* [Buildroot] [PATCH v1] freetype: bump version to 2.9.1
@ 2018-11-28 19:15 Peter Seiderer
2018-11-29 16:20 ` Peter Korsgaard
2018-12-03 22:08 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Peter Seiderer @ 2018-11-28 19:15 UTC (permalink / raw)
To: buildroot
According to [1]:
- fixes CVE-2018-6942
- needs '--enable-freetype-config' for freetype-config installation
[1] https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
package/freetype/freetype.hash | 8 ++++----
package/freetype/freetype.mk | 5 ++++-
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/package/freetype/freetype.hash b/package/freetype/freetype.hash
index 806375c058..c98674c7c2 100644
--- a/package/freetype/freetype.hash
+++ b/package/freetype/freetype.hash
@@ -1,9 +1,9 @@
-# From https://sourceforge.net/projects/freetype/files/freetype2/2.9/
-md5 513c403c110016fdc7e537216a642b1d freetype-2.9.tar.bz2
-sha1 94c4399b1a55c5892812e732843fcb4a7c2fe657 freetype-2.9.tar.bz2
+# From https://sourceforge.net/projects/freetype/files/freetype2/2.9.1/
+md5 60ef7d8160cd4bf8cb118ee9d65367ca freetype-2.9.1.tar.bz2
+sha1 220c82062171c513e4017c523d196933c9de4a7d freetype-2.9.1.tar.bz2
# Locally calculated
-sha256 e6ffba3c8cef93f557d1f767d7bc3dee860ac7a3aaff588a521e081bc36f4c8a freetype-2.9.tar.bz2
+sha256 db8d87ea720ea9d5edc5388fc7a0497bb11ba9fe972245e0f7f4c7e8b1e1e84d freetype-2.9.1.tar.bz2
sha256 fd056de4196903a676208ef58cfddafc7d583d1f28fa2e44c309cf84a59e62fb docs/LICENSE.TXT
sha256 08c135755dd589039470f1fdbb400daaabaaa50d0b366d19cebff4d22986baa1 docs/FTL.TXT
sha256 c4120c6752c910c299e3bd9cb3a46ff262c268303ca2069b61f92f10a5656c18 docs/GPLv2.TXT
diff --git a/package/freetype/freetype.mk b/package/freetype/freetype.mk
index 1b3a9d1755..c9ea960798 100644
--- a/package/freetype/freetype.mk
+++ b/package/freetype/freetype.mk
@@ -4,7 +4,7 @@
#
################################################################################
-FREETYPE_VERSION = 2.9
+FREETYPE_VERSION = 2.9.1
FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.bz2
FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
FREETYPE_INSTALL_STAGING = YES
@@ -14,6 +14,9 @@ FREETYPE_LICENSE_FILES = docs/LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
FREETYPE_DEPENDENCIES = host-pkgconf
FREETYPE_CONFIG_SCRIPTS = freetype-config
+# since 2.9.1 needed for freetyep-config install
+FREETYPE_CONF_OPTS = --enable-freetype-config
+
HOST_FREETYPE_DEPENDENCIES = host-pkgconf
HOST_FREETYPE_CONF_OPTS = --without-zlib --without-bzip2 --without-png
--
2.19.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v1] freetype: bump version to 2.9.1
2018-11-28 19:15 [Buildroot] [PATCH v1] freetype: bump version to 2.9.1 Peter Seiderer
@ 2018-11-29 16:20 ` Peter Korsgaard
2018-11-29 22:44 ` Peter Seiderer
2018-12-03 22:08 ` Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2018-11-29 16:20 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:
> According to [1]:
> - fixes CVE-2018-6942
It is always great to add a short description what this is about. I've
added:
A NULL pointer dereference in the Ins_GETVARIATION() function within
ttinterp.c could lead to DoS via a crafted font file.
(from https://security-tracker.debian.org/tracker/CVE-2018-6942)
> --- a/package/freetype/freetype.mk
> +++ b/package/freetype/freetype.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
> -FREETYPE_VERSION = 2.9
> +FREETYPE_VERSION = 2.9.1
> FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.bz2
> FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
> FREETYPE_INSTALL_STAGING = YES
> @@ -14,6 +14,9 @@ FREETYPE_LICENSE_FILES = docs/LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
> FREETYPE_DEPENDENCIES = host-pkgconf
> FREETYPE_CONFIG_SCRIPTS = freetype-config
> +# since 2.9.1 needed for freetyep-config install
s/freetyep/freetype/
> +FREETYPE_CONF_OPTS = --enable-freetype-config
We probably also need this for the host variant. Committed after adding
that, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v1] freetype: bump version to 2.9.1
2018-11-29 16:20 ` Peter Korsgaard
@ 2018-11-29 22:44 ` Peter Seiderer
0 siblings, 0 replies; 4+ messages in thread
From: Peter Seiderer @ 2018-11-29 22:44 UTC (permalink / raw)
To: buildroot
Hello Peter,
On Thu, 29 Nov 2018 17:20:58 +0100, Peter Korsgaard <peter@korsgaard.com> wrote:
> >>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:
>
> > According to [1]:
> > - fixes CVE-2018-6942
>
> It is always great to add a short description what this is about. I've
> added:
>
> A NULL pointer dereference in the Ins_GETVARIATION() function within
> ttinterp.c could lead to DoS via a crafted font file.
>
> (from https://security-tracker.debian.org/tracker/CVE-2018-6942)
O.k, will try to add some the next time...
>
>
> > --- a/package/freetype/freetype.mk
> > +++ b/package/freetype/freetype.mk
> > @@ -4,7 +4,7 @@
> > #
> > ################################################################################
>
> > -FREETYPE_VERSION = 2.9
> > +FREETYPE_VERSION = 2.9.1
> > FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.bz2
> > FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
> > FREETYPE_INSTALL_STAGING = YES
> > @@ -14,6 +14,9 @@ FREETYPE_LICENSE_FILES = docs/LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
> > FREETYPE_DEPENDENCIES = host-pkgconf
> > FREETYPE_CONFIG_SCRIPTS = freetype-config
>
> > +# since 2.9.1 needed for freetyep-config install
>
> s/freetyep/freetype/
Ups, thanks for fixing...
>
> > +FREETYPE_CONF_OPTS = --enable-freetype-config
>
> We probably also need this for the host variant. Committed after adding
> that, thanks.
>
Was not sure about this as FREETYPE_FIX_CONFIG_FILE and FREETYPE_FIX_CONFIG_FILE_LIBS
are only applied for the target build, but the option will not hurt for the host build...
Thanks for all the fixes ;-)
Regards,
Peter
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v1] freetype: bump version to 2.9.1
2018-11-28 19:15 [Buildroot] [PATCH v1] freetype: bump version to 2.9.1 Peter Seiderer
2018-11-29 16:20 ` Peter Korsgaard
@ 2018-12-03 22:08 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-12-03 22:08 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:
> According to [1]:
> - fixes CVE-2018-6942
> - needs '--enable-freetype-config' for freetype-config installation
> [1]
> https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?id=86bc8a95056c97a810986434a3f268cbe67f2902
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Committed to 2018.02.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-12-03 22:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-28 19:15 [Buildroot] [PATCH v1] freetype: bump version to 2.9.1 Peter Seiderer
2018-11-29 16:20 ` Peter Korsgaard
2018-11-29 22:44 ` Peter Seiderer
2018-12-03 22:08 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox