diff --git a/.gitattributes b/.gitattributes index dde05dc..49a62dc 100644 --- a/.gitattributes +++ b/.gitattributes @@ -23,3 +23,5 @@ *.zst filter=lfs diff=lfs merge=lfs -text ## Specific LFS patterns bnc628213_test.otf filter=lfs diff=lfs merge=lfs -text +bnc633938_badbdf.0 filter=lfs diff=lfs merge=lfs -text +bug-641580_CVE-2010-3311.cff filter=lfs diff=lfs merge=lfs -text diff --git a/bnc628213_1797.diff b/bnc628213_1797.diff index 920342b..e23b8e8 100644 --- a/bnc628213_1797.diff +++ b/bnc628213_1797.diff @@ -1,5 +1,11 @@ ---- freetype-2.4.1/src/cff/cffgload.c.orig 2010-07-15 18:26:45.000000000 +0200 -+++ freetype-2.4.1/src/cff/cffgload.c 2010-08-06 16:56:07.736041000 +0200 +--- + src/cff/cffgload.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +Index: freetype-2.4.2/src/cff/cffgload.c +=================================================================== +--- freetype-2.4.2.orig/src/cff/cffgload.c ++++ freetype-2.4.2/src/cff/cffgload.c @@ -204,7 +204,7 @@ 2, /* hsbw */ 0, diff --git a/bnc633938_badbdf.0 b/bnc633938_badbdf.0 new file mode 100644 index 0000000..209e4fa --- /dev/null +++ b/bnc633938_badbdf.0 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fabd6513c25b7048c5401b745941d491b7f5f32c0c66a916b94a332756e0e207 +size 19964 diff --git a/bnc641580_CVE-2010-3311.diff b/bnc641580_CVE-2010-3311.diff new file mode 100644 index 0000000..69be102 --- /dev/null +++ b/bnc641580_CVE-2010-3311.diff @@ -0,0 +1,38 @@ +Index: freetype-2.4.2/src/base/ftstream.c +=================================================================== +--- freetype-2.4.2.orig/src/base/ftstream.c ++++ freetype-2.4.2/src/base/ftstream.c +@@ -70,8 +70,16 @@ + { + FT_Error error = FT_Err_Ok; + ++ /* note that seeking to the first position after the file is valid */ ++ if ( pos > stream->size ) ++ { ++ FT_ERROR(( "FT_Stream_Seek:" ++ " invalid i/o; pos = 0x%lx, size = 0x%lx\n", ++ pos, stream->size )); ++ error = FT_Err_Invalid_Stream_Operation; ++ } + +- if ( stream->read ) ++ if ( !error && stream->read ) + { + if ( stream->read( stream, pos, 0, 0 ) ) + { +@@ -82,15 +90,6 @@ + error = FT_Err_Invalid_Stream_Operation; + } + } +- /* note that seeking to the first position after the file is valid */ +- else if ( pos > stream->size ) +- { +- FT_ERROR(( "FT_Stream_Seek:" +- " invalid i/o; pos = 0x%lx, size = 0x%lx\n", +- pos, stream->size )); +- +- error = FT_Err_Invalid_Stream_Operation; +- } + + if ( !error ) + stream->pos = pos; diff --git a/bug-641580_CVE-2010-3311.cff b/bug-641580_CVE-2010-3311.cff new file mode 100644 index 0000000..bbc47f9 --- /dev/null +++ b/bug-641580_CVE-2010-3311.cff @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:11712ea61abedc4006c8fe7b446589e9c97fb9b117b4b6c13f0a4f22d2a1a62a +size 7751 diff --git a/bugzilla-308961-cmex-workaround.patch b/bugzilla-308961-cmex-workaround.patch index d81dc11..1c462b7 100644 --- a/bugzilla-308961-cmex-workaround.patch +++ b/bugzilla-308961-cmex-workaround.patch @@ -1,7 +1,11 @@ -Index: freetype-2.4.3/src/base/ftobjs.c +--- + src/base/ftobjs.c | 5 +++++ + 1 file changed, 5 insertions(+) + +Index: freetype-2.4.2/src/base/ftobjs.c =================================================================== ---- freetype-2.4.3.orig/src/base/ftobjs.c 2010-10-29 15:58:01.000000000 +0200 -+++ freetype-2.4.3/src/base/ftobjs.c 2010-10-29 16:01:57.187258621 +0200 +--- freetype-2.4.2.orig/src/base/ftobjs.c ++++ freetype-2.4.2/src/base/ftobjs.c @@ -2153,6 +2153,11 @@ if ( FT_IS_SCALABLE( face ) ) diff --git a/fix-build.patch b/fix-build.patch index 670d7c1..fa96541 100644 --- a/fix-build.patch +++ b/fix-build.patch @@ -1,7 +1,12 @@ -Index: freetype-2.4.3/autogen.sh +--- + autogen.sh | 2 +- + builds/unix/configure.raw | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +Index: freetype-2.4.2/autogen.sh =================================================================== ---- freetype-2.4.3.orig/autogen.sh 2010-02-13 07:54:14.000000000 +0100 -+++ freetype-2.4.3/autogen.sh 2010-10-29 16:05:43.356557850 +0200 +--- freetype-2.4.2.orig/autogen.sh ++++ freetype-2.4.2/autogen.sh @@ -150,7 +150,7 @@ sed -e "s;@VERSION@;$freetype_major$free < configure.raw > configure.ac @@ -11,10 +16,10 @@ Index: freetype-2.4.3/autogen.sh run autoconf --force chmod +x mkinstalldirs -Index: freetype-2.4.3/builds/unix/configure.raw +Index: freetype-2.4.2/builds/unix/configure.raw =================================================================== ---- freetype-2.4.3.orig/builds/unix/configure.raw 2010-10-03 20:34:42.000000000 +0200 -+++ freetype-2.4.3/builds/unix/configure.raw 2010-10-29 16:06:54.225383610 +0200 +--- freetype-2.4.2.orig/builds/unix/configure.raw ++++ freetype-2.4.2/builds/unix/configure.raw @@ -650,7 +650,7 @@ AC_SUBST([FT2_EXTRA_LIBS]) AC_SUBST([SYSTEM_ZLIB]) diff --git a/freetype2-bitmap-foundry.patch b/freetype2-bitmap-foundry.patch index 6af3acd..9253749 100644 --- a/freetype2-bitmap-foundry.patch +++ b/freetype2-bitmap-foundry.patch @@ -1,7 +1,11 @@ -Index: freetype-2.4.3/src/pcf/pcfread.c +--- + src/pcf/pcfread.c | 30 ++++++++++++++++++++++++++++-- + 1 file changed, 28 insertions(+), 2 deletions(-) + +Index: freetype-2.4.2/src/pcf/pcfread.c =================================================================== ---- freetype-2.4.3.orig/src/pcf/pcfread.c 2010-06-24 20:16:51.000000000 +0200 -+++ freetype-2.4.3/src/pcf/pcfread.c 2010-10-29 16:12:07.904258618 +0200 +--- freetype-2.4.2.orig/src/pcf/pcfread.c ++++ freetype-2.4.2/src/pcf/pcfread.c @@ -1175,8 +1175,34 @@ THE SOFTWARE. prop = pcf_find_property( face, "FAMILY_NAME" ); if ( prop && prop->isString ) diff --git a/freetype2.changes b/freetype2.changes index 138fa12..cb8c5f6 100644 --- a/freetype2.changes +++ b/freetype2.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Dec 7 17:53:52 UTC 2010 - jw@novell.com + +- several old patches got lost, reapplying: + * added bnc641580_CVE-2010-3311.diff for bnc#641580 + * bnc633943_CVE-2010-3054 nothing to do. + * bnc633938_CVE-2010-3053 nothing to do. + ------------------------------------------------------------------- Mon Dec 6 01:34:41 UTC 2010 - cristian.rodriguez@opensuse.org diff --git a/freetype2.spec b/freetype2.spec index 4044c72..7e8aedd 100644 --- a/freetype2.spec +++ b/freetype2.spec @@ -48,6 +48,8 @@ Patch200: freetype2-subpixel.patch Patch201: use_unix.diff Patch1000: bnc628213_1797.diff +Patch1015: bnc641580_CVE-2010-3311.diff +Source1015: bug-641580_CVE-2010-3311.cff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -112,6 +114,10 @@ It also contains a small tutorial for using that library. #%patch1008 -p1 #%patch1009 -p1 #%patch1010 -p1 +# bnc633938_CVE-2010-3053.diff +#%patch1013 -p1 +# bnc641580_CVE-2010-3311.diff +%patch1015 -p1 find . -name CVS -type d | xargs rm -rf find . -name ".cvsignore" | xargs rm -f diff --git a/ft2-stream-compat.diff b/ft2-stream-compat.diff index 030acd8..4116f5b 100644 --- a/ft2-stream-compat.diff +++ b/ft2-stream-compat.diff @@ -1,7 +1,11 @@ -Index: freetype-2.4.3/src/base/ftstream.c +--- + src/base/ftstream.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 56 insertions(+), 2 deletions(-) + +Index: freetype-2.4.2/src/base/ftstream.c =================================================================== ---- freetype-2.4.3.orig/src/base/ftstream.c 2010-08-04 15:52:01.000000000 +0200 -+++ freetype-2.4.3/src/base/ftstream.c 2010-10-29 16:41:31.418258733 +0200 +--- freetype-2.4.2.orig/src/base/ftstream.c ++++ freetype-2.4.2/src/base/ftstream.c @@ -44,6 +44,17 @@ stream->close = 0; } @@ -56,26 +60,27 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Error ) FT_Stream_ExtractFrame( FT_Stream stream, -@@ -210,6 +229,8 @@ +@@ -210,7 +229,9 @@ return error; } +- + FT_BASE_DEF( FT_Error ) + FT_Extract_Frame( FT_Stream, FT_ULong, FT_Byte** ) __attribute__((weak, alias("FT_Stream_ExtractFrame"))); - ++ FT_BASE_DEF( void ) FT_Stream_ReleaseFrame( FT_Stream stream, -@@ -229,6 +250,9 @@ + FT_Byte** pbytes ) +@@ -229,6 +250,8 @@ *pbytes = 0; } + FT_BASE_DEF( void ) + FT_Release_Frame( FT_Stream, FT_Byte** ) __attribute__((weak, alias("FT_Stream_ReleaseFrame"))); -+ FT_BASE_DEF( FT_Error ) FT_Stream_EnterFrame( FT_Stream stream, -@@ -307,6 +331,8 @@ +@@ -307,6 +330,8 @@ return error; } @@ -84,7 +89,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( void ) FT_Stream_ExitFrame( FT_Stream stream ) -@@ -337,6 +363,8 @@ +@@ -337,6 +362,8 @@ stream->limit = 0; } @@ -93,7 +98,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Char ) FT_Stream_GetChar( FT_Stream stream ) -@@ -353,6 +381,8 @@ +@@ -353,6 +380,8 @@ return result; } @@ -102,7 +107,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Short ) FT_Stream_GetShort( FT_Stream stream ) -@@ -372,6 +402,8 @@ +@@ -372,6 +401,8 @@ return result; } @@ -111,7 +116,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Short ) FT_Stream_GetShortLE( FT_Stream stream ) -@@ -391,6 +423,8 @@ +@@ -391,6 +422,8 @@ return result; } @@ -120,7 +125,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Long ) FT_Stream_GetOffset( FT_Stream stream ) -@@ -409,6 +443,8 @@ +@@ -409,6 +442,8 @@ return result; } @@ -129,7 +134,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Long ) FT_Stream_GetLong( FT_Stream stream ) -@@ -427,6 +463,8 @@ +@@ -427,6 +462,8 @@ return result; } @@ -138,7 +143,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Long ) FT_Stream_GetLongLE( FT_Stream stream ) -@@ -445,6 +483,8 @@ +@@ -445,6 +482,8 @@ return result; } @@ -147,7 +152,7 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Char ) FT_Stream_ReadChar( FT_Stream stream, -@@ -482,6 +522,8 @@ +@@ -482,6 +521,8 @@ return 0; } @@ -156,12 +161,13 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Short ) FT_Stream_ReadShort( FT_Stream stream, -@@ -529,6 +571,8 @@ +@@ -529,6 +570,9 @@ return 0; } + FT_BASE_DEF( FT_Short ) + FT_Read_Short( FT_Stream, FT_Error* ) __attribute__((weak, alias("FT_Stream_ReadShort"))); ++ FT_BASE_DEF( FT_Short ) FT_Stream_ReadShortLE( FT_Stream stream, @@ -192,16 +198,17 @@ Index: freetype-2.4.3/src/base/ftstream.c FT_BASE_DEF( FT_Long ) FT_Stream_ReadLongLE( FT_Stream stream, -@@ -717,6 +767,8 @@ +@@ -717,6 +767,9 @@ return 0; } + FT_BASE_DEF( FT_Long ) + FT_Read_LongLE( FT_Stream, FT_Error* ) __attribute__((weak, alias("FT_Stream_ReadLongLE"))); ++ FT_BASE_DEF( FT_Error ) FT_Stream_ReadFields( FT_Stream stream, -@@ -860,5 +912,6 @@ +@@ -860,5 +913,6 @@ return error; } diff --git a/ft2demos.changes b/ft2demos.changes index 1e53a4a..9f5ef00 100644 --- a/ft2demos.changes +++ b/ft2demos.