Hello community, here is the log from the commit of package freetype2.3653 for openSUSE:13.1:Update checked in at 2015-03-30 16:18:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/freetype2.3653 (Old) and /work/SRC/openSUSE:13.1:Update/.freetype2.3653.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freetype2.3653" Changes: -------- New Changes file: --- /dev/null 2015-03-12 01:14:30.992027505 +0100 +++ /work/SRC/openSUSE:13.1:Update/.freetype2.3653.new/freetype2.changes 2015-03-30 16:18:39.000000000 +0200 @@ -0,0 +1,1098 @@ +------------------------------------------------------------------- +Fri Feb 20 10:13:37 UTC 2015 - nadvor...@suse.com + +- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857, + bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862, + bnc#916863, bnc#916864, bnc#916865, bnc#916867, + bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874, + bnc#916879, bnc#916881) + - CVE-2014-9656.patch + - CVE-2014-9657.patch + - CVE-2014-9658.patch + - CVE-2014-9659.patch + - CVE-2014-9660.patch + - CVE-2014-9661.patch + - CVE-2014-9662.patch + - CVE-2014-9663.patch + - CVE-2014-9664.patch + - CVE-2014-9665.patch + - CVE-2014-9666.patch + - CVE-2014-9667.patch + - CVE-2014-9669.patch + - CVE-2014-9670.patch + - CVE-2014-9671.patch + - CVE-2014-9672.patch + - CVE-2014-9673.patch + - CVE-2014-9674.patch + - CVE-2014-9675.patch + +------------------------------------------------------------------- +Wed Jul 3 08:31:13 UTC 2013 - idon...@suse.com + +- Update to version 2.5.0.1 + * The cache manager function `FTC_Manager_Reset' didn't flush the + cache. + * Behdad Esfahbod (on behalf of Google) contributed support for + color embedded bitmaps (eg. color emoji). + * The old FreeType CFF engine is now disabled by default. + * All code related to macro FT_CONFIG_OPTION_OLD_INTERNALS + has been removed. + * The property API (`FT_Property_Get' and `FT_Property_Set') is + now declared as stable. + * Another round of TrueType subpixel hinting fixes. + * 64bit compilation of the new CFF engine was buggy. + * Some fixes to improve robustness in memory-tight situations. +- Add dependency on libpng-devel for color emoji support. +- Drop freetype-new-cff-engine.patch, upstream now. + +------------------------------------------------------------------- +Sun Jun 9 03:58:33 UTC 2013 - crrodrig...@opensuse.org + +- Library and tools must be compiled with large file + support in 32 bit archs just like the rest of system. + +------------------------------------------------------------------- +Fri May 10 18:05:44 UTC 2013 - idon...@suse.com + +- Update to version 2.4.12 + * A new CFF rendering engine from Adobe + * The macro FT_CONFIG_OPTION_OLD_INTERNALS is no longer set by + default. +- freetype-new-cff-engine.patch: Enable the new CFF engine by default. +- Drop freetype2-no_rpath.patch, not needed. + +------------------------------------------------------------------- +Fri Jan 11 17:12:01 UTC 2013 - j...@suse.com + +- Rediffed patches. +- CVE-2012-5668.patch, CVE-2012-5669.patch, CVE-2012-5670.patch nothing to do. + +------------------------------------------------------------------- +Thu Dec 20 13:56:36 UTC 2012 - idon...@suse.com + +- Update to version 2.4.11 + * Some vulnerabilities in the BDF implementation have been fixed. + * Support for OpenType collections (OTC) has been added. + * Pure CFF fonts within an SFNT wrapper are now supported. + * Minor rendering improvements to the auto-hinter. + * `FT_GlyphSlot_Oblique' now uses a shear angle of 12°. +- Modify freetype2-subpixel.patch for new subpixel hinting option. +- Drop fix-build.patch: no longer needed + +------------------------------------------------------------------- +Sun Jun 17 10:34:24 UTC 2012 - idon...@suse.com + +- Update to version 2.4.10 + * Incremental glyph loading as needed by ghostscript was broken. + * A new function `FT_Outline_EmboldenXY' + * The glyph spacing computation in `FT_GlyphSlot_Embolden' (and + similar code in `ftview') has been improved. + * Minor improvements to the TrueType bytecode interpreter and + glyph loader, the auto-hinter, and the B/W rasterizer. + +------------------------------------------------------------------- +Wed May 9 19:46:11 UTC 2012 - crrodrig...@opensuse.org + +- USe -std=gnu99 in all targets not only on ARM + +------------------------------------------------------------------- +Fri Mar 30 13:11:32 UTC 2012 - idon...@suse.com + +- Unbreak SLE builds + +------------------------------------------------------------------- +Thu Mar 8 21:18:48 UTC 2012 - idon...@suse.com + +- Update to version 2.4.9 + * Fixes CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, + CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, + CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, + CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, + CVE-2012-1142, CVE-2012-1143, CVE-2012-1144 + * The `ENCODING -1 <n>' format of BDF fonts is now supported. + * For BDF fonts, support for the whole Unicode encoding range has + been added. + * Better TTF support for x_ppem != y_ppem. + * `FT_Get_Advances' sometimes returned bogus values. + +------------------------------------------------------------------- +Tue Feb 14 11:17:33 UTC 2012 - cfarr...@suse.com + +- license update: SUSE-Freetype or GPL-2.0+ + Use SUSE- proprietary prefix until upstream spdx.org accepts Freetype as + official license + +------------------------------------------------------------------- +Tue Feb 14 09:21:58 UTC 2012 - sasc...@suse.de + +- Ran spec-cleaner +- Add devel-static provides to devel package (shared library policy) + +------------------------------------------------------------------- +Thu Dec 22 12:39:23 CET 2011 - ti...@suse.de + +- provide libfreetype.la for older distros; otherwise it breaks + too many package builds in M17N repo +- fix build on FACTORY by owning aclocal dir + +------------------------------------------------------------------- +Tue Nov 15 08:24:00 UTC 2011 - idon...@suse.com + +- Update to version 2.4.8 + * Some vulnerabilities in handling CID-keyed PostScript fonts have + been fixed; see CVE-2011-3439 + * Chris Liddell contributed a new API, `FT_Get_PS_Font_Value', to + retrieve most of the dictionary keys in Type 1 fonts. + +------------------------------------------------------------------- +Tue Oct 18 12:11:46 UTC 2011 - idon...@suse.com + +- Update to version 2.4.7 + * Some vulnerabilities in handling Type 1 fonts have been fixed; + see CVE-2011-3256. + * FreeType now properly handles ZapfDingbats glyph names while + constructing a Unicode character map (for fonts which don't have + one). + +------------------------------------------------------------------- +Fri Jul 29 07:41:28 UTC 2011 - idon...@novell.com + +- Update to version 2.4.6 + * For TrueType based fonts, the ascender and descender values were + incorrect sometimes (off by a pixel if the ppem value was not a + multiple of 5). Depending on the use you might now experience + a different layout; the change should result in better, more + consistent line spacing. + * Fix CVE-2011-0226 which causes a vulnerability while handling + Type 1 fonts. + * BDF fonts containing glyphs with negative values for ENCODING + were incorrectly rejected. This bug has been introduced in + FreeType version 2.2.0. + * The behaviour of FT_STROKER_LINEJOIN_BEVEL has been corrected. + * A new line join style, FT_STROKER_LINEJOIN_MITER_FIXED, has + been introduced to support PostScript and PDF miter joins. + * FT_STROKER_LINEJOIN_MITER_VARIABLE has been introduced as an + alias for FT_STROKER_LINEJOIN_MITER. + * Various stroking glitches has been fixed + * SFNT bitmap fonts which contain an outline glyph for `.notdef' + only no longer set the FT_FACE_FLAG_SCALABLE flag. +- Drop bnc704612_othersubr.diff, applied upstream + +------------------------------------------------------------------- +Fri Jul 22 13:41:02 CEST 2011 - k...@suse.de + +- added bnc704612_othersubr.diff, CVE-2011-0226, bnc#704612. + +------------------------------------------------------------------- +Thu Jul 7 13:16:05 UTC 2011 - idon...@novell.com + +- Clean spec file +- Disable static libraries +- Drop unneeded use_unix.diff +- Disable newly introduced bzip2 support, it seems to create + problems with subpixel rendering + +------------------------------------------------------------------- +Sat Jun 25 08:37:55 UTC 2011 - idon...