Author: kkofler Update of /cvs/free/rpms/freetype-freeworld/devel In directory se02.es.rpmfusion.net:/tmp/cvs-serv30162/devel Modified Files: freetype-freeworld.spec Added Files: freetype-2.4.2-CVE-2010-3311.patch Log Message: * Wed Oct 06 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.2-2 - Add freetype-2.4.2-CVE-2010-3311.patch (Don't seek behind end of stream.) - Resolves: rh#638522 freetype-2.4.2-CVE-2010-3311.patch: ftstream.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) --- NEW FILE freetype-2.4.2-CVE-2010-3311.patch --- --- freetype-2.4.2/src/base/ftstream.c 2010-08-04 15:52:01.000000000 +0200 +++ freetype-2.4.2/src/base/ftstream.c 2010-10-06 18:47:07.000000000 +0200 @@ -59,8 +59,17 @@ { FT_Error error = FT_Err_Ok; + /* note that seeking to the first position after the file is valid */ + if ( pos > stream->size ) + { + FT_ERROR(( "FT_Stream_Seek:" + " invalid i/o; pos = 0x%lx, size = 0x%lx\n", + pos, stream->size )); - if ( stream->read ) + error = FT_Err_Invalid_Stream_Operation; + } + + if ( !error && stream->read ) { if ( stream->read( stream, pos, 0, 0 ) ) { @@ -71,15 +80,6 @@ error = FT_Err_Invalid_Stream_Operation; } } - /* note that seeking to the first position after the file is valid */ - else if ( pos > stream->size ) - { - FT_ERROR(( "FT_Stream_Seek:" - " invalid i/o; pos = 0x%lx, size = 0x%lx\n", - pos, stream->size )); - - error = FT_Err_Invalid_Stream_Operation; - } if ( !error ) stream->pos = pos; Index: freetype-freeworld.spec =================================================================== RCS file: /cvs/free/rpms/freetype-freeworld/devel/freetype-freeworld.spec,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- freetype-freeworld.spec 6 Oct 2010 04:19:35 -0000 1.9 +++ freetype-freeworld.spec 6 Oct 2010 18:21:48 -0000 1.10 @@ -6,7 +6,7 @@ Summary: A free and portable font rendering engine Name: freetype-freeworld Version: 2.4.2 -Release: 1%{?dist} +Release: 2%{?dist} License: FTL or GPLv2+ Group: System Environment/Libraries URL: http://www.freetype.org @@ -18,6 +18,9 @@ # Enable otvalid and gxvalid modules Patch46: freetype-2.2.1-enable-valid.patch +# Security patch +Patch89: freetype-2.4.2-CVE-2010-3311.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) %if !0%{?without_bytecode_interpreter} @@ -57,6 +60,8 @@ %patch46 -p1 -b .enable-valid +%patch89 -p1 -b .CVE-2010-3311 + %build %configure --disable-static @@ -100,6 +105,11 @@ %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %changelog +* Wed Oct 06 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.2-2 +- Add freetype-2.4.2-CVE-2010-3311.patch + (Don't seek behind end of stream.) +- Resolves: rh#638522 + * Wed Oct 06 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.2-1 - Update to 2.4.2 (matches Fedora freetype, fixes several security issues) - Update the description to reflect that the bytecode interpreter was disabled