Apply patch from CVS repository to fix the security vulnerability

reported in CVE-2007-2754. Bump package revision.
This commit is contained in:
tron 2007-05-19 16:24:48 +00:00
parent c7bc2fe5bf
commit 83a2d61224
3 changed files with 38 additions and 2 deletions

View file

@ -1,7 +1,8 @@
# $NetBSD: Makefile,v 1.59 2007/04/10 16:55:31 drochner Exp $
# $NetBSD: Makefile,v 1.60 2007/05/19 16:24:48 tron Exp $
DISTNAME= freetype-2.3.4
PKGNAME= ${DISTNAME:S/-/2-/}
PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=freetype/} \
ftp://ftp.freetype.org/freetype/freetype2/ \

View file

@ -1,5 +1,6 @@
$NetBSD: distinfo,v 1.23 2007/04/10 16:55:31 drochner Exp $
$NetBSD: distinfo,v 1.24 2007/05/19 16:24:49 tron Exp $
SHA1 (freetype-2.3.4.tar.bz2) = 09b8f5ecbb3e06a14cc1c2f2dc7c04fe34c48eca
RMD160 (freetype-2.3.4.tar.bz2) = 23b641c0b6e6102449e6f2512a131743d8836321
Size (freetype-2.3.4.tar.bz2) = 1277929 bytes
SHA1 (patch-aa) = fbade879cbcea9c7169d70eeba517a84f6b2a160

View file

@ -0,0 +1,34 @@
$NetBSD: patch-aa,v 1.11 2007/05/19 16:25:26 tron Exp $
--- src/truetype/ttgload.c.orig 2007-04-09 09:25:09.000000000 +0100
+++ src/truetype/ttgload.c 2007-05-19 17:15:42.000000000 +0100
@@ -271,7 +271,11 @@
n_points = 0;
if ( n_contours > 0 )
+ {
n_points = cont[-1] + 1;
+ if ( n_points < 0 )
+ goto Invalid_Outline;
+ }
/* note that we will add four phantom points later */
error = FT_GLYPHLOADER_CHECK_POINTS( gloader, n_points + 4, 0 );
@@ -682,7 +686,7 @@
FT_GlyphLoader gloader = loader->gloader;
FT_Error error = TT_Err_Ok;
FT_Outline* outline;
- FT_UInt n_points;
+ FT_Int n_points;
outline = &gloader->current.outline;
@@ -709,7 +713,7 @@
/* Deltas apply to the unscaled data. */
FT_Vector* deltas;
FT_Memory memory = loader->face->memory;
- FT_UInt i;
+ FT_Int i;
error = TT_Vary_Get_Glyph_Deltas( (TT_Face)(loader->face),