Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Pullup ticket #3642 - requested by drochner

fonts/t1lib: bug fix patch

Revisions pulled up:
- fonts/t1lib/Makefile                                          1.46
- fonts/t1lib/distinfo                                          1.22
- fonts/t1lib/patches/patch-aj                                  1.2
- fonts/t1lib/patches/patch-ak                                  1.2
- fonts/t1lib/patches/patch-al                                  1.1

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Jan 10 19:21:16 UTC 2012

   Modified Files:
           pkgsrc/fonts/t1lib: Makefile distinfo
           pkgsrc/fonts/t1lib/patches: patch-aj patch-ak
   Added Files:
           pkgsrc/fonts/t1lib/patches: patch-al

   Log Message:
   update the patch from Redhat bug #692909 to the latest version, fixes
   garbled xdvi output, from Uwe Klaus per PR pkg/45813
   bump PKGREV
  • Loading branch information...
commit b61d79c159d21c75ebe1a3de71186d3639cf1c7c 1 parent 2867e36
tron authored
4 fonts/t1lib/Makefile
View
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.45 2012/01/04 16:59:15 drochner Exp $
+# $NetBSD: Makefile,v 1.45.2.1 2012/01/12 11:52:14 tron Exp $
DISTNAME= t1lib-5.1.2
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= fonts devel graphics
MASTER_SITES= ${MASTER_SITE_SUNSITE:=libs/graphics/}
7 fonts/t1lib/distinfo
View
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2012/01/04 16:59:15 drochner Exp $
+$NetBSD: distinfo,v 1.21.2.1 2012/01/12 11:52:14 tron Exp $
SHA1 (t1lib-5.1.2.tar.gz) = 4b4fc22c8688eefaaa8cfc990f0039f95f4287de
RMD160 (t1lib-5.1.2.tar.gz) = ab22aea390356750d743c0f4b08762aa76ca2a82
@@ -9,5 +9,6 @@ SHA1 (patch-ad) = 29c530f6d363de31777ad45823b55e72208c4ccb
SHA1 (patch-af) = e89df0d94e0748e468c7c3d40ce2fc0ccdb0116c
SHA1 (patch-ah) = 60ead43eeb6327cd3fd94755364633b6bf5d5d0d
SHA1 (patch-ai) = 176ed28f114f64c5e97e7c00c684a74895de2df3
-SHA1 (patch-aj) = f5fc3b192b21df64150288bad4f1f0cff58d4d84
-SHA1 (patch-ak) = e66b8b8f987d15d07264f268acc7e3a02ba76d36
+SHA1 (patch-aj) = bb915405fc5d64a74de09d7e4daba8822a08fbe1
+SHA1 (patch-ak) = abfbdb17c60b2068e95c5fe8e61ecfadbd85eea1
+SHA1 (patch-al) = b0f0ab9398ce7e3f3bc3e8e54097fd4dbb566bc8
12 fonts/t1lib/patches/patch-aj
View
@@ -1,4 +1,4 @@
-$NetBSD: patch-aj,v 1.1 2012/01/04 16:59:16 drochner Exp $
+$NetBSD: patch-aj,v 1.1.2.1 2012/01/12 11:52:14 tron Exp $
CVE-2011-0764
@@ -8,7 +8,7 @@ CVE-2011-0764
double nextdtana = 0.0; /* tangent of post-delta against horizontal line */
double nextdtanb = 0.0; /* tangent of post-delta against vertical line */
-+ if (numppoints < 1) Error0v("FindStems: No previous point!\n");
++ if (ppoints == NULL || numppoints < 1) Error0v("FindStems: No previous point!\n");
/* setup default hinted position */
ppoints[numppoints-1].ax = ppoints[numppoints-1].x;
@@ -43,7 +43,7 @@ CVE-2011-0764
double deltay = 0.0;
-
+
-+ if (numppoints < 1) Error0i("DoClosePath: No previous point!");
++ if (ppoints == NULL || numppoints < 1) Error0i("DoClosePath: No previous point!");
+
/* If this ClosePath command together with the starting point of this
