[Bug 742349] ghostscript 9.04 crashes on certain postscript files
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=742349
Orion Poplawski <orion(a)cora.nwra.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |behdad(a)fedoraproject.org,
| |fonts-bugs(a)lists.fedoraproj
| |ect.org,
| |kevin(a)tigcc.ticalc.org,
| |mkasik(a)redhat.com
Component|ghostscript |freetype
AssignedTo|twaugh(a)redhat.com |mkasik(a)redhat.com
--- Comment #3 from Orion Poplawski <orion(a)cora.nwra.com> 2011-10-28 17:26:03 EDT ---
Assigning to freetype since it seems freetype related and perhaps the
maintainer could shed some insight.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 7 months
[freetype/f16] - Rebuilt for glibc bug#747377
by Dennis Gilmore
commit b01d8766a1228c8cf2537dbc32eeabfc36877ee7
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Wed Oct 26 19:58:53 2011 -0500
- Rebuilt for glibc bug#747377
freetype.spec | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/freetype.spec b/freetype.spec
index 1b29f0d..6c9f7a3 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.6
-Release: 2%{?dist}
+Release: 3%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -221,6 +221,9 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Wed Oct 26 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.4.6-3
+- Rebuilt for glibc bug#747377
+
* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.6-2
- Add freetype-2.4.6-CVE-2011-3256.patch
(Handle some border cases)
12 years, 7 months
[freetype] - Rebuilt for glibc bug#747377
by Dennis Gilmore
commit bba3c2366f80bfcd047b0f5b7e4b805cc9e50725
Author: Dennis Gilmore <dennis(a)ausil.us>
Date: Wed Oct 26 18:46:22 2011 -0500
- Rebuilt for glibc bug#747377
freetype.spec | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/freetype.spec b/freetype.spec
index 368e766..b5f8001 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.7
-Release: 1%{?dist}
+Release: 2%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -219,6 +219,9 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Wed Oct 26 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.4.7-2
+- Rebuilt for glibc bug#747377
+
* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.7-1
- Update to 2.4.7
- Fixes CVE-2011-3256
12 years, 7 months
[Bug 748170] New: fatal error when installing the dejavu-sans-fonts package ... ... installation cannot continue.
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: fatal error when installing the dejavu-sans-fonts package ... ... installation cannot continue.
https://bugzilla.redhat.com/show_bug.cgi?id=748170
Summary: fatal error when installing the dejavu-sans-fonts
package ... ... installation cannot continue.
Product: Fedora
Version: 15
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: dejavu-fonts
AssignedTo: nicolas.mailhot(a)laposte.net
ReportedBy: chanda_somen(a)hotmail.com
QAContact: extras-qa(a)fedoraproject.org
CC: nicolas.mailhot(a)laposte.net, peter(a)thecodergeek.com,
fonts-bugs(a)lists.fedoraproject.org, paul(a)frixxon.co.uk
Classification: Fedora
Story Points: ---
Type: ---
Description of problem:
while installing fedora-15-i386 from dvd media, a fresh installation procedure
always terminates at the msg "fatal error when installing the dejavu-sans-fonts
package ... ... Installation cannot continue."
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:intel e6400 32bit system with 2gb ram.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 7 months
[Bug 747280] New: why are the lohit* fonts installed by default ?
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: why are the lohit* fonts installed by default ?
https://bugzilla.redhat.com/show_bug.cgi?id=747280
Summary: why are the lohit* fonts installed by default ?
Product: Fedora
Version: 15
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: lohit-fonts
AssignedTo: extras-orphan(a)fedoraproject.org
ReportedBy: bugzilla(a)in-egypt.net
QAContact: extras-qa(a)fedoraproject.org
CC: petersen(a)redhat.com, extras-orphan(a)fedoraproject.org,
pnemade(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org,
psatpute(a)redhat.com, i18n-bugs(a)lists.fedoraproject.org
Classification: Fedora
Story Points: ---
Type: ---
Description of problem:
i did a fresh install of f15 and found a whole bunch of lohit* fonts installed.
to get rid of them i had to do a yum erase and it showed the lohit fonts were
not a dependency to any other program
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.do a fresh install
2.rpm -qa | grep lohit
3.