@novell.com + ++++ 901 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.freetype2.3653.new/freetype2.changes New Changes file: --- /dev/null 2015-03-12 01:14:30.992027505 +0100 +++ /work/SRC/openSUSE:13.1:Update/.freetype2.3653.new/ft2demos.changes 2015-03-30 16:18:39.000000000 +0200 @@ -0,0 +1,768 @@ +------------------------------------------------------------------- +Fri Feb 20 10:13:37 UTC 2015 - nadvor...@suse.com + +- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857, + bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862, + bnc#916863, bnc#916864, bnc#916865, bnc#916867, + bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874, + bnc#916879, bnc#916881) + - CVE-2014-9656.patch + - CVE-2014-9657.patch + - CVE-2014-9658.patch + - CVE-2014-9659.patch + - CVE-2014-9660.patch + - CVE-2014-9661.patch + - CVE-2014-9662.patch + - CVE-2014-9663.patch + - CVE-2014-9664.patch + - CVE-2014-9665.patch + - CVE-2014-9666.patch + - CVE-2014-9667.patch + - CVE-2014-9669.patch + - CVE-2014-9670.patch + - CVE-2014-9671.patch + - CVE-2014-9672.patch + - CVE-2014-9673.patch + - CVE-2014-9674.patch + - CVE-2014-9675.patch + +------------------------------------------------------------------- +Wed Jul 3 08:33:20 UTC 2013 - idon...@suse.com + +- Update to version 2.5.0 + * ftview has been updated to support color embedded bitmaps. + * The 'ttdebug' program has been further improved. In particular, + it accepts a new command line option `-H' to select the hinting + engine. + +------------------------------------------------------------------- +Wed Jun 12 08:46:35 UTC 2013 - wer...@suse.com + +- Add conflict to package dtc for /usr/bin/ftdump as the two tools + are different, + dtc: ftdump -- Flat Tree dumping utility + ft2demos: ftdump -- Simple font dumper + +------------------------------------------------------------------- +Fri May 10 18:09:21 UTC 2013 - idon...@suse.com + +- Update to version 2.4.12 + * Using the `H' key, it is now possible to select the CFF engine + in both ftview and ftdiff. + * The new command line option '-H' for `ftbench' selects the Adobe + CFF engine. + * It is now possible to directly select the LCD rendering mode + with the keys 'A'-'F' in 'ftview'. The key mapping for cycling + through LCD modes has been changed from 'K' and 'L' to 'k' and + 'l', and toggling custom LCD filtering is no longer mapped to + key 'F' but to key 'L'. + * In `ftdiff', key 'x' toggles between layout modes: Either use + the advance width (this is new and now the default) or the + bounding box information to determine line breaks. + * For all demo tools, the new command line option `-v' shows the + version. + * For the demo tools with a GUI, the new command line options '-w' + and '-h' select the width and the height of the output window, + respectively. +- Drop ft2demos-build-testname.patch, not needed. + +------------------------------------------------------------------- +Fri Jan 11 17:12:14 UTC 2013 - j...@suse.com + +- Rediffed patches. +- CVE-2012-5668.patch, CVE-2012-5669.patch, CVE-2012-5670.patch nothing to do. + +------------------------------------------------------------------- +Thu Dec 20 13:57:51 UTC 2012 - idon...@suse.com + +- Update to version 2.4.11 + * ftdiff now supports UTF-8 encoded input files for option `-f'. + * Using keys `r' and `R', you can now adjust the stroker radius in + ftview. + +------------------------------------------------------------------- +Sun Jun 17 10:35:24 UTC 2012 - idon...@suse.com + +- Update to version 2.4.10 + * In the `ftview' demo program, key `e' has been replaced with `x' + and `y' to embolden in the horizontal and vertical direction, + respectively. + +------------------------------------------------------------------- +Thu Mar 8 21:20:31 UTC 2012 - idon...@suse.com + +- Update to version 2.4.9 + * The demo programs no longer recognize and handle default + suffixes; you now have to always specify the complete font name. + * Better rendering and LCD mode cycling added to ftview. + +------------------------------------------------------------------- +Tue Feb 14 09:21:51 UTC 2012 - sasc...@suse.de + +- Ran spec-cleaner + +------------------------------------------------------------------- +Tue Nov 15 08:24:39 UTC 2011 - idon...@suse.com + +- Update to version 2.4.8 + * No changes since 2.4.5 + +------------------------------------------------------------------- +Tue Oct 18 12:12:44 UTC 2011 - idon...@suse.com + +- Update to version 2.4.7 + * No changes since 2.4.5 + +------------------------------------------------------------------- +Fri Jul 29 07:44:56 UTC 2011 - idon...@novell.com + +- Update to version 2.4.6 + * No changes since 2.4.5 + +------------------------------------------------------------------- +Fri Jul 22 13:41:52 CEST 2011 - k...@suse.de + +- added bnc704612_othersubr.diff, CVE-2011-0226, bnc#704612. + +------------------------------------------------------------------- +Thu Jul 7 13:20:45 UTC 2011 - idon...@novell.com + +- Cleanup spec file +- Drop unneeded use_unix.diff + +------------------------------------------------------------------- +Sat Jun 25 08:43:59 UTC 2011 - idon...@novell.com + +- Update to version 2.4.5 + * The `ftgrid' demo program can now display autohinter segments, + to be toggled on and off with key `s'. + +------------------------------------------------------------------- +Fri Feb 25 12:06:26 UTC 2011 - j...@novell.com + +- bnc647375: CVE-2010-3814, regression test added. + +------------------------------------------------------------------- +Tue Dec 7 17:52:34 UTC 2010 - j...@novell.com + +- Several old patches got lost. Reapplying: + * added bnc641580_CVE-2010-3311.diff incl. test-case for bnc#641580 + * bnc633943_CVE-2010-3054 nothing to do. + * bnc633938_CVE-2010-3053 nothing to do. + * bnc633938_badbdf.0 regression test added. + +------------------------------------------------------------------- +Fri Oct 29 16:25:22 UTC 2010 - fi...@opensuse.org + +- Updated to version 2.4.3: + + Make `grKey' enum comprehensive for gcc 4.5 compatibility. + + [ftbench] Add option `-i' to specify first used glyph index. + +------------------------------------------------------------------- +Thu Aug 12 09:53:12 UTC 2010 - j...@novell.com + +- bnc#628213: added bnc628213_1797.diff + regression test +- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2 +- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito. + added sigsegv31.ttf regression test + +------------------------------------------------------------------- +Mon Aug 9 12:48:18 CEST 2010 - ti...@suse.de + +- updated to version 2.4.2: + Another serious bug in the CFF font module has been found, + together with more exploitable vulnerabilities in the T42 font + driver. + +------------------------------------------------------------------- +Tue Jul 20 17:50:44 CEST 2010 - ti...@suse.de + +- updated to version 2.4.1: + * major version up + * bytecode interpreter is enabled as default in the upstream + * doc-reference is redundant, removed + +------------------------------------------------------------------- +Wed Mar 31 15:08:24 UTC 2010 - co...@novell.com + +- update to version 2.3.12: + brings considerable improvements for b/w rasterizing of hinted + TrueType fonts at small sizes, see NEWS for more details + +------------------------------------------------------------------- +Mon Jul 27 15:05:32 CEST 2009 - ti...@suse.de + +- updated to version 2.3.9: + * see URLs below + http://www.freetype.org/index2.html#release-freetype-2.3.9 ++++ 571 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.freetype2.3653.new/ft2demos.changes New: ---- CVE-2014-9656.patch CVE-2014-9657.patch CVE-2014-9658.patch CVE-2014-9659.patch CVE-2014-9660.patch CVE-2014-9661.patch CVE-2014-9662.patch CVE-2014-9663.patch CVE-2014-9664.patch CVE-2014-9665.patch CVE-2014-9666.patch CVE-2014-9667.patch CVE-2014-9669.patch CVE-2014-9670.patch CVE-2014-9671.patch CVE-2014-9672.patch CVE-2014-9673.patch CVE-2014-9674.patch CVE-2014-9675.patch baselibs.conf bnc628213_test.otf bnc629447_sigsegv31.ttf bnc633938_badbdf.0 bug-641580_CVE-2010-3311.cff bug-647375_tt2.ttf bugzilla-308961-cmex-workaround.patch freetype-2.5.0.1.tar.bz2 freetype-doc-2.5.0.tar.bz2 freetype2-bitmap-foundry.patch freetype2-subpixel.patch freetype2.changes freetype2.spec ft2demos-2.5.0.tar.bz2 ft2demos.changes ft2demos.