[freetype/f16] Fix CVE-2011-3256
by mkasik
commit 3305e47ac3abec95574f59c8896e6572b9be461b
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Thu Oct 20 17:57:40 2011 +0200
Fix CVE-2011-3256
freetype-2.4.6-CVE-2011-3256.patch | 92 ++++++++++++++++++++++++++++++++++++
freetype.spec | 8 +++-
2 files changed, 99 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.6-CVE-2011-3256.patch b/freetype-2.4.6-CVE-2011-3256.patch
new file mode 100644
index 0000000..795e33c
--- /dev/null
+++ b/freetype-2.4.6-CVE-2011-3256.patch
@@ -0,0 +1,92 @@
+--- freetype-2.4.6/src/base/ftbitmap.c 2011-06-14 23:02:56.000000000 +0200
++++ freetype-2.4.6/src/base/ftbitmap.c 2011-10-20 17:14:17.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* FreeType utility functions for bitmaps (body). */
+ /* */
+-/* Copyright 2004, 2005, 2006, 2007, 2008, 2009 by */
++/* Copyright 2004-2009, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -417,6 +417,10 @@
+
+ target->pitch = source->width + pad;
+
++ if ( target->pitch > 0 &&
++ target->rows > FT_ULONG_MAX / target->pitch )
++ return FT_Err_Invalid_Argument;
++
+ if ( target->rows * target->pitch > old_size &&
+ FT_QREALLOC( target->buffer,
+ old_size, target->rows * target->pitch ) )
+--- freetype-2.4.6/src/psaux/t1decode.c 2011-07-22 05:19:45.000000000 +0200
++++ freetype-2.4.6/src/psaux/t1decode.c 2011-10-20 17:14:17.000000000 +0200
+@@ -764,6 +764,13 @@
+ if ( arg_cnt != 0 )
+ goto Unexpected_OtherSubr;
+
++ if ( decoder->flex_state == 0 )
++ {
++ FT_ERROR(( "t1_decoder_parse_charstrings:"
++ " missing flex start\n" ));
++ goto Syntax_Error;
++ }
++
+ /* note that we should not add a point for index 0; */
+ /* this will move our current position to the flex */
+ /* point without adding any point to the outline */
+--- freetype-2.4.6/src/raster/ftrend1.c 2011-01-15 07:46:16.000000000 +0100
++++ freetype-2.4.6/src/raster/ftrend1.c 2011-10-20 17:14:37.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* The FreeType glyph rasterizer interface (body). */
+ /* */
+-/* Copyright 1996-2001, 2002, 2003, 2005, 2006 by */
++/* Copyright 1996-2003, 2005, 2006, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -25,6 +25,7 @@
+
+ #include "rasterrs.h"
+
++#define FT_USHORT_MAX USHRT_MAX
+
+ /* initialize renderer -- init its raster */
+ static FT_Error
+@@ -176,6 +177,13 @@
+
+ width = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 );
+ height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 );
++
++ if ( width > FT_USHORT_MAX || height > FT_USHORT_MAX )
++ {
++ error = Raster_Err_Invalid_Argument;
++ goto Exit;
++ }
++
+ bitmap = &slot->bitmap;
+ memory = render->root.memory;
+
+--- freetype-2.4.6/src/truetype/ttgxvar.c 2011-06-14 23:02:57.000000000 +0200
++++ freetype-2.4.6/src/truetype/ttgxvar.c 2011-10-20 17:14:17.000000000 +0200
+@@ -4,7 +4,7 @@
+ /* */
+ /* TrueType GX Font Variation loader */
+ /* */
+-/* Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */
++/* Copyright 2004-2011 by */
+ /* David Turner, Robert Wilhelm, Werner Lemberg, and George Williams. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -1474,6 +1474,9 @@
+ {
+ for ( j = 0; j < point_count; ++j )
+ {
++ if ( localpoints[j] >= n_points )
++ continue;
++
+ delta_xy[localpoints[j]].x += FT_MulFix( deltas_x[j], apply );
+ delta_xy[localpoints[j]].y += FT_MulFix( deltas_y[j], apply );
+ }
diff --git a/freetype.spec b/freetype.spec
index f4e86f2..1b29f0d 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -26,6 +26,7 @@ Patch47: freetype-2.3.11-more-demos.patch
Patch88: freetype-multilib.patch
Patch89: freetype-2.4.2-CVE-2010-3311.patch
+Patch90: freetype-2.4.6-CVE-2011-3256.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -87,6 +88,7 @@ popd
%patch88 -p1 -b .multilib
%patch89 -p1 -b .CVE-2010-3311
+%patch90 -p1 -b .CVE-2011-3256
%build
@@ -219,6 +221,10 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.6-2
+- Add freetype-2.4.6-CVE-2011-3256.patch
+ (Handle some border cases)
+
* Thu Aug 4 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.6-1
- Update to 2.4.6
12 years, 7 months
[freetype] Update to 2.4.7
by mkasik
commit 51b59a0154e5fe9c0d043fed5b49fd88310f0a1f
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Thu Oct 20 17:55:50 2011 +0200
Update to 2.4.7
Fixes CVE-2011-3256
Resolves: #747262
.gitignore | 3 +++
freetype.spec | 7 ++++++-
sources | 6 +++---
3 files changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 082208c..a4919f9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,6 @@ ft2demos-2.4.2.tar.bz2
/freetype-2.4.6.tar.bz2
/freetype-doc-2.4.6.tar.bz2
/ft2demos-2.4.6.tar.bz2
+/freetype-2.4.7.tar.bz2
+/freetype-doc-2.4.7.tar.bz2
+/ft2demos-2.4.7.tar.bz2
diff --git a/freetype.spec b/freetype.spec
index f4e86f2..368e766 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -6,7 +6,7 @@
Summary: A free and portable font rendering engine
Name: freetype
-Version: 2.4.6
+Version: 2.4.7
Release: 1%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
@@ -219,6 +219,11 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.7-1
+- Update to 2.4.7
+- Fixes CVE-2011-3256
+- Resolves: #747262
+
* Thu Aug 4 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.6-1
- Update to 2.4.6
diff --git a/sources b/sources
index ac6d839..d8c35c2 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-5e6510613f612809d2d7862592b92ab7 freetype-2.4.6.tar.bz2
-e9ba39c2ca46e887e995d70f03284188 freetype-doc-2.4.6.tar.bz2
-7d777ed105ec393170e007203fa1bbbe ft2demos-2.4.6.tar.bz2
+dbadce8f0c5e70a0b7c51eadf2dd9394 freetype-2.4.7.tar.bz2
+09bfc874435c300252d42b8961564c05 freetype-doc-2.4.7.tar.bz2
+d0118543dfe789bb9fb3b43593b62c05 ft2demos-2.4.7.tar.bz2
12 years, 7 months
[Bug 615723] Package includes non-free fonts
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=615723
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|MODIFIED |ON_QA
--- Comment #8 from Fedora Update System <updates(a)fedoraproject.org> 2011-10-19 22:24:55 EDT ---
Package e16-themes-1.0.1-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing e16-themes-1.0.1-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2011-14621
then log in and leave karma (feedback).
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 7 months