r24550 - in /desktop/lenny/pango1.0/debian: changelog patches/23_CVE-2010-0421.patch patches/24_harfbuzz_crash.patch patches/series

joss at users.alioth.debian.org joss at users.alioth.debian.org
Sat Jun 19 12:05:27 UTC 2010 

Author: joss
Date: Sat Jun 19 12:05:20 2010
New Revision: 24550

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=24550
Log:
* Rename CVE-2010-0421.patch to 23_CVE-2010-0421.patch.
* 24_harfbuzz_crash.patch: patch from upstream. Fixes a crash when 
  passing invalid Unicode sequences.

Added:
    desktop/lenny/pango1.0/debian/patches/23_CVE-2010-0421.patch
    desktop/lenny/pango1.0/debian/patches/24_harfbuzz_crash.patch
Modified:
    desktop/lenny/pango1.0/debian/changelog
    desktop/lenny/pango1.0/debian/patches/series

Modified: desktop/lenny/pango1.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/pango1.0/debian/changelog?rev=24550&op=diff
==============================================================================
--- desktop/lenny/pango1.0/debian/changelog [utf-8] (original)
+++ desktop/lenny/pango1.0/debian/changelog [utf-8] Sat Jun 19 12:05:20 2010
@@ -1,8 +1,10 @@
-pango1.0 (1.20.5-6) UNRELEASED; urgency=low
-
-  * NOT RELEASED YET.
-
- -- Josselin Mouette <joss at debian.org>  Sat, 20 Mar 2010 15:50:16 +0100
+pango1.0 (1.20.5-6) stable; urgency=low
+
+  * Rename CVE-2010-0421.patch to 23_CVE-2010-0421.patch.
+  * 24_harfbuzz_crash.patch: patch from upstream. Fixes a crash when 
+    passing invalid Unicode sequences.
+
+ -- Josselin Mouette <joss at debian.org>  Sat, 19 Jun 2010 14:01:19 +0200
 
 pango1.0 (1.20.5-5+lenny1) stable-security; urgency=high
 

Added: desktop/lenny/pango1.0/debian/patches/23_CVE-2010-0421.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/pango1.0/debian/patches/23_CVE-2010-0421.patch?rev=24550&op=file
==============================================================================
--- desktop/lenny/pango1.0/debian/patches/23_CVE-2010-0421.patch (added)
+++ desktop/lenny/pango1.0/debian/patches/23_CVE-2010-0421.patch [utf-8] Sat Jun 19 12:05:20 2010
@@ -1,0 +1,32 @@
+CVE-2010-0421
+--- a/pango/opentype/harfbuzz-gdef.c
++++ b/pango/opentype/harfbuzz-gdef.c
+@@ -923,7 +923,7 @@ HB_Error  HB_GDEF_Build_ClassDefinition(
+ 	    goto Fail1;
+       }
+ 
+-      if ( gcrr[count - 1].End != num_glyphs - 1 )
++      if ( gcrr[count - 1].End + 1 < num_glyphs )
+       {
+ 	if ( ALLOC_ARRAY( ngc[count],
+ 			  ( num_glyphs - gcrr[count - 1].End + 2 ) / 4,
+@@ -938,7 +938,9 @@ HB_Error  HB_GDEF_Build_ClassDefinition(
+ 			HB_UShort ) )
+ 	  goto Fail2;
+   }
+-      
++  else
++    num_glyphs = 1;
++
+   gdef->LastGlyph = num_glyphs - 1;
+ 
+   gdef->MarkAttachClassDef_offset = 0L;
+@@ -996,6 +998,8 @@ _HB_GDEF_Add_Glyph_Property( HB_GDEFHead
+   HB_ClassRangeRecord*  gcrr;
+   HB_UShort**            ngc;
+ 
++  if ( glyphID >= gdef->LastGlyph )
++    return 0;
+ 
+   error = _HB_OPEN_Get_Class( &gdef->GlyphClassDef, glyphID, &class, &index );
+   if ( error && error != HB_Err_Not_Covered )

Added: desktop/lenny/pango1.0/debian/patches/24_harfbuzz_crash.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/pango1.0/debian/patches/24_harfbuzz_crash.patch?rev=24550&op=file
==============================================================================
--- desktop/lenny/pango1.0/debian/patches/24_harfbuzz_crash.patch (added)
+++ desktop/lenny/pango1.0/debian/patches/24_harfbuzz_crash.patch [utf-8] Sat Jun 19 12:05:20 2010
@@ -1,0 +1,26 @@
+From 71ff3cebfee8b393ecb7eff4d4d12167efb59b27 Mon Sep 17 00:00:00 2001
+From: Alberto Garcia <agarcia at igalia.com>
+Date: Thu, 17 Jun 2010 11:28:17 +0200
+Subject: [PATCH] Bug 621814 - Crash in Lookup_MarkMarkPos()
+
+---
+ pango/opentype/harfbuzz-gpos.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/pango/opentype/harfbuzz-gpos.c b/pango/opentype/harfbuzz-gpos.c
+index c78dcba..668a7d0 100644
+--- a/pango/opentype/harfbuzz-gpos.c
++++ b/pango/opentype/harfbuzz-gpos.c
+@@ -2990,6 +2990,9 @@ static HB_Error  Lookup_MarkMarkPos( GPOS_Instance*    gpi,
+     j--;
+   }
+ 
++  if ( i > buffer->in_pos )
++    return HB_Err_Not_Covered;
++
+   error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
+ 			  &mark2_index );
+   if ( error )
+-- 
+1.5.6.5
+

Modified: desktop/lenny/pango1.0/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/pango1.0/debian/patches/series?rev=24550&op=diff
==============================================================================
--- desktop/lenny/pango1.0/debian/patches/series [utf-8] (original)
+++ desktop/lenny/pango1.0/debian/patches/series [utf-8] Sat Jun 19 12:05:20 2010
@@ -4,6 +4,7 @@
 20_indic_rendering.patch
 21_harfbuzz_gpos.patch
 22_CVE-2009-1194.patch
+23_CVE-2010-0421.patch
+24_harfbuzz_crash.patch
 60_link-pangoxft-to-fontconfig.patch
 70_automake.patch
-CVE-2010-0421.patch

More information about the pkg-gnome-commits mailing list