diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2007-02-08 14:15:13 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2007-02-08 14:15:13 +0000 |
| commit | c912b34ed0fd1954ba5c9556cb6342c6a27f0dde (patch) | |
| tree | 354e8c7f29771d290348a1f10397b33864528fdb /media-libs/freetype | |
| parent | clean up (diff) | |
| download | gentoo-2-c912b34ed0fd1954ba5c9556cb6342c6a27f0dde.tar.gz gentoo-2-c912b34ed0fd1954ba5c9556cb6342c6a27f0dde.tar.bz2 gentoo-2-c912b34ed0fd1954ba5c9556cb6342c6a27f0dde.zip | |
Remove old vulnerable versions.
(Portage version: 2.1.2-r9)
Diffstat (limited to 'media-libs/freetype')
| -rw-r--r-- | media-libs/freetype/ChangeLog | 7 | ||||
| -rw-r--r-- | media-libs/freetype/files/digest-freetype-2.1.10 | 6 | ||||
| -rw-r--r-- | media-libs/freetype/files/digest-freetype-2.1.10-r1 | 6 | ||||
| -rw-r--r-- | media-libs/freetype/files/freetype-2.1.10-security_batch.patch | 304 | ||||
| -rw-r--r-- | media-libs/freetype/freetype-2.1.10-r1.ebuild | 71 | ||||
| -rw-r--r-- | media-libs/freetype/freetype-2.1.10.ebuild | 66 |
6 files changed, 6 insertions, 454 deletions
diff --git a/media-libs/freetype/ChangeLog b/media-libs/freetype/ChangeLog index e1db10af821d..59cfdc7e5871 100644 --- a/media-libs/freetype/ChangeLog +++ b/media-libs/freetype/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for media-libs/freetype # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.94 2007/02/08 14:04:34 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/ChangeLog,v 1.95 2007/02/08 14:15:13 flameeyes Exp $ + + 08 Feb 2007; Diego Pettenò <flameeyes@gentoo.org> + -files/freetype-2.1.10-security_batch.patch, -freetype-2.1.10.ebuild, + -freetype-2.1.10-r1.ebuild: + Remove old vulnerable versions. *freetype-2.2.1-r1 (08 Feb 2007) diff --git a/media-libs/freetype/files/digest-freetype-2.1.10 b/media-libs/freetype/files/digest-freetype-2.1.10 deleted file mode 100644 index a7c77abdf5bf..000000000000 --- a/media-libs/freetype/files/digest-freetype-2.1.10 +++ /dev/null @@ -1,6 +0,0 @@ -MD5 a4012e7d1f6400df44a16743b11b8423 freetype-2.1.10.tar.bz2 1037107 -RMD160 3d31d548632f14784283c97ece64c7425efc3975 freetype-2.1.10.tar.bz2 1037107 -SHA256 fed2ed148d7d105b95493c5e95561c8b05ee7909e00f828f036d8ed1be6a5e53 freetype-2.1.10.tar.bz2 1037107 -MD5 10608a55ee9ee12e29ba3d705318e61d freetype-doc-2.1.10.tar.bz2 163725 -RMD160 fef03cfdf83c8980a8b16fe7a2b9bb139f6f62a9 freetype-doc-2.1.10.tar.bz2 163725 -SHA256 2bfdca5fd7bb44fe80c41b12998dc044418038e69c828b0e2c31d79d72d1117c freetype-doc-2.1.10.tar.bz2 163725 diff --git a/media-libs/freetype/files/digest-freetype-2.1.10-r1 b/media-libs/freetype/files/digest-freetype-2.1.10-r1 deleted file mode 100644 index a7c77abdf5bf..000000000000 --- a/media-libs/freetype/files/digest-freetype-2.1.10-r1 +++ /dev/null @@ -1,6 +0,0 @@ -MD5 a4012e7d1f6400df44a16743b11b8423 freetype-2.1.10.tar.bz2 