From 5cfc330054d44412ab52040143884f6d6744ff6a Mon Sep 17 00:00:00 2001 From: Francesco Colista Date: Mon, 30 Nov 2015 13:45:04 +0000 Subject: testing/t1lib: new aport --- testing/t1lib/APKBUILD | 61 +++++++++++++ testing/t1lib/CVE-2010-2642.patch | 24 +++++ testing/t1lib/CVE-2011-0764.patch | 32 +++++++ testing/t1lib/CVE-2011-1552_1553_1554.patch | 133 ++++++++++++++++++++++++++++ testing/t1lib/format-security.patch | 33 +++++++ testing/t1lib/lib-cleanup.patch | 59 ++++++++++++ 6 files changed, 342 insertions(+) create mode 100644 testing/t1lib/APKBUILD create mode 100644 testing/t1lib/CVE-2010-2642.patch create mode 100644 testing/t1lib/CVE-2011-0764.patch create mode 100644 testing/t1lib/CVE-2011-1552_1553_1554.patch create mode 100644 testing/t1lib/format-security.patch create mode 100644 testing/t1lib/lib-cleanup.patch (limited to 'testing/t1lib') diff --git a/testing/t1lib/APKBUILD b/testing/t1lib/APKBUILD new file mode 100644 index 0000000000..11e47c930f --- /dev/null +++ b/testing/t1lib/APKBUILD @@ -0,0 +1,61 @@ +# Contributor: Francesco Colista +# Maintainer: Francesco Colista +pkgname=t1lib +pkgver=5.1.2 +pkgrel=0 +pkgdesc="Rasterizer library for Adobe Type 1 fonts " +url="http://www.ibiblio.org/pub/Linux/libs/graphics/!INDEX.html" +arch="all" +license="GPL" +depends="" +depends_dev="libxaw-dev" +makedepends="$depends_dev" +install="" +subpackages="$pkgname-dev" +source="http://www.ibiblio.org/pub/Linux/libs/graphics/$pkgname-$pkgver.tar.gz + CVE-2010-2642.patch + CVE-2011-0764.patch + CVE-2011-1552_1553_1554.patch + format-security.patch + lib-cleanup.patch" + +_builddir="$srcdir"/$pkgname-$pkgver +prepare() { + local i + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + +build() { + cd "$_builddir" + ./configure --prefix=/usr + make without_doc +} + +package() { + cd "$_builddir" + make DESTDIR="${pkgdir}" install +} + +md5sums="a5629b56b93134377718009df1435f3c t1lib-5.1.2.tar.gz +2283c116d1dda278ee77ef27c1a8e397 CVE-2010-2642.patch +60fb9f058a6bb1f760ddaf2ed7d71879 CVE-2011-0764.patch +22e03d81fab188139acbe7fd3a0a706a CVE-2011-1552_1553_1554.patch +b947e6a732729db2819d4f857a686e2f format-security.patch +82dafb6051d64a94f32c73d59649ddd0 lib-cleanup.patch" +sha256sums="821328b5054f7890a0d0cd2f52825270705df3641dbd476d58d17e56ed957b59 t1lib-5.1.2.tar.gz +dcd9064f368e0fc1f3ede0a45e61b364f6b5d3607dccae78ac07e74ca315a27d CVE-2010-2642.patch +a763650bdcffd33a61cd2cecef766b8d6baa9999561463ae9dfdc20d55caef04 CVE-2011-0764.patch +4bc34e092fdec37e06b38b5b7a3b02194732dbe6a39edbd174b36c2db1f113ac CVE-2011-1552_1553_1554.patch +89b0aa7ca57fd8e9753336033c1d3e3e58c6c79e943144430e8af9a4626fdd25 format-security.patch +5b161f4e0f4ad297ad8eea70ea99620f5db6f7e487bbd63a819b6a9958540961 lib-cleanup.patch" +sha512sums="9f424b19c6f35cc4f194ff7351a4c2352216462c7d1b1d9650ad3a05cf48c6e90c89ccbcda5ecc47a4169a39a850cf84a1fcbf88b3b15614860c27364b631ae3 t1lib-5.1.2.tar.gz +5714bb8790cec04c0c03778e708fc69ed0e21a68a5c9ff2a6ecafdfbb649540e9e214085fa1b05206166abe3c48ed3605ef7a0812341970709c0ac205d93c925 CVE-2010-2642.patch +922c1089ca7ec2ecaaee9058b68deb3c9e7952465883500e3247a835d5c8e0d54b9b8145dce8ec5846a0c47ac9b4b7889fcc88033f463acbd68d8ee9e3123859 CVE-2011-0764.patch +54fb9bb95d20e6a622cc52a7f7b0c3db9ee77e7a1efe1f55b81f07140d0185dd49a8a0b86390dd2d317e5f779cd02759ed6ffa8259c054deab30d2a64d64c19b CVE-2011-1552_1553_1554.patch +0d7b5db6d9636182d557cc6a760e9eae7f4e8997998366eb517825ebd4a033e13e35bdce4f67f3f4d046d018cd348c68d9c578c0501fef417c9963763168ff22 format-security.patch +efbce854093bc2408c9e7d6be374901e82e399b60a057746cb876f0943f69018039038e337bd4b03da2568d597cec87e2d9f01f98f374433310edbbe440ec259 