Hello community,
here is the log from the commit of package freetype2 for openSUSE:11.3
checked in at Thu Mar 3 15:59:12 CET 2011.
--------
--- old-versions/11.3/UPDATES/all/freetype2/freetype2.changes 2010-10-13 17:13:20.000000000 +0200
+++ 11.3/freetype2/freetype2.changes 2011-02-28 17:58:51.000000000 +0100
@@ -1,0 +2,10 @@
+Mon Feb 28 16:55:09 UTC 2011 - jw@novell.com
+
+- added bnc647375_CVE-2010-3855.diff for BNC#647375
+
+-------------------------------------------------------------------
+Fri Feb 25 12:37:06 UTC 2011 - jw@novell.com
+
+- added bnc647375_CVE-2010-3814.diff for BNC#647375
+
+-------------------------------------------------------------------
--- old-versions/11.3/UPDATES/all/freetype2/ft2demos.changes 2010-10-13 17:13:21.000000000 +0200
+++ 11.3/freetype2/ft2demos.changes 2011-02-28 17:58:51.000000000 +0100
@@ -1,0 +2,10 @@
+Mon Feb 28 16:55:30 UTC 2011 - jw@novell.com
+
+- added bnc647375_CVE-2010-3855.diff for BNC#647375
+
+-------------------------------------------------------------------
+Fri Feb 25 12:37:51 UTC 2011 - jw@novell.com
+
+- added bnc647375_CVE-2010-3814.diff+testcase for BNC#647375
+
+-------------------------------------------------------------------
calling whatdependson for 11.3-i586
New:
----
bnc647375_CVE-2010-3814.diff
bnc647375_CVE-2010-3855.diff
bug-647375_tt2.ttf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ freetype2.spec ++++++
--- /var/tmp/diff_new_pack.5Ruak0/_old 2011-03-03 15:58:58.000000000 +0100
+++ /var/tmp/diff_new_pack.5Ruak0/_new 2011-03-03 15:58:58.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package freetype2 (Version 2.3.12)
+# spec file for package freetype2
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
%endif
#
Version: 2.3.12
-Release: 7.<RELEASE2>
+Release: 7.<RELEASE4>
Url: http://www.freetype.org
Summary: A TrueType Font Library
# CVS repository:
@@ -65,6 +65,8 @@
# Patch1012: bnc619562_CVE-2010-2541.diff
Patch1013: bnc633938_CVE-2010-3053.diff
Patch1015: bnc641580_CVE-2010-3311.diff
+Patch1016: bnc647375_CVE-2010-3814.diff
+Patch1017: bnc647375_CVE-2010-3855.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -144,6 +146,10 @@
%patch1013 -p1
# bnc641580_CVE-2010-3311.diff
%patch1015 -p1
+# bnc647375_CVE-2010-3814.diff
+%patch1016 -p1
+# bnc647375_CVE-2010-3855.diff
+%patch1017 -p1
pushd docs
tar xf $RPM_SOURCE_DIR/freetype-doc-reference.tar.bz2
++++++ ft2demos.spec ++++++
--- /var/tmp/diff_new_pack.5Ruak0/_old 2011-03-03 15:58:58.000000000 +0100
+++ /var/tmp/diff_new_pack.5Ruak0/_new 2011-03-03 15:58:58.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package ft2demos (Version 2.3.12)
+# spec file for package ft2demos
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
AutoReqProv: on
Supplements: fonts-config
Version: 2.3.12
-Release: 7.<RELEASE2>
+Release: 7.<RELEASE4>
%define freetype_version %{version}
Url: http://www.freetype.org
Summary: Freetype2 Utilities and Demo Programs
@@ -69,6 +69,9 @@
Source1013: bnc633938_badbdf.0
Patch1015: bnc641580_CVE-2010-3311.diff
Source1015: bug-641580_CVE-2010-3311.cff
+Patch1016: bnc647375_CVE-2010-3814.diff
+Source1016: bug-647375_tt2.ttf
+Patch1017: bnc647375_CVE-2010-3855.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -127,6 +130,10 @@
%patch1013 -p1
# bnc641580_CVE-2010-3311.diff
%patch1015 -p1
+# bnc647375_CVE-2010-3814.diff
+%patch1016 -p1
+# bnc647375_CVE-2010-3855.diff
+%patch1017 -p1
pushd docs
tar xf $RPM_SOURCE_DIR/freetype-doc-reference.tar.bz2
@@ -165,6 +172,7 @@
$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1004} >/tmp/x$$ 2>&1; grep -q "couldn't load font resource" /tmp/x$$ || false
$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1013} >/tmp/x$$ 2>&1; grep -q "couldn't load font resource" /tmp/x$$ || false
$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1014} >/tmp/x$$ 2>&1; grep -q "couldn't load font resource" /tmp/x$$ || false
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1016}
%clean
++++++ bnc647375_CVE-2010-3814.diff ++++++
commit 0edf0986f3be570f5bf90ff245a85c1675f5c9a4
Author: Werner Lemberg
From 59eb9f8cfe7d1df379a2318316d1f04f80fba54a Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Tue, 12 Oct 2010 07:49:17 +0200 Subject: [PATCH] Fix Savannah bug #31310.
* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against invalid `runcnt' values. --- ChangeLog | 7 +++++++ src/truetype/ttgxvar.c | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) Index: freetype-2.3.12/src/truetype/ttgxvar.c =================================================================== --- freetype-2.3.12.orig/src/truetype/ttgxvar.c +++ freetype-2.3.12/src/truetype/ttgxvar.c @@ -130,7 +130,7 @@ FT_Int j; FT_Int first; FT_Memory memory = stream->memory; - FT_Error error = TT_Err_Ok; + FT_Error error = TT_Err_Ok; FT_UNUSED( error ); @@ -154,7 +154,7 @@ runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK; first = points[i++] = FT_GET_USHORT(); - if ( runcnt < 1 ) + if ( runcnt < 1 || i + runcnt >= n ) goto Exit; /* first point not included in runcount */ @@ -165,7 +165,7 @@ { first = points[i++] = FT_GET_BYTE(); - if ( runcnt < 1 ) + if ( runcnt < 1 || i + runcnt >= n ) goto Exit; for ( j = 0; j < runcnt; ++j ) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org