From: Marinus Schraal <foser@gentoo.org>
Date: Mon, 19 Jun 2006 21:17:11 +0000 (+0000)
Subject: bump rev to add a couple of important patches
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=2862ff0417c02ef5991c06e312c803a7bdf4d694;p=gentoo.git

bump rev to add a couple of important patches
Package-Manager: portage-2.1
---

diff --git a/media-libs/freetype/ChangeLog b/media-libs/freetype/ChangeLog
index 47672a072e76..2451cf2ddd50 100644
--- a/media-libs/freetype/ChangeLog
+++ b/media-libs/freetype/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for media-libs/freetype
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.80 2006/06/19 17:10:55 foser Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.81 2006/06/19 21:17:11 foser Exp $
+
+*freetype-2.1.10-r1 (19 Jun 2006)
+
+  19 Jun 2006; Marinus Schraal <foser@gentoo.org> freetype-2.1.10-r1.ebuild,
+  freetype-2.1.10-security_batch.patch, freetype-2.1.10-revert_pointer.patch,
+  freetype-2.1.10-fix_synth.patch :
+  Add patch to fix overflows (#124828)
+  Add patch to ensure compatability with <xorg-7 (#99089)
+  Add patch to fix artificial bold alignment (#127872)
 
 *freetype-2.2.1 (19 Jun 2006)
 
diff --git a/media-libs/freetype/Manifest b/media-libs/freetype/Manifest
index 2f74131410b9..c19d6f1041dc 100644
--- a/media-libs/freetype/Manifest
+++ b/media-libs/freetype/Manifest
@@ -10,10 +10,22 @@ AUX freetype-2-enable_bci.patch 746 RMD160 7e285116c299e2869b753eb90522c8bbec0fc
 MD5 f56e44d1ef27c1e53e1d4193f37150b1 files/freetype-2-enable_bci.patch 746
 RMD160 7e285116c299e2869b753eb90522c8bbec0fc072 files/freetype-2-enable_bci.patch 746
 SHA256 4a53e2f809df39ccccab6708d8f573c124c1a5a0bb201682c608044558676f57 files/freetype-2-enable_bci.patch 746
+AUX freetype-2.1.10-fix_synth.patch 919 RMD160 85cea83ecb4d63660470519d40095ee5ae39f9e2 SHA1 eab0ee7b80ea927fe715df6ba7f9a5a7a864b1ce SHA256 416e34b095449d8981678225597eb12d0f0cc8a258c430d4061254303687443c
+MD5 d888f948f20eaab8775f8b228dbb8b21 files/freetype-2.1.10-fix_synth.patch 919
+RMD160 85cea83ecb4d63660470519d40095ee5ae39f9e2 files/freetype-2.1.10-fix_synth.patch 919
+SHA256 416e34b095449d8981678225597eb12d0f0cc8a258c430d4061254303687443c files/freetype-2.1.10-fix_synth.patch 919
 AUX freetype-2.1.10-internal_header.patch 667 RMD160 c1959d97a8588e8efec6cfc5dde79ac5ff6552ef SHA1 693dd29284f8ced58a9b4610db0bd57c24836655 SHA256 da72ae11e658332a0e22bc0fd69c9d0c89d61dcbd376243b6dface7b33b8d239
 MD5 f96e5959658f100cb8d1af8a197b8c45 files/freetype-2.1.10-internal_header.patch 667
 RMD160 c1959d97a8588e8efec6cfc5dde79ac5ff6552ef files/freetype-2.1.10-internal_header.patch 667
 SHA256 da72ae11e658332a0e22bc0fd69c9d0c89d61dcbd376243b6dface7b33b8d239 files/freetype-2.1.10-internal_header.patch 667
+AUX freetype-2.1.10-revert_pointer.patch 544 RMD160 7295ee885d3377cf8d76df1aa85d9d8c2dba3e51 SHA1 52e3e79f75cdd3eedfff52aba4646241b8a67f46 SHA256 47805b36c85b9d63b161757c0a7fa399c2320182b423db88909056712f426838
+MD5 31df68fae64e5aaecce6e739c699e75e files/freetype-2.1.10-revert_pointer.patch 544
+RMD160 7295ee885d3377cf8d76df1aa85d9d8c2dba3e51 files/freetype-2.1.10-revert_pointer.patch 544
