diff options
| author | taca <taca> | 2010-03-27 15:59:33 +0000 |
|---|---|---|
| committer | taca <taca> | 2010-03-27 15:59:33 +0000 |
| commit | ed334abecdb10852e7d4f3a55b808d79e914836c (patch) | |
| tree | e66c509f7169dc3673b111cf33e0d1325494f10b /devel | |
| parent | 815a8315c05506147ae844b27f8f62184d693912 (diff) | |
| download | pkgsrc-ed334abecdb10852e7d4f3a55b808d79e914836c.tar.gz | |
Add a patch to fix CVE-2010-0421, DoS security fix.
Bump PKGREVISION.
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/pango/Makefile | 4 | ||||
| -rw-r--r-- | devel/pango/distinfo | 3 | ||||
| -rw-r--r-- | devel/pango/patches/patch-am | 24 |
3 files changed, 28 insertions, 3 deletions
diff --git a/devel/pango/Makefile b/devel/pango/Makefile index d211879ca8d..732011efd6d 100644 --- a/devel/pango/Makefile +++ b/devel/pango/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.140 2010/02/21 23:51:25 tron Exp $ +# $NetBSD: Makefile,v 1.141 2010/03/27 15:59:33 taca Exp $ DISTNAME= pango-1.26.2 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= devel fonts MASTER_SITES= ${MASTER_SITE_GNOME:=sources/pango/1.26/} EXTRACT_SUFX= .tar.bz2 diff --git a/devel/pango/distinfo b/devel/pango/distinfo index 31327f6b789..541e197ba59 100644 --- a/devel/pango/distinfo +++ b/devel/pango/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.82 2010/02/21 23:51:25 tron Exp $ +$NetBSD: distinfo,v 1.83 2010/03/27 15:59:33 taca Exp $ SHA1 (pango-1.26.2.tar.bz2) = 051b6f7b5f98a4c8083ef6a5178cb5255a992b98 RMD160 (pango-1.26.2.tar.bz2) = 6613bddf643d5c912e6656d84c6671aa6ce88a9d @@ -6,3 +6,4 @@ Size (pango-1.26.2.tar.bz2) = 1536011 bytes SHA1 (patch-aa) = 1a87d055dc722eff28517a11d0832ae19df5eb59 SHA1 (patch-ab) = 12c09b12ba31be19fa0d602f89909811e6221bd8 SHA1 (patch-ae) = 9eb458be84f6dfce27fb469d45cc78e34acd9c36 +SHA1 (patch-am) = dc7387b4da24356a56ab8d07ef0462b6f4b3b209 diff --git a/devel/pango/patches/patch-am b/devel/pango/patches/patch-am new file mode 100644 index 00000000000..dd03db1b9e0 --- /dev/null +++ b/devel/pango/patches/patch-am @@ -0,0 +1,24 @@ +$NetBSD: patch-am,v 1.1 2010/03/27 15:59:34 taca Exp $ + +Fix for CVE-2010-0421. + +--- pango/opentype/hb-ot-layout.cc.orig 2009-11-26 00:44:17.000000000 +0000 ++++ pango/opentype/hb-ot-layout.cc +@@ -44,6 +44,8 @@ _hb_ot_layout_init (hb_face_t *face) + { + hb_ot_layout_t *layout = &face->ot_layout; + ++ memset (layout, 0, sizeof (*layout)); ++ + layout->gdef_blob = Sanitizer<GDEF>::sanitize (hb_face_get_table (face, HB_OT_TAG_GDEF)); + layout->gdef = &Sanitizer<GDEF>::lock_instance (layout->gdef_blob); + +@@ -293,7 +295,7 @@ hb_ot_layout_build_glyph_classes (hb_fac + return; + + if (layout->new_gdef.len == 0) { +- layout->new_gdef.klasses = (unsigned char *) calloc (num_total_glyphs, sizeof (unsigned char)); ++ layout->new_gdef.klasses = (unsigned char *) calloc (count, sizeof (unsigned char)); + layout->new_gdef.len = count; + } + |