summaryrefslogtreecommitdiff
path: root/graphics/freetype2/patches/patch-ab
diff options
context:
space:
mode:
authorsbd <sbd>2010-12-19 03:47:00 +0000
committersbd <sbd>2010-12-19 03:47:00 +0000
commit7b37b3b226a6b8c22a447a05c90df041aeb34542 (patch)
tree655bac677d4cdc9946fc17483fc78d38b05cf56e /graphics/freetype2/patches/patch-ab
parentd630a92b62d348f54a3942f776dd7781b48f5c9a (diff)
downloadpkgsrc-7b37b3b226a6b8c22a447a05c90df041aeb34542.tar.gz
Pullup ticket #3308 - requested by drochner
security updates for freetype2 Revisions pulled up: - pkgsrc/graphics/freetype2/Makefile 1.75-1.77 - pkgsrc/graphics/freetype2/distinfo 1.37-1.39 Files added: - pkgsrc/graphics/freetype2/patches/patch-ab 1.14, 1.15 - pkgsrc/graphics/freetype2/patches/patch-ac 1.6 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: drochner Date: Fri Oct 22 16:14:13 UTC 2010 Modified Files: pkgsrc/graphics/freetype2: Makefile distinfo Log Message: update to 2.4.3 changes: A rendering regression of S-shaped cubic arcs (introduced in version 2.4.0) has been fixed. Besides that, a bunch of fixes have been applied to improve handling of broken fonts. To generate a diff of this commit: cvs rdiff -u -r1.74 -r1.75 pkgsrc/graphics/freetype2/Makefile cvs rdiff -u -r1.36 -r1.37 pkgsrc/graphics/freetype2/distinfo ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: drochner Date: Wed Nov 3 11:56:37 UTC 2010 Modified Files: pkgsrc/graphics/freetype2: Makefile distinfo Added Files: pkgsrc/graphics/freetype2/patches: patch-ab Log Message: add patch from upstream CVS to fix a possible buffer overflow when processing TrueType GX fonts (SA41738), bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.75 -r1.76 pkgsrc/graphics/freetype2/Makefile cvs rdiff -u -r1.37 -r1.38 pkgsrc/graphics/freetype2/distinfo cvs rdiff -u -r0 -r1.14 pkgsrc/graphics/freetype2/patches/patch-ab ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: drochner Date: Wed Nov 24 18:44:55 UTC 2010 Modified Files: pkgsrc/graphics/freetype2: Makefile distinfo pkgsrc/graphics/freetype2/patches: patch-ab Added Files: pkgsrc/graphics/freetype2/patches: patch-ac Log Message: add patch from upstream CVS to fix handling the "SHZ" bytecode instruction which could be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font (CVE-2010-3814) bump PKGREV being here, add CVE reference to an older patch To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.77 pkgsrc/graphics/freetype2/Makefile cvs rdiff -u -r1.38 -r1.39 pkgsrc/graphics/freetype2/distinfo cvs rdiff -u -r1.14 -r1.15 pkgsrc/graphics/freetype2/patches/patch-ab cvs rdiff -u -r0 -r1.6 pkgsrc/graphics/freetype2/patches/patch-ac
Diffstat (limited to 'graphics/freetype2/patches/patch-ab')
-rw-r--r--graphics/freetype2/patches/patch-ab24
1 files changed, 24 insertions, 0 deletions
diff --git a/graphics/freetype2/patches/patch-ab b/graphics/freetype2/patches/patch-ab
new file mode 100644
index 00000000000..03c80f71087
--- /dev/null
+++ b/graphics/freetype2/patches/patch-ab
@@ -0,0 +1,24 @@
+$NetBSD: patch-ab,v 1.15.2.2 2010/12/19 03:47:00 sbd Exp $
+
+CVE-2010-3855
+
+--- src/truetype/ttgxvar.c.orig 2010-07-12 19:03:49.000000000 +0000
++++ src/truetype/ttgxvar.c
+@@ -154,7 +154,7 @@
+ runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
+ first = points[i++] = FT_GET_USHORT();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ /* first point not included in runcount */
+@@ -165,7 +165,7 @@
+ {
+ first = points[i++] = FT_GET_BYTE();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ for ( j = 0; j < runcnt; ++j )
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-08 21:52:47 +0000