1037107 -RMD160 3d31d548632f14784283c97ece64c7425efc3975 freetype-2.1.10.tar.bz2 1037107 -SHA256 fed2ed148d7d105b95493c5e95561c8b05ee7909e00f828f036d8ed1be6a5e53 freetype-2.1.10.tar.bz2 1037107 -MD5 10608a55ee9ee12e29ba3d705318e61d freetype-doc-2.1.10.tar.bz2 163725 -RMD160 fef03cfdf83c8980a8b16fe7a2b9bb139f6f62a9 freetype-doc-2.1.10.tar.bz2 163725 -SHA256 2bfdca5fd7bb44fe80c41b12998dc044418038e69c828b0e2c31d79d72d1117c freetype-doc-2.1.10.tar.bz2 163725 diff --git a/media-libs/freetype/files/freetype-2.1.10-security_batch.patch b/media-libs/freetype/files/freetype-2.1.10-security_batch.patch deleted file mode 100644 index 1dbb5481e8f0..000000000000 --- a/media-libs/freetype/files/freetype-2.1.10-security_batch.patch +++ /dev/null @@ -1,304 +0,0 @@ -diff -uNr -x '*.orig' freetype-2.1.10/include/freetype/fterrdef.h freetype-2.1.10.patched/include/freetype/fterrdef.h ---- freetype-2.1.10/include/freetype/fterrdef.h 2004-02-12 09:33:20.000000000 +0100 -+++ freetype-2.1.10.patched/include/freetype/fterrdef.h 2006-06-19 19:16:07.000000000 +0200 -@@ -52,6 +52,8 @@ - "broken table" ) - FT_ERRORDEF_( Invalid_Offset, 0x09, \ - "broken offset within table" ) -+ FT_ERRORDEF_( Array_Too_Large, 0x0A, \ -+ "array allocation size too large" ) - - /* glyph/character errors */ - -@@ -226,6 +228,8 @@ - "`ENCODING' field missing" ) - FT_ERRORDEF_( Missing_Bbx_Field, 0xB6, \ - "`BBX' field missing" ) -+ FT_ERRORDEF_( Bbx_Too_Big, 0xB7, \ -+ "`BBX' too big" ) - - - /* END */ -diff -uNr -x '*.orig' freetype-2.1.10/src/base/ftmac.c freetype-2.1.10.patched/src/base/ftmac.c ---- freetype-2.1.10/src/base/ftmac.c 2004-08-28 10:02:46.000000000 +0200 -+++ freetype-2.1.10.patched/src/base/ftmac.c 2006-06-19 19:16:07.000000000 +0200 -@@ -430,6 +430,7 @@ - short res_id; - unsigned char *buffer, *p, *size_p = NULL; - FT_ULong total_size = 0; -+ FT_ULong old_total_size = 0; - FT_ULong post_size, pfb_chunk_size; - Handle post_data; - char code, last_code; -@@ -460,6 +461,15 @@ - - total_size += GetHandleSize( post_data ) - 2; - last_code = code; -+ -+ /* detect integer overflows */ -+ if ( total_size < old_total_size ) -+ { -+ error = FT_Err_Array_Too_Large; -+ goto Error; -+ } -+ -+ old_total_size = total_size; - } - - if ( FT_ALLOC( buffer, (FT_Long)total_size ) ) -diff -uNr -x '*.orig' freetype-2.1.10/src/base/ftstream.c freetype-2.1.10.patched/src/base/ftstream.c ---- freetype-2.1.10/src/base/ftstream.c 2005-03-16 02:15:07.000000000 +0100 -+++ freetype-2.1.10.patched/src/base/ftstream.c 2006-06-19 19:16:07.000000000 +0200 -@@ -213,7 +213,12 @@ - FT_Memory memory = stream->memory; - - -+#ifdef FT_DEBUG_MEMORY -+ ft_mem_free( memory, *pbytes ); -+ *pbytes = NULL; -+#else - FT_FREE( *pbytes ); -+#endif - } - *pbytes = 0; - } -@@ -299,7 +304,12 @@ - FT_Memory memory = stream->memory; - - -+#ifdef FT_DEBUG_MEMORY -+ ft_mem_free( memory, stream->base ); -+ stream->base = NULL; -+#else - FT_FREE( stream->base ); -+#endif - } - stream->cursor = 0; - stream->limit = 0; -diff -uNr -x '*.orig' freetype-2.1.10/src/base/ftutil.c freetype-2.1.10.patched/src/base/ftutil.c ---- freetype-2.1.10/src/base/ftutil.c 2005-03-03 23:59:06.000000000 +0100 -+++ freetype-2.1.10.patched/src/base/ftutil.c 2006-06-19 19:15:53.000000000 +0200 -@@ -52,6 +52,8 @@ - FT_Long size, - void* *P ) - { -+ FT_Error error = FT_Err_Ok; -+ - FT_ASSERT( P != 0 ); - - if ( size > 0 ) -@@ -68,13 +70,17 @@ - FT_MEM_ZERO( *P, size ); - } - else -+ { - *P = NULL; -+ if ( size < 0 ) -+ error = FT_Err_Invalid_Argument; -+ } - - FT_TRACE7(( "FT_Alloc:" )); - FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n", - size, *P, P )); - -- return FT_Err_Ok; -+ return error; - } - - -@@ -128,12 +134,15 @@ - return FT_Alloc( memory, size, P ); - - /* if the new block if zero-sized, clear the current one */ -- if ( size <= 0 ) -+ if ( size == 0 ) - { - FT_Free( memory, P ); - return FT_Err_Ok; - } - -+ if ( size < 0 || current < 0 ) -+ return FT_Err_Invalid_Argument; -+ - Q = memory->realloc( memory, current, size, *P ); - if ( !Q ) - goto Fail; -diff -uNr -x '*.orig' freetype-2.1.10/src/bdf/bdflib.c freetype-2.1.10.patched/src/bdf/bdflib.c ---- freetype-2.1.10/src/bdf/bdflib.c 2005-05-21 19:19:52.000000000 +0200 -+++ freetype-2.1.10.patched/src/bdf/bdflib.c 2006-06-19 19:16:01.000000000 +0200 -@@ -1092,6 +1092,7 @@ - #define ERRMSG1 "[line %ld] Missing \"%s\" line.\n" - #define ERRMSG2 "[line %ld] Font header corrupted or missing fields.\n" - #define ERRMSG3 "[line %ld] Font glyphs corrupted or missing fields.\n" -+#define ERRMSG4 "[line %ld] BBX too big.\n" - - - static FT_Error -@@ -1561,6 +1562,14 @@ - - p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 ); - -+ /* Check that the encoding is in the range [0,65536] because */ -+ /* otherwise p->have (a bitmap with static size) overflows. */ -+ if ( p->glyph_enc >= sizeof(p->have)*8 ) -+ { -+ error = BDF_Err_Invalid_File_Format; -+ goto Exit; -+ } -+ - /* Check to see whether this encoding has already been encountered. */ - /* If it has then change it to unencoded so it gets added if */ - /* indicated. */ -@@ -1805,6 +1814,8 @@ - /* And finally, gather up the bitmap. */ - if ( ft_memcmp( line, "BITMAP", 6 ) == 0 ) - { -+ unsigned long bitmap_size; -+ - if ( !( p->flags & _BDF_BBX ) ) - { - /* Missing BBX field. */ -@@ -1815,7 +1826,16 @@ - - /* Allocate enough space for the bitmap. */ - glyph->bpr = ( glyph->bbx.width * p->font->bpp + 7 ) >> 3; -- glyph->bytes = (unsigned short)( glyph->bpr * glyph->bbx.height ); -+ -+ bitmap_size = glyph->bpr * glyph->bbx.height; -+ if ( bitmap_size > 0xFFFFU ) -+ { -+ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG4, lineno )); -+ error = BDF_Err_Bbx_Too_Big; -+ goto Exit; -+ } -+ else -+ glyph->bytes = (unsigned