gentoo resync : 05.02.2020

5 files changed, 192 insertions, 3 deletions

diff --git a/media-gfx/fontforge/Manifest b/media-gfx/fontforge/Manifest
index 63066190db28..7579155eaf71 100644
--- a/media-gfx/fontforge/Manifest
+++ b/media-gfx/fontforge/Manifest
@@ -3,8 +3,11 @@ AUX 20170731-gethex-unaligned.patch 510 BLAKE2B ed943be0d150c8de7c99decf898cc4cf
 AUX 20170731-startnoui-FindOrMakeEncoding.patch 751 BLAKE2B c4a0248affa9117c5150aacb40a54bcb6f29d84866e1d193898f49a4fe58735eda2319856b6cfdbce450492871a5fe2255443849dd0f98ee70285614f7e44bb1 SHA512 0135717d9760a0bbf6d35ce21c19fb9019d3da01859882918a5643bbe6011a55eaf57ad07c8063c2c5c20cd6c6907420f8015abf54210ccdd75b2ba473e6b366
 AUX 20170731-tilepath.patch 411 BLAKE2B 39ef99a26b85fc25d6c0b778a6b0ddfdb2c366b6456bd8ed47b12ca8681e8970e65e3b69cd06880794832f761c6de801d9e7c51e1edfff5abf434aa7f7dcc7c2 SHA512 026f6765b2db7549f72cd6ccff8d23bdf357ab24035c89cd792fa933f6033445f6cbaf7fa20f1372bdeda2caa242b9f8237f3019292cba0cc551c6de9e5c8341
 AUX 20190317-gdk_init.patch 1391 BLAKE2B 6b4294e24d1bef0300344d2c11ef59d7d3f22d83ba7e8cc3e981db827dde7c30f234be35c017cc8c854ae090aa1f3e177af2c4bc511365fdbdb2e8c40402dda9 SHA512 3976f2a860f6c6aaec8e1532ede9fde7beff3ae98ca8e0cf87b33b7165f158ae676c751a7cb3e7897f1dff3f03c041d4ee6bd06e68904973b5bc5acdee5bede5
+AUX CVE-2020-5395.patch 3073 BLAKE2B 15fa97a633e2c218f512a7d1202555e2465bad9adf0661bcc314a940d691520ba897ed6d76ff2b80111f3c016d71717ec4170196ce2177f3e6478b26f63e76ca SHA512 7dcdd6c4e8eb433de32fe76c2a1832ba9b318c5889ce03325516fa8d3ce63043a89e740758cf75b10626bac43352292e11ba0fdf31725ecff5b9d3065265ac3b
 DIST fontforge-20190317.tar.gz 22762120 BLAKE2B 5cb85d2fb9a2a08fe64548f2667c026e916dd0239d17d8f8d7d2fe8ecb51f2106cf3dc6e6298014c0deadffbfe91925327b483ed4750a171fb621aea8bdee60b SHA512 55f9b0f7cafb1aa5a1461dbf39b52ca6b69a2baa6b761c8c28f86a0bb99e090d9ecc981294f51dadd9297b5ebd3036f01cb4f17b9a97a737eb567b4ae6522f20
+DIST fontforge-20190801.tar.gz 20766334 BLAKE2B c3206e77da4a966b9e513c41c90e19522f3d1aad990cd3035d7c8a8cc009239811743c12c02df3b02fd91fa5a7738913dba43df14523a738a2232cd2d1a91700 SHA512 78f3e1e94e38e26dcf52c6a0e038753033dc47052b7492f0ac0aaf1b8962e4e4bbf07c2550ef6014ea7290a6429bf669acb0691735efe0aee368480b4b7e6236
 DIST fontforge-dist-20170731.tar.xz 13985256 BLAKE2B 7bc49a3b7747de419e4fafb445062873cf9bf56aa73fd7499509b787a1c0fd6c47b0b5d7bfeb2a69d9237f9f66f989af968b0d00e9d5e57030906394f042f29c SHA512 26f7a40714460716a24dd0229fdb027f3766bcc48db64b8993436ddcb6277898f9f3b67ad4fc0be515b2b38e01370d1c7d9ee3c6ece1be862b7d8c9882411f11
-EBUILD fontforge-20170731-r4.ebuild 2816 BLAKE2B c18269a507266fb08279df3c4d367100dfdc87e9b875fd559fd4563f9c559c63e9c4f3fc5d92c4d2bc7fd80be26bcbfbf924c25372fb2c35688145eb12b0794e SHA512 e685d7c7509376817a57d623fc1373d8510f5aebbfe226cf1e3f5863d363162e837c2c3616686ee2911a38294cd16c81d1a9e85779711cc9d4089add0288ee96
-EBUILD fontforge-20190317-r2.ebuild 2738 BLAKE2B f5f392434e2b2660f94dc431618dc83834566f3799eb4450b5e4f9aa4e529c3a25bfd35b048fe654bb78ad98a9d9fb34fc7755fbb312060b8203812fdf600c55 SHA512 43c193bc4295b3152743a2efd22b89324a29e49fa22debea90869f7233d6b88b7c678fbc4357096c808f6800b964a3c3bac1af26808fb0343b69c983ffbc3f9e
+EBUILD fontforge-20170731-r5.ebuild 2852 BLAKE2B 635d215e7e84c0c022008c5fcd6aa30758023d2cf5b589a1f5db1681d6659c9af849e6c007d57caa4cab33da203542fd5f2ddf685f9c5773d05b3cb978c8f6f1 SHA512 c5449ea9b0a24c43132a9c663b9bb2fe136e3b56691b1ec4ad35fa52bd40820f37f312a8b75dcca1e1fc96c9a1f1712906c97b4f99d6427dcc85c52552ba1a3e
+EBUILD fontforge-20190317-r3.ebuild 2773 BLAKE2B c92f4cb825907a97e26df7f9d3c5c96fd40a9ce28ad28728432a5644ade9c879d37e2d7bf1923429d396f373a58a29a1485ad7ec40bfc65fab2bd89323f802e8 SHA512 6e9963725f1afa2d7be03868bd24eb44f781ac1bc32f893854272c80113f9941f9d8b805953d91d4f7683091f7eeff9b9f0b23ae3b7bc944f3703966f56bc6a9
+EBUILD fontforge-20190801.ebuild 2531 BLAKE2B 3a5adafebf248d965738ae047b1eb2d0ca69e4e410b91c8184d6ce0522d949e2e04190d6b43ba51816976388688db462354031561feb3649c302f0c00b96a4a0 SHA512 b9a8600d01d8d704887924977f52aca61720371ea753aeefd2a1f50a7b08387b71e70f878545f553531ac449f71ab23306487287a4054b14cb0c2458f2548dd0
 MISC metadata.xml 908 BLAKE2B 57e840cbf69ebd2780ecaf5a3009905b782223a16339beae90acf1c087a185944e33fe952b477184244cb3f5f313fcce32a561ce903d751de457b77f4a90cd74 SHA512 973d4967be4eb7aad087ce977a4d94945a8894138604e8d37257dac97f74e98f7fb9a7cad7e7f46abb4c8c39dcb4bd79e9ad26f96838ad39ac1894e154834d28
diff --git a/media-gfx/fontforge/files/CVE-2020-5395.patch b/media-gfx/fontforge/files/CVE-2020-5395.patch
new file mode 100644
index 000000000000..51b524503764
--- /dev/null
+++ b/media-gfx/fontforge/files/CVE-2020-5395.patch
@@ -0,0 +1,78 @@
+From 048a91e2682c1a8936ae34dbc7bd70291ec05410 Mon Sep 17 00:00:00 2001
+From: Skef Iterum <unknown>
+Date: Mon, 6 Jan 2020 03:05:06 -0800
+Subject: [PATCH] Fix for #4084 Use-after-free (heap) in the
+ SFD_GetFontMetaData() function Fix for #4086 NULL pointer dereference in the
+ SFDGetSpiros() function Fix for #4088 NULL pointer dereference in the
+ SFD_AssignLookups() function Add empty sf->fontname string if it isn't set,
+ fixing #4089 #4090 and many   other potential issues (many downstream calls
+ to strlen() on the value).
+
+---
+ fontforge/sfd.c  | 19 ++++++++++++++-----
+ fontforge/sfd1.c |  2 +-
+ 2 files changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/fontforge/sfd.c b/fontforge/sfd.c
+index 731be201e0..e8ca39ba83 100644
+--- a/fontforge/sfd.c
++++ b/fontforge/sfd.c
+@@ -4032,13 +4032,16 @@ static void SFDGetSpiros(FILE *sfd,SplineSet *cur) {
+     while ( fscanf(sfd,"%lg %lg %c", &cp.x, &cp.y, &cp.ty )==3 ) {
+ 	if ( cur!=NULL ) {
+ 	    if ( cur->spiro_cnt>=cur->spiro_max )
+-		cur->spiros = realloc(cur->spiros,(cur->spiro_max+=10)*sizeof(spiro_cp));
++		cur->spiros = realloc(cur->spiros,
++		                      (cur->spiro_max+=10)*sizeof(spiro_cp));
+ 	    cur->spiros[cur->spiro_cnt++] = cp;
+ 	}
+     }
+-    if ( cur!=NULL && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) {
++    if (    cur!=NULL && cur->spiro_cnt>0
++         && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) {
+ 	if ( cur->spiro_cnt>=cur->spiro_max )
+-	    cur->spiros = realloc(cur->spiros,(cur->spiro_max+=1)*sizeof(spiro_cp));
++	    cur->spiros = realloc(cur->spiros,
++	                          (cur->spiro_max+=1)*sizeof(spiro_cp));
+ 	memset(&cur->spiros[cur->spiro_cnt],0,sizeof(spiro_cp));
+ 	cur->spiros[cur->spiro_cnt++].ty = SPIRO_END;
+     }
+@@ -7992,10 +7995,12 @@ bool SFD_GetFontMetaData( FILE *sfd,
+     else if ( strmatch(tok,"LayerCount:")==0 )
+     {
+ 	d->had_layer_cnt = true;
+-	getint(sfd,&sf->layer_cnt);
+-	if ( sf->layer_cnt>2 ) {
++	int layer_cnt_tmp;
++	getint(sfd,&layer_cnt_tmp);
++	if ( layer_cnt_tmp>2 ) {
+ 	    sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo));
+ 	    memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo));
++	    sf->layer_cnt = layer_cnt_tmp;
+ 	}
+     }
+     else if ( strmatch(tok,"Layer:")==0 )
+@@ -8948,6 +8953,10 @@ exit( 1 );
+ 	}
+     }
+ 
++    // Many downstream functions assume this isn't NULL (use strlen, etc.)
++    if ( sf->fontname==NULL)
++	sf->fontname = copy("");
++
+     if ( fromdir )
+ 	sf = SFD_FigureDirType(sf,tok,dirname,enc,remap,had_layer_cnt);
+     else if ( sf->subfontcnt!=0 ) {
+diff --git a/fontforge/sfd1.c b/fontforge/sfd1.c
+index cf931059d0..b42f832678 100644
+--- a/fontforge/sfd1.c
++++ b/fontforge/sfd1.c
+@@ -674,7 +674,7 @@ void SFD_AssignLookups(SplineFont1 *sf) {
+ 
+     /* Fix up some gunk from really old versions of the sfd format */
+     SFDCleanupAnchorClasses(&sf->sf);
+-    if ( sf->sf.uni_interp==ui_unset )
++    if ( sf->sf.uni_interp==ui_unset && sf->sf.map!=NULL )
+ 	sf->sf.uni_interp = interp_from_encoding(sf->sf.map->enc,ui_none);
+ 
+     /* Fixup for an old bug */
diff --git a/media-gfx/fontforge/fontforge-20170731-r4.ebuild b/media-gfx/fontforge/fontforge-20170731-r5.ebuild
index 0aef5976173a..04d71dc2cee5 100644
--- a/media-gfx/fontforge/fontforge-20170731-r4.ebuild
+++ b/media-gfx/fontforge/fontforge-20170731-r5.ebuild
@@ -13,7 +13,7 @@ SRC_URI="https://github.com/fontforge/fontforge/releases/download/${PV}/fontforg
 
 LICENSE="BSD GPL-3+"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
 IUSE="cairo truetype-debugger gif gtk jpeg png +python readline test tiff svg unicode X"
 
 RESTRICT="!test? ( test )"
@@ -68,6 +68,7 @@ PATCHES=(
 	"${FILESDIR}"/20170731-tilepath.patch