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freetype2.spec ++++++ # # spec file for package freetype2 # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: freetype2 BuildRequires: gawk BuildRequires: libpng-devel BuildRequires: pkg-config BuildRequires: zlib-devel # bug437293 %ifarch ppc64 Obsoletes: freetype2-64bit %endif # %define doc_version 2.5.0 Version: 2.5.0.1 Release: 0 Summary: A TrueType Font Library License: SUSE-Freetype or GPL-2.0+ Group: System/Libraries Url: http://www.freetype.org Source0: http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.bz2 Source1: http://download.savannah.gnu.org/releases/freetype/freetype-doc-%{doc_version}.tar.bz2 Source3: baselibs.conf Patch1: freetype2-bitmap-foundry.patch Patch308961: bugzilla-308961-cmex-workaround.patch Patch200: freetype2-subpixel.patch Patch300: CVE-2014-9656.patch Patch301: CVE-2014-9657.patch Patch302: CVE-2014-9658.patch Patch303: CVE-2014-9659.patch Patch304: CVE-2014-9660.patch Patch305: CVE-2014-9661.patch Patch306: CVE-2014-9662.patch Patch307: CVE-2014-9663.patch Patch308: CVE-2014-9664.patch Patch309: CVE-2014-9665.patch Patch310: CVE-2014-9666.patch Patch311: CVE-2014-9667.patch Patch313: CVE-2014-9669.patch Patch314: CVE-2014-9670.patch Patch315: CVE-2014-9671.patch Patch316: CVE-2014-9672.patch Patch317: CVE-2014-9673.patch Patch318: CVE-2014-9674.patch Patch319: CVE-2014-9675.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This library features TrueType fonts for open source projects. This version also contains an autohinter for producing improved output. %package -n libfreetype6 Summary: A TrueType Font Library Group: System/Libraries Obsoletes: freetype2 < %{version} Provides: freetype2 = %{version} %description -n libfreetype6 This library features TrueType fonts for open source projects. This version also contains an autohinter for producing improved output. %package devel Summary: Development environment for the freetype2 TrueType font library Group: Development/Libraries/C and C++ Requires: libfreetype6 = %{version} Requires: zlib-devel # bug437293 %ifarch ppc64 Obsoletes: freetype2-devel-64bit %endif # there is no freetype-devel on suse: Provides: freetype-devel # Static library provides: Provides: libfreetype6-devel-static %description devel This package contains all necessary include files, libraries and documentation needed to develop applications that require the freetype2 TrueType font library. It also contains a small tutorial for using that library. %prep %define enable_subpixel_rendering 0 %setup -q -n freetype-%{version} -a 1 %patch1 -p1 %patch308961 -p 1 %if %{enable_subpixel_rendering} %patch200 -p1 %endif %patch300 -p1 %patch301 -p1 %patch302 -p1 %patch303 -p1 %patch304 -p1 %patch305 -p1 %patch306 -p1 %patch307 -p1 %patch308 -p1 %patch309 -p1 %patch310 -p1 %patch311 -p1 %patch313 -p1 %patch314 -p1 %patch315 -p1 %patch316 -p1 %patch317 -p1 %patch318 -p1 %patch319 -p1 %build export CFLAGS="%optflags -std=gnu99 -D_GNU_SOURCE $(getconf LFS_CFLAGS)" %configure --without-bzip2 \ --disable-static make %{?_smp_mflags} %install %makeinstall # remove documentation that does not belong in an rpm rm docs/INSTALL* %post -n libfreetype6 -p /sbin/ldconfig %postun -n libfreetype6 -p /sbin/ldconfig %files -n libfreetype6 %defattr(-,root,root) %{_libdir}/libfreetype.so.* %doc ChangeLog README %doc docs/{CHANGES,CUSTOMIZE,DEBUG,MAKEPP,PROBLEMS,TODO,*.txt} %files devel %defattr(-,root,root) %doc docs/reference/* %{_includedir}/* %if 0%{?suse_version} >= 1140 %exclude %{_libdir}/libfreetype.*a %else %{_libdir}/libfreetype.*a %endif %{_libdir}/libfreetype.so %{_libdir}/pkgconfig/freetype2.pc %{_bindir}/* %{_datadir}/aclocal %changelog ++++++ ft2demos.spec ++++++ # # spec file for package ft2demos # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: ft2demos Version: 2.5.0 Release: 0 Summary: Freetype2 Utilities and Demo Programs License: GPL-2.0+ Group: Productivity/Publishing/Other %define freetype_version 2.5.0.1 Url: http://www.freetype.org Source0: http://savannah.nongnu.org/download/freetype/freetype-%{freetype_version}.tar.bz2 Source1: http://savannah.nongnu.org/download/freetype/ft2demos-%{version}.tar.bz2 Patch308961: bugzilla-308961-cmex-workaround.patch Patch200: freetype2-subpixel.patch Patch300: CVE-2014-9656.patch Patch301: CVE-2014-9657.patch Patch302: CVE-2014-9658.patch Patch303: CVE-2014-9659.patch Patch304: CVE-2014-9660.patch Patch305: CVE-2014-9661.patch Patch306: CVE-2014-9662.patch Patch307: CVE-2014-9663.patch Patch308: CVE-2014-9664.patch Patch309: CVE-2014-9665.patch Patch310: CVE-2014-9666.patch Patch311: CVE-2014-9667.patch Patch313: CVE-2014-9669.patch Patch314: CVE-2014-9670.patch Patch315: CVE-2014-9671.patch Patch316: CVE-2014-9672.patch Patch317: CVE-2014-9673.patch Patch318: CVE-2014-9674.patch Patch319: CVE-2014-9675.patch BuildRequires: libpng-devel BuildRequires: xorg-x11-devel Conflicts: dtc Supplements: fonts-config Source1000: bnc628213_test.otf Source1004: bnc629447_sigsegv31.ttf Source1013: bnc633938_badbdf.0 Source1015: bug-641580_CVE-2010-3311.cff Source1016: bug-647375_tt2.ttf BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Freetype2 utilities and demo programs. %prep %define enable_subpixel_rendering 0%{?opensuse_bs} %setup -q -n freetype-%{freetype_version} -b 1 %patch308961 -p 1 %if %{enable_subpixel_rendering} %patch200 -p 1 -b .subpixel %endif %patch300 -p1 %patch301 -p1 %patch302 -p1 %patch303 -p1 %patch304 -p1 %patch305 -p1 %patch306 -p1 %patch307 -p1 %patch308 -p1 %patch309 -p1 %patch310 -p1 %patch311 -p1 %patch313 -p1 %patch314 -p1 %patch315 -p1 %patch316 -p1 %patch317 -p1 %patch318 -p1 %patch319 -p1 %build export CFLAGS="%optflags -std=gnu99 -D_GNU_SOURCE $(getconf LFS_CFLAGS)" %configure --without-bzip2 make %{?_smp_mflags} pushd .. ln -s freetype-%{freetype_version} freetype2 cd ft2demos-%{version} make %{?_smp_mflags} popd %install mkdir -p %{buildroot}%{_bindir} pushd ../ft2demos-%{version}/bin/.libs install -m 755 ft* %{buildroot}%{_bindir} popd %check %{buildroot}%{_bindir}/ftbench -c 1 %{S:1000} %{buildroot}%{_bindir}/ftbench -c 1 %{S:1004} |& grep -v "couldn't load font resource" && echo "should fail" %{buildroot}%{_bindir}/ftbench -c 1 %{S:1013} |& grep -v "couldn't load font resource" && echo "should fail" %{buildroot}%{_bindir}/ftbench -c 1 %{S:1015} |& grep -v "couldn't load font resource" && echo "should fail" %{buildroot}%{_bindir}/ftbench -c 1 %{S:1016} %files %defattr(-,root,root) %{_bindir}/ft* %changelog ++++++ CVE-2014-9656.patch ++++++ >From f0292bb9920aa1dbfed5f53861e7c7a89b35833a Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Mon, 24 Nov 2014 09:51:21 +0000 Subject: [sfnt] Fix Savannah bug #43680. This adds an additional constraint to make the fix from 2013-01-25 really work. * src/sfnt/ttsbit.c (tt_sbit_decoder_load_image) <index_format==4>: Check `p' before `num_glyphs'. --- diff --git a/src/sfnt/ttsbit.c b/src/sfnt/ttsbit.c index b37bd7d..c2db96c 100644 --- a/src/sfnt/ttsbit.c +++ b/src/sfnt/ttsbit.c @@ -1170,7 +1170,8 @@ num_glyphs = FT_NEXT_ULONG( p ); /* overflow check for p + ( num_glyphs + 1 ) * 4 */ - if ( num_glyphs > (FT_ULong)( ( ( p_limit - p ) >> 2 ) - 1 ) ) + if ( p + 4 > p_limit || + num_glyphs > (FT_ULong)( ( ( p_limit - p ) >> 2 ) - 1 ) ) goto NoBitmap; for ( mm = 0; mm < num_glyphs; mm++ ) -- cgit v0.9.0.2 ++++++ CVE-2014-9657.patch ++++++ >From eca0f067068020870a429fe91f6329e499390d55 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Mon, 24 Nov 2014 09:22:08 +0000 Subject: [truetype] Fix Savannah bug #43679. * src/truetype/ttpload.c (tt_face_load_hdmx): Check minimum size of `record_size'. --- diff --git a/src/truetype/ttpload.c b/src/truetype/ttpload.c index 9723a51..9991925 100644 --- a/src/truetype/ttpload.c +++ b/src/truetype/ttpload.c @@ -508,9 +508,9 @@ record_size = FT_NEXT_ULONG( p ); /* The maximum number of bytes in an hdmx device record is the */ - /* maximum number of glyphs + 2; this is 0xFFFF + 2; this is */ - /* the reason why `record_size' is a long (which we read as */ - /* unsigned long for convenience). In practice, two bytes */ + /* maximum number of glyphs + 2; this is 0xFFFF + 2, thus */ + /* explaining why `record_size' is a long (which we read as */ + /* unsigned long for convenience). In practice, two bytes are */ /* sufficient to hold the size value. */ /* */ /* There are at least two fonts, HANNOM-A and HANNOM-B version */ @@ -522,8 +522,10 @@ record_size &= 0xFFFFU; /* The limit for `num_records' is a heuristic value. */ - - if ( version != 0 || num_records > 255 || record_size > 0x10001L ) + if ( version != 0 || + num_records > 255 || + record_size > 0x10001L || + record_size < 4 ) { error = FT_THROW( Invalid_File_Format ); goto Fail; -- cgit v0.9.0.2 ++++++ CVE-2014-9658.patch ++++++ >From f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Mon, 24 Nov 2014 08:31:32 +0000 Subject: [sfnt] Fix Savannah bug #43672. * src/sfnt/ttkern.c (tt_face_load_kern): Use correct value for minimum table length test. --- diff --git a/src/sfnt/ttkern.c b/src/sfnt/ttkern.c index 32c4008..455e7b5 100644 --- a/src/sfnt/ttkern.c +++ b/src/sfnt/ttkern.c @@ -99,7 +99,7 @@ length = FT_NEXT_USHORT( p ); coverage = FT_NEXT_USHORT( p ); - if ( length <= 6 ) + if ( length <= 6 + 8 ) break; p_next += length; -- cgit v0.9.0.2 ++++++ CVE-2014-9659.patch ++++++ >From 2cdc4562f873237f1c77d43540537c7a721d3fd8 Mon Sep 17 00:00:00 2001 From: Dave Arnold <darn...