[notify] fontforge: patched CVE-2010-4259
This commit is contained in:
parent
2992a4d3e8
commit
5cc15be629
|
@ -1 +1,2 @@
|
|||
17912437f45886a394aefa30e7310bd9 CVE-2010-4259.patch
|
||||
5f3d20d645ec1aa2b7b4876386df8717 fontforge_full-20100501.tar.bz2
|
||||
|
|
51
fontforge/CVE-2010-4259.patch
Normal file
51
fontforge/CVE-2010-4259.patch
Normal file
|
@ -0,0 +1,51 @@
|
|||
--- fontforge/fontforge/fvimportbdf.c 15 Apr 2010 10:47:36 -0000 1.58
|
||||
+++ fontforge/fontforge/fvimportbdf.c 3 Dec 2010 21:03:38 -0000
|
||||
@@ -560,7 +560,7 @@
|
||||
}
|
||||
|
||||
if ( strcmp(tok,"FONT")==0 ) {
|
||||
- if ( sscanf(buf,"-%*[^-]-%[^-]-%[^-]-%[^-]-%*[^-]-", family, weight, italic )!=0 ) {
|
||||
+ if ( sscanf(buf,"-%*[^-]-%99[^-]-%99[^-]-%99[^-]-%*[^-]-", family, weight, italic )!=0 ) {
|
||||
char *pt=buf;
|
||||
int dcnt=0;
|
||||
while ( *pt=='-' && dcnt<7 ) { ++pt; ++dcnt; }
|
||||
@@ -616,26 +616,30 @@
|
||||
sscanf(buf, "%d", &defs->metricsset );
|
||||
else if ( strcmp(tok,"VVECTOR")==0 )
|
||||
sscanf(buf, "%*d %d", &defs->vertical_origin );
|
||||
+ /* For foundry, fontname and encname, only copy up to the buffer size */
|
||||
else if ( strcmp(tok,"FOUNDRY")==0 )
|
||||
- sscanf(buf, "%[^\"]", foundry );
|
||||
+ sscanf(buf, "%99[^\"]", foundry );
|
||||
else if ( strcmp(tok,"FONT_NAME")==0 )
|
||||
- sscanf(buf, "%[^\"]", fontname );
|
||||
+ sscanf(buf, "%99[^\"]", fontname );
|
||||
else if ( strcmp(tok,"CHARSET_REGISTRY")==0 )
|
||||
- sscanf(buf, "%[^\"]", encname );
|
||||
+ sscanf(buf, "%99[^\"]", encname );
|
||||
else if ( strcmp(tok,"CHARSET_ENCODING")==0 ) {
|
||||
enc = 0;
|
||||
if ( sscanf(buf, " %d", &enc )!=1 )
|
||||
sscanf(buf, "%d", &enc );
|
||||
+ /* These properties should be copied up to the buffer length too */
|
||||
} else if ( strcmp(tok,"FAMILY_NAME")==0 ) {
|
||||
- strcpy(family,buf);
|
||||
+ strncpy(family,buf,99);
|
||||
} else if ( strcmp(tok,"FULL_NAME")==0 || strcmp(tok,"FACE_NAME")==0 ) {
|
||||
- strcpy(full,buf);
|
||||
+ strncpy(full,buf,99);
|
||||
} else if ( strcmp(tok,"WEIGHT_NAME")==0 )
|
||||
- strcpy(weight,buf);
|
||||
+ strncpy(weight,buf,99);
|
||||
else if ( strcmp(tok,"SLANT")==0 )
|
||||
- strcpy(italic,buf);
|
||||
+ strncpy(italic,buf,99);
|
||||
else if ( strcmp(tok,"COPYRIGHT")==0 ) {
|
||||
- strcpy(comments,buf);
|
||||
+ /* LS: Assume the size of the passed-in buffer is 1000, see below in
|
||||
+ * COMMENT */
|
||||
+ strncpy(comments,buf,999);
|
||||
found_copyright = true;
|
||||
} else if ( strcmp(tok,"COMMENT")==0 && !found_copyright ) {
|
||||
char *pt = comments+strlen(comments);
|
||||
|
|
@ -6,10 +6,12 @@
|
|||
name=fontforge
|
||||
version=20100501
|
||||
release=1
|
||||
source=(http://download.sourceforge.net/$name/${name}_full-$version.tar.bz2)
|
||||
source=(http://download.sourceforge.net/$name/${name}_full-$version.tar.bz2 \
|
||||
CVE-2010-4259.patch)
|
||||
|
||||
build() {
|
||||
cd $name-$version
|
||||
patch -p1 -i $SRC/CVE-2010-4259.patch
|
||||
sed "s|PyBytes_Decode|PyString_Decode|g" -i fontforge/ffpython.h
|
||||
./configure --prefix=/usr \
|
||||
--mandir=/usr/man \
|
||||
|
@ -17,4 +19,4 @@ build() {
|
|||
make
|
||||
make install DESTDIR=$PKG
|
||||
rm -r $PKG/usr/share/locale/
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user