[pkgsrc/pkgsrc-2007Q1]: pkgsrc/graphics/freetype2 Pullup ticket 2091 - reques...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d4cbf7ffbc12
branches:  pkgsrc-2007Q1
changeset: 527384:d4cbf7ffbc12
user:      salo <salo%pkgsrc.org@localhost>
date:      Sat May 19 17:54:52 2007 +0000

description:
Pullup ticket 2091 - requested by tron
security fix for freetype2

Updated via patch provided by the submitter.

   Module Name:         pkgsrc
   Committed By:        tron
   Date:                Sat May 19 16:25:27 UTC 2007

   Added Files:
        pkgsrc/graphics/freetype2/patches: patch-aa

   Log Message:
   Apply patch from CVS repository to fix the security vulnerability
   reported in CVE-2007-2754. Bump package revision.

diffstat:

 graphics/freetype2/Makefile         |   4 ++--
 graphics/freetype2/distinfo         |   3 ++-
 graphics/freetype2/patches/patch-ad |  34 ++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 3 deletions(-)

diffs (65 lines):

diff -r 083e9fbeb0f5 -r d4cbf7ffbc12 graphics/freetype2/Makefile
--- a/graphics/freetype2/Makefile       Wed May 16 21:21:18 2007 +0000
+++ b/graphics/freetype2/Makefile       Sat May 19 17:54:52 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2007/04/05 16:29:38 drochner Exp $
+# $NetBSD: Makefile,v 1.58.2.1 2007/05/19 17:54:52 salo Exp $
 
 DISTNAME=      freetype-2.3.2
-PKGREVISION=   1
+PKGREVISION=   2
 PKGNAME=       ${DISTNAME:S/-/2-/}
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=freetype/} \
diff -r 083e9fbeb0f5 -r d4cbf7ffbc12 graphics/freetype2/distinfo
--- a/graphics/freetype2/distinfo       Wed May 16 21:21:18 2007 +0000
+++ b/graphics/freetype2/distinfo       Sat May 19 17:54:52 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2007/04/05 16:29:38 drochner Exp $
+$NetBSD: distinfo,v 1.22.2.1 2007/05/19 17:54:53 salo Exp $
 
 SHA1 (freetype-2.3.2.tar.bz2) = 4188a2ed344ddf89bdb1a054fb441019aa4b143d
 RMD160 (freetype-2.3.2.tar.bz2) = e4da77b6f8956d69e57269c5681560beda0ddb27
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 0682e65e006c7b02535034c3e247be676af3b98f
 SHA1 (patch-ab) = 257118397011eb68197008842e98b8ef6c96e48d
 SHA1 (patch-ac) = b00c86bf322e2ac6a71a24e27916ca1fa312009b
+SHA1 (patch-ad) = fbade879cbcea9c7169d70eeba517a84f6b2a160
diff -r 083e9fbeb0f5 -r d4cbf7ffbc12 graphics/freetype2/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/freetype2/patches/patch-ad       Sat May 19 17:54:52 2007 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-ad,v 1.1.10.1 2007/05/19 17:54:53 salo Exp $
+
+--- src/truetype/ttgload.c.orig        2007-04-09 09:25:09.000000000 +0100
++++ src/truetype/ttgload.c     2007-05-19 17:15:42.000000000 +0100
+@@ -271,7 +271,11 @@
+ 
+     n_points = 0;
+     if ( n_contours > 0 )
++    {
+       n_points = cont[-1] + 1;
++      if ( n_points < 0 )
++        goto Invalid_Outline;
++    }
+ 
+     /* note that we will add four phantom points later */
+     error = FT_GLYPHLOADER_CHECK_POINTS( gloader, n_points + 4, 0 );
+@@ -682,7 +686,7 @@
+     FT_GlyphLoader  gloader = loader->gloader;
+     FT_Error        error   = TT_Err_Ok;
+     FT_Outline*     outline;
+-    FT_UInt         n_points;
++    FT_Int          n_points;
+ 
+ 
+     outline  = &gloader->current.outline;
+@@ -709,7 +713,7 @@
+       /* Deltas apply to the unscaled data. */
+       FT_Vector*  deltas;
+       FT_Memory   memory = loader->face->memory;
+-      FT_UInt     i;
++      FT_Int      i;
+ 
+ 
+       error = TT_Vary_Get_Glyph_Deltas( (TT_Face)(loader->face),