[arch-commits] Commit in freetype2/trunk (CVE-2009-0946.patch PKGBUILD)

Jan de Groot jgc at archlinux.org
Wed Nov 4 06:54:43 EST 2009


    Date: Wednesday, November 4, 2009 @ 06:54:42
  Author: jgc
Revision: 58137

Update to 2.3.11, remove upstream included patch

Modified:
  freetype2/trunk/PKGBUILD
Deleted:
  freetype2/trunk/CVE-2009-0946.patch

---------------------+
 CVE-2009-0946.patch |  144 --------------------------------------------------
 PKGBUILD            |   22 +++----
 2 files changed, 10 insertions(+), 156 deletions(-)

Deleted: CVE-2009-0946.patch
===================================================================
--- CVE-2009-0946.patch	2009-11-04 08:07:54 UTC (rev 58136)
+++ CVE-2009-0946.patch	2009-11-04 11:54:42 UTC (rev 58137)
@@ -1,144 +0,0 @@
-
-diff --git a/src/cff/cffload.c b/src/cff/cffload.c
-index 22163fb..24b899d 100644
---- a/src/cff/cffload.c
-+++ b/src/cff/cffload.c
-@@ -842,7 +842,20 @@
-             goto Exit;
- 
-           for ( j = 1; j < num_glyphs; j++ )
--            charset->sids[j] = FT_GET_USHORT();
-+          {
-+            FT_UShort sid = FT_GET_USHORT();
-+
-+
-+            /* this constant is given in the CFF specification */
-+            if ( sid < 65000 )
-+              charset->sids[j] = sid;
-+            else
-+            {
-+              FT_ERROR(( "cff_charset_load:"
-+                         " invalid SID value %d set to zero\n", sid ));
-+              charset->sids[j] = 0;
-+            }
-+          }
- 
-           FT_FRAME_EXIT();
-         }
-@@ -875,6 +888,20 @@
-                 goto Exit;
-             }
- 
-+            /* check whether the range contains at least one valid glyph; */
-+            /* the constant is given in the CFF specification             */
-+            if ( glyph_sid >= 65000 ) {
-+              FT_ERROR(( "cff_charset_load: invalid SID range\n" ));
-+              error = CFF_Err_Invalid_File_Format;
-+              goto Exit;
-+            }
-+
-+            /* try to rescue some of the SIDs if `nleft' is too large */
-+            if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) {
-+              FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" ));
-+              nleft = 65000 - 1 - glyph_sid;
-+            }
-+
-             /* Fill in the range of sids -- `nleft + 1' glyphs. */
-             for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ )
-               charset->sids[j] = glyph_sid;
-diff --git a/src/lzw/ftzopen.c b/src/lzw/ftzopen.c
-index fc78315..c0483de 100644
---- a/src/lzw/ftzopen.c
-+++ b/src/lzw/ftzopen.c
-@@ -332,6 +332,9 @@
- 
-           while ( code >= 256U )
-           {
-+            if ( !state->prefix )
-+              goto Eof;
-+
-             FTLZW_STACK_PUSH( state->suffix[code - 256] );
-             code = state->prefix[code - 256];
-           }
-diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c
-index 6830391..1bd2ce7 100644
---- a/src/sfnt/ttcmap.c
-+++ b/src/sfnt/ttcmap.c
-@@ -1635,7 +1635,7 @@
-       FT_INVALID_TOO_SHORT;
- 
-     length = TT_NEXT_ULONG( p );
--    if ( table + length > valid->limit || length < 8208 )
-+    if ( length > (FT_UInt32)( valid->limit - table ) || length < 8192 + 16 )
-       FT_INVALID_TOO_SHORT;
- 
-     is32       = table + 12;
-@@ -1863,7 +1863,8 @@
-     p      = table + 16;
-     count  = TT_NEXT_ULONG( p );
- 
--    if ( table + length > valid->limit || length < 20 + count * 2 )
-+    if ( length > (FT_ULong)( valid->limit - table ) ||
-+         length < 20 + count * 2                     )
-       FT_INVALID_TOO_SHORT;
- 
-     /* check glyph indices */
-@@ -2048,7 +2049,8 @@
-     p          = table + 12;
-     num_groups = TT_NEXT_ULONG( p );
- 
--    if ( table + length > valid->limit || length < 16 + 12 * num_groups )
-+    if ( length > (FT_ULong)( valid->limit - table ) ||
-+         length < 16 + 12 * num_groups               )
-       FT_INVALID_TOO_SHORT;
- 
-     /* check groups, they must be in increasing order */
-@@ -2429,7 +2431,8 @@
-     FT_ULong  num_selectors = TT_NEXT_ULONG( p );
- 
- 
--    if ( table + length > valid->limit || length < 10 + 11 * num_selectors )
-+    if ( length > (FT_ULong)( valid->limit - table ) ||
-+         length < 10 + 11 * num_selectors            )
-       FT_INVALID_TOO_SHORT;
- 
-     /* check selectors, they must be in increasing order */
-@@ -2491,7 +2494,7 @@
-           FT_ULong  i, lastUni = 0;
- 
- 
--          if ( ndp + numMappings * 4 > valid->limit )
-+          if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) )
-             FT_INVALID_TOO_SHORT;
- 
-           for ( i = 0; i < numMappings; ++i )
-diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c
-index a6db504..cacc490 100644
---- a/src/smooth/ftsmooth.c
-+++ b/src/smooth/ftsmooth.c
-@@ -153,7 +153,7 @@
-       slot->internal->flags &= ~FT_GLYPH_OWN_BITMAP;
-     }
- 
--    /* allocate new one, depends on pixel format */
-+    /* allocate new one */
-     pitch = width;
-     if ( hmul )
-     {
-@@ -194,6 +194,13 @@
- 
- #endif
- 
-+    if ( pitch > 0xFFFF || height > 0xFFFF )
-+    {
-+      FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n",
-+                 width, height ));
-+      return Smooth_Err_Raster_Overflow;
-+    }
-+
-     bitmap->pixel_mode = FT_PIXEL_MODE_GRAY;
-     bitmap->num_grays  = 256;
-     bitmap->width      = width;
---
-cgit v0.8.2.1
-

