summaryrefslogtreecommitdiff
path: root/graphics/freetype2
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2007-04-05 16:29:38 +0000
committerdrochner <drochner@pkgsrc.org>2007-04-05 16:29:38 +0000
commit6268358eda017e59c2b7eab422ab9c9cc4508052 (patch)
treedca3e3c3a1a82695a11a4b9b164dae79369e54d9 /graphics/freetype2
parentc37ef2529ea499e32557df0d4c016981f95e2c56 (diff)
downloadpkgsrc-6268358eda017e59c2b7eab422ab9c9cc4508052.tar.gz
pull in a patch from freetype CVS:
* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128 gracefully. (_bdf_set_default_spacing): Increase `name' buffer size to 256 and issue an error for longer names. (_bdf_parse_glyphs): Limit allowed number of glyphs in font to the number of code points in Unicode. This fixes CVE-2007-1351.
Diffstat (limited to 'graphics/freetype2')
-rw-r--r--graphics/freetype2/Makefile3
-rw-r--r--graphics/freetype2/distinfo3
-rw-r--r--graphics/freetype2/patches/patch-ac55
3 files changed, 59 insertions, 2 deletions
diff --git a/graphics/freetype2/Makefile b/graphics/freetype2/Makefile
index 6fc3b0c762e..324aa05b86b 100644
--- a/graphics/freetype2/Makefile
+++ b/graphics/freetype2/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.57 2007/03/24 12:49:08 drochner Exp $
+# $NetBSD: Makefile,v 1.58 2007/04/05 16:29:38 drochner Exp $
DISTNAME= freetype-2.3.2
+PKGREVISION= 1
PKGNAME= ${DISTNAME:S/-/2-/}
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \
diff --git a/graphics/freetype2/distinfo b/graphics/freetype2/distinfo
index daf542497dc..d462e45f845 100644
--- a/graphics/freetype2/distinfo
+++ b/graphics/freetype2/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.21 2007/03/23 22:09:18 joerg Exp $
+$NetBSD: distinfo,v 1.22 2007/04/05 16:29:38 drochner Exp $
SHA1 (freetype-2.3.2.tar.bz2) = 4188a2ed344ddf89bdb1a054fb441019aa4b143d
RMD160 (freetype-2.3.2.tar.bz2) = e4da77b6f8956d69e57269c5681560beda0ddb27
Size (freetype-2.3.2.tar.bz2) = 1252007 bytes
SHA1 (patch-aa) = 0682e65e006c7b02535034c3e247be676af3b98f
SHA1 (patch-ab) = 257118397011eb68197008842e98b8ef6c96e48d
+SHA1 (patch-ac) = b00c86bf322e2ac6a71a24e27916ca1fa312009b
diff --git a/graphics/freetype2/patches/patch-ac b/graphics/freetype2/patches/patch-ac
new file mode 100644
index 00000000000..74ee4b8532e
--- /dev/null
+++ b/graphics/freetype2/patches/patch-ac
@@ -0,0 +1,55 @@
+$NetBSD: patch-ac,v 1.2 2007/04/05 16:29:38 drochner Exp $
+
+--- src/bdf/bdflib.c.orig 2007-02-12 22:29:20.000000000 +0100
++++ src/bdf/bdflib.c
+@@ -385,8 +385,10 @@
+ } _bdf_parse_t;
+
+
+-#define setsbit( m, cc ) ( m[(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) )
+-#define sbitset( m, cc ) ( m[(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) )
++#define setsbit( m, cc ) \
++ ( m[(FT_Byte)(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) )
++#define sbitset( m, cc ) \
++ ( m[(FT_Byte)(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) )
+
+
+ static void
+@@ -1130,7 +1132,7 @@
+ bdf_options_t* opts )
+ {
+ unsigned long len;
+- char name[128];
++ char name[256];
+ _bdf_list_t list;
+ FT_Memory memory;
+ FT_Error error = BDF_Err_Ok;
+@@ -1149,6 +1151,13 @@
+ font->spacing = opts->font_spacing;
+
+ len = (unsigned long)( ft_strlen( font->name ) + 1 );
++ /* Limit ourselves to 256 characters in the font name. */
++ if ( len >= 256 )
++ {
++ error = BDF_Err_Invalid_Argument;
++ goto Exit;
++ }
++
+ FT_MEM_COPY( name, font->name, len );
+
+ error = _bdf_list_split( &list, (char *)"-", name, len );
+@@ -1467,6 +1476,14 @@
+ if ( p->cnt == 0 )
+ font->glyphs_size = 64;
+
++ /* Limit ourselves to 1,114,112 glyphs in the font (this is the */
++ /* number of code points available in Unicode). */
++ if ( p->cnt >= 1114112UL )
++ {
++ error = BDF_Err_Invalid_Argument;
++ goto Exit;
++ }
++
+ if ( FT_NEW_ARRAY( font->glyphs, font->glyphs_size ) )
+ goto Exit;
+