pkgsrc-bugs: pkg/33556: graphics/freetype2 patches to remedy security advisory

Subject: pkg/33556: graphics/freetype2 patches to remedy security advisory
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Mark E. Perkins <perkinsm@bway.net>
List: pkgsrc-bugs
Date: 05/25/2006 23:35:00
>Number:         33556
>Category:       pkg
>Synopsis:       graphics/freetype2 patches to remedy security advisory
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 25 23:35:00 +0000 2006
>Originator:     Mark E. Perkins
>Release:        Darwin 8.6.0 Power Macintosh
>Organization:
>Environment:


System: Darwin crow.fringe.mep 8.6.0 Darwin Kernel Version 8.6.0: Tue Mar  7 16:58:48 PST 2006; root:xnu-792.6.70.obj~1/RELEASE_PPC Power Macintosh


>Description:


I'm getting daily advisories that graphics/freetype2 is vulnerable.


>How-To-Repeat:


Wait 'til tomorrow for the next run of audit-packages... 8)


>Fix:


Patches to Makefile, distinfo, and patches/patch-aa are included below.
Note that patch-aa is no longer necessary, as it was incorporated upstream.

With these changes, this builds for me on Mac OS X 10.4.6


------------------------------ Makefile.patch ------------------------------

--- ../../graphics/freetype2/Makefile   2006-02-25 07:14:24.000000000 -0500
+++ Makefile    2006-05-24 04:36:35.000000000 -0400
@@ -1,8 +1,7 @@
 # $NetBSD: Makefile,v 1.51 2006/02/25 00:35:41 reed Exp $
 
-DISTNAME=      freetype-2.1.10
-PKGNAME=       freetype2-2.1.10
-PKGREVISION=   2
+DISTNAME=      freetype-2.2.1
+PKGNAME=       freetype2-2.2.1
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=freetype/} \
                ftp://ftp.freetype.org/freetype/freetype2/ \


------------------------------ distinfo.patch ------------------------------

--- ../../graphics/freetype2/distinfo   2006-02-25 07:14:24.000000000 -0500
+++ distinfo    2006-05-24 04:47:13.000000000 -0400
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.16 2006/02/25 00:35:41 reed Exp $
+$NetBSD$
 
-SHA1 (freetype-2.1.10.tar.bz2) = f9e5c52e466c3e41483d5d6d44b4f3135a9c4b16
-RMD160 (freetype-2.1.10.tar.bz2) = 3d31d548632f14784283c97ece64c7425efc3975
-Size (freetype-2.1.10.tar.bz2) = 1037107 bytes
-SHA1 (patch-aa) = 0f05ebbb7c1264dd58f01916560278cd4c3dce08
+SHA1 (freetype-2.2.1.tar.bz2) = 4aa7d5ce2198fad586cf09ef7c9d3a6277320167
+RMD160 (freetype-2.2.1.tar.bz2) = 1c7eb4a43501c8fd5e89d0399e184847351ee160
+Size (freetype-2.2.1.tar.bz2) = 1212258 bytes


------------------------------ patches/patch-aa.patch ------------------------------

--- ../../graphics/freetype2/patches/patch-aa   2006-02-24 19:35:41.000000000 -0500
+++ /dev/null   2006-05-25 18:00:37.000000000 -0400
@@ -1,10 +0,0 @@
-$NetBSD: patch-aa,v 1.5 2006/02/25 00:35:41 reed Exp $
-
---- builds/unix/freetype2.in.orig      2006-02-24 15:57:06.000000000 -0800
-+++ builds/unix/freetype2.in   2006-02-24 15:56:38.000000000 -0800
-@@ -8,4 +8,4 @@
- Version: @ft_version@
- Requires:
- Libs: -L${libdir} -lfreetype @LIBZ@
--Cflags: -I${includedir}/freetype2
-+Cflags: -I${includedir}/freetype2 -I${includedir}