[freetype/f17] Fix CVE-2012-5669

mkasik mkasik at fedoraproject.org
Thu Jan 24 15:20:48 UTC 2013 

commit 6694ca17e598bf1184e71aee3dcad92eb1a38ecb
Author: Marek Kasik <mkasik at redhat.com>
Date:   Thu Jan 24 16:20:46 2013 +0100

    Fix CVE-2012-5669
    
    Resolves: #903554

 freetype-2.4.8-CVE-2012-5669.patch |   18 ++++++++++++++++++
 freetype.spec                      |   10 +++++++++-
 2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.8-CVE-2012-5669.patch b/freetype-2.4.8-CVE-2012-5669.patch
new file mode 100644
index 0000000..327550c
--- /dev/null
+++ b/freetype-2.4.8-CVE-2012-5669.patch
@@ -0,0 +1,18 @@
+--- freetype-2.4.8/src/bdf/bdflib.c	2013-01-24 15:30:15.000000000 +0100
++++ freetype-2.4.8/src/bdf/bdflib.c	2013-01-24 15:30:32.269960403 +0100
+@@ -1600,10 +1600,11 @@
+       if ( p->glyph_enc < -1 )
+         p->glyph_enc = -1;
+ 
+-      /* Check that the encoding is in the range [0,65536] because */
+-      /* otherwise p->have (a bitmap with static size) overflows.  */
+-      if ( p->glyph_enc > 0                               &&
+-           (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
++      /* Check that the encoding is in the Unicode range because  */
++      /* otherwise p->have (a bitmap with static size) overflows. */
++      if ( p->glyph_enc > 0                                      &&
++           (size_t)p->glyph_enc >= sizeof ( p->have ) /
++                                   sizeof ( unsigned long ) * 32 )
+       {
+         error = BDF_Err_Invalid_File_Format;
+         goto Exit;
diff --git a/freetype.spec b/freetype.spec
index 6c8d404..398e0ab 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype
 Version: 2.4.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: FTL or GPLv2+
 Group: System Environment/Libraries
 URL: http://www.freetype.org
@@ -45,6 +45,9 @@ Patch105:  freetype-2.4.8-CVE-2012-1143.patch
 Patch106:  freetype-2.4.8-CVE-2012-1144.patch
 Patch107:  freetype-2.4.8-bdf-overflow.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=903554
+Patch108:  freetype-2.4.8-CVE-2012-5669.patch
+
 
 Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
 
@@ -124,6 +127,7 @@ popd
 %patch105 -p1 -b .CVE-2012-1143
 %patch106 -p1 -b .CVE-2012-1144
 %patch107 -p1 -b .bdf-overflow
+%patch108 -p1 -b .CVE-2012-5669
 
 %build
 
@@ -256,6 +260,10 @@ rm -rf $RPM_BUILD_ROOT
 %doc docs/tutorial
 
 %changelog
+* Thu Jan 24 2013 Marek Kasik <mkasik at redhat.com> 2.4.8-4
+- Fixes CVE-2012-5669
+- Resolves: #903554
+
 * Fri Mar 30 2012 Marek Kasik <mkasik at redhat.com> 2.4.8-3
 - Fixes various CVEs
 - Resolves: #806270

More information about the fonts-bugs mailing list