diff options
author | sbd <sbd> | 2010-12-19 03:47:00 +0000 |
---|---|---|
committer | sbd <sbd> | 2010-12-19 03:47:00 +0000 |
commit | 7b37b3b226a6b8c22a447a05c90df041aeb34542 (patch) | |
tree | 655bac677d4cdc9946fc17483fc78d38b05cf56e | |
parent | d630a92b62d348f54a3942f776dd7781b48f5c9a (diff) | |
download | pkgsrc-7b37b3b226a6b8c22a447a05c90df041aeb34542.tar.gz |
Pullup ticket #3308 - requested by drochner
security updates for freetype2
Revisions pulled up:
- pkgsrc/graphics/freetype2/Makefile 1.75-1.77
- pkgsrc/graphics/freetype2/distinfo 1.37-1.39
Files added:
- pkgsrc/graphics/freetype2/patches/patch-ab 1.14, 1.15
- pkgsrc/graphics/freetype2/patches/patch-ac 1.6
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Fri Oct 22 16:14:13 UTC 2010
Modified Files:
pkgsrc/graphics/freetype2: Makefile distinfo
Log Message:
update to 2.4.3
changes:
A rendering regression of S-shaped cubic arcs (introduced in
version 2.4.0) has been fixed. Besides that, a bunch
of fixes have been applied to improve handling of broken fonts.
To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/graphics/freetype2/distinfo
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Wed Nov 3 11:56:37 UTC 2010
Modified Files:
pkgsrc/graphics/freetype2: Makefile distinfo
Added Files:
pkgsrc/graphics/freetype2/patches: patch-ab
Log Message:
add patch from upstream CVS to fix a possible buffer overflow
when processing TrueType GX fonts (SA41738), bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.75 -r1.76 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.37 -r1.38 pkgsrc/graphics/freetype2/distinfo
cvs rdiff -u -r0 -r1.14 pkgsrc/graphics/freetype2/patches/patch-ab
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Wed Nov 24 18:44:55 UTC 2010
Modified Files:
pkgsrc/graphics/freetype2: Makefile distinfo
pkgsrc/graphics/freetype2/patches: patch-ab
Added Files:
pkgsrc/graphics/freetype2/patches: patch-ac
Log Message:
add patch from upstream CVS to fix handling the "SHZ" bytecode instruction
which could be exploited to cause a crash and potentially execute
arbitrary code via a specially crafted font (CVE-2010-3814)
bump PKGREV
being here, add CVE reference to an older patch
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.38 -r1.39 pkgsrc/graphics/freetype2/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/graphics/freetype2/patches/patch-ab
cvs rdiff -u -r0 -r1.6 pkgsrc/graphics/freetype2/patches/patch-ac
-rw-r--r-- | graphics/freetype2/Makefile | 5 | ||||
-rw-r--r-- | graphics/freetype2/distinfo | 10 | ||||
-rw-r--r-- | graphics/freetype2/patches/patch-ab | 24 | ||||
-rw-r--r-- | graphics/freetype2/patches/patch-ac | 23 |
4 files changed, 56 insertions, 6 deletions
diff --git a/graphics/freetype2/Makefile b/graphics/freetype2/Makefile index 77a9ae494f1..44077eaa23b 100644 --- a/graphics/freetype2/Makefile +++ b/graphics/freetype2/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.74 2010/08/08 16:06:02 tnn Exp $ +# $NetBSD: Makefile,v 1.74.2.1 2010/12/19 03:47:00 sbd Exp $ -DISTNAME= freetype-2.4.2 +DISTNAME= freetype-2.4.3 PKGNAME= ${DISTNAME:S/-/2-/} +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \ ftp://ring.aist.go.jp/pub/graphics/freetype/freetype2/ diff --git a/graphics/freetype2/distinfo b/graphics/freetype2/distinfo index 4b7b4f938fe..b13a006c3e7 100644 --- a/graphics/freetype2/distinfo +++ b/graphics/freetype2/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.36 2010/08/08 16:06:02 tnn Exp $ +$NetBSD: distinfo,v 1.36.2.1 2010/12/19 03:47:00 sbd Exp $ -SHA1 (freetype-2.4.2.tar.bz2) = cc257ceda2950b8c80950d780ccf3ce665a815d1 -RMD160 (freetype-2.4.2.tar.bz2) = 5e3970f3a9e242255489111f77fe880d5d524860 -Size (freetype-2.4.2.tar.bz2) = 1433843 bytes +SHA1 (freetype-2.4.3.tar.bz2) = 16e5ba0ff23b2de372149a790b7245a762022912 +RMD160 (freetype-2.4.3.tar.bz2) = befa7c66a9574c682b45d69a1088d072d8f119d9 +Size (freetype-2.4.3.tar.bz2) = 1437406 bytes SHA1 (patch-aa) = 85bf9979802e04345a9f5ac3ada2cac9520dabcb +SHA1 (patch-ab) = fd2823043c3bf1488529167a56af69ecd036a920 +SHA1 (patch-ac) = bbd59b48a7827eb5e9c4905572f13b789a2d9c88 diff --git a/graphics/freetype2/patches/patch-ab b/graphics/freetype2/patches/patch-ab new file mode 100644 index 00000000000..03c80f71087 --- /dev/null +++ b/graphics/freetype2/patches/patch-ab @@ -0,0 +1,24 @@ +$NetBSD: patch-ab,v 1.15.2.2 2010/12/19 03:47:00 sbd Exp $ + +CVE-2010-3855 + +--- src/truetype/ttgxvar.c.orig 2010-07-12 19:03:49.000000000 +0000 ++++ src/truetype/ttgxvar.c +@@ -154,7 +154,7 @@ + runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK; + first = points[i++] = FT_GET_USHORT(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + /* first point not included in runcount */ +@@ -165,7 +165,7 @@ + { + first = points[i++] = FT_GET_BYTE(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + for ( j = 0; j < runcnt; ++j ) diff --git a/graphics/freetype2/patches/patch-ac b/graphics/freetype2/patches/patch-ac new file mode 100644 index 00000000000..bf7155e2961 --- /dev/null +++ b/graphics/freetype2/patches/patch-ac @@ -0,0 +1,23 @@ +$NetBSD: patch-ac,v 1.6.2.2 2010/12/19 03:47:00 sbd Exp $ + +CVE-2010-3814 + +--- src/truetype/ttinterp.c.orig 2010-10-01 06:08:19.000000000 +0000 ++++ src/truetype/ttinterp.c +@@ -5795,7 +5795,16 @@ + if ( CUR.GS.gep2 == 0 && CUR.zp2.n_points > 0 ) + last_point = (FT_UShort)( CUR.zp2.n_points - 1 ); + else if ( CUR.GS.gep2 == 1 && CUR.zp2.n_contours > 0 ) ++ { + last_point = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] ); ++ ++ if ( BOUNDS( last_point, CUR.zp2.n_points ) ) ++ { ++ if ( CUR.pedantic_hinting ) ++ CUR.error = TT_Err_Invalid_Reference; ++ return; ++ } ++ } + else + last_point = 0; + |