@adobe.com> Date: Thu, 04 Dec 2014 05:10:16 +0000 Subject: [cff] Fix Savannah bug #43661. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdHSTEM, cf2_cmdVSTEM, cf2_cmdHINTMASK>: Don't append to stem arrays after hintmask is constructed. * src/cff/cf2hints.c (cf2_hintmap_build): Add defensive code to avoid reading past end of hintmask. --- diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c index 81049f4..28a892b 100644 --- a/src/cff/cf2hints.c +++ b/src/cff/cf2hints.c @@ -794,9 +794,12 @@ maskPtr = cf2_hintmask_getMaskPtr( &tempHintMask ); /* use the hStem hints only, which are first in the mask */ - /* TODO: compare this to cffhintmaskGetBitCount */ bitCount = cf2_arrstack_size( hStemHintArray ); + /* Defense-in-depth. Should never return here. */ + if ( bitCount > hintMask->bitCount ) + return; + /* synthetic embox hints get highest priority */ if ( font->blues.doEmBoxHints ) { diff --git a/src/cff/cf2intrp.c b/src/cff/cf2intrp.c index 5610917..a269606 100644 --- a/src/cff/cf2intrp.c +++ b/src/cff/cf2intrp.c @@ -4,7 +4,7 @@ /* */ /* Adobe's CFF Interpreter (body). */ /* */ -/* Copyright 2007-2013 Adobe Systems Incorporated. */ +/* Copyright 2007-2014 Adobe Systems Incorporated. */ /* */ /* This software, and all works of authorship, whether in source or */ /* object code form as indicated by the copyright notice(s) included */ @@ -593,8 +593,11 @@ /* never add hints after the mask is computed */ if ( cf2_hintmask_isValid( &hintMask ) ) + { FT_TRACE4(( "cf2_interpT2CharString:" " invalid horizontal hint mask\n" )); + break; + } cf2_doStems( font, opStack, @@ -614,8 +617,11 @@ /* never add hints after the mask is computed */ if ( cf2_hintmask_isValid( &hintMask ) ) + { FT_TRACE4(( "cf2_interpT2CharString:" " invalid vertical hint mask\n" )); + break; + } cf2_doStems( font, opStack, @@ -1141,15 +1147,16 @@ /* `cf2_hintmask_read' (which also traces the mask bytes) */ FT_TRACE4(( op1 == cf2_cmdCNTRMASK ? " cntrmask" : " hintmask" )); - /* if there are arguments on the stack, there this is an */ - /* implied cf2_cmdVSTEMHM */ - if ( cf2_stack_count( opStack ) != 0 ) + /* never add hints after the mask is computed */ + if ( cf2_stack_count( opStack ) > 1 && + cf2_hintmask_isValid( &hintMask ) ) { - /* never add hints after the mask is computed */ - if ( cf2_hintmask_isValid( &hintMask ) ) - FT_TRACE4(( "cf2_interpT2CharString: invalid hint mask\n" )); + FT_TRACE4(( "cf2_interpT2CharString: invalid hint mask\n" )); + break; } + /* if there are arguments on the stack, there this is an */ + /* implied cf2_cmdVSTEMHM */ cf2_doStems( font, opStack, &vStemHintArray, -- cgit v0.9.0.2 ++++++ CVE-2014-9660.patch ++++++ >From af8346172a7b573715134f7a51e6c5c60fa7f2ab Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Sat, 22 Nov 2014 12:29:10 +0000 Subject: [bdf] Fix Savannah bug #43660. * src/bdf/bdflib.c (_bdf_parse_glyphs) <"ENDFONT">: Check `_BDF_GLYPH_BITS'. --- Index: freetype-2.5.0.1/src/bdf/bdflib.c =================================================================== --- freetype-2.5.0.1.orig/src/bdf/bdflib.c +++ freetype-2.5.0.1/src/bdf/bdflib.c @@ -1544,6 +1544,14 @@ /* Check for the ENDFONT field. */ if ( ft_memcmp( line, "ENDFONT", 7 ) == 0 ) { + if ( p->flags & _BDF_GLYPH_BITS ) + { + /* Missing ENDCHAR field. */ + FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "ENDCHAR" )); + error = FT_THROW( Corrupted_Font_Glyphs ); + goto Exit; + } + /* Sort the glyphs by encoding. */ ft_qsort( (char *)font->glyphs, font->glyphs_used, ++++++ CVE-2014-9661.patch ++++++ From: Werner Lemberg <w...@gnu.org> Date: Sat, 22 Nov 2014 09:46:47 +0000 Subject: [type42] Fix Savannah bug #43659. * src/type42/t42objs.c (T42_Open_Face): Initialize `face->ttf_size'. * src/type42/t42parse.c (t42_parse_sfnts): Always set `face->ttf_size' directly. This ensures a correct stream size in the call to `FT_Open_Face', which follows after parsing, even for buggy input data. Fix error messages. From: Werner Lemberg <w...@gnu.org> Date: Sat, 22 Nov 2014 11:44:33 +0000 Subject: [type42] Allow only embedded TrueType fonts. This is a follow-up to Savannah bug #43659. * src/type42/t42objs.c (T42_Face_Init): Exclusively use the `truetype' font driver for loading the font contained in the `sfnts' array. --- diff --git a/src/type42/t42objs.c b/src/type42/t42objs.c --- a/src/type42/t42objs.c +++ b/src/type42/t42objs.c @@ -47,6 +47,12 @@ if ( FT_ALLOC( face->ttf_data, 12 ) ) goto Exit; + /* while parsing the font we always update `face->ttf_size' so that */ + /* even in case of buggy data (which might lead to premature end of */ + /* scanning without causing an error) the call to `FT_Open_Face' in */ + /* `T42_Face_Init' passes the correct size */ + face->ttf_size = 12; + error = t42_parser_init( parser, face->root.stream, memory, @@ -292,7 +292,9 @@ FT_Open_Args args; - args.flags = FT_OPEN_MEMORY; + args.flags = FT_OPEN_MEMORY | FT_OPEN_DRIVER; + args.driver = FT_Get_Module( FT_FACE_LIBRARY( face ), + "truetype" ); args.memory_base = face->ttf_data; args.memory_size = face->ttf_size; diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c index a60e216..daf304d 100644 --- a/src/type42/t42parse.c +++ b/src/type42/t42parse.c @@ -524,7 +524,7 @@ FT_Byte* limit = parser->root.limit; FT_Error error; FT_Int num_tables = 0; - FT_ULong count, ttf_size = 0; + FT_ULong count; FT_Long n, string_size, old_string_size, real_size; FT_Byte* string_buf = NULL; @@ -617,7 +617,7 @@ if ( limit - parser->root.cursor < string_size ) { - FT_ERROR(( "t42_parse_sfnts: too many binary data\n" )); + FT_ERROR(( "t42_parse_sfnts: too much binary data\n" )); error = FT_THROW( Invalid_File_Format ); goto Fail; } @@ -657,18 +657,18 @@ } else { - num_tables = 16 * face->ttf_data[4] + face->ttf_data[5]; - status = BEFORE_TABLE_DIR; - ttf_size = 12 + 16 * num_tables; + num_tables = 16 * face->ttf_data[4] + face->ttf_data[5]; + status = BEFORE_TABLE_DIR; + face->ttf_size = 12 + 16 * num_tables; - if ( FT_REALLOC( face->ttf_data, 12, ttf_size ) ) + if ( FT_REALLOC( face->ttf_data, 12, face->ttf_size ) ) goto Fail; } /* fall through */ case BEFORE_TABLE_DIR: /* the offset table is read; read the table directory */ - if ( count < ttf_size ) + if ( count < face->ttf_size ) { face->ttf_data[count++] = string_buf[n]; continue; @@ -687,24 +687,23 @@ len = FT_PEEK_ULONG( p ); /* Pad to a 4-byte boundary length */ - ttf_size += ( len + 3 ) & ~3; + face->ttf_size += ( len + 3 ) & ~3; } - status = OTHER_TABLES; - face->ttf_size = ttf_size; + status = OTHER_TABLES; /* there are no more than 256 tables, so no size check here */ if ( FT_REALLOC( face->ttf_data, 12 + 16 * num_tables, - ttf_size + 1 ) ) + face->ttf_size + 1 ) ) goto Fail; } /* fall through */ case OTHER_TABLES: /* all other tables are just copied */ - if ( count >= ttf_size ) + if ( count >= face->ttf_size ) { - FT_ERROR(( "t42_parse_sfnts: too many binary data\n" )); + FT_ERROR(( "t42_parse_sfnts: too much binary data\n" )); error = FT_THROW( Invalid_File_Format ); goto Fail; } -- cgit v0.9.0.2 ++++++ CVE-2014-9662.patch ++++++ >From 5f201ab5c24cb69bc96b724fd66e739928d6c5e2 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Sat, 22 Nov 2014 08:16:39 +0000 Subject: [cff] Fix Savannah bug #43658. * src/cff/cf2ft.c (cf2_builder_lineTo, cf2_builder_cubeTo): Handle return values of point allocation routines. --- diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c index cb8d31c..ebba469 100644 --- a/src/cff/cf2ft.c +++ b/src/cff/cf2ft.c @@ -142,6 +142,8 @@ cf2_builder_lineTo( CF2_OutlineCallbacks callbacks, const CF2_CallbackParams params ) { + FT_Error error; + /* downcast the object pointer */ CF2_Outline outline = (CF2_Outline)callbacks; CFF_Builder* builder; @@ -156,15 +158,27 @@ { /* record