Marek Kasik
parent
2e8929eabb
commit
5e36bb94c7
36
freetype-2.7.1-safety-guard.patch
Normal file
36
freetype-2.7.1-safety-guard.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
|
||||
From: Werner Lemberg <wl@gnu.org>
|
||||
Date: Sun, 26 Mar 2017 08:32:09 +0200
|
||||
Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
|
||||
guard.
|
||||
|
||||
Reported as
|
||||
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
|
||||
---
|
||||
ChangeLog | 8 ++++++++
|
||||
src/psaux/psobjs.c | 8 ++++++++
|
||||
2 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
|
||||
index d18e821a..0baf8368 100644
|
||||
--- a/src/psaux/psobjs.c
|
||||
+++ b/src/psaux/psobjs.c
|
||||
@@ -1718,6 +1718,14 @@
|
||||
first = outline->n_contours <= 1
|
||||
? 0 : outline->contours[outline->n_contours - 2] + 1;
|
||||
|
||||
+ /* in malformed fonts it can happen that a contour was started */
|
||||
+ /* but no points were added */
|
||||
+ if ( outline->n_contours && first == outline->n_points )
|
||||
+ {
|
||||
+ outline->n_contours--;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* We must not include the last point in the path if it */
|
||||
/* is located on the first point. */
|
||||
if ( outline->n_points > 1 )
|
||||
--
|
||||
2.12.2
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: A free and portable font rendering engine
|
||||
Name: freetype
|
||||
Version: 2.7.1
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.freetype.org
|
||||
@ -34,6 +34,9 @@ Patch5: freetype-2.6.5-libtool.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1446500
|
||||
Patch6: freetype-2.7.1-protect-flex-handling.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1446073
|
||||
Patch7: freetype-2.7.1-safety-guard.patch
|
||||
|
||||
|
||||
BuildRequires: libX11-devel
|
||||
BuildRequires: libpng-devel
|
||||
@ -96,6 +99,7 @@ popd
|
||||
%patch4 -p1 -b .freetype-config-prefix
|
||||
%patch5 -p1 -b .libtool
|
||||
%patch6 -p1 -b .protect-flex-handling
|
||||
%patch7 -p1 -b .safety-guard
|
||||
|
||||
%build
|
||||
|
||||
@ -211,6 +215,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Tue May 2 2017 Marek Kasik <mkasik@redhat.com> - 2.7.1-6
|
||||
- Add safety guard (CVE-2017-8287)
|
||||
- Resolves: #1446075
|
||||
|
||||
* Tue May 2 2017 Marek Kasik <mkasik@redhat.com> - 2.7.1-5
|
||||
- Better protect `flex' handling (CVE-2017-8105)
|
||||
- Resolves: #1446502
|
||||
|
||||
Loading…
Reference in New Issue
Block a user