aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2017-06-15 13:38:18 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2017-06-15 13:45:24 +0000
commitc5817a33b6ca1ed535e773a879e359fb32c39aa1 (patch)
tree7be2530bcc5ad6e370c5b6047e663a866018fb78
parentc12d6f2d2fc4ffae930a97f25ade837b85e48808 (diff)
downloadaports-c5817a33b6ca1ed535e773a879e359fb32c39aa1.tar.gz
aports-c5817a33b6ca1ed535e773a879e359fb32c39aa1.tar.bz2
aports-c5817a33b6ca1ed535e773a879e359fb32c39aa1.tar.xz
main/freetype: upgrade to 2.6.3. Security fixes #7269
-rw-r--r--main/freetype/APKBUILD56
-rw-r--r--main/freetype/CVE-2016-10244.patch20
-rw-r--r--main/freetype/CVE-2017-8105.patch46
-rw-r--r--main/freetype/CVE-2017-8287.patch34
4 files changed, 141 insertions, 15 deletions
diff --git a/main/freetype/APKBUILD b/main/freetype/APKBUILD
index b283c231ad..fb35ed04c0 100644
--- a/main/freetype/APKBUILD
+++ b/main/freetype/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=freetype
-pkgver=2.6.2
+pkgver=2.6.3
pkgrel=0
pkgdesc="TrueType font rendering library"
url="http://freetype.sourceforge.net"
@@ -12,10 +12,20 @@ depends_dev="libpng-dev"
makedepends="$depends_dev zlib-dev"
subpackages="$pkgname-dev $pkgname-doc"
# fontconfig-ultimate https://github.com/bohoomil/fontconfig-ultimate
-_ultver="2015-11-28"
+_ultver="2016-02-12"
source="http://download.savannah.gnu.org/releases/freetype/freetype-$pkgver.tar.bz2
- fontconfig-ultimate-$_ultver.tar.gz::https://github.com/bohoomil/fontconfig-ultimate/archive/$_ultver.tar.gz
- 40-memcpy-fix.patch"
+ fontconfig-ultimate-$_ultver.tar.gz::https://github.com/renatoaguiar/fontconfig-ultimate/archive/$_ultver.tar.gz
+ 40-memcpy-fix.patch
+ CVE-2016-10244.patch
+ CVE-2017-8105.patch
+ CVE-2017-8287.patch
+ "
+
+# secfixes:
+# 2.6.3-r0:
+# - CVE-2016-10244
+# - CVE-2017-8105
+# - CVE-2017-8287
_builddir="$srcdir/$pkgname-$pkgver"
@@ -27,8 +37,15 @@ prepare() {
done
# apply infinality
for j in "$srcdir"/fontconfig-ultimate-$_ultver/$pkgname/*.patch; do
- msg "Applying ${j}"
- patch -p1 -i $j || return 1
+ case $j in
+ */gperf-for-infinality.patch)
+ msg "Skipping ${j}"
+ ;;
+ *)
+ msg "Applying ${j}"
+ patch -p1 -i $j || return 1
+ ;;
+ esac
done
}
@@ -61,12 +78,21 @@ package() {
"$pkgdir"/etc/X11/xinit/xinitrc.d/infinality-settings.sh || return 1
}
-md5sums="86109d0c998787d81ac582bad9adf82e freetype-2.6.2.tar.bz2
-5daf5ab6809d694d521c2763cd932274 fontconfig-ultimate-2015-11-28.tar.gz
-bd2d808a0c00dcf9f1d1c0a9a8227ad9 40-memcpy-fix.patch"
-sha256sums="baf6bdef7cdcc12ac270583f76ef245efe936267dbecef835f02a3409fcbb892 freetype-2.6.2.tar.bz2
-04088390737aa4d6ec867903293fe4e50852c5d2d8cec6ec9d5143e54e45a207 fontconfig-ultimate-2015-11-28.tar.gz
-574c265c7a7032c5afb32a9807e5d04354ad0def656194cfcfff1ccca6a5540e 40-memcpy-fix.patch"
-sha512sums="269d7a2ba728b4cb79d1d533ce93674bfd483566ab80bc6be0ec24f869cb65ba1fd852fbeff8f045607dd044845ce3d125374faeb14c986761b94dce7d1ff48b freetype-2.6.2.tar.bz2
-f08c543ef94ee46f22467d95d4f200f031177b56209de5091a3de7f6c9b2ba33edb961a972f2d8ed6958a181c6b845f1ee2dc0122109a8fa9198585645a5dd15 fontconfig-ultimate-2015-11-28.tar.gz
-1553f7f0514238012e300bc8d0b1e260145db17fb56f13e4aa667435e98c3749c00e150caa0e318289b84bca33b9a06a68b8342575e10ac3bf5af3d5cc861537 40-memcpy-fix.patch"
+md5sums="0037b25a8c090bc8a1218e867b32beb1 freetype-2.6.3.tar.bz2
+d5d9467394b73baf4e830b3f6fc944cd fontconfig-ultimate-2016-02-12.tar.gz
+bd2d808a0c00dcf9f1d1c0a9a8227ad9 40-memcpy-fix.patch
+0bb752550d20a3bee72f737ad479991a CVE-2016-10244.patch
+478ff673ef99f69bcc4fa0957b606cf3 CVE-2017-8105.patch
+a45568a4c33ed3768e73ab7951ef2bf8 CVE-2017-8287.patch"
+sha256sums="371e707aa522acf5b15ce93f11183c725b8ed1ee8546d7b3af549863045863a2 freetype-2.6.3.tar.bz2
+c67e3a8c5cdb19636e936a822df862e59f84b468e3d70d0991b23bb37099d356 fontconfig-ultimate-2016-02-12.tar.gz
+574c265c7a7032c5afb32a9807e5d04354ad0def656194cfcfff1ccca6a5540e 40-memcpy-fix.patch
+9ad660d70077c167a41da007056eada3fd9dab3ba802e14d5b46426e5ded6692 CVE-2016-10244.patch
+173689b597571f05a1187bc92a400d6bc838a693301011544be982952dc80904 CVE-2017-8105.patch
+235c3946ad3bbd11685cb6511be46e84adeaf52c23511863e9aa715a5369a8a2 CVE-2017-8287.patch"