lib-cleanup.patch" diff --git a/testing/t1lib/CVE-2010-2642.patch b/testing/t1lib/CVE-2010-2642.patch new file mode 100644 index 0000000000..cd54889585 --- /dev/null +++ b/testing/t1lib/CVE-2010-2642.patch @@ -0,0 +1,24 @@ +diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c +index 6a31d7f..ba64541 100644 +--- a/lib/t1lib/parseAFM.c ++++ b/lib/t1lib/parseAFM.c +@@ -199,7 +199,9 @@ static char *token(stream) + idx = 0; + + while (ch != EOF && ch != ' ' && ch != CR && ch != LF && +- ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){ ++ ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';' ++ && idx < (MAX_NAME -1)) ++ { + ident[idx++] = ch; + ch = fgetc(stream); + } /* while */ +@@ -235,7 +237,7 @@ static char *linetoken(stream) + while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); + + idx = 0; +- while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z) ++ while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1)) + { + ident[idx++] = ch; + ch = fgetc(stream); diff --git a/testing/t1lib/CVE-2011-0764.patch b/testing/t1lib/CVE-2011-0764.patch new file mode 100644 index 0000000000..c2d9e173b7 --- /dev/null +++ b/testing/t1lib/CVE-2011-0764.patch @@ -0,0 +1,32 @@ +Description: Don't lookup previous point if there isn't any +Author: Marc Deslauriers +Forwarded: no + +Index: t1lib-5.1.2/lib/type1/type1.c +=================================================================== +--- t1lib-5.1.2.orig/lib/type1/type1.c 2011-12-13 14:24:14.280965637 -0600 ++++ t1lib-5.1.2/lib/type1/type1.c 2011-12-13 14:25:25.893320747 -0600 +@@ -1700,6 +1700,7 @@ + long pindex = 0; + + /* compute hinting for previous segment! */ ++ if (ppoints == NULL) Error0i("RLineTo: No previous point!\n"); + FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy); + + /* Allocate a new path point and pre-setup data */ +@@ -1728,6 +1729,7 @@ + long pindex = 0; + + /* compute hinting for previous point! */ ++ if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n"); + FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1); + + /* Allocate three new path points and pre-setup data */ +@@ -1903,6 +1905,7 @@ + FindStems( currx, curry, 0, 0, dx, dy); + } + else { ++ if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n"); + FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy); + } + diff --git a/testing/t1lib/CVE-2011-1552_1553_1554.patch b/testing/t1lib/CVE-2011-1552_1553_1554.patch new file mode 100644 index 0000000000..aaa31f7b93 --- /dev/null +++ b/testing/t1lib/CVE-2011-1552_1553_1554.patch @@ -0,0 +1,133 @@ +Author: Jaroslav Škarvada +Description: Fix more crashes on oversized fonts +Bug-Redhat: http://bugzilla.redhat.com/show_bug.cgi?id=692909 +Index: t1lib-5.1.2/lib/type1/lines.c +=================================================================== +--- t1lib-5.1.2.orig/lib/type1/lines.c 2007-12-23 09:49:42.000000000 -0600 ++++ t1lib-5.1.2/lib/type1/lines.c 2012-01-17 14:15:08.000000000 -0600 +@@ -67,6 +67,10 @@ + None. + */ + ++#define BITS (sizeof(LONG)*8) ++#define HIGHTEST(p) (((p)>>(BITS-2)) != 0) /* includes sign bit */ ++#define TOOBIG(xy) ((xy < 0) ? HIGHTEST(-xy) : HIGHTEST(xy)) ++ + /* + :h2.StepLine() - Produces Run Ends for a Line After Checks + +@@ -84,6 +88,9 @@ + IfTrace4((LineDebug > 0), ".....StepLine: (%d,%d) to (%d,%d)\n", + x1, y1, x2, y2); + ++ if ( TOOBIG(x1) || TOOBIG(x2) || TOOBIG(y1) || TOOBIG(y2)) ++ abort("Lines this big not supported", 49); ++ + dy = y2 - y1; + + /* +Index: t1lib-5.1.2/lib/type1/objects.c +=================================================================== +--- t1lib-5.1.2.orig/lib/type1/objects.c 