Commit Graph

44 Commits

Author SHA1 Message Date
matthieu
a8e93b57ed Update to freetype 2.4.9
Another round of fixes to better handle invalid fonts.   Many of
them are vulnerabilities  (see CVE-2012-1126 up to CVE-2012-1144
and SA48320).
2012-04-14 09:45:45 +00:00
matthieu
976f735d21 Update to freetype 2.4.8. Security update fixing CVE-2011-3439 2011-11-19 11:32:45 +00:00
matthieu
db0c239acc Commit the last bit of freetype 2.4.6 which I previously hold back,
since it changes the metrics of some TrueType fonts. Users of DejaVu
at small sizes in xterm can use the 'scaleHeight' resource to
restore the previous vertical spacing (with xterm 276 and later).
Tested on a wide set of ports by ajachoutot@, naddy@, krw@ shadchin@.
2011-11-16 21:18:14 +00:00
matthieu
41e9e340b9 Update for freetype 2.4.7. 2011-11-13 22:34:37 +00:00
matthieu
12dde70adc Update to freetype 2.4.7.
This moslty is a bug-fix release for CVE-2011-3256.
2011-10-30 10:14:50 +00:00
matthieu
6b773761c7 Update to freetype 2.4.6.
For now, omit the patch to ttdriver.c that changes some font metrics and
appearance of applications using TrueType fonts. Will revisit once the
issue is solved.
2011-09-28 19:01:21 +00:00
matthieu
f99cf4f7a6 Fix for CVE-2011-0226 from Freetype git repository. 2011-07-18 21:15:33 +00:00
matthieu
f6c615f075 Update to freetype 2.4.5. Tested by many. 2011-07-18 20:29:56 +00:00
matthieu
21087514c1 Update to freetype 2.4.4. Tested by shadchin@, ajacoutot@, krw@. 2010-12-19 16:08:12 +00:00
matthieu
4aee46235d Security MFC for CVE-2010-3855
commit 59eb9f8cfe7d1df379a2318316d1f04f80fba54a
Author: Werner Lemberg <wl@gnu.org>
Date:   Tue Oct 12 07:49:17 2010 +0200

    Fix Savannah bug #31310.

    * src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against
    invalid `runcnt' values.
2010-11-06 16:46:57 +00:00
matthieu
625c5107a5 MFC security fix for CVE-2010-3814
commit 0edf0986f3be570f5bf90ff245a85c1675f5c9a4
Author: Werner Lemberg <wl@gnu.org>
Date:   Wed Oct 6 11:52:27 2010 +0200

    [truetype] Improve error handling of `SHZ' bytecode instruction.
    Problem reported by Chris Evans <scarybeasts@gmail.com>.

