summaryrefslogtreecommitdiff
path: root/graphics
diff options
context:
space:
mode:
Diffstat (limited to 'graphics')
-rw-r--r--graphics/freetype2/Makefile5
-rw-r--r--graphics/freetype2/distinfo10
-rw-r--r--graphics/freetype2/patches/patch-ab24
-rw-r--r--graphics/freetype2/patches/patch-ac23
4 files changed, 56 insertions, 6 deletions
diff --git a/graphics/freetype2/Makefile b/graphics/freetype2/Makefile
index 77a9ae494f1..44077eaa23b 100644
--- a/graphics/freetype2/Makefile
+++ b/graphics/freetype2/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.74 2010/08/08 16:06:02 tnn Exp $
+# $NetBSD: Makefile,v 1.74.2.1 2010/12/19 03:47:00 sbd Exp $
-DISTNAME= freetype-2.4.2
+DISTNAME= freetype-2.4.3
PKGNAME= ${DISTNAME:S/-/2-/}
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \
ftp://ring.aist.go.jp/pub/graphics/freetype/freetype2/
diff --git a/graphics/freetype2/distinfo b/graphics/freetype2/distinfo
index 4b7b4f938fe..b13a006c3e7 100644
--- a/graphics/freetype2/distinfo
+++ b/graphics/freetype2/distinfo
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.36 2010/08/08 16:06:02 tnn Exp $
+$NetBSD: distinfo,v 1.36.2.1 2010/12/19 03:47:00 sbd Exp $
-SHA1 (freetype-2.4.2.tar.bz2) = cc257ceda2950b8c80950d780ccf3ce665a815d1
-RMD160 (freetype-2.4.2.tar.bz2) = 5e3970f3a9e242255489111f77fe880d5d524860
-Size (freetype-2.4.2.tar.bz2) = 1433843 bytes
+SHA1 (freetype-2.4.3.tar.bz2) = 16e5ba0ff23b2de372149a790b7245a762022912
+RMD160 (freetype-2.4.3.tar.bz2) = befa7c66a9574c682b45d69a1088d072d8f119d9
+Size (freetype-2.4.3.tar.bz2) = 1437406 bytes
SHA1 (patch-aa) = 85bf9979802e04345a9f5ac3ada2cac9520dabcb
+SHA1 (patch-ab) = fd2823043c3bf1488529167a56af69ecd036a920
+SHA1 (patch-ac) = bbd59b48a7827eb5e9c4905572f13b789a2d9c88
diff --git a/graphics/freetype2/patches/patch-ab b/graphics/freetype2/patches/patch-ab
new file mode 100644
index 00000000000..03c80f71087
--- /dev/null
+++ b/graphics/freetype2/patches/patch-ab
@@ -0,0 +1,24 @@
+$NetBSD: patch-ab,v 1.15.2.2 2010/12/19 03:47:00 sbd Exp $
+
+CVE-2010-3855
+
+--- src/truetype/ttgxvar.c.orig 2010-07-12 19:03:49.000000000 +0000
++++ src/truetype/ttgxvar.c
+@@ -154,7 +154,7 @@
+ runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
+ first = points[i++] = FT_GET_USHORT();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ /* first point not included in runcount */
+@@ -165,7 +165,7 @@
+ {
+ first = points[i++] = FT_GET_BYTE();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ for ( j = 0; j < runcnt; ++j )
diff --git a/graphics/freetype2/patches/patch-ac b/graphics/freetype2/patches/patch-ac
new file mode 100644
index 00000000000..bf7155e2961
--- /dev/null
+++ b/graphics/freetype2/patches/patch-ac
@@ -0,0 +1,23 @@
+$NetBSD: patch-ac,v 1.6.2.2 2010/12/19 03:47:00 sbd Exp $
+
+CVE-2010-3814
+
+--- src/truetype/ttinterp.c.orig 2010-10-01 06:08:19.000000000 +0000
++++ src/truetype/ttinterp.c
+@@ -5795,7 +5795,16 @@
+ if ( CUR.GS.gep2 == 0 && CUR.zp2.n_points > 0 )
+ last_point = (FT_UShort)( CUR.zp2.n_points - 1 );
+ else if ( CUR.GS.gep2 == 1 && CUR.zp2.n_contours > 0 )
++ {
+ last_point = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] );
++
++ if ( BOUNDS( last_point, CUR.zp2.n_points ) )
++ {
++ if ( CUR.pedantic_hinting )
++ CUR.error = TT_Err_Invalid_Reference;
++ return;
++ }
++ }
+ else
+ last_point = 0;
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-17 04:08:19 +0000