[pkgsrc/trunk]: pkgsrc/devel/pango Add a patch to fix CVE-2010-0421, DoS secu...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c50f50e17072
branches:  trunk
changeset: 573743:c50f50e17072
user:      taca <taca%pkgsrc.org@localhost>
date:      Sat Mar 27 15:59:33 2010 +0000

description:
Add a patch to fix CVE-2010-0421, DoS security fix.

Bump PKGREVISION.

diffstat:

 devel/pango/Makefile         |   4 ++--
 devel/pango/distinfo         |   3 ++-
 devel/pango/patches/patch-am |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diffs (55 lines):

diff -r 998d553eb3ac -r c50f50e17072 devel/pango/Makefile
--- a/devel/pango/Makefile      Sat Mar 27 13:37:33 2010 +0000
+++ b/devel/pango/Makefile      Sat Mar 27 15:59:33 2010 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.140 2010/02/21 23:51:25 tron Exp $
+# $NetBSD: Makefile,v 1.141 2010/03/27 15:59:33 taca Exp $
 
 DISTNAME=              pango-1.26.2
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            devel fonts
 MASTER_SITES=          ${MASTER_SITE_GNOME:=sources/pango/1.26/}
 EXTRACT_SUFX=          .tar.bz2
diff -r 998d553eb3ac -r c50f50e17072 devel/pango/distinfo
--- a/devel/pango/distinfo      Sat Mar 27 13:37:33 2010 +0000
+++ b/devel/pango/distinfo      Sat Mar 27 15:59:33 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.82 2010/02/21 23:51:25 tron Exp $
+$NetBSD: distinfo,v 1.83 2010/03/27 15:59:33 taca Exp $
 
 SHA1 (pango-1.26.2.tar.bz2) = 051b6f7b5f98a4c8083ef6a5178cb5255a992b98
 RMD160 (pango-1.26.2.tar.bz2) = 6613bddf643d5c912e6656d84c6671aa6ce88a9d
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 1a87d055dc722eff28517a11d0832ae19df5eb59
 SHA1 (patch-ab) = 12c09b12ba31be19fa0d602f89909811e6221bd8
 SHA1 (patch-ae) = 9eb458be84f6dfce27fb469d45cc78e34acd9c36
+SHA1 (patch-am) = dc7387b4da24356a56ab8d07ef0462b6f4b3b209
diff -r 998d553eb3ac -r c50f50e17072 devel/pango/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/pango/patches/patch-am      Sat Mar 27 15:59:33 2010 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-am,v 1.1 2010/03/27 15:59:34 taca Exp $
+
+Fix for CVE-2010-0421.
+
+--- pango/opentype/hb-ot-layout.cc.orig        2009-11-26 00:44:17.000000000 +0000
++++ pango/opentype/hb-ot-layout.cc
+@@ -44,6 +44,8 @@ _hb_ot_layout_init (hb_face_t *face)
+ {
+   hb_ot_layout_t *layout = &face->ot_layout;
+ 
++  memset (layout, 0, sizeof (*layout));
++
+   layout->gdef_blob = Sanitizer<GDEF>::sanitize (hb_face_get_table (face, HB_OT_TAG_GDEF));
+   layout->gdef = &Sanitizer<GDEF>::lock_instance (layout->gdef_blob);
+ 
+@@ -293,7 +295,7 @@ hb_ot_layout_build_glyph_classes (hb_fac
+     return;
+ 
+   if (layout->new_gdef.len == 0) {
+-    layout->new_gdef.klasses = (unsigned char *) calloc (num_total_glyphs, sizeof (unsigned char));
++    layout->new_gdef.klasses = (unsigned char *) calloc (count, sizeof (unsigned char));
+     layout->new_gdef.len = count;
+   }
+