[freetype/f14/master] Security bugfix
mkasik
mkasik at fedoraproject.org
Wed Oct 6 17:03:56 UTC 2010
commit 0c0437d310b2e3c227d12c8d55cbc21533569beb
Author: Marek Kasik <mkasik at redhat.com>
Date: Wed Oct 6 19:00:46 2010 +0200
Security bugfix
Add freetype-2.4.2-CVE-2010-3311.patch
(Don't seek behind end of stream.)
Resolves: #638522
freetype-2.4.2-CVE-2010-3311.patch | 37 ++++++++++++++++++++++++++++++++++++
freetype.spec | 10 ++++++++-
2 files changed, 46 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.2-CVE-2010-3311.patch b/freetype-2.4.2-CVE-2010-3311.patch
new file mode 100644
index 0000000..7f51a95
--- /dev/null
+++ b/freetype-2.4.2-CVE-2010-3311.patch
@@ -0,0 +1,37 @@
+--- freetype-2.4.2/src/base/ftstream.c 2010-08-04 15:52:01.000000000 +0200
++++ freetype-2.4.2/src/base/ftstream.c 2010-10-06 18:47:07.000000000 +0200
+@@ -59,8 +59,17 @@
+ {
+ FT_Error error = FT_Err_Ok;
+
++ /* note that seeking to the first position after the file is valid */
++ if ( pos > stream->size )
++ {
++ FT_ERROR(( "FT_Stream_Seek:"
++ " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
++ pos, stream->size ));
+
+- if ( stream->read )
++ error = FT_Err_Invalid_Stream_Operation;
++ }
++
++ if ( !error && stream->read )
+ {
+ if ( stream->read( stream, pos, 0, 0 ) )
+ {
+@@ -71,15 +80,6 @@
+ error = FT_Err_Invalid_Stream_Operation;
+ }
+ }
+- /* note that seeking to the first position after the file is valid */
+- else if ( pos > stream->size )
+- {
+- FT_ERROR(( "FT_Stream_Seek:"
+- " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
+- pos, stream->size ));
+-
+- error = FT_Err_Invalid_Stream_Operation;
+- }
+
+ if ( !error )
+ stream->pos = pos;
diff --git a/freetype.spec b/freetype.spec
index 3b4bd9f..46c2bbd 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.2
-Release: 2%{?dist}
+Release: 3%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -26,6 +26,8 @@ Patch47: freetype-2.3.11-more-demos.patch
# Fix multilib conflicts
Patch88: freetype-multilib.patch
+Patch89: freetype-2.4.2-CVE-2010-3311.patch
+
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
BuildRequires: libX11-devel
@@ -91,6 +93,7 @@ pushd ft2demos-%{version}
popd
%patch88 -p1 -b .multilib
+%patch89 -p1 -b .CVE-2010-3311
%build
@@ -223,6 +226,11 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Wed Oct 6 2010 Marek Kasik <mkasik at redhat.com> 2.4.2-3
+- Add freetype-2.4.2-CVE-2010-3311.patch
+ (Don't seek behind end of stream.)
+- Resolves: #638522
+
* Fri Aug 6 2010 Matthias Clasen <mclasen at redhat.com> 2.4.2-2
- Fix a thinko, we still want to disable the bytecode interpreter
by default
More information about the fonts-bugs
mailing list