Add patches to fix security issue.

This is done via direct commit, because the freetype2 update to 2.5.3 isn't mergeable due to freetype header shuffle which happend in 2.5.1. Tweak the freetype2 version in the vuxml to point to the fix version. Approved by: portmgr (antoine@, erwin@) Obtained from: freetype2 upstream Security: 1a0de610-a761-11e3-95fe-bcaec565249c
author: Koop Mast <kwm@FreeBSD.org> 2014-03-09 10:23:40 +0000
committer: Koop Mast <kwm@FreeBSD.org> 2014-03-09 10:23:40 +0000
commit: b2f2f6a6fd9c374117cda1278fdffa27d272ca92 (patch)
tree: d61a2f06f396853dcd5b7b41895c47e958feeca6
parent: 12ce11549331986f72672232af153372cd10138b (diff)
download: ports-b2f2f6a6fd9c374117cda1278fdffa27d272ca92.tar.gz
ports-b2f2f6a6fd9c374117cda1278fdffa27d272ca92.zip
3 files changed, 115 insertions, 1 deletions
diff --git a/print/freetype2/Makefile b/print/freetype2/Makefile
index c8e966b4f7ca..ad7e5a782ca1 100644
--- a/print/freetype2/Makefile
+++ b/print/freetype2/Makefile
@@ -4,6 +4,7 @@
 
 PORTNAME=	freetype2
 PORTVERSION=	2.5.0.1
+PORTREVISION=	1
 CATEGORIES=	print
 MASTER_SITES=	SF/freetype/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9]+\.[0-9]+).*/\1/}/ \
 		http://sunsite.cnlab-switch.ch/ftp/mirror/freetype/freetype2/ \
diff --git a/print/freetype2/files/patch-41697 b/print/freetype2/files/patch-41697
new file mode 100644
index 000000000000..543a11dc6ae1
--- /dev/null
+++ b/print/freetype2/files/patch-41697
@@ -0,0 +1,113 @@
+From 0eae6eb0645264c98812f0095e0f5df4541830e6 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold@adobe.com>
+Date: Fri, 28 Feb 2014 06:40:01 +0000
+Subject: Fix Savannah bug #41697, part 1.
+
+* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
+invalid.  In this case, it is not safe to use the length of
+`hStemHintArray'; the exception has already been recorded in
+`hintMask'.
+---
+diff --git a/ChangeLog b/ChangeLog
+index 2010fda..1f48e24 100644
+--- ChangeLog
++++ ChangeLog
+@@ -1,3 +1,12 @@
++2014-02-28  Dave Arnold  <darnold@adobe.com>
++
++	[cff] Fix Savannah bug #41697, part 1.
++
++	* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
++	invalid.  In this case, it is not safe to use the length of
++	`hStemHintArray'; the exception has already been recorded in
++	`hintMask'.
++
+ 2014-02-26  Werner Lemberg  <wl@gnu.org>
+ 
+ 	[sfnt] Fix Savannah bug #41696.
+diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c
+index 5f44161..79f84fc 100644
+--- src/cff/cf2hints.c
++++ src/cff/cf2hints.c
+@@ -781,6 +781,8 @@
+       cf2_hintmask_setAll( hintMask,
+                            cf2_arrstack_size( hStemHintArray ) +
+                              cf2_arrstack_size( vStemHintArray ) );
++      if ( !cf2_hintmask_isValid( hintMask ) )
++          return;                   /* too many stem hints */
+     }
+ 
+     /* begin by clearing the map */
+--
+cgit v0.9.0.2
+From 135c3faebb96f8f550bd4f318716f2e1e095a969 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold@adobe.com>
+Date: Fri, 28 Feb 2014 06:42:42 +0000
+Subject: Fix Savannah bug #41697, part 2.
+
+* src/cff/cf2ft.c (cf2_initLocalRegionBuffer,
+cf2_initGlobalRegionBuffer): It is possible for a charstring to call
+a subroutine if no subroutines exist.  This is an error but should
+not trigger an assert.  Split the assert to account for this.
+---
+diff --git a/ChangeLog b/ChangeLog
+index 1f48e24..164aa6b 100644
+--- ChangeLog
++++ ChangeLog
+@@ -1,5 +1,14 @@
+ 2014-02-28  Dave Arnold  <darnold@adobe.com>
+ 
++	[cff] Fix Savannah bug #41697, part 2.
++
++	* src/cff/cf2ft.c (cf2_initLocalRegionBuffer,
++	cf2_initGlobalRegionBuffer): It is possible for a charstring to call
++	a subroutine if no subroutines exist.  This is an error but should
++	not trigger an assert.  Split the assert to account for this.
++
++2014-02-28  Dave Arnold  <darnold@adobe.com>
++
+ 	[cff] Fix Savannah bug #41697, part 1.
+ 
+ 	* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
+diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c
+index df5f8fb..82bac75 100644
+--- src/cff/cf2ft.c
++++ src/cff/cf2ft.c
+@@ -521,7 +521,7 @@
+                               CF2_UInt      idx,
+                               CF2_Buffer    buf )
+   {
+-    FT_ASSERT( decoder && decoder->globals );
++    FT_ASSERT( decoder );
+ 
+     FT_ZERO( buf );
+ 
+@@ -529,6 +529,8 @@
+     if ( idx >= decoder->num_globals )
+       return TRUE;     /* error */
+ 
++    FT_ASSERT( decoder->globals );
++
+     buf->start =
+     buf->ptr   = decoder->globals[idx];
+     buf->end   = decoder->globals[idx + 1];
+@@ -594,7 +596,7 @@
+                              CF2_UInt      idx,
+                              CF2_Buffer    buf )
+   {
+-    FT_ASSERT( decoder && decoder->locals );
++    FT_ASSERT( decoder );
+ 
+     FT_ZERO( buf );
+ 
+@@ -602,6 +604,8 @@
+     if ( idx >= decoder->num_locals )
+       return TRUE;     /* error */
+ 
++    FT_ASSERT( decoder->locals );
++
+     buf->start =
+     buf->ptr   = decoder->locals[idx];
+     buf->end   = decoder->locals[idx + 1];
+--
+cgit v0.9.0.2
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index ad5ac7be08f7..afb0bb7ff113 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -56,7 +56,7 @@ Note:  Please add new entries to the beginning of this file.
     <affects>
       <package>
 	<name>freetype2</name>
-	<range><lt>2.5.3</lt></range>
+	<range><lt>2.5.0.1_1</lt></range>
       </package>
     </affects>
     <description>
author	Koop Mast <kwm@FreeBSD.org>	2014-03-09 10:23:40 +0000
committer	Koop Mast <kwm@FreeBSD.org>	2014-03-09 10:23:40 +0000
commit	b2f2f6a6fd9c374117cda1278fdffa27d272ca92 (patch)
tree	d61a2f06f396853dcd5b7b41895c47e958feeca6
parent	12ce11549331986f72672232af153372cd10138b (diff)
download	ports-b2f2f6a6fd9c374117cda1278fdffa27d272ca92.tar.gz ports-b2f2f6a6fd9c374117cda1278fdffa27d272ca92.zip