[arch-commits] Commit in t1lib/repos (16 files)
Jan de Groot
jgc at nymeria.archlinux.org
Mon Feb 17 09:58:12 UTC 2014
Date: Monday, February 17, 2014 @ 10:58:12
Author: jgc
Revision: 206078
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
t1lib/repos/extra-i686/CVE-2010-2642.patch
(from rev 206077, t1lib/trunk/CVE-2010-2642.patch)
t1lib/repos/extra-i686/CVE-2011-0764.diff
(from rev 206077, t1lib/trunk/CVE-2011-0764.diff)
t1lib/repos/extra-i686/CVE-2011-1552_1553_1554.patch
(from rev 206077, t1lib/trunk/CVE-2011-1552_1553_1554.patch)
t1lib/repos/extra-i686/PKGBUILD
(from rev 206077, t1lib/trunk/PKGBUILD)
t1lib/repos/extra-i686/format-security.diff
(from rev 206077, t1lib/trunk/format-security.diff)
t1lib/repos/extra-i686/lib-cleanup.diff
(from rev 206077, t1lib/trunk/lib-cleanup.diff)
t1lib/repos/extra-x86_64/CVE-2010-2642.patch
(from rev 206077, t1lib/trunk/CVE-2010-2642.patch)
t1lib/repos/extra-x86_64/CVE-2011-0764.diff
(from rev 206077, t1lib/trunk/CVE-2011-0764.diff)
t1lib/repos/extra-x86_64/CVE-2011-1552_1553_1554.patch
(from rev 206077, t1lib/trunk/CVE-2011-1552_1553_1554.patch)
t1lib/repos/extra-x86_64/PKGBUILD
(from rev 206077, t1lib/trunk/PKGBUILD)
t1lib/repos/extra-x86_64/format-security.diff
(from rev 206077, t1lib/trunk/format-security.diff)
t1lib/repos/extra-x86_64/lib-cleanup.diff
(from rev 206077, t1lib/trunk/lib-cleanup.diff)
Deleted:
t1lib/repos/extra-i686/PKGBUILD
t1lib/repos/extra-i686/overflow.patch
t1lib/repos/extra-x86_64/PKGBUILD
t1lib/repos/extra-x86_64/overflow.patch
--------------------------------------------+
/PKGBUILD | 88 +++++++++++++++++
extra-i686/CVE-2010-2642.patch | 24 ++++
extra-i686/CVE-2011-0764.diff | 32 ++++++
extra-i686/CVE-2011-1552_1553_1554.patch | 133 +++++++++++++++++++++++++++
extra-i686/PKGBUILD | 25 -----
extra-i686/format-security.diff | 33 ++++++
extra-i686/lib-cleanup.diff | 59 +++++++++++
extra-i686/overflow.patch | 15 ---
extra-x86_64/CVE-2010-2642.patch | 24 ++++
extra-x86_64/CVE-2011-0764.diff | 32 ++++++
extra-x86_64/CVE-2011-1552_1553_1554.patch | 133 +++++++++++++++++++++++++++
extra-x86_64/PKGBUILD | 25 -----
extra-x86_64/format-security.diff | 33 ++++++
extra-x86_64/lib-cleanup.diff | 59 +++++++++++
extra-x86_64/overflow.patch | 15 ---
15 files changed, 650 insertions(+), 80 deletions(-)
Copied: t1lib/repos/extra-i686/CVE-2010-2642.patch (from rev 206077, t1lib/trunk/CVE-2010-2642.patch)
===================================================================
--- extra-i686/CVE-2010-2642.patch (rev 0)
+++ extra-i686/CVE-2010-2642.patch 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,24 @@
+diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c
+index 6a31d7f..ba64541 100644
+--- a/lib/t1lib/parseAFM.c
++++ b/lib/t1lib/parseAFM.c
+@@ -199,7 +199,9 @@ static char *token(stream)
+ idx = 0;
+
+ while (ch != EOF && ch != ' ' && ch != CR && ch != LF &&
+- ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
++ ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'
++ && idx < (MAX_NAME -1))
++ {
+ ident[idx++] = ch;
+ ch = fgetc(stream);
+ } /* while */
+@@ -235,7 +237,7 @@ static char *linetoken(stream)
+ while ((ch = fgetc(stream)) == ' ' || ch == '\t' );
+
+ idx = 0;
+- while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z)
++ while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1))
+ {
+ ident[idx++] = ch;
+ ch = fgetc(stream);
Copied: t1lib/repos/extra-i686/CVE-2011-0764.diff (from rev 206077, t1lib/trunk/CVE-2011-0764.diff)
