---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-256
2004-08-06
---------------------------------------------------------------------
Product : Fedora Core 2
Name : gimp
Version : 2.0.4
Release : 0.fc2.1
Summary : The GNU Image Manipulation Program
Description :
The GIMP (GNU Image Manipulation Program) is a powerful image
composition and editing program, which can be extremely useful for
creating logos and other graphics for webpages. The GIMP has many of
the tools and filters you would expect to find in similar commercial
offerings, and some interesting extras as well. The GIMP provides a
large image manipulation toolbox, including channel operations and
layers, effects, sub-pixel imaging and anti-aliasing, and conversions,
all with multi-level undo.
The GIMP includes a scripting facility, but many of the included
scripts rely on fonts that we cannot distribute. The GIMP FTP site
has a package of fonts that you can install by yourself, which
includes all the fonts needed to run the included scripts. Some of
the fonts have unusual licensing requirements; all the licenses are
documented in the package. Get
ftp://ftp.gimp.org/pub/gimp/fonts/freefonts-0.10.tar.gz and
ftp://ftp.gimp.org/pub/gimp/fonts/sharefonts-0.10.tar.gz if you are so
inclined. Alternatively, choose fonts which exist on your system
before running the scripts.
---------------------------------------------------------------------
Update Information:
Update to version 2.0.4.
---------------------------------------------------------------------
* Fri Aug 06 2004 Nils Philippsen <nphilipp(a)redhat.com>
- version 2.0.4
- rebuild for FC2
* Wed Aug 04 2004 Nils Philippsen <nphilipp(a)redhat.com>
- rebuild to pick up new libcroco
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
33e7866fe5e931a5d08a4e187c9199ea SRPMS/gimp-2.0.4-0.fc2.1.src.rpm
4dbaabdda69358ad9191b28ee0108a1a x86_64/gimp-2.0.4-0.fc2.1.x86_64.rpm
77988df64dcd720c18926925f8daeb34 x86_64/gimp-devel-2.0.4-0.fc2.1.x86_64.rpm
5ec56d432283016bb49c1bdb8c181c9d x86_64/debug/gimp-debuginfo-2.0.4-0.fc2.1.x86_64.rpm
b20ca3fb7b2725bae8ac079658764533 i386/gimp-2.0.4-0.fc2.1.i386.rpm
8c486f2fa45c0213e46157a692380054 i386/gimp-devel-2.0.4-0.fc2.1.i386.rpm
96c5afdcab6365a121c4b20fb0690df6 i386/debug/gimp-debuginfo-2.0.4-0.fc2.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Nils Philippsen / Red Hat / nphilipp(a)redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-255
2004-08-06
---------------------------------------------------------------------
Product : Fedora Core 2
Name : gimp-help
Version : 2
Release : 0.0.3
Summary : Help files for the GIMP.
Description :
The GIMP User Manual is a newly written User Manual for the GIMP.
---------------------------------------------------------------------
Update Information:
---------------------------------------------------------------------
* Fri Aug 06 2004 Nils Philippsen <nphilipp(a)redhat.com>
- rebuild for FC2
* Fri Jul 02 2004 Nils Philippsen <nphilipp(a)redhat.com>
- version 2-0.3
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
b74a9ad9681669043449b825f18ffe22 SRPMS/gimp-help-2-0.0.3.src.rpm
2f63c9f59ac10603ef4d080dc0ff7a4c x86_64/gimp-help-2-0.0.3.noarch.rpm
2f63c9f59ac10603ef4d080dc0ff7a4c i386/gimp-help-2-0.0.3.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Nils Philippsen / Red Hat / nphilipp(a)redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-245
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libbonobo
Version : 2.6.2
Release : 1
Summary : Bonobo component system
Description :
Bonobo is a component system based on CORBA, used by the GNOME desktop.
---------------------------------------------------------------------
Update Information:
This update is to partially address the bug mentioned in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123655. This bug
causes bonobo-activation-server to remain after the user's session ends.
---------------------------------------------------------------------
* Fri Jul 30 2004 Ray Strode <rstrode(a)redhat.com> 2.6.2-1
- Update to 2.6.2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
ac6212a6128ddbf344fea02781662091 SRPMS/libbonobo-2.6.2-1.src.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-250
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : tzdata
Version : 2004b
Release : 1.fc2
Summary : Timezone data
Description :
This package contains data files with rules for various timezones around
the world.
