-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating freetype port to upstream version 2.11.1 (#4) #16298
base: main
Are you sure you want to change the base?
Conversation
tools/ports/freetype.py
Outdated
|
||
|
||
def needed(settings): | ||
return settings.USE_FREETYPE | ||
|
||
|
||
def get(ports, settings, shared): | ||
ports.fetch_project('freetype', 'https://github.com/emscripten-ports/FreeType/archive/' + TAG + '.zip', 'FreeType-' + TAG, sha512hash=HASH) | ||
ports.fetch_project('freetype', 'https://gitlab.freedesktop.org/freetype/freetype/-/archive/' + TAG + '/freetype-' + TAG + '.zip', 'freetype-' + TAG, sha512hash=HASH) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use the github releases at https://github.com/freetype/freetype instead? I think it would be good to avoid depending on another server being up (and we already depend on github.com).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I switched that over, but did not test it. Updated PR coming soon.
My concern about GitHub is that the sha512 of the zip is different from the official one linked from freetype.org. They're the same size and the github one unzips fine.
$ sha512sum VER-2-11-1.zip freetype-VER-2-11-1.zip
07633e8ceae8150e983881396b420af60e64a46520d2abc16e0bf3d7909ae77a1a5ff3e5bdf3a85ee1067df8e493d612f2ed26fd33b6409bec0609eb72fd2e84 VER-2-11-1.zip
5e53276cf0248c61782c6410856230a287c583efdbb8959d4b1d25efdbe8c665ca45a9c952c33c710b595fcf76905375487d3803fb39c2b96dbe253c7664662c freetype-VER-2-11-1.zip
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The official archive looks like they are hosted on download.savannah.gnu.org (see https://freetype.org/download.html) and I don't see any zip file archives at all. For example:
https://download.savannah.gnu.org/releases/freetype/freetype-2.11.1.tar.gz
I'll tell you what, I'll take that office .gz
archive and mirror it then we can use that one? WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mirrored the official freetype-2.11.1.tar.gz at https://storage.googleapis.com/webassembly/emscripten-ports/.
sha512: 610f2377e28cfa4b40db6155bec02b911a93171f0b37efc7d544787468e3e8193c588a381b4743c2206ffee74ea6cdd42ed949f1d7c474e3b123900d23db69e0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. The PR should now use GitHub.
I would prefer to use GitHub over hosting it ourselves if at all possible. We'd replace one problem (old version with unpatched vulnerabilities) with the same problem down the road (old version with unpatched vulnerabilities).
There's a link to the Freetype Gitlab on freedesktop.org on their page. From there, I found the link: https://gitlab.freedesktop.org/freetype/freetype/-/archive/VER-2-11-1/freetype-VER-2-11-1.zip
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The file I mirrored is the official signed tar archive. There are hosted here: https://download.savannah.gnu.org/releases/freetype/. I mirrored freetype-2.11.1.tar.gz from there. The good thing about using our mirror is that it works even when download.savannah.gnu.org
is down. But if you prefer to link to download.savannah.gnu.org
I would be fine with that too. I think its more stable and more official that a zip file generated automatically by gitlab/github based on a tag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, another reason to prefer source releases over git tag archives is that GNU projects often produce source releases that contain more than just the stuff that is stored in git.. they include, for example, the auto-generated configure script (not that we use that).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's go with download.savannah.gnu.org,then. It will be easier to update when it's time to swap to a newer version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sgtm
Freetype v2.11.1
Using download.savannah.gnu.org
CI error suggests the hash must be updated,
|
Fixing hash
@@ -7,21 +7,19 @@ | |||
import shutil | |||
from pathlib import Path | |||
|
|||
TAG = 'version_1' | |||
HASH = '0d0b1280ba0501ad0a23cf1daa1f86821c722218b59432734d3087a89acd22aabd5c3e5e1269700dcd41e87073046e906060f167c032eb91a3ac8c5808a02783' | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
flake8 doesn't like that you removed this line I'm afraid.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like we have several other failures, so I'll bundle this with another fix (if needed).
Looking at the failures, it's not immediately clear if this is a problem with the tests or freetype.
test-core0, test-core2, and test-core3 all look like test failures.
test-mac and test-other could be test errors. In the changelog, it looks like 2.7 changed subpixel hinting, and 2.8 fixed some bugs with that.
https://freetype.org/index.html#news
A rebase should fix the test_dlfcn_self failures. |
We started seeing some intermittent crashes on startup after we upgraded our FreeType from 2.10.4 to 2.11.1. I've been digging into it all morning, and I don't see anything obvious in the FreeType code. The most notable change is a switch from alloc to qalloc (and not 0ing out the new memory). I'm trying to eliminate other possibilities, and one idea was that the .h file that we populate in the port script needs to change. Nothing in the .h file in the ports file jumps out to me, though. I ran emconfigure ./configure in my emsdk install, but it didn't seem to generate a file that matched. How did you initially generate the header file in this? WASM: panic called with reason: unhandled exception: RuntimeError: memory access out of bounds,RuntimeError: memory access out of bounds |
The port now pulls an updated version from the FreeType's Git instead of the ports copy.
The new version introduces several new files that I added to the compile list. It tests fine for us and fixes several security holes vs the ports' 2.6.