From d7328f74886ec3b71bc6be705d1793374944afe0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 07:03:10 -0500 Subject: [PATCH] import fontforge-20170731-15.el8 --- ...-20170731-cve-2020-5395-followup-fix.patch | 28 +++++++++++++++++++ SPECS/fontforge.spec | 8 +++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 SOURCES/fontforge-20170731-cve-2020-5395-followup-fix.patch diff --git a/SOURCES/fontforge-20170731-cve-2020-5395-followup-fix.patch b/SOURCES/fontforge-20170731-cve-2020-5395-followup-fix.patch new file mode 100644 index 0000000..c69bb48 --- /dev/null +++ b/SOURCES/fontforge-20170731-cve-2020-5395-followup-fix.patch @@ -0,0 +1,28 @@ +From b96273acc691ac8a36c6a8dd4de8e6edd7eaae59 Mon Sep 17 00:00:00 2001 +From: Fredrick Brennan +Date: Tue, 21 Jan 2020 15:16:00 +0800 +Subject: [PATCH] Fix crash on exit introduced in previous commit + +When the number of layers is greater than 2, as in Chomsky.sfd and most +of my other fonts, FontForge will crash on exiting. + +This is just a simple mistake @skef made. +--- + fontforge/sfd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index e8ca39ba83..9517d8cb12 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -7998,9 +7998,9 @@ bool SFD_GetFontMetaData( FILE *sfd, + int layer_cnt_tmp; + getint(sfd,&layer_cnt_tmp); + if ( layer_cnt_tmp>2 ) { ++ sf->layer_cnt = layer_cnt_tmp; + sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo)); + memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo)); +- sf->layer_cnt = layer_cnt_tmp; + } + } + else if ( strmatch(tok,"Layer:")==0 ) diff --git a/SPECS/fontforge.spec b/SPECS/fontforge.spec index bb06d1b..1b63c2d 100644 --- a/SPECS/fontforge.spec +++ b/SPECS/fontforge.spec @@ -4,7 +4,7 @@ Name: fontforge Version: %{gittag0} -Release: 14%{?dist} +Release: 15%{?dist} Summary: Outline and bitmap font editor License: GPLv3+ @@ -18,7 +18,10 @@ Patch0: fontforge-20140813-use-system-uthash.patch Patch1: Add-python3-support.patch Patch2: fontforge-20170731-covscan-issue-fix.patch Patch3: fontforge-20170731-override-upstream-optimization-flags-splinerefigure-c.patch +# https://github.com/fontforge/fontforge/issues/4084 Patch4: fontforge-20170731-cve-2020-5395.patch +# https://github.com/fontforge/fontforge/issues/4164 +Patch5: fontforge-20170731-cve-2020-5395-followup-fix.patch Requires: xdg-utils Requires: autotrace @@ -158,6 +161,9 @@ chmod 644 $RPM_BUILD_ROOT%{_datadir}/fontforge/nodejs/collabwebview/js/contentEd %doc htdocs %changelog +* Wed Apr 08 2020 Parag Nemade - 20170731-15 +- Resolves:rh#1821664 - CVE-2020-5395:out-of-bounds write in sfd.c + * Thu Jan 16 2020 Parag Nemade - 20170731-14 - Resolves:rh#1790974 - CVE-2020-5395:out-of-bounds write in sfd.c