untrusted comment: verify with openbsd-78-base.pub
RWS3/nvFmk4SWZ8IYqNm5c6a5EYHGgnfPDue3nVIeONKs1aVu8k//KiiTJ/5/4Aj+BsEVAxjj2WHIddSxfgu2seW9C2p/24JLQ4=

OpenBSD 7.8 errata 020, March 10, 2026:

Prevent an integer overflow leading to out-of-bounds read in FreeType.
CVE-2026-23865

Apply by doing:
    signify -Vep /etc/signify/openbsd-78-base.pub -x 020_freetype.patch.sig \
        -m - | (cd /usr/xenocara && patch -p0)

And then rebuild and install freetype:
    cd /usr/xenocara/lib/freetype
    make obj
    make build

Index: lib/freetype/src/truetype/ttgxvar.c
===================================================================
RCS file: /cvs/xenocara/lib/freetype/src/truetype/ttgxvar.c,v
diff -u -p -r1.31 ttgxvar.c
--- lib/freetype/src/truetype/ttgxvar.c	9 Mar 2025 15:12:55 -0000	1.31
+++ lib/freetype/src/truetype/ttgxvar.c	5 Mar 2026 17:36:11 -0000
@@ -666,11 +666,9 @@
       if ( long_words )
         per_region_size *= 2;
 
-      if ( FT_NEW_ARRAY( varData->deltaSet, per_region_size * item_count ) )
+      if ( FT_QALLOC_MULT( varData->deltaSet, item_count, per_region_size ) )
         goto Exit;
-      if ( FT_Stream_Read( stream,
-                           varData->deltaSet,
-                           per_region_size * item_count ) )
+      if ( FT_STREAM_READ( varData->deltaSet, item_count * per_region_size ) )
       {
         FT_TRACE2(( "deltaSet read failed." ));
         error = FT_THROW( Invalid_Table );