---------------------------------------------------------------------
Update Information:
This timezone data update includes adjustements for the recent timezone
changes in Georgia, as well as some minor changes for Argentina, Singapore
and Mongolia. Also Europe/Mariehamn zone file has been added for Aaland
Islands.
---------------------------------------------------------------------
* Wed Aug 04 2004 Jakub Jelinek <jakub(a)redhat.com> 2004d-1.fc2
- 2004b
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
ee5da4c3e9feb4ada50e703213d80104 SRPMS/tzdata-2004b-1.fc2.src.rpm
c263643cf6093b2b330b2a7b03a23b2b x86_64/tzdata-2004b-1.fc2.noarch.rpm
c263643cf6093b2b330b2a7b03a23b2b i386/tzdata-2004b-1.fc2.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-249
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 1
Name : tzdata
Version : 2004b
Release : 1.fc1
Summary : Timezone data
Description :
This package contains data files with rules for various timezones around
the world.
---------------------------------------------------------------------
Update Information:
This timezone data update includes adjustements for the recent timezone
changes in Georgia, as well as some minor changes for Argentina, Singapore
and Mongolia. Also Europe/Mariehamn zone file has been added for Aaland
Islands.
---------------------------------------------------------------------
* Wed Aug 04 2004 Jakub Jelinek <jakub(a)redhat.com> 2004d-1.fc1
- 2004b
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
cc6a690c585c8c4535e82626c9fbed13 SRPMS/tzdata-2004b-1.fc1.src.rpm
85128fae68816b0549ba25072434c2b6 x86_64/tzdata-2004b-1.fc1.noarch.rpm
85128fae68816b0549ba25072434c2b6 i386/tzdata-2004b-1.fc1.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-239
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libpng
Version : 1.2.5
Release : 8
Summary : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.
Libpng should be installed if you need to manipulate PNG format image
files.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer
overflows in libpng. An attacker could create a carefully crafted PNG
file in such a way that it would cause an application linked with libpng
to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference
in libpng (CAN-2004-0598) and several integer overflow issues
(CAN-2004-0599). An attacker could create a carefully crafted PNG file
in such a way that it would cause an application linked with libpng to
crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen <mclasen(a)redhat.com> 2:1.2.5-8
- Build for FC2
* Fri Jul 23 2004 Matthias Clasen <mclasen(a)redhat.com> 2:1.2.5-7
- Replace the patches for individual security problems with the
cumulative patch issued by the png developers.
- Build for FC1
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 2:1.2.5-5
- Rebuild for FC2
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 2:1.2.5-4
- Rebuild for FC1
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 2:1.2.5-3
- Reinstate and improve the transfix patch which got lost sometime ago,
but is still needed for CAN-2002-1363 (#125934)
* Mon May 24 2004 Than Ngo <than(a)redhat.com> 2:1.2.5-2
- add patch to link libm automatically
- get rid of rpath
* Wed May 19 2004 Matthias Clasen <mclasen(a)redhat.com> 2:1.2.5-1
- 1.2.5
* Mon May 03 2004 Matthias Clasen <mclasen(a)redhat.com> 2:1.2.2-22
- Redo the out-of-bounds fix in a slightly better way.
* Wed Apr 21 2004 Matthias Clasen <mclasen(a)redhat.com>
- Bump release number to disambiguate n-v-rs.
* Mon Apr 19 2004 Matthias Clasen <mclasen(a)redhat.com>
- fix a possible out-of-bounds read in the error message
handler. #121229
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 27 2004 Mark McLoughlin <markmc(a)redhat.com> 2:1.2.2-19
- rebuild with changed bits/setjmp.h on ppc
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Wed Jun 04 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Tue Jun 03 2003 Jeff Johnson <jbj(a)redhat.com>
- add explicit epoch's where needed.
* Mon Feb 24 2003 Jonathan Blandford <jrb(a)redhat.com> 2:1.2.2-15
- change pkg-config to use libdir instead of hardcoding /usr/lib
* Mon Feb 24 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Thu Feb 20 2003 Jonathan Blandford <jrb(a)redhat.com> 2:1.2.2-12
- add Provides: libpng.so.3, #67007
* Fri Jan 24 2003 Jonathan Blandford <jrb(a)redhat.com>
- change requires to include the Epoch
* Thu Jan 23 2003 Karsten Hopp <karsten(a)redhat.de> 2:1.2.2-11
- Bump & rebuild
* Wed Jan 22 2003 Tim Powers <timp(a)redhat.com>
- rebuilt
* Wed Jan 15 2003 Elliot Lee <sopwith(a)redhat.com> 2:1.2.2-9
- Bump & rebuild
* Thu Dec 12 2002 Tim Powers <timp(a)redhat.com> 2:1.2.2-7
- merge changes in from -6hammer
* Fri Jun 21 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Thu May 23 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Tue May 07 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.2-4
- Don't own /usr/lib/pkgconfig
- Don't strip library, that's up to rpm
* Tue May 07 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.2-3
- Forgot png.h
* Mon May 06 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.2-2
- Fix compatibility with everyone else.
