rpms/freetype-freeworld/F-18 freetype-2.4.10-CVE-2012-5669.patch, NONE, 1.1 freetype-freeworld.spec, 1.25, 1.26

Kevin Kofler kkofler at rpmfusion.org
Fri Jan 25 01:22:44 CET 2013 

Author: kkofler

Update of /cvs/free/rpms/freetype-freeworld/F-18
In directory old02.ovh.rpmfusion.lan:/tmp/cvs-serv5782/F-18

Modified Files:
	freetype-freeworld.spec 
Added Files:
	freetype-2.4.10-CVE-2012-5669.patch 
Log Message:
* Fri Jan 25 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.10-2
- Add freetype-2.4.10-CVE-2012-5669.patch from Fedora freetype (rh#903554)

freetype-2.4.10-CVE-2012-5669.patch:
 bdflib.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- NEW FILE freetype-2.4.10-CVE-2012-5669.patch ---
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -1628,8 +1628,9 @@
 
       /* Check that the encoding is in the Unicode range because  */
       /* otherwise p->have (a bitmap with static size) overflows. */
-      if ( p->glyph_enc > 0                               &&
-           (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
+      if ( p->glyph_enc > 0                                      &&
+           (size_t)p->glyph_enc >= sizeof ( p->have ) /
+                                   sizeof ( unsigned long ) * 32 )
       {
         FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" ));
         error = BDF_Err_Invalid_File_Format;


Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/F-18/freetype-freeworld.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- freetype-freeworld.spec	16 Jul 2012 20:16:57 -0000	1.25
+++ freetype-freeworld.spec	25 Jan 2013 00:22:44 -0000	1.26
@@ -1,7 +1,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype-freeworld
 Version: 2.4.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: FTL or GPLv2+
 Group: System Environment/Libraries
 URL: http://www.freetype.org
@@ -12,6 +12,10 @@
 # Enable otvalid and gxvalid modules
 Patch46:  freetype-2.2.1-enable-valid.patch
 
+# Security patches
+# https://bugzilla.redhat.com/show_bug.cgi?id=903554
+Patch89:  freetype-2.4.10-CVE-2012-5669.patch
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
 
 Provides: freetype-bytecode
@@ -39,6 +43,8 @@
 
 %patch46  -p1 -b .enable-valid
 
+%patch89 -p1 -b .CVE-2012-5669
+
 
 %build
 
@@ -83,6 +89,9 @@
 %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
 
 %changelog
+* Fri Jan 25 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.10-2
+- Add freetype-2.4.10-CVE-2012-5669.patch from Fedora freetype (rh#903554)
+
 * Mon Jul 16 2012 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.4.10-1
 - Update to 2.4.10 (matches Fedora freetype, rh#832651)
 - Drop upstreamed patches (CVE-2012-1139, CVE-2012-1141, backported bugfixes)

More information about the rpmfusion-commits mailing list