+SHA256 47805b36c85b9d63b161757c0a7fa399c2320182b423db88909056712f426838 files/freetype-2.1.10-revert_pointer.patch 544
+AUX freetype-2.1.10-security_batch.patch 10667 RMD160 f75237e77ed09db16c19756e7d80de0fa73d30e4 SHA1 6bdb351eeb90289282502c971dbcdd7cd36736b1 SHA256 3f863c67176ca0a4348d5e6d838e06522c40f3ca72ad07e68616f2dc4361b1bc
+MD5 79c82a44790efd65aa57b462d9cc8f39 files/freetype-2.1.10-security_batch.patch 10667
+RMD160 f75237e77ed09db16c19756e7d80de0fa73d30e4 files/freetype-2.1.10-security_batch.patch 10667
+SHA256 3f863c67176ca0a4348d5e6d838e06522c40f3ca72ad07e68616f2dc4361b1bc files/freetype-2.1.10-security_batch.patch 10667
 AUX freetype-2.1.9-fix_bci.patch 643 RMD160 cf09457bc1f385b04f5013ed568886f854c33847 SHA1 7ea4f9a5f503e1e240ae895811d3c226f500255f SHA256 401d6db5446f80d086a6dbc89c8e7578d1e84a4fec8a691513f4a47447616b73
 MD5 6c404648e3cb8f86b329f7dac5d70cc8 files/freetype-2.1.9-fix_bci.patch 643
 RMD160 cf09457bc1f385b04f5013ed568886f854c33847 files/freetype-2.1.9-fix_bci.patch 643
@@ -34,6 +46,10 @@ EBUILD freetype-1.3.1-r5.ebuild 3198 RMD160 ad1fd38646ca2f925f4abb847aa1efc2435f
 MD5 4eaf61511f2b2c2520aeffadbe33b182 freetype-1.3.1-r5.ebuild 3198
 RMD160 ad1fd38646ca2f925f4abb847aa1efc2435fe7f3 freetype-1.3.1-r5.ebuild 3198
 SHA256 2553b7aa7c483faaaab77596203cdbdd5acb55fd35bf3f2dc5552162e15132b4 freetype-1.3.1-r5.ebuild 3198
+EBUILD freetype-2.1.10-r1.ebuild 2025 RMD160 f43de01ee6c618a3a275e5fedc641731cf45a772 SHA1 5afb80005da13aac7ecf3869257b76e39df66367 SHA256 59ef6b4618d0d99410aa354bb80b68979547a8379c4a067a250d58804d87a47c
+MD5 61121b51523b27f31c3d6d94f54a39f5 freetype-2.1.10-r1.ebuild 2025
+RMD160 f43de01ee6c618a3a275e5fedc641731cf45a772 freetype-2.1.10-r1.ebuild 2025
+SHA256 59ef6b4618d0d99410aa354bb80b68979547a8379c4a067a250d58804d87a47c freetype-2.1.10-r1.ebuild 2025
 EBUILD freetype-2.1.10.ebuild 1815 RMD160 1bb6c87ed7cd8857f38686f7c2736a35a94b5ebd SHA1 afa01ddb86ac29da861105cfe1aa943e9948c94b SHA256 5d5f2e8aa2bf61fdc4601b2b4651522f76a9cd417c138610997519c397676126
 MD5 b22e38526f2e58b8c47584b2f80c6262 freetype-2.1.10.ebuild 1815
 RMD160 1bb6c87ed7cd8857f38686f7c2736a35a94b5ebd freetype-2.1.10.ebuild 1815
@@ -42,14 +58,14 @@ EBUILD freetype-2.1.9-r1.ebuild 2165 RMD160 22194b4b0e4d04583cd2439cb50324653201
 MD5 aac984a0110e9a108eb4c71c1a45f2bd freetype-2.1.9-r1.ebuild 2165
 RMD160 22194b4b0e4d04583cd2439cb503246532017b61 freetype-2.1.9-r1.ebuild 2165
 SHA256 f34b322d58f30f88985a4f92bc9e11476b8c3d3c61be9c3f37f89c5d8edb2394 freetype-2.1.9-r1.ebuild 2165
-EBUILD freetype-2.2.1.ebuild 1642 RMD160 24e1c0bc785d6a3e8d3e18bf098874b3c54a1a0c SHA1 65827f64f490123b92f19aaa1e8b80b4bfd618f0 SHA256 18d3ad1fb420578597a25689f7be65a2636aed0558da107bbf27a1ccf3671b89
-MD5 a37a53e365cb7ca820fcc8b582c7604b freetype-2.2.1.ebuild 1642
-RMD160 24e1c0bc785d6a3e8d3e18bf098874b3c54a1a0c freetype-2.2.1.ebuild 1642
-SHA256 18d3ad1fb420578597a25689f7be65a2636aed0558da107bbf27a1ccf3671b89 freetype-2.2.1.ebuild 1642
-MISC ChangeLog 11652 RMD160 48bb2d27bcc17998417d84b287814afb98ad4c1e SHA1 6d7cb6f558758ee100d49acda3494c85a54e6e8e SHA256 345ead4b8dae2309ed89a01d847beeaf9aa57ec6185a7f100e862d29fd46c6bb
-MD5 34799e17f3807c598ac4cf0cccac5224 ChangeLog 11652
