[fontforge/el4/master] Add patch to fix CVE-2010-4259 (fixes #659359)
Kevin Fenzi
kevin at fedoraproject.org
Sat Dec 4 23:01:59 UTC 2010
commit badbc079109886fa4bcb86c8fa3ced729b522ea6
Author: Kevin Fenzi <kevin at tummy.com>
Date: Sat Dec 4 16:01:50 2010 -0700
Add patch to fix CVE-2010-4259 (fixes #659359)
fontforge-20061025-CVE-2010-4259.patch | 50 +++++++++++++++++++++++++
fontforge.spec | 64 +++++++++++++++++++++++++++++--
2 files changed, 109 insertions(+), 5 deletions(-)
---
diff --git a/fontforge-20061025-CVE-2010-4259.patch b/fontforge-20061025-CVE-2010-4259.patch
new file mode 100644
index 0000000..0719761
--- /dev/null
+++ b/fontforge-20061025-CVE-2010-4259.patch
@@ -0,0 +1,50 @@
+--- fontforge/fontforge/fvimportbdf.c 15 Apr 2010 10:47:36 -0000 1.58
++++ fontforge/fontforge/fvimportbdf.c 3 Dec 2010 21:03:38 -0000
+@@ -560,7 +560,7 @@
+ }
+
+ if ( strcmp(tok,"FONT")==0 ) {
+- if ( sscanf(buf,"-%*[^-]-%[^-]-%[^-]-%[^-]-%*[^-]-", family, weight, italic )!=0 ) {
++ if ( sscanf(buf,"-%*[^-]-%99[^-]-%99[^-]-%99[^-]-%*[^-]-", family, weight, italic )!=0 ) {
+ char *pt=buf;
+ int dcnt=0;
+ while ( *pt=='-' && dcnt<7 ) { ++pt; ++dcnt; }
+@@ -616,26 +616,30 @@
+ sscanf(buf, "%d", &defs->metricsset );
+ else if ( strcmp(tok,"VVECTOR")==0 )
+ sscanf(buf, "%*d %d", &defs->vertical_origin );
++ /* For foundry, fontname and encname, only copy up to the buffer size */
+ else if ( strcmp(tok,"FOUNDRY")==0 )
+- sscanf(buf, "%[^\"]", foundry );
++ sscanf(buf, "%99[^\"]", foundry );
+ else if ( strcmp(tok,"FONT_NAME")==0 )
+- sscanf(buf, "%[^\"]", fontname );
++ sscanf(buf, "%99[^\"]", fontname );
+ else if ( strcmp(tok,"CHARSET_REGISTRY")==0 )
+- sscanf(buf, "%[^\"]", encname );
++ sscanf(buf, "%99[^\"]", encname );
+ else if ( strcmp(tok,"CHARSET_ENCODING")==0 ) {
+ enc = 0;
+ if ( sscanf(buf, " %d", &enc )!=1 )
+ sscanf(buf, "%d", &enc );
++ /* These properties should be copied up to the buffer length too */
+ } else if ( strcmp(tok,"FAMILY_NAME")==0 ) {
+- strcpy(family,buf);
++ strncpy(family,buf,99);
+ } else if ( strcmp(tok,"FULL_NAME")==0 || strcmp(tok,"FACE_NAME")==0 ) {
+- strcpy(full,buf);
++ strncpy(full,buf,99);
+ } else if ( strcmp(tok,"WEIGHT_NAME")==0 )
+- strcpy(weight,buf);
++ strncpy(weight,buf,99);
+ else if ( strcmp(tok,"SLANT")==0 )
+- strcpy(italic,buf);
++ strncpy(italic,buf,99);
+ else if ( strcmp(tok,"COPYRIGHT")==0 ) {
+- strcpy(comments,buf);
++ /* LS: Assume the size of the passed-in buffer is 1000, see below in
++ * COMMENT */
++ strncpy(comments,buf,999);
+ found_copyright = true;
+ } else if ( strcmp(tok,"COMMENT")==0 && !found_copyright ) {
+ char *pt = comments+strlen(comments);
diff --git a/fontforge.spec b/fontforge.spec
index 0c0f118..da9016b 100644
--- a/fontforge.spec
+++ b/fontforge.spec
@@ -3,7 +3,7 @@
Name: fontforge
Version: 20061025
-Release: 1%{?dist}
+Release: 3%{?dist}
Summary: Outline and bitmap font editor
Group: Applications/Publishing
@@ -14,6 +14,7 @@ Source1: fontforge.desktop