* Thu May 02 2002 Havoc Pennington <hp(a)redhat.com>
- 1.2.2 plus makefile patches tarball
- update file list to contain versioned libpng only
* Wed Jan 09 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Mon Dec 17 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.1-1
- 1.2.1
* Wed Sep 19 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.0-1
- 1.2.0
* Mon Jul 16 2001 Trond Eivind Glomsrød <teg(a)redhat.com>
- s/Copyright/License/
- fix weird versioning system (epoch was set to "2" in the main
package, serial to "1" in the devel package. Huh?)
* Wed Jun 20 2001 Than Ngo <than(a)redhat.com> 1.0.12-1
- update to 1.0.12
- add missing libpng symlink
* Thu May 03 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.11-2
- libpng-devel requires zlib-devel (since png.h includes zlib.h)
(#38883)
* Wed May 02 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.11-1
- 1.0.11
* Sun Apr 15 2001 Bernhard Rosenkraenzer <bero(a)redhat.com>
- 1.0.10
* Tue Feb 06 2001 Bernhard Rosenkraenzer <bero(a)redhat.com>
- 1.0.9, fixes Mozilla problems
* Tue Dec 12 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- Rebuild to get rid of 0777 dirs
* Wed Nov 15 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- Remove the workaround for Bug #20018 (from Oct 30).
Qt 2.2.2 fixes the problem the workaround addressed.
* Mon Oct 30 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- Work around a problem causing konqueror to segfault in image preview
mode (Bug #20018)
- Copy SuSE 7.0's patch to handle bad chunks
* Sun Sep 03 2000 Florian La Roche <Florian.LaRoche(a)redhat.de>
- only include the man5 man-pages once in the main rpm
* Fri Jul 28 2000 Preston Brown <pbrown(a)redhat.com>
- upgrade to 1.0.8 - fixes small memory leak, other bugs
* Thu Jul 13 2000 Prospector <bugzilla(a)redhat.com>
- automatic rebuild
* Mon Jun 19 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- patchlevel c
- FHSify
* Tue Mar 21 2000 Nalin Dahyabhai <nalin(a)redhat.com>
- update to 1.0.6
* Mon Mar 13 2000 Nalin Dahyabhai <nalin(a)redhat.com>
- change serial to Epoch to get dependencies working correctly
* Fri Feb 11 2000 Nalin Dahyabhai <nalin(a)redhat.com>
- move buildroot and add URL
* Sat Feb 05 2000 Bernhard Rosenkränzer <bero(a)redhat.com>
- strip library
- rebuild to compress man pages
* Sun Nov 21 1999 Bernhard Rosenkränzer <bero(a)redhat.com>
- 1.0.5
- some tweaks to spec file to make updating easier
- handle RPM_OPT_FLAGS
* Mon Sep 20 1999 Matt Wilson <msw(a)redhat.com>
- changed requires in libpng-devel to include serial
- corrected typo
* Sun Mar 21 1999 Cristian Gafton <gafton(a)redhat.com>
- auto rebuild in the new build environment (release 2)
* Sun Feb 07 1999 Michael Johnson <johnsonm(a)redhat.com>
- rev to 1.0.3
* Thu Dec 17 1998 Cristian Gafton <gafton(a)redhat.com>
- build for 6.0
* Wed Sep 23 1998 Cristian Gafton <gafton(a)redhat.com>
- we are Serial: 1 now because we are reverting the 1.0.2 version from
5.2
beta to this prior one
- install man pages; set defattr defaults
* Thu May 07 1998 Prospector System <bugs(a)redhat.com>
- translations modified for de, fr, tr
* Thu Apr 30 1998 Cristian Gafton <gafton(a)redhat.com>
- devel subpackage moved to Development/Libraries
* Wed Apr 08 1998 Cristian Gafton <gafton(a)redhat.com>
- upgraded to 1.0.1
- added buildroot
* Tue Oct 14 1997 Donnie Barnes <djb(a)redhat.com>
- updated to new version
- spec file cleanups
* Thu Jul 10 1997 Erik Troan <ewt(a)redhat.com>
- built against glibc
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
6b45823b67235316b2a3014c9a01f46e SRPMS/libpng-1.2.5-8.src.rpm
14c09742eaaf43659202a23c112ef183 x86_64/libpng-1.2.5-8.x86_64.rpm
e0c5c96590877ea498811d929934ad81 x86_64/libpng-devel-1.2.5-8.x86_64.rpm
96ae464a75a12ac39ed303108eee40b7
x86_64/debug/libpng-debuginfo-1.2.5-8.x86_64.rpm
c5c3418992aa4d48f1bb92dc1db42603 x86_64/libpng-1.2.5-8.i386.rpm
c5c3418992aa4d48f1bb92dc1db42603 i386/libpng-1.2.5-8.i386.rpm
87e3b3fdd3c733d5f29efd0e78c00185 i386/libpng-devel-1.2.5-8.i386.rpm
3e015c843a8829ccbe2f313f1e773744
i386/debug/libpng-debuginfo-1.2.5-8.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-238
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libpng10
Version : 1.0.15
Release : 8
Summary : Old version of libpng, needed to run old binaries.