-RMD160 48bb2d27bcc17998417d84b287814afb98ad4c1e ChangeLog 11652
-SHA256 345ead4b8dae2309ed89a01d847beeaf9aa57ec6185a7f100e862d29fd46c6bb ChangeLog 11652
+EBUILD freetype-2.2.1.ebuild 1606 RMD160 49e0fef36314c28b070c759fbfdf0b4abac6cb0e SHA1 8f7e755d35174d7516c59c9f25b132d5cc59f071 SHA256 be8d339e13139e2ac3af0858659fe84bc082f0d698f34bc59b8ea30614b4b1e7
+MD5 1353b62e20a5659935db68790ef06a02 freetype-2.2.1.ebuild 1606
+RMD160 49e0fef36314c28b070c759fbfdf0b4abac6cb0e freetype-2.2.1.ebuild 1606
+SHA256 be8d339e13139e2ac3af0858659fe84bc082f0d698f34bc59b8ea30614b4b1e7 freetype-2.2.1.ebuild 1606
+MISC ChangeLog 12031 RMD160 f9b07a561e77ce3e3242cf93aa515895d200a6d7 SHA1 280e93b4cec2c6d65b09bf3ce3ae65ccdd70181f SHA256 0804460dadaa8f0afa5ba04392bb2a9827cd896add3e8c00b0262e36a6ff11b2
+MD5 2b4885abfcb49ec36cb16be58f23e54e ChangeLog 12031
+RMD160 f9b07a561e77ce3e3242cf93aa515895d200a6d7 ChangeLog 12031
+SHA256 0804460dadaa8f0afa5ba04392bb2a9827cd896add3e8c00b0262e36a6ff11b2 ChangeLog 12031
 MISC metadata.xml 221 RMD160 71f7378b604618cc82dd25cf498259ca9e971437 SHA1 815132082c51c63027ec0e5bcf545404ee69a5a2 SHA256 f5caf0a487300525ba716466e1fffb0d9ab526e3c6477d61db48f7e7d84612d0
 MD5 68a04e23ccfb7971cff8ce012aee659c metadata.xml 221
 RMD160 71f7378b604618cc82dd25cf498259ca9e971437 metadata.xml 221
@@ -63,6 +79,9 @@ SHA256 5ed481c875ac4fe3bdde983323429141ce78eeaeeb780dd36c42e1413ea6f876 files/di
 MD5 ba7ba279b7726f9b1cd0fe3941cb6fe9 files/digest-freetype-2.1.10 325
 RMD160 1f03fc6317371c34da8efb354f3c7ef09d00eebd files/digest-freetype-2.1.10 325
 SHA256 fa6bbc0378476ff34f02aabefa4ce08381b58e079307474a84f659b8de4b86f2 files/digest-freetype-2.1.10 325
+MD5 ba7ba279b7726f9b1cd0fe3941cb6fe9 files/digest-freetype-2.1.10-r1 325
+RMD160 1f03fc6317371c34da8efb354f3c7ef09d00eebd files/digest-freetype-2.1.10-r1 325
+SHA256 fa6bbc0378476ff34f02aabefa4ce08381b58e079307474a84f659b8de4b86f2 files/digest-freetype-2.1.10-r1 325
 MD5 29bbc2c883bf52623f42dd235cd23fd6 files/digest-freetype-2.1.9-r1 132
 RMD160 ad5eab81b5f46247bb2ac8997f09326570f58e2b files/digest-freetype-2.1.9-r1 132
 SHA256 87620ff697ccb8543e0d369bf1bb00fa25e0922d081140f2536109794346f594 files/digest-freetype-2.1.9-r1 132
diff --git a/media-libs/freetype/files/digest-freetype-2.1.10-r1 b/media-libs/freetype/files/digest-freetype-2.1.10-r1
new file mode 100644
index 000000000000..6f3158e1d65e
--- /dev/null
+++ b/media-libs/freetype/files/digest-freetype-2.1.10-r1
@@ -0,0 +1,4 @@
+MD5 a4012e7d1f6400df44a16743b11b8423 freetype-2.1.10.tar.bz2 1037107
+RMD160 3d31d548632f14784283c97ece64c7425efc3975 freetype-2.1.10.tar.bz2 1037107
+SHA256 fed2ed148d7d105b95493c5e95561c8b05ee7909e00f828f036d8ed1be6a5e53 freetype-2.1.10.tar.bz2 1037107
+MD5 10608a55ee9ee12e29ba3d705318e61d freetype-doc-2.1.10.tar.bz2 163725
diff --git a/media-libs/freetype/files/freetype-2.1.10-fix_synth.patch b/media-libs/freetype/files/freetype-2.1.10-fix_synth.patch
new file mode 100644
index 000000000000..f39442e74b0b
--- /dev/null
+++ b/media-libs/freetype/files/freetype-2.1.10-fix_synth.patch
@@ -0,0 +1,26 @@
+===================================================================
+RCS file: /var/lib/cvs/sources/freetype/freetype2/src/base/ftsynth.c,v
