| 1 |
commit: 6c1824fd0b6c245566175dfcc56b61b03471d510 |
| 2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Mon Jan 27 21:52:40 2020 +0000 |
| 4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Jan 27 21:52:40 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c1824fd |
| 7 |
|
| 8 |
media-gfx/fontforge: bump to 20190801 |
| 9 |
|
| 10 |
Package-Manager: Portage-2.3.85_p2, Repoman-2.3.20_p36 |
| 11 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
| 12 |
|
| 13 |
media-gfx/fontforge/Manifest | 1 + |
| 14 |
media-gfx/fontforge/files/CVE-2020-5395.patch | 78 +++++++++++++++++++ |
| 15 |
media-gfx/fontforge/fontforge-20190801.ebuild | 106 ++++++++++++++++++++++++++ |
| 16 |
3 files changed, 185 insertions(+) |
| 17 |
|
| 18 |
diff --git a/media-gfx/fontforge/Manifest b/media-gfx/fontforge/Manifest |
| 19 |
index 6a5907bce02..50996083639 100644 |
| 20 |
--- a/media-gfx/fontforge/Manifest |
| 21 |
+++ b/media-gfx/fontforge/Manifest |
| 22 |
@@ -1,2 +1,3 @@ |
| 23 |
DIST fontforge-20190317.tar.gz 22762120 BLAKE2B 5cb85d2fb9a2a08fe64548f2667c026e916dd0239d17d8f8d7d2fe8ecb51f2106cf3dc6e6298014c0deadffbfe91925327b483ed4750a171fb621aea8bdee60b SHA512 55f9b0f7cafb1aa5a1461dbf39b52ca6b69a2baa6b761c8c28f86a0bb99e090d9ecc981294f51dadd9297b5ebd3036f01cb4f17b9a97a737eb567b4ae6522f20 |
| 24 |
+DIST fontforge-20190801.tar.gz 20766334 BLAKE2B c3206e77da4a966b9e513c41c90e19522f3d1aad990cd3035d7c8a8cc009239811743c12c02df3b02fd91fa5a7738913dba43df14523a738a2232cd2d1a91700 SHA512 78f3e1e94e38e26dcf52c6a0e038753033dc47052b7492f0ac0aaf1b8962e4e4bbf07c2550ef6014ea7290a6429bf669acb0691735efe0aee368480b4b7e6236 |
| 25 |
DIST fontforge-dist-20170731.tar.xz 13985256 BLAKE2B 7bc49a3b7747de419e4fafb445062873cf9bf56aa73fd7499509b787a1c0fd6c47b0b5d7bfeb2a69d9237f9f66f989af968b0d00e9d5e57030906394f042f29c SHA512 26f7a40714460716a24dd0229fdb027f3766bcc48db64b8993436ddcb6277898f9f3b67ad4fc0be515b2b38e01370d1c7d9ee3c6ece1be862b7d8c9882411f11 |
| 26 |
|
| 27 |
diff --git a/media-gfx/fontforge/files/CVE-2020-5395.patch b/media-gfx/fontforge/files/CVE-2020-5395.patch |
| 28 |
new file mode 100644 |
| 29 |
index 00000000000..51b52450376 |
| 30 |
--- /dev/null |
| 31 |
+++ b/media-gfx/fontforge/files/CVE-2020-5395.patch |
| 32 |
@@ -0,0 +1,78 @@ |
| 33 |
+From 048a91e2682c1a8936ae34dbc7bd70291ec05410 Mon Sep 17 00:00:00 2001 |
| 34 |
+From: Skef Iterum <unknown> |
| 35 |
+Date: Mon, 6 Jan 2020 03:05:06 -0800 |
| 36 |
+Subject: [PATCH] Fix for #4084 Use-after-free (heap) in the |
| 37 |
+ SFD_GetFontMetaData() function Fix for #4086 NULL pointer dereference in the |
| 38 |
+ SFDGetSpiros() function Fix for #4088 NULL pointer dereference in the |
| 39 |
+ SFD_AssignLookups() function Add empty sf->fontname string if it isn't set, |
| 40 |
+ fixing #4089 #4090 and many other potential issues (many downstream calls |
| 41 |
+ to strlen() on the value). |
| 42 |
+ |
| 43 |
+--- |
| 44 |
+ fontforge/sfd.c | 19 ++++++++++++++----- |
| 45 |
+ fontforge/sfd1.c | 2 +- |
| 46 |
+ 2 files changed, 15 insertions(+), 6 deletions(-) |
| 47 |
+ |
| 48 |
+diff --git a/fontforge/sfd.c b/fontforge/sfd.c |
| 49 |
+index 731be201e0..e8ca39ba83 100644 |
| 50 |
+--- a/fontforge/sfd.c |
| 51 |
++++ b/fontforge/sfd.c |
| 52 |
+@@ -4032,13 +4032,16 @@ static void SFDGetSpiros(FILE *sfd,SplineSet *cur) { |
