From b693f6d3d48b281fbbf71fd56996c85e23c3a9c9 Mon Sep 17 00:00:00 2001
From: Eren Türkay <eren@hambedded.org>
Date: Fri, 28 Dec 2012 01:00:00 +0200
Subject: freetype: update to 2.4.11 which includes fixes for CVE-2012-{5668,
 5669, 5670}
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Multiple security issues were reported by Mateusz Jurczyk of Google
security team. These have been fixed in freetype 2.4.11. Details are as
follows.

* CVE-2012-5668: NULL Pointer Dereference in bdf_free_font
Bug: https://savannah.nongnu.org/bugs/?37905
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a

* CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37906
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

* CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37907
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8

For original e-mail and CVE assignment, see the following URLs:

http://www.openwall.com/lists/oss-security/2012/12/25/1
http://www.openwall.com/lists/oss-security/2012/12/25/2

Signed-off-by: Eren Türkay <eren@hambedded.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 .../freetype/freetype-2.4.10/no-hardcode.patch     | 13 ------
 .../freetype/freetype-2.4.11/no-hardcode.patch     | 13 ++++++
 meta/recipes-graphics/freetype/freetype_2.4.10.bb  | 53 ----------------------
 meta/recipes-graphics/freetype/freetype_2.4.11.bb  | 53 ++++++++++++++++++++++
 4 files changed, 66 insertions(+), 66 deletions(-)
 delete mode 100644 meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch
 delete mode 100644 meta/recipes-graphics/freetype/freetype_2.4.10.bb
 create mode 100644 meta/recipes-graphics/freetype/freetype_2.4.11.bb

(limited to 'meta/recipes-graphics')

