Revision: 5556
http://ipcop.svn.sourceforge.net/ipcop/?rev=5556&view=rev
Author: gespinasse
Date: 2011-03-24 21:24:53 +0000 (Thu, 24 Mar 2011)
Log Message:
-----------
Patch pango against CVE-2011-0020 and CVE-2011-0064
Remove obsolete configure options no more recognized like
--without-binconfigs --without-libpng-compat
--disable-static is not required as default is no static libs.
But that does not hurt
pango is already in update
Modified Paths:
--------------
ipcop/trunk/lfs/pango
Added Paths:
-----------
ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0020.patch
ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0064.patch
Modified: ipcop/trunk/lfs/pango
===================================================================
--- ipcop/trunk/lfs/pango 2011-03-24 20:02:37 UTC (rev 5555)
+++ ipcop/trunk/lfs/pango 2011-03-24 21:24:53 UTC (rev 5556)
@@ -81,12 +81,13 @@
$(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 -i
$(DIR_PATCHES)/$(THISAPP)_CVE-2011-0020.patch
+ cd $(DIR_APP) && patch -Np1 -i
$(DIR_PATCHES)/$(THISAPP)_CVE-2011-0064.patch
cd $(DIR_APP) && ./configure --prefix=/usr \
--sysconfdir=/etc \
- --disable-static \
- --without-binconfigs \
- --without-libpng-compat
+ --disable-static
+
cd $(DIR_APP) && make -j $(PARALLELISM)
cd $(DIR_APP) && make install
Added: ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0020.patch
===================================================================
--- ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0020.patch
(rev 0)
+++ ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0020.patch 2011-03-24
21:24:53 UTC (rev 5556)
@@ -0,0 +1,50 @@
+debian borrowed
+http://patch-tracker.debian.org/patch/series/dl/pango1.0/1.28.3-1+squeeze2/01_CVE-2011-0020.patch
+
+CVE-2011-0020
+Debian #610792
+Launchpad #696616
+GNOME #639882
+
+diff --git a/pango/pangoft2-render.c b/pango/pangoft2-render.c
+index bd3b7d4..42923f4 100644
+--- a/pango/pangoft2-render.c
++++ b/pango/pangoft2-render.c
+@@ -121,9 +121,14 @@ pango_ft2_font_render_box_glyph (int width,
+
+ box->bitmap.width = width;
+ box->bitmap.rows = height;
+- box->bitmap.pitch = height;
++ box->bitmap.pitch = width;
+
+- box->bitmap.buffer = g_malloc0 (box->bitmap.rows * box->bitmap.pitch);
++ box->bitmap.buffer = g_malloc0_n (box->bitmap.rows, box->bitmap.pitch);
++
++ if (G_UNLIKELY (!box->bitmap.buffer)) {
++ g_slice_free (PangoFT2RenderedGlyph, box);
++ return NULL;
++ }
+
+ /* draw the box */
+ for (j = 0; j < line_width; j++)
+@@ -226,6 +231,11 @@ pango_ft2_font_render_glyph (PangoFont *font,
+ rendered->bitmap_left = face->glyph->bitmap_left;
+ rendered->bitmap_top = face->glyph->bitmap_top;
+
++ if (G_UNLIKELY (!rendered->bitmap.buffer)) {
++ g_slice_free (PangoFT2RenderedGlyph, rendered);
++ return NULL;
++ }
++
+ return rendered;
+ }
+ else
+@@ -276,6 +286,8 @@ pango_ft2_renderer_draw_glyph (PangoRenderer *renderer,
+ if (rendered_glyph == NULL)
+ {
+ rendered_glyph = pango_ft2_font_render_glyph (font, glyph);
++ if (rendered_glyph == NULL)
++ return;
+ add_glyph_to_cache = TRUE;
+ }
+
Added: ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0064.patch
===================================================================
--- ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0064.patch
