rpms/freetype-freeworld/F-18 freetype-2.4.10-CVE-2012-5669.patch, NONE, 1.1 freetype-freeworld.spec, 1.25, 1.26

Author: kkofler Update of /cvs/free/rpms/freetype-freeworld/F-18 In directory old02.ovh.rpmfusion.lan:/tmp/cvs-serv5782/F-18 Modified Files: freetype-freeworld.spec Added Files: freetype-2.4.10-CVE-2012-5669.patch Log Message: * Fri Jan 25 2013 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.10-2 - Add freetype-2.4.10-CVE-2012-5669.patch from Fedora freetype (rh#903554) freetype-2.4.10-CVE-2012-5669.patch: bdflib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- NEW FILE freetype-2.4.10-CVE-2012-5669.patch --- --- a/src/bdf/bdflib.c +++ b/src/bdf/bdflib.c @@ -1628,8 +1628,9 @@ /* Check that the encoding is in the Unicode range because */ /* otherwise p->have (a bitmap with static size) overflows. */ - if ( p->glyph_enc > 0 && - (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 ) + if ( p->glyph_enc > 0 && + (size_t)p->glyph_enc >= sizeof ( p->have ) / + sizeof ( unsigned long ) * 32 ) { FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" )); error = BDF_Err_Invalid_File_Format; Index: freetype-freeworld.spec =================================================================== RCS file: /cvs/free/rpms/freetype-freeworld/F-18/freetype-freeworld.spec,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- freetype-freeworld.spec 16 Jul 2012 20:16:57 -0000 1.25 +++ freetype-freeworld.spec 25 Jan 2013 00:22:44 -0000 1.26 @@ -1,7 +1,7 @@ Summary: A free and portable font rendering engine Name: freetype-freeworld Version: 2.4.10 -Release: 1%{?dist} +Release: 2%{?dist} License: FTL or GPLv2+ Group: System Environment/Libraries URL: http://www.freetype.org @@ -12,6 +12,10 @@ # Enable otvalid and gxvalid modules Patch46: freetype-2.2.1-enable-valid.patch +# Security patches +# https://bugzilla.redhat.com/show_bug.cgi?id=903554 +Patch89: freetype-2.4.10-CVE-2012-5669.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) Provides: freetype-bytecode @@ -39,6 +43,8 @@ %patch46 -p1 -b .enable-valid +%patch89 -p1 -b .CVE-2012-5669 + %build @@ -83,6 +89,9 @@ %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %changelog +* Fri Jan 25 2013 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.10-2 +- Add freetype-2.4.10-CVE-2012-5669.patch from Fedora freetype (rh#903554) + * Mon Jul 16 2012 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.10-1 - Update to 2.4.10 (matches Fedora freetype, rh#832651) - Drop upstreamed patches (CVE-2012-1139, CVE-2012-1141, backported bugfixes)