Pullup ticket 1686 - requested by salo

security fix for freetype2 Apply patch from salo, mirroring the recent xsrc fixes for CVE-2006-0747, CVE-2006-1861, and CVE-2006-2661.
author: snj <snj> 2006-06-06 07:51:29 +0000
committer: snj <snj> 2006-06-06 07:51:29 +0000
commit: d364d6c27bac764a5f51cb21266fd6ad3be73af7 (patch)
tree: b2c4e242b98b5223d598d84a8cc4137976b80fe0 /graphics/freetype2/patches/patch-ah
parent: 4f22d4aa10caf3b3d4d6f1c4be2e7749ba118841 (diff)
download: pkgsrc-d364d6c27bac764a5f51cb21266fd6ad3be73af7.tar.gz
1 files changed, 32 insertions, 0 deletions
diff --git a/graphics/freetype2/patches/patch-ah b/graphics/freetype2/patches/patch-ah
new file mode 100644
index 00000000000..3422ce8e90a
--- /dev/null
+++ b/graphics/freetype2/patches/patch-ah
@@ -0,0 +1,32 @@
+$NetBSD: patch-ah,v 1.1.2.1 2006/06/06 07:51:29 snj Exp $
+
+--- src/cff/cffload.c.orig	2005-05-06 07:49:46.000000000 +0200
++++ src/cff/cffload.c	2006-06-05 23:34:29.000000000 +0200
+@@ -1235,7 +1235,7 @@
+       }
+ 
+       /* access element */
+-      if ( off1 )
++      if ( off1 && off2 > off1 )
+       {
+         *pbyte_len = off2 - off1;
+ 
+@@ -1688,6 +1688,8 @@
+ 
+       for ( i = 0; i < num_glyphs; i++ )
+         charset->cids[charset->sids[i]] = (FT_UShort)i;
++
++      charset->max_cid = max_cid;
+     }
+ 
+   Exit:
+@@ -2042,6 +2044,9 @@
+         goto Exit;
+     }
+ 
++    /* ensure that 'num_blue_values' is even */
++    priv->num_blue_values &= ~1;
++
+     /* read the local subrs, if any */
+     if ( priv->local_subrs_offset )
+     {
author	snj <snj>	2006-06-06 07:51:29 +0000
committer	snj <snj>	2006-06-06 07:51:29 +0000
commit	d364d6c27bac764a5f51cb21266fd6ad3be73af7 (patch)
tree	b2c4e242b98b5223d598d84a8cc4137976b80fe0 /graphics/freetype2/patches/patch-ah
parent	4f22d4aa10caf3b3d4d6f1c4be2e7749ba118841 (diff)
download	pkgsrc-d364d6c27bac764a5f51cb21266fd6ad3be73af7.tar.gz