1 |
commit: 6c1824fd0b6c245566175dfcc56b61b03471d510 |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jan 27 21:52:40 2020 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jan 27 21:52:40 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c1824fd |
7 |
|
8 |
media-gfx/fontforge: bump to 20190801 |
9 |
|
10 |
Package-Manager: Portage-2.3.85_p2, Repoman-2.3.20_p36 |
11 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
12 |
|
13 |
media-gfx/fontforge/Manifest | 1 + |
14 |
media-gfx/fontforge/files/CVE-2020-5395.patch | 78 +++++++++++++++++++ |
15 |
media-gfx/fontforge/fontforge-20190801.ebuild | 106 ++++++++++++++++++++++++++ |
16 |
3 files changed, 185 insertions(+) |
17 |
|
18 |
diff --git a/media-gfx/fontforge/Manifest b/media-gfx/fontforge/Manifest |
19 |
index 6a5907bce02..50996083639 100644 |
20 |
--- a/media-gfx/fontforge/Manifest |
21 |
+++ b/media-gfx/fontforge/Manifest |
22 |
@@ -1,2 +1,3 @@ |
23 |
DIST fontforge-20190317.tar.gz 22762120 BLAKE2B 5cb85d2fb9a2a08fe64548f2667c026e916dd0239d17d8f8d7d2fe8ecb51f2106cf3dc6e6298014c0deadffbfe91925327b483ed4750a171fb621aea8bdee60b SHA512 55f9b0f7cafb1aa5a1461dbf39b52ca6b69a2baa6b761c8c28f86a0bb99e090d9ecc981294f51dadd9297b5ebd3036f01cb4f17b9a97a737eb567b4ae6522f20 |
24 |
+DIST fontforge-20190801.tar.gz 20766334 BLAKE2B c3206e77da4a966b9e513c41c90e19522f3d1aad990cd3035d7c8a8cc009239811743c12c02df3b02fd91fa5a7738913dba43df14523a738a2232cd2d1a91700 SHA512 78f3e1e94e38e26dcf52c6a0e038753033dc47052b7492f0ac0aaf1b8962e4e4bbf07c2550ef6014ea7290a6429bf669acb0691735efe0aee368480b4b7e6236 |
25 |
DIST fontforge-dist-20170731.tar.xz 13985256 BLAKE2B 7bc49a3b7747de419e4fafb445062873cf9bf56aa73fd7499509b787a1c0fd6c47b0b5d7bfeb2a69d9237f9f66f989af968b0d00e9d5e57030906394f042f29c SHA512 26f7a40714460716a24dd0229fdb027f3766bcc48db64b8993436ddcb6277898f9f3b67ad4fc0be515b2b38e01370d1c7d9ee3c6ece1be862b7d8c9882411f11 |
26 |
|
27 |
diff --git a/media-gfx/fontforge/files/CVE-2020-5395.patch b/media-gfx/fontforge/files/CVE-2020-5395.patch |
28 |
new file mode 100644 |
29 |
index 00000000000..51b52450376 |
30 |
--- /dev/null |
31 |
+++ b/media-gfx/fontforge/files/CVE-2020-5395.patch |
32 |
@@ -0,0 +1,78 @@ |
33 |
+From 048a91e2682c1a8936ae34dbc7bd70291ec05410 Mon Sep 17 00:00:00 2001 |
34 |
+From: Skef Iterum <unknown> |
35 |
+Date: Mon, 6 Jan 2020 03:05:06 -0800 |
36 |
+Subject: [PATCH] Fix for #4084 Use-after-free (heap) in the |
37 |
+ SFD_GetFontMetaData() function Fix for #4086 NULL pointer dereference in the |
38 |
+ SFDGetSpiros() function Fix for #4088 NULL pointer dereference in the |
39 |
+ SFD_AssignLookups() function Add empty sf->fontname string if it isn't set, |
40 |
+ fixing #4089 #4090 and many other potential issues (many downstream calls |
41 |
+ to strlen() on the value). |
42 |
+ |
43 |
+--- |
44 |
+ fontforge/sfd.c | 19 ++++++++++++++----- |
45 |
+ fontforge/sfd1.c | 2 +- |
46 |
+ 2 files changed, 15 insertions(+), 6 deletions(-) |
47 |
+ |
48 |
+diff --git a/fontforge/sfd.c b/fontforge/sfd.c |
49 |
+index 731be201e0..e8ca39ba83 100644 |
50 |
+--- a/fontforge/sfd.c |
51 |
++++ b/fontforge/sfd.c |
52 |
