Date: Sat, 18 Apr 2009 09:55:39 +0000 (UTC) From: Martin Wilke <miwi@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/print/freetype2 Makefile ports/print/freetype2/files patch-src-cff_cffload.c patch-src-lzw_ftzopen.c patch-src-sfnt_ttcmap.c patch-src-smooth_ftsmooth.c Message-ID: <200904180955.n3I9tdmX000242@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
miwi 2009-04-18 09:55:39 UTC
FreeBSD ports repository
Modified files:
print/freetype2 Makefile
Added files:
print/freetype2/files patch-src-cff_cffload.c
patch-src-lzw_ftzopen.c
patch-src-sfnt_ttcmap.c
patch-src-smooth_ftsmooth.c
Log:
- Fix security problems
Note:
An integer overflow error within the "cff_charset_compute_cids()"
function in cff/cffload.c can be exploited to potentially cause
a heap-based buffer overflow via a specially crafted font.
Multiple integer overflow errors within validation functions in
sfnt/ttcmap.c can be exploited to bypass length validations and
potentially cause buffer overflows via specially crafted fonts.
An integer overflow error within the "ft_smooth_render_generic()"
function in smooth/ftsmooth.c can be exploited to potentially cause
a heap-based buffer overflow via a specially crafted font.
Approved by: portmgr (pav)
Obtained from: freetype git repo
Security: http://www.vuxml.org/freebsd/20b4f284-2bfc-11de-bdeb-0030843d3802.html
Revision Changes Path
1.85 +1 -0 ports/print/freetype2/Makefile
1.1 +47 -0 ports/print/freetype2/files/patch-src-cff_cffload.c (new)
1.1 +14 -0 ports/print/freetype2/files/patch-src-lzw_ftzopen.c (new)
1.1 +52 -0 ports/print/freetype2/files/patch-src-sfnt_ttcmap.c (new)
1.1 +27 -0 ports/print/freetype2/files/patch-src-smooth_ftsmooth.c (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904180955.n3I9tdmX000242>