summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Hill <dirtyepic@gentoo.org>2010-10-23 02:37:58 +0000
committerRyan Hill <dirtyepic@gentoo.org>2010-10-23 02:37:58 +0000
commitdfe69887ad45eb953a0ebfbe8f63baf6c0e16797 (patch)
tree499d9451eb9607bfd7864f85cb35ecf65aa00d83
parentAdded new package Ostinato wrt bug 317201. (diff)
downloadgentoo-2-dfe69887ad45eb953a0ebfbe8f63baf6c0e16797.tar.gz
gentoo-2-dfe69887ad45eb953a0ebfbe8f63baf6c0e16797.tar.bz2
gentoo-2-dfe69887ad45eb953a0ebfbe8f63baf6c0e16797.zip
Security patch for bug #342121 (SA41738). Remove old.
(Portage version: 2.2_rc99/cvs/Linux x86_64)
-rw-r--r--media-libs/freetype/ChangeLog10
-rw-r--r--media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch136
-rw-r--r--media-libs/freetype/files/freetype-2.4.3-SA41738.patch43
-rw-r--r--media-libs/freetype/freetype-2.3.11.ebuild124
-rw-r--r--media-libs/freetype/freetype-2.4.3-r1.ebuild (renamed from media-libs/freetype/freetype-2.3.12.ebuild)41
5 files changed, 74 insertions, 280 deletions
diff --git a/media-libs/freetype/ChangeLog b/media-libs/freetype/ChangeLog
index ac45790c37e9..bca415a5bd39 100644
--- a/media-libs/freetype/ChangeLog
+++ b/media-libs/freetype/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for media-libs/freetype
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.271 2010/10/22 14:48:50 fauli Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.272 2010/10/23 02:37:58 dirtyepic Exp $
+
+*freetype-2.4.3-r1 (23 Oct 2010)
+
+ 23 Oct 2010; Ryan Hill <dirtyepic@gentoo.org>
+ -files/freetype-2.3.9-CVE-2009-0946.patch, -freetype-2.3.11.ebuild,
+ -freetype-2.3.12.ebuild, +freetype-2.4.3-r1.ebuild,
+ +files/freetype-2.4.3-SA41738.patch:
+ Security patch for bug #342121 (SA41738). Remove old.
22 Oct 2010; Christian Faulhammer <fauli@gentoo.org>
freetype-2.4.3.ebuild:
diff --git a/media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch b/media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch
deleted file mode 100644
index fac642547633..000000000000
--- a/media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
-https://bugzilla.redhat.com/show_bug.cgi?id=491384
-https://bugs.gentoo.org/show_bug.cgi?id=263032
-
---- freetype-2.3.9-orig/src/cff/cffload.c
-+++ freetype-2.3.9/src/cff/cffload.c
-@@ -842,7 +842,20 @@
- goto Exit;
-
- for ( j = 1; j < num_glyphs; j++ )
-- charset->sids[j] = FT_GET_USHORT();
-+ {
-+ FT_UShort sid = FT_GET_USHORT();
-+
-+
-+ /* this constant is given in the CFF specification */
-+ if ( sid < 65000 )
-+ charset->sids[j] = sid;
-+ else
-+ {
-+ FT_ERROR(( "cff_charset_load:"
-+ " invalid SID value %d set to zero\n", sid ));
-+ charset->sids[j] = 0;
-+ }
-+ }
-
- FT_FRAME_EXIT();
- }
-@@ -875,6 +888,20 @@
- goto Exit;
- }
-
-+ /* check whether the range contains at least one valid glyph; */
-+ /* the constant is given in the CFF specification */
-+ if ( glyph_sid >= 65000 ) {
-+ FT_ERROR(( "cff_charset_load: invalid SID range\n" ));
-+ error = CFF_Err_Invalid_File_Format;
-+ goto Exit;
-+ }
-+
-+ /* try to rescue some of the SIDs if `nleft' is too large */
-+ if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) {
