Contributed by tbert on from the with-liberty-and-FreeType-for-all dept.
Patches for bugs in the FreeType library are available:
FreeType 2.5.5 contained more fixes for malformed font buffer overflows. Thanks to David Coppa for extracting the necessary patches from the Ubuntu package.
Patches are available for OpenBSD 5.5 and 5.6. The forthcoming 5.7 release already includes FreeType 2.5.5.
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/022_freetype.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/018_freetype.patch.sig
The 5.6 patch also includes some fixes for CJK hinting.
untrusted comment: signature from openbsd 5.6 base private key RWR0EANmo9nqhswc4xbXD01rhx1+T2nG0N/NlVICVOW187z5BoZQ7PJjx6OAijnCk1AJJqUOODgov/JniEFHmQ \ IE5tis+61NDAo=
OpenBSD 5.6 errata 18, Mar 13, 2015:
Another fix for buffer overflows in malformed fonts.
Apply patch using:
signify -Vep /etc/signify/openbsd-56-base.pub -x 018_freetype.patch.sig \ -m - | (cd /usr/xenocara && patch -p0)Then build and install a new libfreetype:
cd /usr/xenocara/lib/freetype make obj make build
(Comments are closed)
By BSDfan (193.200.118.52) on
Comments
By phessler (phessler) on http://www.openbsdfoundation.org/donations.html
Why aren't they committed in upstream FreeType? We would be far more interested in those patches if they were maintained upstream.
Comments
By BSDfan (193.200.118.52) on
>
> Why aren't they committed in upstream FreeType? We would be far more interested in those patches if they were maintained upstream.
Well, I don't know why. Infinality is MIT license, so license isn't an issue. Ubuntu patches are probably GPL.