fix for CVE-2015-1258

2015-09-15 11:49:23 -04:00 · 2015-09-15 11:49:23 -04:00 · 4257ff5f4a
commit 4257ff5f4a
parent c5f11b0e79
1 changed files with 5 additions and 2 deletions
--- a/libvpx.spec
+++ b/libvpx.spec
@ -6,7 +6,7 @@
 Name:			libvpx
 Summary:		VP8 Video Codec SDK
 Version:		1.4.0
-Release:		4%{?dist}
+Release:		5%{?dist}
 License:		BSD
 Group:			System Environment/Libraries
 Source0:		https://libvpx.webm.googlecode.com/archive/v%{version}.tar.gz
@ -79,7 +79,7 @@ CROSS=armv7hl-redhat-linux-gnueabi- CHOST=armv7hl-redhat-linux-gnueabi-hardfloat
 %if ! %{generic_target}
 --enable-shared \
 %endif
--prefix=%{_prefix} --libdir=%{_libdir}
+--prefix=%{_prefix} --libdir=%{_libdir} --size-limit=16384x16384

 # Hack our optflags in.
 sed -i "s|-O3|%{optflags}|g" libs-%{vpxtarget}.mk
@ -177,6 +177,9 @@ popd
 %{_bindir}/*

 %changelog
+* Tue Sep 15 2015 Tom Callaway <spot@fedoraproject.org> - 1.4.0-5
+- set --size-limit=16384x16384 to avoid CVE-2015-1258
+
 * Mon Jul 27 2015 Kalev Lember <klember@redhat.com> - 1.4.0-4
 - Package review fixes (#1225648)
 - Update URL