rpms/freetype-freeworld/devel freetype-2.4.5-CVE-2011-0226.patch, NONE, 1.1 .cvsignore, 1.9, 1.10 freetype-freeworld.spec, 1.15, 1.16 sources, 1.9, 1.10 freetype-2.4.4-auto-autohint-fix.patch, 1.1, NONE freetype-2.4.4-auto-autohint.patch, 1.1, NONE

Kevin Kofler kkofler at rpmfusion.org
Mon Jul 25 13:17:51 CEST 2011 

Author: kkofler

Update of /cvs/free/rpms/freetype-freeworld/devel
In directory se02.es.rpmfusion.net:/tmp/cvs-serv28480/devel

Modified Files:
	.cvsignore freetype-freeworld.spec sources 
Added Files:
	freetype-2.4.5-CVE-2011-0226.patch 
Removed Files:
	freetype-2.4.4-auto-autohint-fix.patch 
	freetype-2.4.4-auto-autohint.patch 
Log Message:
* Mon Jul 25 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.5-1
- Update to 2.4.5 (matches Fedora freetype)
- Drop upstreamed auto-autohint patches
- Add freetype-2.4.5-CVE-2011-0226.patch from Fedora freetype (rh#723469)
    (Add better argument check for `callothersubr'.)
    - based on patches by Werner Lemberg,
      Alexei Podtelezhnikov and Matthias Drochner

freetype-2.4.5-CVE-2011-0226.patch:
 t1decode.c |   34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

--- NEW FILE freetype-2.4.5-CVE-2011-0226.patch ---
--- freetype-2.4.5/src/psaux/t1decode.c	2010-11-23 19:28:53.000000000 +0100
+++ freetype-2.4.5/src/psaux/t1decode.c	2011-07-20 15:00:39.000000000 +0200
@@ -28,6 +28,8 @@
 
 #include "psauxerr.h"
 
+/* ensure proper sign extension */
+#define Fix2Int( f )  ( (FT_Int)(FT_Short)( (f) >> 16 ) )
 
   /*************************************************************************/
   /*                                                                       */
@@ -662,7 +664,7 @@
         if ( large_int )
           FT_TRACE4(( " %ld", value ));
         else
-          FT_TRACE4(( " %ld", (FT_Int32)( value >> 16 ) ));
+          FT_TRACE4(( " %ld", Fix2Int( value ) ));
 #endif
 
         *top++       = value;
@@ -684,8 +686,8 @@
 
         top -= 2;
 
-        subr_no = (FT_Int)( top[1] >> 16 );
-        arg_cnt = (FT_Int)( top[0] >> 16 );
+        subr_no = Fix2Int( top[1] );
+        arg_cnt = Fix2Int( top[0] );
 
         /***********************************************************/
         /*                                                         */
@@ -862,7 +864,7 @@
             if ( arg_cnt != 1 || blend == NULL )
               goto Unexpected_OtherSubr;
 
-            idx = (FT_Int)( top[0] >> 16 );
+            idx = Fix2Int( top[0] );
 
             if ( idx < 0                                           ||
                  idx + blend->num_designs > decoder->len_buildchar )
@@ -930,7 +932,7 @@
             if ( arg_cnt != 2 || blend == NULL )
               goto Unexpected_OtherSubr;
 
-            idx = (FT_Int)( top[1] >> 16 );
+            idx = Fix2Int( top[1] );
 
             if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )
               goto Unexpected_OtherSubr;
@@ -951,7 +953,7 @@
             if ( arg_cnt != 1 || blend == NULL )
               goto Unexpected_OtherSubr;
 
-            idx = (FT_Int)( top[0] >> 16 );
+            idx = Fix2Int( top[0] );
 
             if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )
               goto Unexpected_OtherSubr;
@@ -1009,11 +1011,15 @@
           break;
 
         default:
-          FT_ERROR(( "t1_decoder_parse_charstrings:"
-                     " unknown othersubr [%d %d], wish me luck\n",
-                     arg_cnt, subr_no ));
-          unknown_othersubr_result_cnt = arg_cnt;
-          break;
+          if ( arg_cnt >= 0 && subr_no >= 0 )
+          {
+            FT_ERROR(( "t1_decoder_parse_charstrings:"
+                       " unknown othersubr [%d %d], wish me luck\n",
+                       arg_cnt, subr_no ));
+            unknown_othersubr_result_cnt = arg_cnt;
+            break;
+          }
+          /* fall through */
 
