diff options
| author |   Peter Alfredsen <loki_val@gentoo.org> | 2009-05-25 21:06:25 +0000 |
|---|---|---|
| committer | Peter Alfredsen <loki_val@gentoo.org> | 2009-05-25 21:06:25 +0000 |
| commit | 2041789a4e114ce4bff8314115d0b0bc19039d9e (patch) | |
| tree | 19db95356c243bcf9665b1e40484c8c5a8d34706 /media-libs/freetype | |
| parent | x86 stable, bug #270569 (diff) | |
| download | gentoo-2-2041789a4e114ce4bff8314115d0b0bc19039d9e.tar.gz gentoo-2-2041789a4e114ce4bff8314115d0b0bc19039d9e.tar.bz2 gentoo-2-2041789a4e114ce4bff8314115d0b0bc19039d9e.zip | |
Bump with patches for CVE 2007-2754 and CVE 2006-1861. Bug 271234.
(Portage version: 2.2_rc33/cvs/Linux x86_64)
Diffstat (limited to 'media-libs/freetype')
4 files changed, 163 insertions, 1 deletions
diff --git a/media-libs/freetype/ChangeLog b/media-libs/freetype/ChangeLog index 6468ae9c6dcd..044ec6987041 100644 --- a/media-libs/freetype/ChangeLog +++ b/media-libs/freetype/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for media-libs/freetype # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.231 2009/05/24 14:39:18 loki_val Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.232 2009/05/25 21:06:25 loki_val Exp $ + +*freetype-1.4_pre20080316-r2 (25 May 2009) + + 25 May 2009; Peter Alfredsen <loki_val@gentoo.org> + +freetype-1.4_pre20080316-r2.ebuild, + +files/freetype-1.4_pre20080316-CVE-2006-1861.patch, + +files/freetype-1.4_pre20080316-CVE-2007-2754.patch: + Bump with patches for CVE 2007-2754 and CVE 2006-1861. Bug 271234. 24 May 2009; Peter Alfredsen <loki_val@gentoo.org> freetype-1.4_pre20080316-r1.ebuild, +files/freetype-1.4-glibc-2.10.patch: diff --git a/media-libs/freetype/files/freetype-1.4_pre20080316-CVE-2006-1861.patch b/media-libs/freetype/files/freetype-1.4_pre20080316-CVE-2006-1861.patch new file mode 100644 index 000000000000..2d75a4beec72 --- /dev/null +++ b/media-libs/freetype/files/freetype-1.4_pre20080316-CVE-2006-1861.patch @@ -0,0 +1,14 @@ +diff -up freetype-pre1.4/lib/ttgload.c.freetype-pre1.4-CVE-2006-1861-null-pointer freetype-pre1.4/lib/ttgload.c +--- freetype-pre1.4/lib/ttgload.c.freetype-pre1.4-CVE-2006-1861-null-pointer 2009-05-12 19:40:52.000000000 -0400 ++++ freetype-pre1.4/lib/ttgload.c 2009-05-12 19:41:03.000000000 -0400 +@@ -270,6 +270,10 @@ + j = 0; + flag = exec->pts.touch; + ++ /* CVE-2006-1861 */ ++ if ( flag == NULL ) ++ return TT_Err_Invalid_Composite; /* for lack of a better err code */ ++ + while ( j < n_points ) + { + Byte c, cnt; diff --git a/media-libs/freetype/files/freetype-1.4_pre20080316-CVE-2007-2754.patch b/media-libs/freetype/files/freetype-1.4_pre20080316-CVE-2007-2754.patch new file mode 100644 index 000000000000..f1e6c60b05a1 --- /dev/null +++ b/media-libs/freetype/files/freetype-1.4_pre20080316-CVE-2007-2754.patch @@ -0,0 +1,12 @@ +diff -up freetype-pre1.4/lib/ttgload.c.ttf-overflow freetype-pre1.4/lib/ttgload.c +--- freetype-pre1.4/lib/ttgload.c.ttf-overflow 2009-05-12 19:25:25.000000000 -0400 ++++ freetype-pre1.4/lib/ttgload.c 2009-05-12 19:28:15.000000000 -0400 +@@ -236,7 +236,7 @@ + + FORGET_Frame(); + +- if ( n_points > left_points ) ++ if ( n_points < 0 || n_points > left_points ) + { + PTRACE0(( "ERROR: Too many points in glyph %ld\n", subg->index )); + return TT_Err_Too_Many_Points; diff --git a/media-libs/freetype/freetype-1.4_pre20080316-r2.ebuild b/media-libs/freetype/freetype-1.4_pre20080316-r2.ebuild new file mode 100644 index 000000000000..86b66f202098 --- /dev/null +++ b/media-libs/freetype/freetype-1.4_pre20080316-r2.ebuild @@ -0,0 +1,128 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-1.4_pre20080316-r2.ebuild,v 