+retrieving revision 1.27
+retrieving revision 1.28
+diff -u -r1.27 -r1.28
+--- freetype/freetype2/src/base/ftsynth.c	2005/05/30 07:54:20	1.27
++++ freetype/freetype2/src/base/ftsynth.c	2005/06/16 19:07:08	1.28
+@@ -81,7 +81,7 @@
+ 
+     /* some reasonable strength */
+     xstr = FT_MulFix( face->units_per_EM,
+-                      face->size->metrics.y_scale ) / 42;
++                      face->size->metrics.y_scale ) / 24;
+     ystr = xstr;
+ 
+     if ( slot->format == FT_GLYPH_FORMAT_OUTLINE )
+@@ -122,8 +122,8 @@
+     /* modify the metrics accordingly */
+     if ( !error )
+     {
++      /* assume the layout is horizontal */
+       slot->advance.x += xstr;
+-      slot->advance.y += ystr;
+ 
+       slot->metrics.width        += xstr;
+       slot->metrics.height       += ystr;
diff --git a/media-libs/freetype/files/freetype-2.1.10-revert_pointer.patch b/media-libs/freetype/files/freetype-2.1.10-revert_pointer.patch
new file mode 100644
index 000000000000..43bc0ddd03dc
--- /dev/null
+++ b/media-libs/freetype/files/freetype-2.1.10-revert_pointer.patch
@@ -0,0 +1,14 @@
+diff -ur freetype-2.1.10/src/sfnt/sfdriver.c freetype-2.1.10-r1/src/sfnt/sfdriver.c
+--- freetype-2.1.10/src/sfnt/sfdriver.c	2005-09-05 11:07:57.532473793 +0200
++++ freetype-2.1.10-r1/src/sfnt/sfdriver.c	2005-09-05 11:08:21.586881788 +0200
+@@ -367,8 +367,8 @@
+     /* see `ttsbit.h' and `sfnt.h' */
+     tt_face_set_sbit_strike,
+     tt_face_load_sbit_strikes,
+-    0 /* tt_find_sbit_image */,
+-    0 /* tt_load_sbit_metrics */,
++    tt_find_sbit_image,
++    tt_load_sbit_metrics,
+     tt_face_load_sbit_image,
+     tt_face_free_sbit_strikes,
+ 
diff --git a/media-libs/freetype/files/freetype-2.1.10-security_batch.patch b/media-libs/freetype/files/freetype-2.1.10-security_batch.patch
new file mode 100644
index 000000000000..1dbb5481e8f0
--- /dev/null
+++ b/media-libs/freetype/files/freetype-2.1.10-security_batch.patch
@@ -0,0 +1,304 @@
+diff -uNr -x '*.orig' freetype-2.1.10/include/freetype/fterrdef.h freetype-2.1.10.patched/include/freetype/fterrdef.h
+--- freetype-2.1.10/include/freetype/fterrdef.h	2004-02-12 09:33:20.000000000 +0100
++++ freetype-2.1.10.patched/include/freetype/fterrdef.h	2006-06-19 19:16:07.000000000 +0200
+@@ -52,6 +52,8 @@
+                 "broken table" )
+   FT_ERRORDEF_( Invalid_Offset,                              0x09, \
+                 "broken offset within table" )
++  FT_ERRORDEF_( Array_Too_Large,                             0x0A, \
++                "array allocation size too large" )
+ 
+   /* glyph/character errors */
+ 
+@@ -226,6 +228,8 @@
+                 "`ENCODING' field missing" )
+   FT_ERRORDEF_( Missing_Bbx_Field,                           0xB6, \
+                 "`BBX' field missing" )
++  FT_ERRORDEF_( Bbx_Too_Big,                                 0xB7, \
++                "`BBX' too big" )
+ 
+ 
+ /* END */
+diff -uNr -x '*.orig' freetype-2.1.10/src/base/ftmac.c freetype-2.1.10.patched/src/base/ftmac.c
+--- freetype-2.1.10/src/base/ftmac.c	2004-08-28 10:02:46.000000000 +0200
++++ freetype-2.1.10.patched/src/base/ftmac.c	2006-06-19 19:16:07.000000000 +0200
+@@ -430,6 +430,7 @@
+     short          res_id;
+     unsigned char  *buffer, *p, *size_p = NULL;
+     FT_ULong       total_size = 0;
++    FT_ULong       old_total_size = 0;
+     FT_ULong       post_size, pfb_chunk_size;
+     Handle         post_data;
+     char           code, last_code;
+@@ -460,6 +461,15 @@
+ 
+       total_size += GetHandleSize( post_data ) - 2;
+       last_code = code;
++
++      /* detect integer overflows */
++      if ( total_size < old_total_size )
++      {
++        error = FT_Err_Array_Too_Large;
++        goto Error;
++      }
++
++      old_total_size = total_size;
+     }
+ 
+     if ( FT_ALLOC( buffer, (FT_Long)total_size ) )
+diff -uNr -x '*.orig' freetype-2.1.10/src/base/ftstream.c freetype-2.1.10.patched/src/base/ftstream.c
+--- freetype-2.1.10/src/base/ftstream.c	2005-03-16 02:15:07.000000000 +0100
++++ freetype-2.1.10.patched/src/base/ftstream.c	2006-06-19 19:16:07.000000000 +0200
+@@ -213,7 +213,12 @@
+       FT_Memory  memory = stream->memory;
+ 
+ 
++#ifdef FT_DEBUG_MEMORY
++      ft_mem_free( memory, *pbytes );
++      *pbytes = NULL;
++#else
+       FT_FREE( *pbytes );
++#endif
+     }
+     *pbytes = 0;
+   }
+@@ -299,7 +304,12 @@
+       FT_Memory  memory = stream->memory;
+ 
+ 
++#ifdef FT_DEBUG_MEMORY
++      ft_mem_free( memory, stream->base );
++      stream->base = NULL;
++#else
+       FT_FREE( stream->base );
++#endif
+     }
+     stream->cursor = 0;
+     stream->limit  = 0;
+diff -uNr -x '*.orig' freetype-2.1.10/src/base/ftutil.c freetype-2.1.10.patched/src/base/ftutil.c
+--- freetype-2.1.10/src/base/ftutil.c	2005-03-03 23:59:06.000000000 +0100
++++ freetype-2.1.10.patched/src/base/ftutil.c	2006-06-19 19:15:53.000000000 +0200
+@@ -52,6 +52,8 @@
+             FT_Long    size,
+             void*     *P )
+   {
++    FT_Error  error = FT_Err_Ok;
++
+     FT_ASSERT( P != 0 );
+ 
+     if ( size > 0 )
+@@ -68,13 +70,17 @@
+       FT_MEM_ZERO( *P, size );
+     }
+     else
++    {
+       *P = NULL;
++      if ( size < 0 )
++	error = FT_Err_Invalid_Argument;
++    }
+ 
+     FT_TRACE7(( "FT_Alloc:" ));
+     FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n",
+                 size, *P, P ));
+ 
+-    return FT_Err_Ok;
++    return error;
+   }
+ 
+ 
+@@ -128,12 +134,15 @@
+       return FT_Alloc( memory, size, P );
+ 
+     /* if the new block if zero-sized, clear the current one */
+-    if ( size <= 0 )
++    if ( size == 0 )
+     {
+       FT_Free( memory, P );
+       return FT_Err_Ok;
+     }
+ 
++    if ( size < 0 || current < 0 )
++      return FT_Err_Invalid_Argument;
++
+     Q = memory->realloc( memory, current, size, *P );
+     if ( !Q )
+       goto Fail;
+diff -uNr -x '*.orig' freetype-2.1.10/src/bdf/bdflib.c freetype-2.1.10.patched/src/bdf/bdflib.c
+--- freetype-2.1.10/src/bdf/bdflib.c	2005-05-21 19:19:52.000000000 +0200
++++ freetype-2.1.10.patched/src/bdf/bdflib.c	2006-06-19 19:16:01.000000000 +0200
+@@ -1092,6 +1092,7 @@
+ #define ERRMSG1  "[line %ld] Missing \"%s\" line.\n"
+ #define ERRMSG2  "[line %ld] Font header corrupted or missing fields.\n"
+ #define ERRMSG3  "[line %ld] Font glyphs corrupted or missing fields.\n"
++#define ERRMSG4  "[line %ld] BBX too big.\n"
+ 
+ 
+   static FT_Error
+@@ -1561,6 +1562,14 @@
+ 
+       p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 );
+ 
++      /* Check that the encoding is in the range [0,65536] because        */
++      /* otherwise p->have (a bitmap with static size) overflows.         */
++      if ( p->glyph_enc >= sizeof(p->have)*8 )
++      {
++        error = BDF_Err_Invalid_File_Format;
++        goto Exit;
++      }
++
+       /* Check to see whether this encoding has already been encountered. */
+       /* If it has then change it to unencoded so it gets added if        */
+       /* indicated.                                                       */
+@@ -1805,6 +1814,8 @@
+     /* And finally, gather up the bitmap. */
+     if ( ft_memcmp( line, "BITMAP", 6 ) == 0 )
+     {
++      unsigned long  bitmap_size;
++
+       if ( !( p->flags & _BDF_BBX ) )
+       {
+         /* Missing BBX field. */
+@@ -1815,7 +1826,16 @@
+ 
+       /* Allocate enough space for the bitmap. */
+       glyph->bpr   = ( glyph->bbx.width * p->font->bpp + 7 ) >> 3;
+-      glyph->bytes = (unsigned short)( glyph->bpr * glyph->bbx.height );
++
++      bitmap_size = glyph->bpr * glyph->bbx.height;
++      if ( bitmap_size > 0xFFFFU )
++      {
++        FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG4, lineno ));
++        error = BDF_Err_Bbx_Too_Big;
++        goto Exit;
++      }
++      else
++        glyph->bytes = (unsigned short)bitmap_size;
+ 
+       if ( FT_NEW_ARRAY( glyph->bitmap, glyph->bytes ) )
+         goto Exit;
+diff -uNr -x '*.orig' freetype-2.1.10/src/cff/cffgload.c freetype-2.1.10.patched/src/cff/cffgload.c
+--- freetype-2.1.10/src/cff/cffgload.c	2005-04-18 06:53:05.000000000 +0200
++++ freetype-2.1.10.patched/src/cff/cffgload.c	2006-06-19 19:16:01.000000000 +0200
+@@ -2284,7 +2284,7 @@
+   FT_LOCAL_DEF( FT_Error )
+   cff_slot_load( CFF_GlyphSlot  glyph,
+                  CFF_Size       size,
+-                 FT_Int         glyph_index,
++                 FT_UInt        glyph_index,
+                  FT_Int32       load_flags )
+   {
+     FT_Error      error;
+diff -uNr -x '*.orig' freetype-2.1.10/src/cff/cffgload.h freetype-2.1.10.patched/src/cff/cffgload.h
+--- freetype-2.1.10/src/cff/cffgload.h	2004-05-13 23:59:17.000000000 +0200
++++ freetype-2.1.10.patched/src/cff/cffgload.h	2006-06-19 19:16:01.000000000 +0200
+@@ -196,7 +196,7 @@
+   FT_LOCAL( FT_Error )
+   cff_slot_load( CFF_GlyphSlot  glyph,
+                  CFF_Size       size,
+-                 FT_Int         glyph_index,
++                 FT_UInt        glyph_index,
+                  FT_Int32       load_flags );
+ 
+ 
+diff -uNr -x '*.orig' freetype-2.1.10/src/cff/cffload.c freetype-2.1.10.patched/src/cff/cffload.c
+--- freetype-2.1.10/src/cff/cffload.c	2005-05-06 07:49:46.000000000 +0200
++++ freetype-2.1.10.patched/src/cff/cffload.c	2006-06-19 19:15:46.000000000 +0200
+@@ -1235,7 +1235,7 @@
+       }
+ 
+       /* access element */
+-      if ( off1 )
++      if ( off1 && off2 > off1 )
+       {
+         *pbyte_len = off2 - off1;
+ 
+@@ -2011,7 +2011,7 @@
+ 
+     if ( error )
+       goto Exit;
+-
++ 
