Contributed by tbert on from the with-liberty-and-FreeType-for-all dept.
Patches for bugs in the FreeType library are available:
FreeType 2.5.5 contained more fixes for malformed font buffer overflows. Thanks to David Coppa for extracting the necessary patches from the Ubuntu package.
Patches are available for OpenBSD 5.5 and 5.6. The forthcoming 5.7 release already includes FreeType 2.5.5.
The 5.6 patch also includes some fixes for CJK hinting.
untrusted comment: signature from openbsd 5.6 base private key RWR0EANmo9nqhswc4xbXD01rhx1+T2nG0N/NlVICVOW187z5BoZQ7PJjx6OAijnCk1AJJqUOODgov/JniEFHmQ \ IE5tis+61NDAo=
OpenBSD 5.6 errata 18, Mar 13, 2015:
Another fix for buffer overflows in malformed fonts.
Apply patch using:signify -Vep /etc/signify/openbsd-56-base.pub -x 018_freetype.patch.sig \ -m - | (cd /usr/xenocara && patch -p0)
Then build and install a new libfreetype:cd /usr/xenocara/lib/freetype make obj make build
(Comments are closed)