matthieu
a8e93b57ed
Update to freetype 2.4.9
...
Another round of fixes to better handle invalid fonts. Many of
them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144
and SA48320).
2012-04-14 09:45:45 +00:00
matthieu
976f735d21
Update to freetype 2.4.8. Security update fixing CVE-2011-3439
2011-11-19 11:32:45 +00:00
matthieu
db0c239acc
Commit the last bit of freetype 2.4.6 which I previously hold back,
...
since it changes the metrics of some TrueType fonts. Users of DejaVu
at small sizes in xterm can use the 'scaleHeight' resource to
restore the previous vertical spacing (with xterm 276 and later).
Tested on a wide set of ports by ajachoutot@, naddy@, krw@ shadchin@.
2011-11-16 21:18:14 +00:00
matthieu
41e9e340b9
Update for freetype 2.4.7.
2011-11-13 22:34:37 +00:00
matthieu
12dde70adc
Update to freetype 2.4.7.
...
This moslty is a bug-fix release for CVE-2011-3256.
2011-10-30 10:14:50 +00:00
matthieu
6b773761c7
Update to freetype 2.4.6.
...
For now, omit the patch to ttdriver.c that changes some font metrics and
appearance of applications using TrueType fonts. Will revisit once the
issue is solved.
2011-09-28 19:01:21 +00:00
matthieu
f99cf4f7a6
Fix for CVE-2011-0226 from Freetype git repository.
2011-07-18 21:15:33 +00:00
matthieu
f6c615f075
Update to freetype 2.4.5. Tested by many.
2011-07-18 20:29:56 +00:00
matthieu
21087514c1
Update to freetype 2.4.4. Tested by shadchin@, ajacoutot@, krw@.
2010-12-19 16:08:12 +00:00
matthieu
4aee46235d
Security MFC for CVE-2010-3855
...
commit 59eb9f8cfe7d1df379a2318316d1f04f80fba54a
Author: Werner Lemberg <wl@gnu.org>
Date: Tue Oct 12 07:49:17 2010 +0200
Fix Savannah bug #31310 .
* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against
invalid `runcnt' values.
2010-11-06 16:46:57 +00:00
matthieu
625c5107a5
MFC security fix for CVE-2010-3814
...
commit 0edf0986f3be570f5bf90ff245a85c1675f5c9a4
Author: Werner Lemberg <wl@gnu.org>
Date: Wed Oct 6 11:52:27 2010 +0200
[truetype] Improve error handling of `SHZ' bytecode instruction.
Problem reported by Chris Evans <scarybeasts@gmail.com>.
* src/truetype/ttinterp.c (Ins_SHZ): Check `last_point'.
2010-11-06 16:45:49 +00:00
matthieu
bfe3d87ade
Update to freetype 2.4.3. Tested at least by krw@, ajacoutot@ and jasper@
2010-10-23 19:30:16 +00:00
matthieu
45438d0119
Update to freetype 2.4.2. This has been in snapshots for a while
...
and tested explicitely by ajacoutot@ jasper@, jcs@, krw@ and others
on various architectures.
2010-09-01 19:14:23 +00:00
matthieu
2b3e93e33b
patches from Freetype.org for the security issues found by Robert Swiecki:
...
CVE-2010-2497 freetype integer underflow
CVE-2010-2498 freetype invalid free
CVE-2010-2499 freetype buffer overflow
CVE-2010-2500 freetype integer overflow
CVE-2010-2519 freetype heap buffer overflow
CVE-2010-2520 freetype buffer overflow on heap
2010-07-17 14:06:43 +00:00
matthieu
d9a92f27a6
use INSTALL_DATA in BSD Makefiles. ok oga@
2010-05-08 14:15:29 +00:00
matthieu
54193b0f27
Missing resurected files in freetype 2.3.12
2010-03-25 20:53:34 +00:00
matthieu
1be5fe96c1
Update to freetpe 2.3.12. Tested against ports by naddy@.
2010-03-25 20:49:53 +00:00
matthieu
df0647377b
Update to freetpe 2.3.12. Tested against ports by naddy@.
2010-03-25 20:32:36 +00:00
matthieu
164d06ad38
Fixes for CVE-2009-0946 from freetype2 git repository:
...
