3
0
Fork 0
forked from mirrors/nixpkgs

freetype: major update, including some CVE security

- There's no fontconfig update yet, as I failed to debug it yet.
- Infinality patches are now taken from a different (maintained) source.
This commit is contained in:
Vladimír Čunát 2014-06-09 19:47:31 +02:00
parent ff327554e9
commit c50f0e47e1
4 changed files with 53 additions and 44 deletions
pkgs
applications/display-managers/slim
development/libraries
fontconfig
freetype
servers/x11/xorg

View file

@ -24,6 +24,8 @@ stdenv.mkDerivation rec {
cmakeFlags = [ "-DUSE_PAM=1" ]; cmakeFlags = [ "-DUSE_PAM=1" ];
NIX_CFLAGS_COMPILE = "-I${freetype}/include/freetype";
enableParallelBuilding = true; enableParallelBuilding = true;
buildInputs = buildInputs =

View file

@ -8,18 +8,22 @@ stdenv.mkDerivation rec {
sha256 = "0llraqw86jmw4vzv7inskp3xxm2gc64my08iwq5mzncgfdbfza4f"; sha256 = "0llraqw86jmw4vzv7inskp3xxm2gc64my08iwq5mzncgfdbfza4f";
}; };
infinality_patch = with freetype.infinality; if useInfinality infinality_patch =
then let subvers = "1"; let subvers = "1";
in fetchurl { in fetchurl {
url = http://www.infinality.net/fedora/linux/zips/fontconfig-infinality-1-20130104_1.tar.bz2; url = http://www.infinality.net/fedora/linux/zips/fontconfig-infinality-1-20130104_1.tar.bz2;
sha256 = "1fm5xx0mx2243jrq5rxk4v0ajw2nawpj23399h710bx6hd1rviq7"; sha256 = "1fm5xx0mx2243jrq5rxk4v0ajw2nawpj23399h710bx6hd1rviq7";
} }
else null; ;
propagatedBuildInputs = [ freetype ]; propagatedBuildInputs = [ freetype ];
buildInputs = [ pkgconfig expat ]; buildInputs = [ pkgconfig expat ];
configureFlags = "--sysconfdir=/etc --with-cache-dir=/var/cache/fontconfig --disable-docs --with-default-fonts="; configureFlags = [
"--with-cache-dir=/var/cache/fontconfig"
"--disable-docs"
"--with-default-fonts="
];
# We should find a better way to access the arch reliably. # We should find a better way to access the arch reliably.
crossArch = stdenv.cross.arch or null; crossArch = stdenv.cross.arch or null;
@ -32,10 +36,12 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true; enableParallelBuilding = true;
# Don't try to write to /etc/fonts or /var/cache/fontconfig at install time. doCheck = true;
installFlags = "sysconfdir=$(out)/etc RUN_FC_CACHE_TEST=false fc_cachedir=$(TMPDIR)/dummy";
postInstall = stdenv.lib.optionalString freetype.infinality.useInfinality '' # Don't try to write to /var/cache/fontconfig at install time.
installFlags = "fc_cachedir=$(TMPDIR)/dummy";
postInstall = ''
cd "$out/etc/fonts" && tar xvf ${infinality_patch} cd "$out/etc/fonts" && tar xvf ${infinality_patch}
''; '';