Description :
The libpng10 package contains an old version of libpng, a library of
functions for creating and manipulating PNG (Portable Network Graphics)
image format files.
This package is needed if you want to run binaries that were linked
dynamically
with libpng 1.0.x.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer
overflows in libpng. An attacker could create a carefully crafted PNG
file in such a way that it would cause an application linked with libpng
to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference
in libpng (CAN-2004-0598) and several integer overflow issues
(CAN-2004-0599). An attacker could create a carefully crafted PNG file
in such a way that it would cause an application linked with libpng to
crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.15-8
- Build for FC2
* Fri Jul 23 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.15-7
- Replace the patches for individual security problems with the
cumulative patch issued by the png developers.
- Build for FC1
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 1.0.15-5
- Rebuilt for FC2
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 1.0.15-4
- Rebuilt for FC1
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 1.0.15-3
- Reinstate and improve the transfix patch which got lost sometime ago,
but is still needed for CAN-2002-1363 (#125934)
* Wed May 19 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.15-2
- Don't provide libpng-devel (#110161)
* Wed May 19 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.15-1
- 1.0.15
- Update rhconf2 patch
- Remove bogus badchunks patch (#89854)
* Mon May 03 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.13-13
- Redo the out-of-bounds fix in a slightly better way.
* Wed Apr 21 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.13-12
- Bump release number to disambiguate n-v-rs.
* Mon Apr 19 2004 Matthias Clasen <mclasen(a)redhat.com>
- fix a possible out-of-bounds read in the error message
handler. #121229
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon Jun 09 2003 Elliot Lee <sopwith(a)redhat.com>
- This package has no epochs! remove usage thereof
* Wed Jun 04 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Tue Jun 03 2003 Jeff Johnson <jbj(a)redhat.com>
- add explicit epoch's where needed.
* Wed Jan 22 2003 Tim Powers <timp(a)redhat.com>
- rebuilt
* Wed Jan 15 2003 Elliot Lee <sopwith(a)redhat.com> 1.0.13-7
- Bump & rebuild
* Fri Dec 13 2002 Elliot Lee <sopwith(a)redhat.com> 1.0.13-6
- Rebuild, merging in multilib change
* Fri Jun 21 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Sun May 26 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Tue May 21 2002 Elliot Lee <sopwith(a)redhat.com> 1.0.13-3
- The package totally broke the backwards compatibility that it was
intended to provide.
Fixed by setting soname to libpng.so.2, and only tweaking the build
(libpng*.{so,a}) files.
- Use _smp_mflags
- Fix rhconf patch because it was patching a symlink instead of the
actual file.
