diff options
| author | Mark H Weaver <mhw@netris.org> | 2017-04-20 15:10:54 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2017-04-21 00:04:34 -0400 |
| commit | bab9a8ba0f285a811b7b36291bdc3db33b6c2b60 (patch) | |
| tree | 45a4f856920786f04f69a360e13902979f0c49cb /gnu/packages/patches/graphite2-non-linear-classes-even-number.patch | |
| parent | f920e79426f51f1320dd4ffc164fc473df2158c3 (diff) | |
| download | guix-bab9a8ba0f285a811b7b36291bdc3db33b6c2b60.tar guix-bab9a8ba0f285a811b7b36291bdc3db33b6c2b60.tar.gz | |
gnu: graphite2: Add fixes for CVE-2017-5436 and other bugs.
* gnu/packages/fontutils.scm (graphite2)[replacement]: New field.
(graphite2/fixed): New variable.
* gnu/packages/patches/graphite2-CVE-2017-5436.patch,
gnu/packages/patches/graphite2-check-code-point-limit.patch,
gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch,
gnu/packages/patches/graphite2-non-linear-classes-even-number.patch:
New files.
* gnu/local.mk (dist_patch_DATA): Add them.
Diffstat (limited to 'gnu/packages/patches/graphite2-non-linear-classes-even-number.patch')
| -rw-r--r-- | gnu/packages/patches/graphite2-non-linear-classes-even-number.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch new file mode 100644 index 0000000000..2bb1c9f94e --- /dev/null +++ b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch @@ -0,0 +1,26 @@ +From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001 +From: Martin Hosken <martin_hosken@sil.org> +Date: Tue, 18 Apr 2017 13:17:14 +0100 +Subject: [PATCH] Ensure non linear classes have even number of elements + +--- + src/Silf.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/Silf.cpp b/src/Silf.cpp +index d661992..9f2f954 100644 +--- a/src/Silf.cpp ++++ b/src/Silf.cpp +@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error + if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off + || e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ... + || lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off] +- || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange ++ || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange ++ || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even. + return ERROROFFSET; + } + +-- +2.12.2 + |