-+ FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" ));
-+ nleft = 65000 - 1 - glyph_sid;
-+ }
-+
- /* Fill in the range of sids -- `nleft + 1' glyphs. */
- for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ )
- charset->sids[j] = glyph_sid;
---- freetype-2.3.9-orig/src/lzw/ftzopen.c
-+++ freetype-2.3.9/src/lzw/ftzopen.c
-@@ -332,6 +332,9 @@
-
- while ( code >= 256U )
- {
-+ if ( !state->prefix )
-+ goto Eof;
-+
- FTLZW_STACK_PUSH( state->suffix[code - 256] );
- code = state->prefix[code - 256];
- }
---- freetype-2.3.9-orig/src/sfnt/ttcmap.c
-+++ freetype-2.3.9/src/sfnt/ttcmap.c
-@@ -1635,7 +1635,7 @@
- FT_INVALID_TOO_SHORT;
-
- length = TT_NEXT_ULONG( p );
-- if ( table + length > valid->limit || length < 8208 )
-+ if ( length > (FT_UInt32)( valid->limit - table ) || length < 8192 + 16 )
- FT_INVALID_TOO_SHORT;
-
- is32 = table + 12;
-@@ -1863,7 +1863,8 @@
- p = table + 16;
- count = TT_NEXT_ULONG( p );
-
-- if ( table + length > valid->limit || length < 20 + count * 2 )
-+ if ( length > (FT_ULong)( valid->limit - table ) ||
-+ length < 20 + count * 2 )
- FT_INVALID_TOO_SHORT;
-
- /* check glyph indices */
-@@ -2048,7 +2049,8 @@
- p = table + 12;
- num_groups = TT_NEXT_ULONG( p );
-
-- if ( table + length > valid->limit || length < 16 + 12 * num_groups )
-+ if ( length > (FT_ULong)( valid->limit - table ) ||
-+ length < 16 + 12 * num_groups )
- FT_INVALID_TOO_SHORT;
-
- /* check groups, they must be in increasing order */
-@@ -2429,7 +2431,8 @@
- FT_ULong num_selectors = TT_NEXT_ULONG( p );
-
-
-- if ( table + length > valid->limit || length < 10 + 11 * num_selectors )
-+ if ( length > (FT_ULong)( valid->limit - table ) ||
-+ length < 10 + 11 * num_selectors )
- FT_INVALID_TOO_SHORT;
-
- /* check selectors, they must be in increasing order */
-@@ -2491,7 +2494,7 @@
- FT_ULong i, lastUni = 0;
-
-
-- if ( ndp + numMappings * 4 > valid->limit )
-+ if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) )
- FT_INVALID_TOO_SHORT;
-
- for ( i = 0; i < numMappings; ++i )
---- freetype-2.3.9-orig/src/smooth/ftsmooth.c
-+++ freetype-2.3.9/src/smooth/ftsmooth.c
-@@ -153,7 +153,7 @@
- slot->internal->flags &= ~FT_GLYPH_OWN_BITMAP;
- }
-
-- /* allocate new one, depends on pixel format */
-+ /* allocate new one */
- pitch = width;
- if ( hmul )
- {
-@@ -194,6 +194,13 @@
-
- #endif
-
-+ if ( pitch > 0xFFFF || height > 0xFFFF )
-+ {
-+ FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n",
-+ width, height ));
-+ return Smooth_Err_Raster_Overflow;
-+ }
-+
- bitmap->pixel_mode = FT_PIXEL_MODE_GRAY;
- bitmap->num_grays = 256;
- bitmap->width = width;
diff --git a/media-libs/freetype/files/freetype-2.4.3-SA41738.patch b/media-libs/freetype/files/freetype-2.4.3-SA41738.patch
new file mode 100644
index 000000000000..0224217daec4
--- /dev/null
+++ b/media-libs/freetype/files/freetype-2.4.3-SA41738.patch
@@ -0,0 +1,43 @@
+https://bugs.gentoo.org/342121
+
+From 59eb9f8cfe7d1df379a2318316d1f04f80fba54a Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Tue, 12 Oct 2010 05:49:17 +0000
+Subject: Fix Savannah bug #31310.
+
+* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against
+invalid `runcnt' values.