| 53 |
+ while ( fscanf(sfd,"%lg %lg %c", &cp.x, &cp.y, &cp.ty )==3 ) { |
| 54 |
+ if ( cur!=NULL ) { |
| 55 |
+ if ( cur->spiro_cnt>=cur->spiro_max ) |
| 56 |
+- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=10)*sizeof(spiro_cp)); |
| 57 |
++ cur->spiros = realloc(cur->spiros, |
| 58 |
++ (cur->spiro_max+=10)*sizeof(spiro_cp)); |
| 59 |
+ cur->spiros[cur->spiro_cnt++] = cp; |
| 60 |
+ } |
| 61 |
+ } |
| 62 |
+- if ( cur!=NULL && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { |
| 63 |
++ if ( cur!=NULL && cur->spiro_cnt>0 |
| 64 |
++ && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { |
| 65 |
+ if ( cur->spiro_cnt>=cur->spiro_max ) |
| 66 |
+- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=1)*sizeof(spiro_cp)); |
| 67 |
++ cur->spiros = realloc(cur->spiros, |
| 68 |
++ (cur->spiro_max+=1)*sizeof(spiro_cp)); |
| 69 |
+ memset(&cur->spiros[cur->spiro_cnt],0,sizeof(spiro_cp)); |
| 70 |
+ cur->spiros[cur->spiro_cnt++].ty = SPIRO_END; |
| 71 |
+ } |
| 72 |
+@@ -7992,10 +7995,12 @@ bool SFD_GetFontMetaData( FILE *sfd, |
| 73 |
+ else if ( strmatch(tok,"LayerCount:")==0 ) |
| 74 |
+ { |
| 75 |
+ d->had_layer_cnt = true; |
| 76 |
+- getint(sfd,&sf->layer_cnt); |
| 77 |
+- if ( sf->layer_cnt>2 ) { |
| 78 |
++ int layer_cnt_tmp; |
| 79 |
++ getint(sfd,&layer_cnt_tmp); |
| 80 |
++ if ( layer_cnt_tmp>2 ) { |
| 81 |
+ sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo)); |
| 82 |
+ memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo)); |
| 83 |
++ sf->layer_cnt = layer_cnt_tmp; |
| 84 |
+ } |
| 85 |
+ } |
| 86 |
+ else if ( strmatch(tok,"Layer:")==0 ) |
| 87 |
+@@ -8948,6 +8953,10 @@ exit( 1 ); |
| 88 |
+ } |
| 89 |
+ } |
| 90 |
+ |
| 91 |
++ // Many downstream functions assume this isn't NULL (use strlen, etc.) |
| 92 |
++ if ( sf->fontname==NULL) |
| 93 |
++ sf->fontname = copy(""); |
| 94 |
++ |
| 95 |
+ if ( fromdir ) |
| 96 |
+ sf = SFD_FigureDirType(sf,tok,dirname,enc,remap,had_layer_cnt); |
| 97 |
+ else if ( sf->subfontcnt!=0 ) { |
| 98 |
+diff --git a/fontforge/sfd1.c b/fontforge/sfd1.c |
| 99 |
+index cf931059d0..b42f832678 100644 |
| 100 |
+--- a/fontforge/sfd1.c |
| 101 |
++++ b/fontforge/sfd1.c |
| 102 |
+@@ -674,7 +674,7 @@ void SFD_AssignLookups(SplineFont1 *sf) { |
| 103 |
+ |
| 104 |
+ /* Fix up some gunk from really old versions of the sfd format */ |
| 105 |
+ SFDCleanupAnchorClasses(&sf->sf); |
| 106 |
+- if ( sf->sf.uni_interp==ui_unset ) |
| 107 |
++ if ( sf->sf.uni_interp==ui_unset && sf->sf.map!=NULL ) |
| 108 |
+ sf->sf.uni_interp = interp_from_encoding(sf->sf.map->enc,ui_none); |
| 109 |
+ |
| 110 |
+ /* Fixup for an old bug */ |
| 111 |
|
| 112 |
diff --git a/media-gfx/fontforge/fontforge-20190801.ebuild b/media-gfx/fontforge/fontforge-20190801.ebuild |
| 113 |
new file mode 100644 |
| 114 |
index 00000000000..31b62099c78 |
| 115 |
--- /dev/null |
| 116 |
+++ b/media-gfx/fontforge/fontforge-20190801.ebuild |
| 117 |
@@ -0,0 +1,106 @@ |
| 118 |
+# Copyright 2004-2020 Gentoo Authors |
| 119 |
+# Distributed under the terms of the GNU General Public License v2 |
| 120 |
+ |
| 121 |
+EAPI=7 |
| 122 |
+ |
| 123 |
+PYTHON_COMPAT=( python{2_7,3_{6,7}} ) |
| 124 |
+ |
| 125 |
+inherit python-single-r1 xdg |
| 126 |
+ |
| 127 |