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
attackers to execute arbitrary code via vectors related to large values
in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
and (3) cff/cffload.c.
Plus one additional fix for malformed compressed data.
2009-04-27 07:11:16 +00:00
matthieu
e2d272f607
put libz back into Libs:. Fixes vax linking.
2009-03-26 19:04:00 +00:00
matthieu
703afbb0a2
update to freetype-docs 2.3.9
2009-03-26 07:36:34 +00:00
matthieu
8a907a311b
Update to Freetype 2.3.9.
...
Bump major to be safe.
Small arm assembler fix in ftconfig.h by drahn@
2009-03-26 07:31:44 +00:00
matthieu
87859a9c26
Update to Freetype 2.3.8. Tested by jsg@.
2009-03-10 20:28:33 +00:00
matthieu
f8e0dbd0cd
Update to Freetype 2.3.7. This is a bug fix release. No API change.
2008-08-21 05:09:08 +00:00
matthieu
6f11b80c67
Update to freetype 2.3.6.
...
Contains security fixes for CVE-2008-1806, CVE-2008-1807 and CVE-2008-1808.
Tested by many.
2008-06-22 17:37:35 +00:00
matthieu
1969f0b7b1
Don't hard-code sizeof(long) in ftconfig.h. Fixes 64bit architectures.
...
Problem noticed by sturm@.
2007-11-24 15:48:33 +00:00
matthieu
8f07cc07fd
Use buils/unix/ftsystem.c instead of the generic ANSI C one, which
...
doesn't set CLOSE_ON_EXEC on files descriptors opened by freetype.
Fixes a fd leak reported by kurt@. Tested by naddy@ and others.
2007-10-27 07:09:48 +00:00
matthieu
3c28b922f5
More bits for freetype 2.3.5
2007-09-08 16:59:03 +00:00
matthieu
f4cb73c397
Merge freetype 2.3.5. Tested by naddy@ and mbalmer@.
2007-09-08 16:39:54 +00:00
matthieu
f731f6acb5
import freetype 2.3.5
2007-09-08 16:28:30 +00:00
matthieu
e51592142f
fix two instances XORG_PREFIX that escaped renaming to X11BASE.
2007-05-29 15:37:57 +00:00
matthieu
15235d0d22
Fix for CVE-2007-2754: integer overflow that can lead to an heap overflow.
...
Discovered by Victor Stinner. Patch from Freetype repository.
2007-05-25 01:23:29 +00:00
matthieu
8c80956fab
Don't include debugging symbols.
2007-04-07 15:37:50 +00:00
david
0440c6780f
fix $OpenBSD$ RCS tags; ok matthieu@
2007-04-04 22:30:55 +00:00
todd
517a55a2c5
bdf CVE-2007-1351
...
BDFFont Parsing Integer Overflow Vulnerability
The discoverer of this vulnerability wishes to remain anonymous.
from matthieu@
2007-04-04 02:51:57 +00:00
matthieu
77cb7f251b
Revert local debug stuff that wasn't meant to be committed.
2007-03-25 13:22:40 +00:00
matthieu
00a847b3f8
regen with libtool 1.5.22p9
2007-03-25 13:02:54 +00:00
matthieu
d94e76056c
Missed a sed substitution for freetype2.pc.
...
Noticed by Frederick C. Druseikis, thanks.
2006-12-23 10:42:41 +00:00
matthieu
6a5579f8e8
Make 'obj' now can make symlinks to /usr/obj/xenocara (or any other
...
directory designed by XENOCARA_OBJDIR in /etc/mk.conf).
2006-12-02 16:28:48 +00:00
matthieu
111eb3bc11
Disable profiled libs.
2006-11-29 18:03:09 +00:00
matthieu
b455532e54
$Xenocara$ -> $OpenBSD$
2006-11-27 19:56:35 +00:00
matthieu
a6d8ae2911
${DIST} is gone.
2006-11-27 00:27:52 +00:00
matthieu
f956426aeb
build infrastructure and OpenBSD customisation for Freetype 2.2.1
2006-11-26 11:54:18 +00:00
matthieu
68f868c8f6
Import freetype 2.2.1
2006-11-25 18:44:16 +00:00