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-11-04 08:07:54 UTC (rev 58136)
+++ PKGBUILD	2009-11-04 11:54:42 UTC (rev 58137)
@@ -1,8 +1,9 @@
 # $Id$
-# Maintainer: judd <jvinet at zeroflux.org>
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+
 pkgname=freetype2
-pkgver=2.3.9
-pkgrel=2
+pkgver=2.3.11
+pkgrel=1
 pkgdesc="TrueType font rendering library"
 arch=(i686 x86_64)
 license=('GPL')
@@ -10,17 +11,15 @@
 depends=('zlib')
 options=('!libtool')
 source=(http://downloads.sourceforge.net/sourceforge/freetype/freetype-${pkgver}.tar.bz2
-	bytecode.patch
-	freetype-2.3.0-enable-spr.patch
-	freetype-2.2.1-enable-valid.patch
-	freetype-2.2.1-memcpy-fix.patch
-	CVE-2009-0946.patch)
-md5sums=('d76233108aca9c9606cdbd341562ad9a'
+        bytecode.patch
+        freetype-2.3.0-enable-spr.patch
+        freetype-2.2.1-enable-valid.patch
+        freetype-2.2.1-memcpy-fix.patch)
+md5sums=('519c7cbf5cbd72ffa822c66844d3114c'
          '9ff19e742968c29e3ba52b08d6bf0a50'
          '816dc8619a6904a7385769433c0a8653'
          '214119610444c9b02766ccee5e220680'
-         '6fb6606d28082ecb8e0c6d986b0b26aa'
-	 '3322c8f8266f7f3dcafb7205ad433c05')
+         '6fb6606d28082ecb8e0c6d986b0b26aa')
 
 build() {
   cd "${srcdir}/freetype-${pkgver}"
@@ -28,7 +27,6 @@
   patch -Np1 -i "${srcdir}/freetype-2.3.0-enable-spr.patch" || return 1
   patch -Np1 -i "${srcdir}/freetype-2.2.1-enable-valid.patch" || return 1
   patch -Np1 -i "${srcdir}/freetype-2.2.1-memcpy-fix.patch" || return 1
-  patch -Np1 -i "${srcdir}/CVE-2009-0946.patch" || return 1
 
   ./configure --prefix=/usr || return 1
   make || return 1



More information about the arch-commits mailing list