View file

@ -1,57 +1,52 @@
{ stdenv, fetchurl, gnumake { stdenv, fetchurl, fetchpatch, pkgconfig, which, zlib, bzip2, libpng, gnumake
# FreeType supports sub-pixel rendering. This is patented by # FreeType supports sub-pixel rendering. This is patented by
# Microsoft, so it is disabled by default. This option allows it to # Microsoft, so it is disabled by default. This option allows it to
# be enabled. See http://www.freetype.org/patents.html. # be enabled. See http://www.freetype.org/patents.html.
, useEncumberedCode ? false , useEncumberedCode ? true
, useInfinality ? true
}: }:
assert !(useEncumberedCode && useInfinality); # probably wouldn't make sense
let let
version = "2.5.3";
version = "2.4.12"; fetch_bohoomil = name: sha256: fetchpatch {
url = https://raw.githubusercontent.com/bohoomil/fontconfig-ultimate/8a155db28f264520596cc3e76eb44824bdb30f8e/01_freetype2-iu/ + name;
inherit sha256;
};
in in
with { inherit (stdenv.lib) optional optionalString; };
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "freetype-${version}"; name = "freetype-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/freetype/${name}.tar.bz2"; url = "mirror://sourceforge/freetype/${name}.tar.bz2";
sha256 = "10akr2c37iv9y7fkgwp2szgwjyl2g6qmk9z1m596iaw9cr41g2m7"; sha256 = "0pppcn73b5pwd7zdi9yfx16f5i93y18q7q4jmlkwmwrfsllqp160";
}; };
infinality_patch =
if useInfinality then fetchurl {
url = http://www.infinality.net/fedora/linux/zips/freetype-infinality-2.4.12-20130514_01-x86_64.tar.bz2;
sha256 = "1lg2nzvxmwzwdfhxranw8iyflhr72cw9p11rkpgq1scxbp37668m";
} else null;
configureFlags = "--disable-static";
NIX_CFLAGS_COMPILE = with stdenv.lib;
" -fno-strict-aliasing" # from Gentoo, see https://bugzilla.redhat.com/show_bug.cgi?id=506840
+ optionalString useEncumberedCode " -DFT_CONFIG_OPTION_SUBPIXEL_RENDERING=1"
+ optionalString useInfinality " -DTT_CONFIG_OPTION_SUBPIXEL_HINTING=1";
patches = [ ./enable-validation.patch ] # from Gentoo patches = [ ./enable-validation.patch ] # from Gentoo
++ stdenv.lib.optional useInfinality [ infinality_patch ]; ++ [
(fetch_bohoomil "freetype-2.5.3-pkgconfig.patch" "1dpfdh8kmka3gzv14glz7l79i545zizah6wma937574v5z2iy3nn")
(fetch_bohoomil "fix_segfault_with_harfbuzz.diff" "1nx36inqrw717b86cla2miprdb3hii4vndw95k0jbbhfmax9k6fy")
]
++ optional useEncumberedCode
(fetch_bohoomil "infinality-2.5.3.patch" "0mxiybcb4wwbicrjiinh1b95rv543bh05sdqk1v0ipr3fxfrb47q")
;
propagatedBuildInputs = [ zlib bzip2 libpng ]; # needed when linking against freetype
# dependence on harfbuzz is looser than the reverse dependence
buildInputs = [ pkgconfig which ]
# FreeType requires GNU Make, which is not part of stdenv on FreeBSD.
++ optional (!stdenv.isLinux) gnumake;
# from Gentoo, see https://bugzilla.redhat.com/show_bug.cgi?id=506840
NIX_CFLAGS_COMPILE = "-fno-strict-aliasing";
# The asm for armel is written with the 'asm' keyword. # The asm for armel is written with the 'asm' keyword.
CFLAGS = stdenv.lib.optionalString stdenv.isArm "-std=gnu99"; CFLAGS = optionalString stdenv.isArm "-std=gnu99";
# FreeType requires GNU Make, which is not part of stdenv on FreeBSD.
buildInputs = stdenv.lib.optional (!stdenv.isLinux) gnumake;
enableParallelBuilding = true; enableParallelBuilding = true;
doCheck = true; doCheck = true;
postInstall = postInstall = ''ln -s freetype2 "$out"/include/freetype''; # compat hack
''
ln -s freetype2/freetype $out/include/freetype
'';
crossAttrs = { crossAttrs = {
# Somehow it calls the unwrapped gcc, "i686-pc-linux-gnu-gcc", instead # Somehow it calls the unwrapped gcc, "i686-pc-linux-gnu-gcc", instead
@ -60,13 +55,11 @@ stdenv.mkDerivation rec {
configureFlags = "--disable-static CC_BUILD=gcc"; configureFlags = "--disable-static CC_BUILD=gcc";
}; };
passthru.infinality.useInfinality = useInfinality; # for fontconfig meta = with stdenv.lib; {
meta = {
description = "A font rendering engine"; description = "A font rendering engine";
homepage = http://www.freetype.org/; homepage = http://www.freetype.org/;
license = if useEncumberedCode then "unfree" license = licenses.gpl2Plus; # or the FreeType License (BSD + advertising clause)
else "GPLv2+"; # or the FreeType License (BSD + advertising clause) #ToDo: encumbered = useEncumberedCode;
platforms = stdenv.lib.platforms.all; platforms = platforms.all;
}; };
} }

View file

@ -73,6 +73,10 @@ in
''; '';
}; };
libXfont = attrs: attrs // {
propagatedBuildInputs = [ args.freetype ]; # propagate link reqs. like bzip2
};
libXxf86vm = attrs: attrs // { libXxf86vm = attrs: attrs // {
preConfigure = setMalloc0ReturnsNullCrossCompiling; preConfigure = setMalloc0ReturnsNullCrossCompiling;
}; };
@ -111,6 +115,10 @@ in
libXft = attrs: attrs // { libXft = attrs: attrs // {
propagatedBuildInputs = [ xorg.libXrender args.freetype args.fontconfig ]; propagatedBuildInputs = [ xorg.libXrender args.freetype args.fontconfig ];
preConfigure = setMalloc0ReturnsNullCrossCompiling; preConfigure = setMalloc0ReturnsNullCrossCompiling;
# the include files need ft2build.h, and Requires.private isn't enough for us
postInstall = ''
sed "/^Requires:/s/$/, freetype2/" -i "$out/lib/pkgconfig/xft.pc"
'';
}; };
libXext = attrs: attrs // { libXext = attrs: attrs // {