parent
1a9ea0607b
commit
e50e9306ff
3
.gitignore
vendored
3
.gitignore
vendored
@ -22,3 +22,6 @@ ft2demos-2.4.2.tar.bz2
|
||||
/freetype-2.4.8.tar.bz2
|
||||
/freetype-doc-2.4.8.tar.bz2
|
||||
/ft2demos-2.4.8.tar.bz2
|
||||
/freetype-2.4.9.tar.bz2
|
||||
/freetype-doc-2.4.9.tar.bz2
|
||||
/ft2demos-2.4.9.tar.bz2
|
||||
|
11
freetype-2.4.9-CVE-2012-1139.patch
Normal file
11
freetype-2.4.9-CVE-2012-1139.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- a/src/bdf/bdflib.c
|
||||
+++ b/src/bdf/bdflib.c
|
||||
@@ -842,7 +842,7 @@
|
||||
};
|
||||
|
||||
|
||||
-#define isdigok( m, d ) (m[(d) >> 3] & ( 1 << ( (d) & 7 ) ) )
|
||||
+#define isdigok( m, d ) (m[(unsigned char)(d) >> 3] & ( 1 << ( (d) & 7 ) ) )
|
||||
|
||||
|
||||
/* Routine to convert an ASCII string into an unsigned long integer. */
|
10
freetype-2.4.9-CVE-2012-1141.patch
Normal file
10
freetype-2.4.9-CVE-2012-1141.patch
Normal file
@ -0,0 +1,10 @@
|
||||
--- a/src/bdf/bdflib.c
|
||||
+++ b/src/bdf/bdflib.c
|
||||
@@ -569,6 +569,7 @@
|
||||
list->field[1] = (char*)empty;
|
||||
list->field[2] = (char*)empty;
|
||||
list->field[3] = (char*)empty;
|
||||
+ list->field[4] = (char*)empty;
|
||||
}
|
||||
|
||||
/* If the line is empty, then simply return. */
|
88
freetype-2.4.9-incremental-interface.patch
Normal file
88
freetype-2.4.9-incremental-interface.patch
Normal file
@ -0,0 +1,88 @@
|
||||
--- a/src/type1/t1load.c
|
||||
+++ b/src/type1/t1load.c
|
||||
@@ -71,6 +71,13 @@
|
||||
#include "t1errors.h"
|
||||
|
||||
|
||||
+#ifdef FT_CONFIG_OPTION_INCREMENTAL
|
||||
+#define IS_INCREMENTAL ( face->root.internal->incremental_interface != 0 )
|
||||
+#else
|
||||
+#define IS_INCREMENTAL 0
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
/*************************************************************************/
|
||||
/* */
|
||||
/* The macro FT_COMPONENT is used in trace mode. It is an implicit */
|
||||
@@ -1030,7 +1037,8 @@
|
||||
static int
|
||||
read_binary_data( T1_Parser parser,
|
||||
FT_Long* size,
|
||||
- FT_Byte** base )
|
||||
+ FT_Byte** base,
|
||||
+ FT_Bool incremental )
|
||||
{
|
||||
FT_Byte* cur;
|
||||
FT_Byte* limit = parser->root.limit;
|
||||
@@ -1065,8 +1073,12 @@
|
||||
}
|
||||
}
|
||||
|
||||
- FT_ERROR(( "read_binary_data: invalid size field\n" ));
|
||||
- parser->root.error = T1_Err_Invalid_File_Format;
|
||||
+ if( !incremental )
|
||||
+ {
|
||||
+ FT_ERROR(( "read_binary_data: invalid size field\n" ));
|
||||
+ parser->root.error = T1_Err_Invalid_File_Format;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1396,7 +1408,7 @@
|
||||
|
||||
idx = T1_ToInt( parser );
|
||||
|
||||
- if ( !read_binary_data( parser, &size, &base ) )
|
||||
+ if ( !read_binary_data( parser, &size, &base, IS_INCREMENTAL ) )
|
||||
return;
|
||||
|
||||
/* The binary string is followed by one token, e.g. `NP' */
|
||||
@@ -1582,7 +1594,7 @@
|
||||
cur++; /* skip `/' */
|
||||
len = parser->root.cursor - cur;
|
||||
|
||||
- if ( !read_binary_data( parser, &size, &base ) )
|
||||
+ if ( !read_binary_data( parser, &size, &base, IS_INCREMENTAL ) )
|
||||
return;
|
||||
|
||||
/* for some non-standard fonts like `Optima' which provides */
|
||||
@@ -1871,7 +1883,7 @@
|
||||
|
||||
|
||||
parser->root.cursor = start_binary;
|
||||
- if ( !read_binary_data( parser, &s, &b ) )
|
||||
+ if ( !read_binary_data( parser, &s, &b, IS_INCREMENTAL ) )
|
||||
