Hello community, here is the log from the commit of package t1lib for openSUSE:Factory checked in at Mon Mar 2 01:18:24 CET 2009. -------- --- t1lib/t1lib.changes 2007-09-20 19:15:22.000000000 +0200 +++ /mounts/work_src_done/STABLE/t1lib/t1lib.changes 2009-03-02 00:59:42.000000000 +0100 @@ -1,0 +2,7 @@ +Mon Mar 2 00:57:49 CET 2009 - crrodriguez@suse.de + +- taking over this package, PHP depends on it. +- update to version 5.1.2, only obsoletes previuosly added patches +- merge debian patches + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- bugzilla-240159-array-subscript-out-of-bounds.patch t1lib-5.1.1-bof.patch t1lib-5.1.1.tar.bz2 New: ---- t1lib_5.1.2-3.diff.gz t1lib-5.1.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ t1lib.spec ++++++ --- /var/tmp/diff_new_pack.O16900/_old 2009-03-02 01:17:28.000000000 +0100 +++ /var/tmp/diff_new_pack.O16900/_new 2009-03-02 01:17:28.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package t1lib (Version 5.1.1) +# spec file for package t1lib (Version 5.1.2) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,17 +19,16 @@ Name: t1lib -BuildRequires: xorg-x11-devel +BuildRequires: quilt xorg-x11-devel License: LGPL v2.1 or later Group: System/Libraries AutoReqProv: on -Version: 5.1.1 -Release: 100 +Version: 5.1.2 +Release: 1 Url: ftp://sunsite.unc.edu/pub/Linux/libs/graphics/ Source: ftp://sunsite.unc.edu/pub/Linux/libs/graphics/%{name}-%{version}.tar.bz2 Patch0: t1lib-auto.patch -Patch2: bugzilla-240159-array-subscript-out-of-bounds.patch -Patch3: t1lib-5.1.1-bof.patch +Patch1: t1lib_5.1.2-3.diff.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Adobe Type 1 Font Rasterizing Library @@ -65,19 +64,20 @@ %prep %setup -q -n t1lib-%{version} %patch0 -p1 -b .auto -%patch2 -p1 -%patch3 +%patch1 -p1 +QUILT_PATCHES=debian/patches quilt push -a %build -autoreconf -fi +autoreconf -fiv export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="%{optflags} -fno-strict-aliasing" %configure --disable-static --with-pic -%{__make} without_doc +%{__make} %{?jobs:-j%jobs} without_doc %install %{__make} DESTDIR=%{buildroot} install %{__rm} -f %{buildroot}%{_datadir}/t1lib/doc/t1lib_doc* +%{__rm} -f %{buildroot}%{_libdir}/*.la %clean %{__rm} -rf %{buildroot} @@ -90,8 +90,6 @@ %defattr(-, root, root) %{_libdir}/libt1.so.* %{_libdir}/libt1x.so.* -%dir %config %{_datadir}/t1lib -%config %{_datadir}/t1lib/t1lib.config %{_bindir}/type1afm %{_bindir}/xglyph @@ -99,12 +97,15 @@ %defattr(-, root, root) %doc doc/t1lib_doc.pdf %doc doc/t1_data.eps -%doc Changes LGPL LICENSE README.t1lib-5.1.1 +%doc Changes LGPL LICENSE README.t1lib-%{version} %{_libdir}/libt1*.so %{_includedir}/t1lib*.h -%exclude %{_libdir}/*.la %changelog +* Mon Mar 02 2009 crrodriguez@suse.de +- taking over this package, PHP depends on it. +- update to version 5.1.2, only obsoletes previuosly added patches +- merge debian patches * Thu Sep 20 2007 crrodriguez@suse.de - fix Bug 326687 - VUL-0: t1lib buffer overflow triggerable from PHP scripts. * Wed Aug 08 2007 crrodriguez@suse.de ++++++ t1lib_5.1.2-3.diff.gz ++++++ ++++ 1830 lines (skipped) ++++++ t1lib-5.1.1.tar.bz2 -> t1lib-5.1.2.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/Changes new/t1lib-5.1.2/Changes --- old/t1lib-5.1.1/Changes 2006-12-17 20:02:30.000000000 +0100 +++ new/t1lib-5.1.2/Changes 2007-12-23 16:49:43.000000000 +0100 @@ -892,3 +892,14 @@ - Small number of further fixes, in particular with respect to the build mechanism. + + + +December 2007: t1lib-5.1.2: +--------------------------- + +- Small number of fixes reported by users. The fixes pertain to a + vulnerability issue, memory access issues. + +- More decent handling if Encoding and / or FontBBox specification are missing + (which is invalid with respect to the specification, but recoverablel). diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/configure new/t1lib-5.1.2/configure --- old/t1lib-5.1.1/configure 2006-12-17 19:54:49.000000000 +0100 +++ new/t1lib-5.1.2/configure 2007-12-23 16:49:43.000000000 +0100 @@ -1537,16 +1537,15 @@ - T1LIB_LT_CURRENT=6 -T1LIB_LT_REVISION=1 +T1LIB_LT_REVISION=2 T1LIB_LT_AGE=1 -T1LIB_IDENTIFIER="5.1.1" +T1LIB_IDENTIFIER="5.1.2" T1LIB_VERSION=5 T1LIB_REVISION=1 -T1LIB_PATCHLEVEL=1 -T1LIB_VERSIONSTRING=""5.1.1"" +T1LIB_PATCHLEVEL=2 +T1LIB_VERSIONSTRING=""5.1.2"" @@ -5498,7 +5497,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 5501 "configure"' > conftest.