Actual results:
bunch of lohit fonts
Expected results:
no lohit fonts found
Additional info:
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 7 months
[freetype/f14] Fix CVE-2011-3256
by mkasik
commit 7d6b06f1464d76532346b98f20d4fded1a936883
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Thu Oct 20 18:04:08 2011 +0200
Fix CVE-2011-3256
Add freetype-2.4.2-CVE-2011-3256.patch
(Handle some border cases)
- based on patch by Braden Thomas
freetype-2.4.2-CVE-2011-3256.patch | 92 ++++++++++++++++++++++++++++++++++++
freetype.spec | 8 +++-
2 files changed, 99 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.2-CVE-2011-3256.patch b/freetype-2.4.2-CVE-2011-3256.patch
new file mode 100644
index 0000000..19251b9
--- /dev/null
+++ b/freetype-2.4.2-CVE-2011-3256.patch
@@ -0,0 +1,92 @@
+--- freetype-2.4.2/src/base/ftbitmap.c 2009-07-31 18:45:18.000000000 +0200
++++ freetype-2.4.2/src/base/ftbitmap.c 2011-10-20 17:39:09.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* FreeType utility functions for bitmaps (body). */
+ /* */
+-/* Copyright 2004, 2005, 2006, 2007, 2008, 2009 by */
++/* Copyright 2004-2009, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -417,6 +417,10 @@
+
+ target->pitch = source->width + pad;
+
++ if ( target->pitch > 0 &&
++ target->rows > FT_ULONG_MAX / target->pitch )
++ return FT_Err_Invalid_Argument;
++
+ if ( target->rows * target->pitch > old_size &&
+ FT_QREALLOC( target->buffer,
+ old_size, target->rows * target->pitch ) )
+--- freetype-2.4.2/src/psaux/t1decode.c 2011-10-20 17:38:34.000000000 +0200
++++ freetype-2.4.2/src/psaux/t1decode.c 2011-10-20 17:39:09.000000000 +0200
+@@ -754,6 +754,13 @@
+ if ( arg_cnt != 0 )
+ goto Unexpected_OtherSubr;
+
++ if ( decoder->flex_state == 0 )
++ {
++ FT_ERROR(( "t1_decoder_parse_charstrings:"
++ " missing flex start\n" ));
++ goto Syntax_Error;
++ }
++
+ /* note that we should not add a point for index 0; */
+ /* this will move our current position to the flex */
+ /* point without adding any point to the outline */
+--- freetype-2.4.2/src/raster/ftrend1.c 2009-07-03 15:28:24.000000000 +0200
++++ freetype-2.4.2/src/raster/ftrend1.c 2011-10-20 17:39:32.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* The FreeType glyph rasterizer interface (body). */
+ /* */
+-/* Copyright 1996-2001, 2002, 2003, 2005, 2006 by */
++/* Copyright 1996-2003, 2005, 2006, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -25,6 +25,7 @@
+
+ #include "rasterrs.h"
+
++#define FT_USHORT_MAX USHRT_MAX
+
+ /* initialize renderer -- init its raster */
+ static FT_Error
+@@ -168,6 +169,13 @@
+
+ width = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 );
+ height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 );
++
++ if ( width > FT_USHORT_MAX || height > FT_USHORT_MAX )
++ {
++ error = Raster_Err_Invalid_Argument;
++ goto Exit;
++ }
++
+ bitmap = &slot->bitmap;
+ memory = render->root.memory;
+
+--- freetype-2.4.2/src/truetype/ttgxvar.c 2011-10-20 17:38:34.000000000 +0200
++++ freetype-2.4.2/src/truetype/ttgxvar.c 2011-10-20 17:39:09.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* TrueType GX Font Variation loader */
+ /* */
+-/* Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */
++/* Copyright 2004-2011 by */
+ /* David Turner, Robert Wilhelm, Werner Lemberg, and George Williams. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -1474,6 +1474,9 @@
+ {
+ for ( j = 0; j < point_count; ++j )
+ {
++ if ( localpoints[j] >= n_points )
++ continue;
++
+ delta_xy[localpoints[j]].x += FT_MulFix( deltas_x[j], apply );
+ delta_xy[localpoints[j]].y += FT_MulFix( deltas_y[j], apply );
+ }
diff --git a/freetype.spec b/freetype.spec
index 8c8d867..1ed8c5f 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.2
-Release: 5%{?dist}
+Release: 6%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -29,6 +29,7 @@ Patch88: freetype-multilib.patch
Patch89: freetype-2.4.2-CVE-2010-3311.patch
Patch90: freetype-2.4.2-CVE-2010-3855.patch
Patch91: freetype-2.4.2-CVE-2011-0226.patch
+Patch92: freetype-2.4.2-CVE-2011-3256.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -98,6 +99,7 @@ popd
%patch89 -p1 -b .CVE-2010-3311
%patch90 -p1 -b .CVE-2010-3855
%patch91 -p1 -b .CVE-2011-0226
+%patch92 -p1 -b .CVE-2011-3256
%build
@@ -230,6 +232,10 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.2-6
+- Add freetype-2.4.2-CVE-2011-3256.patch
+ (Handle some border cases)
+
* Wed Jul 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.2-5
- Add freetype-2.4.2-CVE-2011-0226.patch
(Add better argument check for `callothersubr'.)
