform: All OS/Version: Linux Status: NEW Keywords: Security, SecurityTracking Severity: medium Priority: medium Component: mingw32-libpng AssignedTo: rjones(a)redhat.com ReportedBy: huzaifas(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com, fedora-mingw(a)lists.fedoraproject.org Blocks: 720607 Classification: Fedora Story Points: --- epel-5 tracking bug for mingw32-libpng: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 4

[Bug 1086671] New: CVE-2013-7353 mingw-libpng: libpng: integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() [fedora-19]
by Red Hat Bugzilla 10 Jun '14

10 Jun '14

https://bugzilla.redhat.com/show_bug.cgi?id=1086671 Bug ID: 1086671 Summary: CVE-2013-7353 mingw-libpng: libpng: integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() [fedora-19] Product: Fedora Version: 19 Component: mingw-libpng Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: huzaifas(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1086514 (CVE-2013-7353) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. fedora-19 tracking bug for mingw-libpng: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1086514 [Bug 1086514] CVE-2013-7353 libpng: integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dm32xSP5nD&a=cc_unsubscribe

1 8

[Bug 1074648] New: CVE-2014-2240 mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-20]
by Red Hat Bugzilla 10 Jun '14

10 Jun '14

https://bugzilla.redhat.com/show_bug.cgi?id=1074648 Bug ID: 1074648 Summary: CVE-2014-2240 mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-20] Product: Fedora Version: 20 Component: mingw-freetype Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: rjones(a)redhat.com Reporter: vdanen(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1074646 (CVE-2014-2240) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. fedora-20 tracking bug for mingw-freetype: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1074646 [Bug 1074646] CVE-2014-2240 freetype: OOB stack-based read/write in cf2_hintmap_build() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zK27i6Rkr1&a=cc_unsubscribe

1 5

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw April 2014