rpms/freetype-freeworld/F-20 freetype-2.5.0-CVE-2014-2240.patch, NONE, 1.1 freetype-2.5.0-CVE-2014-2241.patch, NONE, 1.1 freetype-freeworld.spec, 1.31, 1.32
Kevin Kofler
kkofler at rpmfusion.org
Tue Mar 11 12:31:07 CET 2014
- Previous message: rpms/freetype-freeworld/devel .cvsignore, 1.18, 1.19 freetype-freeworld.spec, 1.34, 1.35 sources, 1.18, 1.19
- Next message: rpms/VirtualBox/devel 39-fix-wrong-vboxvideo_drv-source.patch, NONE, 1.1 .cvsignore, 1.52, 1.53 VirtualBox-4.3.0-VBoxGuestLib.patch, 1.1, 1.2 VirtualBox-4.3.0-libcxx.patch, 1.2, 1.3 VirtualBox-4.3.6-mesa.patch, 1.1, 1.2 VirtualBox.spec, 1.57, 1.58 sources, 1.52, 1.53
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kkofler
Update of /cvs/free/rpms/freetype-freeworld/F-20
In directory old02.ovh.rpmfusion.lan:/tmp/cvs-serv9520/F-20
Modified Files:
freetype-freeworld.spec
Added Files:
freetype-2.5.0-CVE-2014-2240.patch
freetype-2.5.0-CVE-2014-2241.patch
Log Message:
* Tue Mar 11 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.5.0.1-4
- Add freetype-2.5.0-CVE-2014-2240.patch from Fedora freetype (rh#1074647)
(Return when `hintMask' is invalid.)
- Add freetype-2.5.0-CVE-2014-2241.patch from Fedora freetype (rh#1074647)
(Don't call non-existing subroutines.)
freetype-2.5.0-CVE-2014-2240.patch:
cf2hints.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE freetype-2.5.0-CVE-2014-2240.patch ---
>From 0eae6eb0645264c98812f0095e0f5df4541830e6 Mon Sep 17 00:00:00 2001
From: Dave Arnold <darnold at adobe.com>
Date: Fri, 28 Feb 2014 06:40:01 +0000
Subject: Fix Savannah bug #41697, part 1.
* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
invalid. In this case, it is not safe to use the length of
`hStemHintArray'; the exception has already been recorded in
`hintMask'.
---
diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c
index 5f44161..79f84fc 100644
--- a/src/cff/cf2hints.c
+++ b/src/cff/cf2hints.c
@@ -781,6 +781,8 @@
cf2_hintmask_setAll( hintMask,
cf2_arrstack_size( hStemHintArray ) +
cf2_arrstack_size( vStemHintArray ) );
+ if ( !cf2_hintmask_isValid( hintMask ) )
+ return; /* too many stem hints */
}
/* begin by clearing the map */
--
cgit v0.9.0.2
freetype-2.5.0-CVE-2014-2241.patch:
cf2ft.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- NEW FILE freetype-2.5.0-CVE-2014-2241.patch ---
>From 135c3faebb96f8f550bd4f318716f2e1e095a969 Mon Sep 17 00:00:00 2001
From: Dave Arnold <darnold at adobe.com>
Date: Fri, 28 Feb 2014 06:42:42 +0000
Subject: Fix Savannah bug #41697, part 2.
* src/cff/cf2ft.c (cf2_initLocalRegionBuffer,
cf2_initGlobalRegionBuffer): It is possible for a charstring to call
a subroutine if no subroutines exist. This is an error but should
not trigger an assert. Split the assert to account for this.
---
diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c
index df5f8fb..82bac75 100644
--- a/src/cff/cf2ft.c
+++ b/src/cff/cf2ft.c
@@ -521,7 +521,7 @@
CF2_UInt idx,
CF2_Buffer buf )
{
- FT_ASSERT( decoder && decoder->globals );
+ FT_ASSERT( decoder );
FT_ZERO( buf );
@@ -529,6 +529,8 @@
if ( idx >= decoder->num_globals )
return TRUE; /* error */
+ FT_ASSERT( decoder->globals );
+
buf->start =
buf->ptr = decoder->globals[idx];
buf->end = decoder->globals[idx + 1];
@@ -594,7 +596,7 @@
CF2_UInt idx,
CF2_Buffer buf )
{
- FT_ASSERT( decoder && decoder->locals );
+ FT_ASSERT( decoder );
FT_ZERO( buf );
@@ -602,6 +604,8 @@
if ( idx >= decoder->num_locals )
return TRUE; /* error */
+ FT_ASSERT( decoder->locals );
+
buf->start =
buf->ptr = decoder->locals[idx];
buf->end = decoder->locals[idx + 1];
--
cgit v0.9.0.2
Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/F-20/freetype-freeworld.spec,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- freetype-freeworld.spec 30 Sep 2013 08:38:43 -0000 1.31
+++ freetype-freeworld.spec 11 Mar 2014 11:31:07 -0000 1.32
@@ -1,7 +1,7 @@
Summary: A free and portable font rendering engine
Name: freetype-freeworld
Version: 2.5.0.1
-Release: 3%{?dist}
+Release: 4%{?dist}
License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -15,6 +15,11 @@
# https://bugzilla.gnome.org/show_bug.cgi?id=686709
Patch92: 0001-Fix-vertical-size-of-emboldened-glyphs.patch
+## Security fixes:
+# https://bugzilla.gnome.org/show_bug.cgi?id=1074647
+Patch93: freetype-2.5.0-CVE-2014-2240.patch
+Patch94: freetype-2.5.0-CVE-2014-2241.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
Provides: freetype-bytecode
@@ -45,6 +50,9 @@
%patch92 -p1 -b .emboldened-glyphs
+%patch93 -p1 -b .CVE-2014-2240
+%patch94 -p1 -b .CVE-2014-2241
+
%build
@@ -89,7 +97,13 @@
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%changelog
-* Mon Sep 30 2013 Nicolas Chauvet <kwizart at gmail.com> - 2.5.0.1-3
+* Tue Mar 11 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.5.0.1-4
+- Add freetype-2.5.0-CVE-2014-2240.patch from Fedora freetype (rh#1074647)
+ (Return when `hintMask' is invalid.)
+- Add freetype-2.5.0-CVE-2014-2241.patch from Fedora freetype (rh#1074647)
+ (Don't call non-existing subroutines.)
+
+* Mon Sep 30 2013 Nicolas Chauvet <kwizart at gmail.com> 2.5.0.1-3
- Rebuilt
* Sat Sep 21 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.5.0.1-2
- Previous message: rpms/freetype-freeworld/devel .cvsignore, 1.18, 1.19 freetype-freeworld.spec, 1.34, 1.35 sources, 1.18, 1.19
- Next message: rpms/VirtualBox/devel 39-fix-wrong-vboxvideo_drv-source.patch, NONE, 1.1 .cvsignore, 1.52, 1.53 VirtualBox-4.3.0-VBoxGuestLib.patch, 1.1, 1.2 VirtualBox-4.3.0-libcxx.patch, 1.2, 1.3 VirtualBox-4.3.6-mesa.patch, 1.1, 1.2 VirtualBox.spec, 1.57, 1.58 sources, 1.52, 1.53
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the rpmfusion-commits
mailing list