public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

freetype: fix CVE-2017-{8105,8287} by upstream patches 

I copied the patches, as the changelog changes would certainly conflict.
This commit is contained in:
Vladimír Čunát 2017-05-14 14:59:55 +02:00
parent fcdb4b51f8
commit b0d2de45cd
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
3 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pkgs/development/libraries/freetype/cve-2017-8105.patch Normal file
View File

@ -0,0 +1,27 @@
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee43
diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
index af7b465..7dd4513 100644
--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@@ -780,10 +780,19 @@
/* point without adding any point to the outline */
idx = decoder->num_flex_vectors++;
if ( idx > 0 && idx < 7 )
+ {
+ /* in malformed fonts it is possible to have other */
+ /* opcodes in the middle of a flex (which don't */
+ /* increase `num_flex_vectors'); we thus have to */
+ /* check whether we can add a point */
+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
+ goto Syntax_Error;
+
t1_builder_add_point( builder,
x,
y,
(FT_Byte)( idx == 3 || idx == 6 ) );
+ }
}
break;

22
pkgs/development/libraries/freetype/cve-2017-8287.patch Normal file
View File

@ -0,0 +1,22 @@
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
index d18e821..0baf836 100644
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -1718,6 +1718,14 @@
first = outline->n_contours <= 1
? 0 : outline->contours[outline->n_contours - 2] + 1;
+ /* in malformed fonts it can happen that a contour was started */
+ /* but no points were added */
+ if ( outline->n_contours && first == outline->n_points )
+ {
+ outline->n_contours--;
+ return;
+ }
+
/* We must not include the last point in the path if it */
/* is located on the first point. */
if ( outline->n_points > 1 )

3
pkgs/development/libraries/freetype/default.nix
View File

@ -48,6 +48,9 @@ in stdenv.mkDerivation {
./pcf-config-long-family-names.patch
./disable-pcf-long-family-names.patch
./enable-table-validation.patch
# remove the two CVE patches after updating to >= 2.8
./cve-2017-8105.patch
./cve-2017-8287.patch
] ++
optional useEncumberedCode ./enable-subpixel-rendering.patch;