Package: fontforge / 1:20161005~dfsg-4+deb9u1

Metadata

Package Version Patches format
fontforge 1:20161005~dfsg-4+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Fix out of bounds read in getsid.patch p1 | (download)

fontforge/parsettf.c | 14 10 + 4 - 0 !
1 file changed, 10 insertions(+), 4 deletions(-)

 [patch 1/6] fix out of bounds read in getsid

Closes #3088

0002 readcfftopdict Prevent stack underflow condition.patch p1 | (download)

fontforge/parsettf.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch 2/6] readcfftopdict: prevent stack underflow condition

Closes #3091

0003 Fix out of bounds read condition and buffer overflow.patch p1 | (download)

fontforge/parsettf.c | 4 4 + 0 - 0 !
fontforge/psread.c | 5 5 + 0 - 0 !
fontforge/tottf.c | 2 1 + 1 - 0 !
3 files changed, 10 insertions(+), 1 deletion(-)

 [patch 3/6] fix out of bounds read condition and buffer overflow
 condition

* parsettf.c: Reading past the end of the fontnames array
* psread.c: Reading more data than is available in type1
* tottf.c: Use snprintf instead of sprintf

Closes #3096

0004 parsettf.c Fix buffer overrun condition.patch p1 | (download)

fontforge/parsettf.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 4/6] parsettf.c: fix buffer overrun condition

Closes #3090

0005 parsettf.c Fix buffer overflow condition when readin.patch p1 | (download)

fontforge/parsettf.c | 11 10 + 1 - 0 !
1 file changed, 10 insertions(+), 1 deletion(-)

 [patch 5/6] parsettf.c: fix buffer overflow condition when reading
 CFF top dictionary

Closes #3087

0006 parsettf.c Fix out of bounds read condition on buffe.patch p1 | (download)

fontforge/parsettf.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 6/6] parsettf.c: fix out of bounds read condition on buffer

Closes #3093

2001_repackaging_fixup.patch | (download)

Makefile.am | 2 1 + 1 - 0 !
configure.ac | 36 0 + 36 - 0 !
2 files changed, 1 insertion(+), 37 deletions(-)

 adjust build tools for repackaged upstream source
2002_avoid_upstream_git_or_pkg.patch | (download)

Makefile.am | 21 0 + 21 - 0 !
configure.ac | 6 3 + 3 - 0 !
fontforge/Makefile.am | 2 1 + 1 - 0 !
3 files changed, 4 insertions(+), 25 deletions(-)

 avoid build tools messing with vcs or packaging
1001_reproducibe_buildtimestamps.patch | (download)

configure.ac | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 use source_date_epoch in version timestamps
 To allow package to build reproducibly use SOURCE_DATE_EPOCH as
 mentioned in¹
 .
 ¹ https://reproducible-builds.org/specs/source-date-epoch/