From owner-cvs-all@FreeBSD.ORG  Sat Apr 18 09:55:39 2009
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 829441065670;
	Sat, 18 Apr 2009 09:55:39 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F75B8FC0C;
	Sat, 18 Apr 2009 09:55:39 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n3I9tdIY000243;
	Sat, 18 Apr 2009 09:55:39 GMT
	(envelope-from miwi@repoman.freebsd.org)
Received: (from miwi@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n3I9tdmX000242;
	Sat, 18 Apr 2009 09:55:39 GMT (envelope-from miwi)
Message-Id: <200904180955.n3I9tdmX000242@repoman.freebsd.org>
From: Martin Wilke <miwi@FreeBSD.org>
Date: Sat, 18 Apr 2009 09:55:39 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/print/freetype2 Makefile
 ports/print/freetype2/files
 patch-src-cff_cffload.c patch-src-lzw_ftzopen.c patch-src-sfnt_ttcmap.c
 patch-src-smooth_ftsmooth.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2009 09:55:40 -0000

miwi        2009-04-18 09:55:39 UTC

  FreeBSD ports repository

  Modified files:
    print/freetype2      Makefile 
  Added files:
    print/freetype2/files patch-src-cff_cffload.c 
                          patch-src-lzw_ftzopen.c 
                          patch-src-sfnt_ttcmap.c 
                          patch-src-smooth_ftsmooth.c 
  Log:
  - Fix security problems
  
  Note:
  An integer overflow error within the "cff_charset_compute_cids()"
  function in cff/cffload.c can be exploited to potentially cause
  a heap-based buffer overflow via a specially crafted font.
  
  Multiple integer overflow errors within validation functions in
  sfnt/ttcmap.c can be exploited to bypass length validations and
  potentially cause buffer overflows via specially crafted fonts.
  
  An integer overflow error within the "ft_smooth_render_generic()"
  function in smooth/ftsmooth.c can be exploited to potentially cause
  a heap-based buffer overflow via a specially crafted font.
  
  Approved by:    portmgr (pav)
  Obtained from:  freetype git repo
  Security:       http://www.vuxml.org/freebsd/20b4f284-2bfc-11de-bdeb-0030843d3802.html
  
  Revision  Changes    Path
  1.85      +1 -0      ports/print/freetype2/Makefile
  1.1       +47 -0     ports/print/freetype2/files/patch-src-cff_cffload.c (new)
  1.1       +14 -0     ports/print/freetype2/files/patch-src-lzw_ftzopen.c (new)
  1.1       +52 -0     ports/print/freetype2/files/patch-src-sfnt_ttcmap.c (new)
  1.1       +27 -0     ports/print/freetype2/files/patch-src-smooth_ftsmooth.c (new)