Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.4.git;a=commitdiff;h=8f70e72b1bfeb8d05fabb561d52d91042b144747

commit 8f70e72b1bfeb8d05fabb561d52d91042b144747
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Sun May 29 13:52:00 2011 +0200

freetype2-2.4.2-2nexon1-i686

- backport of 9589246
- closes #4433 in -stable

diff --git a/source/lib/freetype2/CVE-2010-3814.patch 
b/source/lib/freetype2/CVE-2010-3814.patch
new file mode 100644
index 0000000..9cac52c
--- /dev/null
+++ b/source/lib/freetype2/CVE-2010-3814.patch
@@ -0,0 +1,32 @@
+From 0edf0986f3be570f5bf90ff245a85c1675f5c9a4 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <w...@gnu.org>
+Date: Wed, 06 Oct 2010 09:52:27 +0000
+Subject: [truetype] Improve error handling of `SHZ' bytecode instruction.
+
+Problem reported by Chris Evans <scarybea...@gmail.com>.
+
+* src/truetype/ttinterp.c (Ins_SHZ): Check `last_point'.
+---
+diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
+index bf9189c..e196dce 100644
+--- a/src/truetype/ttinterp.c
++++ b/src/truetype/ttinterp.c
+@@ -5795,7 +5795,16 @@
+     if ( CUR.GS.gep2 == 0 && CUR.zp2.n_points > 0 )
+       last_point = (FT_UShort)( CUR.zp2.n_points - 1 );
+     else if ( CUR.GS.gep2 == 1 && CUR.zp2.n_contours > 0 )
++    {
+       last_point = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] );
++
++      if ( BOUNDS( last_point, CUR.zp2.n_points ) )
++      {
++        if ( CUR.pedantic_hinting )
++          CUR.error = TT_Err_Invalid_Reference;
++        return;
++      }
++    }
+     else
+       last_point = 0;
+
+--
+cgit v0.8.3.2
diff --git a/source/lib/freetype2/CVE-2010-3855.patch 
b/source/lib/freetype2/CVE-2010-3855.patch
new file mode 100644
index 0000000..5ba5ed7
--- /dev/null
+++ b/source/lib/freetype2/CVE-2010-3855.patch
@@ -0,0 +1,40 @@
+From 59eb9f8cfe7d1df379a2318316d1f04f80fba54a Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <w...@gnu.org>
+Date: Tue, 12 Oct 2010 05:49:17 +0000
+Subject: Fix Savannah bug #31310.
+
+* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against
+invalid `runcnt' values.
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 653d9d5..47bb9fc 100644
+--- a/src/truetype/ttgxvar.c
++++ b/src/truetype/ttgxvar.c
+@@ -130,7 +130,7 @@
+     FT_Int     j;
+     FT_Int     first;
+     FT_Memory  memory = stream->memory;
+-    FT_Error   error = TT_Err_Ok;
++    FT_Error   error  = TT_Err_Ok;
+
+     FT_UNUSED( error );
+
+@@ -154,7 +154,7 @@
+         runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
+         first  = points[i++] = FT_GET_USHORT();
+
+-        if ( runcnt < 1 )
++        if ( runcnt < 1 || i + runcnt >= n )
+           goto Exit;
+
+         /* first point not included in runcount */
+@@ -165,7 +165,7 @@
+       {
+         first = points[i++] = FT_GET_BYTE();
+
+-        if ( runcnt < 1 )
++        if ( runcnt < 1 || i + runcnt >= n )
+           goto Exit;
+
+         for ( j = 0; j < runcnt; ++j )
+--
+cgit v0.8.3.2
diff --git a/source/lib/freetype2/FrugalBuild b/source/lib/freetype2/FrugalBuild
index dc40ac7..ec12a97 100644
--- a/source/lib/freetype2/FrugalBuild
+++ b/source/lib/freetype2/FrugalBuild
@@ -4,7 +4,7 @@

pkgname=freetype2
pkgver=2.4.2
-pkgrel=1
+pkgrel=2nexon1
pkgdesc="TrueType font rendering library - 2.0 series (with bytecode 
interpreter)"
groups=('lib')
archs=('i686' 'x86_64' 'ppc')
@@ -17,8 +17,9 @@ Finclude sourceforge
_F_cd_path="freetype-$pkgver"
#up2date="lynx -dump 
'http://sourceforge.net/project/showfiles.php?group_id=3157&package_id=3121'|grep
 'freetype-' |sed -e 's/.*type-\(.*\).tar.bz2.*/\1/;q'"
source=($source \
-       enable-subpixel-rendering.patch freetype-2.2.1-memcpy-fix.patch)
-signatures=("$source.sig" '' '')
+       enable-subpixel-rendering.patch freetype-2.2.1-memcpy-fix.patch \
+       CVE-2010-3814.patch CVE-2010-3855.patch)
+signatures=("$source.sig" '' '' '' '')
Fconfopts="--prefix=/usr"

# optimization OK
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to