path completes to a segment aligned to a stem, we would miss
@@ -52,7 +52,7 @@ CVE-2011-0764
deltax = ppoints[i].x - ppoints[numppoints-1].x;
deltay = ppoints[i].y - ppoints[numppoints-1].y;
-+ if (numppoints <= i + 1) Error0i("DoClosePath: No previous point!");
++ if (ppoints == NULL || numppoints <= i + 1) Error0i("DoClosePath: No previous point!");
/* save nummppoints and reset to move point */
tmpind = numppoints;
numppoints = i + 1;
@@ -68,7 +68,7 @@ CVE-2011-0764
DOUBLE cx, cy;
DOUBLE ex, ey;
-+ if (numppoints < 8) Error0v("FlxProc: No previous point!");
++ if (ppoints == NULL || numppoints < 8) Error0v("FlxProc: No previous point!");
/* Our PPOINT list now contains 7 moveto commands which
are about to be consumed by the Flex mechanism. --> Remove these
@@ -76,7 +76,7 @@ CVE-2011-0764
/* Returns currentpoint on stack */
static void FlxProc2()
{
-+ if (numppoints < 1) Error0v("FlxProc2: No previous point!");
++ if (ppoints == NULL || numppoints < 1) Error0v("FlxProc2: No previous point!");
/* Push CurrentPoint on fake PostScript stack */
PSFakePush( ppoints[numppoints-1].x);
PSFakePush( ppoints[numppoints-1].y);
32 fonts/t1lib/patches/patch-ak
View
@@ -1,15 +1,27 @@
-$NetBSD: patch-ak,v 1.1 2012/01/04 16:59:16 drochner Exp $
+$NetBSD: patch-ak,v 1.1.2.1 2012/01/12 11:52:14 tron Exp $
CVE-2011-0764
--- lib/type1/lines.c.orig 2007-12-23 15:49:42.000000000 +0000
+++ lib/type1/lines.c
-@@ -150,7 +150,7 @@ Find the starting x and y integer pel co
- y = RoundFP(y1,PREC);
-
- edgeP += y;
-- count = RoundFP(y2,PREC) - y;
-+ count = (RoundFP(y2,PREC) - y) - 2;
- /*------------------------------------------------------------------*/
- /* Force dx to be positive so that dfy will be negative */
- /* this means that vertical moves will decrease d */
+@@ -67,6 +67,10 @@ This module provides the following entry
+ None.
+ */
+
++#define BITS (sizeof(LONG)*8)
++#define HIGHTEST(p) (((p)>>(BITS-2)) != 0) /* includes sign bit */
++#define TOOBIG(xy) ((xy < 0) ? HIGHTEST(-xy) : HIGHTEST(xy))
++
+ /*
+ :h2.StepLine() - Produces Run Ends for a Line After Checks
+
+@@ -84,6 +88,9 @@ void StepLine(R, x1, y1, x2, y2)
+ IfTrace4((LineDebug > 0), ".....StepLine: (%d,%d) to (%d,%d)\n",
+ x1, y1, x2, y2);
+
++ if ( TOOBIG(x1) || TOOBIG(x2) || TOOBIG(y1) || TOOBIG(y2))
++ abort("Lines this big not supported", 49);
++
+ dy = y2 - y1;
+
+ /*
24 fonts/t1lib/patches/patch-al
View
@@ -0,0 +1,24 @@
+$NetBSD: patch-al,v 1.1.2.2 2012/01/12 11:52:14 tron Exp $
+
+CVE-2011-0764
+
+--- lib/type1/objects.c.orig 2007-12-23 15:49:42.000000000 +0000
++++ lib/type1/objects.c
+@@ -1137,12 +1137,13 @@ char *t1_get_abort_message( int number)
+ "Context: out of them", /* 46 */
+ "MatrixInvert: can't", /* 47 */
+ "xiStub called", /* 48 */
+- "Illegal access type1 abort() message" /* 49 */
++ "Lines this big not supported", /* 49 */
++ "Illegal access type1 abort() message" /* 50 */
+ };
+
+- /* no is valid from 1 to 48 */
+- if ( (number<1)||(number>48))
+- number=49;
++ /* no is valid from 1 to 49 */
++ if ( (number<1)||(number>49))
++ number=50;
+ return( err_msgs[number-1]);
+
+ }
Please sign in to comment.
Something went wrong with that request. Please try again.