Hello community, here is the log from the commit of package freetype2 for openSUSE:11.3 checked in at Fri Jul 22 16:33:55 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/freetype2/freetype2.changes 2011-02-28 17:58:51.000000000 +0100 +++ 11.3/freetype2/freetype2.changes 2011-07-21 19:58:10.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Jul 21 19:29:23 CEST 2011 - [email protected] + +- added bnc704612_othersubr.diff, CVE-2011-0226, bnc#704612 + +------------------------------------------------------------------- ft2demos.changes: same change calling whatdependson for 11.3-i586 New: ---- bnc704612_othersubr.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freetype2.spec ++++++ --- /var/tmp/diff_new_pack.BmXXfG/_old 2011-07-22 16:31:32.000000000 +0200 +++ /var/tmp/diff_new_pack.BmXXfG/_new 2011-07-22 16:31:32.000000000 +0200 @@ -29,7 +29,7 @@ %endif # Version: 2.3.12 -Release: 7.<RELEASE4> +Release: 7.<RELEASE5> Url: http://www.freetype.org Summary: A TrueType Font Library # CVS repository: @@ -67,6 +67,7 @@ Patch1015: bnc641580_CVE-2010-3311.diff Patch1016: bnc647375_CVE-2010-3814.diff Patch1017: bnc647375_CVE-2010-3855.diff +Patch1018: bnc704612_othersubr.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -150,6 +151,7 @@ %patch1016 -p1 # bnc647375_CVE-2010-3855.diff %patch1017 -p1 +%patch1018 -p1 pushd docs tar xf $RPM_SOURCE_DIR/freetype-doc-reference.tar.bz2 ++++++ ft2demos.spec ++++++ --- /var/tmp/diff_new_pack.BmXXfG/_old 2011-07-22 16:31:32.000000000 +0200 +++ /var/tmp/diff_new_pack.BmXXfG/_new 2011-07-22 16:31:32.000000000 +0200 @@ -25,7 +25,7 @@ AutoReqProv: on Supplements: fonts-config Version: 2.3.12 -Release: 7.<RELEASE4> +Release: 7.<RELEASE5> %define freetype_version %{version} Url: http://www.freetype.org Summary: Freetype2 Utilities and Demo Programs @@ -72,6 +72,7 @@ Patch1016: bnc647375_CVE-2010-3814.diff Source1016: bug-647375_tt2.ttf Patch1017: bnc647375_CVE-2010-3855.diff +Patch1018: bnc704612_othersubr.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -134,6 +135,7 @@ %patch1016 -p1 # bnc647375_CVE-2010-3855.diff %patch1017 -p1 +%patch1018 -p1 pushd docs tar xf $RPM_SOURCE_DIR/freetype-doc-reference.tar.bz2 ++++++ bnc704612_othersubr.diff ++++++ --- freetype-2.3.12/src/psaux/t1decode.c.orig 2010-01-08 17:11:54.000000000 +0000 +++ freetype-2.3.12/src/psaux/t1decode.c 2011-07-21 17:04:46.000000000 +0000 @@ -28,6 +28,8 @@ #include "psauxerr.h" +/* ensure proper sign extension */ +#define Fix2Int( f ) ( (FT_Int)(FT_Short)( (f) >> 16 ) ) /*************************************************************************/ /* */ @@ -671,7 +673,7 @@ if ( large_int ) FT_TRACE4(( " %ld", value )); else - FT_TRACE4(( " %ld", (FT_Int32)( value >> 16 ) )); + FT_TRACE4(( " %ld", Fix2Int( value ) )); #endif *top++ = value; @@ -693,8 +695,8 @@ top -= 2; - subr_no = (FT_Int)( top[1] >> 16 ); - arg_cnt = (FT_Int)( top[0] >> 16 ); + subr_no = Fix2Int( top[1] ); + arg_cnt = Fix2Int( top[0] ); /***********************************************************/ /* */ @@ -867,7 +869,7 @@ if ( arg_cnt != 1 || blend == NULL ) goto Unexpected_OtherSubr; - idx = (FT_Int)( top[0] >> 16 ); + idx = Fix2Int( top[0] ); if ( idx < 0 || idx + blend->num_designs > decoder->len_buildchar ) @@ -935,7 +937,7 @@ if ( arg_cnt != 2 || blend == NULL ) goto Unexpected_OtherSubr; - idx = (FT_Int)( top[1] >> 16 ); + idx = Fix2Int( top[1] ); if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar ) goto Unexpected_OtherSubr; @@ -956,7 +958,7 @@ if ( arg_cnt != 1 || blend == NULL ) goto Unexpected_OtherSubr; - idx = (FT_Int)( top[0] >> 16 ); + idx = Fix2Int( top[0] ); if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar ) goto Unexpected_OtherSubr; @@ -1014,11 +1016,15 @@ break; default: - FT_ERROR(( "t1_decoder_parse_charstrings:" - " unknown othersubr [%d %d], wish me luck\n", - arg_cnt, subr_no )); - unknown_othersubr_result_cnt = arg_cnt; - break; + if ( arg_cnt >= 0 && subr_no >= 0 ) + { + FT_ERROR(( "t1_decoder_parse_charstrings:" + " unknown othersubr [%d %d], wish me luck\n", + arg_cnt, subr_no )); + unknown_othersubr_result_cnt = arg_cnt; + break; + } + /* fall through */ Unexpected_OtherSubr: FT_ERROR(( "t1_decoder_parse_charstrings:" @@ -1144,8 +1150,8 @@ top[0], top[1], top[2], - (FT_Int)( top[3] >> 16 ), - (FT_Int)( top[4] >> 16 ) ); + Fix2Int( top[3] ), + Fix2Int( top[4] ) ); case op_sbw: FT_TRACE4(( " sbw" )); @@ -1319,7 +1325,7 @@ FT_TRACE4(( " callsubr" )); - idx = (FT_Int)( top[0] >> 16 ); + idx = Fix2Int( top[0] ); if ( idx < 0 || idx >= (FT_Int)decoder->num_subrs ) { FT_ERROR(( "t1_decoder_parse_charstrings:" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