- Don't provide libpng = {version}, because then the package conflicts
with itself
* Thu May 09 2002 Jeremy Katz <katzj(a)redhat.com> 1.0.13-2
- rebuild
* Thu May 02 2002 Havoc Pennington <hp(a)redhat.com> 1.0.13-1
- upgrade to 1.0.13, plus patch tarball from libpng web site
- update rhconf patch to work with new makefiles
* Mon Mar 04 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.12-6
- Revert fix for #59988 as it introduces a worse problem, #60410
* Tue Feb 26 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.12-5
- Conflict with libpng < 1.2.0 (#59988)
* Wed Jan 30 2002 Bill Nottingham <notting(a)redhat.com> 1.0.12-4
- provide libpng = %{version}, libpng-devel = %{version}
* Wed Jan 09 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Fri Jan 04 2002 Bill Nottingham <notting(a)redhat.com> 1.0.12-2
- add devel stuff (we may change this around later)
* Wed Sep 19 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.12-1
- initial compat package
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
df256b5fd7568b39ea7e737eb4ede582 SRPMS/libpng10-1.0.15-8.src.rpm
0765cb769f591d9cbed2bb1ca02a6108 x86_64/libpng10-1.0.15-8.x86_64.rpm
49230b3792d80f80b8bcf4e81a5a5462
x86_64/libpng10-devel-1.0.15-8.x86_64.rpm
87344871592251377c94b6eaa3215855
x86_64/debug/libpng10-debuginfo-1.0.15-8.x86_64.rpm
6570d903af2d1e9d77523934cb6a73d9 i386/libpng10-1.0.15-8.i386.rpm
478673873b01f6013d8d73b099171443 i386/libpng10-devel-1.0.15-8.i386.rpm
99b03b2015ec3756c8640d74d5d93fcc
i386/debug/libpng10-debuginfo-1.0.15-8.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-237
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 1
Name : libpng
Version : 1.2.5
Release : 7
Summary : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.
Libpng should be installed if you need to manipulate PNG format image
files.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer
overflows in libpng. An attacker could create a carefully crafted PNG
file in such a way that it would cause an application linked with libpng
to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference
in libpng (CAN-2004-0598) and several integer overflow issues
(CAN-2004-0599). An attacker could create a carefully crafted PNG file
in such a way that it would cause an application linked with libpng to
crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen <mclasen(a)redhat.com> 2:1.2.5-7
- Replace the patches for individual security problems with the
cumulative patch issued by the png developers.
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 2:1.2.5-5
- Rebuild for FC2
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 2:1.2.5-4
- Rebuild for FC1
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 2:1.2.5-3
- Reinstate and improve the transfix patch which got lost sometime ago,
but is still needed for CAN-2002-1363 (#125934)
* Mon May 24 2004 Than Ngo <than(a)redhat.com> 2:1.2.5-2
- add patch to link libm automatically
- get rid of rpath
* Wed May 19 2004 Matthias Clasen <mclasen(a)redhat.com> 2:1.2.5-1
- 1.2.5
* Mon May 03 2004 Matthias Clasen <mclasen(a)redhat.com> 2:1.2.2-22
- Redo the out-of-bounds fix in a slightly better way.
* Wed Apr 21 2004 Matthias Clasen <mclasen(a)redhat.com>
- Bump release number to disambiguate n-v-rs.
* Mon Apr 19 2004 Matthias Clasen <mclasen(a)redhat.com>
- fix a possible out-of-bounds read in the error message
handler. #121229
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 27 2004 Mark McLoughlin <markmc(a)redhat.com> 2:1.2.2-19
- rebuild with changed bits/setjmp.h on ppc
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Wed Jun 04 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Tue Jun 03 2003 Jeff Johnson <jbj(a)redhat.com>
- add explicit epoch's where needed.
* Mon Feb 24 2003 Jonathan Blandford <jrb(a)redhat.com> 2:1.2.2-15
- change pkg-config to use libdir instead of hardcoding /usr/lib
* Mon Feb 24 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Thu Feb 20 2003 Jonathan Blandford <jrb(a)redhat.com> 2:1.2.2-12
- add Provides: libpng.so.3, #67007
* Fri Jan 24 2003 Jonathan Blandford <jrb(a)redhat.com>
- change requires to include the Epoch
* Thu Jan 23 2003 Karsten Hopp <karsten(a)redhat.de> 2:1.2.2-11
- Bump & rebuild
* Wed Jan 22 2003 Tim Powers <timp(a)redhat.com>
- rebuilt
* Wed Jan 15 2003 Elliot Lee <sopwith(a)redhat.com> 2:1.2.2-9
- Bump & rebuild
* Thu Dec 12 2002 Tim Powers <timp(a)redhat.com> 2:1.2.2-7
- merge changes in from -6hammer
* Fri Jun 21 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Thu May 23 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Tue May 07 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.2-4
- Don't own /usr/lib/pkgconfig
- Don't strip library, that's up to rpm
* Tue May 07 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.2-3
- Forgot png.h
* Mon May 06 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.2-2
- Fix compatibility with everyone else.