(rev 0)
+++ ipcop/trunk/src/patches/pango-1.28.3_CVE-2011-0064.patch 2011-03-24
21:24:53 UTC (rev 5556)
@@ -0,0 +1,189 @@
+debian borrowed
+http://patch-tracker.debian.org/patch/series/dl/pango1.0/1.28.3-1+squeeze2/02_CVE-2011-0064.patch
+
+From 3104961bc0ffaf847d2a1e116e6de4fdc1cd8ada Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <beh...@behdad.org>
+Date: Thu, 2 Dec 2010 16:00:46 +1300
+Subject: [PATCH] Handle realloc failure in the buffer
+
+Ported from http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2e
+by Karl Tomlinson <kar...@karlt.net>
+---
+ pango/opentype/hb-buffer-private.h | 1 +
+ pango/opentype/hb-buffer.c | 70 +++++++++++++++++++++---------------
+ pango/opentype/hb-buffer.h | 2 +-
+ 3 files changed, 43 insertions(+), 30 deletions(-)
+
+diff --git a/pango/opentype/hb-buffer-private.h
b/pango/opentype/hb-buffer-private.h
+index 45cdc4d..f194786 100644
+--- a/pango/opentype/hb-buffer-private.h
++++ b/pango/opentype/hb-buffer-private.h
+@@ -72,6 +72,7 @@ struct _hb_buffer_t {
+ unsigned int allocated;
+
+ hb_bool_t have_output; /* weather we have an output buffer going on */
++ hb_bool_t in_error; /* Allocation failed */
+ unsigned int in_length;
+ unsigned int out_length;
+ unsigned int in_pos;
+diff --git a/pango/opentype/hb-buffer.c b/pango/opentype/hb-buffer.c
+index 93b51e5..e9788ad 100644
+--- a/pango/opentype/hb-buffer.c
++++ b/pango/opentype/hb-buffer.c
+@@ -52,23 +52,21 @@ static hb_buffer_t _hb_buffer_nil = {
+ * in_string and out_string.
+ */
+
+-/* XXX err handling */
+-
+ /* Internal API */
+
+-static void
++static hb_bool_t
+ hb_buffer_ensure_separate (hb_buffer_t *buffer, unsigned int size)
+ {
+- hb_buffer_ensure (buffer, size);
++ if (HB_UNLIKELY (!hb_buffer_ensure (buffer, size))) return FALSE;
+ if (buffer->out_string == buffer->in_string)
+ {
+ assert (buffer->have_output);
+- if (!buffer->positions)
+- buffer->positions = calloc (buffer->allocated, sizeof
(buffer->positions[0]));
+
+ buffer->out_string = (hb_internal_glyph_info_t *) buffer->positions;
+ memcpy (buffer->out_string, buffer->in_string, buffer->out_length *
sizeof (buffer->out_string[0]));
+ }
++
++ return TRUE;
+ }
+
+ /* Public API */
+@@ -114,6 +112,7 @@ void
+ hb_buffer_clear (hb_buffer_t *buffer)
+ {
+ buffer->have_output = FALSE;
++ buffer->in_error = FALSE;
+ buffer->in_length = 0;
+ buffer->out_length = 0;
+ buffer->in_pos = 0;
+@@ -122,32 +121,42 @@ hb_buffer_clear (hb_buffer_t *buffer)
+ buffer->max_lig_id = 0;
+ }
+
+-void
++hb_bool_t
+ hb_buffer_ensure (hb_buffer_t *buffer, unsigned int size)
+ {
+- unsigned int new_allocated = buffer->allocated;
+-
+- if (size > new_allocated)
++ if (HB_UNLIKELY (size > buffer->allocated))
+ {
++ unsigned int new_allocated = buffer->allocated;
++ hb_internal_glyph_position_t *new_pos;
++ hb_internal_glyph_info_t *new_info;
++ hb_bool_t separate_out;
++
++ if (HB_UNLIKELY (buffer->in_error))
++ return FALSE;
++
++ separate_out = buffer->out_string != buffer->in_string;
++
+ while (size > new_allocated)
+ new_allocated += (new_allocated >> 1) + 8;
+
+- if (buffer->positions)
+- buffer->positions = realloc (buffer->positions, new_allocated * sizeof
(buffer->positions[0]));
