CVS commit: xsrc/external/mit/freetype/dist/src

[matthew green <mrg%netbsd.org@localhost>]

Module Name:    xsrc
Committed By:   mrg
Date:           Wed May 13 17:08:24 UTC 2009

Modified Files:
        xsrc/external/mit/freetype/dist/src/cff: cffload.c
        xsrc/external/mit/freetype/dist/src/lzw: ftzopen.c
        xsrc/external/mit/freetype/dist/src/sfnt: ttcmap.c
        xsrc/external/mit/freetype/dist/src/smooth: ftsmooth.c

Log Message:
apply fixes from CVE-2009-0946:

Description
Multiple integer overflows in FreeType 2.3.9 and earlier allow
remote attackers to execute arbitrary code via vectors related
to large values in certain inputs in (1) smooth/ftsmooth.c,
(2) sfnt/ttcmap.c, and (3) cff/cffload.c.

# 
CONFIRM:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
# 
CONFIRM:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
# 
CONFIRM:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e

plus: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596

Problem reported by Tavis Ormandy <taviso%google.com@localhost>.
* src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is zero.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.2 \
    xsrc/external/mit/freetype/dist/src/cff/cffload.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
    xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c
cvs rdiff -u -r1.1.1.2 -r1.2 \
    xsrc/external/mit/freetype/dist/src/sfnt/ttcmap.c
cvs rdiff -u -r1.1.1.2 -r1.2 \
    xsrc/external/mit/freetype/dist/src/smooth/ftsmooth.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.