* Thu May 02 2002 Havoc Pennington <hp(a)redhat.com>
- 1.2.2 plus makefile patches tarball
- update file list to contain versioned libpng only
* Wed Jan 09 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Mon Dec 17 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.1-1
- 1.2.1
* Wed Sep 19 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.2.0-1
- 1.2.0
* Mon Jul 16 2001 Trond Eivind Glomsrød <teg(a)redhat.com>
- s/Copyright/License/
- fix weird versioning system (epoch was set to "2" in the main
package, serial to "1" in the devel package. Huh?)
* Wed Jun 20 2001 Than Ngo <than(a)redhat.com> 1.0.12-1
- update to 1.0.12
- add missing libpng symlink
* Thu May 03 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.11-2
- libpng-devel requires zlib-devel (since png.h includes zlib.h)
(#38883)
* Wed May 02 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.11-1
- 1.0.11
* Sun Apr 15 2001 Bernhard Rosenkraenzer <bero(a)redhat.com>
- 1.0.10
* Tue Feb 06 2001 Bernhard Rosenkraenzer <bero(a)redhat.com>
- 1.0.9, fixes Mozilla problems
* Tue Dec 12 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- Rebuild to get rid of 0777 dirs
* Wed Nov 15 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- Remove the workaround for Bug #20018 (from Oct 30).
Qt 2.2.2 fixes the problem the workaround addressed.
* Mon Oct 30 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- Work around a problem causing konqueror to segfault in image preview
mode (Bug #20018)
- Copy SuSE 7.0's patch to handle bad chunks
* Sun Sep 03 2000 Florian La Roche <Florian.LaRoche(a)redhat.de>
- only include the man5 man-pages once in the main rpm
* Fri Jul 28 2000 Preston Brown <pbrown(a)redhat.com>
- upgrade to 1.0.8 - fixes small memory leak, other bugs
* Thu Jul 13 2000 Prospector <bugzilla(a)redhat.com>
- automatic rebuild
* Mon Jun 19 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- patchlevel c
- FHSify
* Tue Mar 21 2000 Nalin Dahyabhai <nalin(a)redhat.com>
- update to 1.0.6
* Mon Mar 13 2000 Nalin Dahyabhai <nalin(a)redhat.com>
- change serial to Epoch to get dependencies working correctly
* Fri Feb 11 2000 Nalin Dahyabhai <nalin(a)redhat.com>
- move buildroot and add URL
* Sat Feb 05 2000 Bernhard Rosenkränzer <bero(a)redhat.com>
- strip library
- rebuild to compress man pages
* Sun Nov 21 1999 Bernhard Rosenkränzer <bero(a)redhat.com>
- 1.0.5
- some tweaks to spec file to make updating easier
- handle RPM_OPT_FLAGS
* Mon Sep 20 1999 Matt Wilson <msw(a)redhat.com>
- changed requires in libpng-devel to include serial
- corrected typo
* Sun Mar 21 1999 Cristian Gafton <gafton(a)redhat.com>
- auto rebuild in the new build environment (release 2)
* Sun Feb 07 1999 Michael Johnson <johnsonm(a)redhat.com>
- rev to 1.0.3
* Thu Dec 17 1998 Cristian Gafton <gafton(a)redhat.com>
- build for 6.0
* Wed Sep 23 1998 Cristian Gafton <gafton(a)redhat.com>
- we are Serial: 1 now because we are reverting the 1.0.2 version from
5.2
beta to this prior one
- install man pages; set defattr defaults
* Thu May 07 1998 Prospector System <bugs(a)redhat.com>
- translations modified for de, fr, tr
* Thu Apr 30 1998 Cristian Gafton <gafton(a)redhat.com>
- devel subpackage moved to Development/Libraries
* Wed Apr 08 1998 Cristian Gafton <gafton(a)redhat.com>
- upgraded to 1.0.1
- added buildroot
* Tue Oct 14 1997 Donnie Barnes <djb(a)redhat.com>
- updated to new version
- spec file cleanups
* Thu Jul 10 1997 Erik Troan <ewt(a)redhat.com>
- built against glibc
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
ddfaeadf308bfc528f769bee9b8af3e4 SRPMS/libpng-1.2.5-7.src.rpm
79d2c07cc01280b88df13a2846d28376 x86_64/libpng-1.2.5-7.x86_64.rpm
4bbf88bfefecfeeb99a70a50201d2804 x86_64/libpng-devel-1.2.5-7.x86_64.rpm
fa4ad0f9b024f15f7f79012f31914ce3
x86_64/debug/libpng-debuginfo-1.2.5-7.x86_64.rpm
81fcd51814f7d428eb8898a635412896 x86_64/libpng-1.2.5-7.i386.rpm
81fcd51814f7d428eb8898a635412896 i386/libpng-1.2.5-7.i386.rpm
c618312ab7b8a520a92aa8c56048f0a8 i386/libpng-devel-1.2.5-7.i386.rpm
99d64e601f653ad889452841efa883f5
i386/debug/libpng-debuginfo-1.2.5-7.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-236
2004-08-04
---------------------------------------------------------------------
Product : Fedora Core 1
Name : libpng10
Version : 1.0.15
Release : 7
Summary : Old version of libpng, needed to run old binaries.