+---
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 653d9d5..47bb9fc 100644
+--- a/src/truetype/ttgxvar.c
++++ b/src/truetype/ttgxvar.c
+@@ -130,7 +130,7 @@
+ FT_Int j;
+ FT_Int first;
+ FT_Memory memory = stream->memory;
+- FT_Error error = TT_Err_Ok;
++ FT_Error error = TT_Err_Ok;
+
+ FT_UNUSED( error );
+
+@@ -154,7 +154,7 @@
+ runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
+ first = points[i++] = FT_GET_USHORT();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ /* first point not included in runcount */
+@@ -165,7 +165,7 @@
+ {
+ first = points[i++] = FT_GET_BYTE();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ for ( j = 0; j < runcnt; ++j )
+--
+cgit v0.8.3.2
diff --git a/media-libs/freetype/freetype-2.3.11.ebuild b/media-libs/freetype/freetype-2.3.11.ebuild
deleted file mode 100644
index ec8b7b3a6204..000000000000
--- a/media-libs/freetype/freetype-2.3.11.ebuild
+++ /dev/null
@@ -1,124 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.3.11.ebuild,v 1.6 2010/05/20 00:39:15 jer Exp $
-
-inherit eutils flag-o-matic libtool
-
-DESCRIPTION="A high-quality and portable font engine"
-HOMEPAGE="http://www.freetype.org/"
-SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2
- utils? ( mirror://sourceforge/freetype/ft2demos-${PV}.tar.bz2 )
- doc? ( mirror://sourceforge/freetype/${PN}-doc-${PV}.tar.bz2 )"
-
-LICENSE="FTL GPL-2"
-SLOT="2"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="X bindist debug doc utils fontforge"
-
-DEPEND="sys-libs/zlib
- X? ( x11-libs/libX11
- x11-libs/libXau
- x11-libs/libXdmcp )"
-
-# We also need a recent fontconfig version to prevent segfaults. #166029
-# July 3 2007 dirtyepic
-RDEPEND="${DEPEND}
- !<media-libs/fontconfig-2.3.2-r2"
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- enable_option() {
- sed -i -e "/#define $1/a #define $1" \
- include/freetype/config/ftoption.h \
- || die "unable to enable option $1"
- }
-
- disable_option() {
- sed -i -e "/#define $1/ { s:^:/*:; s:$:*/: }" \
- include/freetype/config/ftoption.h \
- || die "unable to disable option $1"
- }
-
- if ! use bindist; then
- # Bytecodes and subpixel hinting supports are patented
- # in United States; for safety, disable them while building
- # binaries, so that no risky code is distributed.
- # See http://freetype.org/patents.html
-
- enable_option FT_CONFIG_OPTION_SUBPIXEL_RENDERING
- enable_option TT_CONFIG_OPTION_BYTECODE_INTERPRETER
- disable_option TT_CONFIG_OPTION_UNPATENTED_HINTING
- fi
-
- if use debug; then
- enable_option FT_DEBUG_LEVEL_ERROR
- enable_option FT_DEBUG_MEMORY
- fi
-
- enable_option FT_CONFIG_OPTION_INCREMENTAL
- disable_option FT_CONFIG_OPTION_OLD_INTERNALS
-
- epatch "${FILESDIR}"/${PN}-2.3.2-enable-valid.patch
-
- if use utils; then
- cd "${WORKDIR}"/ft2demos-${PV}
- sed -i -e "s:\.\.\/freetype2$:../freetype-${PV}:" Makefile
-
- # Disable tests needing X11 when USE="-X". (bug #177597)
- if ! use X; then
- sed -i -e "/EXES\ +=\ ftview/ s:^:#:" Makefile
- fi
- fi
-
- elibtoolize
- epunt_cxx
-}
-
-src_compile() {
- append-flags -fno-strict-aliasing
-
- type -P gmake &> /dev/null && export GNUMAKE=gmake
- econf
- emake || die "emake failed"
-
- if use utils; then
- cd "${WORKDIR}"/ft2demos-${PV}
- emake || die "ft2demos emake failed"
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install || die "emake install failed"
-
- dodoc ChangeLog README
- dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO}
-
- use doc && dohtml -r docs/*
-
- if use utils; then
- rm "${WORKDIR}"/ft2demos-${PV}/bin/README
- for ft2demo in ../ft2demos-${PV}/bin/*; do
- ./builds/unix/libtool --mode=install $(type -P install) -m 755 "$ft2demo" \
- "${D}"/usr/bin
- done
- fi
- # Probably fontforge needs less but this way makes things simplier...
- if use fontforge; then
- einfo "Installing internal headers required for fontforge"
- find src/truetype include/freetype/internal -name '*.h' | \
- while read header; do
- mkdir -p "${D}/usr/include/freetype2/internal4fontforge/$(dirname ${header})"
- cp ${header} "${D}/usr/include/freetype2/internal4fontforge/$(dirname ${header})"
- done
- fi
-}
-
-pkg_postinst() {
- echo
- elog "The utilities and demos previously bundled with freetype are now"
- elog "optional. Enable the utils USE flag if you would like them"
- elog "to be installed."