    * src/truetype/ttinterp.c (Ins_SHZ): Check `last_point'.
2010-11-06 16:45:49 +00:00
matthieu
bfe3d87ade Update to freetype 2.4.3. Tested at least by krw@, ajacoutot@ and jasper@ 2010-10-23 19:30:16 +00:00
matthieu
45438d0119 Update to freetype 2.4.2. This has been in snapshots for a while
and tested explicitely by ajacoutot@ jasper@, jcs@, krw@ and others
on various architectures.
2010-09-01 19:14:23 +00:00
matthieu
2b3e93e33b patches from Freetype.org for the security issues found by Robert Swiecki:
CVE-2010-2497 freetype integer underflow
CVE-2010-2498 freetype invalid free
CVE-2010-2499 freetype buffer overflow
CVE-2010-2500 freetype integer overflow
CVE-2010-2519 freetype heap buffer overflow
CVE-2010-2520 freetype buffer overflow on heap
2010-07-17 14:06:43 +00:00
matthieu
d9a92f27a6 use INSTALL_DATA in BSD Makefiles. ok oga@ 2010-05-08 14:15:29 +00:00
matthieu
54193b0f27 Missing resurected files in freetype 2.3.12 2010-03-25 20:53:34 +00:00
matthieu
1be5fe96c1 Update to freetpe 2.3.12. Tested against ports by naddy@. 2010-03-25 20:49:53 +00:00
matthieu
df0647377b Update to freetpe 2.3.12. Tested against ports by naddy@. 2010-03-25 20:32:36 +00:00
matthieu
164d06ad38 Fixes for CVE-2009-0946 from freetype2 git repository:
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
attackers to execute arbitrary code via vectors related to large values
in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
and (3) cff/cffload.c.
Plus one additional fix for malformed compressed data.
2009-04-27 07:11:16 +00:00
matthieu
e2d272f607 put libz back into Libs:. Fixes vax linking. 2009-03-26 19:04:00 +00:00
matthieu
703afbb0a2 update to freetype-docs 2.3.9 2009-03-26 07:36:34 +00:00
matthieu
8a907a311b Update to Freetype 2.3.9.
Bump major to be safe.
Small arm assembler fix in ftconfig.h by drahn@
2009-03-26 07:31:44 +00:00
matthieu
87859a9c26 Update to Freetype 2.3.8. Tested by jsg@. 2009-03-10 20:28:33 +00:00
matthieu
f8e0dbd0cd Update to Freetype 2.3.7. This is a bug fix release. No API change. 2008-08-21 05:09:08 +00:00
matthieu
6f11b80c67 Update to freetype 2.3.6.
Contains security fixes for CVE-2008-1806, CVE-2008-1807 and CVE-2008-1808.
Tested by many.
2008-06-22 17:37:35 +00:00
matthieu
1969f0b7b1 Don't hard-code sizeof(long) in ftconfig.h. Fixes 64bit architectures.
Problem noticed by sturm@.
2007-11-24 15:48:33 +00:00
matthieu
8f07cc07fd Use buils/unix/ftsystem.c instead of the generic ANSI C one, which
doesn't set CLOSE_ON_EXEC on files descriptors opened by freetype.
Fixes a fd leak reported by kurt@. Tested by naddy@ and others.
2007-10-27 07:09:48 +00:00
matthieu
3c28b922f5 More bits for freetype 2.3.5 2007-09-08 16:59:03 +00:00
matthieu
f4cb73c397 Merge freetype 2.3.5. Tested by naddy@ and mbalmer@. 2007-09-08 16:39:54 +00:00
matthieu
f731f6acb5 import freetype 2.3.5 2007-09-08 16:28:30 +00:00
matthieu
e51592142f fix two instances XORG_PREFIX that escaped renaming to X11BASE. 2007-05-29 15:37:57 +00:00
matthieu
15235d0d22 Fix for CVE-2007-2754: integer overflow that can lead to an heap overflow.
Discovered by Victor Stinner. Patch from Freetype repository.
2007-05-25 01:23:29 +00:00
matthieu
8c80956fab Don't include debugging symbols. 2007-04-07 15:37:50 +00:00
david
0440c6780f fix $OpenBSD$ RCS tags; ok matthieu@ 2007-04-04 22:30:55 +00:00
todd
517a55a2c5 bdf CVE-2007-1351
BDFFont Parsing Integer Overflow Vulnerability

The discoverer of this vulnerability wishes to remain anonymous.

from matthieu@
2007-04-04 02:51:57 +00:00
matthieu
77cb7f251b Revert local debug stuff that wasn't meant to be committed. 2007-03-25 13:22:40 +00:00
matthieu
00a847b3f8 regen with libtool 1.5.22p9 2007-03-25 13:02:54 +00:00
matthieu
d94e76056c Missed a sed substitution for freetype2.pc.
Noticed by Frederick C. Druseikis, thanks.
2006-12-23 10:42:41 +00:00
matthieu
6a5579f8e8 Make 'obj' now can make symlinks to /usr/obj/xenocara (or any other
directory designed by XENOCARA_OBJDIR in /etc/mk.conf).
2006-12-02 16:28:48 +00:00
matthieu
111eb3bc11 Disable profiled libs. 2006-11-29 18:03:09 +00:00
matthieu
b455532e54 $Xenocara$ -> $OpenBSD$ 2006-11-27 19:56:35 +00:00
matthieu
a6d8ae2911 ${DIST} is gone. 2006-11-27 00:27:52 +00:00
matthieu
f956426aeb build infrastructure and OpenBSD customisation for Freetype 2.2.1 2006-11-26 11:54:18 +00:00
matthieu
68f868c8f6 Import freetype 2.2.1 2006-11-25 18:44:16 +00:00