+@@ -4032,13 +4032,16 @@ static void SFDGetSpiros(FILE *sfd,SplineSet *cur) { |
53 |
+ while ( fscanf(sfd,"%lg %lg %c", &cp.x, &cp.y, &cp.ty )==3 ) { |
54 |
+ if ( cur!=NULL ) { |
55 |
+ if ( cur->spiro_cnt>=cur->spiro_max ) |
56 |
+- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=10)*sizeof(spiro_cp)); |
57 |
++ cur->spiros = realloc(cur->spiros, |
58 |
++ (cur->spiro_max+=10)*sizeof(spiro_cp)); |
59 |
+ cur->spiros[cur->spiro_cnt++] = cp; |
60 |
+ } |
61 |
+ } |
62 |
+- if ( cur!=NULL && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { |
63 |
++ if ( cur!=NULL && cur->spiro_cnt>0 |
64 |
++ && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { |
65 |
+ if ( cur->spiro_cnt>=cur->spiro_max ) |
66 |
+- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=1)*sizeof(spiro_cp)); |
67 |
++ cur->spiros = realloc(cur->spiros, |
68 |
++ (cur->spiro_max+=1)*sizeof(spiro_cp)); |
69 |
+ memset(&cur->spiros[cur->spiro_cnt],0,sizeof(spiro_cp)); |
70 |
+ cur->spiros[cur->spiro_cnt++].ty = SPIRO_END; |
71 |
+ } |
72 |
+@@ -7992,10 +7995,12 @@ bool SFD_GetFontMetaData( FILE *sfd, |
73 |
+ else if ( strmatch(tok,"LayerCount:")==0 ) |
74 |
+ { |
75 |
+ d->had_layer_cnt = true; |
76 |
+- getint(sfd,&sf->layer_cnt); |
77 |
+- if ( sf->layer_cnt>2 ) { |
78 |
++ int layer_cnt_tmp; |
79 |
++ getint(sfd,&layer_cnt_tmp); |
80 |
++ if ( layer_cnt_tmp>2 ) { |
81 |
+ sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo)); |
82 |
+ memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo)); |
83 |
++ sf->layer_cnt = layer_cnt_tmp; |
84 |
+ } |
85 |
+ } |
86 |
+ else if ( strmatch(tok,"Layer:")==0 ) |
87 |
+@@ -8948,6 +8953,10 @@ exit( 1 ); |
88 |
+ } |
89 |
+ } |
90 |
+ |
91 |
++ // Many downstream functions assume this isn't NULL (use strlen, etc.) |
92 |
++ if ( sf->fontname==NULL) |
93 |
++ sf->fontname = copy(""); |
94 |
++ |
95 |
+ if ( fromdir ) |
96 |
+ sf = SFD_FigureDirType(sf,tok,dirname,enc,remap,had_layer_cnt); |
97 |
+ else if ( sf->subfontcnt!=0 ) { |
98 |
+diff --git a/fontforge/sfd1.c b/fontforge/sfd1.c |
99 |
+index cf931059d0..b42f832678 100644 |
100 |
+--- a/fontforge/sfd1.c |
101 |
++++ b/fontforge/sfd1.c |
102 |
+@@ -674,7 +674,7 @@ void SFD_AssignLookups(SplineFont1 *sf) { |
103 |
+ |
104 |
+ /* Fix up some gunk from really old versions of the sfd format */ |
105 |
+ SFDCleanupAnchorClasses(&sf->sf); |
106 |
+- if ( sf->sf.uni_interp==ui_unset ) |
107 |
++ if ( sf->sf.uni_interp==ui_unset && sf->sf.map!=NULL ) |
108 |
+ sf->sf.uni_interp = interp_from_encoding(sf->sf.map->enc,ui_none); |
109 |
+ |
110 |
+ /* Fixup for an old bug */ |
111 |
|
112 |
diff --git a/media-gfx/fontforge/fontforge-20190801.ebuild b/media-gfx/fontforge/fontforge-20190801.ebuild |
113 |
new file mode 100644 |
114 |
index 00000000000..31b62099c78 |
115 |
--- /dev/null |
116 |
+++ b/media-gfx/fontforge/fontforge-20190801.ebuild |
117 |
@@ -0,0 +1,106 @@ |
118 |
+# Copyright 2004-2020 Gentoo Authors |
119 |
+# Distributed under the terms of the GNU General Public License v2 |
120 |
+ |
121 |
+EAPI=7 |
122 |
+ |
123 |
+PYTHON_COMPAT=( python{2_7,3_{6,7}} ) |
124 |
+ |
125 |
+inherit python-single-r1 xdg |
