rpms/fontforge
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add patch for CVE-2010-4259

Browse Source
This commit is contained in:
Kevin Fenzi 2010-12-04 14:31:18 -07:00
parent 38e424d069
commit 0f49f1f837
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
fontforge-20100501-CVE-2010-4259.patch Normal file
View File

@ -0,0 +1,50 @@
--- fontforge/fontforge/fvimportbdf.c 15 Apr 2010 10:47:36 -0000 1.58
+++ fontforge/fontforge/fvimportbdf.c 3 Dec 2010 21:03:38 -0000
@@ -560,7 +560,7 @@
}
if ( strcmp(tok,"FONT")==0 ) {
- if ( sscanf(buf,"-%*[^-]-%[^-]-%[^-]-%[^-]-%*[^-]-", family, weight, italic )!=0 ) {
+ if ( sscanf(buf,"-%*[^-]-%99[^-]-%99[^-]-%99[^-]-%*[^-]-", family, weight, italic )!=0 ) {
char *pt=buf;
int dcnt=0;
while ( *pt=='-' && dcnt<7 ) { ++pt; ++dcnt; }
@@ -616,26 +616,30 @@
sscanf(buf, "%d", &defs->metricsset );
else if ( strcmp(tok,"VVECTOR")==0 )
sscanf(buf, "%*d %d", &defs->vertical_origin );
+ /* For foundry, fontname and encname, only copy up to the buffer size */
else if ( strcmp(tok,"FOUNDRY")==0 )
- sscanf(buf, "%[^\"]", foundry );
+ sscanf(buf, "%99[^\"]", foundry );
else if ( strcmp(tok,"FONT_NAME")==0 )
- sscanf(buf, "%[^\"]", fontname );
+ sscanf(buf, "%99[^\"]", fontname );
else if ( strcmp(tok,"CHARSET_REGISTRY")==0 )
- sscanf(buf, "%[^\"]", encname );
+ sscanf(buf, "%99[^\"]", encname );
else if ( strcmp(tok,"CHARSET_ENCODING")==0 ) {
enc = 0;
if ( sscanf(buf, " %d", &enc )!=1 )
sscanf(buf, "%d", &enc );
+ /* These properties should be copied up to the buffer length too */
} else if ( strcmp(tok,"FAMILY_NAME")==0 ) {
- strcpy(family,buf);
+ strncpy(family,buf,99);
} else if ( strcmp(tok,"FULL_NAME")==0 || strcmp(tok,"FACE_NAME")==0 ) {
- strcpy(full,buf);
+ strncpy(full,buf,99);
} else if ( strcmp(tok,"WEIGHT_NAME")==0 )
- strcpy(weight,buf);
+ strncpy(weight,buf,99);
else if ( strcmp(tok,"SLANT")==0 )
- strcpy(italic,buf);
+ strncpy(italic,buf,99);
else if ( strcmp(tok,"COPYRIGHT")==0 ) {
- strcpy(comments,buf);
+ /* LS: Assume the size of the passed-in buffer is 1000, see below in
+ * COMMENT */
+ strncpy(comments,buf,999);
found_copyright = true;
} else if ( strcmp(tok,"COMMENT")==0 && !found_copyright ) {
char *pt = comments+strlen(comments);

7
fontforge.spec
View File

@ -5,7 +5,7 @@
Name: fontforge Name: fontforge
Version: 20100501 Version: 20100501
Release: 4%{?dist} Release: 5%{?dist}
Summary: Outline and bitmap font editor Summary: Outline and bitmap font editor
Group: Applications/Publishing Group: Applications/Publishing
@ -19,6 +19,7 @@ Patch1: fontforge-20090224-pythondl.patch
# See Bug https://bugzilla.redhat.com/show_bug.cgi?id=536920 # See Bug https://bugzilla.redhat.com/show_bug.cgi?id=536920
Patch2: fontforge-20100501-splinesets.patch Patch2: fontforge-20100501-splinesets.patch
Patch3: fontforge-20100501-python27.patch Patch3: fontforge-20100501-python27.patch
Patch4: fontforge-20100501-CVE-2010-4259.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: xdg-utils Requires: xdg-utils
@ -62,6 +63,7 @@ to compile applications against fontforge.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
mkdir htdocs mkdir htdocs
tar xjf %{SOURCE2} -C htdocs tar xjf %{SOURCE2} -C htdocs
@ -152,6 +154,9 @@ update-mime-database %{_datadir}/mime &> /dev/null || :
%{_libdir}/pkgconfig/*.pc %{_libdir}/pkgconfig/*.pc
%changelog %changelog
* Sat Dec 04 2010 Kevin Fenzi <kevin@tummy.com> - 20100501-5
- Add patch for CVE-2010-4259
* Wed Jul 28 2010 Kevin Fenzi <kevin@tummy.com> - 20100501-4 * Wed Jul 28 2010 Kevin Fenzi <kevin@tummy.com> - 20100501-4
- Add patch to build with python 2.7 - Add patch to build with python 2.7