+DESCRIPTION="postscript font editor and converter" |
| 128 |
+HOMEPAGE="http://fontforge.github.io/" |
| 129 |
+SRC_URI="https://github.com/fontforge/fontforge/releases/download/${PV}/fontforge-${PV}.tar.gz" |
| 130 |
+ |
| 131 |
+LICENSE="BSD GPL-3+" |
| 132 |
+SLOT="0" |
| 133 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" |
| 134 |
+IUSE="cairo truetype-debugger gif gtk jpeg png +python readline test tiff svg unicode X" |
| 135 |
+ |
| 136 |
+RESTRICT="!test? ( test )" |
| 137 |
+ |
| 138 |
+REQUIRED_USE=" |
| 139 |
+ cairo? ( png ) |
| 140 |
+ gtk? ( cairo ) |
| 141 |
+ python? ( ${PYTHON_REQUIRED_USE} ) |
| 142 |
+ test? ( png python ) |
| 143 |
+" |
| 144 |
+ |
| 145 |
+RDEPEND=" |
| 146 |
+ dev-libs/glib |
| 147 |
+ dev-libs/libltdl:0 |
| 148 |
+ dev-libs/libxml2:2= |
| 149 |
+ >=media-libs/freetype-2.3.7:2= |
| 150 |
+ cairo? ( |
| 151 |
+ >=x11-libs/cairo-1.6:0= |
| 152 |
+ x11-libs/pango:0= |
| 153 |
+ ) |
| 154 |
+ gif? ( media-libs/giflib:0= ) |
| 155 |
+ jpeg? ( virtual/jpeg:0 ) |
| 156 |
+ png? ( media-libs/libpng:0= ) |
| 157 |
+ tiff? ( media-libs/tiff:0= ) |
| 158 |
+ truetype-debugger? ( >=media-libs/freetype-2.3.8:2[fontforge,-bindist(-)] ) |
| 159 |
+ gtk? ( >=x11-libs/gtk+-3.10:3 ) |
| 160 |
+ python? ( ${PYTHON_DEPS} ) |
| 161 |
+ readline? ( sys-libs/readline:0= ) |
| 162 |
+ unicode? ( media-libs/libuninameslist:0= ) |
| 163 |
+ X? ( |
| 164 |
+ x11-libs/libX11:0= |
| 165 |
+ x11-libs/libXi:0= |
| 166 |
+ >=x11-libs/pango-1.10:0=[X] |
| 167 |
+ ) |
| 168 |
+ !media-gfx/pfaedit |
| 169 |
+" |
| 170 |
+DEPEND="${RDEPEND} |
| 171 |
+ X? ( x11-base/xorg-proto ) |
| 172 |
+" |
| 173 |
+BDEPEND=" |
| 174 |
+ sys-devel/gettext |
| 175 |
+ virtual/pkgconfig |
| 176 |
+" |
| 177 |
+ |
| 178 |
+# Needs keywording on many arches. |
| 179 |
+# zeromq? ( |
| 180 |
+# >=net-libs/czmq-2.2.0:0= |
| 181 |
+# >=net-libs/zeromq-4.0.4:0= |
| 182 |
+# ) |
| 183 |
+ |
| 184 |
+PATCHES=( |
| 185 |
+ "${FILESDIR}"/20170731-gethex-unaligned.patch |
| 186 |
+ "${FILESDIR}"/CVE-2020-5395.patch |
| 187 |
+) |
| 188 |
+ |
| 189 |
+pkg_setup() { |
| 190 |
+ use python && python-single-r1_pkg_setup |
| 191 |
+} |
| 192 |
+ |
| 193 |
+src_configure() { |
| 194 |
+ local myeconfargs=( |
| 195 |
+ --disable-static |
| 196 |
+ $(use_enable truetype-debugger freetype-debugger "${EPREFIX}/usr/include/freetype2/internal4fontforge") |
| 197 |
+ $(use_enable python python-extension) |
| 198 |
+ $(use_enable python python-scripting) |
| 199 |
+ --enable-tile-path |
| 200 |
+ $(use_with cairo) |
| 201 |
+ $(use_with gif giflib) |
| 202 |
+ $(use_with jpeg libjpeg) |
| 203 |
+ $(use_with png libpng) |
| 204 |
+ $(use_with readline libreadline) |
| 205 |
+ --without-libspiro |
| 206 |
+ $(use_with tiff libtiff) |
| 207 |
+ $(use_with unicode libuninameslist) |
| 208 |
+ $(use_with X x) |
| 209 |
+ ) |
| 210 |
+ if use gtk; then |
| 211 |
+ # broken AC_ARG_ENABLE usage |
| 212 |
+ # https://bugs.gentoo.org/681550 |
| 213 |
+ myeconfargs+=( --enable-gdk=gdk3 ) |
| 214 |
+ fi |
| 215 |
+ econf "${myeconfargs[@]}" |
| 216 |
+} |
| 217 |
+ |
| 218 |
+src_install() { |
| 219 |
+ emake DESTDIR="${D}" install |
| 220 |
+ docompress -x /usr/share/doc/${PF}/html |
| 221 |
+ einstalldocs |
| 222 |
+ find "${ED}" -name '*.la' -type f -delete || die |
| 223 |
+} |
Archives