Hello community, here is the log from the commit of package fontforge for openSUSE:Factory checked in at 2016-01-30 11:31:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fontforge (Old) and /work/SRC/openSUSE:Factory/.fontforge.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "fontforge" Changes: -------- --- /work/SRC/openSUSE:Factory/fontforge/fontforge.changes 2015-12-20 10:52:26.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.fontforge.new/fontforge.changes 2016-01-30 11:31:14.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Jan 26 08:10:44 UTC 2016 - pgajdos@suse.com + +- do not crash on invalid input data (when eof reached) [bsc#963023] + + fontforge-eof-crash.patch + +------------------------------------------------------------------- New: ---- fontforge-eof-crash.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fontforge.spec ++++++ --- /var/tmp/diff_new_pack.qLWnxt/_old 2016-01-30 11:31:16.000000000 +0100 +++ /var/tmp/diff_new_pack.qLWnxt/_new 2016-01-30 11:31:16.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package fontforge # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,6 +32,8 @@ # workardound for bug 930076, imho upstream should fix this # https://github.com/fontforge/fontforge/issues/2270 Patch1: fontforge-version.patch +# https://github.com/fontforge/fontforge/pull/2613, bsc#963023 +Patch2: fontforge-eof-crash.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: cairo-devel @@ -99,6 +101,7 @@ %setup -q %patch0 -p1 %patch1 +%patch2 sed -i 's/\r$//' doc/html/{Big5.txt,corpchar.txt} # workaround for bug 930076; we just need the _version_of_the_release_! (see also fontforge-version.patch) --- grep 'doversion(FONTFORGE_MODTIME_STR)' fontforgeexe/startnoui.c && \ ++++++ fontforge-eof-crash.patch ++++++ Index: fontforge/parsettf.c =================================================================== --- fontforge/parsettf.c.orig 2016-01-26 09:01:44.025472518 +0100 +++ fontforge/parsettf.c 2016-01-26 09:04:24.853470665 +0100 @@ -5185,7 +5185,10 @@ /* the index table is backwards from the way I want to use it */ gcbig = 0; for ( i=0; i<gc; ++i ) { - indexes[val = getushort(ttf)] = i; + val = getushort(ttf); + if ( val<0 ) /* Don't crash on EOF */ + break; + indexes[val] = i; if ( val>=258 ) ++gcbig; }