$ac_ext + echo '#line 5500 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: "$ac_compile"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -6733,7 +6732,7 @@ # Provide some information about the compiler. -echo "$as_me:6736:" \ +echo "$as_me:6735:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: "$ac_compiler --version </dev/null >&5"") >&5 @@ -7794,11 +7793,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:7797: $lt_compile"" >&5) + (eval echo ""$as_me:7796: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7801: $? = $ac_status" >&5 + echo "$as_me:7800: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -8037,11 +8036,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:8040: $lt_compile"" >&5) + (eval echo ""$as_me:8039: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8044: $? = $ac_status" >&5 + echo "$as_me:8043: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -8097,11 +8096,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:8100: $lt_compile"" >&5) + (eval echo ""$as_me:8099: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8104: $? = $ac_status" >&5 + echo "$as_me:8103: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10282,7 +10281,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 10285 "configure" +#line 10284 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10380,7 +10379,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 10383 "configure" +#line 10382 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12577,11 +12576,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:12580: $lt_compile"" >&5) + (eval echo ""$as_me:12579: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12584: $? = $ac_status" >&5 + echo "$as_me:12583: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -12637,11 +12636,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:12640: $lt_compile"" >&5) + (eval echo ""$as_me:12639: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:12644: $? = $ac_status" >&5 + echo "$as_me:12643: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -13998,7 +13997,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 14001 "configure" +#line 14000 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -14096,7 +14095,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 14099 "configure" +#line 14098 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -14933,11 +14932,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:14936: $lt_compile"" >&5) + (eval echo ""$as_me:14935: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:14940: $? = $ac_status" >&5 + echo "$as_me:14939: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -14993,11 +14992,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:14996: $lt_compile"" >&5) + (eval echo ""$as_me:14995: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15000: $? = $ac_status" >&5 + echo "$as_me:14999: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17032,11 +17031,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:17035: $lt_compile"" >&5) + (eval echo ""$as_me:17034: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17039: $? = $ac_status" >&5 + echo "$as_me:17038: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -17275,11 +17274,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:17278: $lt_compile"" >&5) + (eval echo ""$as_me:17277: $lt_compile"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17282: $? = $ac_status" >&5 + echo "$as_me:17281: $? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -17335,11 +17334,11 @@ -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo ""$as_me:17338: $lt_compile"" >&5) + (eval echo ""$as_me:17337: $lt_compile"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:17342: $? = $ac_status" >&5 + echo "$as_me:17341: $? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -19520,7 +19519,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 19523 "configure" +#line 19522 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -19618,7 +19617,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 19621 "configure" +#line 19620 "configure" #include "confdefs.h" #if HAVE_DLFCN_H diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/configure.in new/t1lib-5.1.2/configure.in --- old/t1lib-5.1.1/configure.in 2006-12-17 19:54:35.000000000 +0100 +++ new/t1lib-5.1.2/configure.in 2007-12-23 16:49:43.000000000 +0100 @@ -4,7 +4,7 @@ dnl dnl Author: Rainer Menzner (Rainer.Menzner@web.de) dnl Date: 06/25/1997 -dnl Last Modified: 2006-12-17 +dnl Last Modified: 2007-12-21 