From: "Lars Wendler" <polynomial-c@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/freetype/, media-libs/freetype/files/
Date: Tue, 20 Oct 2020 07:05:01 +0000 (UTC) [thread overview]
Message-ID: <1603177496.d93a975c694a048359086224a27dba08d4633d23.polynomial-c@gentoo> (raw)
commit: d93a975c694a048359086224a27dba08d4633d23
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 20 07:04:33 2020 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Oct 20 07:04:56 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93a975c
media-libs/freetype: Security bump to version 2.10.4. Removed old
Bug: https://bugs.gentoo.org/750275
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
media-libs/freetype/Manifest | 3 ++
.../files/freetype-2.10.3-CVE-2020-15999.patch | 51 ----------------------
...ype-2.10.3-r1.ebuild => freetype-2.10.4.ebuild} | 1 -
3 files changed, 3 insertions(+), 52 deletions(-)
diff --git a/media-libs/freetype/Manifest b/media-libs/freetype/Manifest
index 0576f7b5218..cb7d28558e6 100644
--- a/media-libs/freetype/Manifest
+++ b/media-libs/freetype/Manifest
@@ -1,6 +1,9 @@
DIST freetype-2.10.2.tar.xz 2404456 BLAKE2B 866bd83c460f83fba93f58d0ae2270ac3833d6eb0b087f7eb860bd6e08f40ece1982b70bbd065b8978e47ff6fb2b46398307d461170cd10285d11f74a9fbadaa SHA512 cf45089bd8893d7de2cdcb59d91bbb300e13dd0f0a9ef80ed697464ba7aeaf46a5a81b82b59638e6b21691754d8f300f23e1f0d11683604541d77f0f581affaa
DIST freetype-2.10.3.tar.xz 2416752 BLAKE2B 8ce360c07777ad5b031ff7a840ef0cec95f358e764897f1aea9e8fd40a21e8bada3610943dc70b279856116396e6703b5127a4d672fb6e0dc8e5fe7f9233265e SHA512 3f9d1a44cdae51ec4b13116aba5af1730e6be46132ddd9e49486e8d681b61756baa9897daaf0f06e79f00f2db0e57e0fa66d27f44d65735da1167d5b3c170373
+DIST freetype-2.10.4.tar.xz 2416620 BLAKE2B 9852378536e873514baae3c024b9b30dcd78a36c2189dcbdb0562c56ccf871a5795896950ea129f2e0f12181095c92715216747e8a8396d6d03efac82a5a10ea SHA512 827cda734aa6b537a8bcb247549b72bc1e082a5b32ab8d3cccb7cc26d5f6ee087c19ce34544fa388a1eb4ecaf97600dbabc3e10e950f2ba692617fee7081518f
DIST freetype-doc-2.10.2.tar.xz 2078712 BLAKE2B 9d78d5d7c3806d83f5cb91daa88284445d36a75ce7b598177c83a9efc62faf5d8a0003f8cadee37eb6792711c87dc61d937fcb03f3c450c94276dfdf410c0aa1 SHA512 c54956a56920e651102b75c0efa07212e1d95f3bec219b8364b61d9a71171b11da492170cc861c36f3305f32ad1dee46d0d5a561ccdc6ca36591ae3f619a1d67
DIST freetype-doc-2.10.3.tar.xz 2079036 BLAKE2B fca0915a5f268ce4d5205822d712b451f73d891e00518b3db0dd7c431fd7bd6544fa36fc374344c94f43d731fe7a1076724c3fdd42c8143647aa5763b4736556 SHA512 135ae51706197d1bd208cb48d8d1881c14aeee5283dbdab88a7fa6864aed888613df43bd3deb24ff530fa767f94fe997f97dee10bf2be7763231211bf7d5225f
+DIST freetype-doc-2.10.4.tar.xz 2079084 BLAKE2B a051c425250f8af1cd0e83b15d6e5692b1ee5ff00317467cef648dcc7ea1f88ad6cde0fe2d53e5c45220723bb935e6527dbba124ef8739e6ebe372bc06ec78b7 SHA512 171da6c6a172869e9bec0da67cb1abdb0fdb124870f13b751b4e9b1b5e342fb2af38cb606db1c3dcf18076a077e694b7b8dd055dd7f4ab49afe7e1d61b4f9ba8
DIST ft2demos-2.10.2.tar.xz 230672 BLAKE2B dd81e72bb1360f6a952874c183598fffe3eddb4bed4d07715a75810d2e81623b94082b1274f916bf7550615a66ba7a327c5413fca9d470111aeb1fa31ce4dd73 SHA512 912e3c3cbcdfd30fd918897d28240e04eb7248d130fc519e7d1613873a11d275d658ff247c6d517ebecf7a09de0d05f3dc10631411226015e1b147cba9a8a438
DIST ft2demos-2.10.3.tar.xz 235388 BLAKE2B c1c7e9d61fde441b2cc107a3ad8f1499c03ce8219a54b2bdc4ab7168a0d61a6c83c7e6e3d2de6a8ed0f09b29c398708618e4683d5ed24d6e8ae7505b8920770f SHA512 860fbeefd70caa4aa9483d90df5c3376ee2bef8fe93ab26010c4ca4f95cfd281870da461e2f335f42d3e6d2007f8e46c99d7834d2177b7806a2d92422ed08b41
