From 6c1824fd0b6c245566175dfcc56b61b03471d510 Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Mon, 27 Jan 2020 16:52:40 -0500 Subject: [PATCH] media-gfx/fontforge: bump to 20190801 Package-Manager: Portage-2.3.85_p2, Repoman-2.3.20_p36 Signed-off-by: Mike Gilbert --- media-gfx/fontforge/Manifest | 1 + media-gfx/fontforge/files/CVE-2020-5395.patch | 78 +++++++++++++ media-gfx/fontforge/fontforge-20190801.ebuild | 106 ++++++++++++++++++ 3 files changed, 185 insertions(+) create mode 100644 media-gfx/fontforge/files/CVE-2020-5395.patch create mode 100644 media-gfx/fontforge/fontforge-20190801.ebuild diff --git a/media-gfx/fontforge/Manifest b/media-gfx/fontforge/Manifest index 6a5907bce02a..50996083639c 100644 --- a/media-gfx/fontforge/Manifest +++ b/media-gfx/fontforge/Manifest @@ -1,2 +1,3 @@ DIST fontforge-20190317.tar.gz 22762120 BLAKE2B 5cb85d2fb9a2a08fe64548f2667c026e916dd0239d17d8f8d7d2fe8ecb51f2106cf3dc6e6298014c0deadffbfe91925327b483ed4750a171fb621aea8bdee60b SHA512 55f9b0f7cafb1aa5a1461dbf39b52ca6b69a2baa6b761c8c28f86a0bb99e090d9ecc981294f51dadd9297b5ebd3036f01cb4f17b9a97a737eb567b4ae6522f20 +DIST fontforge-20190801.tar.gz 20766334 BLAKE2B c3206e77da4a966b9e513c41c90e19522f3d1aad990cd3035d7c8a8cc009239811743c12c02df3b02fd91fa5a7738913dba43df14523a738a2232cd2d1a91700 SHA512 78f3e1e94e38e26dcf52c6a0e038753033dc47052b7492f0ac0aaf1b8962e4e4bbf07c2550ef6014ea7290a6429bf669acb0691735efe0aee368480b4b7e6236 DIST fontforge-dist-20170731.tar.xz 13985256 BLAKE2B 7bc49a3b7747de419e4fafb445062873cf9bf56aa73fd7499509b787a1c0fd6c47b0b5d7bfeb2a69d9237f9f66f989af968b0d00e9d5e57030906394f042f29c SHA512 26f7a40714460716a24dd0229fdb027f3766bcc48db64b8993436ddcb6277898f9f3b67ad4fc0be515b2b38e01370d1c7d9ee3c6ece1be862b7d8c9882411f11 diff --git a/media-gfx/fontforge/files/CVE-2020-5395.patch b/media-gfx/fontforge/files/CVE-2020-5395.patch new file mode 100644 index 000000000000..51b524503764 --- /dev/null +++ b/media-gfx/fontforge/files/CVE-2020-5395.patch @@ -0,0 +1,78 @@ +From 048a91e2682c1a8936ae34dbc7bd70291ec05410 Mon Sep 17 00:00:00 2001 +From: Skef Iterum +Date: Mon, 6 Jan 2020 03:05:06 -0800 +Subject: [PATCH] Fix for #4084 Use-after-free (heap) in the + SFD_GetFontMetaData() function Fix for #4086 NULL pointer dereference in the + SFDGetSpiros() function Fix for #4088 NULL pointer dereference in the + SFD_AssignLookups() function Add empty sf->fontname string if it isn't set, + fixing #4089 #4090 and many other potential issues (many downstream calls + to strlen() on the value). + +--- + fontforge/sfd.c | 19 ++++++++++++++----- + fontforge/sfd1.c | 2 +- + 2 files changed, 15 insertions(+), 6 deletions(-) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 731be201e0..e8ca39ba83 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -4032,13 +4032,16 @@ static void SFDGetSpiros(FILE *sfd,SplineSet *cur) { + while ( fscanf(sfd,"%lg %lg %c", &cp.x, &cp.y, &cp.ty )==3 ) { + if ( cur!=NULL ) { + if ( cur->spiro_cnt>=cur->spiro_max ) +- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=10)*sizeof(spiro_cp)); ++ cur->spiros = realloc(cur->spiros, ++ (cur->spiro_max+=10)*sizeof(spiro_cp)); + cur->spiros[cur->spiro_cnt++] = cp; + } + } +- if ( cur!=NULL && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { ++ if ( cur!