-add patch from https://bugzilla.gnome.org/show_bug.cgi?id=639882 to fix

 possible heap corruption when parsing a corrupt font (CVE-2011-0020)
-being here, add a patch from upstream to fix a scaling inconsistency
bump PKGREV

4 files changed, 64 insertions, 3 deletions

diff --git a/devel/pango/Makefile b/devel/pango/Makefile
index 25c270fd203..b632d4f289a 100644
--- a/devel/pango/Makefile
+++ b/devel/pango/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.150 2011/01/13 13:36:22 wiz Exp $
+# $NetBSD: Makefile,v 1.151 2011/01/27 14:04:51 drochner Exp $
 
 DISTNAME=		pango-1.28.3
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		devel fonts
 MASTER_SITES=		${MASTER_SITE_GNOME:=sources/pango/1.28/}
 EXTRACT_SUFX=		.tar.bz2
diff --git a/devel/pango/distinfo b/devel/pango/distinfo
index ce77e39f461..4a57248568f 100644
--- a/devel/pango/distinfo
+++ b/devel/pango/distinfo
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.86 2010/10/16 18:00:02 wiz Exp $
+$NetBSD: distinfo,v 1.87 2011/01/27 14:04:51 drochner Exp $
 
 SHA1 (pango-1.28.3.tar.bz2) = e72887d6e147b9abf54628c003836e61d97767a1
 RMD160 (pango-1.28.3.tar.bz2) = cdfd6d695b169e15801956fbfd54438c109f7a61
 Size (pango-1.28.3.tar.bz2) = 1509501 bytes
 SHA1 (patch-aa) = 1a87d055dc722eff28517a11d0832ae19df5eb59
 SHA1 (patch-ab) = 12c09b12ba31be19fa0d602f89909811e6221bd8
+SHA1 (patch-ac) = 349eaf578f26e9d55df01c736951f27cd70a89fc
+SHA1 (patch-ad) = 135fda8c8ff2e37f048374b1840291f7d2f6369f
diff --git a/devel/pango/patches/patch-ac b/devel/pango/patches/patch-ac
new file mode 100644
index 00000000000..bbd2ebc37e6
--- /dev/null
+++ b/devel/pango/patches/patch-ac
@@ -0,0 +1,15 @@
+$NetBSD: patch-ac,v 1.15 2011/01/27 14:04:51 drochner Exp $
+
+https://bugzilla.gnome.org/show_bug.cgi?id=636348
+
+--- pango/pangocairo-font.c.orig	2010-07-01 14:00:29.000000000 +0000
++++ pango/pangocairo-font.c
+@@ -433,6 +433,8 @@ _pango_cairo_font_private_get_hex_box_in
+   pango_ctm.x0 = cairo_ctm.x0;
+   pango_ctm.y0 = cairo_ctm.y0;
+ 
++  size /= pango_matrix_get_font_scale_factor (&pango_ctm);
++
+   if (is_hinted)
+     {
+       /* prepare for some hinting */
diff --git a/devel/pango/patches/patch-ad b/devel/pango/patches/patch-ad
new file mode 100644
index 00000000000..1f71fcdd828
--- /dev/null
+++ b/devel/pango/patches/patch-ad
@@ -0,0 +1,44 @@
+$NetBSD: patch-ad,v 1.12 2011/01/27 14:04:51 drochner Exp $
+
+https://bugzilla.gnome.org/show_bug.cgi?id=639882
+
+--- pango/pangoft2-render.c.orig	2010-02-09 12:06:28.000000000 +0000
++++ pango/pangoft2-render.c
+@@ -121,9 +121,14 @@ pango_ft2_font_render_box_glyph (int    
+ 
+   box->bitmap.width = width;
+   box->bitmap.rows = height;
+-  box->bitmap.pitch = height;
++  box->bitmap.pitch = width;
+ 
+-  box->bitmap.buffer = g_malloc0 (box->bitmap.rows * box->bitmap.pitch);
++  box->bitmap.buffer = g_malloc0_n (box->bitmap.rows, box->bitmap.pitch);
++
++  if (G_UNLIKELY (!box->bitmap.buffer)) {
++    g_slice_free (PangoFT2RenderedGlyph, box);
++    return NULL;
++  }
+ 
+   /* draw the box */
+   for (j = 0; j < line_width; j++)
+@@ -226,6 +231,11 @@ pango_ft2_font_render_glyph (PangoFont *
+       rendered->bitmap_left = face->glyph->bitmap_left;
+       rendered->bitmap_top = face->glyph->bitmap_top;
+ 
++      if (G_UNLIKELY (!rendered->bitmap.buffer)) {
++        g_slice_free (PangoFT2RenderedGlyph, rendered);
++	return NULL;
++      }
++
+       return rendered;
+     }
+   else
+@@ -276,6 +286,8 @@ pango_ft2_renderer_draw_glyph (PangoRend
+   if (rendered_glyph == NULL)
+     {
+       rendered_glyph = pango_ft2_font_render_glyph (font, glyph);
++      if (rendered_glyph == NULL)
++        return;
+       add_glyph_to_cache = TRUE;
+     }
+