short)bitmap_size; - - if ( FT_NEW_ARRAY( glyph->bitmap, glyph->bytes ) ) - goto Exit; -diff -uNr -x '*.orig' freetype-2.1.10/src/cff/cffgload.c freetype-2.1.10.patched/src/cff/cffgload.c ---- freetype-2.1.10/src/cff/cffgload.c 2005-04-18 06:53:05.000000000 +0200 -+++ freetype-2.1.10.patched/src/cff/cffgload.c 2006-06-19 19:16:01.000000000 +0200 -@@ -2284,7 +2284,7 @@ - FT_LOCAL_DEF( FT_Error ) - cff_slot_load( CFF_GlyphSlot glyph, - CFF_Size size, -- FT_Int glyph_index, -+ FT_UInt glyph_index, - FT_Int32 load_flags ) - { - FT_Error error; -diff -uNr -x '*.orig' freetype-2.1.10/src/cff/cffgload.h freetype-2.1.10.patched/src/cff/cffgload.h ---- freetype-2.1.10/src/cff/cffgload.h 2004-05-13 23:59:17.000000000 +0200 -+++ freetype-2.1.10.patched/src/cff/cffgload.h 2006-06-19 19:16:01.000000000 +0200 -@@ -196,7 +196,7 @@ - FT_LOCAL( FT_Error ) - cff_slot_load( CFF_GlyphSlot glyph, - CFF_Size size, -- FT_Int glyph_index, -+ FT_UInt glyph_index, - FT_Int32 load_flags ); - - -diff -uNr -x '*.orig' freetype-2.1.10/src/cff/cffload.c freetype-2.1.10.patched/src/cff/cffload.c ---- freetype-2.1.10/src/cff/cffload.c 2005-05-06 07:49:46.000000000 +0200 -+++ freetype-2.1.10.patched/src/cff/cffload.c 2006-06-19 19:15:46.000000000 +0200 -@@ -1235,7 +1235,7 @@ - } - - /* access element */ -- if ( off1 ) -+ if ( off1 && off2 > off1 ) - { - *pbyte_len = off2 - off1; - -@@ -2011,7 +2011,7 @@ - - if ( error ) - goto Exit; -- -+ - /* if it is a CID font, we stop there */ - if ( top->cid_registry != 0xFFFFU ) - goto Exit; -diff -uNr -x '*.orig' freetype-2.1.10/src/pshinter/pshglob.c freetype-2.1.10.patched/src/pshinter/pshglob.c ---- freetype-2.1.10/src/pshinter/pshglob.c 2004-04-02 09:13:53.000000000 +0200 -+++ freetype-2.1.10.patched/src/pshinter/pshglob.c 2006-06-19 19:15:46.000000000 +0200 -@@ -150,7 +150,7 @@ - FT_UNUSED( target ); - - -- for ( ; read_count > 0; read_count -= 2 ) -+ for ( ; read_count > 1; read_count -= 2 ) - { - FT_Int reference, delta; - FT_UInt count; -diff -uNr -x '*.orig' freetype-2.1.10/src/raster/ftrend1.c freetype-2.1.10.patched/src/raster/ftrend1.c ---- freetype-2.1.10/src/raster/ftrend1.c 2005-05-11 17:01:49.000000000 +0200 -+++ freetype-2.1.10.patched/src/raster/ftrend1.c 2006-06-19 19:16:07.000000000 +0200 -@@ -21,6 +21,7 @@ - #include FT_OUTLINE_H - #include "ftrend1.h" - #include "ftraster.h" -+#include <limits.h> - - #include "rasterrs.h" - -@@ -175,6 +176,9 @@ - bitmap->rows = height; - bitmap->pitch = pitch; - -+ if ((FT_ULong)pitch > LONG_MAX/height) -+ goto Exit; -+ - if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) ) - goto Exit; - -diff -uNr -x '*.orig' freetype-2.1.10/src/sfnt/ttcmap.c freetype-2.1.10.patched/src/sfnt/ttcmap.c ---- freetype-2.1.10/src/sfnt/ttcmap.c 2005-05-11 16:37:40.000000000 +0200 -+++ freetype-2.1.10.patched/src/sfnt/ttcmap.c 2006-06-19 19:16:01.000000000 +0200 -@@ -2144,9 +2144,7 @@ - charmap.encoding = FT_ENCODING_NONE; /* will be filled later */ - offset = TT_NEXT_ULONG( p ); - -- if ( offset && -- table + offset + 2 < limit && -- table + offset >= table ) -+ if ( offset && offset <= face->cmap_size - 2 ) - { - FT_Byte* cmap = table + offset; - volatile FT_UInt format = TT_PEEK_USHORT( cmap ); -diff -uNr -x '*.orig' freetype-2.1.10/src/sfnt/ttpost.c freetype-2.1.10.patched/src/sfnt/ttpost.c ---- freetype-2.1.10/src/sfnt/ttpost.c 2003-10-29 22:43:51.000000000 +0100 -+++ freetype-2.1.10.patched/src/sfnt/ttpost.c 2006-06-19 19:16:07.000000000 +0200 -@@ -292,7 +292,7 @@ - goto Exit; - } - -- if ( FT_ALLOC( offset_table, num_glyphs ) || -+ if ( FT_NEW_ARRAY( offset_table, num_glyphs ) || - FT_STREAM_READ( offset_table, num_glyphs ) ) - goto Fail; - -diff -uNr -x '*.orig' freetype-2.1.10/src/winfonts/winfnt.c freetype-2.1.10.patched/src/winfonts/winfnt.c ---- freetype-2.1.10/src/winfonts/winfnt.c 2004-06-15 16:13:10.000000000 +0200 -+++ freetype-2.1.10.patched/src/winfonts/winfnt.c 2006-06-19 19:16:07.000000000 +0200 -@@ -27,6 +27,8 @@ - #include FT_SERVICE_WINFNT_H - #include FT_SERVICE_XFREE86_NAME_H - -+#include <limits.h> -+ - /*************************************************************************/ - /* */ - /* The macro FT_COMPONENT is used in trace mode. It is an implicit */ -@@ -633,6 +635,9 @@ - - /* note: since glyphs are stored in columns and not in rows we */ - /* can't use ft_glyphslot_set_bitmap */ -+ if (pitch > LONG_MAX/bitmap->rows) -+ goto Exit; -+ - if ( FT_ALLOC( bitmap->buffer, pitch * bitmap->rows ) ) - goto Exit; - diff --git a/media-libs/freetype/freetype-2.1.10-r1.ebuild b/media-libs/freetype/freetype-2.1.10-r1.ebuild deleted file mode 100644 index ff1c25f42041..000000000000 --- a/media-libs/freetype/freetype-2.1.10-r1.ebuild +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.1.10-r1.ebuild,v 1.2 2007/01/05 08:06:37 flameeyes Exp $ - -inherit eutils flag-o-matic libtool - -DESCRIPTION="A high-quality and portable font engine" -HOMEPAGE="http://www.freetype.org/" -SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2 - doc? ( mirror://sourceforge/${PN}/${PN}-doc-${PV}.tar.bz2 )" - -LICENSE="FTL GPL-2" -SLOT="2" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc-macos ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" -IUSE="zlib bindist doc" - -# The RDEPEND below makes sure that if there is a version of moz/ff/tb -# installed, then it will have the freetype-2.1.8+ binary compatibility patch. -# Otherwise updating freetype will cause moz/ff/tb crashes. #59849 -# 20 Nov 2004 agriffis -DEPEND="zlib? ( sys-libs/zlib )" - -RDEPEND="${DEPEND} - !<www-client/mozilla-1.7.3-r3 - !<www-client/mozilla-firefox-1.0-r3 - !<mail-client/mozilla-thunderbird-0.9-r3 - !