Security bugfix

Add freetype-2.4.2-CVE-2010-3311.patch
  (Don't seek behind end of stream.)
Resolves: #638522
This commit is contained in:
Marek Kasik 2010-10-06 19:01:37 +02:00
parent c0025fce13
commit 52636102b5
2 changed files with 46 additions and 1 deletions

View File

@ -0,0 +1,37 @@
--- freetype-2.4.2/src/base/ftstream.c 2010-08-04 15:52:01.000000000 +0200
+++ freetype-2.4.2/src/base/ftstream.c 2010-10-06 18:47:07.000000000 +0200
@@ -59,8 +59,17 @@
{
FT_Error error = FT_Err_Ok;
+ /* note that seeking to the first position after the file is valid */
+ if ( pos > stream->size )
+ {
+ FT_ERROR(( "FT_Stream_Seek:"
+ " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
+ pos, stream->size ));
- if ( stream->read )
+ error = FT_Err_Invalid_Stream_Operation;
+ }
+
+ if ( !error && stream->read )
{
if ( stream->read( stream, pos, 0, 0 ) )
{
@@ -71,15 +80,6 @@
error = FT_Err_Invalid_Stream_Operation;
}
}
- /* note that seeking to the first position after the file is valid */
- else if ( pos > stream->size )
- {
- FT_ERROR(( "FT_Stream_Seek:"
- " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
- pos, stream->size ));
-
- error = FT_Err_Invalid_Stream_Operation;
- }
if ( !error )
stream->pos = pos;

View File

@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.2
Release: 2%{?dist}
Release: 3%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@ -26,6 +26,8 @@ Patch47: freetype-2.3.11-more-demos.patch
# Fix multilib conflicts
Patch88: freetype-multilib.patch
Patch89: freetype-2.4.2-CVE-2010-3311.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
BuildRequires: libX11-devel
@ -91,6 +93,7 @@ pushd ft2demos-%{version}
popd
%patch88 -p1 -b .multilib
%patch89 -p1 -b .CVE-2010-3311
%build
@ -223,6 +226,11 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
* Wed Oct 6 2010 Marek Kasik <mkasik@redhat.com> 2.4.2-3
- Add freetype-2.4.2-CVE-2010-3311.patch
(Don't seek behind end of stream.)
- Resolves: #638522
* Fri Aug 6 2010 Matthias Clasen <mclasen@redhat.com> 2.4.2-2
- Fix a thinko, we still want to disable the bytecode interpreter
by default