===================================================================
--- extra-i686/CVE-2011-0764.diff (rev 0)
+++ extra-i686/CVE-2011-0764.diff 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,32 @@
+Description: Don't lookup previous point if there isn't any
+Author: Marc Deslauriers <marc.deslauriers at canonical.com>
+Forwarded: no
+
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c 2011-12-13 14:24:14.280965637 -0600
++++ t1lib-5.1.2/lib/type1/type1.c 2011-12-13 14:25:25.893320747 -0600
+@@ -1700,6 +1700,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous segment! */
++ if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+
+ /* Allocate a new path point and pre-setup data */
+@@ -1728,6 +1729,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous point! */
++ if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+
+ /* Allocate three new path points and pre-setup data */
+@@ -1903,6 +1905,7 @@
+ FindStems( currx, curry, 0, 0, dx, dy);
+ }
+ else {
++ if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
+ FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+ }
+
Copied: t1lib/repos/extra-i686/CVE-2011-1552_1553_1554.patch (from rev 206077, t1lib/trunk/CVE-2011-1552_1553_1554.patch)
===================================================================
--- extra-i686/CVE-2011-1552_1553_1554.patch (rev 0)
+++ extra-i686/CVE-2011-1552_1553_1554.patch 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,133 @@
+Author: Jaroslav Škarvada <jskarvad at redhat.com>
+Description: Fix more crashes on oversized fonts
+Bug-Redhat: http://bugzilla.redhat.com/show_bug.cgi?id=692909
+Index: t1lib-5.1.2/lib/type1/lines.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/lines.c 2007-12-23 09:49:42.000000000 -0600
++++ t1lib-5.1.2/lib/type1/lines.c 2012-01-17 14:15:08.000000000 -0600
+@@ -67,6 +67,10 @@
+ None.
+ */
+
++#define BITS (sizeof(LONG)*8)
++#define HIGHTEST(p) (((p)>>(BITS-2)) != 0) /* includes sign bit */
++#define TOOBIG(xy) ((xy < 0) ? HIGHTEST(-xy) : HIGHTEST(xy))
++
+ /*
+ :h2.StepLine() - Produces Run Ends for a Line After Checks
+
+@@ -84,6 +88,9 @@
+ IfTrace4((LineDebug > 0), ".....StepLine: (%d,%d) to (%d,%d)\n",
+ x1, y1, x2, y2);
+
++ if ( TOOBIG(x1) || TOOBIG(x2) || TOOBIG(y1) || TOOBIG(y2))
++ abort("Lines this big not supported", 49);
++
+ dy = y2 - y1;
+
+ /*
+Index: t1lib-5.1.2/lib/type1/objects.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/objects.c 2007-12-23 09:49:42.000000000 -0600
++++ t1lib-5.1.2/lib/type1/objects.c 2012-01-17 14:15:08.000000000 -0600
+@@ -1137,12 +1137,13 @@
+ "Context: out of them", /* 46 */
+ "MatrixInvert: can't", /* 47 */
+ "xiStub called", /* 48 */
+- "Illegal access type1 abort() message" /* 49 */
++ "Lines this big not supported", /* 49 */
++ "Illegal access type1 abort() message" /* 50 */
+ };
+
+- /* no is valid from 1 to 48 */
+- if ( (number<1)||(number>48))
+- number=49;
++ /* no is valid from 1 to 49 */
++ if ( (number<1)||(number>49))
++ number=50;
+ return( err_msgs[number-1]);
+
+ }
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c 2012-01-17 14:13:28.000000000 -0600
++++ t1lib-5.1.2/lib/type1/type1.c 2012-01-17 14:19:54.000000000 -0600
+@@ -1012,6 +1012,7 @@
+ double nextdtana = 0.0; /* tangent of post-delta against horizontal line */
+ double nextdtanb = 0.0; /* tangent of post-delta against vertical line */
+
++ if (ppoints == NULL || numppoints < 1) Error0v("FindStems: No previous point!\n");
+
+ /* setup default hinted position */
+ ppoints[numppoints-1].ax = ppoints[numppoints-1].x;
+@@ -1289,7 +1290,7 @@
+ static int DoRead(CodeP)
+ int *CodeP;
+ {
+- if (strindex >= CharStringP->len) return(FALSE); /* end of string */
++ if (!CharStringP || strindex >= CharStringP->len) return(FALSE); /* end of string */
+ /* We handle the non-documented Adobe convention to use lenIV=-1 to
+ suppress charstring encryption. */
+ if (blues->lenIV==-1) {
+@@ -1700,7 +1701,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous segment! */
+- if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
++ if (ppoints == NULL || numppoints < 2) Error0i("RLineTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+
+ /* Allocate a new path point and pre-setup data */
+@@ -1729,7 +1730,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous point! */
+- if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
++ if (ppoints == NULL || numppoints < 2) Error0i("RRCurveTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+
+ /* Allocate three new path points and pre-setup data */
+@@ -1788,7 +1789,9 @@
+ long tmpind;
+ double deltax = 0.0;
+ double deltay = 0.0;
+-
++
++ if (ppoints == NULL || numppoints < 1) Error0i("DoClosePath: No previous point!");
++
+ /* If this ClosePath command together with the starting point of this
+ path completes to a segment aligned to a stem, we would miss
+ hinting for this point. --> Check and explicitly care for this! */
+@@ -1803,6 +1806,7 @@
+ deltax = ppoints[i].x - ppoints[numppoints-1].x;
+ deltay = ppoints[i].y - ppoints[numppoints-1].y;
+
++ if (ppoints == NULL || numppoints <= i + 1) Error0i("DoClosePath: No previous point!");
+ /* save nummppoints and reset to move point */
+ tmpind = numppoints;
+ numppoints = i + 1;
+@@ -1905,7 +1909,7 @@
+ FindStems( currx, curry, 0, 0, dx, dy);
+ }
+ else {
+- if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
++ if (ppoints == NULL || numppoints < 2) Error0i("RMoveTo: No previous point!\n");
+ FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+ }
+
+@@ -2155,6 +2159,7 @@
+ DOUBLE cx, cy;
+ DOUBLE ex, ey;
+
++ if (ppoints == NULL || numppoints < 8) Error0v("FlxProc: No previous point!");
+
+ /* Our PPOINT list now contains 7 moveto commands which
+ are about to be consumed by the Flex mechanism. --> Remove these
+@@ -2324,6 +2329,7 @@
+ /* Returns currentpoint on stack */
+ static void FlxProc2()
+ {
++ if (ppoints == NULL || numppoints < 1) Error0v("FlxProc2: No previous point!");
+ /* Push CurrentPoint on fake PostScript stack */
+ PSFakePush( ppoints[numppoints-1].x);
+ PSFakePush( ppoints[numppoints-1].y);
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2014-02-17 09:58:01 UTC (rev 206077)
+++ extra-i686/PKGBUILD 2014-02-17 09:58:12 UTC (rev 206078)
@@ -1,25 +0,0 @@
-# $Id$
-# Maintainer: tobias <tobias at archlinux.org>
-# Contributor: Rainer Moll <renari at arcor.de>
-
-pkgname=t1lib
-pkgver=5.1.2
-pkgrel=4
-pkgdesc="Library for generating character- and string-glyphs from Adobe Type 1 fonts"
-arch=('i686' 'x86_64')
-url="http://www.ibiblio.org/pub/Linux/libs/graphics/!INDEX.html"
-license=('GPL')
-depends=('libxaw')
-source=(http://www.ibiblio.org/pub/Linux/libs/graphics/${pkgname}-${pkgver}.tar.gz )
-md5sums=('a5629b56b93134377718009df1435f3c')
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure --prefix=/usr
- make without_doc
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
-}
Copied: t1lib/repos/extra-i686/PKGBUILD (from rev 206077, t1lib/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,44 @@
+# $Id$
+# Maintainer: tobias <tobias at archlinux.org>
+# Contributor: Rainer Moll <renari at arcor.de>
+
+pkgname=t1lib
+pkgver=5.1.2
+pkgrel=5
+pkgdesc="Library for generating character- and string-glyphs from Adobe Type 1 fonts"
+arch=('i686' 'x86_64')
+url="http://www.ibiblio.org/pub/Linux/libs/graphics/!INDEX.html"
+license=('GPL')
+depends=('libxaw')
+source=(http://www.ibiblio.org/pub/Linux/libs/graphics/${pkgname}-${pkgver}.tar.gz
+ lib-cleanup.diff
+ format-security.diff
+ CVE-2011-0764.diff
+ CVE-2011-1552_1553_1554.patch
+ CVE-2010-2642.patch)
+md5sums=('a5629b56b93134377718009df1435f3c'
+ '82dafb6051d64a94f32c73d59649ddd0'
+ 'b947e6a732729db2819d4f857a686e2f'
+ '60fb9f058a6bb1f760ddaf2ed7d71879'
+ '22e03d81fab188139acbe7fd3a0a706a'
+ '2283c116d1dda278ee77ef27c1a8e397')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../lib-cleanup.diff
+ patch -Np1 -i ../format-security.diff
+ patch -Np1 -i ../CVE-2011-0764.diff
+ patch -Np1 -i ../CVE-2011-1552_1553_1554.patch
+ patch -Np1 -i ../CVE-2010-2642.patch
+}
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure --prefix=/usr
+ make without_doc
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make DESTDIR="${pkgdir}" install
+}
Copied: t1lib/repos/extra-i686/format-security.diff (from rev 206077, t1lib/trunk/format-security.diff)
===================================================================
--- extra-i686/format-security.diff (rev 0)
+++ extra-i686/format-security.diff 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,33 @@
+--- a/lib/type1/objects.c
++++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+
+ sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+ name, TypeFmt(expect), TypeFmt(obj->type));
+- IfTrace0(TRUE,typemsg);
++ IfTrace1(TRUE, "%s", typemsg);
+
+ ObjectPostMortem(obj);
+
+--- a/lib/t1lib/t1subset.c
++++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ tr_len);
+ T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ T1LOG_DEBUG);
+- l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
++ l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
+ }
+
+ /* compute size of output file */
+--- a/lib/type1/objects.h
++++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model) \
+- {if (condition) printf(model);}
++ {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0) \
+ {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1) \
Copied: t1lib/repos/extra-i686/lib-cleanup.diff (from rev 206077, t1lib/trunk/lib-cleanup.diff)
===================================================================
--- extra-i686/lib-cleanup.diff (rev 0)
+++ extra-i686/lib-cleanup.diff 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,59 @@
+do not link against libraries that are not needed
+
+Index: t1lib-5.1.1/lib/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/lib/Makefile.in 2008-01-05 19:17:21.000000000 +0100
++++ t1lib-5.1.1/lib/Makefile.in 2008-01-05 19:17:38.000000000 +0100
+@@ -24,7 +24,7 @@
+ X_LIBS = @X_LIBS@
+ TOPSRC = @top_srcdir@
+ XPM_LIB = -lXpm
+-XLIB = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@
++XLIB = -lX11
+ LDFLAGS = @LDFLAGS@
+ LDLIBS = @LDLIBS@
+ AR = ar rc
+@@ -137,7 +137,7 @@
+ $(LIBTOOL) --mode=link \
+ $(CC) $(LDFLAGS) -o $@ $(T1LIBX_OBJS) \
+ -version-info @T1LIB_LT_CURRENT@:@T1LIB_LT_REVISION@:@T1LIB_LT_AGE@ \
+- libt1.la $(X_LIBS) $(XPM_LIB) $(XLIB) -no-undefined -rpath $(libdir)
++ libt1.la $(X_LIBS) $(XLIB) -no-undefined -rpath $(libdir)
+ cp t1lib/t1libx.h .
