Created attachment 193007 [details] Proposed patch (since 466285 revision) Patch to update print/freetype2 port from 2.9 to 2.9.1 version. Look following links for changes: https://sourceforge.net/projects/freetype/files/freetype2/2.9.1 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?h=VER-2-9-1 ABI: https://abi-laboratory.pro/tracker/timeline/freetype/ - Add CONFIG option for freetype-config installation [1] - Rename "Sub-pixel" word to "Subpixel" [2] - Add OPTIONS_SUB and adapt pkg-plist - Remove files/correct-flex-features.patch - Regenerate files/extra-patch-fix_size_metrics.diff Reference links: 1. Make installation of `freetype-config' optional (#53093): http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a7833f26c4ac45cafe1dffdcd7f7dcfd6493161c http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b0a93839b52818abbfe9b4c8755b4aa0f5232063 2. s/sub-pixel/subpixel/: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=63aaf89cecd752853b07a043e2a9db6a7686d558 The build was tested on FreeBSD 10.4 amd64.
The FreeType v2.9.1 is a maintenance release, which includes fixes for CVE-2018-6942: "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file." https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef Also, according to docs/CHANGES: -8<-- The `configure' script no longer installs `freetype-config' by default. For backwards compatibility, a new configure option `--enable-freetype-config' is provided that reverts this decision. -->8- Possible to remove CONFIG option from OPTIONS_DEFAULT, if needed. CC: jbeich@
A commit references this bug: Author: jbeich Date: Wed May 2 23:33:10 UTC 2018 New revision: 468892 URL: https://svnweb.freebsd.org/changeset/ports/468892 Log: print/freetype2: update to 2.9.1 - Keep building freetype-config for now (to skip exp-run) - Drop upstreamed patch - Properly spell "subpixel" (following upstream) Changes: https://sourceforge.net/projects/freetype/files/freetype2/2.9.1 ABI: https://abi-laboratory.pro/tracker/timeline/freetype/ PR: 227936 Submitted by: lightside@gmx.com Security: CVE-2018-6942 Changes: head/print/freetype2/Makefile head/print/freetype2/distinfo head/print/freetype2/files/correct-flex-features.patch head/print/freetype2/pkg-plist
Thanks for the detailed submission. Landed with minor changes. >+CONFIG_DESC= Install freetype-config >+CONFIG_CONFIGURE_ON= --enable-freetype-config _ON puts the port in danger of upstream changing the default value. >---- src/truetype/ttdriver.c.orig 2017-04-29 04:38:17 UTC >+--- src/truetype/ttdriver.c.orig 2018-04-22 09:41:37 UTC Pointless noise. Even "make makepatch" would've ignored it after ports r459675. >---- src/truetype/ttobjs.c.orig 2017-05-07 11:05:56 UTC >+--- src/truetype/ttobjs.c.orig 2018-04-22 09:41:37 UTC > +++ src/truetype/ttobjs.c >-@@ -1262,6 +1262,13 @@ >+@@ -1295,6 +1295,13 @@ Context hasn't changed, only moved. Doesn't justify "svn log" noise. If there's a risk of hunks misapplying better increase the number of context lines.
(In reply to Jan Beich from comment #3) > Pointless noise. Even "make makepatch" would've ignored it after > ports r459675. Actually, the files/extra-patch-fix_size_metrics.diff was renegerated with using `make patch && make makepatch` command(s), but after renaming of extra-patch-fix_size_metrics.diff to patch-fix_size_metrics.diff and back after regeneration, because `make makepatch` doesn't handle specified patches in EXTRA_PATCHES variable (even if FIX_SIZE_METRICS option was selected), as far as I know. Thanks for fast response and commit.