[Bug 752538] gtk2 widgets too "tight"
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=752538
Pierre Ossman <pierre-bugzilla(a)ossman.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |behdad(a)fedoraproject.org,
| |fonts-bugs(a)lists.fedoraproj
| |ect.org,
| |kevin(a)tigcc.ticalc.org,
| |mkasik(a)redhat.com
Component|gtk2 |freetype
AssignedTo|mclasen(a)redhat.com |mkasik(a)redhat.com
--- Comment #5 from Pierre Ossman <pierre-bugzilla(a)ossman.eu> 2011-11-16 06:31:04 EST ---
I'm seeing this in more places, so I'm guessing it has nothing to do with GTK.
Moving to freetype, as I guess that's where things are getting the line spacing
information from.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 5 months
[Bug 742349] ghostscript 9.04 crashes on certain postscript files
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=742349
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Fixed In Version|ghostscript-9.04-5.fc15 |ghostscript-9.04-7.fc16
Resolution| |ERRATA
Last Closed| |2011-11-15 19:31:29
--- Comment #8 from Fedora Update System <updates(a)fedoraproject.org> 2011-11-15 19:31:29 EST ---
ghostscript-9.04-7.fc16 has been pushed to the Fedora 16 stable repository. If
problems still persist, please make note of it in this bug report.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 5 months
[freetype/f14] Fix CVE-2011-3439
by mkasik
commit 405fc055b02d4149c99c8d6b93151ff319d86604
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Tue Nov 15 17:41:05 2011 +0100
Fix CVE-2011-3439
Resolves: #753837
freetype-2.4.2-CVE-2011-3439.patch | 76 ++++++++++++++++++++++++++++++++++++
freetype.spec | 8 +++-
2 files changed, 83 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.2-CVE-2011-3439.patch b/freetype-2.4.2-CVE-2011-3439.patch
new file mode 100644
index 0000000..a2affe2
--- /dev/null
+++ b/freetype-2.4.2-CVE-2011-3439.patch
@@ -0,0 +1,76 @@
+--- freetype-2.4.2/src/cid/cidload.c 2009-07-03 15:28:24.000000000 +0200
++++ freetype-2.4.2/src/cid/cidload.c 2011-11-15 17:37:01.000000000 +0100
+@@ -4,7 +4,7 @@
+ /* */
+ /* CID-keyed Type1 font loader (body). */
+ /* */
+-/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2009 by */
++/* Copyright 1996-2006, 2009, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -110,7 +110,7 @@
+ CID_FaceDict dict;
+
+
+- if ( parser->num_dict < 0 )
++ if ( parser->num_dict < 0 || parser->num_dict >= cid->num_dicts )
+ {
+ FT_ERROR(( "cid_load_keyword: invalid use of `%s'\n",
+ keyword->ident ));
+@@ -158,7 +158,7 @@
+ FT_Fixed temp_scale;
+
+
+- if ( parser->num_dict >= 0 )
++ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
+ {
+ dict = face->cid.font_dicts + parser->num_dict;
+ matrix = &dict->font_matrix;
+@@ -249,7 +249,7 @@
+ CID_FaceDict dict;
+
+
+- if ( parser->num_dict >= 0 )
++ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
+ {
+ dict = face->cid.font_dicts + parser->num_dict;
+
+@@ -413,12 +413,25 @@
+ FT_Byte* p;
+
+
++ /* Check for possible overflow. */
++ if ( num_subrs == FT_UINT_MAX )
++ {
++ error = CID_Err_Syntax_Error;
++ goto Fail;
++ }
++
+ /* reallocate offsets array if needed */
+ if ( num_subrs + 1 > max_offsets )
+ {
+ FT_UInt new_max = FT_PAD_CEIL( num_subrs + 1, 4 );
+
+
++ if ( new_max <= max_offsets )
++ {
++ error = CID_Err_Syntax_Error;
++ goto Fail;
++ }
++
+ if ( FT_RENEW_ARRAY( offsets, max_offsets, new_max ) )
+ goto Fail;
+
