Author: kkofler
Update of /cvs/free/rpms/freetype-freeworld/F-13
In directory se02.es.rpmfusion.net:/tmp/cvs-serv27043/F-13
Modified Files:
freetype-freeworld.spec
Added Files:
freetype-2.3.11-CVE-2010-3855.patch
Log Message:
* Mon Nov 15 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-4
- Add freetype-2.3.11-CVE-2010-3855.patch
(Protect against invalid `runcnt' values.)
- Resolves: rh#651764
freetype-2.3.11-CVE-2010-3855.patch:
ttgxvar.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE freetype-2.3.11-CVE-2010-3855.patch ---
--- freetype-2.3.11/src/truetype/ttgxvar.c 2009-07-31 18:45:19.000000000 +0200
+++ freetype-2.3.11/src/truetype/ttgxvar.c 2010-11-15 10:26:22.517444003 +0100
@@ -157,7 +157,7 @@
runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
first = points[i++] = FT_GET_USHORT();
- if ( runcnt < 1 )
+ if ( runcnt < 1 || i + runcnt >= n )
goto Exit;
/* first point not included in runcount */
@@ -168,7 +168,7 @@
{
first = points[i++] = FT_GET_BYTE();
- if ( runcnt < 1 )
+ if ( runcnt < 1 || i + runcnt >= n )
goto Exit;
for ( j = 0; j < runcnt; ++j )
Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/F-13/freetype-freeworld.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- freetype-freeworld.spec 5 Oct 2010 14:46:16 -0000 1.11
+++ freetype-freeworld.spec 15 Nov 2010 12:46:19 -0000 1.12
@@ -8,7 +8,7 @@
Summary: A free and portable font rendering engine
Name: freetype-freeworld
Version: 2.3.11
-Release: 3%{?dist}
+Release: 4%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL:
http://www.freetype.org
@@ -31,6 +31,7 @@
Patch98: freetype-2.3.11-CVE-2010-2806.patch
Patch99: freetype-2.3.11-CVE-2010-2808.patch
Patch100: freetype-2.3.11-CVE-2010-3311.patch
+Patch101: freetype-2.3.11-CVE-2010-3855.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -81,6 +82,7 @@
%patch98 -p1 -b .CVE-2010-2806
%patch99 -p1 -b .CVE-2010-2808
%patch100 -p1 -b .CVE-2010-3311
+%patch101 -p1 -b .CVE-2010-3855
%build
@@ -125,6 +127,11 @@
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%changelog
+* Mon Nov 15 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-4
+- Add freetype-2.3.11-CVE-2010-3855.patch
+ (Protect against invalid `runcnt' values.)
+- Resolves: rh#651764
+
* Tue Oct 05 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-3
- Update the description to reflect that the bytecode interpreter was disabled
in Fedora again.