pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2009Q1]: pkgsrc/graphics/freetype2 Pullup ticket 2755 and 2758...
details: https://anonhg.NetBSD.org/pkgsrc/rev/f668e02de949
branches: pkgsrc-2009Q1
changeset: 556804:f668e02de949
user: spz <spz%pkgsrc.org@localhost>
date: Sun May 03 14:16:41 2009 +0000
description:
Pullup ticket 2755 and 2758 - requested by tnn
Security fix
Revisions pulled up:
- pkgsrc/graphics/freetype2/Makefile 1.69
- pkgsrc/graphics/freetype2/distinfo 1.31
- pkgsrc/graphics/freetype2/patches/patch-aa 1.17
- pkgsrc/graphics/freetype2/patches/patch-ab 1.12
- pkgsrc/graphics/freetype2/patches/patch-ac 1.4
- pkgsrc/graphics/freetype2/patches/patch-ad 1.2
Module Name: pkgsrc
Committed By: drochner
Date: Thu Apr 16 20:26:26 UTC 2009
Modified Files:
pkgsrc/graphics/freetype2: Makefile distinfo
Removed Files:
pkgsrc/graphics/freetype2/patches: patch-aa
Log Message:
update to 2.3.9
changes:
-important bugfixes
-improved CID support
There was an ABI breakage between 2.3.7 and 2.3.8 which was reverted
in 2.3.9. The public 'PS_FontInfoRec' structure was expanded and
then shrunk. Applications compiled against 2.3.8 should work fine
with 2.3.9. Applications compiled against the new 2.3.9 can
theoretically exhibit problems if run against a 2.3.8 binary, if
some PS_FontInfo stuff is used. See the freetype release notes
for details. I didn't find any suspects for now. If one is found,
it should be changed to require 2.3.9, and PKGREV bumped.
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/graphics/freetype2/distinfo
cvs rdiff -u -r1.15 -r0 pkgsrc/graphics/freetype2/patches/patch-aa
Date: Sat, 2 May 2009 19:44:51 +0000
From: Tobias Nygren <tnn%netbsd.org@localhost>
To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/freetype2
Module Name: pkgsrc
Committed By: tnn
Date: Sat May 2 19:44:51 UTC 2009
Modified Files:
pkgsrc/graphics/freetype2: Makefile distinfo
Added Files:
pkgsrc/graphics/freetype2/patches: patch-aa patch-ab patch-ac
patch-ad
Log Message:
patch-[a-d]: Upstream patches for CVE-2009-0946.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/freetype2/distinfo
cvs rdiff -u -r0 -r1.17 pkgsrc/graphics/freetype2/patches/patch-aa
cvs rdiff -u -r0 -r1.12 pkgsrc/graphics/freetype2/patches/patch-ab
cvs rdiff -u -r0 -r1.4 pkgsrc/graphics/freetype2/patches/patch-ac
cvs rdiff -u -r0 -r1.2 pkgsrc/graphics/freetype2/patches/patch-ad
diffstat:
graphics/freetype2/Makefile | 5 +-
graphics/freetype2/distinfo | 13 +++++---
graphics/freetype2/patches/patch-aa | 47 ++++++++++++++++++-----------
graphics/freetype2/patches/patch-ab | 58 +++++++++++++++++++++++++++++++++++++
graphics/freetype2/patches/patch-ac | 20 ++++++++++++
graphics/freetype2/patches/patch-ad | 53 +++++++++++++++++++++++++++++++++
6 files changed, 171 insertions(+), 25 deletions(-)
diffs (230 lines):
diff -r 8ae6e7741aca -r f668e02de949 graphics/freetype2/Makefile
--- a/graphics/freetype2/Makefile Sun May 03 12:32:01 2009 +0000
+++ b/graphics/freetype2/Makefile Sun May 03 14:16:41 2009 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.67 2009/01/27 19:29:32 drochner Exp $
+# $NetBSD: Makefile,v 1.67.2.1 2009/05/03 14:16:41 spz Exp $
-DISTNAME= freetype-2.3.8
+DISTNAME= freetype-2.3.9
PKGNAME= ${DISTNAME:S/-/2-/}
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \
ftp://ring.aist.go.jp/pub/graphics/freetype/freetype2/
diff -r 8ae6e7741aca -r f668e02de949 graphics/freetype2/distinfo
--- a/graphics/freetype2/distinfo Sun May 03 12:32:01 2009 +0000
+++ b/graphics/freetype2/distinfo Sun May 03 14:16:41 2009 +0000
@@ -1,6 +1,9 @@
-$NetBSD: distinfo,v 1.29 2009/01/27 19:29:32 drochner Exp $
+$NetBSD: distinfo,v 1.29.2.1 2009/05/03 14:16:41 spz Exp $
-SHA1 (freetype-2.3.8.tar.bz2) = 0a15d4498139c6743c0ea388c40aaf40cafd4f44
-RMD160 (freetype-2.3.8.tar.bz2) = e460e8a3aed21727973ac4add4ac8be70ac18534
-Size (freetype-2.3.8.tar.bz2) = 1343318 bytes
-SHA1 (patch-aa) = 655e8ddd41774e86f7307e62589bb3da2351bf4c
+SHA1 (freetype-2.3.9.tar.bz2) = db08969cb5053879ff9e973fe6dd2c52c7ea2d4e
+RMD160 (freetype-2.3.9.tar.bz2) = c0351c2a3f43e64d26d2a964b1131a3dbf2fa162
+Size (freetype-2.3.9.tar.bz2) = 1363190 bytes
+SHA1 (patch-aa) = a203699d1734eaa97aea6898bb527cf5ee6a09b1
+SHA1 (patch-ab) = da1c8894476fd6d7123e8718d2b36072c98e5e72
+SHA1 (patch-ac) = 9ec38f8b41652737a9474cc358d44ba1e2a4a54a
+SHA1 (patch-ad) = 556c116b7e80fc0633cca50d8923d183ac1762c3
diff -r 8ae6e7741aca -r f668e02de949 graphics/freetype2/patches/patch-aa
--- a/graphics/freetype2/patches/patch-aa Sun May 03 12:32:01 2009 +0000
+++ b/graphics/freetype2/patches/patch-aa Sun May 03 14:16:41 2009 +0000
@@ -1,22 +1,33 @@
-$NetBSD: patch-aa,v 1.15 2009/01/27 19:29:32 drochner Exp $
+$NetBSD: patch-aa,v 1.15.2.1 2009/05/03 14:16:41 spz Exp $
+
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
---- src/truetype/ttinterp.c.orig 2008-11-29 22:36:18.000000000 +0100
-+++ src/truetype/ttinterp.c
-@@ -5099,7 +5099,7 @@
- return;
+diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c
+index a6db504..cacc490 100644
+--- src/smooth/ftsmooth.c
++++ src/smooth/ftsmooth.c
+@@ -153,7 +153,7 @@
+ slot->internal->flags &= ~FT_GLYPH_OWN_BITMAP;
}
-- if ( ( args[0] & 0x100 ) != 0 && CUR.tt_metrics.ppem < A )
-+ if ( ( args[0] & 0x100 ) != 0 && CUR.tt_metrics.ppem <= A )
- CUR.GS.scan_control = TRUE;
+- /* allocate new one, depends on pixel format */
++ /* allocate new one */
+ pitch = width;
+ if ( hmul )
+ {
+@@ -194,6 +194,13 @@
+
+ #endif
- if ( ( args[0] & 0x200 ) != 0 && CUR.tt_metrics.rotated )
-@@ -5108,7 +5108,7 @@
- if ( ( args[0] & 0x400 ) != 0 && CUR.tt_metrics.stretched )
- CUR.GS.scan_control = TRUE;
-
-- if ( ( args[0] & 0x800 ) != 0 && CUR.tt_metrics.ppem >= A )
-+ if ( ( args[0] & 0x800 ) != 0 && CUR.tt_metrics.ppem > A )
- CUR.GS.scan_control = FALSE;
-
- if ( ( args[0] & 0x1000 ) != 0 && CUR.tt_metrics.rotated )
++ if ( pitch > 0xFFFF || height > 0xFFFF )
++ {
++ FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n",
++ width, height ));
++ return Smooth_Err_Raster_Overflow;
++ }
++
+ bitmap->pixel_mode = FT_PIXEL_MODE_GRAY;
+ bitmap->num_grays = 256;
+ bitmap->width = width;
+--
+cgit v0.8.2.1
diff -r 8ae6e7741aca -r f668e02de949 graphics/freetype2/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/freetype2/patches/patch-ab Sun May 03 14:16:41 2009 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-ab,v 1.12.2.2 2009/05/03 14:16:41 spz Exp $
+
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
+
+diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c
+index 6830391..1bd2ce7 100644
+--- src/sfnt/ttcmap.c
++++ src/sfnt/ttcmap.c
+@@ -1635,7 +1635,7 @@
+ FT_INVALID_TOO_SHORT;
+
+ length = TT_NEXT_ULONG( p );
+- if ( table + length > valid->limit || length < 8208 )
++ if ( length > (FT_UInt32)( valid->limit - table ) || length < 8192 + 16 )
+ FT_INVALID_TOO_SHORT;
+
+ is32 = table + 12;
+@@ -1863,7 +1863,8 @@
+ p = table + 16;
+ count = TT_NEXT_ULONG( p );
+
+- if ( table + length > valid->limit || length < 20 + count * 2 )
++ if ( length > (FT_ULong)( valid->limit - table ) ||
++ length < 20 + count * 2 )
+ FT_INVALID_TOO_SHORT;
+
+ /* check glyph indices */
+@@ -2048,7 +2049,8 @@
+ p = table + 12;
+ num_groups = TT_NEXT_ULONG( p );
+
+- if ( table + length > valid->limit || length < 16 + 12 * num_groups )
++ if ( length > (FT_ULong)( valid->limit - table ) ||
++ length < 16 + 12 * num_groups )
+ FT_INVALID_TOO_SHORT;
+
+ /* check groups, they must be in increasing order */
+@@ -2429,7 +2431,8 @@
+ FT_ULong num_selectors = TT_NEXT_ULONG( p );
+
+
+- if ( table + length > valid->limit || length < 10 + 11 * num_selectors )
++ if ( length > (FT_ULong)( valid->limit - table ) ||
++ length < 10 + 11 * num_selectors )
+ FT_INVALID_TOO_SHORT;
+
+ /* check selectors, they must be in increasing order */
+@@ -2491,7 +2494,7 @@
+ FT_ULong i, lastUni = 0;
+
+
+- if ( ndp + numMappings * 4 > valid->limit )
++ if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) )
+ FT_INVALID_TOO_SHORT;
+
+ for ( i = 0; i < numMappings; ++i )
+--
+cgit v0.8.2.1
diff -r 8ae6e7741aca -r f668e02de949 graphics/freetype2/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/freetype2/patches/patch-ac Sun May 03 14:16:41 2009 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ac,v 1.4.2.2 2009/05/03 14:16:41 spz Exp $
+
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596
+
+diff --git a/src/lzw/ftzopen.c b/src/lzw/ftzopen.c
+index fc78315..c0483de 100644
+--- src/lzw/ftzopen.c
++++ src/lzw/ftzopen.c
+@@ -332,6 +332,9 @@
+
+ while ( code >= 256U )
+ {
++ if ( !state->prefix )
++ goto Eof;
++
+ FTLZW_STACK_PUSH( state->suffix[code - 256] );
+ code = state->prefix[code - 256];
+ }
+--
+cgit v0.8.2.1
diff -r 8ae6e7741aca -r f668e02de949 graphics/freetype2/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/freetype2/patches/patch-ad Sun May 03 14:16:41 2009 +0000
@@ -0,0 +1,53 @@
+$NetBSD: patch-ad,v 1.2.2.2 2009/05/03 14:16:41 spz Exp $
+
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
+
+diff --git a/src/cff/cffload.c b/src/cff/cffload.c
+index 22163fb..24b899d 100644
+--- src/cff/cffload.c
++++ src/cff/cffload.c
+@@ -842,7 +842,20 @@
+ goto Exit;
+
+ for ( j = 1; j < num_glyphs; j++ )
+- charset->sids[j] = FT_GET_USHORT();
++ {
++ FT_UShort sid = FT_GET_USHORT();
++
++
++ /* this constant is given in the CFF specification */
++ if ( sid < 65000 )
++ charset->sids[j] = sid;
++ else
++ {
++ FT_ERROR(( "cff_charset_load:"
++ " invalid SID value %d set to zero\n", sid ));
++ charset->sids[j] = 0;
++ }
++ }
+
+ FT_FRAME_EXIT();
+ }
+@@ -875,6 +888,20 @@
+ goto Exit;
+ }
+
++ /* check whether the range contains at least one valid glyph; */
++ /* the constant is given in the CFF specification */
++ if ( glyph_sid >= 65000 ) {
++ FT_ERROR(( "cff_charset_load: invalid SID range\n" ));
++ error = CFF_Err_Invalid_File_Format;
++ goto Exit;
++ }
++
++ /* try to rescue some of the SIDs if `nleft' is too large */
++ if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) {
++ FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" ));
++ nleft = 65000 - 1 - glyph_sid;
++ }
++
+ /* Fill in the range of sids -- `nleft + 1' glyphs. */
+ for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ )
+ charset->sids[j] = glyph_sid;
+--
+cgit v0.8.2.1
Home |
Main Index |
Thread Index |
Old Index