+@@ -436,6 +449,11 @@
+
+ FT_FRAME_EXIT();
+
++ /* offsets must be ordered */
++ for ( count = 1; count <= num_subrs; count++ )
++ if ( offsets[count - 1] > offsets[count] )
++ goto Fail;
++
+ /* now, compute the size of subrs charstrings, */
+ /* allocate, and read them */
+ data_len = offsets[num_subrs] - offsets[0];
diff --git a/freetype.spec b/freetype.spec
index 1ed8c5f..825d315 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.2
-Release: 6%{?dist}
+Release: 7%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -30,6 +30,7 @@ Patch89: freetype-2.4.2-CVE-2010-3311.patch
Patch90: freetype-2.4.2-CVE-2010-3855.patch
Patch91: freetype-2.4.2-CVE-2011-0226.patch
Patch92: freetype-2.4.2-CVE-2011-3256.patch
+Patch93: freetype-2.4.2-CVE-2011-3439.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -100,6 +101,7 @@ popd
%patch90 -p1 -b .CVE-2010-3855
%patch91 -p1 -b .CVE-2011-0226
%patch92 -p1 -b .CVE-2011-3256
+%patch93 -p1 -b .CVE-2011-3439
%build
@@ -232,6 +234,10 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Tue Nov 15 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.2-7
+- Fix CVE-2011-3439
+- Resolves: #753837
+
* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.2-6
- Add freetype-2.4.2-CVE-2011-3256.patch
(Handle some border cases)
12 years, 5 months
[freetype/f15] Fix CVE-2011-3439
by mkasik
commit d1e0a644c1930f44c2b24d1124f6db79cfef4361
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Tue Nov 15 17:28:40 2011 +0100
Fix CVE-2011-3439
Resolves: #753837
freetype-2.4.4-CVE-2011-3439.patch | 76 ++++++++++++++++++++++++++++++++++++
freetype.spec | 8 +++-
2 files changed, 83 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.4-CVE-2011-3439.patch b/freetype-2.4.4-CVE-2011-3439.patch
new file mode 100644
index 0000000..cf3ca8b
--- /dev/null
+++ b/freetype-2.4.4-CVE-2011-3439.patch
@@ -0,0 +1,76 @@
+--- freetype-2.4.4/src/cid/cidload.c 2009-07-03 15:28:24.000000000 +0200
++++ freetype-2.4.4/src/cid/cidload.c 2011-11-15 17:25:38.000000000 +0100
+@@ -4,7 +4,7 @@
+ /* */
+ /* CID-keyed Type1 font loader (body). */
+ /* */
+-/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2009 by */
++/* Copyright 1996-2006, 2009, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -110,7 +110,7 @@
+ CID_FaceDict dict;
+
+
+- if ( parser->num_dict < 0 )
++ if ( parser->num_dict < 0 || parser->num_dict >= cid->num_dicts )
+ {
+ FT_ERROR(( "cid_load_keyword: invalid use of `%s'\n",
+ keyword->ident ));
+@@ -158,7 +158,7 @@
+ FT_Fixed temp_scale;
+
+
+- if ( parser->num_dict >= 0 )
++ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
+ {
+ dict = face->cid.font_dicts + parser->num_dict;
+ matrix = &dict->font_matrix;
+@@ -249,7 +249,7 @@
+ CID_FaceDict dict;
+
+
+- if ( parser->num_dict >= 0 )
++ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
+ {
+ dict = face->cid.font_dicts + parser->num_dict;
+
+@@ -413,12 +413,25 @@
+ FT_Byte* p;
+
+
++ /* Check for possible overflow. */
++ if ( num_subrs == FT_UINT_MAX )
++ {
++ error = CID_Err_Syntax_Error;
++ goto Fail;
++ }
++
+ /* reallocate offsets array if needed */
+ if ( num_subrs + 1 > max_offsets )
+ {
+ FT_UInt new_max = FT_PAD_CEIL( num_subrs + 1, 4 );
+
+
++ if ( new_max <= max_offsets )
++ {
++ error = CID_Err_Syntax_Error;
++ goto Fail;
++ }
++
+ if ( FT_RENEW_ARRAY( offsets, max_offsets, new_max ) )
+ goto Fail;
+
+@@ -436,6 +449,11 @@
+
+ FT_FRAME_EXIT();
