Bug 589990 - pango: rebuild against newer glib2
pango: rebuild against newer glib2
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pango (Show other bugs)
6.0
All Linux
medium Severity medium
: rc
: ---
Assigned To: Behdad Esfahbod
desktop-bugs@redhat.com
:
Depends On: 573966
Blocks: CVE-2009-4012
  Show dependency treegraph
 
Reported: 2010-05-07 09:10 EDT by Tomas Hoger
Modified: 2010-07-23 10:00 EDT (History)
3 users (show)

See Also:
Fixed In Version: pango-1.28.1-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-23 09:39:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2010-05-07 09:10:44 EDT
Description of problem:
pango should be rebuilt against new glib2 package version (>= glib2-2.22.5-2.el6) that have g_new version with guards against integer overflows.

This is needed for:
  https://bugzilla.redhat.com/show_bug.cgi?id=554416#c7

Protections to g_new were added via:
  https://bugzilla.redhat.com/show_bug.cgi?id=573966

Additional info:
Rebuild should address existing blocker bug #573883 too.
Comment 1 Tomas Pelka 2010-05-27 10:30:51 EDT
Reproducer:
 - check dependency tree (see description).

Giving qa_ack.
Comment 2 Behdad Esfahbod 2010-06-15 13:38:48 EDT
Built pango-1.28.1-1.el6.
Comment 3 Tomas Pelka 2010-06-16 05:05:26 EDT
# rpm -qpR pango-1.28.1-1.el6.x86_64.rpm | grep glib2
glib2 >= 2.17.3-1

Shouldn't be this switched for glib2 >= 2.22 or so?

My system have glib2-2.22.5-3.el6, new pango is successfully installable and works fine.

Is this sufficient reproducer? If yes we could move to verified.
Comment 4 Vladimir Benes 2010-07-15 07:12:59 EDT
please update glib dependency to >=glib2-2.22.5-2.el6 as (according to bug 573966) the wanted behaviour was added into that version.
Comment 5 Matthias Clasen 2010-07-15 07:28:56 EDT
There will be no older glib2 than that in RHEL6. So, while it may be more correct to bump it, it is not as if that would prevent anything bad from happening.
Comment 9 Vladimir Benes 2010-07-23 09:39:16 EDT
closing this as not a bug see previous comments. reopen if you think we should do anything more about it
Comment 10 Tomas Hoger 2010-07-23 09:50:11 EDT
I'd say resolution is not correct, as requested rebuild was done.
Comment 11 Vladimir Benes 2010-07-23 10:00:10 EDT
the require from pango-1.28.1-3.el6 is glib2 >= 2.17.3-1 not 2.22 so it wasn't fixed as expected

Note You need to log in before you can comment on or make changes to this bug.