=NULL && cur->spiro_cnt>0 ++ && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { + if ( cur->spiro_cnt>=cur->spiro_max ) +- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=1)*sizeof(spiro_cp)); ++ cur->spiros = realloc(cur->spiros, ++ (cur->spiro_max+=1)*sizeof(spiro_cp)); + memset(&cur->spiros[cur->spiro_cnt],0,sizeof(spiro_cp)); + cur->spiros[cur->spiro_cnt++].ty = SPIRO_END; + } +@@ -7992,10 +7995,12 @@ bool SFD_GetFontMetaData( FILE *sfd, + else if ( strmatch(tok,"LayerCount:")==0 ) + { + d->had_layer_cnt = true; +- getint(sfd,&sf->layer_cnt); +- if ( sf->layer_cnt>2 ) { ++ int layer_cnt_tmp; ++ getint(sfd,&layer_cnt_tmp); ++ if ( layer_cnt_tmp>2 ) { + sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo)); + memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo)); ++ sf->layer_cnt = layer_cnt_tmp; + } + } + else if ( strmatch(tok,"Layer:")==0 ) +@@ -8948,6 +8953,10 @@ exit( 1 ); + } + } + ++ // Many downstream functions assume this isn't NULL (use strlen, etc.) ++ if ( sf->fontname==NULL) ++ sf->fontname = copy(""); ++ + if ( fromdir ) + sf = SFD_FigureDirType(sf,tok,dirname,enc,remap,had_layer_cnt); + else if ( sf->subfontcnt!=0 ) { +diff --git a/fontforge/sfd1.c b/fontforge/sfd1.c +index cf931059d0..b42f832678 100644 +--- a/fontforge/sfd1.c ++++ b/fontforge/sfd1.c +@@ -674,7 +674,7 @@ void SFD_AssignLookups(SplineFont1 *sf) { + + /* Fix up some gunk from really old versions of the sfd format */ + SFDCleanupAnchorClasses(&sf->sf); +- if ( sf->sf.uni_interp==ui_unset ) ++ if ( sf->sf.uni_interp==ui_unset && sf->sf.map!=NULL ) + sf->sf.uni_interp = interp_from_encoding(sf->sf.map->enc,ui_none); + + /* Fixup for an old bug */ diff --git a/media-gfx/fontforge/fontforge-20190801.ebuild b/media-gfx/fontforge/fontforge-20190801.ebuild new file mode 100644 index 000000000000..31b62099c783 --- /dev/null +++ b/media-gfx/fontforge/fontforge-20190801.ebuild @@ -0,0 +1,106 @@ +# Copyright 2004-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{2_7,3_{6,7}} ) + +inherit python-single-r1 xdg + +DESCRIPTION="postscript font editor and converter" +HOMEPAGE="http://fontforge.github.io/" +SRC_URI="https://github.com/fontforge/fontforge/releases/download/${PV}/fontforge-${PV}.tar.gz" + +LICENSE="BSD GPL-3+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="cairo truetype-debugger gif gtk jpeg png +python readline test tiff svg unicode X" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + cairo? ( png ) + gtk? ( cairo ) + python? ( ${PYTHON_REQUIRED_USE} ) + test? ( png python ) +" + +RDEPEND=" + dev-libs/glib + dev-libs/libltdl:0 + dev-libs/libxml2:2= + >=media-libs/freetype-2.3.7:2= + cairo? ( + >=x11-libs/cairo-1.6:0= + x11-libs/pango:0= + ) + gif? ( media-libs/giflib:0= ) + jpeg? ( virtual/jpeg:0 ) + png? ( media-libs/libpng:0= ) + tiff? ( media-libs/tiff:0= ) + truetype-debugger? ( >=media-libs/freetype-2.3.8:2[fontforge,-bindist(-)] ) + gtk? ( >=x11-libs/gtk+-3.10:3 ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0= ) + unicode? ( media-libs/libuninameslist:0= ) + X? ( + x11-libs/libX11:0= + x11-libs/libXi:0= + >=x11-libs/pango-1.10:0=[X] + ) + !media-gfx/pfaedit +" +DEPEND="${RDEPEND} + X? ( x11-base/xorg-proto ) +" +BDEPEND=" + sys-devel/gettext + virtual/pkgconfig +" + +# Needs keywording on many arches. +# zeromq? ( +# >=net-libs/czmq-2.2.0:0= +# >=net-libs/zeromq-4.0.4:0= +# ) + +PATCHES=( + "${FILESDIR}"/20170731-gethex-unaligned.patch + "${FILESDIR}"/CVE-2020-5395.patch +) + +pkg_setup() { + use python && python-single-r1_pkg_setup +} + +src_configure() { + local myeconfargs=( + --disable-static + $(use_enable truetype-debugger freetype-debugger "${EPREFIX}/usr/include/freetype2/internal4fontforge") + $(use_enable python python-extension) + $(use_enable python python-scripting) + --enable-tile-path + $(use_with cairo) + $(use_with gif giflib) + $(use_with jpeg libjpeg) + $(use_with png libpng) + $(use_with readline libreadline) + --without-libspiro + $(use_with tiff libtiff) + $(use_with unicode libuninameslist) + $(use_with X x) + ) + if use gtk; then + # broken AC_ARG_ENABLE usage + # https://bugs.gentoo.org/681550 + myeconfargs+=( --enable-gdk=gdk3 ) + fi + econf "${myeconfargs[@]}" +} + +src_install() { + emake DESTDIR="${D}" install + docompress -x /usr/share/doc/${PF}/html + einstalldocs + find "${ED}" -name '*.la' -type f -delete || die +} -- 2.26.2