graphics/freetype2

[Ryo ONODERA <ryo_on%yk.rim.or.jp@localhost>]

Hi,

I think security patch for graphics/freetype2 2.4.10 should be included
into pkgsrc-2012Q4 branch.

How about the attached patches?
They are taken from following pages.

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=309b8b31e0319e659b32a0187fc52e56943882cc
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8ac5c5c8a570fdb9a92e8f811e3ea5b623188ee1
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a

From: "Takahiro Kambe" <taca%NetBSD.org@localhost>, Date: Wed, 26 Dec 2012 
04:25:43 +0000

> Module Name:  pkgsrc
> Committed By: taca
> Date:         Wed Dec 26 04:25:43 UTC 2012
> 
> Modified Files:
>       pkgsrc/doc: TODO
> 
> Log Message:
> + freetype-2.4.11 [security].
> 
> 
> To generate a diff of this commit:
> cvs rdiff -u -r1.11785 -r1.11786 pkgsrc/doc/TODO
> 
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
> 

--
Ryo ONODERA // ryo_on%yk.rim.or.jp@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

$NetBSD$

--- src/base/fttrigon.c.orig    2009-07-31 16:45:18.000000000 +0000
+++ src/base/fttrigon.c
@@ -36,7 +36,7 @@
   };
 
   /* the Cordic shrink factor, multiplied by 2^32 */
-#define FT_TRIG_SCALE    1166391785UL  /* 0x4585BA38UL */
+#define FT_TRIG_SCALE    1166391864UL  /* 0x4585BA38UL */
 
 
 #ifdef FT_CONFIG_HAS_INT64

$NetBSD$

--- src/sfnt/ttload.c.orig      2012-06-14 05:35:58.000000000 +0000
+++ src/sfnt/ttload.c
@@ -1239,11 +1239,11 @@
     num_ranges = face->gasp.numRanges;
     FT_TRACE3(( "numRanges: %u\n", num_ranges ));
 
-    if ( FT_QNEW_ARRAY( gaspranges, num_ranges ) ||
+    if ( FT_QNEW_ARRAY( face->gasp.gaspRanges, num_ranges ) ||
          FT_FRAME_ENTER( num_ranges * 4L )      )
       goto Exit;
 
-    face->gasp.gaspRanges = gaspranges;
+    gaspranges = face->gasp.gaspRanges;
 
     for ( j = 0; j < num_ranges; j++ )
     {

$NetBSD$

--- src/bdf/bdflib.c.orig       2012-06-14 05:35:58.000000000 +0000
+++ src/bdf/bdflib.c
@@ -1624,12 +1624,16 @@
       if ( p->glyph_enc == -1 && p->list.used > 2 )
         p->glyph_enc = _bdf_atol( p->list.field[2], 0, 10 );
 
+      if ( p->glyph_enc < -1 )
+        p->glyph_enc = -1;
+
       FT_TRACE4(( DBGMSG2, p->glyph_enc ));
 
       /* Check that the encoding is in the Unicode range because  */
       /* otherwise p->have (a bitmap with static size) overflows. */
-      if ( p->glyph_enc > 0                               &&
-           (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
+      if ( p->glyph_enc > 0 &&
+          (size_t)p->glyph_enc >= sizeof ( p->have ) /
+              sizeof ( unsigned long ) * 32 )
       {
         FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" ));
         error = BDF_Err_Invalid_File_Format;
@@ -2169,7 +2173,10 @@
       p->cnt = p->font->props_size = _bdf_atoul( p->list.field[1], 0, 10 );
 
       if ( FT_NEW_ARRAY( p->font->props, p->cnt ) )
+      {
+        p->font->props_size = 0;
         goto Exit;
+      }
 
       p->flags |= _BDF_PROPS;
       *next     = _bdf_parse_properties;