+sha512sums="e1f9018835fc88beeb4479537b59f866c52393ae18d24a1e0710a464cf948ab02b35c2c6043bc20c1db3a04871ee4eb0bb1d210550c0ea2780c8b1aea98fbf0d freetype-2.6.3.tar.bz2
+b6d7a59c4a26b3b99a817e27eead2ca58538770b48af935100262223d5422c835c48590736cedb59ad220be3d7af6a7933e3137da99fdc8603f8fc8d81b8e4b9 fontconfig-ultimate-2016-02-12.tar.gz
+1553f7f0514238012e300bc8d0b1e260145db17fb56f13e4aa667435e98c3749c00e150caa0e318289b84bca33b9a06a68b8342575e10ac3bf5af3d5cc861537 40-memcpy-fix.patch
+64f7ca7b84d8ddf881beed097911f52f704539f872c67c2490d42ab44c879d973a8d7bd290fe841248998d2fade5ab4a71a725148f91deb624135552437a1162 CVE-2016-10244.patch
+8992af56a71329f67f0bd445ef2b1d5e10f2ac5281c449ccbf0dbc826027ba8c828c05dbe5aee2e5a7d6b8cd8443192268a4177759c9158c0008d546c6dd9093 CVE-2017-8105.patch
+703e345868d0a391645227918fa49ba1e2e1f0009c5f80e8177b9c0468b8c9ae8d47da1bb65a103133e221946556aa49fa24ea0cb1cc270331f7c4954c8b95bd CVE-2017-8287.patch"
diff --git a/main/freetype/CVE-2016-10244.patch b/main/freetype/CVE-2016-10244.patch
new file mode 100644
index 0000000000..3593d47660
--- /dev/null
+++ b/main/freetype/CVE-2016-10244.patch
@@ -0,0 +1,20 @@
+diff --git src/type1/t1load.c src/type1/t1load.c
+index a53037c..609bd53 100644
+--- src/type1/t1load.c
++++ src/type1/t1load.c
+@@ -1776,6 +1776,12 @@
+ }
+ }
+
++ if ( !n )
++ {
++ error = FT_THROW( Invalid_File_Format );
++ goto Fail;
++ }
++
+ loader->num_glyphs = n;
+
+ /* if /.notdef is found but does not occupy index 0, do our magic. */
+--
+2.8.5
+
diff --git a/main/freetype/CVE-2017-8105.patch b/main/freetype/CVE-2017-8105.patch
new file mode 100644
index 0000000000..00501b4957
--- /dev/null
+++ b/main/freetype/CVE-2017-8105.patch
@@ -0,0 +1,46 @@
+From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Fri, 24 Mar 2017 09:15:10 +0100
+Subject: [psaux] Better protect `flex' handling.
+
+Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
+
+* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
+<callothersubr>: Since there is not a single flex operator but a
+series of subroutine calls, malformed fonts can call arbitrary other
+operators after the start of a flex, possibly adding points. For
+this reason we have to check the available number of points before
+inserting a point.
+---
+ src/psaux/t1decode.c | 9 +++++++++
+ 2 files changed, 24 insertions(+)
+
+diff --git src/psaux/t1decode.c src/psaux/t1decode.c
+index af7b465..7dd4513 100644
+--- src/psaux/t1decode.c
++++ src/psaux/t1decode.c
+@@ -780,10 +780,19 @@
+ /* point without adding any point to the outline */
+ idx = decoder->num_flex_vectors++;
+ if ( idx > 0 && idx < 7 )
++ {
++ /* in malformed fonts it is possible to have other */
++ /* opcodes in the middle of a flex (which don't */
++ /* increase `num_flex_vectors'); we thus have to */
++ /* check whether we can add a point */
++ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
++ goto Syntax_Error;
++
+ t1_builder_add_point( builder,
+ x,
+ y,
+ (FT_Byte)( idx == 3 || idx == 6 ) );
++ }
+ }
+ break;
+
+--
+cgit v1.0-41-gc330
+
diff --git a/main/freetype/CVE-2017-8287.patch b/main/freetype/CVE-2017-8287.patch
new file mode 100644
index 0000000000..b814c8d607
--- /dev/null
+++ b/main/freetype/CVE-2017-8287.patch
@@ -0,0 +1,34 @@
+From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Sun, 26 Mar 2017 08:32:09 +0200
+Subject: * src/psaux/psobjs.c (t1_builder_close_contour): Add safety guard.
+
+Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
+---
+ src/psaux/psobjs.c | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git src/psaux/psobjs.c src/psaux/psobjs.c
+index d18e821..0baf836 100644
+--- src/psaux/psobjs.c
++++ src/psaux/psobjs.c
+@@ -1718,6 +1718,14 @@
+ first = outline->n_contours <= 1
+ ? 0 : outline->contours[outline->n_contours - 2] + 1;
+
++ /* in malformed fonts it can happen that a contour was started */
++ /* but no points were added */
++ if ( outline->n_contours && first == outline->n_points )
++ {
++ outline->n_contours--;
++ return;
++ }
++
+ /* We must not include the last point in the path if it */
+ /* is located on the first point. */
+ if ( outline->n_points > 1 )
+--
+cgit v1.0-41-gc330
+