From 15122352b96ca9a9cfe866df97ed27a932466469 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2016 06:15:17 +0000 Subject: import freetype-2.4.11-12.el7 --- diff --git a/SOURCES/freetype-2.4.11-inode-overflow.patch b/SOURCES/freetype-2.4.11-inode-overflow.patch new file mode 100644 index 0000000..6243b00 --- /dev/null +++ b/SOURCES/freetype-2.4.11-inode-overflow.patch @@ -0,0 +1,14 @@ +--- freetype-2.4.11/src/tools/ftrandom/ftrandom.c.orig 2009-03-14 14:45:26.000000000 +0100 ++++ freetype-2.4.11/src/tools/ftrandom/ftrandom.c 2016-02-10 17:51:45.047340575 +0100 +@@ -369,6 +369,11 @@ + } + + fontlist[fcnt].name = strdup( buffer ); ++ if ( statb.st_size > LONG_MAX ) ++ { ++ fprintf( stderr, "The file is too big\n" ); ++ exit( 1 ); ++ } + fontlist[fcnt].len = statb.st_size; + + figurefiletype( &fontlist[fcnt] ); diff --git a/SPECS/freetype.spec b/SPECS/freetype.spec index 1464abf..a0a7482 100644 --- a/SPECS/freetype.spec +++ b/SPECS/freetype.spec @@ -7,7 +7,7 @@ Summary: A free and portable font rendering engine Name: freetype Version: 2.4.11 -Release: 11%{?dist} +Release: 12%{?dist} License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement Group: System Environment/Libraries URL: http://www.freetype.org @@ -53,6 +53,7 @@ Patch107: freetype-2.4.11-unsigned-long.patch Patch108: freetype-2.4.11-CVE-2014-9674b.patch Patch109: freetype-2.4.11-pcf-read-a.patch Patch110: freetype-2.4.11-pcf-read-b.patch +Patch111: freetype-2.4.11-inode-overflow.patch Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) @@ -136,10 +137,11 @@ popd %patch108 -p1 -b .CVE-2014-9674b %patch109 -p1 -b .pcf-read-a %patch110 -p1 -b .pcf-read-b +%patch111 -p1 -b .inode-overflow %build -%configure --disable-static +%configure --disable-static CFLAGS="%optflags -D_FILE_OFFSET_BITS=64" sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' builds/unix/libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' builds/unix/libtool make %{?_smp_mflags} @@ -253,6 +255,10 @@ rm -rf $RPM_BUILD_ROOT %doc docs/tutorial %changelog +* Tue Mar 22 2016 Marek Kasik - 2.4.11-12 +- Define _FILE_OFFSET_BITS=64 to handle inodes higher than or equal to 2^31 +- Resolves: #1303268 + * Tue Mar 10 2015 Marek Kasik - 2.4.11-11 - Fixes CVE-2014-9657 - Check minimum size of `record_size'.