packages: t1lib/t1lib.spec, t1lib/t1lib-5.1.2-CVE-2010-2642.patch (NEW) - a...

Sun Jun 5 15:58:07 CEST 2011

Author: gotar                        Date: Sun Jun  5 13:58:07 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- added CVE-2010-2642 patch from t1lib-5.1.2-10.1.src.rpm (OpenSuSE), rel. 4

---- Files affected:
packages/t1lib:
   t1lib.spec (1.82 -> 1.83) , t1lib-5.1.2-CVE-2010-2642.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/t1lib/t1lib.spec
diff -u packages/t1lib/t1lib.spec:1.82 packages/t1lib/t1lib.spec:1.83

--- packages/t1lib/t1lib.spec:1.82	Thu Jun  3 23:23:00 2010
+++ packages/t1lib/t1lib.spec	Sun Jun  5 15:58:02 2011
@@ -10,7 +10,7 @@
 Summary(uk.UTF-8):	Растеризатор шрифтів Type 1
 Name:		t1lib
 Version:	5.1.2
-Release:	3
+Release:	4
 License:	GPL v2
 Group:		Libraries
 Source0:	ftp://sunsite.unc.edu/pub/Linux/libs/graphics/%{name}-%{version}.tar.gz
@@ -26,6 +26,7 @@
 Patch4:		%{name}-xglyph.patch
 Patch5:		%{name}-aclocal.patch
 Patch6:		%{name}-link.patch
+Patch7:		%{name}-5.1.2-CVE-2010-2642.patch
 BuildRequires:	autoconf
 BuildRequires:	automake
 BuildRequires:	libtool
@@ -246,6 +247,7 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 rm -f ac-tools/aclocal.m4
 
@@ -359,6 +361,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.83  2011/06/05 13:58:02  gotar
+- added CVE-2010-2642 patch from t1lib-5.1.2-10.1.src.rpm (OpenSuSE), rel. 4
+
 Revision 1.82  2010/06/03 21:23:00  glen
 - rpm is stupid, require fontpostins (postun is not enough); rel 3
 
@@ -631,4 +636,3 @@
 
 Revision 1.8  1999/07/12 23:06:15  kloczek
 - added using CVS keywords in %changelog (for automating them).
-

================================================================
Index: packages/t1lib/t1lib-5.1.2-CVE-2010-2642.patch
diff -u /dev/null packages/t1lib/t1lib-5.1.2-CVE-2010-2642.patch:1.1
--- /dev/null	Sun Jun  5 15:58:07 2011
+++ packages/t1lib/t1lib-5.1.2-CVE-2010-2642.patch	Sun Jun  5 15:58:02 2011
@@ -0,0 +1,13 @@
+Index: t1lib-5.1.2/lib/t1lib/parseAFM.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/t1lib/parseAFM.c	2007-12-23 16:49:42.000000000 +0100
++++ t1lib-5.1.2/lib/t1lib/parseAFM.c	2011-01-07 10:52:38.953106681 +0100
+@@ -199,7 +199,7 @@
+     idx = 0;
+     
+     while (ch != EOF && ch != ' ' && ch != CR  && ch != LF &&
+-	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
++	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME){
+       ident[idx++] = ch;
+       ch = fgetc(stream);
+     } /* while */
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/t1lib/t1lib.spec?r1=1.82&r2=1.83&f=u

