commit: d93a975c694a048359086224a27dba08d4633d23 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Tue Oct 20 07:04:33 2020 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Tue Oct 20 07:04:56 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93a975c
media-libs/freetype: Security bump to version 2.10.4. Removed old Bug: https://bugs.gentoo.org/750275 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> media-libs/freetype/Manifest | 3 ++ .../files/freetype-2.10.3-CVE-2020-15999.patch | 51 ---------------------- ...ype-2.10.3-r1.ebuild => freetype-2.10.4.ebuild} | 1 - 3 files changed, 3 insertions(+), 52 deletions(-) diff --git a/media-libs/freetype/Manifest b/media-libs/freetype/Manifest index 0576f7b5218..cb7d28558e6 100644 --- a/media-libs/freetype/Manifest +++ b/media-libs/freetype/Manifest @@ -1,6 +1,9 @@ DIST freetype-2.10.2.tar.xz 2404456 BLAKE2B 866bd83c460f83fba93f58d0ae2270ac3833d6eb0b087f7eb860bd6e08f40ece1982b70bbd065b8978e47ff6fb2b46398307d461170cd10285d11f74a9fbadaa SHA512 cf45089bd8893d7de2cdcb59d91bbb300e13dd0f0a9ef80ed697464ba7aeaf46a5a81b82b59638e6b21691754d8f300f23e1f0d11683604541d77f0f581affaa DIST freetype-2.10.3.tar.xz 2416752 BLAKE2B 8ce360c07777ad5b031ff7a840ef0cec95f358e764897f1aea9e8fd40a21e8bada3610943dc70b279856116396e6703b5127a4d672fb6e0dc8e5fe7f9233265e SHA512 3f9d1a44cdae51ec4b13116aba5af1730e6be46132ddd9e49486e8d681b61756baa9897daaf0f06e79f00f2db0e57e0fa66d27f44d65735da1167d5b3c170373 +DIST freetype-2.10.4.tar.xz 2416620 BLAKE2B 9852378536e873514baae3c024b9b30dcd78a36c2189dcbdb0562c56ccf871a5795896950ea129f2e0f12181095c92715216747e8a8396d6d03efac82a5a10ea SHA512 827cda734aa6b537a8bcb247549b72bc1e082a5b32ab8d3cccb7cc26d5f6ee087c19ce34544fa388a1eb4ecaf97600dbabc3e10e950f2ba692617fee7081518f DIST freetype-doc-2.10.2.tar.xz 2078712 BLAKE2B 9d78d5d7c3806d83f5cb91daa88284445d36a75ce7b598177c83a9efc62faf5d8a0003f8cadee37eb6792711c87dc61d937fcb03f3c450c94276dfdf410c0aa1 SHA512 c54956a56920e651102b75c0efa07212e1d95f3bec219b8364b61d9a71171b11da492170cc861c36f3305f32ad1dee46d0d5a561ccdc6ca36591ae3f619a1d67 DIST freetype-doc-2.10.3.tar.xz 2079036 BLAKE2B fca0915a5f268ce4d5205822d712b451f73d891e00518b3db0dd7c431fd7bd6544fa36fc374344c94f43d731fe7a1076724c3fdd42c8143647aa5763b4736556 SHA512 135ae51706197d1bd208cb48d8d1881c14aeee5283dbdab88a7fa6864aed888613df43bd3deb24ff530fa767f94fe997f97dee10bf2be7763231211bf7d5225f +DIST freetype-doc-2.10.4.tar.xz 2079084 BLAKE2B a051c425250f8af1cd0e83b15d6e5692b1ee5ff00317467cef648dcc7ea1f88ad6cde0fe2d53e5c45220723bb935e6527dbba124ef8739e6ebe372bc06ec78b7 SHA512 171da6c6a172869e9bec0da67cb1abdb0fdb124870f13b751b4e9b1b5e342fb2af38cb606db1c3dcf18076a077e694b7b8dd055dd7f4ab49afe7e1d61b4f9ba8 DIST ft2demos-2.10.2.tar.xz 230672 BLAKE2B dd81e72bb1360f6a952874c183598fffe3eddb4bed4d07715a75810d2e81623b94082b1274f916bf7550615a66ba7a327c5413fca9d470111aeb1fa31ce4dd73 SHA512 