[arch-commits] CVS update of arch/build/lib/freetype2 (2 files)
Jan de Groot
jgc at archlinux.org
Fri Jun 1 07:06:12 UTC 2007
Date: Friday, June 1, 2007 @ 03:06:12
Author: jgc
Path: /home/cvs-arch/arch/build/lib/freetype2
Added: freetype-CVE-2007-2754.patch (1.1)
Modified: PKGBUILD (1.44 -> 1.45)
upgpkg: freetype2 2.3.4-2
Security update
------------------------------+
PKGBUILD | 10 ++++++----
freetype-CVE-2007-2754.patch | 32 ++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+), 4 deletions(-)
Index: arch/build/lib/freetype2/PKGBUILD
diff -u arch/build/lib/freetype2/PKGBUILD:1.44 arch/build/lib/freetype2/PKGBUILD:1.45
--- arch/build/lib/freetype2/PKGBUILD:1.44 Wed Apr 18 16:04:06 2007
+++ arch/build/lib/freetype2/PKGBUILD Fri Jun 1 03:06:11 2007
@@ -1,19 +1,20 @@
-# $Id: PKGBUILD,v 1.44 2007/04/18 20:04:06 jgc Exp $
+# $Id: PKGBUILD,v 1.45 2007/06/01 07:06:11 jgc Exp $
# Maintainer: judd <jvinet at zeroflux.org>
pkgname=freetype2
pkgver=2.3.4
-pkgrel=1
+pkgrel=2
pkgdesc="TrueType font rendering library"
arch=(i686 x86_64)
license=('GPL')
url="http://freetype.sourceforge.net"
depends=('zlib')
-options=('nolibtool')
+options=('!libtool')
source=(http://heanet.dl.sourceforge.net/sourceforge/freetype/freetype-${pkgver}.tar.bz2
bytecode.patch
freetype-2.3.0-enable-spr.patch
freetype-2.2.1-enable-valid.patch
- freetype-2.2.1-memcpy-fix.patch)
+ freetype-2.2.1-memcpy-fix.patch
+ freetype-CVE-2007-2754.patch)
md5sums=('1a6c59a7723d637c78672e7784da865d' '9ff19e742968c29e3ba52b08d6bf0a50'\
'816dc8619a6904a7385769433c0a8653' '214119610444c9b02766ccee5e220680'\
'6fb6606d28082ecb8e0c6d986b0b26aa')
@@ -24,6 +25,7 @@
patch -Np1 -i ${startdir}/src/freetype-2.3.0-enable-spr.patch || return 1
patch -Np1 -i ${startdir}/src/freetype-2.2.1-enable-valid.patch || return 1
patch -Np1 -i ${startdir}/src/freetype-2.2.1-memcpy-fix.patch || return 1
+ patch -Np0 -i ${startdir}/src/freetype-CVE-2007-2754.patch || return 1
./configure --prefix=/usr
make || return 1
Index: arch/build/lib/freetype2/freetype-CVE-2007-2754.patch
diff -u /dev/null arch/build/lib/freetype2/freetype-CVE-2007-2754.patch:1.1
--- /dev/null Fri Jun 1 03:06:11 2007
+++ arch/build/lib/freetype2/freetype-CVE-2007-2754.patch Fri Jun 1 03:06:11 2007
@@ -0,0 +1,32 @@
+--- src/truetype/ttgload.c
++++ src/truetype/ttgload.c
+@@ -271,7 +271,11 @@
+
+ n_points = 0;
+ if ( n_contours > 0 )
++ {
+ n_points = cont[-1] + 1;
++ if ( n_points < 0 )
++ goto Invalid_Outline;
++ }
+
+ /* note that we will add four phantom points later */
+ error = FT_GLYPHLOADER_CHECK_POINTS( gloader, n_points + 4, 0 );
+@@ -682,7 +686,7 @@
+ FT_GlyphLoader gloader = loader->gloader;
+ FT_Error error = TT_Err_Ok;
+ FT_Outline* outline;
+- FT_UInt n_points;
++ FT_Int n_points;
+
+
+ outline = &gloader->current.outline;
+@@ -709,7 +713,7 @@
+ /* Deltas apply to the unscaled data. */
+ FT_Vector* deltas;
+ FT_Memory memory = loader->face->memory;
+- FT_UInt i;
++ FT_Int i;
+
+
+ error = TT_Vary_Get_Glyph_Deltas( (TT_Face)(loader->face),
More information about the arch-commits
mailing list