Author: kkofler Update of /cvs/free/rpms/freetype-freeworld/F-17 In directory old02.ovh.rpmfusion.lan:/tmp/cvs-serv6172/F-17 Modified Files: freetype-freeworld.spec Added Files: freetype-2.4.8-CVE-2012-5669.patch Log Message: * Fri Jan 25 2013 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.8-4 - Add freetype-2.4.8-CVE-2012-5669.patch from Fedora freetype (rh#903554) freetype-2.4.8-CVE-2012-5669.patch: bdflib.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- NEW FILE freetype-2.4.8-CVE-2012-5669.patch --- --- freetype-2.4.8/src/bdf/bdflib.c 2013-01-24 15:30:15.000000000 +0100 +++ freetype-2.4.8/src/bdf/bdflib.c 2013-01-24 15:30:32.269960403 +0100 @@ -1600,10 +1600,11 @@ if ( p->glyph_enc < -1 ) p->glyph_enc = -1; - /* Check that the encoding is in the range [0,65536] because */ - /* otherwise p->have (a bitmap with static size) overflows. */ - if ( p->glyph_enc > 0 && - (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 ) + /* Check that the encoding is in the Unicode range because */ + /* otherwise p->have (a bitmap with static size) overflows. */ + if ( p->glyph_enc > 0 && + (size_t)p->glyph_enc >= sizeof ( p->have ) / + sizeof ( unsigned long ) * 32 ) { error = BDF_Err_Invalid_File_Format; goto Exit; Index: freetype-freeworld.spec =================================================================== RCS file: /cvs/free/rpms/freetype-freeworld/F-17/freetype-freeworld.spec,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- freetype-freeworld.spec 2 Apr 2012 00:32:55 -0000 1.24 +++ freetype-freeworld.spec 25 Jan 2013 00:26:49 -0000 1.25 @@ -1,7 +1,7 @@ Summary: A free and portable font rendering engine Name: freetype-freeworld Version: 2.4.8 -Release: 3%{?dist} +Release: 4%{?dist} License: FTL or GPLv2+ Group: System Environment/Libraries URL: http://www.freetype.org @@ -32,6 +32,8 @@ Patch105: freetype-2.4.8-CVE-2012-1143.patch Patch106: freetype-2.4.8-CVE-2012-1144.patch Patch107: freetype-2.4.8-bdf-overflow.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=903554 +Patch108: freetype-2.4.8-CVE-2012-5669.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) @@ -79,6 +81,7 @@ %patch105 -p1 -b .CVE-2012-1143 %patch106 -p1 -b .CVE-2012-1144 %patch107 -p1 -b .bdf-overflow +%patch108 -p1 -b .CVE-2012-5669 %build @@ -123,6 +126,9 @@ %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %changelog +* Fri Jan 25 2013 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.8-4 +- Add freetype-2.4.8-CVE-2012-5669.patch from Fedora freetype (rh#903554) + * Mon Apr 02 2012 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.4.8-3 - Add security patches from Fedora freetype-2.4.8-3 (rh#806270)