- echo
-}
diff --git a/media-libs/freetype/freetype-2.3.12.ebuild b/media-libs/freetype/freetype-2.4.3-r1.ebuild
index ea99281cfe1e..9d049d35a0c1 100644
--- a/media-libs/freetype/freetype-2.3.12.ebuild
+++ b/media-libs/freetype/freetype-2.4.3-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.3.12.ebuild,v 1.8 2010/09/30 20:00:29 ranger Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.4.3-r1.ebuild,v 1.1 2010/10/23 02:37:58 dirtyepic Exp $
EAPI="2"
@@ -14,18 +14,15 @@ SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2
LICENSE="FTL GPL-2"
SLOT="2"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="X bindist debug doc utils fontforge"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="X auto-hinter bindist debug doc utils fontforge"
DEPEND="sys-libs/zlib
X? ( x11-libs/libX11
x11-libs/libXau
x11-libs/libXdmcp )"
-# We also need a recent fontconfig version to prevent segfaults. #166029
-# July 3 2007 dirtyepic
-RDEPEND="${DEPEND}
- !<media-libs/fontconfig-2.3.2-r2"
+RDEPEND="${DEPEND}"
src_prepare() {
enable_option() {
@@ -41,30 +38,29 @@ src_prepare() {
}
if ! use bindist; then
- # Bytecodes and subpixel hinting supports are patented
- # in United States; for safety, disable them while building
- # binaries, so that no risky code is distributed.
# See http://freetype.org/patents.html
-
+ # ClearType is covered by several Microsoft patents in the US
enable_option FT_CONFIG_OPTION_SUBPIXEL_RENDERING
- enable_option TT_CONFIG_OPTION_BYTECODE_INTERPRETER
- disable_option TT_CONFIG_OPTION_UNPATENTED_HINTING
+ fi
+
+ if use auto-hinter; then
+ disable_option TT_CONFIG_OPTION_BYTECODE_INTERPRETER
+ enable_option TT_CONFIG_OPTION_UNPATENTED_HINTING
fi
if use debug; then
- enable_option FT_DEBUG_LEVEL_ERROR
+ enable_option FT_DEBUG_LEVEL_TRACE
enable_option FT_DEBUG_MEMORY
fi
- enable_option FT_CONFIG_OPTION_INCREMENTAL
disable_option FT_CONFIG_OPTION_OLD_INTERNALS
epatch "${FILESDIR}"/${PN}-2.3.2-enable-valid.patch
+ epatch "${FILESDIR}"/${PN}-2.4.3-SA41738.patch
if use utils; then
cd "${WORKDIR}/ft2demos-${PV}"
sed -i -e "s:\.\.\/freetype2$:../freetype-${PV}:" Makefile
-
# Disable tests needing X11 when USE="-X". (bug #177597)
if ! use X; then
sed -i -e "/EXES\ +=\ ftdiff/ s:^:#:" Makefile
@@ -94,19 +90,20 @@ src_install() {
emake DESTDIR="${D}" install || die "emake install failed"
dodoc ChangeLog README
- dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO}
+ dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PROBLEMS,TODO}
use doc && dohtml -r docs/*
if use utils; then
- rm "${WORKDIR}/ft2demos-${PV}/bin/README"
+ rm "${WORKDIR}"/ft2demos-${PV}/bin/README
for ft2demo in ../ft2demos-${PV}/bin/*; do
./builds/unix/libtool --mode=install $(type -P install) -m 755 "$ft2demo" \
"${D}"/usr/bin
done
fi
- # Probably fontforge needs less but this way makes things simplier...
+
if use fontforge; then
+ # Probably fontforge needs less but this way makes things simplier...
einfo "Installing internal headers required for fontforge"
find src/truetype include/freetype/internal -name '*.h' | \
while read header; do
@@ -115,3 +112,9 @@ src_install() {
done
fi
}
+
+pkg_postinst() {
+ elog "The TrueType bytecode interpreter is no longer patented and thus no"
+ elog "longer controlled by the bindist USE flag. Enable the auto-hinter"
+ elog "USE flag if you want the old USE="bindist" hinting behavior."
+}