+
++ /* offsets must be ordered */
++ for ( count = 1; count <= num_subrs; count++ )
++ if ( offsets[count - 1] > offsets[count] )
++ goto Fail;
++
+ /* now, compute the size of subrs charstrings, */
+ /* allocate, and read them */
+ data_len = offsets[num_subrs] - offsets[0];
diff --git a/freetype.spec b/freetype.spec
index 8e7b645..ef33a49 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.4
-Release: 6%{?dist}
+Release: 7%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -30,6 +30,7 @@ Patch90: 0001-Fall-back-to-autohinting-if-a-TTF-OTF-doesn-t-contai.patch
Patch91: 0002-Fix-autohinting-fallback.patch
Patch92: freetype-2.4.4-CVE-2011-0226.patch
Patch93: freetype-2.4.4-CVE-2011-3256.patch
+Patch94: freetype-2.4.4-CVE-2011-3439.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -95,6 +96,7 @@ popd
%patch91 -p1 -b .fix-autohint
%patch92 -p1 -b .CVE-2011-0226
%patch93 -p1 -b .CVE-2011-3256
+%patch94 -p1 -b .CVE-2011-3439
%build
@@ -227,6 +229,10 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Tue Nov 15 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.4-7
+- Fix CVE-2011-3439
+- Resolves: #753837
+
* Thu Oct 20 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.4-6
- Add freetype-2.4.4-CVE-2011-3256.patch
(Handle some border cases)
12 years, 5 months
[freetype/f16] Fix CVE-2011-3439
by mkasik
commit 698eff9cbd1e9385209575f8ddd67215228581df
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Tue Nov 15 17:16:52 2011 +0100
Fix CVE-2011-3439
Resolves: #753837
freetype-2.4.6-CVE-2011-3439.patch | 76 ++++++++++++++++++++++++++++++++++++
freetype.spec | 8 +++-
2 files changed, 83 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.6-CVE-2011-3439.patch b/freetype-2.4.6-CVE-2011-3439.patch
new file mode 100644
index 0000000..5cd5809
--- /dev/null
+++ b/freetype-2.4.6-CVE-2011-3439.patch
@@ -0,0 +1,76 @@
+--- freetype-2.4.6/src/cid/cidload.c 2009-07-03 15:28:24.000000000 +0200
++++ freetype-2.4.6/src/cid/cidload.c 2011-11-15 17:13:06.000000000 +0100
+@@ -4,7 +4,7 @@
+ /* */
+ /* CID-keyed Type1 font loader (body). */
+ /* */
+-/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2009 by */
++/* Copyright 1996-2006, 2009, 2011 by */
+ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
+ /* */
+ /* This file is part of the FreeType project, and may only be used, */
+@@ -110,7 +110,7 @@
+ CID_FaceDict dict;
+
+
+- if ( parser->num_dict < 0 )
++ if ( parser->num_dict < 0 || parser->num_dict >= cid->num_dicts )
+ {
+ FT_ERROR(( "cid_load_keyword: invalid use of `%s'\n",
+ keyword->ident ));
+@@ -158,7 +158,7 @@
+ FT_Fixed temp_scale;
+
+
+- if ( parser->num_dict >= 0 )
++ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
+ {
+ dict = face->cid.font_dicts + parser->num_dict;
+ matrix = &dict->font_matrix;
+@@ -249,7 +249,7 @@
+ CID_FaceDict dict;
+
+
+- if ( parser->num_dict >= 0 )
++ if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts )
+ {
+ dict = face->cid.font_dicts + parser->num_dict;
+
+@@ -413,12 +413,25 @@
+ FT_Byte* p;
+
+
++ /* Check for possible overflow. */
++ if ( num_subrs == FT_UINT_MAX )
++ {
++ error = CID_Err_Syntax_Error;
++ goto Fail;
++ }
++
+ /* reallocate offsets array if needed */
+ if ( num_subrs + 1 > max_offsets )
+ {
+ FT_UInt new_max = FT_PAD_CEIL( num_subrs + 1, 4 );
+
+
++ if ( new_max <= max_offsets )
++ {
++ error = CID_Err_Syntax_Error;
++ goto Fail;
++ }
++