+DIST ft2demos-2.10.4.tar.xz 236712 BLAKE2B 76883bfc09c42b6092b0b512aff66b4585ac83793da787e688ad8446fceac1ce315014bde03d4271fc5a1b7bd1d3250255f5faced92beade6e4ed78c896db80d SHA512 d2afc19e5fabbee5205fcc992f6c19bab03485b7af4f55bb2d2dd0a4a9492a3f593540862ca116b54cf161b240d7966cb31a9793578d164fc418449e339e2fa8
diff --git a/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch b/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch
deleted file mode 100644
index 215b03b2d3d..00000000000
--- a/media-libs/freetype/files/freetype-2.10.3-CVE-2020-15999.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
-https://bugs.gentoo.org/750275
-----
-From a3bab162b2ae616074c8877a04556932998aeacd Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Mon, 19 Oct 2020 23:45:28 +0200
-Subject: [sfnt] Fix heap buffer overflow (#59308).
-
-This is CVE-2020-15999.
-
-* src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier.
----
- ChangeLog | 8 ++++++++
- src/sfnt/pngshim.c | 14 +++++++-------
- 2 files changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c
-index 2e64e5846..f55016122 100644
---- a/src/sfnt/pngshim.c
-+++ b/src/sfnt/pngshim.c
-@@ -332,6 +332,13 @@
-
- if ( populate_map_and_metrics )
- {
-+ /* reject too large bitmaps similarly to the rasterizer */
-+ if ( imgHeight > 0x7FFF || imgWidth > 0x7FFF )
-+ {
-+ error = FT_THROW( Array_Too_Large );
-+ goto DestroyExit;
-+ }
-+
- metrics->width = (FT_UShort)imgWidth;
- metrics->height = (FT_UShort)imgHeight;
-
-@@ -340,13 +347,6 @@
- map->pixel_mode = FT_PIXEL_MODE_BGRA;
- map->pitch = (int)( map->width * 4 );
- map->num_grays = 256;
--
-- /* reject too large bitmaps similarly to the rasterizer */
-- if ( map->rows > 0x7FFF || map->width > 0x7FFF )
-- {
-- error = FT_THROW( Array_Too_Large );
-- goto DestroyExit;
-- }
- }
-
- /* convert palette/gray image to rgb */
---
-cgit v1.2.1
-
diff --git a/media-libs/freetype/freetype-2.10.3-r1.ebuild b/media-libs/freetype/freetype-2.10.4.ebuild
similarity index 99%
rename from media-libs/freetype/freetype-2.10.3-r1.ebuild
rename to media-libs/freetype/freetype-2.10.4.ebuild
index 1f0bb65321a..b8b52e17acc 100644
--- a/media-libs/freetype/freetype-2.10.3-r1.ebuild
+++ b/media-libs/freetype/freetype-2.10.4.ebuild
@@ -47,7 +47,6 @@ PDEPEND="infinality? ( media-libs/fontconfig-infinality )"
PATCHES=(
"${FILESDIR}"/${PN}-2.10.3-sizeof-types.patch # 459966
- "${FILESDIR}"/${PN}-2.10.3-CVE-2020-15999.patch # 750275
)
_egit_repo_handler() {
next reply other threads:[~2020-10-20 7:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-20 7:05 Lars Wendler [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-09-11 20:53 [gentoo-commits] repo/gentoo:master commit in: media-libs/freetype/, media-libs/freetype/files/ Sam James
2025-09-10 23:38 Sam James
2025-09-10 23:38 Sam James
2025-09-10 0:27 Sam James
2025-09-09 3:11 Sam James
2023-12-01 0:11 Matt Turner
2022-11-10 7:13 Sam James
2022-08-17 16:21 Matt Turner
2022-04-16 20:55 Lars Wendler
2021-12-03 10:21 Lars Wendler
2021-08-18 21:25 Lars Wendler
2021-03-30 20:37 Lars Wendler
2020-11-18 7:36 Lars Wendler
2020-10-11 7:24 Lars Wendler
2020-10-11 7:24 Lars Wendler
2016-09-08 18:09 Lars Wendler
2015-10-07 18:43 Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1603177496.d93a975c694a048359086224a27dba08d4633d23.polynomial-c@gentoo \
--to=polynomial-c@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox