From 014f3e89c4c456fcb91d7eac2ee902ecf015243c Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Thu, 7 May 2020 10:26:41 +0200 Subject: [PATCH] libspiro: update to 20200505. --- srcpkgs/libspiro/patches/CVE-2019-19847.patch | 63 ------------------- srcpkgs/libspiro/template | 6 +- 2 files changed, 3 insertions(+), 66 deletions(-) delete mode 100644 srcpkgs/libspiro/patches/CVE-2019-19847.patch diff --git a/srcpkgs/libspiro/patches/CVE-2019-19847.patch b/srcpkgs/libspiro/patches/CVE-2019-19847.patch deleted file mode 100644 index 994d13f9e59..00000000000 --- a/srcpkgs/libspiro/patches/CVE-2019-19847.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 35233450c922787dad42321e359e5229ff470a1e Mon Sep 17 00:00:00 2001 -From: Joe Da Silva -Date: Sat, 21 Dec 2019 13:10:22 -0800 -Subject: [PATCH] CVE-2019-19847, Stack-based buffer overflow in the - spiro_to_bpath0() - -Frederic Cambus (@fcambus) discovered a bug in call-test.c using: -./configure CFLAGS="-fsanitize=address" -make -./tests/call-test[14,15,16,17,18,19] -Fredrick Brennan (@ctrlcctrlv) provided bugfix. See issue #21 ---- - configure.ac | 7 ++++++- - tests/call-test.c | 4 ++-- - 3 files changed, 10 insertions(+), 3 deletions(-) - -diff --git configure.ac configure.ac -index 8a44d04..e77ce17 100644 ---- configure.ac -+++ configure.ac -@@ -50,7 +50,7 @@ m4_define([spiro_age], [0]) - m4_define([spiro_libver],[spiro_current:spiro_revision:spiro_age]) - - m4_define([spiro_package_name], [libspiro]) -- -+ - AC_INIT([spiro],[spiro_package_stamp],[fontforge-devel@lists.sourceforge.net], - [spiro_package_name],[https://github.com/fontforge/libspiro]) - -@@ -236,6 +236,11 @@ dnl AX_CHECK_COMPILE_FLAG([-Wcast-qual],[WCFLAGS="$WCFLAGS -Wcast-qual"]) - dnl AX_CHECK_COMPILE_FLAG([-Wcast-align],[WCFLAGS="$WCFLAGS -Wcast-align"]) - dnl AX_CHECK_COMPILE_FLAG([-Wpadded],[WCFLAGS="$WCFLAGS -Wpadded"]) - dnl AX_CHECK_COMPILE_FLAG([-Woverlength-strings],[WCFLAGS="$WCFLAGS -Woverlength-strings"]) -+ -+dnl NOTE: -fsanitize has to be first library -+dnl and will also conflict with other checks -+dnl like valgrind due to similar test checks -+dnl AX_CHECK_COMPILE_FLAG([-fsanitize=address],[CFLAGS=" -fsanitize=address $CFLAGS"]) - AC_LANG_POP - # Skip if replacing with LS_LIB instead. - WLSLIB="" -diff --git tests/call-test.c tests/call-test.c -index c27d41a..76ee12d 100644 ---- tests/call-test.c -+++ tests/call-test.c -@@ -536,7 +536,7 @@ bezctx *new_bezctx_test(void) { - int test_curve(int c) { - spiro_cp spiro[16]; - int nextknot[17]; -- double d[5]; -+ double d[6]; - spiro_seg *segs = NULL; - bezctx *bc; - rs_check_vals *rsp; -@@ -545,7 +545,7 @@ int test_curve(int c) { - /* Load sample data so that we can see if library is callable */ - load_test_curve(spiro,nextknot,c); - -- d[0] = 1.; d[1] = d[1] = 0.; -+ d[0] = 1.; d[1] = d[2] = 0.; - #if defined(DO_CALL_TEST20) - /* check if spiro values are reversed correctly on input path */ - printf("---\ntesting spiroreverse() using data=path%d[].\n",c); diff --git a/srcpkgs/libspiro/template b/srcpkgs/libspiro/template index df5229e3dd5..f9a864a634c 100644 --- a/srcpkgs/libspiro/template +++ b/srcpkgs/libspiro/template @@ -1,7 +1,7 @@ # Template file for 'libspiro' pkgname=libspiro -version=20190731 -revision=2 +version=20200505 +revision=1 build_style=gnu-configure hostmakedepends="automake libtool" short_desc="Simplifies the drawing of beautiful curves" @@ -9,7 +9,7 @@ maintainer="Leah Neukirchen " license="GPL-3.0-or-later" homepage="https://github.com/fontforge/libspiro" distfiles="https://github.com/fontforge/${pkgname}/archive/${version}.tar.gz" -checksum=25678f69416115c9d5f909de4013f7a5a44a3f7ca901f912bb6de566cbb70e89 +checksum=00be530b5c0ea9274baadf6c05521f0b192d4c3c1db636ac8b08efd44aaea8f5 pre_configure() { autoreconf -fi