diff options
| author | Miklos Vajna <vmiklos@collabora.com> | 2022-11-16 13:37:33 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2023-01-29 19:12:06 +0100 |
| commit | 86c3fd212994e16a05a8b12387e7a00e6cc64b9a (patch) | |
| tree | e61e79fa3f61bd3d0e53ff8c01fb899755d0ea61 | |
| parent | 77a63a6726e94d4b670cfdf5bd224d4d0fcb9a0f (diff) | |
Update freetype to 2.12.0
- fixes CVE-2022-27404
- dropped the no longer applying parts of ubsan.patch
Change-Id: Ia8a496d53b62f68a27dbd9be08c89273b6bd01cd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/142768
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 7229a380d3d607dc896e1d48b1a13f7b301aef80)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/142927
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/freetype/ExternalProject_freetype.mk | 9 | ||||
| -rw-r--r-- | external/freetype/UnpackedTarball_freetype.mk | 3 | ||||
| -rw-r--r-- | external/freetype/freetype-2.6.5.patch.1 | 47 | ||||
| -rw-r--r-- | external/freetype/ubsan.patch | 11 |
5 files changed, 47 insertions, 27 deletions
diff --git a/download.lst b/download.lst index 15d4a1fa15e3..325aa3af680f 100644 --- a/download.lst +++ b/download.lst @@ -96,8 +96,8 @@ export FONT_SCHEHERAZADE_SHA256SUM := 251c8817ceb87d9b661ce1d5b49e732a0116add10a export FONT_SCHEHERAZADE_TARBALL := Scheherazade-2.100.zip export FREEHAND_SHA256SUM := 0e422d1564a6dbf22a9af598535425271e583514c0f7ba7d9091676420de34ac export FREEHAND_TARBALL := libfreehand-0.1.2.tar.xz -export FREETYPE_SHA256SUM := db8d87ea720ea9d5edc5388fc7a0497bb11ba9fe972245e0f7f4c7e8b1e1e84d -export FREETYPE_TARBALL := freetype-2.9.1.tar.bz2 +export FREETYPE_SHA256SUM := ef5c336aacc1a079ff9262d6308d6c2a066dd4d2a905301c4adda9b354399033 +export FREETYPE_TARBALL := freetype-2.12.0.tar.xz export GLM_SHA256SUM := c5e167c042afd2d7ad642ace6b643863baeb33880781983563e1ab68a30d3e95 export GLM_TARBALL := glm-0.9.9.7.zip export GPGME_SHA256SUM := c4e30b227682374c23cddc7fdb9324a99694d907e79242a25a4deeedb393be46 diff --git a/external/freetype/ExternalProject_freetype.mk b/external/freetype/ExternalProject_freetype.mk index c4d55960c6ca..bc919cf8579d 100644 --- a/external/freetype/ExternalProject_freetype.mk +++ b/external/freetype/ExternalProject_freetype.mk @@ -18,12 +18,19 @@ $(call gb_ExternalProject_get_state_target,freetype,build) : $(call gb_ExternalProject_run,build,\ $(gb_RUN_CONFIGURE) ./configure \ --disable-shared \ + --with-pic \ --without-zlib \ + --without-brotli \ --without-bzip2 \ --without-harfbuzz \ + --without-png \ --prefix=$(call gb_UnpackedTarball_get_dir,freetype/instdir) \ --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) \ - CFLAGS="$(if $(debug),-g) $(gb_VISIBILITY_FLAGS)" \ + CFLAGS="$(CFLAGS) \ + $(call gb_ExternalProject_get_build_flags,freetype) \ + $(gb_VISIBILITY_FLAGS) \ + $(gb_EMSCRIPTEN_CPPFLAGS)" \ + LDFLAGS="$(call gb_ExternalProject_get_link_flags,freetype)" \ && $(MAKE) install \ && touch $@ ) $(call gb_Trace_EndRange,freetype,EXTERNAL) diff --git a/external/freetype/UnpackedTarball_freetype.mk b/external/freetype/UnpackedTarball_freetype.mk index 6f724d1776fc..076edb9e3d97 100644 --- a/external/freetype/UnpackedTarball_freetype.mk +++ b/external/freetype/UnpackedTarball_freetype.mk @@ -13,6 +13,9 @@ $(eval $(call gb_UnpackedTarball_set_tarball,freetype,$(FREETYPE_TARBALL),,freet $(eval $(call gb_UnpackedTarball_add_patches,freetype,\ external/freetype/freetype-2.6.5.patch.1 \ + external/freetype/ubsan.patch \ )) +$(eval $(call gb_UnpackedTarball_set_patchlevel,freetype,0)) + # vim: set noet sw=4 ts=4: diff --git a/external/freetype/freetype-2.6.5.patch.1 b/external/freetype/freetype-2.6.5.patch.1 index a9c231cbe384..c10c0bb38ea8 100644 --- a/external/freetype/freetype-2.6.5.patch.1 +++ b/external/freetype/freetype-2.6.5.patch.1 @@ -1,7 +1,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure --- freetype/builds/unix/configure.dt 2017-02-01 22:14:45.206257952 +0100 +++ freetype/builds/unix/configure 2017-02-01 22:16:31.076183707 +0100 -@@ -8858,7 +8858,7 @@ +@@ -9386,7 +9386,7 @@ case $host_cpu in powerpc) # see comment about AmigaOS4 .so support @@ -10,7 +10,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure archive_expsym_cmds='' ;; m68k) -@@ -8874,7 +8874,7 @@ +@@ -9402,7 +9402,7 @@ allow_undefined_flag=unsupported # Joseph Beckenbach <jrb3@best.com> says some releases of gcc # support --undefined. This deserves some investigation. FIXME @@ -19,7 +19,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure else ld_shlibs=no fi -@@ -8908,7 +8908,7 @@ +@@ -9436,7 +9436,7 @@ ;; haiku*) @@ -28,7 +28,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure link_all_deplibs=yes ;; -@@ -9003,13 +9003,13 @@ +@@ -9531,13 +9531,13 @@ *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac @@ -44,7 +44,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure fi case $cc_basename in -@@ -9039,8 +9039,8 @@ +@@ -9567,8 +9567,8 @@ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else @@ -55,7 +55,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure fi ;; -@@ -9058,8 +9058,8 @@ +@@ -9586,8 +9586,8 @@ _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then @@ -66,7 +66,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure else ld_shlibs=no fi -@@ -9087,8 +9087,8 @@ +@@ -9615,8 +9615,8 @@ # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' @@ -77,7 +77,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure else ld_shlibs=no fi -@@ -9105,8 +9105,8 @@ +@@ -9633,8 +9633,8 @@ *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then @@ -88,7 +88,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure else ld_shlibs=no fi -@@ -9405,7 +9405,7 @@ +@@ -9937,7 +9937,7 @@ case $host_cpu in powerpc) # see comment about AmigaOS4 .so support @@ -97,7 +97,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure archive_expsym_cmds='' ;; m68k) -@@ -9674,7 +9674,7 @@ +@@ -10207,7 +10207,7 @@ irix5* | irix6* | nonstopux*) if test yes = "$GCC"; then @@ -106,16 +106,16 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. -@@ -9702,7 +9702,7 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 - $as_echo "$lt_cv_irix_exported_symbol" >&6; } +@@ -10237,7 +10237,7 @@ + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 + printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' -@@ -9797,7 +9797,7 @@ +@@ -10332,7 +10332,7 @@ osf3*) if test yes = "$GCC"; then allow_undefined_flag=' $wl-expect_unresolved $wl\*' @@ -124,7 +124,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' -@@ -9810,7 +9810,7 @@ +@@ -10345,7 +10345,7 @@ osf4* | osf5*) # as osf3* with the addition of -msym flag if test yes = "$GCC"; then allow_undefined_flag=' $wl-expect_unresolved $wl\*' @@ -133,7 +133,7 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' else allow_undefined_flag=' -expect_unresolved \*' -@@ -13143,10 +13143,10 @@ +@@ -13620,10 +13620,10 @@ XX_CFLAGS="-Wall" case "$host" in *-*-mingw*) @@ -145,14 +145,13 @@ diff -up freetype/builds/unix/configure.dt freetype/builds/unix/configure + XX_ANSIFLAGS="" ;; *) - GCC_VERSION=`$CC -dumpversion` -@@ -13195,7 +13195,7 @@ - if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok, adding to XX_ANSIFLAGS" >&5 - $as_echo "ok, adding to XX_ANSIFLAGS" >&6; } + XX_ANSIFLAGS="" +@@ -13661,7 +13661,7 @@ + then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok, adding to XX_ANSIFLAGS" >&5 + printf "%s\n" "ok, adding to XX_ANSIFLAGS" >&6; } - XX_ANSIFLAGS="${XX_ANSIFLAGS} ${a}" + XX_ANSIFLAGS="${XX_ANSIFLAGS}" - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -diff -up freetype/configure.dt freetype/configure + else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 diff --git a/external/freetype/ubsan.patch b/external/freetype/ubsan.patch new file mode 100644 index 000000000000..c8173eeff531 --- /dev/null +++ b/external/freetype/ubsan.patch @@ -0,0 +1,11 @@ +--- src/truetype/ttgxvar.c ++++ src/truetype/ttgxvar.c +@@ -964,7 +964,7 @@ + /* in the OpenType specification. */ + + varData = &itemStore->varData[outerIndex]; +- deltaSet = &varData->deltaSet[varData->regionIdxCount * innerIndex]; ++ deltaSet = varData->regionIdxCount * innerIndex == 0 ? varData->deltaSet : &varData->deltaSet[varData->regionIdxCount * innerIndex]; + + /* outer loop steps through master designs to be blended */ + for ( master = 0; master < varData->regionIdxCount; master++ ) |