+
+
+Index: t1lib-5.1.1/type1afm/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/type1afm/Makefile.in 2008-01-05 19:17:52.000000000 +0100
++++ t1lib-5.1.1/type1afm/Makefile.in 2008-01-05 19:18:02.000000000 +0100
+@@ -70,7 +70,7 @@
+
+ type1afm: $(OBJS) ../lib/t1lib.h
+ $(LIBTOOL) --mode=link \
+- $(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB) $(LDLIBS)
++ $(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB)
+
+ .SUFFIXES: .lo
+ .c.lo:
+Index: t1lib-5.1.1/xglyph/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/xglyph/Makefile.in 2008-01-05 19:18:15.000000000 +0100
++++ t1lib-5.1.1/xglyph/Makefile.in 2008-01-05 19:18:31.000000000 +0100
+@@ -24,7 +24,7 @@
+ X_LIBS = @X_LIBS@
+ TOPSRC = @top_srcdir@
+ XPM_LIB = -lXpm
+-XLIB = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@
++XLIB = -lX11 @X_EXTRA_LIBS@
+ LDFLAGS = @LDFLAGS@
+ LDLIBS = @LDLIBS@
+ AR = ar rc
+@@ -65,7 +65,7 @@
+
+ T1LIB = ../lib/libt1.la
+ T1LIBX = ../lib/libt1x.la
+-XAWLIB = -lXaw -lXt -lXmu
++XAWLIB = -lXaw -lXt
+
+
+ all: xglyph
Deleted: extra-i686/overflow.patch
===================================================================
--- extra-i686/overflow.patch 2014-02-17 09:58:01 UTC (rev 206077)
+++ extra-i686/overflow.patch 2014-02-17 09:58:12 UTC (rev 206078)
@@ -1,15 +0,0 @@
---- t1env.c.orig 2007-09-16 19:56:38.319184208 +0200
-+++ t1env.c 2007-09-16 20:05:02.057070439 +0200
-@@ -611,6 +611,12 @@
- #endif
- strcat( pathbuf, DIRECTORY_SEP);
- /* And finally the filename: */
-+ /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
-+ let's try next pathbuf */
-+ if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
-+ i++;
-+ continue;
-+ }
- strcat( pathbuf, StrippedName);
-
- /* Check for existence of the path: */
Copied: t1lib/repos/extra-x86_64/CVE-2010-2642.patch (from rev 206077, t1lib/trunk/CVE-2010-2642.patch)
===================================================================
--- extra-x86_64/CVE-2010-2642.patch (rev 0)
+++ extra-x86_64/CVE-2010-2642.patch 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,24 @@
+diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c
+index 6a31d7f..ba64541 100644
+--- a/lib/t1lib/parseAFM.c
++++ b/lib/t1lib/parseAFM.c
+@@ -199,7 +199,9 @@ static char *token(stream)
+ idx = 0;
+
+ while (ch != EOF && ch != ' ' && ch != CR && ch != LF &&
+- ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
++ ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'
++ && idx < (MAX_NAME -1))
++ {
+ ident[idx++] = ch;
+ ch = fgetc(stream);
+ } /* while */
+@@ -235,7 +237,7 @@ static char *linetoken(stream)
+ while ((ch = fgetc(stream)) == ' ' || ch == '\t' );
+
+ idx = 0;
+- while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z)
++ while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1))
+ {
+ ident[idx++] = ch;
+ ch = fgetc(stream);
Copied: t1lib/repos/extra-x86_64/CVE-2011-0764.diff (from rev 206077, t1lib/trunk/CVE-2011-0764.diff)
===================================================================
--- extra-x86_64/CVE-2011-0764.diff (rev 0)
+++ extra-x86_64/CVE-2011-0764.diff 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,32 @@
+Description: Don't lookup previous point if there isn't any
+Author: Marc Deslauriers <marc.deslauriers at canonical.com>
+Forwarded: no
+
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c 2011-12-13 14:24:14.280965637 -0600
++++ t1lib-5.1.2/lib/type1/type1.c 2011-12-13 14:25:25.893320747 -0600
+@@ -1700,6 +1700,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous segment! */
++ if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+
+ /* Allocate a new path point and pre-setup data */
+@@ -1728,6 +1729,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous point! */
++ if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+
+ /* Allocate three new path points and pre-setup data */
+@@ -1903,6 +1905,7 @@
+ FindStems( currx, curry, 0, 0, dx, dy);
+ }
+ else {
++ if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
+ FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+ }
+
Copied: t1lib/repos/extra-x86_64/CVE-2011-1552_1553_1554.patch (from rev 206077, t1lib/trunk/CVE-2011-1552_1553_1554.patch)
===================================================================
--- extra-x86_64/CVE-2011-1552_1553_1554.patch (rev 0)
+++ extra-x86_64/CVE-2011-1552_1553_1554.patch 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,133 @@
+Author: Jaroslav Škarvada <jskarvad at redhat.com>
+Description: Fix more crashes on oversized fonts
+Bug-Redhat: http://bugzilla.redhat.com/show_bug.cgi?id=692909
+Index: t1lib-5.1.2/lib/type1/lines.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/lines.c 2007-12-23 09:49:42.000000000 -0600
++++ t1lib-5.1.2/lib/type1/lines.c 2012-01-17 14:15:08.000000000 -0600
+@@ -67,6 +67,10 @@
+ None.
+ */
+
++#define BITS (sizeof(LONG)*8)
++#define HIGHTEST(p) (((p)>>(BITS-2)) != 0) /* includes sign bit */
++#define TOOBIG(xy) ((xy < 0) ? HIGHTEST(-xy) : HIGHTEST(xy))
++
+ /*
+ :h2.StepLine() - Produces Run Ends for a Line After Checks
+
+@@ -84,6 +88,9 @@
+ IfTrace4((LineDebug > 0), ".....StepLine: (%d,%d) to (%d,%d)\n",
+ x1, y1, x2, y2);
+
++ if ( TOOBIG(x1) || TOOBIG(x2) || TOOBIG(y1) || TOOBIG(y2))
++ abort("Lines this big not supported", 49);
++
+ dy = y2 - y1;
+
+ /*
+Index: t1lib-5.1.2/lib/type1/objects.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/objects.c 2007-12-23 09:49:42.000000000 -0600
++++ t1lib-5.1.2/lib/type1/objects.c 2012-01-17 14:15:08.000000000 -0600
+@@ -1137,12 +1137,13 @@
+ "Context: out of them", /* 46 */
+ "MatrixInvert: can't", /* 47 */
+ "xiStub called", /* 48 */
+- "Illegal access type1 abort() message" /* 49 */
++ "Lines this big not supported", /* 49 */
++ "Illegal access type1 abort() message" /* 50 */
+ };
+
+- /* no is valid from 1 to 48 */
+- if ( (number<1)||(number>48))
+- number=49;
++ /* no is valid from 1 to 49 */
++ if ( (number<1)||(number>49))
++ number=50;
+ return( err_msgs[number-1]);
+
+ }
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c 2012-01-17 14:13:28.000000000 -0600
++++ t1lib-5.1.2/lib/type1/type1.c 2012-01-17 14:19:54.000000000 -0600
+@@ -1012,6 +1012,7 @@
+ double nextdtana = 0.0; /* tangent of post-delta against horizontal line */
+ double nextdtanb = 0.0; /* tangent of post-delta against vertical line */
+
++ if (ppoints == NULL || numppoints < 1) Error0v("FindStems: No previous point!\n");
+
+ /* setup default hinted position */
+ ppoints[numppoints-1].ax = ppoints[numppoints-1].x;
+@@ -1289,7 +1290,7 @@
+ static int DoRead(CodeP)
+ int *CodeP;
+ {
+- if (strindex >= CharStringP->len) return(FALSE); /* end of string */
++ if (!CharStringP || strindex >= CharStringP->len) return(FALSE); /* end of string */
+ /* We handle the non-documented Adobe convention to use lenIV=-1 to
+ suppress charstring encryption. */
+ if (blues->lenIV==-1) {
+@@ -1700,7 +1701,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous segment! */
+- if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
++ if (ppoints == NULL || numppoints < 2) Error0i("RLineTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+
+ /* Allocate a new path point and pre-setup data */
+@@ -1729,7 +1730,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous point! */
+- if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
++ if (ppoints == NULL || numppoints < 2) Error0i("RRCurveTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+
+ /* Allocate three new path points and pre-setup data */
+@@ -1788,7 +1789,9 @@
+ long tmpind;
+ double deltax = 0.0;
+ double deltay = 0.0;
+-
++
++ if (ppoints == NULL || numppoints < 1) Error0i("DoClosePath: No previous point!");
++
+ /* If this ClosePath command together with the starting point of this
+ path completes to a segment aligned to a stem, we would miss
+ hinting for this point. --> Check and explicitly care for this! */
+@@ -1803,6 +1806,7 @@
+ deltax = ppoints[i].x - ppoints[numppoints-1].x;
+ deltay = ppoints[i].y - ppoints[numppoints-1].y;
+
++ if (ppoints == NULL || numppoints <= i + 1) Error0i("DoClosePath: No previous point!");
+ /* save nummppoints and reset to move point */
+ tmpind = numppoints;
+ numppoints = i + 1;
+@@ -1905,7 +1909,7 @@
+ FindStems( currx, curry, 0, 0, dx, dy);
+ }
+ else {
+- if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
++ if (ppoints == NULL || numppoints < 2) Error0i("RMoveTo: No previous point!\n");
+ FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+ }
+
+@@ -2155,6 +2159,7 @@
+ DOUBLE cx, cy;
+ DOUBLE ex, ey;
+
++ if (ppoints == NULL || numppoints < 8) Error0v("FlxProc: No previous point!");
+
+ /* Our PPOINT list now contains 7 moveto commands which
+ are about to be consumed by the Flex mechanism. --> Remove these
+@@ -2324,6 +2329,7 @@
+ /* Returns currentpoint on stack */
+ static void FlxProc2()
+ {
++ if (ppoints == NULL || numppoints < 1) Error0v("FlxProc2: No previous point!");
+ /* Push CurrentPoint on fake PostScript stack */
+ PSFakePush( ppoints[numppoints-1].x);
+ PSFakePush( ppoints[numppoints-1].y);
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2014-02-17 09:58:01 UTC (rev 206077)
+++ extra-x86_64/PKGBUILD 2014-02-17 09:58:12 UTC (rev 206078)
@@ -1,25 +0,0 @@
-# $Id$
-# Maintainer: tobias <tobias at archlinux.org>
-# Contributor: Rainer Moll <renari at arcor.de>
-
-pkgname=t1lib
-pkgver=5.1.2
-pkgrel=4
-pkgdesc="Library for generating character- and string-glyphs from Adobe Type 1 fonts"
-arch=('i686' 'x86_64')
-url="http://www.ibiblio.org/pub/Linux/libs/graphics/!INDEX.html"
-license=('GPL')
-depends=('libxaw')
-source=(http://www.ibiblio.org/pub/Linux/libs/graphics/${pkgname}-${pkgver}.tar.gz )
-md5sums=('a5629b56b93134377718009df1435f3c')
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure --prefix=/usr
- make without_doc
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
-}
Copied: t1lib/repos/extra-x86_64/PKGBUILD (from rev 206077, t1lib/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,44 @@
+# $Id$
+# Maintainer: tobias <tobias at archlinux.org>
+# Contributor: Rainer Moll <renari at arcor.de>
+
+pkgname=t1lib
+pkgver=5.1.2
+pkgrel=5
+pkgdesc="Library for generating character- and string-glyphs from Adobe Type 1 fonts"
+arch=('i686' 'x86_64')
+url="http://www.ibiblio.org/pub/Linux/libs/graphics/!INDEX.html"
+license=('GPL')
+depends=('libxaw')
+source=(http://www.ibiblio.org/pub/Linux/libs/graphics/${pkgname}-${pkgver}.tar.gz
+ lib-cleanup.diff
+ format-security.diff
+ CVE-2011-0764.diff
+ CVE-2011-1552_1553_1554.patch
+ CVE-2010-2642.patch)
+md5sums=('a5629b56b93134377718009df1435f3c'
+ '82dafb6051d64a94f32c73d59649ddd0'
+ 'b947e6a732729db2819d4f857a686e2f'
+ '60fb9f058a6bb1f760ddaf2ed7d71879'
+ '22e03d81fab188139acbe7fd3a0a706a'
+ '2283c116d1dda278ee77ef27c1a8e397')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../lib-cleanup.diff
+ patch -Np1 -i ../format-security.diff
+ patch -Np1 -i ../CVE-2011-0764.diff
+ patch -Np1 -i ../CVE-2011-1552_1553_1554.patch
+ patch -Np1 -i ../CVE-2010-2642.patch
+}
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure --prefix=/usr
+ make without_doc
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make DESTDIR="${pkgdir}" install
+}
Copied: t1lib/repos/extra-x86_64/format-security.diff (from rev 206077, t1lib/trunk/format-security.diff)
===================================================================
--- extra-x86_64/format-security.diff (rev 0)
+++ extra-x86_64/format-security.diff 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,33 @@
+--- a/lib/type1/objects.c
++++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+
+ sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+ name, TypeFmt(expect), TypeFmt(obj->type));
+- IfTrace0(TRUE,typemsg);
++ IfTrace1(TRUE, "%s", typemsg);
+
+ ObjectPostMortem(obj);
+
+--- a/lib/t1lib/t1subset.c
++++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ tr_len);
+ T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ T1LOG_DEBUG);
+- l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
++ l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
+ }
+
+ /* compute size of output file */
+--- a/lib/type1/objects.h
++++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model) \
+- {if (condition) printf(model);}
++ {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0) \
+ {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1) \
Copied: t1lib/repos/extra-x86_64/lib-cleanup.diff (from rev 206077, t1lib/trunk/lib-cleanup.diff)
===================================================================
--- extra-x86_64/lib-cleanup.diff (rev 0)
+++ extra-x86_64/lib-cleanup.diff 2014-02-17 09:58:12 UTC (rev 206078)
@@ -0,0 +1,59 @@
+do not link against libraries that are not needed
+
+Index: t1lib-5.1.1/lib/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/lib/Makefile.in 2008-01-05 19:17:21.000000000 +0100
++++ t1lib-5.1.1/lib/Makefile.in 2008-01-05 19:17:38.000000000 +0100
+@@ -24,7 +24,7 @@
+ X_LIBS = @X_LIBS@
+ TOPSRC = @top_srcdir@
+ XPM_LIB = -lXpm
+-XLIB = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@
++XLIB = -lX11
+ LDFLAGS = @LDFLAGS@
+ LDLIBS = @LDLIBS@
+ AR = ar rc
+@@ -137,7 +137,7 @@
+ $(LIBTOOL) --mode=link \
+ $(CC) $(LDFLAGS) -o $@ $(T1LIBX_OBJS) \
+ -version-info @T1LIB_LT_CURRENT@:@T1LIB_LT_REVISION@:@T1LIB_LT_AGE@ \
+- libt1.la $(X_LIBS) $(XPM_LIB) $(XLIB) -no-undefined -rpath $(libdir)
++ libt1.la $(X_LIBS) $(XLIB) -no-undefined -rpath $(libdir)
+ cp t1lib/t1libx.h .
+
+
+Index: t1lib-5.1.1/type1afm/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/type1afm/Makefile.in 2008-01-05 19:17:52.000000000 +0100
++++ t1lib-5.1.1/type1afm/Makefile.in 2008-01-05 19:18:02.000000000 +0100
+@@ -70,7 +70,7 @@
+
+ type1afm: $(OBJS) ../lib/t1lib.h
+ $(LIBTOOL) --mode=link \
+- $(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB) $(LDLIBS)
++ $(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB)
+
+ .SUFFIXES: .lo
+ .c.lo:
+Index: t1lib-5.1.1/xglyph/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/xglyph/Makefile.in 2008-01-05 19:18:15.000000000 +0100
++++ t1lib-5.1.1/xglyph/Makefile.in 2008-01-05 19:18:31.000000000 +0100
+@@ -24,7 +24,7 @@
+ X_LIBS = @X_LIBS@
+ TOPSRC = @top_srcdir@
+ XPM_LIB = -lXpm
+-XLIB = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@
++XLIB = -lX11 @X_EXTRA_LIBS@
+ LDFLAGS = @LDFLAGS@
+ LDLIBS = @LDLIBS@
+ AR = ar rc
+@@ -65,7 +65,7 @@
+
+ T1LIB = ../lib/libt1.la
+ T1LIBX = ../lib/libt1x.la
+-XAWLIB = -lXaw -lXt -lXmu
++XAWLIB = -lXaw -lXt
+
+
+ all: xglyph
Deleted: extra-x86_64/overflow.patch
===================================================================
--- extra-x86_64/overflow.patch 2014-02-17 09:58:01 UTC (rev 206077)
+++ extra-x86_64/overflow.patch 2014-02-17 09:58:12 UTC (rev 206078)
@@ -1,15 +0,0 @@
---- t1env.c.orig 2007-09-16 19:56:38.319184208 +0200
-+++ t1env.c 2007-09-16 20:05:02.057070439 +0200
-@@ -611,6 +611,12 @@
- #endif
- strcat( pathbuf, DIRECTORY_SEP);
- /* And finally the filename: */
-+ /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
-+ let's try next pathbuf */
-+ if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
-+ i++;
-+ continue;
-+ }
- strcat( pathbuf, StrippedName);
-
- /* Check for existence of the path: */
More information about the arch-commits
mailing list