diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2020-10-20 09:04:33 +0200 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2020-10-20 09:04:56 +0200 |
| commit | d93a975c694a048359086224a27dba08d4633d23 (patch) | |
| tree | f8d2bf348602f565afb5b730356f655df8322d12 /media-libs/freetype/files | |
| parent | media-sound/alsa-utils: stable 1.2.3 for sparc (diff) | |
| download | gentoo-d93a975c694a048359086224a27dba08d4633d23.tar.gz gentoo-d93a975c694a048359086224a27dba08d4633d23.tar.bz2 gentoo-d93a975c694a048359086224a27dba08d4633d23.zip | |
media-libs/freetype: Security bump to version 2.10.4. Removed old
Bug: https://bugs.gentoo.org/750275
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'media-libs/freetype/files')
| -rw-r--r-- | media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch b/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch deleted file mode 100644 index 215b03b2d3d5..000000000000 --- a/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch +++ /dev/null @@ -1,51 +0,0 @@ -http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd -https://bugs.gentoo.org/750275 ----- -From a3bab162b2ae616074c8877a04556932998aeacd Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Mon, 19 Oct 2020 23:45:28 +0200 -Subject: [sfnt] Fix heap buffer overflow (#59308). - -This is CVE-2020-15999. - -* src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier. ---- - ChangeLog | 8 ++++++++ - src/sfnt/pngshim.c | 14 +++++++------- - 2 files changed, 15 insertions(+), 7 deletions(-) - -diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c -index 2e64e5846..f55016122 100644 ---- a/src/sfnt/pngshim.c -+++ b/src/sfnt/pngshim.c -@@ -332,6 +332,13 @@ - - if ( populate_map_and_metrics ) - { -+ /* reject too large bitmaps similarly to the rasterizer */ -+ if ( imgHeight > 0x7FFF || imgWidth > 0x7FFF ) -+ { -+ error = FT_THROW( Array_Too_Large ); -+ goto DestroyExit; -+ } -+ - metrics->width = (FT_UShort)imgWidth; - metrics->height = (FT_UShort)imgHeight; - -@@ -340,13 +347,6 @@ - map->pixel_mode = FT_PIXEL_MODE_BGRA; - map->pitch = (int)( map->width * 4 ); - map->num_grays = 256; -- -- /* reject too large bitmaps similarly to the rasterizer */ -- if ( map->rows > 0x7FFF || map->width > 0x7FFF ) -- { -- error = FT_THROW( Array_Too_Large ); -- goto DestroyExit; -- } - } - - /* convert palette/gray image to rgb */ --- -cgit v1.2.1 - |