freetype: fix CVE-2017-{8105,8287} by upstream patches
I copied the patches, as the changelog changes would certainly conflict.
This commit is contained in:
parent
fcdb4b51f8
commit
b0d2de45cd
|
@ -0,0 +1,27 @@
|
|||
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee43
|
||||
|
||||
diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
|
||||
index af7b465..7dd4513 100644
|
||||
--- a/src/psaux/t1decode.c
|
||||
+++ b/src/psaux/t1decode.c
|
||||
@@ -780,10 +780,19 @@
|
||||
/* point without adding any point to the outline */
|
||||
idx = decoder->num_flex_vectors++;
|
||||
if ( idx > 0 && idx < 7 )
|
||||
+ {
|
||||
+ /* in malformed fonts it is possible to have other */
|
||||
+ /* opcodes in the middle of a flex (which don't */
|
||||
+ /* increase `num_flex_vectors'); we thus have to */
|
||||
+ /* check whether we can add a point */
|
||||
+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
|
||||
+ goto Syntax_Error;
|
||||
+
|
||||
t1_builder_add_point( builder,
|
||||
x,
|
||||
y,
|
||||
(FT_Byte)( idx == 3 || idx == 6 ) );
|
||||
+ }
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b
|
||||
|
||||
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
|
||||
index d18e821..0baf836 100644
|
||||
--- a/src/psaux/psobjs.c
|
||||
+++ b/src/psaux/psobjs.c
|
||||
@@ -1718,6 +1718,14 @@
|
||||
first = outline->n_contours <= 1
|
||||
? 0 : outline->contours[outline->n_contours - 2] + 1;
|
||||
|
||||
+ /* in malformed fonts it can happen that a contour was started */
|
||||
+ /* but no points were added */
|
||||
+ if ( outline->n_contours && first == outline->n_points )
|
||||
+ {
|
||||
+ outline->n_contours--;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* We must not include the last point in the path if it */
|
||||
/* is located on the first point. */
|
||||
if ( outline->n_points > 1 )
|
||||
|
|
@ -48,6 +48,9 @@ in stdenv.mkDerivation {
|
|||
./pcf-config-long-family-names.patch
|
||||
./disable-pcf-long-family-names.patch
|
||||
./enable-table-validation.patch
|
||||
# remove the two CVE patches after updating to >= 2.8
|
||||
./cve-2017-8105.patch
|
||||
./cve-2017-8287.patch
|
||||
] ++
|
||||
optional useEncumberedCode ./enable-subpixel-rendering.patch;
|
||||
|
||||
|
|
Loading…
Reference in New Issue