head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.10 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.2.0.6 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.4 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.2 pkgsrc-2008Q4:1.1.0.26 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.24 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.22 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.20 pkgsrc-2008Q2-base:1.1 pkgsrc-2008Q1:1.1.0.18 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.16 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.14 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.12 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.10 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.8 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.6 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.4 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.2; locks; strict; comment @# @; 1.3 date 2009.11.23.12.01.58; author drochner; state dead; branches; next 1.2; 1.2 date 2009.05.02.19.44.51; author tnn; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2006.06.06.07.51.29; author snj; state dead; branches 1.1.2.1 1.1.10.1; next ; 1.2.2.1 date 2009.05.02.19.44.51; author spz; state dead; branches; next 1.2.2.2; 1.2.2.2 date 2009.05.03.14.16.41; author spz; state Exp; branches; next ; 1.1.2.1 date 2006.06.06.07.51.29; author snj; state Exp; branches; next ; 1.1.10.1 date 2007.05.19.17.54.53; author salo; state Exp; branches; next ; desc @@ 1.3 log @update to 2.3.11 This is a bugfix release for the 2.3 series, which brings considerable improvements for b/w rasterizing of hinted TrueType fonts at small sizes. All users should upgrade. @ text @$NetBSD: patch-ad,v 1.2 2009/05/02 19:44:51 tnn Exp $ http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 diff --git a/src/cff/cffload.c b/src/cff/cffload.c index 22163fb..24b899d 100644 --- src/cff/cffload.c +++ src/cff/cffload.c @@@@ -842,7 +842,20 @@@@ goto Exit; for ( j = 1; j < num_glyphs; j++ ) - charset->sids[j] = FT_GET_USHORT(); + { + FT_UShort sid = FT_GET_USHORT(); + + + /* this constant is given in the CFF specification */ + if ( sid < 65000 ) + charset->sids[j] = sid; + else + { + FT_ERROR(( "cff_charset_load:" + " invalid SID value %d set to zero\n", sid )); + charset->sids[j] = 0; + } + } FT_FRAME_EXIT(); } @@@@ -875,6 +888,20 @@@@ goto Exit; } + /* check whether the range contains at least one valid glyph; */ + /* the constant is given in the CFF specification */ + if ( glyph_sid >= 65000 ) { + FT_ERROR(( "cff_charset_load: invalid SID range\n" )); + error = CFF_Err_Invalid_File_Format; + goto Exit; + } + + /* try to rescue some of the SIDs if `nleft' is too large */ + if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) { + FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" )); + nleft = 65000 - 1 - glyph_sid; + } + /* Fill in the range of sids -- `nleft + 1' glyphs. */ for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ ) charset->sids[j] = glyph_sid; -- cgit v0.8.2.1 @ 1.2 log @patch-[a-d]: Upstream patches for CVE-2009-0946. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.2.2.1 log @file patch-ad was added on branch pkgsrc-2009Q1 on 2009-05-03 14:16:41 +0000 @ text @d1 53 @ 1.2.2.2 log @Pullup ticket 2755 and 2758 - requested by tnn Security fix Revisions pulled up: - pkgsrc/graphics/freetype2/Makefile 1.69 - pkgsrc/graphics/freetype2/distinfo 1.31 - pkgsrc/graphics/freetype2/patches/patch-aa 1.17 - pkgsrc/graphics/freetype2/patches/patch-ab 1.12 - pkgsrc/graphics/freetype2/patches/patch-ac 1.4 - pkgsrc/graphics/freetype2/patches/patch-ad 1.2 Module Name: pkgsrc Committed By: drochner Date: Thu Apr 16 20:26:26 UTC 2009 Modified Files: pkgsrc/graphics/freetype2: Makefile distinfo Removed Files: pkgsrc/graphics/freetype2/patches: patch-aa Log Message: update to 2.3.9 changes: -important bugfixes -improved CID support There was an ABI breakage between 2.3.7 and 2.3.8 which was reverted in 2.3.9. The public 'PS_FontInfoRec' structure was expanded and then shrunk. Applications compiled against 2.3.8 should work fine with 2.3.9. Applications compiled against the new 2.3.9 can theoretically exhibit problems if run against a 2.3.8 binary, if some PS_FontInfo stuff is used. See the freetype release notes for details. I didn't find any suspects for now. If one is found, it should be changed to require 2.3.9, and PKGREV bumped. To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 pkgsrc/graphics/freetype2/Makefile cvs rdiff -u -r1.29 -r1.30 pkgsrc/graphics/freetype2/distinfo cvs rdiff -u -r1.15 -r0 pkgsrc/graphics/freetype2/patches/patch-aa Date: Sat, 2 May 2009 19:44:51 +0000 From: Tobias Nygren To: pkgsrc-changes@@NetBSD.org Subject: CVS commit: pkgsrc/graphics/freetype2 Module Name: pkgsrc Committed By: tnn Date: Sat May 2 19:44:51 UTC 2009 Modified Files: pkgsrc/graphics/freetype2: Makefile distinfo Added Files: pkgsrc/graphics/freetype2/patches: patch-aa patch-ab patch-ac patch-ad Log Message: patch-[a-d]: Upstream patches for CVE-2009-0946. Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.69 pkgsrc/graphics/freetype2/Makefile cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/freetype2/distinfo cvs rdiff -u -r0 -r1.17 pkgsrc/graphics/freetype2/patches/patch-aa cvs rdiff -u -r0 -r1.12 pkgsrc/graphics/freetype2/patches/patch-ab cvs rdiff -u -r0 -r1.4 pkgsrc/graphics/freetype2/patches/patch-ac cvs rdiff -u -r0 -r1.2 pkgsrc/graphics/freetype2/patches/patch-ad @ text @a0 53 $NetBSD: patch-ad,v 1.2 2009/05/02 19:44:51 tnn Exp $ http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 diff --git a/src/cff/cffload.c b/src/cff/cffload.c index 22163fb..24b899d 100644 --- src/cff/cffload.c +++ src/cff/cffload.c @@@@ -842,7 +842,20 @@@@ goto Exit; for ( j = 1; j < num_glyphs; j++ ) - charset->sids[j] = FT_GET_USHORT(); + { + FT_UShort sid = FT_GET_USHORT(); + + + /* this constant is given in the CFF specification */ + if ( sid < 65000 ) + charset->sids[j] = sid; + else + { + FT_ERROR(( "cff_charset_load:" + " invalid SID value %d set to zero\n", sid )); + charset->sids[j] = 0; + } + } FT_FRAME_EXIT(); } @@@@ -875,6 +888,20 @@@@ goto Exit; } + /* check whether the range contains at least one valid glyph; */ + /* the constant is given in the CFF specification */ + if ( glyph_sid >= 65000 ) { + FT_ERROR(( "cff_charset_load: invalid SID range\n" )); + error = CFF_Err_Invalid_File_Format; + goto Exit; + } + + /* try to rescue some of the SIDs if `nleft' is too large */ + if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) { + FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" )); + nleft = 65000 - 1 - glyph_sid; + } + /* Fill in the range of sids -- `nleft + 1' glyphs. */ for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ ) charset->sids[j] = glyph_sid; -- cgit v0.8.2.1 @ 1.1 log @file patch-ad was initially added on branch pkgsrc-2006Q1. @ text @d1 53 @ 1.1.10.1 log @Pullup ticket 2091 - requested by tron security fix for freetype2 Updated via patch provided by the submitter. Module Name: pkgsrc Committed By: tron Date: Sat May 19 16:25:27 UTC 2007 Added Files: pkgsrc/graphics/freetype2/patches: patch-aa Log Message: Apply patch from CVS repository to fix the security vulnerability reported in CVE-2007-2754. Bump package revision. @ text @a0 34 $NetBSD$ --- src/truetype/ttgload.c.orig 2007-04-09 09:25:09.000000000 +0100 +++ src/truetype/ttgload.c 2007-05-19 17:15:42.000000000 +0100 @@@@ -271,7 +271,11 @@@@ n_points = 0; if ( n_contours > 0 ) + { n_points = cont[-1] + 1; + if ( n_points < 0 ) + goto Invalid_Outline; + } /* note that we will add four phantom points later */ error = FT_GLYPHLOADER_CHECK_POINTS( gloader, n_points + 4, 0 ); @@@@ -682,7 +686,7 @@@@ FT_GlyphLoader gloader = loader->gloader; FT_Error error = TT_Err_Ok; FT_Outline* outline; - FT_UInt n_points; + FT_Int n_points; outline = &gloader->current.outline; @@@@ -709,7 +713,7 @@@@ /* Deltas apply to the unscaled data. */ FT_Vector* deltas; FT_Memory memory = loader->face->memory; - FT_UInt i; + FT_Int i; error = TT_Vary_Get_Glyph_Deltas( (TT_Face)(loader->face), @ 1.1.2.1 log @Pullup ticket 1686 - requested by salo security fix for freetype2 Apply patch from salo, mirroring the recent xsrc fixes for CVE-2006-0747, CVE-2006-1861, and CVE-2006-2661. @ text @a0 48 $NetBSD$ --- src/base/ftutil.c.orig 2005-03-03 23:59:06.000000000 +0100 +++ src/base/ftutil.c 2006-06-05 23:18:40.000000000 +0200 @@@@ -52,6 +52,8 @@@@ FT_Long size, void* *P ) { + FT_Error error = FT_Err_Ok; + FT_ASSERT( P != 0 ); if ( size > 0 ) @@@@ -67,6 +69,11 @@@@ } FT_MEM_ZERO( *P, size ); } + else if (size < 0) + { + /* may help catch/prevent nasty security issues */ + error = FT_Err_Invalid_Argument; + } else *P = NULL; @@@@ -74,7 +81,7 @@@@ FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n", size, *P, P )); - return FT_Err_Ok; + return error; } @@@@ -127,8 +134,12 @@@@ if ( !*P ) return FT_Alloc( memory, size, P ); + if (size < 0 || current < 0) + { + return FT_Err_Invalid_Argument; + } + else if ( size == 0 ) /* if the new block if zero-sized, clear the current one */ - if ( size <= 0 ) { FT_Free( memory, P ); return FT_Err_Ok; @