Source2: http://dl.sf.net/fontforge/fontforge_htdocs-%{docs_version}.tar.bz2
Patch1: fontforge-20061025-usFirstCharIndex.patch
Patch2: fontforge-20061025-fsSel.patch
+Patch3: fontforge-20061025-CVE-2010-4259.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: htmlview
@@ -113,12 +114,65 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/pixmaps/fontforge.png
%{_mandir}/man1/*.1*
+
%changelog
-* Tue May 29 2007 Kevin Fenzi <kevin at tummy.com> - 20061025-1
-- Upgrade to 20061025-1
-- Initial EL build
+* Sat Dec 04 2010 Kevin Fenzi <kevin at tummy.com> - 20061025-3
+- Add patch to fix CVE-2010-4259 (fixes #659359)
+
+* Sat Dec 09 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20061025-2
+- Add patch to fix fsSelection problem with DejaVu ExtraLight
+
+* Sat Nov 25 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20061025-1
+- Update to 20061025
+- Patch to correct usFirstCharIndex (George Williams)
+
+* Fri Oct 20 2006 Kevin Fenzi <kevin at tummy.com> - 20061019-1
+- Update to 20061019
+
+* Thu Oct 05 2006 Christian Iseli <Christian.Iseli at licr.org> 20060822-2
+ - rebuilt for unwind info generation, broken in gcc-4.1.1-21
+
+* Thu Sep 21 2006 Kevin Fenzi <kevin at tummy.com> - 20060822-1
+- Update to 20060822
+- Remove unneeded patch
+- Add flag to compile right with giflib
+
+* Sun Jun 18 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20060125-7
+- Add BuildRequires on gettext, to make sure the package builds in minimal
+ mock environments
+
+* Mon Feb 13 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20060125-6
+- Rebuild for Fedora Extras 5
+
+* Sun Feb 12 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20060125-5
+- Add patch to fix crash (#181052, George Williams)
+
+* Wed Feb 01 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20060125-4
+- Add "BuildRequires:" on libXt-devel and xorg-x11-proto-devel
+
+* Wed Feb 01 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20060125-3
+- Really remove XFree86-devel BuildReq
+
+* Wed Feb 01 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20060125-2
+- Remove XFree86-devel BuildReq
+
+* Wed Feb 01 2006 Roozbeh Pournader <roozbeh at farsiweb.info> - 20060125-1
+- Update to 20060125 (bug #170177)
+- Update docs to 20060114
+- Change versioning to reflect upstream and follow packaging guidelines
+- Provide pfaedit (bug #176548)
+- Use %%{?dist} tag (bug #176472)
+- Add localizations
+- No need to remove CVS subdir: fixed upstream
+- No need to covert man pages to UTF-8: fixed upstream
+- Fixed DOS line terminators
+- Use parallel build
+
+* Sat Jul 30 2005 Owen Taylor <otaylor at redhat.com> - 0.0-2.20050729.fc4
+- Update to 20050729
+- Remove .docview patch, looking for HTMLview is upstream so no longer needed
-* Tue May 10 2005 Owen Taylor <otaylor at redhat.com> - 0.0-2.20050502.fc3
+* Tue May 10 2005 Owen Taylor <otaylor at redhat.com> - 0.0-2.20050502.fc4
- Update to 20050502
- Fix the build to look for the docs where we install them
More information about the fonts-bugs
mailing list