return T1_Err_Invalid_File_Format;
|
||||
have_integer = 0;
|
||||
}
|
||||
@@ -1884,7 +1896,7 @@
|
||||
|
||||
|
||||
parser->root.cursor = start_binary;
|
||||
- if ( !read_binary_data( parser, &s, &b ) )
|
||||
+ if ( !read_binary_data( parser, &s, &b, IS_INCREMENTAL ) )
|
||||
return T1_Err_Invalid_File_Format;
|
||||
have_integer = 0;
|
||||
}
|
||||
@@ -2160,9 +2172,7 @@
|
||||
type1->subrs_len = loader.subrs.lengths;
|
||||
}
|
||||
|
||||
-#ifdef FT_CONFIG_OPTION_INCREMENTAL
|
||||
- if ( !face->root.internal->incremental_interface )
|
||||
-#endif
|
||||
+ if ( !IS_INCREMENTAL )
|
||||
if ( !loader.charstrings.init )
|
||||
{
|
||||
FT_ERROR(( "T1_Open_Face: no `/CharStrings' array in face\n" ));
|
16
freetype-2.4.9-loop-exit-condition.patch
Normal file
16
freetype-2.4.9-loop-exit-condition.patch
Normal file
@ -0,0 +1,16 @@
|
||||
--- a/src/type1/t1load.c
|
||||
+++ b/src/type1/t1load.c
|
||||
@@ -1399,9 +1399,10 @@
|
||||
FT_Byte* base;
|
||||
|
||||
|
||||
- /* If the next token isn't `dup' we are done. */
|
||||
- if ( parser->root.cursor + 4 < parser->root.limit &&
|
||||
- ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 )
|
||||
+ /* If we are out of data, or if the next token isn't `dup', */
|
||||
+ /* we are done. */
|
||||
+ if ( parser->root.cursor + 4 >= parser->root.limit ||
|
||||
+ ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 )
|
||||
break;
|
||||
|
||||
T1_Skip_PS_Token( parser ); /* `dup' */
|
@ -6,8 +6,8 @@
|
||||
|
||||
Summary: A free and portable font rendering engine
|
||||
Name: freetype
|
||||
Version: 2.4.8
|
||||
Release: 2%{?dist}
|
||||
Version: 2.4.9
|
||||
Release: 1%{?dist}
|
||||
License: FTL or GPLv2+
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.freetype.org
|
||||
@ -25,6 +25,15 @@ Patch47: freetype-2.3.11-more-demos.patch
|
||||
# Fix multilib conflicts
|
||||
Patch88: freetype-multilib.patch
|
||||
|
||||
Patch89: freetype-2.4.9-CVE-2012-1139.patch
|
||||
Patch90: freetype-2.4.9-CVE-2012-1141.patch
|
||||
|
||||
# https://savannah.nongnu.org/bugs/?35833
|
||||
Patch91: freetype-2.4.9-loop-exit-condition.patch
|
||||
|
||||
#https://savannah.nongnu.org/bugs/?35847
|
||||
Patch92: freetype-2.4.9-incremental-interface.patch
|
||||
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: libX11-devel
|
||||
@ -84,6 +93,10 @@ pushd ft2demos-%{version}
|
||||
popd
|
||||
|
||||
%patch88 -p1 -b .multilib
|
||||
%patch89 -p1 -b .CVE-2012-1139
|
||||
%patch90 -p1 -b .CVE-2012-1141
|
||||
%patch91 -p1 -b .loop-exit-condition
|
||||
%patch92 -p1 -b .incremental-interface
|
||||
|
||||
%build
|
||||
|
||||
@ -216,6 +229,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%doc docs/tutorial
|
||||
|
||||
%changelog
|
||||
* Fri Mar 30 2012 Marek Kasik <mkasik@redhat.com> 2.4.9-1
|
||||
- Update to 2.4.9
|
||||
- Fixes various CVEs
|
||||
- Resolves: #806270
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.8-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
dbf2caca1d3afd410a29217a9809d397 freetype-2.4.8.tar.bz2
|
||||
538c925059e90be23928b454c14df728 freetype-doc-2.4.8.tar.bz2
|
||||
f44562cf0b434b6dc3488751f82d99ec ft2demos-2.4.8.tar.bz2
|
||||
77a893dae81fd5b896632715ca041179 freetype-2.4.9.tar.bz2
|
||||
39c0881d426db837aa6ff1856e44af86 freetype-doc-2.4.9.tar.bz2
|
||||
52e6a7e7ba4fecd39562199baac6a7d2 ft2demos-2.4.9.tar.bz2
|
||||
|
Loading…
Reference in New Issue
Block a user