912e3c3cbcdfd30fd918897d28240e04eb7248d130fc519e7d1613873a11d275d658ff247c6d517ebecf7a09de0d05f3dc10631411226015e1b147cba9a8a438 DIST ft2demos-2.10.3.tar.xz 235388 BLAKE2B c1c7e9d61fde441b2cc107a3ad8f1499c03ce8219a54b2bdc4ab7168a0d61a6c83c7e6e3d2de6a8ed0f09b29c398708618e4683d5ed24d6e8ae7505b8920770f SHA512 860fbeefd70caa4aa9483d90df5c3376ee2bef8fe93ab26010c4ca4f95cfd281870da461e2f335f42d3e6d2007f8e46c99d7834d2177b7806a2d92422ed08b41 +DIST ft2demos-2.10.4.tar.xz 236712 BLAKE2B 76883bfc09c42b6092b0b512aff66b4585ac83793da787e688ad8446fceac1ce315014bde03d4271fc5a1b7bd1d3250255f5faced92beade6e4ed78c896db80d SHA512 d2afc19e5fabbee5205fcc992f6c19bab03485b7af4f55bb2d2dd0a4a9492a3f593540862ca116b54cf161b240d7966cb31a9793578d164fc418449e339e2fa8 diff --git a/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch b/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch deleted file mode 100644 index 215b03b2d3d..00000000000 --- a/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch +++ /dev/null @@ -1,51 +0,0 @@ -http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd -https://bugs.gentoo.org/750275 ----- -From a3bab162b2ae616074c8877a04556932998aeacd Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <w...@gnu.org> -Date: Mon, 19 Oct 2020 23:45:28 +0200 -Subject: [sfnt] Fix heap buffer overflow (#59308). - -This is CVE-2020-15999. - -* src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier. ---- - ChangeLog | 8 ++++++++ - src/sfnt/pngshim.c | 14 +++++++------- - 2 files changed, 15 insertions(+), 7 deletions(-) - -diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c -index 2e64e5846..f55016122 100644 ---- a/src/sfnt/pngshim.c -+++ b/src/sfnt/pngshim.c -@@ -332,6 +332,13 @@ - - if ( populate_map_and_metrics ) - { -+ /* reject too large bitmaps similarly to the rasterizer */ -+ if ( imgHeight > 0x7FFF || imgWidth > 0x7FFF ) -+ { -+ error = FT_THROW( Array_Too_Large ); -+ goto DestroyExit; -+ } -+ - metrics->width = (FT_UShort)imgWidth; - metrics->height = (FT_UShort)imgHeight; - -@@ -340,13 +347,6 @@ - map->pixel_mode = FT_PIXEL_MODE_BGRA; - map->pitch = (int)( map->width * 4 ); - map->num_grays = 256; -- -- /* reject too large bitmaps similarly to the rasterizer */ -- if ( map->rows > 0x7FFF || map->width > 0x7FFF ) -- { -- error = FT_THROW( Array_Too_Large ); -- goto DestroyExit; -- } - } - - /* convert palette/gray image to rgb */ --- -cgit v1.2.1 - diff --git a/media-libs/freetype/freetype-2.10.3-r1.ebuild b/media-libs/freetype/freetype-2.10.4.ebuild similarity index 99% rename from media-libs/freetype/freetype-2.10.3-r1.ebuild rename to media-libs/freetype/freetype-2.10.4.ebuild index 1f0bb65321a..b8b52e17acc 100644 --- a/media-libs/freetype/freetype-2.10.3-r1.ebuild +++ b/media-libs/freetype/freetype-2.10.4.ebuild @@ -47,7 +47,6 @@ PDEPEND="infinality? ( media-libs/fontconfig-infinality )" PATCHES=( "${FILESDIR}"/${PN}-2.10.3-sizeof-types.patch # 459966 - "${FILESDIR}"/${PN}-2.10.3-CVE-2020-15999.patch # 750275 ) _egit_repo_handler() {