         Unexpected_OtherSubr:
           FT_ERROR(( "t1_decoder_parse_charstrings:"
@@ -1139,8 +1145,8 @@
                                   top[0],
                                   top[1],
                                   top[2],
-                                  (FT_Int)( top[3] >> 16 ),
-                                  (FT_Int)( top[4] >> 16 ) );
+                                  Fix2Int( top[3] ),
+                                  Fix2Int( top[4] ) );
 
         case op_sbw:
           FT_TRACE4(( " sbw" ));
@@ -1324,7 +1330,7 @@
 
             FT_TRACE4(( " callsubr" ));
 
-            idx = (FT_Int)( top[0] >> 16 );
+            idx = Fix2Int( top[0] );
             if ( idx < 0 || idx >= (FT_Int)decoder->num_subrs )
             {
               FT_ERROR(( "t1_decoder_parse_charstrings:"


Index: .cvsignore
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/devel/.cvsignore,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- .cvsignore	2 Dec 2010 17:21:30 -0000	1.9
+++ .cvsignore	25 Jul 2011 11:17:51 -0000	1.10
@@ -1 +1 @@
-freetype-2.4.4.tar.bz2
+freetype-2.4.5.tar.bz2


Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/devel/freetype-freeworld.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- freetype-freeworld.spec	8 Mar 2011 22:45:11 -0000	1.15
+++ freetype-freeworld.spec	25 Jul 2011 11:17:51 -0000	1.16
@@ -1,7 +1,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype-freeworld
-Version: 2.4.4
-Release: 3%{?dist}
+Version: 2.4.5
+Release: 1%{?dist}
 License: FTL or GPLv2+
 Group: System Environment/Libraries
 URL: http://www.freetype.org
@@ -12,18 +12,9 @@
 # Enable otvalid and gxvalid modules
 Patch46:  freetype-2.2.1-enable-valid.patch
 
-# Security patch
+# Security patches
 Patch89:  freetype-2.4.2-CVE-2010-3311.patch
-
-# Backport from upstream git:
-# Fall back to autohinting if a TTF/OTF doesn't contain any bytecode.
-# Submitted by Kevin Kofler based on a patch from infinality.net, edited and
-# committed by Werner Lemberg.
-# Should be in the next upstream release.
-Patch90:  freetype-2.4.4-auto-autohint.patch
-# Fix the above autohinting fallback: Ignore CFF-based OTFs.
-# Should be in the next upstream release.
-Patch91:  freetype-2.4.4-auto-autohint-fix.patch
+Patch90:  freetype-2.4.5-CVE-2011-0226.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
 
@@ -53,8 +44,7 @@
 %patch46  -p1 -b .enable-valid
 
 %patch89 -p1 -b .CVE-2010-3311
-%patch90 -p1 -b .auto-autohint
-%patch91 -p1 -b .auto-autohint-fix
+%patch90 -p1 -b .CVE-2011-0226
 
 %build
 
@@ -99,6 +89,14 @@
 %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
 
 %changelog
+* Mon Jul 25 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.5-1
+- Update to 2.4.5 (matches Fedora freetype)
+- Drop upstreamed auto-autohint patches
+- Add freetype-2.4.5-CVE-2011-0226.patch from Fedora freetype (rh#723469)
+    (Add better argument check for `callothersubr'.)
+    - based on patches by Werner Lemberg,
+      Alexei Podtelezhnikov and Matthias Drochner
+
 * Tue Mar 08 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.4-3
 - Fix autohinting fallback (rh#547532): Ignore CFF-based OTFs.
 


Index: sources
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/devel/sources,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- sources	2 Dec 2010 17:21:30 -0000	1.9
+++ sources	25 Jul 2011 11:17:51 -0000	1.10
@@ -1 +1 @@
-b3e2b6e2f1c3e0dffa1fd2a0f848b671  freetype-2.4.4.tar.bz2
+90428a6d8ec4876cd1eb94858c2a59b0  freetype-2.4.5.tar.bz2


--- freetype-2.4.4-auto-autohint-fix.patch DELETED ---


--- freetype-2.4.4-auto-autohint.patch DELETED ---

More information about the rpmfusion-commits mailing list