<media-libs/libwmf-0.2.8.2" - -src_unpack() { - - unpack ${A} - - # fix internal header cast which gets used by pango (bad) - epatch ${FILESDIR}/${P}-internal_header.patch - # fix bunch of overflows etc. (#124828) - epatch ${FILESDIR}/${P}-security_batch.patch - # revert pointer - epatch ${FILESDIR}/${P}-revert_pointer.patch - # fix artificial bold bug (#127872) - cd ${S}/src/base - epatch ${FILESDIR}/${P}-fix_synth.patch - - elibtoolize - epunt_cxx - -} - -src_compile() { - - # https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118021 - append-flags "-fno-strict-aliasing" - - use bindist || append-flags -DTT_CONFIG_OPTION_BYTECODE_INTERPRETER - - make setup CFG="--host=${CHOST} --prefix=/usr `use_with zlib` --libdir=/usr/$(get_libdir)" unix || die - - emake || die - -} - -src_install() { - - make DESTDIR="${D}" install || die - - dodoc ChangeLog README - dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO} - - cd ${WORKDIR}/${PN}-doc-${PV} - use doc && dohtml -r docs/* - -} diff --git a/media-libs/freetype/freetype-2.1.10.ebuild b/media-libs/freetype/freetype-2.1.10.ebuild deleted file mode 100644 index 03c244378892..000000000000 --- a/media-libs/freetype/freetype-2.1.10.ebuild +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/freetype/freetype-2.1.10.ebuild,v 1.7 2007/01/05 08:06:37 flameeyes Exp $ - -inherit eutils flag-o-matic libtool - -SPV="`echo ${PV} | cut -d. -f1,2`" - -DESCRIPTION="A high-quality and portable font engine" -HOMEPAGE="http://www.freetype.org/" -SRC_URI="mirror://sourceforge/freetype/${P/_/}.tar.bz2 - doc? ( mirror://sourceforge/${PN}/${PN}-doc-${PV}.tar.bz2 )" - -LICENSE="FTL GPL-2" -SLOT="2" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc-macos ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" -IUSE="zlib bindist doc" - -# The RDEPEND below makes sure that if there is a version of moz/ff/tb -# installed, then it will have the freetype-2.1.8+ binary compatibility patch. -# Otherwise updating freetype will cause moz/ff/tb crashes. #59849 -# 20 Nov 2004 agriffis -DEPEND="zlib? ( sys-libs/zlib )" - -RDEPEND="${DEPEND} - !<www-client/mozilla-1.7.3-r3 - !<www-client/mozilla-firefox-1.0-r3 - !<mail-client/mozilla-thunderbird-0.9-r3 - !<media-libs/libwmf-0.2.8.2" - -src_unpack() { - - unpack ${A} - - # fix internal header cast which gets used by pango (bad) - epatch ${FILESDIR}/${P}-internal_header.patch - - elibtoolize - epunt_cxx - -} - -src_compile() { - - # https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118021 - append-flags "-fno-strict-aliasing" - - use bindist || append-flags -DTT_CONFIG_OPTION_BYTECODE_INTERPRETER - - make setup CFG="--host=${CHOST} --prefix=/usr `use_with zlib` --libdir=/usr/$(get_libdir)" unix || die - - emake || die - -} - -src_install() { - - make DESTDIR="${D}" install || die - - dodoc ChangeLog README - dodoc docs/{CHANGES,CUSTOMIZE,DEBUG,*.txt,PATENTS,TODO} - - cd ${WORKDIR}/${PN}-doc-${PV} - use doc && dohtml -r docs/* - -} |