t1lib: moved from opt, marked unmaintained

2023-08-19 11:55:53 +02:00 · 2023-08-19 11:55:53 +02:00 · 82d54617b7
parent c06ed42a35
commit 82d54617b7
8 changed files with 347 additions and 0 deletions
--- a/t1lib/.footprint
+++ b/t1lib/.footprint
@ -0,0 +1,21 @@
+drwxr-xr-x	root/root	usr/
+drwxr-xr-x	root/root	usr/bin/
+-rwxr-xr-x	root/root	usr/bin/type1afm
+-rwxr-xr-x	root/root	usr/bin/xglyph
+drwxr-xr-x	root/root	usr/include/
+-rw-r--r--	root/root	usr/include/t1lib.h
+-rw-r--r--	root/root	usr/include/t1libx.h
+drwxr-xr-x	root/root	usr/lib/
+-rw-r--r--	root/root	usr/lib/libt1.a
+-rwxr-xr-x	root/root	usr/lib/libt1.la
+lrwxrwxrwx	root/root	usr/lib/libt1.so -> libt1.so.5.1.2
+lrwxrwxrwx	root/root	usr/lib/libt1.so.5 -> libt1.so.5.1.2
+-rwxr-xr-x	root/root	usr/lib/libt1.so.5.1.2
+-rw-r--r--	root/root	usr/lib/libt1x.a
+-rwxr-xr-x	root/root	usr/lib/libt1x.la
+lrwxrwxrwx	root/root	usr/lib/libt1x.so -> libt1x.so.5.1.2
+lrwxrwxrwx	root/root	usr/lib/libt1x.so.5 -> libt1x.so.5.1.2
+-rw-r--r--	root/root	usr/lib/libt1x.so.5.1.2
+drwxr-xr-x	root/root	usr/share/
+drwxr-xr-x	root/root	usr/share/t1lib/
+-rw-r--r--	root/root	usr/share/t1lib/t1lib.config
--- a/t1lib/.signature
+++ b/t1lib/.signature
@ -0,0 +1,10 @@
+untrusted comment: verify with /etc/ports/contrib.pub
+RWSagIOpLGJF3/rLyFZldFSakWve67dTzHnqBY1dZTsLCqINVgc3oG5nxLZ4GsfLSq0ZBdltVWLoDxcstwVD8PJzQJoyLkyx6g4=
+SHA256 (Pkgfile) = a71c37bd8a633fe7d16c1dba6eb030c95520c8626d145ed1949db66edd3827a2
+SHA256 (.footprint) = 46babc8d254f58210ac81bf75c76aa3e8267f96c65919e9cf16feabf5b135a87
+SHA256 (t1lib-5.1.2.tar.gz) = 821328b5054f7890a0d0cd2f52825270705df3641dbd476d58d17e56ed957b59
+SHA256 (lib-cleanup.diff) = 5b161f4e0f4ad297ad8eea70ea99620f5db6f7e487bbd63a819b6a9958540961
+SHA256 (format-security.diff) = 89b0aa7ca57fd8e9753336033c1d3e3e58c6c79e943144430e8af9a4626fdd25
+SHA256 (CVE-2011-0764.diff) = a763650bdcffd33a61cd2cecef766b8d6baa9999561463ae9dfdc20d55caef04
+SHA256 (CVE-2011-1552_1553_1554.patch) = 4bc34e092fdec37e06b38b5b7a3b02194732dbe6a39edbd174b36c2db1f113ac
+SHA256 (CVE-2010-2642.patch) = dcd9064f368e0fc1f3ede0a45e61b364f6b5d3607dccae78ac07e74ca315a27d
--- a/t1lib/CVE-2010-2642.patch
+++ b/t1lib/CVE-2010-2642.patch
@ -0,0 +1,24 @@
+diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c
+index 6a31d7f..ba64541 100644
+--- a/lib/t1lib/parseAFM.c
+++ b/lib/t1lib/parseAFM.c
+@@ -199,7 +199,9 @@ static char *token(stream)
+     idx = 0;
+     
+     while (ch != EOF && ch != ' ' && ch != CR  && ch != LF &&
+-	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
+	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'
+     && idx < (MAX_NAME -1))
+    {
+       ident[idx++] = ch;
+       ch = fgetc(stream);
+     } /* while */
+@@ -235,7 +237,7 @@ static char *linetoken(stream)
+     while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); 
+     
+     idx = 0;
+-    while (ch != EOF && ch != CR  && ch != LF && ch != CTRL_Z) 
+    while (ch != EOF && ch != CR  && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1)) 
+     {
+         ident[idx++] = ch;
+         ch = fgetc(stream);
--- a/t1lib/CVE-2011-0764.diff
+++ b/t1lib/CVE-2011-0764.diff
@ -0,0 +1,32 @@
+Description: Don't lookup previous point if there isn't any
+Author: Marc Deslauriers <marc.deslauriers@canonical.com>
+Forwarded: no
+