dnl AC_REVISION([configure.in 1.00]) @@ -46,9 +46,8 @@ dnl 6. If any interfaces have been removed since the last public release, dnl then set AGE to 0. - define( MACRO_T1LIB_LT_CURRENT, 6) -define( MACRO_T1LIB_LT_REVISION, 1) +define( MACRO_T1LIB_LT_REVISION, 2) define( MACRO_T1LIB_LT_AGE, 1) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/examples/subset.c new/t1lib-5.1.2/examples/subset.c --- old/t1lib-5.1.1/examples/subset.c 2005-05-07 23:09:04.000000000 +0200 +++ new/t1lib-5.1.2/examples/subset.c 2007-12-23 16:49:43.000000000 +0100 @@ -1,13 +1,13 @@ /*-------------------------------------------------------------------------- ----- File: subset.c ----- Author: Rainer Menzner (Rainer.Menzner@web.de) - ----- Date: 2005-05-07 + ----- Date: 2007-12-22 ----- Description: This file is part of t1lib. The program subset reads a font file name and a string from the commandline and creates a subset of the font which is sufficient to display the string. It is an example of how to use font subsetting. - ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2005. + ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2007. As of version 0.5, t1lib is distributed under the GNU General Public Library Lincense. The conditions can be found in the files LICENSE and @@ -31,6 +31,7 @@ #include <stdio.h> #include <string.h> +#include <stdlib.h> /* Note: We include t1lib.h from lib/t1lib. That way the objectfile does only need to be rebuild when the header itself changes and not each time the library has been recompiled */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/lib/t1lib/t1aaset.c new/t1lib-5.1.2/lib/t1lib/t1aaset.c --- old/t1lib-5.1.1/lib/t1lib/t1aaset.c 2006-11-06 22:38:08.000000000 +0100 +++ new/t1lib-5.1.2/lib/t1lib/t1aaset.c 2007-12-23 16:49:42.000000000 +0100 @@ -2,11 +2,11 @@ ----- File: t1aaset.c ----- Author: Rainer Menzner (Rainer.Menzner@web.de) Subsampling based on code by Raph Levien (raph@acm.org) - ----- Date: 2006-11-06 + ----- Date: 2007-12-21 ----- Description: This file is part of the t1-library. It contains functions for antialiased setting of characters and strings of characters. - ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2006. + ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2007. As of version 0.5, t1lib is distributed under the GNU General Public Library Lincense. The conditions can be found in the files LICENSE and @@ -1559,7 +1559,7 @@ -/* Get the current setting of graylevels for 2x antialiasing. The 17 +/* Get the current setting of graylevels for 4x antialiasing. The 17 values are stored at address pgrayvals in order from background to foreground */ int T1_AAHGetGrayValues( long *pgrayvals) @@ -1577,14 +1577,14 @@ } for ( i=0; i<17; i++) { /* bg (i=0) to fg (i=16) */ - pgrayvals[i]=gv[i]; + pgrayvals[i]=gv_h[i]; } return( 0); } -/* Get the current setting of graylevels for 2x antialiasing. The 2 +/* Get the current setting of graylevels for no antialiasing. The 2 values are stored at address pgrayvals in order from background to foreground */ int T1_AANGetGrayValues( long *pgrayvals) @@ -1599,8 +1599,8 @@ T1_errno=T1ERR_INVALID_PARAMETER; return(-1); } - pgrayvals[0]=gv[0]; /* background */ - pgrayvals[1]=gv[1]; /* foreground */ + pgrayvals[0]=gv_n[0]; /* background */ + pgrayvals[1]=gv_n[1]; /* foreground */ return( 0); } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/lib/t1lib/t1afmtool.c new/t1lib-5.1.2/lib/t1lib/t1afmtool.c --- old/t1lib-5.1.1/lib/t1lib/t1afmtool.c 2005-05-02 00:05:03.000000000 +0200 +++ new/t1lib-5.1.2/lib/t1lib/t1afmtool.c 2007-12-23 16:49:42.000000000 +0100 @@ -1,11 +1,11 @@ /*-------------------------------------------------------------------------- ----- File: t1afmtool.c ----- Author: Rainer Menzner (Rainer.Menzner@web.de) - ----- Date: 2005-05-01 + ----- Date: 2007-12-23 ----- Description: This file is part of the t1-library. It contains functions for generating a fallback set of afm data from type 1 font files. - ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2005. + ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2007. As of version 0.5, t1lib is distributed under the GNU General Public Library Lincense. The conditions can be found in the files LICENSE and @@ -90,6 +90,13 @@ char **charnames; int nochars=0; FontInfo *pAFMData; + + /* When generaing fallback info, we accumulate a font bounding box that + could be useful when the font's definition is missing or trivial. */ + int acc_llx=0; + int acc_lly=0; + int acc_urx=0; + int acc_ury=0; /* We return to this if something goes wrong deep in the rasterizer */ @@ -237,6 +244,21 @@ pAFMData->cmi[i].charBBox.ury =0; } pAFMData->cmi[i].ligs=NULL; + + /* Accumulate bounding box of font */ + if ( pAFMData->cmi[i].charBBox.llx < acc_llx ) { + acc_llx=pAFMData->cmi[i].charBBox.llx; + } + if ( pAFMData->cmi[i].charBBox.lly < acc_lly ) { + acc_lly=pAFMData->cmi[i].charBBox.lly; + } + if ( pAFMData->cmi[i].charBBox.urx > acc_urx ) { + acc_urx=pAFMData->cmi[i].charBBox.urx; + } + if ( pAFMData->cmi[i].charBBox.ury > acc_ury ) { + acc_ury=pAFMData->cmi[i].charBBox.ury; + } + /* We are done with area, so get rid of it. Solves the REALLY HUGE memory leak */ KillRegion (area); @@ -247,6 +269,24 @@ nochars, FontID); T1_PrintLog( "T1_GenerateAFMFallbackInfo()", err_warn_msg_buf, T1LOG_STATISTIC); + + /* Check whether the bounding box we computed could be better than that + specified in the font file itself. Id so, we overwrite it. */ + if ( pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[0].data.integer == 0 && + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[1].data.integer == 0 && + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[2].data.integer == 0 && + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[3].data.integer == 0 ) { + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[0].data.integer = acc_llx; + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[1].data.integer = acc_lly; + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[2].data.integer = acc_urx; + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[3].data.integer = acc_ury; + + sprintf( err_warn_msg_buf, + "Substituted accumulated FontBBox [%d,%d,%d,%d] for trivial FontBBox of font %d!", + acc_llx, acc_lly, acc_urx, acc_ury, FontID); + T1_PrintLog( "T1_GenerateAFMFallbackInfo()", err_warn_msg_buf, + T1LOG_WARNING); + } /* make sure to free S */ if (S) { diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/lib/t1lib/t1env.c new/t1lib-5.1.2/lib/t1lib/t1env.c --- old/t1lib-5.1.1/lib/t1lib/t1env.c 2005-05-18 05:08:27.000000000 +0200 +++ new/t1lib-5.1.2/lib/t1lib/t1env.c 2007-12-23 16:49:42.000000000 +0100 @@ -1,11 +1,11 @@ /*-------------------------------------------------------------------------- ----- File: t1env.c ----- Author: Rainer Menzner (Rainer.Menzner@web.de) - ----- Date: 2005-05-17 + ----- Date: 2007-12-22 ----- Description: This file is part of the t1-library. It implements the reading of a configuration file and path-searching of type1-, afm- and encoding files. - ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2005. + ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2007. As of version 0.5, t1lib is distributed under the GNU General Public Library Lincense. The conditions can be found in the files LICENSE and @@ -601,7 +601,7 @@ /* cut a trailing directory separator */ j=strlen(pathbuf); if (pathbuf[j-1]==DIRECTORY_SEP_CHAR) - pathbuf[j--]='\0'; + pathbuf[--j]='\0'; /* Add the directory separator: */ #ifdef VMS { char *p= strrchr(pathbuf, DIRECTORY_SEP_CHAR); @@ -610,7 +610,24 @@ } #endif strcat( pathbuf, DIRECTORY_SEP); - /* And finally the filename: */ + /* And finally the filename. + The following is fix against a vulnerability given by passing in + large filenames, cf.: + + http://www.securityfocus.com/bid/25079 + + or + + http://packetstormsecurity.nl/0707-advisories/t1lib.txt + + If current pathbuf + StrippedName + 1 byte for NULL is bigger than + pathbuf log a warning and try next pathbuf */ + if ( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) { + T1_PrintLog( "intT1_Env_GetCompletePath()", "Omitting suspicious long candidate path in order to prevent buffer overflow.", + T1LOG_WARNING); + i++; + continue; + } strcat( pathbuf, StrippedName); /* Check for existence of the path: */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/lib/t1lib/t1lib.h new/t1lib-5.1.2/lib/t1lib/t1lib.h --- old/t1lib-5.1.1/lib/t1lib/t1lib.h 2006-12-17 19:57:42.000000000 +0100 +++ new/t1lib-5.1.2/lib/t1lib/t1lib.h 2007-12-23 16:49:42.000000000 +0100 @@ -41,8 +41,8 @@ /* Version information filled in by configure */ #define T1LIB_VERSION 5 #define T1LIB_REVISION 1 -#define T1LIB_PATCHLEVEL 1 -#define T1LIB_VERSIONSTRING "5.1.1" +#define T1LIB_PATCHLEVEL 2 +#define T1LIB_VERSIONSTRING "5.1.2" /* Data Type information filled in by configure. */ typedef short