++ new_pos = (hb_internal_glyph_position_t *) realloc (buffer->positions,
new_allocated * sizeof (buffer->positions[0]));
++ new_info = (hb_internal_glyph_info_t *) realloc (buffer->in_string,
new_allocated * sizeof (buffer->in_string[0]));
+
+- if (buffer->out_string != buffer->in_string)
+- {
+- buffer->in_string = realloc (buffer->in_string, new_allocated * sizeof
(buffer->in_string[0]));
+- buffer->out_string = (hb_internal_glyph_info_t *) buffer->positions;
+- }
+- else
+- {
+- buffer->in_string = realloc (buffer->in_string, new_allocated * sizeof
(buffer->in_string[0]));
+- buffer->out_string = buffer->in_string;
+- }
++ if (HB_UNLIKELY (!new_pos || !new_info))
++ buffer->in_error = TRUE;
++
++ if (HB_LIKELY (new_pos))
++ buffer->positions = new_pos;
+
+- buffer->allocated = new_allocated;
++ if (HB_LIKELY (new_info))
++ buffer->in_string = new_info;
++
++ buffer->out_string = separate_out ? (hb_internal_glyph_info_t *)
buffer->positions : buffer->in_string;
++ if (HB_LIKELY (!buffer->in_error))
++ buffer->allocated = new_allocated;
+ }
++
++ return HB_LIKELY (!buffer->in_error);
+ }
+
+ void
+@@ -158,7 +167,7 @@ hb_buffer_add_glyph (hb_buffer_t *buffer,
+ {
+ hb_internal_glyph_info_t *glyph;
+
+- hb_buffer_ensure (buffer, buffer->in_length + 1);
++ if (HB_UNLIKELY (!hb_buffer_ensure (buffer, buffer->in_length + 1))) return;
+
+ glyph = &buffer->in_string[buffer->in_length];
+ glyph->codepoint = codepoint;
+@@ -213,6 +222,8 @@ _hb_buffer_swap (hb_buffer_t *buffer)
+
+ assert (buffer->have_output);
+
++ if (HB_UNLIKELY (buffer->in_error)) return;
++
+ if (buffer->out_string != buffer->in_string)
+ {
+ hb_internal_glyph_info_t *tmp_string;
+@@ -265,7 +276,8 @@ _hb_buffer_add_output_glyphs (hb_buffer_t *buffer,
+ if (buffer->out_string != buffer->in_string ||
+ buffer->out_pos + num_out > buffer->in_pos + num_in)
+ {
+- hb_buffer_ensure_separate (buffer, buffer->out_pos + num_out);
++ if (HB_UNLIKELY (!hb_buffer_ensure_separate (buffer, buffer->out_pos +
num_out)))
++ return;
+ }
+
+ mask = buffer->in_string[buffer->in_pos].mask;
+@@ -302,7 +314,7 @@ _hb_buffer_add_output_glyph (hb_buffer_t *buffer,
+
+ if (buffer->out_string != buffer->in_string)
+ {
+- hb_buffer_ensure (buffer, buffer->out_pos + 1);
++ if (HB_UNLIKELY (!hb_buffer_ensure (buffer, buffer->out_pos + 1))) return;
+ buffer->out_string[buffer->out_pos] = buffer->in_string[buffer->in_pos];
+ }
+ else if (buffer->out_pos != buffer->in_pos)
+@@ -332,7 +344,7 @@ _hb_buffer_next_glyph (hb_buffer_t *buffer)
+
+ if (buffer->out_string != buffer->in_string)
+ {
+- hb_buffer_ensure (buffer, buffer->out_pos + 1);
++ if (HB_UNLIKELY (!hb_buffer_ensure (buffer, buffer->out_pos + 1))) return;
+ buffer->out_string[buffer->out_pos] = buffer->in_string[buffer->in_pos];
+ }
+ else if (buffer->out_pos != buffer->in_pos)
+diff --git a/pango/opentype/hb-buffer.h b/pango/opentype/hb-buffer.h
+index b030ba9..aaf6694 100644
+--- a/pango/opentype/hb-buffer.h
++++ b/pango/opentype/hb-buffer.h
+@@ -94,7 +94,7 @@ hb_buffer_clear (hb_buffer_t *buffer);
+ void
+ hb_buffer_clear_positions (hb_buffer_t *buffer);
+
+-void
++hb_bool_t
+ hb_buffer_ensure (hb_buffer_t *buffer,
+ unsigned int size);
+
+--
+1.7.2.2
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