the move before the line; also check points and set */ /* `path_begun' */ - cff_builder_start_point( builder, - params->pt0.x, - params->pt0.y ); + error = cff_builder_start_point( builder, + params->pt0.x, + params->pt0.y ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } } /* `cff_builder_add_point1' includes a check_points call for one point */ - cff_builder_add_point1( builder, - params->pt1.x, - params->pt1.y ); + error = cff_builder_add_point1( builder, + params->pt1.x, + params->pt1.y ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } } @@ -172,6 +186,8 @@ cf2_builder_cubeTo( CF2_OutlineCallbacks callbacks, const CF2_CallbackParams params ) { + FT_Error error; + /* downcast the object pointer */ CF2_Outline outline = (CF2_Outline)callbacks; CFF_Builder* builder; @@ -186,13 +202,25 @@ { /* record the move before the line; also check points and set */ /* `path_begun' */ - cff_builder_start_point( builder, - params->pt0.x, - params->pt0.y ); + error = cff_builder_start_point( builder, + params->pt0.x, + params->pt0.y ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } } /* prepare room for 3 points: 2 off-curve, 1 on-curve */ - cff_check_points( builder, 3 ); + error = cff_check_points( builder, 3 ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } cff_builder_add_point( builder, params->pt1.x, -- cgit v0.9.0.2 ++++++ CVE-2014-9663.patch ++++++ >From 9bd20b7304aae61de5d50ac359cf27132bafd4c1 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Sat, 22 Nov 2014 05:24:45 +0000 Subject: [sfnt] Fix Savannah bug #43656. * src/sfnt/ttcmap.c (tt_cmap4_validate): Fix order of validity tests. --- Index: freetype-2.5.0.1/src/sfnt/ttcmap.c =================================================================== --- freetype-2.5.0.1.orig/src/sfnt/ttcmap.c +++ freetype-2.5.0.1/src/sfnt/ttcmap.c @@ -823,9 +823,6 @@ FT_Error error = FT_Err_Ok; - if ( length < 16 ) - FT_INVALID_TOO_SHORT; - /* in certain fonts, the `length' field is invalid and goes */ /* out of bound. We try to correct this here... */ if ( table + length > valid->limit ) @@ -836,6 +833,9 @@ length = (FT_UInt)( valid->limit - table ); } + if ( length < 16 ) + FT_INVALID_TOO_SHORT; + p = table + 6; num_segs = TT_NEXT_USHORT( p ); /* read segCountX2 */ ++++++ CVE-2014-9664.patch ++++++ >From dd89710f0f643eb0f99a3830e0712d26c7642acd Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Fri, 21 Nov 2014 21:19:28 +0000 Subject: [type1, type42] Fix Savannah bug #43655. * src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c (t42_parse_charstrings): Fix boundary testing. >From 73be9f9ab67842cfbec36ee99e8d2301434c84ca Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Mon, 24 Nov 2014 06:30:05 +0000 Subject: [type1, type42] Another fix for Savannah bug #43655. * src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c (t42_parse_charstrings): Add another boundary testing. --- diff --git a/src/type1/t1load.c b/src/type1/t1load.c --- a/src/type1/t1load.c +++ b/src/type1/t1load.c @@ -1596,6 +1596,11 @@ } T1_Skip_PS_Token( parser ); + if ( parser->root.cursor >= limit ) + { + error = FT_THROW( Invalid_File_Format ); + goto Fail; + } if ( parser->root.error ) return; @@ -1604,7 +1604,7 @@ FT_PtrDist len; - if ( cur + 1 >= limit ) + if ( cur + 2 >= limit ) { error = FT_THROW( Invalid_File_Format ); goto Fail; diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c --- a/src/type42/t42parse.c +++ b/src/type42/t42parse.c @@ -849,6 +849,12 @@ break; T1_Skip_PS_Token( parser ); + if ( parser->root.cursor >= limit ) + { + FT_ERROR(( "t42_parse_charstrings: out of bounds\n" )); + error = FT_THROW( Invalid_File_Format ); + goto Fail; + } if ( parser->root.error ) return; @@ -858,7 +858,7 @@ FT_PtrDist len; - if ( cur + 1 >= limit ) + if ( cur + 2 >= limit ) { FT_ERROR(( "t42_parse_charstrings: out of bounds\n" )); error = FT_THROW( Invalid_File_Format ); -- cgit v0.9.0.2 ++++++ CVE-2014-9665.patch ++++++ >From 54abd22891bd51ef8b533b24df53b3019b5cee81 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Sat, 15 Nov 2014 08:05:22 +0000 Subject: [sfnt] Fix Savannah bug #43597. * src/sfnt/pngshim.c (Load_SBit_Png): Protect against too large bitmaps. >From b3500af717010137046ec4076d1e1c0641e33727 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Wed, 19 Nov 2014 20:28:21 +0000 Subject: Change some fields in `FT_Bitmap' to unsigned type. This doesn't break ABI. * include/ftimage.h (FT_Bitmap): Make `rows', `width', `num_grays', `pixel_mode', and `palette_mode' unsigned types. * src/base/ftbitmap.c: Updated. (FT_Bitmap_Copy): Fix casts. * src/cache/ftcsbits.c, src/raster/ftraster.c, src/sfnt/pngshim.c: Updated. --- Index: freetype-2.5.0.1/src/sfnt/pngshim.c =================================================================== --- freetype-2.5.0.1.orig/src/sfnt/pngshim.c +++ freetype-2.5.0.1/src/sfnt/pngshim.c @@ -196,8 +196,8 @@ png_byte* *rows; - if ( x_offset < 0 || x_offset + metrics->width > map->width || - y_offset < 0 || y_offset + metrics->height > map->rows || + if ( x_offset < 0 || (FT_UInt)x_offset + metrics->width > map->width || + y_offset < 0 || (FT_UInt)y_offset + metrics->height > map->rows || pix_bits != 32 || map->pixel_mode != FT_PIXEL_MODE_BGRA ) { error = FT_THROW( Invalid_Argument ); Index: freetype-2.5.0.1/include/freetype/ftimage.h =================================================================== --- freetype-2.5.0.1.orig/include/freetype/ftimage.h +++ freetype-2.5.0.1/include/freetype/ftimage.h @@ -318,13 +318,13 @@ FT_BEGIN_HEADER /* */ typedef struct FT_Bitmap_ { - int rows; - int width; + unsigned int rows; + unsigned int width; int pitch; unsigned char* buffer; - short num_grays; - char pixel_mode; - char palette_mode; + unsigned short num_grays; + unsigned char pixel_mode; + unsigned char palette_mode; void* palette; } FT_Bitmap; Index: freetype-2.5.0.1/src/base/ftbitmap.c =================================================================== --- freetype-2.5.0.1.orig/src/base/ftbitmap.c +++ freetype-2.5.0.1/src/base/ftbitmap.c @@ -62,7 +62,7 @@ if ( pitch < 0 ) pitch = -pitch; - size = (FT_ULong)( pitch * source->rows ); + size = (FT_ULong)pitch * source->rows; if ( target->buffer ) { @@ -72,7 +72,7 @@ if ( target_pitch < 0 ) target_pitch = -target_pitch; - target_size = (FT_ULong)( target_pitch * target->rows ); + target_size = (FT_ULong)target_pitch * target->rows; if ( target_size != size ) (void)FT_QREALLOC( target->buffer, target_size, size ); @@ -106,7 +106,7 @@ int pitch; int new_pitch; FT_UInt bpp; - FT_Int i, width, height; + FT_UInt i, width, height; unsigned char* buffer = NULL; @@ -144,17 +144,17 @@ if ( ypixels == 0 && new_pitch <= pitch ) { /* zero the padding */ - FT_Int bit_width = pitch * 8; - FT_Int bit_last = ( width + xpixels ) * bpp; + FT_UInt bit_width = pitch * 8; + FT_UInt bit_last = ( width + xpixels ) * bpp; if ( bit_last < bit_width ) { FT_Byte* line = bitmap->buffer + ( bit_last >> 3 ); FT_Byte* end = bitmap->buffer + pitch; - FT_Int shift = bit_last & 7; + FT_UInt shift = bit_last & 7; FT_UInt mask = 0xFF00U >> shift; - FT_Int count = height; + FT_UInt count = height; for ( ; count > 0; count--, line += pitch, end += pitch ) @@ -180,7 +180,7 @@ if ( bitmap->pitch > 0 ) { - FT_Int len = ( width * bpp + 7 ) >> 3; + FT_UInt len = ( width * bpp + 7 ) >> 3; for ( i = 0; i < bitmap->rows; i++ ) @@ -189,7 +189,7 @@ } else { - FT_Int len = ( width * bpp + 7 ) >> 3; + FT_UInt len = ( width * bpp + 7 ) >> 3; for ( i = 0; i < bitmap->rows; i++ ) @@ -220,7 +220,8 @@ { FT_Error error; unsigned char* p; - FT_Int i, x, y, pitch; + FT_Int i, x, pitch; + FT_UInt y; FT_Int xstr, ystr; @@ -455,8 +456,8 @@ case FT_PIXEL_MODE_LCD_V: case FT_PIXEL_MODE_BGRA: { - FT_Int pad; - FT_Long old_size; + FT_Int pad; + FT_ULong old_size; old_size = target->rows * target->pitch; Index: freetype-2.5.0.1/src/cache/ftcsbits.c =================================================================== --- freetype-2.5.0.1.orig/src/cache/ftcsbits.c +++ freetype-2.5.0.1/src/cache/ftcsbits.c @@ -142,12 +142,12 @@ goto BadGlyph; } - /* Check that our values fit into 8-bit containers! */ + /* Check whether our values fit into 8-bit containers! */ /* If this is not the case, our bitmap is too large */ /* and we will leave it as `missing' with sbit.buffer = 0 */ -#define CHECK_CHAR( d ) ( temp = (FT_Char)d, temp == d ) -#define CHECK_BYTE( d ) ( temp = (FT_Byte)d, temp == d ) +#define CHECK_CHAR( d ) ( temp = (FT_Char)d, (FT_Int) temp == (FT_Int) d ) +#define CHECK_BYTE( d ) ( temp = (FT_Byte)d, (FT_UInt)temp == (FT_UInt)d ) /* horizontal advance in pixels */ xadvance = ( slot->advance.x + 32 ) >> 6; Index: freetype-2.5.0.1/src/raster/ftraster.c =================================================================== --- freetype-2.5.0.1.orig/src/raster/ftraster.c +++ freetype-2.5.0.1/src/raster/ftraster.c @@ -2550,7 +2550,7 @@ e1 = TRUNC( e1 ); - if ( e1 >= 0 && e1 < ras.target.rows ) + if ( e1 >= 0 && (ULong)e1 < ras.target.rows ) { PByte p; @@ -2644,7 +2644,7 @@ /* bounding box instead */ if ( pxl < 0 ) pxl = e1; - else if ( TRUNC( pxl ) >= ras.target.rows ) + else if ( (ULong)( TRUNC( pxl ) ) >= ras.target.rows ) pxl = e2; /* check that the other pixel isn't set */ @@ -2659,9 +2659,9 @@ if ( ras.target.pitch > 0 ) bits += ( ras.target.rows - 1 ) * ras.target.pitch; - if ( e1 >= 0 && - e1 < ras.target.rows && - *bits & f1 ) + if ( e1 >= 0 && + (ULong)e1 < ras.target.rows && + *bits & f1 ) return; } else @@ -2673,7 +2673,7 @@ e1 = TRUNC( pxl ); - if ( e1 >= 0 && e1 < ras.target.rows ) + if ( e1 >= 0 && (ULong)e1 < ras.target.rows ) { bits -= e1 * ras.target.pitch; if ( ras.target.pitch > 0 ) ++++++ CVE-2014-9666.patch ++++++ >From 257c270bd25e15890190a28a1456e7623bba4439 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Wed, 12 Nov 2014 20:42:13 +0000 Subject: [sfnt] Fix Savannah bug #43591. * src/sfnt/ttsbit.c (tt_sbit_decoder_init): Protect against addition and multiplication overflow. --- diff --git a/src/sfnt/ttsbit.c b/src/sfnt/ttsbit.c index da6b01b..b37bd7d 100644 --- a/src/sfnt/ttsbit.c +++ b/src/sfnt/ttsbit.c @@ -394,9 +394,11 @@ p += 34; decoder->bit_depth = *p; - if ( decoder->strike_index_array > face->sbit_table_size || - decoder->strike_index_array + 8 * decoder->strike_index_count > - face->sbit_table_size ) + /* decoder->strike_index_array + */ + /* 8 * decoder->strike_index_count > face->sbit_table_size ? */ + if ( decoder->strike_index_array > face->sbit_table_size || + decoder->strike_index_count > + ( face->sbit_table_size - decoder->strike_index_array ) / 8 ) error = FT_THROW( Invalid_File_Format ); } -- cgit v0.9.0.2 ++++++ CVE-2014-9667.patch ++++++ >From 677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Wed, 12 Nov 2014 20:26:44 +0000 Subject: [sfnt] Fix Savannah bug #43590. * src/sfnt/ttload.c (check_table_dir, tt_face_load_font_dir): Protect against addition overflow. --- Index: freetype-2.5.0.1/src/sfnt/ttload.c =================================================================== --- freetype-2.5.0.1.orig/src/sfnt/ttload.c +++ freetype-2.5.0.1/src/sfnt/ttload.c @@ -207,7 +207,10 @@ } /* we ignore invalid tables */ - if ( table.Offset + table.Length > stream->size ) + + /* table.Offset + table.Length > stream->size ? */ + if ( table.Length > stream->size || + table.Offset > stream->size - table.Length ) { FT_TRACE2(( "check_table_dir: table entry %d invalid\n", nn )); continue; @@ -398,7 +401,10 @@ entry->Length = FT_GET_LONG(); /* ignore invalid tables */ - if ( entry->Offset + entry->Length > stream->size ) + + /* entry->Offset + entry->Length > stream->size ? */ + if ( entry->Length > stream->size || + entry->Offset > stream->size - entry->Length ) continue; else { ++++++ CVE-2014-9669.patch ++++++ >From 602040b1112c9f94d68e200be59ea7ac3d104565 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Wed, 12 Nov 2014 19:51:20 +0000 Subject: [sfnt] Fix Savannah bug #43588. * src/sfnt/ttcmap.c (tt_cmap8_validate, tt_cmap10_validate, tt_cmap12_validate, tt_cmap13_validate, tt_cmap14_validate): Protect against overflow in additions and multiplications. --- Index: freetype-2.5.0.1/src/sfnt/ttcmap.c =================================================================== --- freetype-2.5.0.1.orig/src/sfnt/ttcmap.c +++ freetype-2.5.0.1/src/sfnt/ttcmap.c @@ -1647,7 +1647,8 @@ p = is32 + 8192; /* skip `is32' array */ num_groups = TT_NEXT_ULONG( p ); - if ( p + num_groups * 12 > valid->limit ) + /* p + num_groups * 12 > valid->limit ? */ + if ( num_groups > (FT_UInt32)( valid->limit - p ) / 12 ) FT_INVALID_TOO_SHORT; /* check groups, they must be in increasing order */ @@ -1672,7 +1673,12 @@ if ( valid->level >= FT_VALIDATE_TIGHT ) { - if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ) + FT_UInt32 d = end - start; + + + /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */ + if ( d > TT_VALID_GLYPH_COUNT( valid ) || + start_id >= TT_VALID_GLYPH_COUNT( valid ) - d ) FT_INVALID_GLYPH_ID; count = (FT_UInt32)( end - start + 1 ); @@ -1870,7 +1876,9 @@ count = TT_NEXT_ULONG( p ); if ( length > (FT_ULong)( valid->limit - table ) || - length < 20 + count * 2 ) + /* length < 20 + count * 2 ? */ + length < 20 || + ( length - 20 ) / 2 < count ) FT_INVALID_TOO_SHORT; /* check glyph indices */ @@ -2057,7 +2065,9 @@ num_groups = TT_NEXT_ULONG( p ); if ( length > (FT_ULong)( valid->limit - table ) || - length < 16 + 12 * num_groups ) + /* length < 16 + 12 * num_groups ? */ + length < 16 || + ( length - 16 ) / 12 < num_groups ) FT_INVALID_TOO_SHORT; /* check groups, they must be in increasing order */ @@ -2079,7 +2089,12 @@ if ( valid->level >= FT_VALIDATE_TIGHT ) { - if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ) + FT_UInt32 d = end - start; + + + /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */ + if ( d > TT_VALID_GLYPH_COUNT( valid ) || + start_id >= TT_VALID_GLYPH_COUNT( valid ) - d ) FT_INVALID_GLYPH_ID; } @@ -2381,7 +2396,9 @@ num_groups = TT_NEXT_ULONG( p ); if ( length > (FT_ULong)( valid->limit - table ) || - length < 16 + 12 * num_groups ) + /* length < 16 + 12 * num_groups ? */ + length < 16 || + ( length - 16 ) / 12 < num_groups ) FT_INVALID_TOO_SHORT; /* check groups, they must be in increasing order */ @@ -2762,7 +2779,9 @@ if ( length > (FT_ULong)( valid->limit - table ) || - length < 10 + 11 * num_selectors ) + /* length < 10 + 11 * num_selectors ? */ + length < 10 || + ( length - 10 ) / 11 < num_selectors ) FT_INVALID_TOO_SHORT; /* check selectors, they must be in increasing order */ @@ -2798,7 +2817,8 @@ FT_ULong lastBase = 0; - if ( defp + numRanges * 4 > valid->limit ) + /* defp + numRanges * 4 > valid->limit ? */ + if ( numRanges > (FT_ULong)( valid->limit - defp ) / 4 ) FT_INVALID_TOO_SHORT; for ( i = 0; i < numRanges; ++i ) @@ -2825,7 +2845,8 @@ FT_ULong i, lastUni = 0; - if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ) + /* numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ? */ + if ( numMappings > ( (FT_ULong)( valid->limit - ndp ) ) / 4 ) FT_INVALID_TOO_SHORT; for ( i = 0; i < numMappings; ++i ) ++++++ CVE-2014-9670.patch ++++++ >From ef1eba75187adfac750f326b563fe543dd5ff4e6 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Thu, 06 Nov 2014 22:25:05 +0000 Subject: Fix Savannah bug #43548. * src/pcf/pcfread (pcf_get_encodings): Add sanity checks for row and column values. --- diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c index 8db31bd..668c962 100644 --- a/src/pcf/pcfread.c +++ b/src/pcf/pcfread.c @@ -830,6 +830,15 @@ THE SOFTWARE. if ( !PCF_FORMAT_MATCH( format, PCF_DEFAULT_FORMAT ) ) return FT_THROW( Invalid_File_Format ); + /* sanity checks */ + if ( firstCol < 0 || + firstCol > lastCol || + lastCol > 0xFF || + firstRow < 0 || + firstRow > lastRow || + lastRow > 0xFF ) + return FT_THROW( Invalid_Table ); + FT_TRACE4(( "pdf_get_encodings:\n" )); FT_TRACE4(( " firstCol %d, lastCol %d, firstRow %d, lastRow %d\n", -- cgit v0.9.0.2 ++++++ CVE-2014-9671.patch ++++++ >From 0e2f5d518c60e2978f26400d110eff178fa7e3c3 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Thu, 06 Nov 2014 21:32:46 +0000 Subject: Fix Savannah bug #43547. * src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset' values. --- diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c index f63377b..8db31bd 100644 --- a/src/pcf/pcfread.c +++ b/src/pcf/pcfread.c @@ -154,6 +154,21 @@ THE SOFTWARE. break; } + /* we now check whether the `size' and `offset' values are reasonable: */ + /* `offset' + `size' must not exceed the stream size */ + tables = face->toc.tables; + for ( n = 0; n < toc->count; n++ ) + { + /* we need two checks to avoid overflow */ + if ( ( tables->size > stream->size ) || + ( tables->offset > stream->size - tables->size ) ) + { + error = FT_THROW( Invalid_Table ); + goto Exit; + } + tables++; + } + #ifdef FT_DEBUG_LEVEL_TRACE { -- cgit v0.9.0.2 ++++++ CVE-2014-9672.patch ++++++ >From 18a8f0d9943369449bc4de92d411c78fb08d616c Mon Sep 17 00:00:00 2001 From: suzuki toshiya <mpsuz...