1.1 2009/05/25 21:06:25 loki_val Exp $ + +inherit autotools eutils libtool multilib + +DESCRIPTION="Freetype font rendering engine" +HOMEPAGE="http://www.freetype.org/" +SRC_URI="mirror://gentoo/${P}.tar.bz2" + +LICENSE="FTL" +SLOT="1" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="doc nls kpathsea" + +COMMON_DEPEND="kpathsea? ( virtual/tex-base )" +RDEPEND="${COMMON_DEPEND} + nls? ( sys-devel/gettext )" +DEPEND="${COMMON_DEPEND} + >=sys-devel/autoconf-2.59" + +S="${WORKDIR}"/${PN} + +src_unpack() { + unpack ${A} + cd "${S}" + + # remove unneeded include for BSD (#104016) + epatch "${FILESDIR}"/freetype-1.4_pre-malloc.patch + + # fix ttf2pk to work with tetex 3.0 + epatch "${FILESDIR}"/freetype-1.4_pre-ttf2pk-tetex-3.patch + + # fix segfault due to undefined behaviour of non-static structs + epatch "${FILESDIR}"/freetype-1.4_pre-ttf2tfm-segfault.patch + + # silence strict-aliasing warnings + epatch "${FILESDIR}"/freetype-1.4_pre-silence-strict-aliasing.patch + + # add DESTDIR support to contrib Makefiles + epatch "${FILESDIR}"/freetype-1.4_pre-contrib-destdir.patch + + epatch "${FILESDIR}"/${P}-CVE-2008-1808.patch #225851 + epatch "${FILESDIR}"/${P}-LDLFAGS.patch #263131 + epatch "${FILESDIR}"/${PN}-1.4-glibc-2.10.patch #270460 + + epatch "${FILESDIR}"/${P}-CVE-2006-1861.patch #271234 + epatch "${FILESDIR}"/${P}-CVE-2007-2754.patch #271234 + + # disable tests (they don't compile) + sed -i -e "/^all:/ s:tttest ::" Makefile.in + + rm aclocal.m4 # Force recreation + # Copying this code from autotools.eclass but avoid autoheader call... + eaclocal + if ${LIBTOOLIZE:-libtoolize} -n --install >& /dev/null ; then + _elibtoolize --copy --force --install + else + _elibtoolize --copy --force + fi + eautoconf + elibtoolize + + # contrib isn't compatible with autoconf-2.13 + unset WANT_AUTOCONF + + for x in ttf2bdf ttf2pfb ttf2pk ttfbanner; do + cd "${S}"/freetype1-contrib/${x} + eautoconf + done +} + +src_compile() { + use kpathsea && kpathseaconf="--with-kpathsea-lib=/usr/$(get_libdir) --with-kpathsea-include=/usr/include" + + # core + einfo "Building core library..." + econf $(use_enable nls) || die "econf failed" + emake || die "emake failed" + + # contrib + cd "${S}"/freetype1-contrib/ttf2pk + einfo "Building ttf2pk..." + econf ${kpathseaconf} || die "econf ttf2pk failed" + emake || die "emake ttf2pk failed" + for x in ttf2bdf ttf2pfb ttfbanner; do + cd "${S}"/freetype1-contrib/${x} + einfo "Building ${x}..." + econf || die "econf ${x} failed" + emake || die "emake ${x} failed" + done +} + +src_install() { + dodoc announce PATENTS README docs/*.txt docs/FAQ + use doc && dohtml -r docs + + # core + # Seems to require a shared libintl (getetxt comes only with a static one + # But it seems to work without problems + einfo "Installing core library..." + cd "${S}"/lib + emake -f arch/unix/Makefile \ + prefix="${D}"/usr libdir="${D}"/usr/$(get_libdir) install \ + || die "lib install failed" + + # install po files + einfo "Installing po files..." + cd "${S}"/po + emake prefix="${D}"/usr libdir="${D}"/usr/$(get_libdir) install \ + || die "po install failed" + + # contrib (DESTDIR now works here) + einfo "Installing contrib..." + for x in ttf2bdf ttf2pfb ttf2pk ttfbanner; do + cd "${S}"/freetype1-contrib/${x} + emake DESTDIR="${D}" install || die "${x} install failed" + done + + # tex stuff + if use kpathsea; then + cd "${S}"/freetype1-contrib + insinto /usr/share/texmf/ttf2pk + doins ttf2pk/data/* || die "kpathsea ttf2pk install failed" + insinto /usr/share/texmf/ttf2pfb + doins ttf2pfb/Uni-T1.enc || die "kpathsea ttf2pfb install failed" + fi +} |