T1_int16; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/lib/t1lib/t1load.c new/t1lib-5.1.2/lib/t1lib/t1load.c --- old/t1lib-5.1.1/lib/t1lib/t1load.c 2005-05-02 01:16:05.000000000 +0200 +++ new/t1lib-5.1.2/lib/t1lib/t1load.c 2007-12-23 16:49:42.000000000 +0100 @@ -1,11 +1,11 @@ /*-------------------------------------------------------------------------- ----- File: t1load.c ----- Author: Rainer Menzner (Rainer.Menzner@web.de) - ----- Date: 2005-05-01 + ----- Date: 2007-12-23 ----- Description: This file is part of the t1-library. It contains functions for loading fonts and for managing size dependent data. - ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2005. + ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2007. As of version 0.5, t1lib is distributed under the GNU General Public Library Lincense. The conditions can be found in the files LICENSE and @@ -87,7 +87,7 @@ int T1_LoadFont( int FontID) { - int i, j, k, l, m; + int i, j, k, l, m, n; char *FileName, *FileNamePath; int mode; /* This is used by the type1-library for error reporting */ char *charname; @@ -160,6 +160,40 @@ free(FileNamePath); + /* Set some default for FontBBox and Encoding if the font does not provide + correct data. Strictly taken, these fonts do not adhere to the Type1 + specification. However, it is easy to work around and find reasonable + defaults. This solution has been proposed by the Debian community (see + http://bugs.debian.org/313236). */ + /* 1. FontBBox. We set default values of 0 which is recommended by Adobe + in cases where the font does not make use of the SEAC primitive. Later on, + if AFM fallback info is computed, these settings might be overwritten with + meaningful values. */ + if (pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP == NULL) { + if ((pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP = + (psobj *)vm_alloc(4 * sizeof(psobj))) == NULL) { + T1_PrintLog( "T1_LoadFont()", "Error allocating memory for fontbbox objects (FontID=%d)", + T1LOG_ERROR, FontID); + T1_errno=T1ERR_ALLOC_MEM; + return(-1); + } + for (n = 0; n < 4; n++) { + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[n].type = OBJ_INTEGER; + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[n].len = 0; + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[FONTBBOX].value.data.arrayP[n].data.integer = 0; + } + T1_PrintLog( "T1_LoadFont()", "Missing FontBBox, adding a trivial one in order to avoid crashes (FontID=%d)", + T1LOG_WARNING, FontID); + } + /* 2. Encoding. In this case, we simply fallback to Standard Encoding. */ + if (pFontBase->pFontArray[FontID].pFontEnc == NULL && + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[ENCODING].value.data.arrayP == NULL) { + pFontBase->pFontArray[FontID].pType1Data->fontInfoP[ENCODING].value.data.valueP = (char *) StdEncArrayP; + T1_PrintLog( "T1_LoadFont()", "Missing, invalid or undefined Encoding, setting up Standard Encoding in order to avoid crashes (FontID=%d)", + T1LOG_WARNING, FontID); + } + + /* Store the base address of virtual memory and realloc in order not to waste too much memory: */ pFontBase->pFontArray[FontID].vm_base=vm_base; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/README.t1lib-5.1.1 new/t1lib-5.1.2/README.t1lib-5.1.1 --- old/t1lib-5.1.1/README.t1lib-5.1.1 2006-12-17 20:03:08.000000000 +0100 +++ new/t1lib-5.1.2/README.t1lib-5.1.1 1970-01-01 01:00:00.000000000 +0100 @@ -1,223 +0,0 @@ - - -------------------------------------------------------------------------- - --------------------------- t1lib-README --------------------------------- - -------------------------------------------------------------------------- - -/*-------------------------------------------------------------------------- - ----- File: REAMDE.t1lib-5.1.1 - ----- Author: Rainer Menzner (Rainer.Menzner@web.de) - ----- Date: 2006-12-17 - ----- Description: This is file README.t1lib of the t1lib-package. It - contains an overview and brief installation - instructions for the t1-library. - ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2006. - As of version 0.5, t1lib is distributed under the - GNU General Public Library License. The - conditions can be found in the files LICENSE and - LGPL, which should reside in the toplevel - directory of the distribution. Please note that - there are parts of t1lib that are subject to - other licenses: - The parseAFM-package is copyrighted by Adobe Systems - Inc. - The type1 rasterizer is copyrighted by IBM and the - X11-consortium. - ----- Warranties: Of course, there's NO WARRANTY OF ANY KIND :-) - ----- Credits: I want to thank IBM and the X11-consortium for making - their rasterizer freely available. - Also thanks to Piet Tutelaers for his ps2pk, from - which I took the rasterizer sources in a format - independent from X11. - Thanks to all people who make free software living! ---------------------------------------------------------------------------*/ - - - -About t1lib: ------------- - -t1lib is a library distributed under the GNU General Public Library -License for generating character- and string-glyphs from Adobe Type 1 -fonts under UNIX. t1lib uses most of the code of the X11 rasterizer -donated by IBM to the X11-project. But some disadvantages of the -rasterizer being included in X11 have been eliminated. Here are some -of the features: - -- t1lib is completely independent of X11 (although the program - provided for testing the library needs X11) - -- fonts are made known to library by means of a font database file at - runtime - -- searchpaths for all types of input files are configured by means - of a configuration file at runtime - -- characters are rastered as they are needed - -- characters and complete strings may be rastered by a simple function - call - -- when rastering strings, pairwise kerning information from .afm-files - may optionally be taken into account - -- an interface to ligature-information of afm-files is provided - -- a program to generate afm-files from Type 1 font files is included - -- rotation and arbitrary transformations are supported - -- there's support for extending and slanting fonts - -- underlining, overlining and overstriking is supported - -- new encoding vectors may be loaded at runtime and fonts may be - reencoded using these encoding vectors - -- antialiasing is implemented - -- Right-To-Left typesetting is supported - -- Font subsetting is easily possible - -- support of composite character information - -- stroking of character outlines with variable strokewidths - -- An interactive test program called "xglyph" is included in the - distribution. This program allows to test all of the features of the - library. It requires X11. - - - -Changes and New Features: -------------------------- - -- See the file Changes in the T1Lib top-directory for information on new - features. - - - -Installation: -------------- - ------------------------------------------------------------------------------ -Note: VMS-users should examine configure.com in the toplevel directory, which - is a configure-script for VMS, kindly contributed by John Hasstedt - and now maintained by Martin Zinser. - This file contains notes on how to compile t1lib on VMS. ------------------------------------------------------------------------------ - - -After unpacking the archive (what you obviously did already), change -to subdirectory t1lib-..../ and type: - - ./configure - -This will create the Makefiles. Then type - - make - - -In order to use the testprogram xglyph, X11 needs to be installed on your -system. - -If you have difficulties during configuring and building t1lib, cd to -directory t1lib-.../doc and execute - - $ latex t1lib_doc.tex - $ makeindex t1lib_doc - $ latex t1lib_doc.tex - $ latex t1lib_doc.tex - -This will generate the docs which contain a more detailed description -of the build-process. LaTeX2e is required. Alternatively, you can scan the -preformatted pdf-documentation. - - -Before installing the libraries, you should test whether all things -work correct: - -1) Change to subdirectory xglyph - -2) Start the program xglyph - -3) Ensure that the output-window is not hidden behind another window. - -4) Before doing anything other, click on button "String". The - string "Test" should now be rastered and displayed in the - output-window, using font BitstreamCharterBTRoman at 100bp without - kerning. If that works, most probably all works for you. - -5) Have a look at t1lib_doc.dvi in the doc-subdirectory of the package - and read the chapter on xglyph. However, most of this program is - self-explaining, so that you might want to omit this step. - -6) Play with the program and enjoy. - -7) If you do not have X11, you can still check whether t1lib works for - you. Copy one of the pfb-files from t1lib-.../Fonts/type1, say, - bchr.pfb, to the type1afm-subdirectory, and run - - type1afm bchr.pfb - - If the afm-file bchr.afm is generated, t1lib will most probably - work on your system. - - - -Documentation: --------------- - -As mentioned above, documentation is provided in LaTeX2e-format -subdirectory T1Lib/doc. It should have been built during the build. -The section on runtime setup is really important, -because programs may fail due to an invalid or incomplete runtime -setup, although the programs itself may be correct! -A preformatted Version is also available in pdf. - - - -How to get it: --------------- - -t1lib is available at - -ftp://sunsite.unc.edu/pub/Linux/libs/graphics/t1lib-x.y[.z].tar.gz - -where x.y[.z] is the version identification. - - - -Closing: --------- - -You are allowed to send the author lots of money and dozents of gifts, -but you needn't :-) -If you have any comments to this library, feedback is wanted. Send -eMail to: - -Rainer.Menzner@web.de - - - -Future: -------- - -Within the past years, my time has constantly and increasingly become spare so -that I hardly found time to further develop t1lib. And developing free -software is undoubtedly related to a certain amount of fun, which in turn only -can come up if you are relaxed with respect to time ... - -Since t1lib now has reached a reasonably stable state, I intend to more or -less freeze the development of new features at this point. Of course, bug -fixes etc. should be possible further. - -If there is somebody out there willing to further develop t1lib, he or she is -welcome to contact me ... - - - -Have fun, - - -Rainer - diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/t1lib-5.1.1/README.t1lib-5.1.2 new/t1lib-5.1.2/README.t1lib-5.1.2 --- old/t1lib-5.1.1/README.t1lib-5.1.2 1970-01-01 01:00:00.000000000 +0100 +++ new/t1lib-5.1.2/README.t1lib-5.1.2 2007-12-23 16:49:43.000000000 +0100 @@ -0,0 +1,223 @@ + + -------------------------------------------------------------------------- + --------------------------- t1lib-README --------------------------------- + -------------------------------------------------------------------------- + +/*-------------------------------------------------------------------------- + ----- File: REAMDE.t1lib-5.1.2 + ----- Author: Rainer Menzner (Rainer.Menzner@web.de) + ----- Date: 2007-12-23 + ----- Description: This is file README.t1lib of the t1lib-package. It + contains an overview and brief installation + instructions for the t1-library. + ----- Copyright: t1lib is copyrighted (c) Rainer Menzner, 1996-2007. + As of version 0.5, t1lib is distributed under the + GNU General Public Library License. The + conditions can be found in the files LICENSE and + LGPL, which should reside in the toplevel + directory of the distribution. Please note that + there are parts of t1lib that are subject to + other licenses: + The parseAFM-package is copyrighted by Adobe Systems + Inc. + The type1 rasterizer is copyrighted by IBM and the + X11-consortium. + ----- Warranties: Of course, there's NO WARRANTY OF ANY KIND :-) + ----- Credits: I want to thank IBM and the X11-consortium for making + their rasterizer freely available. + Also thanks to Piet Tutelaers for his ps2pk, from + which I took the rasterizer sources in a format + independent from X11. + Thanks to all people who make free software living! +--------------------------------------------------------------------------*/ + + + +About t1lib: +------------ + +t1lib is a library distributed under the GNU General Public Library +License for generating character- and string-glyphs from Adobe Type 1 +fonts under UNIX. t1lib uses most of the code of the X11 rasterizer +donated by IBM to the X11-project. But some disadvantages of the +rasterizer being included in X11 have been eliminated. Here are some +of the features: + +- t1lib is completely independent of X11 (although the program + provided for testing the library needs X11) + +- fonts are made known to library by means of a font database file at + runtime + +- searchpaths for all types of input files are configured by means + of a configuration file at runtime + +- characters are rastered as they are needed + +- characters and complete strings may be rastered by a simple function + call + +- when rastering strings, pairwise kerning information from .afm-files + may optionally be taken into account + +- an interface to ligature-information of afm-files is provided + +- a program to generate afm-files from Type 1 font files is included + +- rotation and arbitrary transformations are supported + +- there's support for