12 years, 7 months
[freetype/f15] Fix CVE-2011-3256
by mkasik
commit 6804c70a5846128ed06cea1d35caf7be979686e4
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Thu Oct 20 18:02:33 2011 +0200
Fix CVE-2011-3256
Add freetype-2.4.4-CVE-2011-3256.patch
(Handle some border cases)
- based on patch by Braden Thomas
freetype-2.4.4-CVE-2011-3256.patch | 92 ++++++++++++++++++++++++++++++++++++
freetype.spec | 9 +++-
2 files changed, 100 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.4-CVE-2011-3256.patch b/freetype-2.4.4-CVE-2011-3256.patch
new file mode 100644
index 0000000..13e9928
--- /dev/null
+++ b/freetype-2.4.4-CVE-2011-3256.patch
@@ -0,0 +1,92 @@
+--- freetype-2.4.4/src/base/ftbitmap.c 2009-07-31 18:45:18.000000000 +0200
++++ freetype-2.4.4/src/base/ftbitmap.c 2011-10-20 17:10:49.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* FreeType utility functions for bitmaps (body). */
+ /* */
+-/* Copyright 2004, 2005, 2006, 2007, 2008, 2009 by */
++/* Copyright 2004-2009, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -417,6 +417,10 @@
+
+ target->pitch = source->width + pad;
+
++ if ( target->pitch > 0 &&
++ target->rows > FT_ULONG_MAX / target->pitch )
++ return FT_Err_Invalid_Argument;
++
+ if ( target->rows * target->pitch > old_size &&
+ FT_QREALLOC( target->buffer,
+ old_size, target->rows * target->pitch ) )
+--- freetype-2.4.4/src/psaux/t1decode.c 2011-10-20 17:08:42.000000000 +0200
++++ freetype-2.4.4/src/psaux/t1decode.c 2011-10-20 17:10:49.000000000 +0200
+@@ -747,6 +747,13 @@
+ if ( arg_cnt != 0 )
+ goto Unexpected_OtherSubr;
+
++ if ( decoder->flex_state == 0 )
++ {
++ FT_ERROR(( "t1_decoder_parse_charstrings:"
++ " missing flex start\n" ));
++ goto Syntax_Error;
++ }
++
+ /* note that we should not add a point for index 0; */
+ /* this will move our current position to the flex */
+ /* point without adding any point to the outline */
+--- freetype-2.4.4/src/raster/ftrend1.c 2009-07-03 15:28:24.000000000 +0200
++++ freetype-2.4.4/src/raster/ftrend1.c 2011-10-20 17:13:47.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* The FreeType glyph rasterizer interface (body). */
+ /* */
+-/* Copyright 1996-2001, 2002, 2003, 2005, 2006 by */
++/* Copyright 1996-2003, 2005, 2006, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -25,6 +25,7 @@
+
+ #include "rasterrs.h"
+
++#define FT_USHORT_MAX USHRT_MAX
+
+ /* initialize renderer -- init its raster */
+ static FT_Error
+@@ -168,6 +169,13 @@
+
+ width = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 );
+ height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 );
++
++ if ( width > FT_USHORT_MAX || height > FT_USHORT_MAX )
++ {
++ error = Raster_Err_Invalid_Argument;
++ goto Exit;
++ }
++
+ bitmap = &slot->bitmap;
+ memory = render->root.memory;
+
+--- freetype-2.4.4/src/truetype/ttgxvar.c 2010-10-12 07:46:44.000000000 +0200
++++ freetype-2.4.4/src/truetype/ttgxvar.c 2011-10-20 17:10:49.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* TrueType GX Font Variation loader */
+ /* */
+-/* Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */
++/* Copyright 2004-2011 by */
+ /* David Turner, Robert Wilhelm, Werner Lemberg, and George Williams. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -1474,6 +1474,9 @@
+ {
+ for ( j = 0; j < point_count; ++j )
+ {
++ if ( localpoints[j] >= n_points )
++ continue;
++
+ delta_xy[localpoints[j]].x += FT_MulFix( deltas_x[j], apply );
+ delta_xy[localpoints[j]].y += FT_MulFix( deltas_y[j], apply );
+ }
diff --git a/freetype.spec b/freetype.spec
index c7a4e74..8e7b645 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.4
-Release: 5%{?dist}
+Release: 6%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -29,6 +29,7 @@ Patch89: freetype-2.4.2-CVE-2010-3311.patch
Patch90: 0001-Fall-back-to-autohinting-if-a-TTF-OTF-doesn-t-contai.patch
Patch91: 0002-Fix-autohinting-fallback.patch
Patch92: freetype-2.4.4-CVE-2011-0226.patch
+Patch93: freetype-2.4.4-CVE-2011-3256.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -93,6 +94,7 @@ popd
%patch90 -p1 -b .auto-autohint
%patch91 -p1 -b .fix-autohint
%patch92 -p1 -b .CVE-2011-0226
+%patch93 -p1 -b .CVE-2011-3256
%build
@@ -225,6 +227,11 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.4-6
+- Add freetype-2.4.4-CVE-2011-3256.patch
+ (Handle some border cases)
+ - based on patch by Braden Thomas
+
* Wed Jul 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.4-5
- Add freetype-2.4.4-CVE-2011-0226.patch
(Add better argument check for `callothersubr'.)
12 years, 7 months
