diff options
| author |   Marinus Schraal <foser@gentoo.org> | 2007-04-04 13:51:04 +0000 |
|---|---|---|
| committer | Marinus Schraal <foser@gentoo.org> | 2007-04-04 13:51:04 +0000 |
| commit | db54372436a7d1562164debe343a6f4f6777da58 (patch) | |
| tree | cbd6ef42a57b15ca260bf701a014de17f66a6f64 | |
| parent | Add Artistic Free License version 3.0. (diff) | |
| download | gentoo-2-db54372436a7d1562164debe343a6f4f6777da58.tar.gz gentoo-2-db54372436a7d1562164debe343a6f4f6777da58.tar.bz2 gentoo-2-db54372436a7d1562164debe343a6f4f6777da58.zip | |
add sec fix patch
(Portage version: 2.1.2.3)
| -rw-r--r-- | media-libs/freetype/ChangeLog | 8 | ||||
| -rw-r--r-- | media-libs/freetype/files/digest-freetype-2.3.2-r3 | 9 | ||||
| -rw-r--r-- | media-libs/freetype/files/freetype-2.3.2-bdflib.patch | 58 | ||||
| -rw-r--r-- | media-libs/freetype/freetype-2.3.2-r3.ebuild | 105 |
4 files changed, 179 insertions, 1 deletions
diff --git a/media-libs/freetype/ChangeLog b/media-libs/freetype/ChangeLog index e0c79204cf7a..9e65f799b855 100644 --- a/media-libs/freetype/ChangeLog +++ b/media-libs/freetype/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-libs/freetype # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.112 2007/04/01 04:48:12 dirtyepic Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.113 2007/04/04 13:51:04 foser Exp $ + +*freetype-2.3.2-r3 (04 Apr 2007) + + 04 Apr 2007; Marinus Schraal <foser@gentoo.org> freetype-2.3.2-r3.ebuild, + files/freetype-2.3.2-bdflib.patch : + Fix for CVE-2007-1351 (#172577) 01 Apr 2007; Ryan Hill <dirtyepic@gentoo.org> freetype-2.1.9-r1.ebuild: Reverse last commit. Thinko. diff --git a/media-libs/freetype/files/digest-freetype-2.3.2-r3 b/media-libs/freetype/files/digest-freetype-2.3.2-r3 new file mode 100644 index 000000000000..5d8420427568 --- /dev/null +++ b/media-libs/freetype/files/digest-freetype-2.3.2-r3 @@ -0,0 +1,9 @@ +MD5 119e1fe126fcfa5a70bc56db55f573d5 freetype-2.3.2.tar.bz2 1252007 +RMD160 e4da77b6f8956d69e57269c5681560beda0ddb27 freetype-2.3.2.tar.bz2 1252007 +SHA256 ba97537c711ea1970ccd97f957cabd63474de9c05aff0fc5ae931f8c90a47e7e freetype-2.3.2.tar.bz2 1252007 +MD5 d732b9b5971d019fab9c695dfa496247 freetype-doc-2.3.2.tar.bz2 98679 +RMD160 ecd619ded06bf5bf144c18c8d981aec88bab6370 freetype-doc-2.3.2.tar.bz2 98679 +SHA256 c30052d7d860b45edde95075525dd1c9d477d2b7ab5d99b5c601ac0a44b7d75c freetype-doc-2.3.2.tar.bz2 98679 +MD5 4843d92d3e92d45fc985f944a9a96671 ft2demos-2.3.2.tar.gz 191685 +RMD160 30bb4c24eefe714dc9fa628076c554604a973d1d ft2demos-2.3.2.tar.gz 191685 +SHA256 60ae6647436459703344cd64e006ed4334a4f904b2cf828042216c64d093fcb0 ft2demos-2.3.2.tar.gz 191685 diff --git a/media-libs/freetype/files/freetype-2.3.2-bdflib.patch b/media-libs/freetype/files/freetype-2.3.2-bdflib.patch new file mode 100644 index 000000000000..b0f3e1900573 --- /dev/null +++ b/media-libs/freetype/files/freetype-2.3.2-bdflib.patch @@ -0,0 +1,58 @@ +=================================================================== +RCS file: /sources/freetype/freetype2/src/bdf/bdflib.c,v +retrieving revision 1.33 +retrieving revision 1.34 +diff -u -r1.33 -r1.34 +--- freetype2/src/bdf/bdflib.c 2007/02/12 21:44:09 1.33 ++++ freetype2/src/bdf/bdflib.c 2007/03/28 07:17:17 1.34 +@@ -385,8 +385,10 @@ + } _bdf_parse_t; + + +-#define setsbit( m, cc ) ( m[(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) ) +-#define sbitset( m, cc ) ( m[(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) ) ++#define setsbit( m, cc ) \ ++ ( m[(FT_Byte)(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) ) ++#define sbitset( m, cc ) \ ++ ( m[(FT_Byte)(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) ) + + + static void +@@ -1130,7 +1132,7 @@ + bdf_options_t* opts ) + { + unsigned long len; +- char name[128]; ++ char name[256]; + _bdf_list_t list; + FT_Memory memory; + FT_Error error = BDF_Err_Ok; +@@ -1149,6 +1151,13 @@ + font->spacing = opts->font_spacing; + + len = (unsigned long)( ft_strlen( font->name ) + 1 ); ++ /* Limit ourselves to 256 characters in the font name. */ ++ if ( len >= 256 ) ++ { ++ error = BDF_Err_Invalid_Argument; ++ goto Exit; ++ } ++ + FT_MEM_COPY( name, font->name, len ); + + error = _bdf_list_split( &list, (char *)"-", name, len ); +@@ -1467,6 +1476,14 @@ + if ( p->cnt == 0 ) + font->glyphs_size = 64; + ++ /* Limit ourselves to 1,114,112 glyphs in the font (this is the */ ++ /* number of code points available in Unicode). */ ++ if ( p->cnt >= 1114112UL ) ++ { ++ error = BDF_Err_Invalid_Argument; ++ goto Exit; ++ } ++ + if ( FT_NEW_ARRAY( font->glyphs, font->glyphs_size ) ) + goto Exit; + diff --git a/media-libs/freetype/freetype-2.3.2-r3.ebuild b/media-libs/freetype/freetype-2.3.2-r3.ebuild new file mode 100644 index 000000000000..3a31ebfe25c8 --- /dev/null +++ b/media-libs/freetype/freetype-2.3.2-r3.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.3.2-r3.ebuild,v 1.1 2007/04/04 13:51:04 foser Exp $ + +inherit eutils flag-o-matic libtool + +DESCRIPTION="A high-quality and portable font engine" +HOMEPAGE="http://www.freetype.org/" +SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2 + mirror://sourceforge/freetype/ft2demos-${PV}.tar.gz + doc? ( mirror://sourceforge/${PN}/${PN}-doc-${PV}.tar.bz2 )" + +LICENSE="FTL GPL-2" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="bindist debug doc zlib" + +# The RDEPEND below makes sure that if there is a version of moz/ff/tb +# installed, then it will have the freetype-2.1.8+ binary compatibility patch. +# Otherwise updating freetype will cause moz/ff/tb crashes. #59849 +# 20 Nov 2004 agriffis +DEPEND="zlib? ( sys-libs/zlib )" + +RDEPEND="${DEPEND} + !<www-client/mozilla-1.7.3-r3 + !<www-client/mozilla-firefox-1.0-r3 + !<mail-client/mozilla-thunderbird-0.9-r3 + !<media-libs/libwmf-0.2.8.2" + +src_unpack() { + unpack ${A} + cd "${S}" + + enable_option() { + sed -i -e "/#define $1/a #define $1" \ + include/freetype/config/ftoption.h \ + || die "unable to enable option $1" + } + + disable_option() { + sed -i -e "/#define $1/ { s:^:/*:; s:$:*/: }" \ + include/freetype/config/ftoption.h \ + || die "unable to disable option $1" + } + + if ! use bindist; then + # Bytecodes and subpixel hinting supports are patented + # in United States; for safety, disable them while building + # binaries, so that no risky code is distributed. + # See http://freetype.org/patents.html + + enable_option TT_CONFIG_OPTION_BYTECODE_INTERPRETER + enable_option FT_CONFIG_OPTION_SUBPIXEL_RENDERING + disable_option TT_CONFIG_OPTION_UNPATENTED_HINTING + fi + + if use debug; then + enable_option FT_DEBUG_LEVEL_ERROR + enable_option FT_DEBUG_MEMORY + fi + + enable_option FT_CONFIG_OPTION_INCREMENTAL + disable_option FT_CONFIG_OPTION_OLD_INTERNALS + + epatch "${FILESDIR}"/${P}-enable-valid.patch + # 2.3.2 only - bug #170532 + epatch "${FILESDIR}"/${P}-truetype-regression.patch + + # sec vuln + epatch "${FILESDIR}"/${P}-bdflib.patch + + sed -i -e "s:\.\.\/freetype2$:../freetype-${PV}:" ../ft2demos-${PV}/Makefile + + elibtoolize + epunt_cxx + +} + +src_compile() { + # https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118021 + append-flags "-fno-strict-aliasing" + + type -p gmake &> /dev/null && export GNUMAKE=gmake + econf $(use_with zlib) || die "econf failed" + emake || die "emake failed" + + cd ../ft2demos-${PV} + emake || die "ft2demos emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + dodoc ChangeLog README + dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO} + + #cd "${WORKDIR}"/${PN}-doc-${PV} + use doc && dohtml -r docs/* + + rm ../ft2demos-${PV}/bin/README + for ft2demo in ../ft2demos-${PV}/bin/*; do + ./builds/unix/libtool --mode=install $(type -P install) -m 755 $ft2demo \ + ${D}/usr/bin + done +} |