rpms/freetype-freeworld/F-14 freetype-2.4.2-CVE-2011-3439.patch,
NONE, 1.1 freetype-freeworld.spec, 1.15, 1.16
Kevin Kofler
kkofler at rpmfusion.org
Thu Nov 17 18:34:24 CET 2011
- Previous message: rpms/freetype-freeworld/F-15 freetype-2.4.4-CVE-2011-3439.patch,
NONE, 1.1 freetype-freeworld.spec, 1.17, 1.18
- Next message: rpms/audacious-plugins-nonfree/F-16 audacious-plugins-nonfree.spec,
NONE, 1.1 audacious-sid.desktop, NONE, 1.1 .cvsignore, 1.1,
1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kkofler
Update of /cvs/free/rpms/freetype-freeworld/F-14
In directory se02.es.rpmfusion.net:/tmp/cvs-serv26493/F-14
Modified Files:
freetype-freeworld.spec
Added Files:
freetype-2.4.2-CVE-2011-3439.patch
Log Message:
* Thu Nov 17 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.2-8
- Add freetype-2.4.2-CVE-2011-3439.patch from Fedora freetype (rh#753837)
freetype-2.4.2-CVE-2011-3439.patch:
cidload.c | 26 ++++++++++++++++++++++----
1 file changed, 22 insertions(+), 4 deletions(-)
--- NEW FILE freetype-2.4.2-CVE-2011-3439.patch ---
--- freetype-2.4.2/src/cid/cidload.c 2009-07-03 15:28:24.000000000 +0200
+++ freetype-2.4.2/src/cid/cidload.c 2011-11-15 17:37:01.000000000 +0100
@@ -4,7 +4,7 @@
/* */
/* CID-keyed Type1 font loader (body). */
/* */
-/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2009 by */
+/* Copyright 1996-2006, 2009, 2011 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -110,7 +110,7 @@
CID_FaceDict dict;
- if ( parser->num_dict < 0 )
+ if ( parser->num_dict < 0 || parser->num_dict >= cid->num_dicts )
{
FT_ERROR(( "cid_load_keyword: invalid use of `%s'\n",
keyword->ident ));
@@ -158,7 +158,7 @@
FT_Fixed temp_scale;
- if ( parser->num_dict >= 0 )
+ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
{
dict = face->cid.font_dicts + parser->num_dict;
matrix = &dict->font_matrix;
@@ -249,7 +249,7 @@
CID_FaceDict dict;
- if ( parser->num_dict >= 0 )
+ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
{
dict = face->cid.font_dicts + parser->num_dict;
@@ -413,12 +413,25 @@
FT_Byte* p;
+ /* Check for possible overflow. */
+ if ( num_subrs == FT_UINT_MAX )
+ {
+ error = CID_Err_Syntax_Error;
+ goto Fail;
+ }
+
/* reallocate offsets array if needed */
if ( num_subrs + 1 > max_offsets )
{
FT_UInt new_max = FT_PAD_CEIL( num_subrs + 1, 4 );
+ if ( new_max <= max_offsets )
+ {
+ error = CID_Err_Syntax_Error;
+ goto Fail;
+ }
+
if ( FT_RENEW_ARRAY( offsets, max_offsets, new_max ) )
goto Fail;
@@ -436,6 +449,11 @@
FT_FRAME_EXIT();
+ /* offsets must be ordered */
+ for ( count = 1; count <= num_subrs; count++ )
+ if ( offsets[count - 1] > offsets[count] )
+ goto Fail;
+
/* now, compute the size of subrs charstrings, */
/* allocate, and read them */
data_len = offsets[num_subrs] - offsets[0];
Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/F-14/freetype-freeworld.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- freetype-freeworld.spec 23 Oct 2011 00:08:49 -0000 1.15
+++ freetype-freeworld.spec 17 Nov 2011 17:34:23 -0000 1.16
@@ -6,7 +6,7 @@
Summary: A free and portable font rendering engine
Name: freetype-freeworld
Version: 2.4.2
-Release: 7%{?dist}
+Release: 8%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -22,10 +22,10 @@
# Fall back to autohinting if a TTF/OTF doesn't contain any bytecode.
# Submitted by Kevin Kofler based on a patch from infinality.net, edited and
# committed by Werner Lemberg.
-# Should be in the next upstream release.
+# Upstreamed in 2.4.5.
Patch50: freetype-2.4.4-auto-autohint.patch
# Fix the above autohinting fallback: Ignore CFF-based OTFs.
-# Should be in the next upstream release.
+# Upstreamed in 2.4.5.
Patch51: freetype-2.4.4-auto-autohint-fix.patch
# Security patches
@@ -33,6 +33,7 @@
Patch90: freetype-2.4.2-CVE-2010-3855.patch
Patch91: freetype-2.4.2-CVE-2011-0226.patch
Patch92: freetype-2.4.2-CVE-2011-3256.patch
+Patch93: freetype-2.4.2-CVE-2011-3439.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -79,6 +80,7 @@
%patch90 -p1 -b .CVE-2010-3855
%patch91 -p1 -b .CVE-2011-0226
%patch92 -p1 -b .CVE-2011-3256
+%patch93 -p1 -b .CVE-2011-3439
%build
@@ -123,8 +125,11 @@
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%changelog
+* Thu Nov 17 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.2-8
+- Add freetype-2.4.2-CVE-2011-3439.patch from Fedora freetype (rh#753837)
+
* Sun Oct 23 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.2-7
-- Add freetype-2.4.2-CVE-2011-3256.patch from Fedora freetype
+- Add freetype-2.4.2-CVE-2011-3256.patch from Fedora freetype (rh#749174)
(Handle some border cases)
* Mon Jul 25 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.2-6
- Previous message: rpms/freetype-freeworld/F-15 freetype-2.4.4-CVE-2011-3439.patch,
NONE, 1.1 freetype-freeworld.spec, 1.17, 1.18
- Next message: rpms/audacious-plugins-nonfree/F-16 audacious-plugins-nonfree.spec,
NONE, 1.1 audacious-sid.desktop, NONE, 1.1 .cvsignore, 1.1,
1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the rpmfusion-commits
mailing list