extending and slanting fonts + +- underlining, overlining and overstriking is supported + +- new encoding vectors may be loaded at runtime and fonts may be + reencoded using these encoding vectors + +- antialiasing is implemented + +- Right-To-Left typesetting is supported + +- Font subsetting is easily possible + +- support of composite character information + +- stroking of character outlines with variable strokewidths + +- An interactive test program called "xglyph" is included in the + distribution. This program allows to test all of the features of the + library. It requires X11. + + + +Changes and New Features: +------------------------- + +- See the file Changes in the T1Lib top-directory for information on new + features. + + + +Installation: +------------- + +----------------------------------------------------------------------------- +Note: VMS-users should examine configure.com in the toplevel directory, which + is a configure-script for VMS, kindly contributed by John Hasstedt + and now maintained by Martin Zinser. + This file contains notes on how to compile t1lib on VMS. +----------------------------------------------------------------------------- + + +After unpacking the archive (what you obviously did already), change +to subdirectory t1lib-..../ and type: + + ./configure + +This will create the Makefiles. Then type + + make + + +In order to use the testprogram xglyph, X11 needs to be installed on your +system. + +If you have difficulties during configuring and building t1lib, cd to +directory t1lib-.../doc and execute + + $ latex t1lib_doc.tex + $ makeindex t1lib_doc + $ latex t1lib_doc.tex + $ latex t1lib_doc.tex + +This will generate the docs which contain a more detailed description +of the build-process. LaTeX2e is required. Alternatively, you can scan the +preformatted pdf-documentation. + + +Before installing the libraries, you should test whether all things +work correct: + +1) Change to subdirectory xglyph + +2) Start the program xglyph + +3) Ensure that the output-window is not hidden behind another window. + +4) Before doing anything other, click on button "String". The + string "Test" should now be rastered and displayed in the + output-window, using font BitstreamCharterBTRoman at 100bp without + kerning. If that works, most probably all works for you. + +5) Have a look at t1lib_doc.dvi in the doc-subdirectory of the package + and read the chapter on xglyph. However, most of this program is + self-explaining, so that you might want to omit this step. + +6) Play with the program and enjoy. + +7) If you do not have X11, you can still check whether t1lib works for + you. Copy one of the pfb-files from t1lib-.../Fonts/type1, say, + bchr.pfb, to the type1afm-subdirectory, and run + + type1afm bchr.pfb + + If the afm-file bchr.afm is generated, t1lib will most probably + work on your system. + + + +Documentation: +-------------- + +As mentioned above, documentation is provided in LaTeX2e-format +subdirectory T1Lib/doc. It should have been built during the build. +The section on runtime setup is really important, +because programs may fail due to an invalid or incomplete runtime +setup, although the programs itself may be correct! +A preformatted Version is also available in pdf. + + + +How to get it: +-------------- + +t1lib is available at + +ftp://sunsite.unc.edu/pub/Linux/libs/graphics/t1lib-x.y[.z].tar.gz + +where x.y[.z] is the version identification. + + + +Closing: +-------- + +You are allowed to send the author lots of money and dozents of gifts, +but you needn't :-) +If you have any comments to this library, feedback is wanted. Send +eMail to: + +Rainer.Menzner@web.de + + + +Future: +------- + +Within the past years, my time has constantly and increasingly become spare so +that I hardly found time to further develop t1lib. And developing free +software is undoubtedly related to a certain amount of fun, which in turn only +can come up if you are relaxed with respect to time ... + +Since t1lib now has reached a reasonably stable state, I intend to more or +less freeze the development of new features at this point. Of course, bug +fixes etc. should be possible further. + +If there is somebody out there willing to further develop t1lib, he or she is +welcome to contact me ... + + + +Have fun, + + -Rainer + Files old/t1lib-5.1.1/xglyph/bchr.pfb and new/t1lib-5.1.2/xglyph/bchr.pfb differ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org