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c	2011-12-13 14:24:14.280965637 -0600
+++ t1lib-5.1.2/lib/type1/type1.c	2011-12-13 14:25:25.893320747 -0600
+@@ -1700,6 +1700,7 @@
+   long pindex = 0;
+   
+   /* compute hinting for previous segment! */
+  if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
+   FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+ 
+   /* Allocate a new path point and pre-setup data */
+@@ -1728,6 +1729,7 @@
+   long pindex = 0;
+   
+   /* compute hinting for previous point! */
+  if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
+   FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+ 
+   /* Allocate three new path points and pre-setup data */
+@@ -1903,6 +1905,7 @@
+     FindStems( currx, curry, 0, 0, dx, dy);
+   }
+   else {
+    if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
+     FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+   }
+   
--- a/t1lib/CVE-2011-1552_1553_1554.patch
+++ b/t1lib/CVE-2011-1552_1553_1554.patch
@ -0,0 +1,133 @@
+Author: Jaroslav Škarvada <jskarvad@redhat.com>
+Description: Fix more crashes on oversized fonts
+Bug-Redhat: http://bugzilla.redhat.com/show_bug.cgi?id=692909
+Index: t1lib-5.1.2/lib/type1/lines.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/lines.c	2007-12-23 09:49:42.000000000 -0600
+++ t1lib-5.1.2/lib/type1/lines.c	2012-01-17 14:15:08.000000000 -0600
+@@ -67,6 +67,10 @@
+ None.
+ */
+  
+#define  BITS         (sizeof(LONG)*8)
+#define  HIGHTEST(p)  (((p)>>(BITS-2)) != 0)  /* includes sign bit */
+#define  TOOBIG(xy)   ((xy < 0) ? HIGHTEST(-xy) : HIGHTEST(xy))
+
+ /*
+ :h2.StepLine() - Produces Run Ends for a Line After Checks
+  
+@@ -84,6 +88,9 @@
+        IfTrace4((LineDebug > 0), ".....StepLine: (%d,%d) to (%d,%d)\n",
+                                             x1, y1, x2, y2);
+  
+      if ( TOOBIG(x1) || TOOBIG(x2) || TOOBIG(y1) || TOOBIG(y2))
+              abort("Lines this big not supported", 49);
+
+        dy = y2 - y1;
+  
+ /*
+Index: t1lib-5.1.2/lib/type1/objects.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/objects.c	2007-12-23 09:49:42.000000000 -0600
+++ t1lib-5.1.2/lib/type1/objects.c	2012-01-17 14:15:08.000000000 -0600
+@@ -1137,12 +1137,13 @@
+     "Context:  out of them", /* 46 */
+     "MatrixInvert:  can't", /* 47 */
+     "xiStub called", /* 48 */
+-    "Illegal access type1 abort() message" /* 49 */
+    "Lines this big not supported", /* 49 */
+    "Illegal access type1 abort() message" /* 50 */
+   };
+ 
+-  /* no is valid from 1 to 48 */
+-  if ( (number<1)||(number>48))
+-    number=49;
+  /* no is valid from 1 to 49 */
+  if ( (number<1)||(number>49))
+    number=50;
+   return( err_msgs[number-1]);
+     
+ }
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c	2012-01-17 14:13:28.000000000 -0600
+++ t1lib-5.1.2/lib/type1/type1.c	2012-01-17 14:19:54.000000000 -0600
+@@ -1012,6 +1012,7 @@
+   double nextdtana = 0.0;   /* tangent of post-delta against horizontal line */ 
+   double nextdtanb = 0.0;   /* tangent of post-delta against vertical line */ 
+   
+  if (ppoints == NULL || numppoints < 1) Error0v("FindStems: No previous point!\n");
+  
+   /* setup default hinted position */
+   ppoints[numppoints-1].ax     = ppoints[numppoints-1].x;
+@@ -1289,7 +1290,7 @@
+ static int DoRead(CodeP)
+   int *CodeP;
+ {
+-  if (strindex >= CharStringP->len) return(FALSE); /* end of string */
