Bug 227936
| Summary: | print/freetype2: Update to 2.9.1 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | lightside <lightside> | ||||
| Component: | Individual Port(s) | Assignee: | freebsd-gnome (Nobody) <gnome> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Many People | CC: | bapt, gnome, jbeich, lightside | ||||
| Priority: | --- | Keywords: | patch | ||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(gnome) |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227568 | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 227938 | ||||||
| Attachments: |
|
||||||
|
Description
lightside
2018-05-02 20:01:44 UTC
The FreeType v2.9.1 is a maintenance release, which includes fixes for CVE-2018-6942: "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file." https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef Also, according to docs/CHANGES: -8<-- The `configure' script no longer installs `freetype-config' by default. For backwards compatibility, a new configure option `--enable-freetype-config' is provided that reverts this decision. -->8- Possible to remove CONFIG option from OPTIONS_DEFAULT, if needed. CC: jbeich@ A commit references this bug: Author: jbeich Date: Wed May 2 23:33:10 UTC 2018 New revision: 468892 URL: https://svnweb.freebsd.org/changeset/ports/468892 Log: print/freetype2: update to 2.9.1 - Keep building freetype-config for now (to skip exp-run) - Drop upstreamed patch - Properly spell "subpixel" (following upstream) Changes: https://sourceforge.net/projects/freetype/files/freetype2/2.9.1 ABI: https://abi-laboratory.pro/tracker/timeline/freetype/ PR: 227936 Submitted by: lightside@gmx.com Security: CVE-2018-6942 Changes: head/print/freetype2/Makefile head/print/freetype2/distinfo head/print/freetype2/files/correct-flex-features.patch head/print/freetype2/pkg-plist Thanks for the detailed submission. Landed with minor changes. >+CONFIG_DESC= Install freetype-config >+CONFIG_CONFIGURE_ON= --enable-freetype-config _ON puts the port in danger of upstream changing the default value. >---- src/truetype/ttdriver.c.orig 2017-04-29 04:38:17 UTC >+--- src/truetype/ttdriver.c.orig 2018-04-22 09:41:37 UTC Pointless noise. Even "make makepatch" would've ignored it after ports r459675. >---- src/truetype/ttobjs.c.orig 2017-05-07 11:05:56 UTC >+--- src/truetype/ttobjs.c.orig 2018-04-22 09:41:37 UTC > +++ src/truetype/ttobjs.c >-@@ -1262,6 +1262,13 @@ >+@@ -1295,6 +1295,13 @@ Context hasn't changed, only moved. Doesn't justify "svn log" noise. If there's a risk of hunks misapplying better increase the number of context lines. (In reply to Jan Beich from comment #3) > Pointless noise. Even "make makepatch" would've ignored it after > ports r459675. Actually, the files/extra-patch-fix_size_metrics.diff was renegerated with using `make patch && make makepatch` command(s), but after renaming of extra-patch-fix_size_metrics.diff to patch-fix_size_metrics.diff and back after regeneration, because `make makepatch` doesn't handle specified patches in EXTRA_PATCHES variable (even if FIX_SIZE_METRICS option was selected), as far as I know. Thanks for fast response and commit. |