+     /* if it is a CID font, we stop there */
+     if ( top->cid_registry != 0xFFFFU )
+       goto Exit;
+diff -uNr -x '*.orig' freetype-2.1.10/src/pshinter/pshglob.c freetype-2.1.10.patched/src/pshinter/pshglob.c
+--- freetype-2.1.10/src/pshinter/pshglob.c	2004-04-02 09:13:53.000000000 +0200
++++ freetype-2.1.10.patched/src/pshinter/pshglob.c	2006-06-19 19:15:46.000000000 +0200
+@@ -150,7 +150,7 @@
+     FT_UNUSED( target );
+ 
+ 
+-    for ( ; read_count > 0; read_count -= 2 )
++    for ( ; read_count > 1; read_count -= 2 )
+     {
+       FT_Int         reference, delta;
+       FT_UInt        count;
+diff -uNr -x '*.orig' freetype-2.1.10/src/raster/ftrend1.c freetype-2.1.10.patched/src/raster/ftrend1.c
+--- freetype-2.1.10/src/raster/ftrend1.c	2005-05-11 17:01:49.000000000 +0200
++++ freetype-2.1.10.patched/src/raster/ftrend1.c	2006-06-19 19:16:07.000000000 +0200
+@@ -21,6 +21,7 @@
+ #include FT_OUTLINE_H
+ #include "ftrend1.h"
+ #include "ftraster.h"
++#include <limits.h>
+ 
+ #include "rasterrs.h"
+ 
+@@ -175,6 +176,9 @@
+     bitmap->rows  = height;
+     bitmap->pitch = pitch;
+ 
++    if ((FT_ULong)pitch > LONG_MAX/height)
++      goto Exit;
++
+     if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) )
+       goto Exit;
+ 
+diff -uNr -x '*.orig' freetype-2.1.10/src/sfnt/ttcmap.c freetype-2.1.10.patched/src/sfnt/ttcmap.c
+--- freetype-2.1.10/src/sfnt/ttcmap.c	2005-05-11 16:37:40.000000000 +0200
++++ freetype-2.1.10.patched/src/sfnt/ttcmap.c	2006-06-19 19:16:01.000000000 +0200
+@@ -2144,9 +2144,7 @@
+       charmap.encoding    = FT_ENCODING_NONE;  /* will be filled later */
+       offset              = TT_NEXT_ULONG( p );
+ 
+-      if ( offset                     &&
+-           table + offset + 2 < limit &&
+-           table + offset >= table    )
++      if ( offset && offset <= face->cmap_size - 2 )
+       {
+         FT_Byte*                       cmap   = table + offset;
+         volatile FT_UInt               format = TT_PEEK_USHORT( cmap );
+diff -uNr -x '*.orig' freetype-2.1.10/src/sfnt/ttpost.c freetype-2.1.10.patched/src/sfnt/ttpost.c
+--- freetype-2.1.10/src/sfnt/ttpost.c	2003-10-29 22:43:51.000000000 +0100
++++ freetype-2.1.10.patched/src/sfnt/ttpost.c	2006-06-19 19:16:07.000000000 +0200
+@@ -292,7 +292,7 @@
+       goto Exit;
+     }
+ 
+-    if ( FT_ALLOC( offset_table, num_glyphs )       ||
++    if ( FT_NEW_ARRAY( offset_table, num_glyphs )   ||
+          FT_STREAM_READ( offset_table, num_glyphs ) )
+       goto Fail;
+ 
+diff -uNr -x '*.orig' freetype-2.1.10/src/winfonts/winfnt.c freetype-2.1.10.patched/src/winfonts/winfnt.c
+--- freetype-2.1.10/src/winfonts/winfnt.c	2004-06-15 16:13:10.000000000 +0200
++++ freetype-2.1.10.patched/src/winfonts/winfnt.c	2006-06-19 19:16:07.000000000 +0200
+@@ -27,6 +27,8 @@
+ #include FT_SERVICE_WINFNT_H
+ #include FT_SERVICE_XFREE86_NAME_H
+ 
++#include <limits.h>
++
+   /*************************************************************************/
+   /*                                                                       */
+   /* The macro FT_COMPONENT is used in trace mode.  It is an implicit      */
+@@ -633,6 +635,9 @@
+ 