diff --git a/meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch b/meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch
deleted file mode 100644
index 0f21d1ff26..0000000000
--- a/meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
---- freetype-2.1.10/builds/unix/freetype-config.in.old	2006-05-01 12:39:20.000000000 +0100
-+++ freetype-2.1.10/builds/unix/freetype-config.in	2006-05-01 12:39:34.000000000 +0100
-@@ -16,7 +16,7 @@
- libdir=@libdir@
- enable_shared=@enable_shared@
- wl=@wl@
--hardcode_libdir_flag_spec='@hardcode_libdir_flag_spec@'
-+hardcode_libdir_flag_spec=''
- 
- usage()
- {
diff --git a/meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch b/meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch
new file mode 100644
index 0000000000..0f21d1ff26
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch
@@ -0,0 +1,13 @@
+Upstream-Status: Inappropriate [configuration]
+
+--- freetype-2.1.10/builds/unix/freetype-config.in.old	2006-05-01 12:39:20.000000000 +0100
++++ freetype-2.1.10/builds/unix/freetype-config.in	2006-05-01 12:39:34.000000000 +0100
+@@ -16,7 +16,7 @@
+ libdir=@libdir@
+ enable_shared=@enable_shared@
+ wl=@wl@
+-hardcode_libdir_flag_spec='@hardcode_libdir_flag_spec@'
++hardcode_libdir_flag_spec=''
+ 
+ usage()
+ {
diff --git a/meta/recipes-graphics/freetype/freetype_2.4.10.bb b/meta/recipes-graphics/freetype/freetype_2.4.10.bb
deleted file mode 100644
index 35d6d221f3..0000000000
--- a/meta/recipes-graphics/freetype/freetype_2.4.10.bb
+++ /dev/null
@@ -1,53 +0,0 @@
-SUMMARY = "Freetype font rendering library"
-DESCRIPTION = "FreeType is a software font engine that is designed to be small, efficient, \
-highly customizable, and portable while capable of producing high-quality output (glyph \
-images). It can be used in graphics libraries, display servers, font conversion tools, text \
-image generation tools, and many other products as well."
-HOMEPAGE = "http://www.freetype.org/"
-BUGTRACKER = "https://savannah.nongnu.org/bugs/?group=freetype"
-
-LICENSE = "FreeType | GPLv2+"
-LIC_FILES_CHKSUM = "file://docs/LICENSE.TXT;md5=28d5381b1bef2649c59f20c20bae4f39 \
-                    file://docs/FTL.TXT;md5=d479e83797f699fe873b38dadd0fcd4c \
-                    file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec"
-
-SECTION = "libs"
-
-PR = "r0"
-
-SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \
-           file://no-hardcode.patch"
-
-SRC_URI[md5sum] = "13286702e9390a91661f980608adaff1"
-SRC_URI[sha256sum] = "0c8e242c33c45928de560d7d595db06feb41d1b22167e37260ceabe72f9e992f"
-
-S = "${WORKDIR}/freetype-${PV}"
-
-inherit autotools pkgconfig binconfig
-
-LIBTOOL = "${S}/builds/unix/${HOST_SYS}-libtool"
-EXTRA_OEMAKE = "'LIBTOOL=${LIBTOOL}'"
-EXTRA_OEMAKE_class-native = ""
-EXTRA_OECONF = "--without-zlib --without-bzip2 CC_BUILD='${BUILD_CC}'"
-
-do_configure() {
-	cd builds/unix
-	libtoolize --force --copy
-	aclocal -I .
-	gnu-configize --force
-	autoconf
-	cd ${S}
-	oe_runconf
-}
-
-do_configure_class-native() {
-	(cd builds/unix && gnu-configize) || die "failure running gnu-configize"
-	oe_runconf
-}
-
-do_compile_prepend() {
-	${BUILD_CC} -o objs/apinames src/tools/apinames.c
-}
-
-BBCLASSEXTEND = "native"
-
diff --git a/meta/recipes-graphics/freetype/freetype_2.4.11.bb b/meta/recipes-graphics/freetype/freetype_2.4.11.bb
new file mode 100644
index 0000000000..53fde1d948
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype_2.4.11.bb
@@ -0,0 +1,53 @@
+SUMMARY = "Freetype font rendering library"
+DESCRIPTION = "FreeType is a software font engine that is designed to be small, efficient, \
+highly customizable, and portable while capable of producing high-quality output (glyph \
+images). It can be used in graphics libraries, display servers, font conversion tools, text \
+image generation tools, and many other products as well."
+HOMEPAGE = "http://www.freetype.org/"
+BUGTRACKER = "https://savannah.nongnu.org/bugs/?group=freetype"
+
+LICENSE = "FreeType | GPLv2+"
+LIC_FILES_CHKSUM = "file://docs/LICENSE.TXT;md5=28d5381b1bef2649c59f20c20bae4f39 \
+                    file://docs/FTL.TXT;md5=d479e83797f699fe873b38dadd0fcd4c \
+                    file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec"
+
+SECTION = "libs"
+
+PR = "r0"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \
+           file://no-hardcode.patch"
+
+SRC_URI[md5sum] = "b93435488942486c8d0ca22e8f768034"
+SRC_URI[sha256sum] = "ef9d0bcb64647d9e5125dc7534d7ca371c98310fec87677c410f397f71ffbe3f"
+
+S = "${WORKDIR}/freetype-${PV}"
+
+inherit autotools pkgconfig binconfig
+
+LIBTOOL = "${S}/builds/unix/${HOST_SYS}-libtool"
+EXTRA_OEMAKE = "'LIBTOOL=${LIBTOOL}'"
+EXTRA_OEMAKE_class-native = ""
+EXTRA_OECONF = "--without-zlib --without-bzip2 CC_BUILD='${BUILD_CC}'"
+
+do_configure() {
+	cd builds/unix
+	libtoolize --force --copy
+	aclocal -I .
+	gnu-configize --force
+	autoconf
+	cd ${S}
+	oe_runconf
+}
+
+do_configure_class-native() {
+	(cd builds/unix && gnu-configize) || die "failure running gnu-configize"
+	oe_runconf
+}
+
+do_compile_prepend() {
+	${BUILD_CC} -o objs/apinames src/tools/apinames.c
+}
+
+BBCLASSEXTEND = "native"
+
-- 
cgit 1.2.3-korg