Bug#653635: t1lib: diff for NMU version 5.1.2-3.3

Thu, 29 Dec 2011 14:39:20 -0800 

Package: t1lib
Version: 5.1.2-3.2
Severity: normal
Tags: patch pending

Dear maintainer,

I've prepared an NMU for t1lib (versioned as 5.1.2-3.3) and
uploaded it to DELAYED/02 fixing the security issue CVE-2011-0764
and not shipping the .la file anymore. Please feel free to tell me
if I should delay it longer.

Cheers

Luk

diff -u t1lib-5.1.2/debian/libt1-dev.install t1lib-5.1.2/debian/libt1-dev.install
--- t1lib-5.1.2/debian/libt1-dev.install
+++ t1lib-5.1.2/debian/libt1-dev.install
@@ -2,3 +2,2 @@
 debian/tmp/usr/lib/*.so
-debian/tmp/usr/lib/*.la
 debian/tmp/usr/lib/*.a
diff -u t1lib-5.1.2/debian/changelog t1lib-5.1.2/debian/changelog
--- t1lib-5.1.2/debian/changelog
+++ t1lib-5.1.2/debian/changelog
@@ -1,3 +1,12 @@
+t1lib (5.1.2-3.3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix arbitrary code execution CVE-2011-0764 by only using ppoints when
+    it is a valid pointer (Closes: #652996).
+  * Don't ship .la file anymore (Closes: #633247).
+
+ -- Luk Claes <l...@debian.org>  Thu, 29 Dec 2011 23:21:33 +0100
+
 t1lib (5.1.2-3.2) unstable; urgency=low
 
   * Non-maintainer upload. (version 5.1.2-3.2 triggered a problem with dak)
diff -u t1lib-5.1.2/debian/patches/series t1lib-5.1.2/debian/patches/series
--- t1lib-5.1.2/debian/patches/series
+++ t1lib-5.1.2/debian/patches/series
@@ -5,0 +6 @@
+CVE-2011-0764.diff
only in patch2:
unchanged:
--- t1lib-5.1.2.orig/debian/patches/CVE-2011-0764.diff
+++ t1lib-5.1.2/debian/patches/CVE-2011-0764.diff
@@ -0,0 +1,32 @@
+Description: Don't lookup previous point if there isn't any
+Author: Marc Deslauriers <marc.deslauri...@canonical.com>
+Forwarded: no
+
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c	2011-12-13 14:24:14.280965637 -0600
++++ t1lib-5.1.2/lib/type1/type1.c	2011-12-13 14:25:25.893320747 -0600
+@@ -1700,6 +1700,7 @@
+   long pindex = 0;
+   
+   /* compute hinting for previous segment! */
++  if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
+   FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+ 
+   /* Allocate a new path point and pre-setup data */
+@@ -1728,6 +1729,7 @@
+   long pindex = 0;
+   
+   /* compute hinting for previous point! */
++  if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
+   FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+ 
+   /* Allocate three new path points and pre-setup data */
+@@ -1903,6 +1905,7 @@
+     FindStems( currx, curry, 0, 0, dx, dy);
+   }
+   else {
++    if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
+     FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+   }
+

Reply via email to