+       /* note: since glyphs are stored in columns and not in rows we */
+       /*       can't use ft_glyphslot_set_bitmap                     */
++      if (pitch > LONG_MAX/bitmap->rows)
++	goto Exit;
++
+       if ( FT_ALLOC( bitmap->buffer, pitch * bitmap->rows ) )
+         goto Exit;
+ 
diff --git a/media-libs/freetype/freetype-2.1.10-r1.ebuild b/media-libs/freetype/freetype-2.1.10-r1.ebuild
new file mode 100644
index 000000000000..f13812d073c5
--- /dev/null
+++ b/media-libs/freetype/freetype-2.1.10-r1.ebuild
@@ -0,0 +1,72 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.1.10-r1.ebuild,v 1.1 2006/06/19 21:17:11 foser Exp $
+
+inherit eutils flag-o-matic gnuconfig libtool
+
+DESCRIPTION="A high-quality and portable font engine"
+HOMEPAGE="http://www.freetype.org/"
+SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2
+	doc? ( mirror://sourceforge/${PN}/${PN}-doc-${PV}.tar.bz2 )"
+
+LICENSE="FTL GPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc-macos ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="zlib bindist doc"
+
+# The RDEPEND below makes sure that if there is a version of moz/ff/tb
+# installed, then it will have the freetype-2.1.8+ binary compatibility patch.
+# Otherwise updating freetype will cause moz/ff/tb crashes.  #59849
+# 20 Nov 2004 agriffis
+DEPEND="zlib? ( sys-libs/zlib )"
+
+RDEPEND="${DEPEND}
+	!<www-client/mozilla-1.7.3-r3
+	!<www-client/mozilla-firefox-1.0-r3
+	!<mail-client/mozilla-thunderbird-0.9-r3
+	!<media-libs/libwmf-0.2.8.2"
+
+src_unpack() {
+
+	unpack ${A}
+
+	# fix internal header cast which gets used by pango (bad)
+	epatch ${FILESDIR}/${P}-internal_header.patch
+	# fix bunch of overflows etc. (#124828)
+	epatch ${FILESDIR}/${P}-security_batch.patch
+	# revert pointer
+	epatch ${FILESDIR}/${P}-revert_pointer.patch
+	# fix artificial bold bug (#127872)
+	cd ${S}/src/base
+	epatch ${FILESDIR}/${P}-fix_synth.patch
+
+	gnuconfig_update ${S}
+	elibtoolize
+	epunt_cxx
+
+}
+
+src_compile() {
+
+	# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118021
+	append-flags "-fno-strict-aliasing"
+
+	use bindist || append-flags -DTT_CONFIG_OPTION_BYTECODE_INTERPRETER
+
+	make setup CFG="--host=${CHOST} --prefix=/usr `use_with zlib` --libdir=/usr/$(get_libdir)" unix || die
+
+	emake || die
+
+}
+
+src_install() {
+
+	make DESTDIR="${D}" install || die
+
+	dodoc ChangeLog README
+	dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO}
+
+	cd ${WORKDIR}/${PN}-doc-${PV}
+	use doc && dohtml -r docs/*
+
+}
diff --git a/media-libs/freetype/freetype-2.2.1.ebuild b/media-libs/freetype/freetype-2.2.1.ebuild
index aca3120c5f34..924637d95325 100644
--- a/media-libs/freetype/freetype-2.2.1.ebuild
+++ b/media-libs/freetype/freetype-2.2.1.ebuild
@@ -1,11 +1,9 @@
 # Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.2.1.ebuild,v 1.1 2006/06/19 17:10:55 foser Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.2.1.ebuild,v 1.2 2006/06/19 21:17:11 foser Exp $
 
 inherit eutils flag-o-matic gnuconfig libtool
 
-SPV="`echo ${PV} | cut -d. -f1,2`"
-
 DESCRIPTION="A high-quality and portable font engine"
 HOMEPAGE="http://www.freetype.org/"
 SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2