packages: freetype/freetype.spec, freetype/freetype-CVE-2010-3855.patch (NE...
draenog
draenog at pld-linux.org
Wed Nov 24 00:14:29 CET 2010
Author: draenog Date: Tue Nov 23 23:14:29 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- patch for CVE-2010-3855
- adapterized
---- Files affected:
packages/freetype:
freetype.spec (1.156 -> 1.157) , freetype-CVE-2010-3855.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/freetype/freetype.spec
diff -u packages/freetype/freetype.spec:1.156 packages/freetype/freetype.spec:1.157
--- packages/freetype/freetype.spec:1.156 Tue Oct 5 10:14:55 2010
+++ packages/freetype/freetype.spec Wed Nov 24 00:14:23 2010
@@ -14,16 +14,17 @@
Summary(uk.UTF-8): Растеризатор шрифтів TrueType
Name: freetype
Version: 2.4.3
-Release: 2
+Release: 3
Epoch: 1
License: GPL or FTL
Group: Libraries
-Source0: http://dl.sourceforge.net/freetype/%{name}-%{version}.tar.bz2
+Source0: http://downloads.sourceforge.net/freetype/%{name}-%{version}.tar.bz2
# Source0-md5: 75ac7082bde7b3805dc5d6bc806fa045
-Source1: http://dl.sourceforge.net/freetype/%{name}-doc-%{version}.tar.bz2
+Source1: http://downloads.sourceforge.net/freetype/%{name}-doc-%{version}.tar.bz2
# Source1-md5: 79a0fa0444eb7f2f46e75cae74c0772d
-Source2: http://dl.sourceforge.net/freetype/ft2demos-%{version}.tar.bz2
+Source2: http://downloads.sourceforge.net/freetype/ft2demos-%{version}.tar.bz2
# Source2-md5: ffc0152660b96ba2126926860e6d7bcc
+Patch0: %{name}-CVE-2010-3855.patch
URL: http://www.freetype.org/
BuildRequires: automake
BuildRequires: python
@@ -188,6 +189,7 @@
%prep
%setup -q -a1 -a2
+%patch0 -p1
%build
CFLAGS="%{rpmcflags} \
@@ -235,7 +237,7 @@
%attr(755,root,root) %{_bindir}/freetype-config
%attr(755,root,root) %{_libdir}/libfreetype.so
%{_libdir}/libfreetype.la
-%{_includedir}/freetype2
+/usr/include/freetype2
%{_includedir}/ft2build.h
%{_aclocaldir}/freetype2.m4
%{_pkgconfigdir}/freetype2.pc
@@ -262,6 +264,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.157 2010/11/23 23:14:23 draenog
+- patch for CVE-2010-3855
+- adapterized
+
Revision 1.156 2010/10/05 08:14:55 glen
- release 2
================================================================
Index: packages/freetype/freetype-CVE-2010-3855.patch
diff -u /dev/null packages/freetype/freetype-CVE-2010-3855.patch:1.1
--- /dev/null Wed Nov 24 00:14:29 2010
+++ packages/freetype/freetype-CVE-2010-3855.patch Wed Nov 24 00:14:23 2010
@@ -0,0 +1,20 @@
+--- freetype-2.4.3/src/truetype/ttgxvar.c 2010-07-12 21:03:49.000000000 +0200
++++ freetype-2.4.3/src/truetype/ttgxvar.c 2010-11-15 10:23:43.856348141 +0100
+@@ -154,7 +154,7 @@
+ runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
+ first = points[i++] = FT_GET_USHORT();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ /* first point not included in runcount */
+@@ -165,7 +165,7 @@
+ {
+ first = points[i++] = FT_GET_BYTE();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ for ( j = 0; j < runcnt; ++j )
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/freetype/freetype.spec?r1=1.156&r2=1.157&f=u
More information about the pld-cvs-commit
mailing list