@hiroshima-u.ac.jp> Date: Wed, 26 Nov 2014 07:11:38 +0000 Subject: Fix Savannah bug #43540. * src/base/ftmac.c (parse_fond): Prevent a buffer overrun caused by a font including too many (> 63) strings to store names[] table. --- diff --git a/src/base/ftmac.c b/src/base/ftmac.c index 9b49da8..184a2e1 100644 --- a/src/base/ftmac.c +++ b/src/base/ftmac.c @@ -440,9 +440,10 @@ style = (StyleTable*)p; p += sizeof ( StyleTable ); string_count = EndianS16_BtoN( *(short*)(p) ); + string_count = FT_MIN( 64, string_count ); p += sizeof ( short ); - for ( i = 0; i < string_count && i < 64; i++ ) + for ( i = 0; i < string_count; i++ ) { names[i] = p; p += names[i][0]; @@ -459,7 +460,7 @@ ps_name[ps_name_len] = 0; } if ( style->indexes[face_index] > 1 && - style->indexes[face_index] <= FT_MIN( string_count, 64 ) ) + style->indexes[face_index] <= string_count ) { unsigned char* suffixes = names[style->indexes[face_index] - 1]; -- cgit v0.9.0.2 ++++++ CVE-2014-9673.patch ++++++ >From 35252ae9aa1dd9343e9f4884e9ddb1fee10ef415 Mon Sep 17 00:00:00 2001 From: suzuki toshiya <mpsuz...@hiroshima-u.ac.jp> Date: Wed, 26 Nov 2014 06:52:23 +0000 Subject: Fix Savannah bug #43539. * src/base/ftobjs.c (Mac_Read_POST_Resource): Fix integer overflow by a broken POST table in resource-fork. --- Index: freetype-2.5.3/src/base/ftobjs.c =================================================================== --- freetype-2.5.3.orig/src/base/ftobjs.c +++ freetype-2.5.3/src/base/ftobjs.c @@ -1627,6 +1627,11 @@ goto Exit2; if ( FT_READ_LONG( rlen ) ) goto Exit; + if ( rlen < 0 ) + { + error = FT_THROW( Invalid_Offset ); + goto Exit2; + } if ( FT_READ_USHORT( flags ) ) goto Exit; FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", @@ -1644,7 +1649,14 @@ rlen = 0; if ( ( flags >> 8 ) == type ) + { + if ( 0x7FFFFFFFL - rlen < len ) + { + error = FT_THROW( Array_Too_Large ); + goto Exit2; + } len += rlen; + } else { if ( pfb_lenpos + 3 > pfb_len + 2 ) @@ -1673,6 +1685,11 @@ } error = FT_ERR( Cannot_Open_Resource ); + if ( rlen > 0x7FFFFFFFL - pfb_pos ) + { + error = FT_THROW( Array_Too_Large ); + goto Exit2; + } if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len ) goto Exit2; ++++++ CVE-2014-9674.patch ++++++ >From 240c94a185cd8dae7d03059abec8a5662c35ecd3 Mon Sep 17 00:00:00 2001 From: suzuki toshiya <mpsuz...@hiroshima-u.ac.jp> Date: Wed, 26 Nov 2014 06:43:29 +0000 Subject: Fix Savannah bug #43538. * src/base/ftobjs.c (Mac_Read_POST_Resource): Fix integer overflow by a broken POST table in resource-fork. --- Index: freetype-2.5.3/src/base/ftobjs.c =================================================================== --- freetype-2.5.3.orig/src/base/ftobjs.c +++ freetype-2.5.3/src/base/ftobjs.c @@ -1583,9 +1583,9 @@ FT_Memory memory = library->memory; FT_Byte* pfb_data = NULL; int i, type, flags; - FT_Long len; - FT_Long pfb_len, pfb_pos, pfb_lenpos; - FT_Long rlen, temp; + FT_ULong len; + FT_ULong pfb_len, pfb_pos, pfb_lenpos; + FT_ULong rlen, temp; if ( face_index == -1 ) @@ -1601,11 +1601,34 @@ error = FT_Stream_Seek( stream, offsets[i] ); if ( error ) goto Exit; - if ( FT_READ_LONG( temp ) ) + if ( FT_READ_ULONG( temp ) ) goto Exit; + + /* FT2 allocator takes signed long buffer length, + * too large value causing overflow should be checked + */ + FT_TRACE4(( " POST fragment #%d: length=0x%08x\n", + i, temp)); + if ( 0x7FFFFFFFUL < temp || pfb_len + temp + 6 < pfb_len ) + { + FT_TRACE2(( " too long fragment length makes" + " pfb_len confused: temp=0x%08x\n", temp )); + error = FT_THROW( Invalid_Offset ); + goto Exit; + } + pfb_len += temp + 6; } + FT_TRACE2(( " total buffer size to concatenate %d" + " POST fragments: 0x%08x\n", + resource_cnt, pfb_len + 2)); + if ( pfb_len + 2 < 6 ) { + FT_TRACE2(( " too long fragment length makes" + " pfb_len confused: pfb_len=0x%08x\n", pfb_len )); + error = FT_THROW( Array_Too_Large ); + goto Exit; + } if ( FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 ) ) goto Exit; @@ -1625,21 +1648,30 @@ error = FT_Stream_Seek( stream, offsets[i] ); if ( error ) goto Exit2; - if ( FT_READ_LONG( rlen ) ) + if ( FT_READ_ULONG( rlen ) ) goto Exit; - if ( rlen < 0 ) + + /* FT2 allocator takes signed long buffer length, + * too large fragment length causing overflow should be checked + */ + if ( 0x7FFFFFFFUL < rlen ) { error = FT_THROW( Invalid_Offset ); goto Exit2; } + if ( FT_READ_USHORT( flags ) ) goto Exit; FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", i, offsets[i], rlen, flags )); + error = FT_ERR( Array_Too_Large ); /* postpone the check of rlen longer than buffer until FT_Stream_Read() */ if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */ + { + FT_TRACE3(( " Skip POST fragment #%d because it is a comment\n", i )); continue; + } /* the flags are part of the resource, so rlen >= 2. */ /* but some fonts declare rlen = 0 for empty fragment */ @@ -1649,16 +1681,11 @@ rlen = 0; if ( ( flags >> 8 ) == type ) - { - if ( 0x7FFFFFFFL - rlen < len ) - { - error = FT_THROW( Array_Too_Large ); - goto Exit2; - } len += rlen; - } else { + FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer" + " 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos )); if ( pfb_lenpos + 3 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_lenpos ] = (FT_Byte)( len ); @@ -1669,6 +1696,8 @@ if ( ( flags >> 8 ) == 5 ) /* End of font mark */ break; + FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer" + " 0x%p + 0x%08x\n", i, pfb_data, pfb_pos )); if ( pfb_pos + 6 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_pos++] = 0x80; @@ -1684,21 +1713,18 @@ pfb_data[pfb_pos++] = 0; } - error = FT_ERR( Cannot_Open_Resource ); - if ( rlen > 0x7FFFFFFFL - pfb_pos ) - { - error = FT_THROW( Array_Too_Large ); - goto Exit2; - } if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len ) goto Exit2; + FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer" + " 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos )); error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen ); if ( error ) goto Exit2; pfb_pos += rlen; } + error = FT_ERR( Array_Too_Large ); if ( pfb_pos + 2 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_pos++] = 0x80; @@ -1719,6 +1745,13 @@ aface ); Exit2: + if ( error == FT_ERR( Array_Too_Large ) ) + FT_TRACE2(( " Abort due to too-short buffer to store" + " all POST fragments\n" )); + else if ( error == FT_ERR( Invalid_Offset ) ) + FT_TRACE2(( " Abort due to invalid offset in a POST fragment\n" )); + if ( error ) + error = FT_ERR( Cannot_Open_Resource ); FT_FREE( pfb_data ); Exit: ++++++ CVE-2014-9675.patch ++++++ >From 2c4832d30939b45c05757f0a05128ce64c4cacc7 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <w...@gnu.org> Date: Fri, 07 Nov 2014 06:42:33 +0000 Subject: Fix Savannah bug #43535. * src/bdf/bdflib.c (_bdf_strncmp): New macro that checks one character more than `strncmp'. s/ft_strncmp/_bdf_strncmp/ everywhere. --- Index: freetype-2.5.0.1/src/bdf/bdflib.c =================================================================== --- freetype-2.5.0.1.orig/src/bdf/bdflib.c +++ freetype-2.5.0.1/src/bdf/bdflib.c @@ -169,6 +169,18 @@ sizeof ( _bdf_properties[0] ); + /* An auxiliary macro to parse properties, to be used in conditionals. */ + /* It behaves like `strncmp' but also tests the following character */ + /* whether it is a whitespace or NULL. */ + /* `property' is a constant string of length `n' to compare with. */ +#define _bdf_strncmp( name, property, n ) \ + ( ft_strncmp( name, property, n ) || \ + !( name[n] == ' ' || \ + name[n] == '\0' || \ + name[n] == '\n' || \ + name[n] == '\r' || \ + name[n] == '\t' ) ) + /* Auto correction messages. */ #define ACMSG1 "FONT_ASCENT property missing. " \ "Added `FONT_ASCENT %hd'.\n" @@ -1409,7 +1421,7 @@ /* If the property happens to be a comment, then it doesn't need */ /* to be added to the internal hash table. */ - if ( ft_memcmp( name, "COMMENT", 7 ) != 0 ) + if ( _bdf_strncmp( name, "COMMENT", 7 ) != 0 ) { /* Add the property to the font property table. */ error = hash_insert( fp->name, @@ -1427,13 +1439,13 @@ /* FONT_ASCENT and FONT_DESCENT need to be assigned if they are */ /* present, and the SPACING property should override the default */ /* spacing. */ - if ( ft_memcmp( name, "DEFAULT_CHAR", 12 ) == 0 ) + if ( _bdf_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 ) font->default_char = fp->value.l; - else if ( ft_memcmp( name, "FONT_ASCENT", 11 ) == 0 ) + else if ( _bdf_strncmp( name, "FONT_ASCENT", 11 ) == 0 ) font->font_ascent = fp->value.l; - else if ( ft_memcmp( name, "FONT_DESCENT", 12 ) == 0 ) + else if ( _bdf_strncmp( name, "FONT_DESCENT", 12 ) == 0 ) font->font_descent = fp->value.l; - else if ( ft_memcmp( name, "SPACING", 7 ) == 0 ) + else if ( _bdf_strncmp( name, "SPACING", 7 ) == 0 ) { if ( !fp->value.atom ) { @@ -1491,7 +1503,7 @@ memory = font->memory; /* Check for a comment. */ - if ( ft_memcmp( line, "COMMENT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 ) { linelen -= 7; @@ -1508,7 +1520,7 @@ /* The very first thing expected is the number of glyphs. */ if ( !