From 233fdcbd9c0f20f56ba3fc8eb622261868a44267 Mon Sep 17 00:00:00 2001 From: nico Date: Tue, 12 Oct 2010 20:09:12 +0000 Subject: [PATCH] packages/freetype: update to 2.3.12 git-svn-id: svn://svn.openwrt.org/openwrt/packages@23418 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- libs/freetype/Makefile | 8 +- libs/freetype/patches/901-cve-2009-0946.patch | 147 -------------------------- 2 files changed, 4 insertions(+), 151 deletions(-) delete mode 100644 libs/freetype/patches/901-cve-2009-0946.patch diff --git a/libs/freetype/Makefile b/libs/freetype/Makefile index 8a294ecc0..c4026c7ba 100644 --- a/libs/freetype/Makefile +++ b/libs/freetype/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freetype -PKG_VERSION:=2.3.9 -PKG_RELEASE:=2 +PKG_VERSION:=2.3.12 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@SF/freetype -PKG_MD5SUM:=d76233108aca9c9606cdbd341562ad9a +PKG_MD5SUM:=e974a82e5939be8e05ee65f07275d7c5 PKG_FIXUP:=libtool PKG_LIBTOOL_PATHS:=builds/unix @@ -24,9 +24,9 @@ include $(INCLUDE_DIR)/package.mk define Package/libfreetype SECTION:=libs CATEGORY:=Libraries - DEPENDS:=+zlib TITLE:=A free, high-quality and portable font engine URL:=http://www.freetype.org/ + DEPENDS:=+zlib endef define Package/libfreetype/description diff --git a/libs/freetype/patches/901-cve-2009-0946.patch b/libs/freetype/patches/901-cve-2009-0946.patch deleted file mode 100644 index 650570368..000000000 --- a/libs/freetype/patches/901-cve-2009-0946.patch +++ /dev/null @@ -1,147 +0,0 @@ -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946 - -Protect against malformed compressed data. -http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596 - -Protect against invalid SID values in CFFs. -http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 - -Fix validation for various cmap table formats. -http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e - -Protect against too large glyphs. -http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b - - ---- a/src/cff/cffload.c -+++ b/src/cff/cffload.c -@@ -842,7 +842,20 @@ - goto Exit; - - for ( j = 1; j < num_glyphs; j++ ) -- charset->sids[j] = FT_GET_USHORT(); -+ { -+ FT_UShort sid = FT_GET_USHORT(); -+ -+ -+ /* this constant is given in the CFF specification */ -+ if ( sid < 65000 ) -+ charset->sids[j] = sid; -+ else -+ { -+ FT_ERROR(( "cff_charset_load:" -+ " invalid SID value %d set to zero\n", sid )); -+ charset->sids[j] = 0; -+ } -+ } - - FT_FRAME_EXIT(); - } -@@ -875,6 +888,20 @@ - goto Exit; - } - -+ /* check whether the range contains at least one valid glyph; */ -+ /* the constant is given in the CFF specification */ -+ if ( glyph_sid >= 65000 ) { -+ FT_ERROR(( "cff_charset_load: invalid SID range\n" )); -+ error = CFF_Err_Invalid_File_Format; -+ goto Exit; -+ } -+ -+ /* try to rescue some of the SIDs if `nleft' is too large */ -+ if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) { -+ FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" )); -+ nleft = 65000 - 1 - glyph_sid; -+ } -+ - /* Fill in the range of sids -- `nleft + 1' glyphs. */ - for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ ) - charset->sids[j] = glyph_sid; ---- a/src/lzw/ftzopen.c -+++ b/src/lzw/ftzopen.c -@@ -332,6 +332,9 @@ - - while ( code >= 256U ) - { -+ if ( !state->prefix ) -+ goto Eof; -+ - FTLZW_STACK_PUSH( state->suffix[code - 256] ); - code = state->prefix[code - 256]; - } ---- a/src/smooth/ftsmooth.c -+++ b/src/smooth/ftsmooth.c -@@ -153,7 +153,7 @@ - slot->internal->flags &= ~FT_GLYPH_OWN_BITMAP; - } - -- /* allocate new one, depends on pixel format */ -+ /* allocate new one */ - pitch = width; - if ( hmul ) - { -@@ -194,6 +194,13 @@ - - #endif - -+ if ( pitch > 0xFFFF || height > 0xFFFF ) -+ { -+ FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n", -+ width, height )); -+ return Smooth_Err_Raster_Overflow; -+ } -+ - bitmap->pixel_mode = FT_PIXEL_MODE_GRAY; - bitmap->num_grays = 256; - bitmap->width = width; ---- a/src/sfnt/ttcmap.c -+++ b/src/sfnt/ttcmap.c -@@ -1635,7 +1635,7 @@ - FT_INVALID_TOO_SHORT; - - length = TT_NEXT_ULONG( p ); -- if ( table + length > valid->limit || length < 8208 ) -+ if ( length > (FT_UInt32)( valid->limit - table ) || length < 8192 + 16 ) - FT_INVALID_TOO_SHORT; - - is32 = table + 12; -@@ -1863,7 +1863,8 @@ - p = table + 16; - count = TT_NEXT_ULONG( p ); - -- if ( table + length > valid->limit || length < 20 + count * 2 ) -+ if ( length > (FT_ULong)( valid->limit - table ) || -+ length < 20 + count * 2 ) - FT_INVALID_TOO_SHORT; - - /* check glyph indices */ -@@ -2048,7 +2049,8 @@ - p = table + 12; - num_groups = TT_NEXT_ULONG( p ); - -- if ( table + length > valid->limit || length < 16 + 12 * num_groups ) -+ if ( length > (FT_ULong)( valid->limit - table ) || -+ length < 16 + 12 * num_groups ) - FT_INVALID_TOO_SHORT; - - /* check groups, they must be in increasing order */ -@@ -2429,7 +2431,8 @@ - FT_ULong num_selectors = TT_NEXT_ULONG( p ); - - -- if ( table + length > valid->limit || length < 10 + 11 * num_selectors ) -+ if ( length > (FT_ULong)( valid->limit - table ) || -+ length < 10 + 11 * num_selectors ) - FT_INVALID_TOO_SHORT; - - /* check selectors, they must be in increasing order */ -@@ -2491,7 +2494,7 @@ - FT_ULong i, lastUni = 0; - - -- if ( ndp + numMappings * 4 > valid->limit ) -+ if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ) - FT_INVALID_TOO_SHORT; - - for ( i = 0; i < numMappings; ++i ) -- 2.11.0