Description :
The libpng10 package contains an old version of libpng, a library of
functions for creating and manipulating PNG (Portable Network Graphics)
image format files.
This package is needed if you want to run binaries that were linked
dynamically with libpng 1.0.x.
---------------------------------------------------------------------
Update Information:
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
During a source code audit, Chris Evans discovered several buffer
overflows in libpng. An attacker could create a carefully crafted PNG
file in such a way that it would cause an application linked with libpng
to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference
in libpng (CAN-2004-0598) and several integer overflow issues
(CAN-2004-0599). An attacker could create a carefully crafted PNG file
in such a way that it would cause an application linked with libpng to
crash when the file was opened by the victim.
Red Hat would like to thank Chris Evans for discovering these issues.
---------------------------------------------------------------------
* Fri Jul 23 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.15-7
- Replace the patches for individual security problems with the
cumulative patch issued by the png developers.
- Build for FC1
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 1.0.15-5
- Rebuilt for FC2
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 1.0.15-4
- Rebuilt for FC1
* Mon Jun 14 2004 Matthias Clasen <mclasen(a)redhat.com> - 1.0.15-3
- Reinstate and improve the transfix patch which got lost sometime ago,
but is still needed for CAN-2002-1363 (#125934)
* Wed May 19 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.15-2
- Don't provide libpng-devel (#110161)
* Wed May 19 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.15-1
- 1.0.15
- Update rhconf2 patch
- Remove bogus badchunks patch (#89854)
* Mon May 03 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.13-13
- Redo the out-of-bounds fix in a slightly better way.
* Wed Apr 21 2004 Matthias Clasen <mclasen(a)redhat.com> 1.0.13-12
- Bump release number to disambiguate n-v-rs.
* Mon Apr 19 2004 Matthias Clasen <mclasen(a)redhat.com>
- fix a possible out-of-bounds read in the error message
handler. #121229
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon Jun 09 2003 Elliot Lee <sopwith(a)redhat.com>
- This package has no epochs! remove usage thereof
* Wed Jun 04 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Tue Jun 03 2003 Jeff Johnson <jbj(a)redhat.com>
- add explicit epoch's where needed.
* Wed Jan 22 2003 Tim Powers <timp(a)redhat.com>
- rebuilt
* Wed Jan 15 2003 Elliot Lee <sopwith(a)redhat.com> 1.0.13-7
- Bump & rebuild
* Fri Dec 13 2002 Elliot Lee <sopwith(a)redhat.com> 1.0.13-6
- Rebuild, merging in multilib change
* Fri Jun 21 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Sun May 26 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Tue May 21 2002 Elliot Lee <sopwith(a)redhat.com> 1.0.13-3
- The package totally broke the backwards compatibility that it was
intended to provide.
Fixed by setting soname to libpng.so.2, and only tweaking the build
(libpng*.{so,a}) files.
- Use _smp_mflags
- Fix rhconf patch because it was patching a symlink instead of the
actual file.