( p->flags & _BDF_GLYPHS ) ) { - if ( ft_memcmp( line, "CHARS", 5 ) != 0 ) + if ( _bdf_strncmp( line, "CHARS", 5 ) != 0 ) { FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "CHARS" )); error = FT_THROW( Missing_Chars_Field ); @@ -1542,7 +1554,7 @@ } /* Check for the ENDFONT field. */ - if ( ft_memcmp( line, "ENDFONT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "ENDFONT", 7 ) == 0 ) { if ( p->flags & _BDF_GLYPH_BITS ) { @@ -1564,7 +1576,7 @@ } /* Check for the ENDCHAR field. */ - if ( ft_memcmp( line, "ENDCHAR", 7 ) == 0 ) + if ( _bdf_strncmp( line, "ENDCHAR", 7 ) == 0 ) { p->glyph_enc = 0; p->flags &= ~_BDF_GLYPH_BITS; @@ -1580,7 +1592,7 @@ goto Exit; /* Check for the STARTCHAR field. */ - if ( ft_memcmp( line, "STARTCHAR", 9 ) == 0 ) + if ( _bdf_strncmp( line, "STARTCHAR", 9 ) == 0 ) { /* Set the character name in the parse info first until the */ /* encoding can be checked for an unencoded character. */ @@ -1614,7 +1626,7 @@ } /* Check for the ENCODING field. */ - if ( ft_memcmp( line, "ENCODING", 8 ) == 0 ) + if ( _bdf_strncmp( line, "ENCODING", 8 ) == 0 ) { if ( !( p->flags & _BDF_GLYPH ) ) { @@ -1800,7 +1812,7 @@ } /* Expect the SWIDTH (scalable width) field next. */ - if ( ft_memcmp( line, "SWIDTH", 6 ) == 0 ) + if ( _bdf_strncmp( line, "SWIDTH", 6 ) == 0 ) { if ( !( p->flags & _BDF_ENCODING ) ) goto Missing_Encoding; @@ -1816,7 +1828,7 @@ } /* Expect the DWIDTH (scalable width) field next. */ - if ( ft_memcmp( line, "DWIDTH", 6 ) == 0 ) + if ( _bdf_strncmp( line, "DWIDTH", 6 ) == 0 ) { if ( !( p->flags & _BDF_ENCODING ) ) goto Missing_Encoding; @@ -1844,7 +1856,7 @@ } /* Expect the BBX field next. */ - if ( ft_memcmp( line, "BBX", 3 ) == 0 ) + if ( _bdf_strncmp( line, "BBX", 3 ) == 0 ) { if ( !( p->flags & _BDF_ENCODING ) ) goto Missing_Encoding; @@ -1912,7 +1924,7 @@ } /* And finally, gather up the bitmap. */ - if ( ft_memcmp( line, "BITMAP", 6 ) == 0 ) + if ( _bdf_strncmp( line, "BITMAP", 6 ) == 0 ) { unsigned long bitmap_size; @@ -1987,7 +1999,7 @@ p = (_bdf_parse_t *) client_data; /* Check for the end of the properties. */ - if ( ft_memcmp( line, "ENDPROPERTIES", 13 ) == 0 ) + if ( _bdf_strncmp( line, "ENDPROPERTIES", 13 ) == 0 ) { /* If the FONT_ASCENT or FONT_DESCENT properties have not been */ /* encountered yet, then make sure they are added as properties and */ @@ -2028,12 +2040,12 @@ } /* Ignore the _XFREE86_GLYPH_RANGES properties. */ - if ( ft_memcmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 ) + if ( _bdf_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 ) goto Exit; /* Handle COMMENT fields and properties in a special way to preserve */ /* the spacing. */ - if ( ft_memcmp( line, "COMMENT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 ) { name = value = line; value += 7; @@ -2097,7 +2109,7 @@ /* Check for a comment. This is done to handle those fonts that have */ /* comments before the STARTFONT line for some reason. */ - if ( ft_memcmp( line, "COMMENT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 ) { if ( p->opts->keep_comments != 0 && p->font != 0 ) { @@ -2123,7 +2135,7 @@ { memory = p->memory; - if ( ft_memcmp( line, "STARTFONT", 9 ) != 0 ) + if ( _bdf_strncmp( line, "STARTFONT", 9 ) != 0 ) { /* we don't emit an error message since this code gets */ /* explicitly caught one level higher */ @@ -2171,7 +2183,7 @@ } /* Check for the start of the properties. */ - if ( ft_memcmp( line, "STARTPROPERTIES", 15 ) == 0 ) + if ( _bdf_strncmp( line, "STARTPROPERTIES", 15 ) == 0 ) { if ( !( p->flags & _BDF_FONT_BBX ) ) { @@ -2200,7 +2212,7 @@ } /* Check for the FONTBOUNDINGBOX field. */ - if ( ft_memcmp( line, "FONTBOUNDINGBOX", 15 ) == 0 ) + if ( _bdf_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 ) { if ( !( p->flags & _BDF_SIZE ) ) { @@ -2231,7 +2243,7 @@ } /* The next thing to check for is the FONT field. */ - if ( ft_memcmp( line, "FONT", 4 ) == 0 ) + if ( _bdf_strncmp( line, "FONT", 4 ) == 0 ) { error = _bdf_list_split( &p->list, (char *)" +", line, linelen ); if ( error ) @@ -2266,7 +2278,7 @@ } /* Check for the SIZE field. */ - if ( ft_memcmp( line, "SIZE", 4 ) == 0 ) + if ( _bdf_strncmp( line, "SIZE", 4 ) == 0 ) { if ( !( p->flags & _BDF_FONT_NAME ) ) { @@ -2320,7 +2332,7 @@ } /* Check for the CHARS field -- font properties are optional */ - if ( ft_memcmp( line, "CHARS", 5 ) == 0 ) + if ( _bdf_strncmp( line, "CHARS", 5 ) == 0 ) { char nbuf[128]; ++++++ baselibs.conf ++++++ libfreetype6 obsoletes "freetype2-<targettype> < <version>" provides "freetype2-<targettype> = <version>" freetype2-devel requires -freetype2-<targettype> requires "libfreetype6-<targettype>" requires "zlib-devel-<targettype>" ++++++ bugzilla-308961-cmex-workaround.patch ++++++ --- src/base/ftobjs.c | 5 +++++ 1 file changed, 5 insertions(+) Index: freetype-2.4.11/src/base/ftobjs.c =================================================================== --- freetype-2.4.11.orig/src/base/ftobjs.c +++ freetype-2.4.11/src/base/ftobjs.c @@ -2187,10 +2187,15 @@ /* some checks */ if ( FT_IS_SCALABLE( face ) ) { + if ( face->family_name && strncmp(face->family_name, "CMEX", 4 ) == 0){ + face->underline_position = (FT_Short)( -face->units_per_EM / 10 ); + face->underline_thickness = (FT_Short)( face->units_per_EM / 30 ); + } + if ( face->height < 0 ) face->height = (FT_Short)-face->height; if ( !FT_HAS_VERTICAL( face ) ) face->max_advance_height = (FT_Short)face->height; ++++++ freetype2-bitmap-foundry.patch ++++++ --- src/pcf/pcfread.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) Index: freetype-2.4.11/src/pcf/pcfread.c =================================================================== --- freetype-2.4.11.orig/src/pcf/pcfread.c +++ freetype-2.4.11/src/pcf/pcfread.c @@ -1173,12 +1173,38 @@ THE SOFTWARE. goto Exit; prop = pcf_find_property( face, "FAMILY_NAME" ); if ( prop && prop->isString ) { - if ( FT_STRDUP( root->family_name, prop->value.atom ) ) - goto Exit; + int l = ft_strlen( prop->value.atom ) + 1; + int wide = 0; + PCF_Property foundry_prop = pcf_find_property( face, "FOUNDRY" ); + PCF_Property point_size_prop = pcf_find_property( face, "POINT_SIZE" ); + PCF_Property average_width_prop = pcf_find_property( face, "AVERAGE_WIDTH" ); + if ( point_size_prop != NULL && average_width_prop != NULL) { + if ( average_width_prop->value.l >= point_size_prop->value.l ) { + /* This font is at least square shaped or even wider */ + wide = 1; + l += ft_strlen( " Wide"); + } + } + if ( foundry_prop != NULL && foundry_prop->isString) { + l += ft_strlen( foundry_prop->value.atom ) + 1; + if ( FT_NEW_ARRAY( root->family_name, l ) ) + goto Exit; + ft_strcpy( root->family_name, foundry_prop->value.atom ); + strcat( root->family_name, " "); + strcat( root->family_name, prop->value.atom ); + } + else { + if ( FT_NEW_ARRAY( root->family_name, l ) ) + goto Exit; + ft_strcpy( root->family_name, prop->value.atom ); + } + if ( wide != 0) { + strcat( root->family_name, " Wide"); + } } else root->family_name = NULL; /* ++++++ freetype2-subpixel.patch ++++++ Index: freetype-2.4.11/include/freetype/config/ftoption.h =================================================================== --- freetype-2.4.11.orig/include/freetype/config/ftoption.h +++ freetype-2.4.11/include/freetype/config/ftoption.h @@ -92,7 +92,7 @@ FT_BEGIN_HEADER /* This is done to allow FreeType clients to run unmodified, forcing */ /* them to display normal gray-level anti-aliased glyphs. */ /* */ -/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */ +#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING /*************************************************************************/ @@ -577,7 +577,7 @@ FT_BEGIN_HEADER /* This option requires TT_CONFIG_OPTION_BYTECODE_INTERPRETER to be */ /* defined. */ /* */ -/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING */ +#define TT_CONFIG_OPTION_SUBPIXEL_HINTING /*************************************************************************/ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org