Author: kkofler
Update of /cvs/free/rpms/freetype-freeworld/F-15
In directory se02.es.rpmfusion.net:/tmp/cvs-serv29311/F-15
Modified Files:
freetype-freeworld.spec
Added Files:
freetype-2.4.4-CVE-2011-0226.patch
Log Message:
* Mon Jul 25 2011 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.4.4-4
- Add freetype-2.4.4-CVE-2011-0226.patch from Fedora freetype (rh#723469)
(Add better argument check for `callothersubr'.)
- based on patches by Werner Lemberg,
Alexei Podtelezhnikov and Matthias Drochner
freetype-2.4.4-CVE-2011-0226.patch:
t1decode.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
--- NEW FILE freetype-2.4.4-CVE-2011-0226.patch ---
--- freetype-2.4.4/src/psaux/t1decode.c 2010-11-23 19:28:53.000000000 +0100
+++ freetype-2.4.4/src/psaux/t1decode.c 2011-07-20 14:58:03.000000000 +0200
@@ -28,6 +28,8 @@
#include "psauxerr.h"
+/* ensure proper sign extension */
+#define Fix2Int( f ) ( (FT_Int)(FT_Short)( (f) >> 16 ) )
/*************************************************************************/
/* */
@@ -662,7 +664,7 @@
if ( large_int )
FT_TRACE4(( " %ld", value ));
else
- FT_TRACE4(( " %ld", (FT_Int32)( value >> 16 ) ));
+ FT_TRACE4(( " %ld", Fix2Int( value ) ));
#endif
*top++ = value;
@@ -684,8 +686,8 @@
top -= 2;
- subr_no = (FT_Int)( top[1] >> 16 );
- arg_cnt = (FT_Int)( top[0] >> 16 );
+ subr_no = Fix2Int( top[1] );
+ arg_cnt = Fix2Int( top[0] );
/***********************************************************/
/* */
@@ -862,7 +864,7 @@
if ( arg_cnt != 1 || blend == NULL )
goto Unexpected_OtherSubr;
- idx = (FT_Int)( top[0] >> 16 );
+ idx = Fix2Int( top[0] );
if ( idx < 0 ||
idx + blend->num_designs > decoder->len_buildchar )
@@ -930,7 +932,7 @@
if ( arg_cnt != 2 || blend == NULL )
goto Unexpected_OtherSubr;
- idx = (FT_Int)( top[1] >> 16 );
+ idx = Fix2Int( top[1] );
if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )
goto Unexpected_OtherSubr;
@@ -951,7 +953,7 @@
if ( arg_cnt != 1 || blend == NULL )
goto Unexpected_OtherSubr;
- idx = (FT_Int)( top[0] >> 16 );
+ idx = Fix2Int( top[0] );
if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )
goto Unexpected_OtherSubr;
@@ -1009,11 +1011,15 @@
break;
default:
- FT_ERROR(( "t1_decoder_parse_charstrings:"
- " unknown othersubr [%d %d], wish me luck\n",
- arg_cnt, subr_no ));
- unknown_othersubr_result_cnt = arg_cnt;
- break;
+ if ( arg_cnt >= 0 && subr_no >= 0 )
+ {
+ FT_ERROR(( "t1_decoder_parse_charstrings:"
+ " unknown othersubr [%d %d], wish me luck\n",
+ arg_cnt, subr_no ));
+ unknown_othersubr_result_cnt = arg_cnt;
+ break;
+ }
+ /* fall through */
Unexpected_OtherSubr:
FT_ERROR(( "t1_decoder_parse_charstrings:"
@@ -1139,8 +1145,8 @@
top[0],
top[1],
top[2],
- (FT_Int)( top[3] >> 16 ),
- (FT_Int)( top[4] >> 16 ) );
+ Fix2Int( top[3] ),
+ Fix2Int( top[4] ) );
case op_sbw:
FT_TRACE4(( " sbw" ));
@@ -1324,7 +1330,7 @@
FT_TRACE4(( " callsubr" ));
- idx = (FT_Int)( top[0] >> 16 );
+ idx = Fix2Int( top[0] );
if ( idx < 0 || idx >= (FT_Int)decoder->num_subrs )
{
FT_ERROR(( "t1_decoder_parse_charstrings:"
Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/F-15/freetype-freeworld.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- freetype-freeworld.spec 8 Mar 2011 22:45:11 -0000 1.15
+++ freetype-freeworld.spec 25 Jul 2011 11:25:29 -0000 1.16
@@ -1,7 +1,7 @@
Summary: A free and portable font rendering engine
Name: freetype-freeworld
Version: 2.4.4
-Release: 3%{?dist}
+Release: 4%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL:
http://www.freetype.org
@@ -12,18 +12,19 @@
# Enable otvalid and gxvalid modules
Patch46: freetype-2.2.1-enable-valid.patch
-# Security patch
+# Security patches
Patch89: freetype-2.4.2-CVE-2010-3311.patch
+Patch90: freetype-2.4.4-CVE-2011-0226.patch
# Backport from upstream git:
# Fall back to autohinting if a TTF/OTF doesn't contain any bytecode.
# Submitted by Kevin Kofler based on a patch from
infinality.net, edited and
# committed by Werner Lemberg.
# Should be in the next upstream release.
-Patch90: freetype-2.4.4-auto-autohint.patch
+Patch100: freetype-2.4.4-auto-autohint.patch
# Fix the above autohinting fallback: Ignore CFF-based OTFs.
# Should be in the next upstream release.
-Patch91: freetype-2.4.4-auto-autohint-fix.patch
+Patch101: freetype-2.4.4-auto-autohint-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -53,8 +54,10 @@
%patch46 -p1 -b .enable-valid
%patch89 -p1 -b .CVE-2010-3311
-%patch90 -p1 -b .auto-autohint
-%patch91 -p1 -b .auto-autohint-fix
+%patch90 -p1 -b .CVE-2011-0226
+
+%patch100 -p1 -b .auto-autohint
+%patch101 -p1 -b .auto-autohint-fix
%build
@@ -99,6 +102,12 @@
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%changelog
+* Mon Jul 25 2011 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.4.4-4
+- Add freetype-2.4.4-CVE-2011-0226.patch from Fedora freetype (rh#723469)
+ (Add better argument check for `callothersubr'.)
+ - based on patches by Werner Lemberg,
+ Alexei Podtelezhnikov and Matthias Drochner
+
* Tue Mar 08 2011 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.4.4-3
- Fix autohinting fallback (rh#547532): Ignore CFF-based OTFs.