2007-12-23 09:49:42.000000000 -0600 ++++ t1lib-5.1.2/lib/type1/objects.c 2012-01-17 14:15:08.000000000 -0600 +@@ -1137,12 +1137,13 @@ + "Context: out of them", /* 46 */ + "MatrixInvert: can't", /* 47 */ + "xiStub called", /* 48 */ +- "Illegal access type1 abort() message" /* 49 */ ++ "Lines this big not supported", /* 49 */ ++ "Illegal access type1 abort() message" /* 50 */ + }; + +- /* no is valid from 1 to 48 */ +- if ( (number<1)||(number>48)) +- number=49; ++ /* no is valid from 1 to 49 */ ++ if ( (number<1)||(number>49)) ++ number=50; + return( err_msgs[number-1]); + + } +Index: t1lib-5.1.2/lib/type1/type1.c +=================================================================== +--- t1lib-5.1.2.orig/lib/type1/type1.c 2012-01-17 14:13:28.000000000 -0600 ++++ t1lib-5.1.2/lib/type1/type1.c 2012-01-17 14:19:54.000000000 -0600 +@@ -1012,6 +1012,7 @@ + double nextdtana = 0.0; /* tangent of post-delta against horizontal line */ + double nextdtanb = 0.0; /* tangent of post-delta against vertical line */ + ++ if (ppoints == NULL || numppoints < 1) Error0v("FindStems: No previous point!\n"); + + /* setup default hinted position */ + ppoints[numppoints-1].ax = ppoints[numppoints-1].x; +@@ -1289,7 +1290,7 @@ + static int DoRead(CodeP) + int *CodeP; + { +- if (strindex >= CharStringP->len) return(FALSE); /* end of string */ ++ if (!CharStringP || strindex >= CharStringP->len) return(FALSE); /* end of string */ + /* We handle the non-documented Adobe convention to use lenIV=-1 to + suppress charstring encryption. */ + if (blues->lenIV==-1) { +@@ -1700,7 +1701,7 @@ + long pindex = 0; + + /* compute hinting for previous segment! */ +- if (ppoints == NULL) Error0i("RLineTo: No previous point!\n"); ++ if (ppoints == NULL || numppoints < 2) Error0i("RLineTo: No previous point!\n"); + FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy); + + /* Allocate a new path point and pre-setup data */ +@@ -1729,7 +1730,7 @@ + long pindex = 0; + + /* compute hinting for previous point! */ +- if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n"); ++ if (ppoints == NULL || numppoints < 2) Error0i("RRCurveTo: No previous point!\n"); + FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1); + + /* Allocate three new path points and pre-setup data */ +@@ -1788,7 +1789,9 @@ + long tmpind; + double deltax = 0.0; + double deltay = 0.0; +- ++ ++ if (ppoints == NULL || numppoints < 1) Error0i("DoClosePath: No previous point!"); ++ + /* If this ClosePath command together with the starting point of this + path completes to a segment aligned to a stem, we would miss + hinting for this point. --> Check and explicitly care for this! */ +@@ -1803,6 +1806,7 @@ + deltax = ppoints[i].x - ppoints[numppoints-1].x; + deltay = ppoints[i].y - ppoints[numppoints-1].y; + ++ if (ppoints == NULL || numppoints <= i + 1) Error0i("DoClosePath: No previous point!"); + /* save nummppoints and reset to move point */ + tmpind = numppoints; + numppoints = i + 1; +@@ -1905,7 +1909,7 @@ + FindStems( currx, curry, 0, 0, dx, dy); + } + else { +- if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n"); ++ if (ppoints == NULL || numppoints < 2) Error0i("RMoveTo: No previous point!