diff options
Diffstat (limited to 'graphics')
-rw-r--r-- | graphics/freetype2/Makefile | 5 | ||||
-rw-r--r-- | graphics/freetype2/distinfo | 10 | ||||
-rw-r--r-- | graphics/freetype2/patches/patch-ab | 24 | ||||
-rw-r--r-- | graphics/freetype2/patches/patch-ac | 23 |
4 files changed, 56 insertions, 6 deletions
diff --git a/graphics/freetype2/Makefile b/graphics/freetype2/Makefile index 77a9ae494f1..44077eaa23b 100644 --- a/graphics/freetype2/Makefile +++ b/graphics/freetype2/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.74 2010/08/08 16:06:02 tnn Exp $ +# $NetBSD: Makefile,v 1.74.2.1 2010/12/19 03:47:00 sbd Exp $ -DISTNAME= freetype-2.4.2 +DISTNAME= freetype-2.4.3 PKGNAME= ${DISTNAME:S/-/2-/} +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \ ftp://ring.aist.go.jp/pub/graphics/freetype/freetype2/ diff --git a/graphics/freetype2/distinfo b/graphics/freetype2/distinfo index 4b7b4f938fe..b13a006c3e7 100644 --- a/graphics/freetype2/distinfo +++ b/graphics/freetype2/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.36 2010/08/08 16:06:02 tnn Exp $ +$NetBSD: distinfo,v 1.36.2.1 2010/12/19 03:47:00 sbd Exp $ -SHA1 (freetype-2.4.2.tar.bz2) = cc257ceda2950b8c80950d780ccf3ce665a815d1 -RMD160 (freetype-2.4.2.tar.bz2) = 5e3970f3a9e242255489111f77fe880d5d524860 -Size (freetype-2.4.2.tar.bz2) = 1433843 bytes +SHA1 (freetype-2.4.3.tar.bz2) = 16e5ba0ff23b2de372149a790b7245a762022912 +RMD160 (freetype-2.4.3.tar.bz2) = befa7c66a9574c682b45d69a1088d072d8f119d9 +Size (freetype-2.4.3.tar.bz2) = 1437406 bytes SHA1 (patch-aa) = 85bf9979802e04345a9f5ac3ada2cac9520dabcb +SHA1 (patch-ab) = fd2823043c3bf1488529167a56af69ecd036a920 +SHA1 (patch-ac) = bbd59b48a7827eb5e9c4905572f13b789a2d9c88 diff --git a/graphics/freetype2/patches/patch-ab b/graphics/freetype2/patches/patch-ab new file mode 100644 index 00000000000..03c80f71087 --- /dev/null +++ b/graphics/freetype2/patches/patch-ab @@ -0,0 +1,24 @@ +$NetBSD: patch-ab,v 1.15.2.2 2010/12/19 03:47:00 sbd Exp $ + +CVE-2010-3855 + +--- src/truetype/ttgxvar.c.orig 2010-07-12 19:03:49.000000000 +0000 ++++ src/truetype/ttgxvar.c +@@ -154,7 +154,7 @@ + runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK; + first = points[i++] = FT_GET_USHORT(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + /* first point not included in runcount */ +@@ -165,7 +165,7 @@ + { + first = points[i++] = FT_GET_BYTE(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + for ( j = 0; j < runcnt; ++j ) diff --git a/graphics/freetype2/patches/patch-ac b/graphics/freetype2/patches/patch-ac new file mode 100644 index 00000000000..bf7155e2961 --- /dev/null +++ b/graphics/freetype2/patches/patch-ac @@ -0,0 +1,23 @@ +$NetBSD: patch-ac,v 1.6.2.2 2010/12/19 03:47:00 sbd Exp $ + +CVE-2010-3814 + +--- src/truetype/ttinterp.c.orig 2010-10-01 06:08:19.000000000 +0000 ++++ src/truetype/ttinterp.c +@@ -5795,7 +5795,16 @@ + if ( CUR.GS.gep2 == 0 && CUR.zp2.n_points > 0 ) + last_point = (FT_UShort)( CUR.zp2.n_points - 1 ); + else if ( CUR.GS.gep2 == 1 && CUR.zp2.n_contours > 0 ) ++ { + last_point = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] ); ++ ++ if ( BOUNDS( last_point, CUR.zp2.n_points ) ) ++ { ++ if ( CUR.pedantic_hinting ) ++ CUR.error = TT_Err_Invalid_Reference; ++ return; ++ } ++ } + else + last_point = 0; + |