Date: Saturday, May 13, 2017 @ 13:03:51 Author: heftig Revision: 295963
2.8-1 Modified: freetype2/trunk/PKGBUILD Deleted: freetype2/trunk/CVE-2017-8105.patch freetype2/trunk/CVE-2017-8287.patch ---------------------+ CVE-2017-8105.patch | 47 ----------------------------------------------- CVE-2017-8287.patch | 35 ----------------------------------- PKGBUILD | 27 +++++++++++---------------- 3 files changed, 11 insertions(+), 98 deletions(-) Deleted: CVE-2017-8105.patch =================================================================== --- CVE-2017-8105.patch 2017-05-13 12:58:56 UTC (rev 295962) +++ CVE-2017-8105.patch 2017-05-13 13:03:51 UTC (rev 295963) @@ -1,47 +0,0 @@ -From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <w...@gnu.org> -Date: Fri, 24 Mar 2017 09:15:10 +0100 -Subject: [psaux] Better protect `flex' handling. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 - -* src/psaux/t1decode.c (t1_decoder_parse_charstrings) -<callothersubr>: Since there is not a single flex operator but a -series of subroutine calls, malformed fonts can call arbitrary other -operators after the start of a flex, possibly adding points. For -this reason we have to check the available number of points before -inserting a point. ---- - ChangeLog | 15 +++++++++++++++ - src/psaux/t1decode.c | 9 +++++++++ - 2 files changed, 24 insertions(+) - -diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c -index af7b465..7dd4513 100644 ---- a/src/psaux/t1decode.c -+++ b/src/psaux/t1decode.c -@@ -780,10 +780,19 @@ - /* point without adding any point to the outline */ - idx = decoder->num_flex_vectors++; - if ( idx > 0 && idx < 7 ) -+ { -+ /* in malformed fonts it is possible to have other */ -+ /* opcodes in the middle of a flex (which don't */ -+ /* increase `num_flex_vectors'); we thus have to */ -+ /* check whether we can add a point */ -+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) ) -+ goto Syntax_Error; -+ - t1_builder_add_point( builder, - x, - y, - (FT_Byte)( idx == 3 || idx == 6 ) ); -+ } - } - break; - --- -cgit v1.0-41-gc330 - Deleted: CVE-2017-8287.patch =================================================================== --- CVE-2017-8287.patch 2017-05-13 12:58:56 UTC (rev 295962) +++ CVE-2017-8287.patch 2017-05-13 13:03:51 UTC (rev 295963) @@ -1,35 +0,0 @@ -From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <w...@gnu.org> -Date: Sun, 26 Mar 2017 08:32:09 +0200 -Subject: * src/psaux/psobjs.c (t1_builder_close_contour): Add safety guard. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 ---- - ChangeLog | 8 ++++++++ - src/psaux/psobjs.c | 8 ++++++++ - 2 files changed, 16 insertions(+) - -diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c -index d18e821..0baf836 100644 ---- a/src/psaux/psobjs.c -+++ b/src/psaux/psobjs.c -@@ -1718,6 +1718,14 @@ - first = outline->n_contours <= 1 - ? 0 : outline->contours[outline->n_contours - 2] + 1; - -+ /* in malformed fonts it can happen that a contour was started */ -+ /* but no points were added */ -+ if ( outline->n_contours && first == outline->n_points ) -+ { -+ outline->n_contours--; -+ return; -+ } -+ - /* We must not include the last point in the path if it */ - /* is located on the first point. */ - if ( outline->n_points > 1 ) --- -cgit v1.0-41-gc330 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-05-13 12:58:56 UTC (rev 295962) +++ PKGBUILD 2017-05-13 13:03:51 UTC (rev 295963) @@ -3,36 +3,32 @@ pkgbase=freetype2 pkgname=('freetype2' 'freetype2-demos') -pkgver=2.7.1 -pkgrel=2 +pkgver=2.8 +pkgrel=1 arch=(i686 x86_64) license=('GPL') -url="http://www.freetype.org/" +url="https://www.freetype.org/" # adding harfbuzz for improved OpenType features auto-hinting # introduces a cycle dep to harfbuzz depending on freetype wanted by upstream makedepends=('libx11' 'zlib' 'bzip2' 'sh' 'libpng' 'harfbuzz') -source=(https://download.savannah.gnu.org/releases/freetype/freetype-${pkgver}.tar.bz2{,.sig} - https://download.savannah.gnu.org/releases/freetype/freetype-doc-${pkgver}.tar.bz2{,.sig} - https://download.savannah.gnu.org/releases/freetype/ft2demos-${pkgver}.tar.bz2{,.sig} +source=(https://download-mirror.savannah.gnu.org/releases/freetype/freetype-${pkgver}.tar.bz2{,.sig} + https://download-mirror.savannah.gnu.org/releases/freetype/freetype-doc-${pkgver}.tar.bz2{,.sig} + https://download-mirror.savannah.gnu.org/releases/freetype/ft2demos-${pkgver}.tar.bz2{,.sig} 0001-Enable-table-validation-modules.patch 0002-Enable-subpixel-rendering.patch 0003-Enable-infinality-subpixel-hinting.patch 0005-freetype-2.5.2-more-demos.patch - CVE-2017-8105.patch - CVE-2017-8287.patch freetype2.sh) -sha1sums=('4d08a9a6567c6332d58e9a5f9a7e9e3fbce66789' +sha1sums=('42c6b1f733fe13a3eba135f5025b22cb68450f91' 'SKIP' - 'd8ce472cd775b8ce50d127689acab59181e72ecf' + '5b221ee14fe674cd5f6db0193d55360bc0bd3655' 'SKIP' - '2ebe93df13eb45dac8515c5ed0216ef694c33f18' + '7849f1ac4a352971fab61a5fc2e5c6a597201201' 'SKIP' 'b31882ef5e8447e761acee1c4a44c0630cd4d465' 'b1494810ed3aca25cdd8e8cedf634e5adfe6c09e' '41d27140fd590945e22e012c9dce62de3d6f11e6' '72cfecbe738085eec475e012617661ad0cc9b76f' - '9ff76b0d0a079872279a62300af7806b15b6a51a' - '049ed3cb4471596396660896a8ccd95288001d8f' 'bc6df1661c4c33e20f5ce30c2da8ad3c2083665f') validpgpkeys=('58E0C111E39F5408C5D3EC76C1A60EACE707FDA5') @@ -45,9 +41,6 @@ patch -Np1 -i ../0002-Enable-subpixel-rendering.patch patch -Np1 -i ../0003-Enable-infinality-subpixel-hinting.patch - patch -Np1 -i ../CVE-2017-8105.patch - patch -Np1 -i ../CVE-2017-8287.patch - cd ../ft2demos-${pkgver} # enable more demos patch -Np1 -i ../0005-freetype-2.5.2-more-demos.patch @@ -100,3 +93,5 @@ install -dm755 "${pkgdir}/usr/bin" cp -a $srcdir/ft-demos/* "${pkgdir}/usr/bin" } + +# vim:set ts=2 sw=2 et: