[freetype/f18] Fix CVE-2012-5669
mkasik
mkasik at fedoraproject.org
Thu Jan 24 15:20:55 UTC 2013
commit bd564091f9f63ad1112a4d68f775e46ca11b1f6a
Author: Marek Kasik <mkasik at redhat.com>
Date: Thu Jan 24 16:21:28 2013 +0100
Fix CVE-2012-5669
Resolves: #903554
freetype-2.4.10-CVE-2012-5669.patch | 14 ++++++++++++++
freetype.spec | 10 +++++++++-
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.10-CVE-2012-5669.patch b/freetype-2.4.10-CVE-2012-5669.patch
new file mode 100644
index 0000000..ea4f041
--- /dev/null
+++ b/freetype-2.4.10-CVE-2012-5669.patch
@@ -0,0 +1,14 @@
+--- a/src/bdf/bdflib.c
++++ b/src/bdf/bdflib.c
+@@ -1628,8 +1628,9 @@
+
+ /* Check that the encoding is in the Unicode range because */
+ /* otherwise p->have (a bitmap with static size) overflows. */
+- if ( p->glyph_enc > 0 &&
+- (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
++ if ( p->glyph_enc > 0 &&
++ (size_t)p->glyph_enc >= sizeof ( p->have ) /
++ sizeof ( unsigned long ) * 32 )
+ {
+ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" ));
+ error = BDF_Err_Invalid_File_Format;
diff --git a/freetype.spec b/freetype.spec
index 9b7d47f..6d0c46d 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.10
-Release: 2%{?dist}
+Release: 3%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -25,6 +25,9 @@ Patch47: freetype-2.3.11-more-demos.patch
# Fix multilib conflicts
Patch88: freetype-multilib.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=903554
+Patch89: freetype-2.4.10-CVE-2012-5669.patch
+
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
BuildRequires: libX11-devel
@@ -84,6 +87,7 @@ pushd ft2demos-%{version}
popd
%patch88 -p1 -b .multilib
+%patch89 -p1 -b .CVE-2012-5669
%build
@@ -216,6 +220,10 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Thu Jan 24 2013 Marek Kasik <mkasik at redhat.com> 2.4.10-3
+- Fixes CVE-2012-5669
+- Resolves: #903554
+
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the fonts-bugs
mailing list