 	"${FILESDIR}"/20170731-gethex-unaligned.patch
 	"${FILESDIR}"/20170731-PyMem_Free.patch
+	"${FILESDIR}"/CVE-2020-5395.patch
 )
 
 pkg_setup() {
diff --git a/media-gfx/fontforge/fontforge-20190317-r2.ebuild b/media-gfx/fontforge/fontforge-20190317-r3.ebuild
index 210cb2b03cc9..28c16aebe855 100644
--- a/media-gfx/fontforge/fontforge-20190317-r2.ebuild
+++ b/media-gfx/fontforge/fontforge-20190317-r3.ebuild
@@ -67,6 +67,7 @@ BDEPEND="
 PATCHES=(
 	"${FILESDIR}"/20170731-gethex-unaligned.patch
 	"${FILESDIR}"/20190317-gdk_init.patch
+	"${FILESDIR}"/CVE-2020-5395.patch
 )
 
 pkg_setup() {
diff --git a/media-gfx/fontforge/fontforge-20190801.ebuild b/media-gfx/fontforge/fontforge-20190801.ebuild
new file mode 100644
index 000000000000..31b62099c783
--- /dev/null
+++ b/media-gfx/fontforge/fontforge-20190801.ebuild
@@ -0,0 +1,106 @@
+# Copyright 2004-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_{6,7}} )
+
+inherit python-single-r1 xdg
+
+DESCRIPTION="postscript font editor and converter"
+HOMEPAGE="http://fontforge.github.io/"
+SRC_URI="https://github.com/fontforge/fontforge/releases/download/${PV}/fontforge-${PV}.tar.gz"
+
+LICENSE="BSD GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE="cairo truetype-debugger gif gtk jpeg png +python readline test tiff svg unicode X"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+	cairo? ( png )
+	gtk? ( cairo )
+	python? ( ${PYTHON_REQUIRED_USE} )
+	test? ( png python )
+"
+
+RDEPEND="
+	dev-libs/glib
+	dev-libs/libltdl:0
+	dev-libs/libxml2:2=
+	>=media-libs/freetype-2.3.7:2=
+	cairo? (
+		>=x11-libs/cairo-1.6:0=
+		x11-libs/pango:0=
+	)
+	gif? ( media-libs/giflib:0= )
+	jpeg? ( virtual/jpeg:0 )
+	png? ( media-libs/libpng:0= )
+	tiff? ( media-libs/tiff:0= )
+	truetype-debugger? ( >=media-libs/freetype-2.3.8:2[fontforge,-bindist(-)] )
+	gtk? ( >=x11-libs/gtk+-3.10:3 )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:0= )
+	unicode? ( media-libs/libuninameslist:0= )
+	X? (
+		x11-libs/libX11:0=
+		x11-libs/libXi:0=
+		>=x11-libs/pango-1.10:0=[X]
+	)
+	!media-gfx/pfaedit
+"
+DEPEND="${RDEPEND}
+	X? ( x11-base/xorg-proto )
+"
+BDEPEND="
+	sys-devel/gettext
+	virtual/pkgconfig
+"
+
+# Needs keywording on many arches.
+#	zeromq? (
+#		>=net-libs/czmq-2.2.0:0=
+#		>=net-libs/zeromq-4.0.4:0=
+#	)
+
+PATCHES=(
+	"${FILESDIR}"/20170731-gethex-unaligned.patch
+	"${FILESDIR}"/CVE-2020-5395.patch
+)
+
+pkg_setup() {
+	use python && python-single-r1_pkg_setup
+}
+
+src_configure() {
+	local myeconfargs=(
+		--disable-static
+		$(use_enable truetype-debugger freetype-debugger "${EPREFIX}/usr/include/freetype2/internal4fontforge")
+		$(use_enable python python-extension)
+		$(use_enable python python-scripting)
+		--enable-tile-path
+		$(use_with cairo)
+		$(use_with gif giflib)
+		$(use_with jpeg libjpeg)
+		$(use_with png libpng)
+		$(use_with readline libreadline)
+		--without-libspiro
+		$(use_with tiff libtiff)
+		$(use_with unicode libuninameslist)
+		$(use_with X x)
+	)
+	if use gtk; then
+		# broken AC_ARG_ENABLE usage
+		# https://bugs.gentoo.org/681550
+		myeconfargs+=( --enable-gdk=gdk3 )
+	fi
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	docompress -x /usr/share/doc/${PF}/html
+	einstalldocs
+	find "${ED}" -name '*.la' -type f -delete || die
+}