[arch-commits] Commit in freetype2/trunk (3 files)
Jan Steffens
heftig at archlinux.org
Sat May 13 13:03:52 UTC 2017
Date: Saturday, May 13, 2017 @ 13:03:51
Author: heftig
Revision: 295963
2.8-1
Modified:
freetype2/trunk/PKGBUILD
Deleted:
freetype2/trunk/CVE-2017-8105.patch
freetype2/trunk/CVE-2017-8287.patch
---------------------+
CVE-2017-8105.patch | 47 -----------------------------------------------
CVE-2017-8287.patch | 35 -----------------------------------
PKGBUILD | 27 +++++++++++----------------
3 files changed, 11 insertions(+), 98 deletions(-)
Deleted: CVE-2017-8105.patch
===================================================================
--- CVE-2017-8105.patch 2017-05-13 12:58:56 UTC (rev 295962)
+++ CVE-2017-8105.patch 2017-05-13 13:03:51 UTC (rev 295963)
@@ -1,47 +0,0 @@
-From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl at gnu.org>
-Date: Fri, 24 Mar 2017 09:15:10 +0100
-Subject: [psaux] Better protect `flex' handling.
-
-Reported as
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-
-* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
-<callothersubr>: Since there is not a single flex operator but a
-series of subroutine calls, malformed fonts can call arbitrary other
-operators after the start of a flex, possibly adding points. For
-this reason we have to check the available number of points before
-inserting a point.
----
- ChangeLog | 15 +++++++++++++++
- src/psaux/t1decode.c | 9 +++++++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
-index af7b465..7dd4513 100644
---- a/src/psaux/t1decode.c
-+++ b/src/psaux/t1decode.c
-@@ -780,10 +780,19 @@
- /* point without adding any point to the outline */
- idx = decoder->num_flex_vectors++;
- if ( idx > 0 && idx < 7 )
-+ {
-+ /* in malformed fonts it is possible to have other */
-+ /* opcodes in the middle of a flex (which don't */
-+ /* increase `num_flex_vectors'); we thus have to */
-+ /* check whether we can add a point */
-+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
-+ goto Syntax_Error;
-+
- t1_builder_add_point( builder,
- x,
- y,
- (FT_Byte)( idx == 3 || idx == 6 ) );
-+ }
- }
- break;
-
---
-cgit v1.0-41-gc330
-
Deleted: CVE-2017-8287.patch
===================================================================
--- CVE-2017-8287.patch 2017-05-13 12:58:56 UTC (rev 295962)
+++ CVE-2017-8287.patch 2017-05-13 13:03:51 UTC (rev 295963)
@@ -1,35 +0,0 @@
-From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl at gnu.org>
-Date: Sun, 26 Mar 2017 08:32:09 +0200
-Subject: * src/psaux/psobjs.c (t1_builder_close_contour): Add safety guard.
-
-Reported as
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
----
- ChangeLog | 8 ++++++++
- src/psaux/psobjs.c | 8 ++++++++
- 2 files changed, 16 insertions(+)
-
-diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
-index d18e821..0baf836 100644
---- a/src/psaux/psobjs.c
-+++ b/src/psaux/psobjs.c
-@@ -1718,6 +1718,14 @@
- first = outline->n_contours <= 1
- ? 0 : outline->contours[outline->n_contours - 2] + 1;
-
-+ /* in malformed fonts it can happen that a contour was started */
-+ /* but no points were added */
-+ if ( outline->n_contours && first == outline->n_points )
-+ {
-+ outline->n_contours--;
-+ return;
-+ }
-+
- /* We must not include the last point in the path if it */
- /* is located on the first point. */
- if ( outline->n_points > 1 )
---
-cgit v1.0-41-gc330
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-05-13 12:58:56 UTC (rev 295962)
+++ PKGBUILD 2017-05-13 13:03:51 UTC (rev 295963)
@@ -3,36 +3,32 @@
pkgbase=freetype2
pkgname=('freetype2' 'freetype2-demos')
-pkgver=2.7.1
-pkgrel=2
+pkgver=2.8
+pkgrel=1
arch=(i686 x86_64)
license=('GPL')
-url="http://www.freetype.org/"
+url="https://www.freetype.org/"
# adding harfbuzz for improved OpenType features auto-hinting
# introduces a cycle dep to harfbuzz depending on freetype wanted by upstream
makedepends=('libx11' 'zlib' 'bzip2' 'sh' 'libpng' 'harfbuzz')
-source=(https://download.savannah.gnu.org/releases/freetype/freetype-${pkgver}.tar.bz2{,.sig}
- https://download.savannah.gnu.org/releases/freetype/freetype-doc-${pkgver}.tar.bz2{,.sig}
- https://download.savannah.gnu.org/releases/freetype/ft2demos-${pkgver}.tar.bz2{,.sig}
+source=(https://download-mirror.savannah.gnu.org/releases/freetype/freetype-${pkgver}.tar.bz2{,.sig}
+ https://download-mirror.savannah.gnu.org/releases/freetype/freetype-doc-${pkgver}.tar.bz2{,.sig}
+ https://download-mirror.savannah.gnu.org/releases/freetype/ft2demos-${pkgver}.tar.bz2{,.sig}
0001-Enable-table-validation-modules.patch
0002-Enable-subpixel-rendering.patch
0003-Enable-infinality-subpixel-hinting.patch
0005-freetype-2.5.2-more-demos.patch
- CVE-2017-8105.patch
- CVE-2017-8287.patch
freetype2.sh)
-sha1sums=('4d08a9a6567c6332d58e9a5f9a7e9e3fbce66789'
+sha1sums=('42c6b1f733fe13a3eba135f5025b22cb68450f91'
'SKIP'
- 'd8ce472cd775b8ce50d127689acab59181e72ecf'
+ '5b221ee14fe674cd5f6db0193d55360bc0bd3655'
'SKIP'
- '2ebe93df13eb45dac8515c5ed0216ef694c33f18'
+ '7849f1ac4a352971fab61a5fc2e5c6a597201201'
'SKIP'
'b31882ef5e8447e761acee1c4a44c0630cd4d465'
'b1494810ed3aca25cdd8e8cedf634e5adfe6c09e'
'41d27140fd590945e22e012c9dce62de3d6f11e6'
'72cfecbe738085eec475e012617661ad0cc9b76f'
- '9ff76b0d0a079872279a62300af7806b15b6a51a'
- '049ed3cb4471596396660896a8ccd95288001d8f'
'bc6df1661c4c33e20f5ce30c2da8ad3c2083665f')
validpgpkeys=('58E0C111E39F5408C5D3EC76C1A60EACE707FDA5')
@@ -45,9 +41,6 @@
patch -Np1 -i ../0002-Enable-subpixel-rendering.patch
patch -Np1 -i ../0003-Enable-infinality-subpixel-hinting.patch
- patch -Np1 -i ../CVE-2017-8105.patch
- patch -Np1 -i ../CVE-2017-8287.patch
-
cd ../ft2demos-${pkgver}
# enable more demos
patch -Np1 -i ../0005-freetype-2.5.2-more-demos.patch
@@ -100,3 +93,5 @@
install -dm755 "${pkgdir}/usr/bin"
cp -a $srcdir/ft-demos/* "${pkgdir}/usr/bin"
}
+
+# vim:set ts=2 sw=2 et:
More information about the arch-commits
mailing list