Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CRUX (http://www.linux-archive.org/crux/)
-   -   ports/opt (2.7): fontforge: patched CVE-2010-4259 (http://www.linux-archive.org/crux/534975-ports-opt-2-7-fontforge-patched-cve-2010-4259-a.html)

06-04-2011 11:07 AM

ports/opt (2.7): fontforge: patched CVE-2010-4259
 
commit 5cc15be6291b97ca7e0392ad344b5f1b728e2599
Author: Fredrik Rinnestam <fredrik@crux.nu>
Date: Sat Jun 4 13:07:21 2011 +0200

[notify] fontforge: patched CVE-2010-4259

diff --git a/fontforge/.md5sum b/fontforge/.md5sum
index c42d211..e84e599 100644
--- a/fontforge/.md5sum
+++ b/fontforge/.md5sum
@@ -1 +1,2 @@
+17912437f45886a394aefa30e7310bd9 CVE-2010-4259.patch
5f3d20d645ec1aa2b7b4876386df8717 fontforge_full-20100501.tar.bz2
diff --git a/fontforge/CVE-2010-4259.patch b/fontforge/CVE-2010-4259.patch
new file mode 100644
index 0000000..d965dcc
--- /dev/null
+++ b/fontforge/CVE-2010-4259.patch
@@ -0,0 +1,51 @@
+--- fontforge/fontforge/fvimportbdf.c 15 Apr 2010 10:47:36 -0000 1.58
++++ fontforge/fontforge/fvimportbdf.c 3 Dec 2010 21:03:38 -0000
+@@ -560,7 +560,7 @@
+ }
+
+ if ( strcmp(tok,"FONT")==0 ) {
+- if ( sscanf(buf,"-%*[^-]-%[^-]-%[^-]-%[^-]-%*[^-]-", family, weight, italic )!=0 ) {
++ if ( sscanf(buf,"-%*[^-]-%99[^-]-%99[^-]-%99[^-]-%*[^-]-", family, weight, italic )!=0 ) {
+ char *pt=buf;
+ int dcnt=0;
+ while ( *pt=='-' && dcnt<7 ) { ++pt; ++dcnt; }
+@@ -616,26 +616,30 @@
+ sscanf(buf, "%d", &defs->metricsset );
+ else if ( strcmp(tok,"VVECTOR")==0 )
+ sscanf(buf, "%*d %d", &defs->vertical_origin );
++ /* For foundry, fontname and encname, only copy up to the buffer size */
+ else if ( strcmp(tok,"FOUNDRY")==0 )
+- sscanf(buf, "%[^"]", foundry );
++ sscanf(buf, "%99[^"]", foundry );
+ else if ( strcmp(tok,"FONT_NAME")==0 )
+- sscanf(buf, "%[^"]", fontname );
++ sscanf(buf, "%99[^"]", fontname );
+ else if ( strcmp(tok,"CHARSET_REGISTRY")==0 )
+- sscanf(buf, "%[^"]", encname );
++ sscanf(buf, "%99[^"]", encname );
+ else if ( strcmp(tok,"CHARSET_ENCODING")==0 ) {
+ enc = 0;
+ if ( sscanf(buf, " %d", &enc )!=1 )
+ sscanf(buf, "%d", &enc );
++ /* These properties should be copied up to the buffer length too */
+ } else if ( strcmp(tok,"FAMILY_NAME")==0 ) {
+- strcpy(family,buf);
++ strncpy(family,buf,99);
+ } else if ( strcmp(tok,"FULL_NAME")==0 || strcmp(tok,"FACE_NAME")==0 ) {
+- strcpy(full,buf);
++ strncpy(full,buf,99);
+ } else if ( strcmp(tok,"WEIGHT_NAME")==0 )
+- strcpy(weight,buf);
++ strncpy(weight,buf,99);
+ else if ( strcmp(tok,"SLANT")==0 )
+- strcpy(italic,buf);
++ strncpy(italic,buf,99);
+ else if ( strcmp(tok,"COPYRIGHT")==0 ) {
+- strcpy(comments,buf);
++ /* LS: Assume the size of the passed-in buffer is 1000, see below in
++ * COMMENT */
++ strncpy(comments,buf,999);
+ found_copyright = true;
+ } else if ( strcmp(tok,"COMMENT")==0 && !found_copyright ) {
+ char *pt = comments+strlen(comments);
+
diff --git a/fontforge/Pkgfile b/fontforge/Pkgfile
index a1b6c13..73cac55 100644
--- a/fontforge/Pkgfile
+++ b/fontforge/Pkgfile
@@ -6,10 +6,12 @@
name=fontforge
version=20100501
release=1
-source=(http://download.sourceforge.net/$name/${name}_full-$version.tar.bz2)
+source=(http://download.sourceforge.net/$name/${name}_full-$version.tar.bz2
+ CVE-2010-4259.patch)

build() {
cd $name-$version
+ patch -p1 -i $SRC/CVE-2010-4259.patch
sed "s|PyBytes_Decode|PyString_Decode|g" -i fontforge/ffpython.h
./configure --prefix=/usr
--mandir=/usr/man
@@ -17,4 +19,4 @@ build() {
make
make install DESTDIR=$PKG
rm -r $PKG/usr/share/locale/
-}
No newline at end of file
+}
_______________________________________________
CRUX mailing list
CRUX@lists.crux.nu
http://lists.crux.nu/mailman/listinfo/crux


All times are GMT. The time now is 05:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.