- Don't provide libpng = {version}, because then the package conflicts
with itself
* Thu May 09 2002 Jeremy Katz <katzj(a)redhat.com> 1.0.13-2
- rebuild
* Thu May 02 2002 Havoc Pennington <hp(a)redhat.com> 1.0.13-1
- upgrade to 1.0.13, plus patch tarball from libpng web site
- update rhconf patch to work with new makefiles
* Mon Mar 04 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.12-6
- Revert fix for #59988 as it introduces a worse problem, #60410
* Tue Feb 26 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.12-5
- Conflict with libpng < 1.2.0 (#59988)
* Wed Jan 30 2002 Bill Nottingham <notting(a)redhat.com> 1.0.12-4
- provide libpng = %{version}, libpng-devel = %{version}
* Wed Jan 09 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Fri Jan 04 2002 Bill Nottingham <notting(a)redhat.com> 1.0.12-2
- add devel stuff (we may change this around later)
* Wed Sep 19 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.0.12-1
- initial compat package
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
748a5bae718537c066affeab55f8cd13 SRPMS/libpng10-1.0.15-7.src.rpm
2a700f1c32460cd298338eb9ea8eff2f x86_64/libpng10-1.0.15-7.x86_64.rpm
6fd56ffb02374f63a6babfce021bf726
x86_64/libpng10-devel-1.0.15-7.x86_64.rpm
b7413234354a1bb0b0f450a55501ecf3
x86_64/debug/libpng10-debuginfo-1.0.15-7.x86_64.rpm
76795623a70bc6724f03205acce15e63 i386/libpng10-1.0.15-7.i386.rpm
4cbe2c20bb6738d3f1a7674a413218ca i386/libpng10-devel-1.0.15-7.i386.rpm
bfbb7f83ca69dac0aa25345ca74ad4b7
i386/debug/libpng10-debuginfo-1.0.15-7.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-247
2004-08-03
---------------------------------------------------------------------
Product : Fedora Core 2
Name : kernel
Version : 2.6.7
Release : 1.494.2.2
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
---------------------------------------------------------------------
Update Information:
This update kernel for Fedora Core 2 contains the security fixes as found by
Paul Starzetz from isec.pl. In addition this kernel contains a significant
number of bugfixes that are inherited from the newer kernel.org kernel this
release is based on.
---------------------------------------------------------------------
* Wed Aug 04 2004 Arjan van de Ven <arjanv(a)redhat.com>
- fix ppos races
* Sat Jul 17 2004 Arjan van de Ven <arjanv(a)redhat.com>
- ppc32 embedded updates
* Fri Jul 16 2004 Arjan van de Ven <arjanv(a)redhat.com>
- make USB modules again and add Alan's real fix for the SMM-meets-USB bug
- 2.6.8-rc1-bk4
* Thu Jul 15 2004 Arjan van de Ven <arjanv(a)redhat.com>
- 2.6.8-rc1-bk3
* Wed Jul 14 2004 Arjan van de Ven <arjanv(a)redhat.com>
- add "enforcemodulesig" boot option to make the kernel load signed modules only
* Tue Jul 13 2004 Arjan van de Ven <arjanv(a)redhat.com>
- updated voluntary preempt
- 2.6.8-rc1
* Thu Jul 08 2004 Arjan van de Ven <arjanv(a)redhat.com>
- fix boot breakage that was hitting lots of people (Dave Jones)
* Wed Jul 07 2004 Arjan van de Ven <arjanv(a)redhat.com>
- add voluntary preemption patch from Ingo
- 2.6.7-bk19
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
7c34ff18c58199a9559e41e0a89989f1 SRPMS/kernel-2.6.7-1.494.2.2.src.rpm
2e5ad2234291cbae1717808e5e6b1091 x86_64/kernel-2.6.7-1.494.2.2.x86_64.rpm
8cad3b767b875d9eda43d28e0fe44dcc x86_64/kernel-smp-2.6.7-1.494.2.2.x86_64.rpm
b440fc206a2107c88ffbfda43d9de2ef x86_64/debug/kernel-debuginfo-2.6.7-1.494.2.2.x86_64.rpm
7fc266322f905637c9d4cb13968c5d00 x86_64/kernel-sourcecode-2.6.7-1.494.2.2.noarch.rpm
c74e6ec7c9b3cc8bd0e37792aa6d0ba9 x86_64/kernel-doc-2.6.7-1.494.2.2.noarch.rpm
e49810ed1e33f0be9841724e57da67dd i386/kernel-2.6.7-1.494.2.2.i586.rpm
866a4597feb9f75d8e9b44ac18e4e498 i386/kernel-smp-2.6.7-1.494.2.2.i586.rpm
2f3fe2937733e54dbdc40a920d310b21 i386/debug/kernel-debuginfo-2.6.7-1.494.2.2.i586.rpm
d9edea58c35389d004397c10bcb95892 i386/kernel-2.6.7-1.494.2.2.i686.rpm
53ab1cccbb9e5d1db4f41484a04cfc4e i386/kernel-smp-2.6.7-1.494.2.2.i686.rpm
b06b13774f0320c064f16340757c053e i386/debug/kernel-debuginfo-2.6.7-1.494.2.2.i686.rpm
7fc266322f905637c9d4cb13968c5d00 i386/kernel-sourcecode-2.6.7-1.494.2.2.noarch.rpm
c74e6ec7c9b3cc8bd0e37792aa6d0ba9 i386/kernel-doc-2.6.7-1.494.2.2.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------