126 |
+ |
127 |
+DESCRIPTION="postscript font editor and converter" |
128 |
+HOMEPAGE="http://fontforge.github.io/" |
129 |
+SRC_URI="https://github.com/fontforge/fontforge/releases/download/${PV}/fontforge-${PV}.tar.gz" |
130 |
+ |
131 |
+LICENSE="BSD GPL-3+" |
132 |
+SLOT="0" |
133 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" |
134 |
+IUSE="cairo truetype-debugger gif gtk jpeg png +python readline test tiff svg unicode X" |
135 |
+ |
136 |
+RESTRICT="!test? ( test )" |
137 |
+ |
138 |
+REQUIRED_USE=" |
139 |
+ cairo? ( png ) |
140 |
+ gtk? ( cairo ) |
141 |
+ python? ( ${PYTHON_REQUIRED_USE} ) |
142 |
+ test? ( png python ) |
143 |
+" |
144 |
+ |
145 |
+RDEPEND=" |
146 |
+ dev-libs/glib |
147 |
+ dev-libs/libltdl:0 |
148 |
+ dev-libs/libxml2:2= |
149 |
+ >=media-libs/freetype-2.3.7:2= |
150 |
+ cairo? ( |
151 |
+ >=x11-libs/cairo-1.6:0= |
152 |
+ x11-libs/pango:0= |
153 |
+ ) |
154 |
+ gif? ( media-libs/giflib:0= ) |
155 |
+ jpeg? ( virtual/jpeg:0 ) |
156 |
+ png? ( media-libs/libpng:0= ) |
157 |
+ tiff? ( media-libs/tiff:0= ) |
158 |
+ truetype-debugger? ( >=media-libs/freetype-2.3.8:2[fontforge,-bindist(-)] ) |
159 |
+ gtk? ( >=x11-libs/gtk+-3.10:3 ) |
160 |
+ python? ( ${PYTHON_DEPS} ) |
161 |
+ readline? ( sys-libs/readline:0= ) |
162 |
+ unicode? ( media-libs/libuninameslist:0= ) |
163 |
+ X? ( |
164 |
+ x11-libs/libX11:0= |
165 |
+ x11-libs/libXi:0= |
166 |
+ >=x11-libs/pango-1.10:0=[X] |
167 |
+ ) |
168 |
+ !media-gfx/pfaedit |
169 |
+" |
170 |
+DEPEND="${RDEPEND} |
171 |
+ X? ( x11-base/xorg-proto ) |
172 |
+" |
173 |
+BDEPEND=" |
174 |
+ sys-devel/gettext |
175 |
+ virtual/pkgconfig |
176 |
+" |
177 |
+ |
178 |
+# Needs keywording on many arches. |
179 |
+# zeromq? ( |
180 |
+# >=net-libs/czmq-2.2.0:0= |
181 |
+# >=net-libs/zeromq-4.0.4:0= |
182 |
+# ) |
183 |
+ |
184 |
+PATCHES=( |
185 |
+ "${FILESDIR}"/20170731-gethex-unaligned.patch |
186 |
+ "${FILESDIR}"/CVE-2020-5395.patch |
187 |
+) |
188 |
+ |
189 |
+pkg_setup() { |
190 |
+ use python && python-single-r1_pkg_setup |
191 |
+} |
192 |
+ |
193 |
+src_configure() { |
194 |
+ local myeconfargs=( |
195 |
+ --disable-static |
196 |
+ $(use_enable truetype-debugger freetype-debugger "${EPREFIX}/usr/include/freetype2/internal4fontforge") |
197 |
+ $(use_enable python python-extension) |
198 |
+ $(use_enable python python-scripting) |
199 |
+ --enable-tile-path |
200 |
+ $(use_with cairo) |
201 |
+ $(use_with gif giflib) |
202 |
+ $(use_with jpeg libjpeg) |
203 |
+ $(use_with png libpng) |
204 |
+ $(use_with readline libreadline) |
205 |
+ --without-libspiro |
206 |
+ $(use_with tiff libtiff) |
207 |
+ $(use_with unicode libuninameslist) |
208 |
+ $(use_with X x) |
209 |
+ ) |
210 |
+ if use gtk; then |
211 |
+ # broken AC_ARG_ENABLE usage |
212 |
+ # https://bugs.gentoo.org/681550 |
213 |
+ myeconfargs+=( --enable-gdk=gdk3 ) |
214 |
+ fi |
215 |
+ econf "${myeconfargs[@]}" |
216 |
+} |
217 |
+ |
218 |
+src_install() { |
219 |
+ emake DESTDIR="${D}" install |
220 |
+ docompress -x /usr/share/doc/${PF}/html |
221 |
+ einstalldocs |
222 |
+ find "${ED}" -name '*.la' -type f -delete || die |
223 |
+} |