\n"); + FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy); + } + +@@ -2155,6 +2159,7 @@ + DOUBLE cx, cy; + DOUBLE ex, ey; + ++ if (ppoints == NULL || numppoints < 8) Error0v("FlxProc: No previous point!"); + + /* Our PPOINT list now contains 7 moveto commands which + are about to be consumed by the Flex mechanism. --> Remove these +@@ -2324,6 +2329,7 @@ + /* Returns currentpoint on stack */ + static void FlxProc2() + { ++ if (ppoints == NULL || numppoints < 1) Error0v("FlxProc2: No previous point!"); + /* Push CurrentPoint on fake PostScript stack */ + PSFakePush( ppoints[numppoints-1].x); + PSFakePush( ppoints[numppoints-1].y); diff --git a/testing/t1lib/format-security.patch b/testing/t1lib/format-security.patch new file mode 100644 index 0000000000..442545571d --- /dev/null +++ b/testing/t1lib/format-security.patch @@ -0,0 +1,33 @@ +--- a/lib/type1/objects.c ++++ b/lib/type1/objects.c +@@ -957,7 +957,7 @@ + + sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n", + name, TypeFmt(expect), TypeFmt(obj->type)); +- IfTrace0(TRUE,typemsg); ++ IfTrace1(TRUE, "%s", typemsg); + + ObjectPostMortem(obj); + +--- a/lib/t1lib/t1subset.c ++++ b/lib/t1lib/t1subset.c +@@ -759,7 +759,7 @@ + tr_len); + T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf, + T1LOG_DEBUG); +- l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */ ++ l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */ + } + + /* compute size of output file */ +--- a/lib/type1/objects.h ++++ b/lib/type1/objects.h +@@ -214,7 +214,7 @@ + /*SHARED*/ + /* NDW: personally, I want to see status and error messages! */ + #define IfTrace0(condition,model) \ +- {if (condition) printf(model);} ++ {if (condition) fputs(model,stdout);} + #define IfTrace1(condition,model,arg0) \ + {if (condition) printf(model,arg0);} + #define IfTrace2(condition,model,arg0,arg1) \ diff --git a/testing/t1lib/lib-cleanup.patch b/testing/t1lib/lib-cleanup.patch new file mode 100644 index 0000000000..bd109d1a75 --- /dev/null +++ b/testing/t1lib/lib-cleanup.patch @@ -0,0 +1,59 @@ +do not link against libraries that are not needed + +Index: t1lib-5.1.1/lib/Makefile.in +=================================================================== +--- t1lib-5.1.1.orig/lib/Makefile.in 2008-01-05 19:17:21.000000000 +0100 ++++ t1lib-5.1.1/lib/Makefile.in 2008-01-05 19:17:38.000000000 +0100 +@@ -24,7 +24,7 @@ + X_LIBS = @X_LIBS@ + TOPSRC = @top_srcdir@ + XPM_LIB = -lXpm +-XLIB = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@ ++XLIB = -lX11 + LDFLAGS = @LDFLAGS@ + LDLIBS = @LDLIBS@ + AR = ar rc +@@ -137,7 +137,7 @@ + $(LIBTOOL) --mode=link \ + $(CC) $(LDFLAGS) -o $@ $(T1LIBX_OBJS) \ + -version-info @T1LIB_LT_CURRENT@:@T1LIB_LT_REVISION@:@T1LIB_LT_AGE@ \ +- libt1.la $(X_LIBS) $(XPM_LIB) $(XLIB) -no-undefined -rpath $(libdir) ++ libt1.la $(X_LIBS) $(XLIB) -no-undefined -rpath $(libdir) + cp t1lib/t1libx.h . + + +Index: t1lib-5.1.1/type1afm/Makefile.in +=================================================================== +--- t1lib-5.1.1.orig/type1afm/Makefile.in 2008-01-05 19:17:52.000000000 +0100 ++++ t1lib-5.1.1/type1afm/Makefile.in 2008-01-05 19:18:02.000000000 +0100 +@@ -70,7 +70,7 @@ + + type1afm: $(OBJS) ../lib/t1lib.h + $(LIBTOOL) --mode=link \ +- $(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB) $(LDLIBS) ++ $(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB) + + .SUFFIXES: .lo + .c.lo: +Index: t1lib-5.1.1/xglyph/Makefile.in +=================================================================== +--- t1lib-5.1.1.orig/xglyph/Makefile.in 2008-01-05 19:18:15.000000000 +0100 ++++ t1lib-5.1.1/xglyph/Makefile.in 2008-01-05 19:18:31.000000000 +0100 +@@ -24,7 +24,7 @@ + X_LIBS = @X_LIBS@ + TOPSRC = @top_srcdir@ + XPM_LIB = -lXpm +-XLIB = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@ ++XLIB = -lX11 @X_EXTRA_LIBS@ + LDFLAGS = @LDFLAGS@ + LDLIBS = @LDLIBS@ + AR = ar rc +@@ -65,7 +65,7 @@ + + T1LIB = ../lib/libt1.la + T1LIBX = ../lib/libt1x.la +-XAWLIB = -lXaw -lXt -lXmu ++XAWLIB = -lXaw -lXt + + + all: xglyph -- cgit v1.2.3