pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/freetype2 pull in a patch from freetype CVS:
details: https://anonhg.NetBSD.org/pkgsrc/rev/16c1a4a78c0a
branches: trunk
changeset: 527315:16c1a4a78c0a
user: drochner <drochner%pkgsrc.org@localhost>
date: Thu Apr 05 16:29:38 2007 +0000
description:
pull in a patch from freetype CVS:
* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
gracefully.
(_bdf_set_default_spacing): Increase `name' buffer size to 256 and
issue an error for longer names.
(_bdf_parse_glyphs): Limit allowed number of glyphs in font to the
number of code points in Unicode.
This fixes CVE-2007-1351.
diffstat:
graphics/freetype2/Makefile | 3 +-
graphics/freetype2/distinfo | 3 +-
graphics/freetype2/patches/patch-ac | 55 +++++++++++++++++++++++++++++++++++++
3 files changed, 59 insertions(+), 2 deletions(-)
diffs (84 lines):
diff -r edc9ee42cafa -r 16c1a4a78c0a graphics/freetype2/Makefile
--- a/graphics/freetype2/Makefile Thu Apr 05 16:21:37 2007 +0000
+++ b/graphics/freetype2/Makefile Thu Apr 05 16:29:38 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.57 2007/03/24 12:49:08 drochner Exp $
+# $NetBSD: Makefile,v 1.58 2007/04/05 16:29:38 drochner Exp $
DISTNAME= freetype-2.3.2
+PKGREVISION= 1
PKGNAME= ${DISTNAME:S/-/2-/}
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \
diff -r edc9ee42cafa -r 16c1a4a78c0a graphics/freetype2/distinfo
--- a/graphics/freetype2/distinfo Thu Apr 05 16:21:37 2007 +0000
+++ b/graphics/freetype2/distinfo Thu Apr 05 16:29:38 2007 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.21 2007/03/23 22:09:18 joerg Exp $
+$NetBSD: distinfo,v 1.22 2007/04/05 16:29:38 drochner Exp $
SHA1 (freetype-2.3.2.tar.bz2) = 4188a2ed344ddf89bdb1a054fb441019aa4b143d
RMD160 (freetype-2.3.2.tar.bz2) = e4da77b6f8956d69e57269c5681560beda0ddb27
Size (freetype-2.3.2.tar.bz2) = 1252007 bytes
SHA1 (patch-aa) = 0682e65e006c7b02535034c3e247be676af3b98f
SHA1 (patch-ab) = 257118397011eb68197008842e98b8ef6c96e48d
+SHA1 (patch-ac) = b00c86bf322e2ac6a71a24e27916ca1fa312009b
diff -r edc9ee42cafa -r 16c1a4a78c0a graphics/freetype2/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/freetype2/patches/patch-ac Thu Apr 05 16:29:38 2007 +0000
@@ -0,0 +1,55 @@
+$NetBSD: patch-ac,v 1.2 2007/04/05 16:29:38 drochner Exp $
+
+--- src/bdf/bdflib.c.orig 2007-02-12 22:29:20.000000000 +0100
++++ src/bdf/bdflib.c
+@@ -385,8 +385,10 @@
+ } _bdf_parse_t;
+
+
+-#define setsbit( m, cc ) ( m[(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) )
+-#define sbitset( m, cc ) ( m[(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) )
++#define setsbit( m, cc ) \
++ ( m[(FT_Byte)(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) )
++#define sbitset( m, cc ) \
++ ( m[(FT_Byte)(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) )
+
+
+ static void
+@@ -1130,7 +1132,7 @@
+ bdf_options_t* opts )
+ {
+ unsigned long len;
+- char name[128];
++ char name[256];
+ _bdf_list_t list;
+ FT_Memory memory;
+ FT_Error error = BDF_Err_Ok;
+@@ -1149,6 +1151,13 @@
+ font->spacing = opts->font_spacing;
+
+ len = (unsigned long)( ft_strlen( font->name ) + 1 );
++ /* Limit ourselves to 256 characters in the font name. */
++ if ( len >= 256 )
++ {
++ error = BDF_Err_Invalid_Argument;
++ goto Exit;
++ }
++
+ FT_MEM_COPY( name, font->name, len );
+
+ error = _bdf_list_split( &list, (char *)"-", name, len );
+@@ -1467,6 +1476,14 @@
+ if ( p->cnt == 0 )
+ font->glyphs_size = 64;
+
++ /* Limit ourselves to 1,114,112 glyphs in the font (this is the */
++ /* number of code points available in Unicode). */
++ if ( p->cnt >= 1114112UL )
++ {
++ error = BDF_Err_Invalid_Argument;
++ goto Exit;
++ }
++
+ if ( FT_NEW_ARRAY( font->glyphs, font->glyphs_size ) )
+ goto Exit;
+
Home |
Main Index |
Thread Index |
Old Index