+ if ( FT_RENEW_ARRAY( offsets, max_offsets, new_max ) )
+ goto Fail;
+
+@@ -436,6 +449,11 @@
+
+ FT_FRAME_EXIT();
+
++ /* offsets must be ordered */
++ for ( count = 1; count <= num_subrs; count++ )
++ if ( offsets[count - 1] > offsets[count] )
++ goto Fail;
++
+ /* now, compute the size of subrs charstrings, */
+ /* allocate, and read them */
+ data_len = offsets[num_subrs] - offsets[0];
diff --git a/freetype.spec b/freetype.spec
index 6c9f7a3..d958397 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.6
-Release: 3%{?dist}
+Release: 4%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -27,6 +27,7 @@ Patch88: freetype-multilib.patch
Patch89: freetype-2.4.2-CVE-2010-3311.patch
Patch90: freetype-2.4.6-CVE-2011-3256.patch
+Patch91: freetype-2.4.6-CVE-2011-3439.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -89,6 +90,7 @@ popd
%patch88 -p1 -b .multilib
%patch89 -p1 -b .CVE-2010-3311
%patch90 -p1 -b .CVE-2011-3256
+%patch91 -p1 -b .CVE-2011-3439
%build
@@ -221,6 +223,10 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Tue Nov 15 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.6-4
+- Fix CVE-2011-3439
+- Resolves: #753837
+
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.4.6-3
- Rebuilt for glibc bug#747377
12 years, 5 months
[freetype] Update to 2.4.8
by mkasik
commit f772e1dab7c1a797d124a42c291abdcdedac1fcd
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Tue Nov 15 17:07:58 2011 +0100
Update to 2.4.8
Remove an unneeded patch
.gitignore | 3 ++
freetype-2.4.2-CVE-2010-3311.patch | 37 ------------------------------------
freetype.spec | 11 +++++----
sources | 6 ++--
4 files changed, 12 insertions(+), 45 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index a4919f9..e1f5eb2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,6 @@ ft2demos-2.4.2.tar.bz2
/freetype-2.4.7.tar.bz2
/freetype-doc-2.4.7.tar.bz2
/ft2demos-2.4.7.tar.bz2
+/freetype-2.4.8.tar.bz2
+/freetype-doc-2.4.8.tar.bz2
+/ft2demos-2.4.8.tar.bz2
diff --git a/freetype.spec b/freetype.spec
index b5f8001..9666094 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -6,8 +6,8 @@
Summary: A free and portable font rendering engine
Name: freetype
-Version: 2.4.7
-Release: 2%{?dist}
+Version: 2.4.8
+Release: 1%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -25,8 +25,6 @@ Patch47: freetype-2.3.11-more-demos.patch
# Fix multilib conflicts
Patch88: freetype-multilib.patch
-Patch89: freetype-2.4.2-CVE-2010-3311.patch
-
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
BuildRequires: libX11-devel
@@ -86,7 +84,6 @@ pushd ft2demos-%{version}
popd
%patch88 -p1 -b .multilib
-%patch89 -p1 -b .CVE-2010-3311
%build
@@ -219,6 +216,10 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Tue Nov 15 2011 Marek Kasik <mkasik(a)redhat.com> 2.4.8-1
+- Update to 2.4.8
+- Remove an unneeded patch
+
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.4.7-2
- Rebuilt for glibc bug#747377
diff --git a/sources b/sources
index d8c35c2..0d9f9c5 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-dbadce8f0c5e70a0b7c51eadf2dd9394 freetype-2.4.7.tar.bz2
-09bfc874435c300252d42b8961564c05 freetype-doc-2.4.7.tar.bz2
-d0118543dfe789bb9fb3b43593b62c05 ft2demos-2.4.7.tar.bz2
+dbf2caca1d3afd410a29217a9809d397 freetype-2.4.8.tar.bz2
+538c925059e90be23928b454c14df728 freetype-doc-2.4.8.tar.bz2
+f44562cf0b434b6dc3488751f82d99ec ft2demos-2.4.8.tar.bz2
12 years, 5 months