Commit Graph

38 Commits

Author SHA1 Message Date
matthieu
f99cf4f7a6 Fix for CVE-2011-0226 from Freetype git repository. 2011-07-18 21:15:33 +00:00
matthieu
f6c615f075 Update to freetype 2.4.5. Tested by many. 2011-07-18 20:29:56 +00:00
matthieu
21087514c1 Update to freetype 2.4.4. Tested by shadchin@, ajacoutot@, krw@. 2010-12-19 16:08:12 +00:00
matthieu
4aee46235d Security MFC for CVE-2010-3855
commit 59eb9f8cfe7d1df379a2318316d1f04f80fba54a
Author: Werner Lemberg <wl@gnu.org>
Date:   Tue Oct 12 07:49:17 2010 +0200

    Fix Savannah bug #31310.

    * src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against
    invalid `runcnt' values.
2010-11-06 16:46:57 +00:00
matthieu
625c5107a5 MFC security fix for CVE-2010-3814
commit 0edf0986f3be570f5bf90ff245a85c1675f5c9a4
Author: Werner Lemberg <wl@gnu.org>
Date:   Wed Oct 6 11:52:27 2010 +0200

    [truetype] Improve error handling of `SHZ' bytecode instruction.
    Problem reported by Chris Evans <scarybeasts@gmail.com>.

    * src/truetype/ttinterp.c (Ins_SHZ): Check `last_point'.
2010-11-06 16:45:49 +00:00
matthieu
bfe3d87ade Update to freetype 2.4.3. Tested at least by krw@, ajacoutot@ and jasper@ 2010-10-23 19:30:16 +00:00
matthieu
45438d0119 Update to freetype 2.4.2. This has been in snapshots for a while
and tested explicitely by ajacoutot@ jasper@, jcs@, krw@ and others
on various architectures.
2010-09-01 19:14:23 +00:00
matthieu
2b3e93e33b patches from Freetype.org for the security issues found by Robert Swiecki:
CVE-2010-2497 freetype integer underflow
CVE-2010-2498 freetype invalid free
CVE-2010-2499 freetype buffer overflow
CVE-2010-2500 freetype integer overflow
CVE-2010-2519 freetype heap buffer overflow
CVE-2010-2520 freetype buffer overflow on heap
2010-07-17 14:06:43 +00:00
matthieu
d9a92f27a6 use INSTALL_DATA in BSD Makefiles. ok oga@ 2010-05-08 14:15:29 +00:00
matthieu
54193b0f27 Missing resurected files in freetype 2.3.12 2010-03-25 20:53:34 +00:00
matthieu
1be5fe96c1 Update to freetpe 2.3.12. Tested against ports by naddy@. 2010-03-25 20:49:53 +00:00
matthieu
df0647377b Update to freetpe 2.3.12. Tested against ports by naddy@. 2010-03-25 20:32:36 +00:00
matthieu
164d06ad38 Fixes for CVE-2009-0946 from freetype2 git repository:
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
attackers to execute arbitrary code via vectors related to large values
in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
and (3) cff/cffload.c.
Plus one additional fix for malformed compressed data.
2009-04-27 07:11:16 +00:00
matthieu
e2d272f607 put libz back into Libs:. Fixes vax linking. 2009-03-26 19:04:00 +00:00
matthieu
703afbb0a2 update to freetype-docs 2.3.9 2009-03-26 07:36:34 +00:00
matthieu
8a907a311b Update to Freetype 2.3.9.
Bump major to be safe.
Small arm assembler fix in ftconfig.h by drahn@
2009-03-26 07:31:44 +00:00
matthieu
87859a9c26 Update to Freetype 2.3.8. Tested by jsg@. 2009-03-10 20:28:33 +00:00
matthieu
f8e0dbd0cd Update to Freetype 2.3.7. This is a bug fix release. No API change. 2008-08-21 05:09:08 +00:00
matthieu
6f11b80c67 Update to freetype 2.3.6.
Contains security fixes for CVE-2008-1806, CVE-2008-1807 and CVE-2008-1808.
Tested by many.
2008-06-22 17:37:35 +00:00
matthieu
1969f0b7b1 Don't hard-code sizeof(long) in ftconfig.h. Fixes 64bit architectures.
Problem noticed by sturm@.
2007-11-24 15:48:33 +00:00
matthieu
8f07cc07fd Use buils/unix/ftsystem.c instead of the generic ANSI C one, which
doesn't set CLOSE_ON_EXEC on files descriptors opened by freetype.
Fixes a fd leak reported by kurt@. Tested by naddy@ and others.
2007-10-27 07:09:48 +00:00
matthieu
3c28b922f5 More bits for freetype 2.3.5 2007-09-08 16:59:03 +00:00
matthieu
f4cb73c397 Merge freetype 2.3.5. Tested by naddy@ and mbalmer@. 2007-09-08 16:39:54 +00:00
matthieu
f731f6acb5 import freetype 2.3.5 2007-09-08 16:28:30 +00:00
matthieu
e51592142f fix two instances XORG_PREFIX that escaped renaming to X11BASE. 2007-05-29 15:37:57 +00:00
matthieu
15235d0d22 Fix for CVE-2007-2754: integer overflow that can lead to an heap overflow.
Discovered by Victor Stinner. Patch from Freetype repository.
2007-05-25 01:23:29 +00:00
matthieu
8c80956fab Don't include debugging symbols. 2007-04-07 15:37:50 +00:00
david
0440c6780f fix $OpenBSD$ RCS tags; ok matthieu@ 2007-04-04 22:30:55 +00:00
todd
517a55a2c5 bdf CVE-2007-1351
BDFFont Parsing Integer Overflow Vulnerability

The discoverer of this vulnerability wishes to remain anonymous.

from matthieu@
2007-04-04 02:51:57 +00:00
matthieu
77cb7f251b Revert local debug stuff that wasn't meant to be committed. 2007-03-25 13:22:40 +00:00
matthieu
00a847b3f8 regen with libtool 1.5.22p9 2007-03-25 13:02:54 +00:00
matthieu
d94e76056c Missed a sed substitution for freetype2.pc.
Noticed by Frederick C. Druseikis, thanks.
2006-12-23 10:42:41 +00:00
matthieu
6a5579f8e8 Make 'obj' now can make symlinks to /usr/obj/xenocara (or any other
directory designed by XENOCARA_OBJDIR in /etc/mk.conf).
2006-12-02 16:28:48 +00:00
matthieu
111eb3bc11 Disable profiled libs. 2006-11-29 18:03:09 +00:00
matthieu
b455532e54 $Xenocara$ -> $OpenBSD$ 2006-11-27 19:56:35 +00:00
matthieu
a6d8ae2911 ${DIST} is gone. 2006-11-27 00:27:52 +00:00
matthieu
f956426aeb build infrastructure and OpenBSD customisation for Freetype 2.2.1 2006-11-26 11:54:18 +00:00
matthieu
68f868c8f6 Import freetype 2.2.1 2006-11-25 18:44:16 +00:00