+  if (!CharStringP || strindex >= CharStringP->len) return(FALSE); /* end of string */
+   /* We handle the non-documented Adobe convention to use lenIV=-1 to
+      suppress charstring encryption. */
+   if (blues->lenIV==-1) {
+@@ -1700,7 +1701,7 @@
+   long pindex = 0;
+   
+   /* compute hinting for previous segment! */
+-  if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
+  if (ppoints == NULL || numppoints < 2) Error0i("RLineTo: No previous point!\n");
+   FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+ 
+   /* Allocate a new path point and pre-setup data */
+@@ -1729,7 +1730,7 @@
+   long pindex = 0;
+   
+   /* compute hinting for previous point! */
+-  if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
+  if (ppoints == NULL || numppoints < 2) Error0i("RRCurveTo: No previous point!\n");
+   FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+ 
+   /* Allocate three new path points and pre-setup data */
+@@ -1788,7 +1789,9 @@
+   long tmpind;
+   double deltax = 0.0;
+   double deltay = 0.0;
+-  
+ 
+  if (ppoints == NULL || numppoints < 1) Error0i("DoClosePath: No previous point!");
+ 
+   /* If this ClosePath command together with the starting point of this
+      path completes to a segment aligned to a stem, we would miss
+      hinting for this point. --> Check and explicitly care for this! */
+@@ -1803,6 +1806,7 @@
+     deltax = ppoints[i].x - ppoints[numppoints-1].x;
+     deltay = ppoints[i].y - ppoints[numppoints-1].y;
+ 
+    if (ppoints == NULL || numppoints <= i + 1) Error0i("DoClosePath: No previous point!");
+     /* save nummppoints and reset to move point */
+     tmpind = numppoints;
+     numppoints = i + 1;
+@@ -1905,7 +1909,7 @@
+     FindStems( currx, curry, 0, 0, dx, dy);
+   }
+   else {
+-    if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
+    if (ppoints == NULL || numppoints < 2) Error0i("RMoveTo: No previous point!\n");
+     FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+   }
+   
+@@ -2155,6 +2159,7 @@
+   DOUBLE cx, cy;
+   DOUBLE ex, ey;
+ 
+  if (ppoints == NULL || numppoints < 8) Error0v("FlxProc: No previous point!");
+ 
+   /* Our PPOINT list now contains 7 moveto commands which
+      are about to be consumed by the Flex mechanism. --> Remove these
+@@ -2324,6 +2329,7 @@
+ /*   Returns currentpoint on stack          */
+ static void FlxProc2()
+ {
+  if (ppoints == NULL || numppoints < 1) Error0v("FlxProc2: No previous point!");
+   /* Push CurrentPoint on fake PostScript stack */
+   PSFakePush( ppoints[numppoints-1].x);
+   PSFakePush( ppoints[numppoints-1].y);
--- a/t1lib/Pkgfile
+++ b/t1lib/Pkgfile
@ -0,0 +1,35 @@
+# Description: rasterizer library for Adobe Type 1 fonts
+# URL: https://www.ibiblio.org/pub/Linux/libs/graphics/!INDEX.html
+# Maintainer: unmaintained
+# Depends on: xorg-libxaw
+
+name=t1lib
+version=5.1.2
+release=2
+source=(https://www.ibiblio.org/pub/Linux/libs/graphics/$name-$version.tar.gz
+  lib-cleanup.diff
+  format-security.diff
+  CVE-2011-0764.diff
+  CVE-2011-1552_1553_1554.patch
+  CVE-2010-2642.patch)
+
+build() {
+  cd $name-$version
+
+  patch -p1 -i $SRC/lib-cleanup.diff
+  patch -p1 -i $SRC/format-security.diff
+  patch -p1 -i $SRC/CVE-2011-0764.diff
+  patch -p1 -i $SRC/CVE-2011-1552_1553_1554.patch
+  patch -p1 -i $SRC/CVE-2010-2642.patch
+