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Dec 7 17:52:34 UTC 2010 - jw@novell.com + +- Several old patches got lost. Reapplying: + * added bnc641580_CVE-2010-3311.diff incl. test-case for bnc#641580 + * bnc633943_CVE-2010-3054 nothing to do. + * bnc633938_CVE-2010-3053 nothing to do. + * bnc633938_badbdf.0 regression test added. + ------------------------------------------------------------------- Fri Oct 29 16:25:22 UTC 2010 - fisiu@opensuse.org diff --git a/ft2demos.spec b/ft2demos.spec index 9062a23..262c712 100644 --- a/ft2demos.spec +++ b/ft2demos.spec @@ -47,6 +47,9 @@ Patch201: use_unix.diff Patch1000: bnc628213_1797.diff Source1000: bnc628213_test.otf Source1004: bnc629447_sigsegv31.ttf +Source1013: bnc633938_badbdf.0 +Patch1015: bnc641580_CVE-2010-3311.diff +Source1015: bug-641580_CVE-2010-3311.cff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -87,6 +90,10 @@ pushd ../ft2demos-%{version} #%patch1011 -p1 #%patch1012 -p1 popd +# bnc633938_CVE-2010-3053.diff +#%patch1013 -p1 +# bnc641580_CVE-2010-3311.diff +%patch1015 -p1 find . -name CVS -type d | xargs rm -rf find . -name ".cvsignore" | xargs rm -f @@ -120,6 +127,8 @@ popd %check $RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1000} $RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1004} |& grep -v "couldn't load font resource" && echo "should fail" +$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1013} |& grep -v "couldn't load font resource" && echo "should fail" +$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1015} |& grep -v "couldn't load font resource" && echo "should fail" %clean diff --git a/use_unix.diff b/use_unix.diff index 2bc1560..9da3d51 100644 --- a/use_unix.diff +++ b/use_unix.diff @@ -1,7 +1,12 @@ -Index: freetype-2.4.3/builds/toplevel.mk +--- + builds/toplevel.mk | 2 +- + builds/unix/detect.mk | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +Index: freetype-2.4.2/builds/toplevel.mk =================================================================== ---- freetype-2.4.3.orig/builds/toplevel.mk 2010-07-12 00:33:23.000000000 +0200 -+++ freetype-2.4.3/builds/toplevel.mk 2010-10-29 16:19:37.525259301 +0200 +--- freetype-2.4.2.orig/builds/toplevel.mk ++++ freetype-2.4.2/builds/toplevel.mk @@ -120,7 +120,7 @@ ifdef check_platform # # Note: This test is duplicated in `builds/unix/detect.mk'. @@ -11,10 +16,10 @@ Index: freetype-2.4.3/builds/toplevel.mk $(wildcard /usr/sbin/init) \ $(wildcard /hurd/auth)) ifneq ($(is_unix),) -Index: freetype-2.4.3/builds/unix/detect.mk +Index: freetype-2.4.2/builds/unix/detect.mk =================================================================== ---- freetype-2.4.3.orig/builds/unix/detect.mk 2009-03-14 14:45:26.000000000 +0100 -+++ freetype-2.4.3/builds/unix/detect.mk 2010-10-29 16:20:02.456789596 +0200 +--- freetype-2.4.2.orig/builds/unix/detect.mk ++++ freetype-2.4.2/builds/unix/detect.mk @@ -18,7 +18,7 @@ ifeq ($(PLATFORM),ansi) # Note: this test is duplicated in "builds/toplevel.mk".