From owner-svn-ports-branches@FreeBSD.ORG Sun Mar 9 10:23:41 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BBFA1EA2; Sun, 9 Mar 2014 10:23:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9D398623; Sun, 9 Mar 2014 10:23:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s29ANfsS086580; Sun, 9 Mar 2014 10:23:41 GMT (envelope-from kwm@svn.freebsd.org) Received: (from kwm@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s29ANeRY086577; Sun, 9 Mar 2014 10:23:40 GMT (envelope-from kwm@svn.freebsd.org) Message-Id: <201403091023.s29ANeRY086577@svn.freebsd.org> From: Koop Mast Date: Sun, 9 Mar 2014 10:23:40 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r347562 - in branches/2014Q1: print/freetype2 print/freetype2/files security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2014 10:23:41 -0000 Author: kwm Date: Sun Mar 9 10:23:40 2014 New Revision: 347562 URL: http://svnweb.freebsd.org/changeset/ports/347562 QAT: https://qat.redports.org/buildarchive/r347562/ Log: Add patches to fix security issue. This is done via direct commit, because the freetype2 update to 2.5.3 isn't mergeable due to freetype header shuffle which happend in 2.5.1. Tweak the freetype2 version in the vuxml to point to the fix version. Approved by: portmgr (antoine@, erwin@) Obtained from: freetype2 upstream Security: 1a0de610-a761-11e3-95fe-bcaec565249c Added: branches/2014Q1/print/freetype2/files/patch-41697 (contents, props changed) Modified: branches/2014Q1/print/freetype2/Makefile branches/2014Q1/security/vuxml/vuln.xml Modified: branches/2014Q1/print/freetype2/Makefile ============================================================================== --- branches/2014Q1/print/freetype2/Makefile Sun Mar 9 09:51:32 2014 (r347561) +++ branches/2014Q1/print/freetype2/Makefile Sun Mar 9 10:23:40 2014 (r347562) @@ -4,6 +4,7 @@ PORTNAME= freetype2 PORTVERSION= 2.5.0.1 +PORTREVISION= 1 CATEGORIES= print MASTER_SITES= SF/freetype/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9]+\.[0-9]+).*/\1/}/ \ http://sunsite.cnlab-switch.ch/ftp/mirror/freetype/freetype2/ \ Added: branches/2014Q1/print/freetype2/files/patch-41697 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q1/print/freetype2/files/patch-41697 Sun Mar 9 10:23:40 2014 (r347562) @@ -0,0 +1,113 @@ +From 0eae6eb0645264c98812f0095e0f5df4541830e6 Mon Sep 17 00:00:00 2001 +From: Dave Arnold +Date: Fri, 28 Feb 2014 06:40:01 +0000 +Subject: Fix Savannah bug #41697, part 1. + +* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is +invalid. In this case, it is not safe to use the length of +`hStemHintArray'; the exception has already been recorded in +`hintMask'. +--- +diff --git a/ChangeLog b/ChangeLog +index 2010fda..1f48e24 100644 +--- ChangeLog ++++ ChangeLog +@@ -1,3 +1,12 @@ ++2014-02-28 Dave Arnold ++ ++ [cff] Fix Savannah bug #41697, part 1. ++ ++ * src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is ++ invalid. In this case, it is not safe to use the length of ++ `hStemHintArray'; the exception has already been recorded in ++ `hintMask'. ++ + 2014-02-26 Werner Lemberg + + [sfnt] Fix Savannah bug #41696. +diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c +index 5f44161..79f84fc 100644 +--- src/cff/cf2hints.c ++++ src/cff/cf2hints.c +@@ -781,6 +781,8 @@ + cf2_hintmask_setAll( hintMask, + cf2_arrstack_size( hStemHintArray ) + + cf2_arrstack_size( vStemHintArray ) ); ++ if ( !cf2_hintmask_isValid( hintMask ) ) ++ return; /* too many stem hints */ + } + + /* begin by clearing the map */ +-- +cgit v0.9.0.2 +From 135c3faebb96f8f550bd4f318716f2e1e095a969 Mon Sep 17 00:00:00 2001 +From: Dave Arnold +Date: Fri, 28 Feb 2014 06:42:42 +0000 +Subject: Fix Savannah bug #41697, part 2. + +* src/cff/cf2ft.c (cf2_initLocalRegionBuffer, +cf2_initGlobalRegionBuffer): It is possible for a charstring to call +a subroutine if no subroutines exist. This is an error but should +not trigger an assert. Split the assert to account for this. +--- +diff --git a/ChangeLog b/ChangeLog +index 1f48e24..164aa6b 100644 +--- ChangeLog ++++ ChangeLog +@@ -1,5 +1,14 @@ + 2014-02-28 Dave Arnold + ++ [cff] Fix Savannah bug #41697, part 2. ++ ++ * src/cff/cf2ft.c (cf2_initLocalRegionBuffer, ++ cf2_initGlobalRegionBuffer): It is possible for a charstring to call ++ a subroutine if no subroutines exist. This is an error but should ++ not trigger an assert. Split the assert to account for this. ++ ++2014-02-28 Dave Arnold ++ + [cff] Fix Savannah bug #41697, part 1. + + * src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is +diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c +index df5f8fb..82bac75 100644 +--- src/cff/cf2ft.c ++++ src/cff/cf2ft.c +@@ -521,7 +521,7 @@ + CF2_UInt idx, + CF2_Buffer buf ) + { +- FT_ASSERT( decoder && decoder->globals ); ++ FT_ASSERT( decoder ); + + FT_ZERO( buf ); + +@@ -529,6 +529,8 @@ + if ( idx >= decoder->num_globals ) + return TRUE; /* error */ + ++ FT_ASSERT( decoder->globals ); ++ + buf->start = + buf->ptr = decoder->globals[idx]; + buf->end = decoder->globals[idx + 1]; +@@ -594,7 +596,7 @@ + CF2_UInt idx, + CF2_Buffer buf ) + { +- FT_ASSERT( decoder && decoder->locals ); ++ FT_ASSERT( decoder ); + + FT_ZERO( buf ); + +@@ -602,6 +604,8 @@ + if ( idx >= decoder->num_locals ) + return TRUE; /* error */ + ++ FT_ASSERT( decoder->locals ); ++ + buf->start = + buf->ptr = decoder->locals[idx]; + buf->end = decoder->locals[idx + 1]; +-- +cgit v0.9.0.2 Modified: branches/2014Q1/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q1/security/vuxml/vuln.xml Sun Mar 9 09:51:32 2014 (r347561) +++ branches/2014Q1/security/vuxml/vuln.xml Sun Mar 9 10:23:40 2014 (r347562) @@ -56,7 +56,7 @@ Note: Please add new entries to the beg freetype2 - 2.5.3 + 2.5.0.1_1