diff options
author | Ryan Hill <dirtyepic@gentoo.org> | 2010-10-23 02:37:58 +0000 |
---|---|---|
committer | Ryan Hill <dirtyepic@gentoo.org> | 2010-10-23 02:37:58 +0000 |
commit | dfe69887ad45eb953a0ebfbe8f63baf6c0e16797 (patch) | |
tree | 499d9451eb9607bfd7864f85cb35ecf65aa00d83 | |
parent | Added new package Ostinato wrt bug 317201. (diff) | |
download | gentoo-2-dfe69887ad45eb953a0ebfbe8f63baf6c0e16797.tar.gz gentoo-2-dfe69887ad45eb953a0ebfbe8f63baf6c0e16797.tar.bz2 gentoo-2-dfe69887ad45eb953a0ebfbe8f63baf6c0e16797.zip |
Security patch for bug #342121 (SA41738). Remove old.
(Portage version: 2.2_rc99/cvs/Linux x86_64)
-rw-r--r-- | media-libs/freetype/ChangeLog | 10 | ||||
-rw-r--r-- | media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch | 136 | ||||
-rw-r--r-- | media-libs/freetype/files/freetype-2.4.3-SA41738.patch | 43 | ||||
-rw-r--r-- | media-libs/freetype/freetype-2.3.11.ebuild | 124 | ||||
-rw-r--r-- | media-libs/freetype/freetype-2.4.3-r1.ebuild (renamed from media-libs/freetype/freetype-2.3.12.ebuild) | 41 |
5 files changed, 74 insertions, 280 deletions
diff --git a/media-libs/freetype/ChangeLog b/media-libs/freetype/ChangeLog index ac45790c37e9..bca415a5bd39 100644 --- a/media-libs/freetype/ChangeLog +++ b/media-libs/freetype/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for media-libs/freetype # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.271 2010/10/22 14:48:50 fauli Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.272 2010/10/23 02:37:58 dirtyepic Exp $ + +*freetype-2.4.3-r1 (23 Oct 2010) + + 23 Oct 2010; Ryan Hill <dirtyepic@gentoo.org> + -files/freetype-2.3.9-CVE-2009-0946.patch, -freetype-2.3.11.ebuild, + -freetype-2.3.12.ebuild, +freetype-2.4.3-r1.ebuild, + +files/freetype-2.4.3-SA41738.patch: + Security patch for bug #342121 (SA41738). Remove old. 22 Oct 2010; Christian Faulhammer <fauli@gentoo.org> freetype-2.4.3.ebuild: diff --git a/media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch b/media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch deleted file mode 100644 index fac642547633..000000000000 --- a/media-libs/freetype/files/freetype-2.3.9-CVE-2009-0946.patch +++ /dev/null @@ -1,136 +0,0 @@ -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946 -https://bugzilla.redhat.com/show_bug.cgi?id=491384 -https://bugs.gentoo.org/show_bug.cgi?id=263032 - ---- freetype-2.3.9-orig/src/cff/cffload.c -+++ freetype-2.3.9/src/cff/cffload.c -@@ -842,7 +842,20 @@ - goto Exit; - - for ( j = 1; j < num_glyphs; j++ ) -- charset->sids[j] = FT_GET_USHORT(); -+ { -+ FT_UShort sid = FT_GET_USHORT(); -+ -+ -+ /* this constant is given in the CFF specification */ -+ if ( sid < 65000 ) -+ charset->sids[j] = sid; -+ else -+ { -+ FT_ERROR(( "cff_charset_load:" -+ " invalid SID value %d set to zero\n", sid )); -+ charset->sids[j] = 0; -+ } -+ } - - FT_FRAME_EXIT(); - } -@@ -875,6 +888,20 @@ - goto Exit; - } - -+ /* check whether the range contains at least one valid glyph; */ -+ /* the constant is given in the CFF specification */ -+ if ( glyph_sid >= 65000 ) { -+ FT_ERROR(( "cff_charset_load: invalid SID range\n" )); -+ error = CFF_Err_Invalid_File_Format; -+ goto Exit; -+ } -+ -+ /* try to rescue some of the SIDs if `nleft' is too large */ -+ if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) { -+ FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" )); -+ nleft = 65000 - 1 - glyph_sid; -+ } -+ - /* Fill in the range of sids -- `nleft + 1' glyphs. */ - for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ ) - charset->sids[j] = glyph_sid; ---- freetype-2.3.9-orig/src/lzw/ftzopen.c -+++ freetype-2.3.9/src/lzw/ftzopen.c -@@ -332,6 +332,9 @@ - - while ( code >= 256U ) - { -+ if ( !state->prefix ) -+ goto Eof; -+ - FTLZW_STACK_PUSH( state->suffix[code - 256] ); - code = state->prefix[code - 256]; - } ---- freetype-2.3.9-orig/src/sfnt/ttcmap.c -+++ freetype-2.3.9/src/sfnt/ttcmap.c -@@ -1635,7 +1635,7 @@ - FT_INVALID_TOO_SHORT; - - length = TT_NEXT_ULONG( p ); -- if ( table + length > valid->limit || length < 8208 ) -+ if ( length > (FT_UInt32)( valid->limit - table ) || length < 8192 + 16 ) - FT_INVALID_TOO_SHORT; - - is32 = table + 12; -@@ -1863,7 +1863,8 @@ - p = table + 16; - count = TT_NEXT_ULONG( p ); - -- if ( table + length > valid->limit || length < 20 + count * 2 ) -+ if ( length > (FT_ULong)( valid->limit - table ) || -+ length < 20 + count * 2 ) - FT_INVALID_TOO_SHORT; - - /* check glyph indices */ -@@ -2048,7 +2049,8 @@ - p = table + 12; - num_groups = TT_NEXT_ULONG( p ); - -- if ( table + length > valid->limit || length < 16 + 12 * num_groups ) -+ if ( length > (FT_ULong)( valid->limit - table ) || -+ length < 16 + 12 * num_groups ) - FT_INVALID_TOO_SHORT; - - /* check groups, they must be in increasing order */ -@@ -2429,7 +2431,8 @@ - FT_ULong num_selectors = TT_NEXT_ULONG( p ); - - -- if ( table + length > valid->limit || length < 10 + 11 * num_selectors ) -+ if ( length > (FT_ULong)( valid->limit - table ) || -+ length < 10 + 11 * num_selectors ) - FT_INVALID_TOO_SHORT; - - /* check selectors, they must be in increasing order */ -@@ -2491,7 +2494,7 @@ - FT_ULong i, lastUni = 0; - - -- if ( ndp + numMappings * 4 > valid->limit ) -+ if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ) - FT_INVALID_TOO_SHORT; - - for ( i = 0; i < numMappings; ++i ) ---- freetype-2.3.9-orig/src/smooth/ftsmooth.c -+++ freetype-2.3.9/src/smooth/ftsmooth.c -@@ -153,7 +153,7 @@ - slot->internal->flags &= ~FT_GLYPH_OWN_BITMAP; - } - -- /* allocate new one, depends on pixel format */ -+ /* allocate new one */ - pitch = width; - if ( hmul ) - { -@@ -194,6 +194,13 @@ - - #endif - -+ if ( pitch > 0xFFFF || height > 0xFFFF ) -+ { -+ FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n", -+ width, height )); -+ return Smooth_Err_Raster_Overflow; -+ } -+ - bitmap->pixel_mode = FT_PIXEL_MODE_GRAY; - bitmap->num_grays = 256; - bitmap->width = width; diff --git a/media-libs/freetype/files/freetype-2.4.3-SA41738.patch b/media-libs/freetype/files/freetype-2.4.3-SA41738.patch new file mode 100644 index 000000000000..0224217daec4 --- /dev/null +++ b/media-libs/freetype/files/freetype-2.4.3-SA41738.patch @@ -0,0 +1,43 @@ +https://bugs.gentoo.org/342121 + +From 59eb9f8cfe7d1df379a2318316d1f04f80fba54a Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <wl@gnu.org> +Date: Tue, 12 Oct 2010 05:49:17 +0000 +Subject: Fix Savannah bug #31310. + +* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against +invalid `runcnt' values. +--- +diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c +index 653d9d5..47bb9fc 100644 +--- a/src/truetype/ttgxvar.c ++++ b/src/truetype/ttgxvar.c +@@ -130,7 +130,7 @@ + FT_Int j; + FT_Int first; + FT_Memory memory = stream->memory; +- FT_Error error = TT_Err_Ok; ++ FT_Error error = TT_Err_Ok; + + FT_UNUSED( error ); + +@@ -154,7 +154,7 @@ + runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK; + first = points[i++] = FT_GET_USHORT(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + /* first point not included in runcount */ +@@ -165,7 +165,7 @@ + { + first = points[i++] = FT_GET_BYTE(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + for ( j = 0; j < runcnt; ++j ) +-- +cgit v0.8.3.2 diff --git a/media-libs/freetype/freetype-2.3.11.ebuild b/media-libs/freetype/freetype-2.3.11.ebuild deleted file mode 100644 index ec8b7b3a6204..000000000000 --- a/media-libs/freetype/freetype-2.3.11.ebuild +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.3.11.ebuild,v 1.6 2010/05/20 00:39:15 jer Exp $ - -inherit eutils flag-o-matic libtool - -DESCRIPTION="A high-quality and portable font engine" -HOMEPAGE="http://www.freetype.org/" -SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2 - utils? ( mirror://sourceforge/freetype/ft2demos-${PV}.tar.bz2 ) - doc? ( mirror://sourceforge/freetype/${PN}-doc-${PV}.tar.bz2 )" - -LICENSE="FTL GPL-2" -SLOT="2" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="X bindist debug doc utils fontforge" - -DEPEND="sys-libs/zlib - X? ( x11-libs/libX11 - x11-libs/libXau - x11-libs/libXdmcp )" - -# We also need a recent fontconfig version to prevent segfaults. #166029 -# July 3 2007 dirtyepic -RDEPEND="${DEPEND} - !<media-libs/fontconfig-2.3.2-r2" - -src_unpack() { - unpack ${A} - cd "${S}" - - enable_option() { - sed -i -e "/#define $1/a #define $1" \ - include/freetype/config/ftoption.h \ - || die "unable to enable option $1" - } - - disable_option() { - sed -i -e "/#define $1/ { s:^:/*:; s:$:*/: }" \ - include/freetype/config/ftoption.h \ - || die "unable to disable option $1" - } - - if ! use bindist; then - # Bytecodes and subpixel hinting supports are patented - # in United States; for safety, disable them while building - # binaries, so that no risky code is distributed. - # See http://freetype.org/patents.html - - enable_option FT_CONFIG_OPTION_SUBPIXEL_RENDERING - enable_option TT_CONFIG_OPTION_BYTECODE_INTERPRETER - disable_option TT_CONFIG_OPTION_UNPATENTED_HINTING - fi - - if use debug; then - enable_option FT_DEBUG_LEVEL_ERROR - enable_option FT_DEBUG_MEMORY - fi - - enable_option FT_CONFIG_OPTION_INCREMENTAL - disable_option FT_CONFIG_OPTION_OLD_INTERNALS - - epatch "${FILESDIR}"/${PN}-2.3.2-enable-valid.patch - - if use utils; then - cd "${WORKDIR}"/ft2demos-${PV} - sed -i -e "s:\.\.\/freetype2$:../freetype-${PV}:" Makefile - - # Disable tests needing X11 when USE="-X". (bug #177597) - if ! use X; then - sed -i -e "/EXES\ +=\ ftview/ s:^:#:" Makefile - fi - fi - - elibtoolize - epunt_cxx -} - -src_compile() { - append-flags -fno-strict-aliasing - - type -P gmake &> /dev/null && export GNUMAKE=gmake - econf - emake || die "emake failed" - - if use utils; then - cd "${WORKDIR}"/ft2demos-${PV} - emake || die "ft2demos emake failed" - fi -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - dodoc ChangeLog README - dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO} - - use doc && dohtml -r docs/* - - if use utils; then - rm "${WORKDIR}"/ft2demos-${PV}/bin/README - for ft2demo in ../ft2demos-${PV}/bin/*; do - ./builds/unix/libtool --mode=install $(type -P install) -m 755 "$ft2demo" \ - "${D}"/usr/bin - done - fi - # Probably fontforge needs less but this way makes things simplier... - if use fontforge; then - einfo "Installing internal headers required for fontforge" - find src/truetype include/freetype/internal -name '*.h' | \ - while read header; do - mkdir -p "${D}/usr/include/freetype2/internal4fontforge/$(dirname ${header})" - cp ${header} "${D}/usr/include/freetype2/internal4fontforge/$(dirname ${header})" - done - fi -} - -pkg_postinst() { - echo - elog "The utilities and demos previously bundled with freetype are now" - elog "optional. Enable the utils USE flag if you would like them" - elog "to be installed." - echo -} diff --git a/media-libs/freetype/freetype-2.3.12.ebuild b/media-libs/freetype/freetype-2.4.3-r1.ebuild index ea99281cfe1e..9d049d35a0c1 100644 --- a/media-libs/freetype/freetype-2.3.12.ebuild +++ b/media-libs/freetype/freetype-2.4.3-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.3.12.ebuild,v 1.8 2010/09/30 20:00:29 ranger Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.4.3-r1.ebuild,v 1.1 2010/10/23 02:37:58 dirtyepic Exp $ EAPI="2" @@ -14,18 +14,15 @@ SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2 LICENSE="FTL GPL-2" SLOT="2" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="X bindist debug doc utils fontforge" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="X auto-hinter bindist debug doc utils fontforge" DEPEND="sys-libs/zlib X? ( x11-libs/libX11 x11-libs/libXau x11-libs/libXdmcp )" -# We also need a recent fontconfig version to prevent segfaults. #166029 -# July 3 2007 dirtyepic -RDEPEND="${DEPEND} - !<media-libs/fontconfig-2.3.2-r2" +RDEPEND="${DEPEND}" src_prepare() { enable_option() { @@ -41,30 +38,29 @@ src_prepare() { } if ! use bindist; then - # Bytecodes and subpixel hinting supports are patented - # in United States; for safety, disable them while building - # binaries, so that no risky code is distributed. # See http://freetype.org/patents.html - + # ClearType is covered by several Microsoft patents in the US enable_option FT_CONFIG_OPTION_SUBPIXEL_RENDERING - enable_option TT_CONFIG_OPTION_BYTECODE_INTERPRETER - disable_option TT_CONFIG_OPTION_UNPATENTED_HINTING + fi + + if use auto-hinter; then + disable_option TT_CONFIG_OPTION_BYTECODE_INTERPRETER + enable_option TT_CONFIG_OPTION_UNPATENTED_HINTING fi if use debug; then - enable_option FT_DEBUG_LEVEL_ERROR + enable_option FT_DEBUG_LEVEL_TRACE enable_option FT_DEBUG_MEMORY fi - enable_option FT_CONFIG_OPTION_INCREMENTAL disable_option FT_CONFIG_OPTION_OLD_INTERNALS epatch "${FILESDIR}"/${PN}-2.3.2-enable-valid.patch + epatch "${FILESDIR}"/${PN}-2.4.3-SA41738.patch if use utils; then cd "${WORKDIR}/ft2demos-${PV}" sed -i -e "s:\.\.\/freetype2$:../freetype-${PV}:" Makefile - # Disable tests needing X11 when USE="-X". (bug #177597) if ! use X; then sed -i -e "/EXES\ +=\ ftdiff/ s:^:#:" Makefile @@ -94,19 +90,20 @@ src_install() { emake DESTDIR="${D}" install || die "emake install failed" dodoc ChangeLog README - dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO} + dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PROBLEMS,TODO} use doc && dohtml -r docs/* if use utils; then - rm "${WORKDIR}/ft2demos-${PV}/bin/README" + rm "${WORKDIR}"/ft2demos-${PV}/bin/README for ft2demo in ../ft2demos-${PV}/bin/*; do ./builds/unix/libtool --mode=install $(type -P install) -m 755 "$ft2demo" \ "${D}"/usr/bin done fi - # Probably fontforge needs less but this way makes things simplier... + if use fontforge; then + # Probably fontforge needs less but this way makes things simplier... einfo "Installing internal headers required for fontforge" find src/truetype include/freetype/internal -name '*.h' | \ while read header; do @@ -115,3 +112,9 @@ src_install() { done fi } + +pkg_postinst() { + elog "The TrueType bytecode interpreter is no longer patented and thus no" + elog "longer controlled by the bindist USE flag. Enable the auto-hinter" + elog "USE flag if you want the old USE="bindist" hinting behavior." +} |