+  ./configure \
+    --prefix=/usr \
+    --disable-nls
+
+  make without_doc -j1
+  make prefix=$PKG/usr install
+
+  rm -r $PKG/usr/share/t1lib/doc
+  cd $PKG/usr/lib
+  chmod a+x libt1.la libt1.so.${version} libt1x.la
+}
--- a/t1lib/format-security.diff
+++ b/t1lib/format-security.diff
@ -0,0 +1,33 @@
+--- a/lib/type1/objects.c
+++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+  
+        sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+                   name, TypeFmt(expect), TypeFmt(obj->type));
+-       IfTrace0(TRUE,typemsg);
+       IfTrace1(TRUE, "%s", typemsg);
+  
+        ObjectPostMortem(obj);
+  
+--- a/lib/t1lib/t1subset.c
+++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ 	     tr_len);
+     T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ 		 T1LOG_DEBUG);
+-    l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
+    l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
+   }
+   
+   /* compute size of output file */
+--- a/lib/type1/objects.h
+++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model)                                 \
+-        {if (condition) printf(model);}
+        {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0)                            \
+         {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1)                       \
--- a/t1lib/lib-cleanup.diff
+++ b/t1lib/lib-cleanup.diff
@ -0,0 +1,59 @@
+do not link against libraries that are not needed
+
+Index: t1lib-5.1.1/lib/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/lib/Makefile.in	2008-01-05 19:17:21.000000000 +0100
+++ t1lib-5.1.1/lib/Makefile.in	2008-01-05 19:17:38.000000000 +0100
+@@ -24,7 +24,7 @@
+ X_LIBS    = @X_LIBS@
+ TOPSRC    = @top_srcdir@
+ XPM_LIB   = -lXpm
+-XLIB      = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@
+XLIB      = -lX11
+ LDFLAGS   = @LDFLAGS@
+ LDLIBS    = @LDLIBS@
+ AR        = ar rc
+@@ -137,7 +137,7 @@
+ 	$(LIBTOOL) --mode=link \
+ 		$(CC) $(LDFLAGS) -o $@ $(T1LIBX_OBJS) \
+ 	         -version-info @T1LIB_LT_CURRENT@:@T1LIB_LT_REVISION@:@T1LIB_LT_AGE@ \
+-	         libt1.la $(X_LIBS) $(XPM_LIB) $(XLIB)  -no-undefined -rpath $(libdir) 
+	         libt1.la $(X_LIBS) $(XLIB)  -no-undefined -rpath $(libdir) 
+ 	cp t1lib/t1libx.h .
+ 
+ 
+Index: t1lib-5.1.1/type1afm/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/type1afm/Makefile.in	2008-01-05 19:17:52.000000000 +0100
+++ t1lib-5.1.1/type1afm/Makefile.in	2008-01-05 19:18:02.000000000 +0100
+@@ -70,7 +70,7 @@
+ 
+ type1afm: $(OBJS) ../lib/t1lib.h
+ 	$(LIBTOOL) --mode=link \
+-		$(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB) $(LDLIBS)
+		$(CC) -o type1afm $(LDFLAGS) $(OBJS) $(T1LIB)
+ 
+ .SUFFIXES: .lo
+ .c.lo:
+Index: t1lib-5.1.1/xglyph/Makefile.in
+===================================================================
+--- t1lib-5.1.1.orig/xglyph/Makefile.in	2008-01-05 19:18:15.000000000 +0100
+++ t1lib-5.1.1/xglyph/Makefile.in	2008-01-05 19:18:31.000000000 +0100
+@@ -24,7 +24,7 @@
+ X_LIBS    = @X_LIBS@
+ TOPSRC    = @top_srcdir@
+ XPM_LIB   = -lXpm
+-XLIB      = @X_PRE_LIBS@ -lXext -lX11 @X_EXTRA_LIBS@
+XLIB      = -lX11 @X_EXTRA_LIBS@
+ LDFLAGS   = @LDFLAGS@
+ LDLIBS    = @LDLIBS@ 
+ AR        = ar rc
+@@ -65,7 +65,7 @@
+ 
+ T1LIB  = ../lib/libt1.la
+ T1LIBX = ../lib/libt1x.la
+-XAWLIB = -lXaw -lXt -lXmu
+XAWLIB = -lXaw -lXt
+ 
+ 
+ all: xglyph