Subject: pkg/33556: graphics/freetype2 patches to remedy security advisory
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Mark E. Perkins <perkinsm@bway.net>
List: pkgsrc-bugs
Date: 05/25/2006 23:35:00
>Number: 33556
>Category: pkg
>Synopsis: graphics/freetype2 patches to remedy security advisory
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu May 25 23:35:00 +0000 2006
>Originator: Mark E. Perkins
>Release: Darwin 8.6.0 Power Macintosh
>Organization:
>Environment:
System: Darwin crow.fringe.mep 8.6.0 Darwin Kernel Version 8.6.0: Tue Mar 7 16:58:48 PST 2006; root:xnu-792.6.70.obj~1/RELEASE_PPC Power Macintosh
>Description:
I'm getting daily advisories that graphics/freetype2 is vulnerable.
>How-To-Repeat:
Wait 'til tomorrow for the next run of audit-packages... 8)
>Fix:
Patches to Makefile, distinfo, and patches/patch-aa are included below.
Note that patch-aa is no longer necessary, as it was incorporated upstream.
With these changes, this builds for me on Mac OS X 10.4.6
------------------------------ Makefile.patch ------------------------------
--- ../../graphics/freetype2/Makefile 2006-02-25 07:14:24.000000000 -0500
+++ Makefile 2006-05-24 04:36:35.000000000 -0400
@@ -1,8 +1,7 @@
# $NetBSD: Makefile,v 1.51 2006/02/25 00:35:41 reed Exp $
-DISTNAME= freetype-2.1.10
-PKGNAME= freetype2-2.1.10
-PKGREVISION= 2
+DISTNAME= freetype-2.2.1
+PKGNAME= freetype2-2.2.1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \
ftp://ftp.freetype.org/freetype/freetype2/ \
------------------------------ distinfo.patch ------------------------------
--- ../../graphics/freetype2/distinfo 2006-02-25 07:14:24.000000000 -0500
+++ distinfo 2006-05-24 04:47:13.000000000 -0400
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.16 2006/02/25 00:35:41 reed Exp $
+$NetBSD$
-SHA1 (freetype-2.1.10.tar.bz2) = f9e5c52e466c3e41483d5d6d44b4f3135a9c4b16
-RMD160 (freetype-2.1.10.tar.bz2) = 3d31d548632f14784283c97ece64c7425efc3975
-Size (freetype-2.1.10.tar.bz2) = 1037107 bytes
-SHA1 (patch-aa) = 0f05ebbb7c1264dd58f01916560278cd4c3dce08
+SHA1 (freetype-2.2.1.tar.bz2) = 4aa7d5ce2198fad586cf09ef7c9d3a6277320167
+RMD160 (freetype-2.2.1.tar.bz2) = 1c7eb4a43501c8fd5e89d0399e184847351ee160
+Size (freetype-2.2.1.tar.bz2) = 1212258 bytes
------------------------------ patches/patch-aa.patch ------------------------------
--- ../../graphics/freetype2/patches/patch-aa 2006-02-24 19:35:41.000000000 -0500
+++ /dev/null 2006-05-25 18:00:37.000000000 -0400
@@ -1,10 +0,0 @@
-$NetBSD: patch-aa,v 1.5 2006/02/25 00:35:41 reed Exp $
-
---- builds/unix/freetype2.in.orig 2006-02-24 15:57:06.000000000 -0800
-+++ builds/unix/freetype2.in 2006-02-24 15:56:38.000000000 -0800
-@@ -8,4 +8,4 @@
- Version: @ft_version@
- Requires:
- Libs: -L${libdir} -lfreetype @LIBZ@
--Cflags: -I${includedir}/freetype2
-+Cflags: -I${includedir}/freetype2 -I${includedir}