Hello community,
here is the log from the commit of package freetype2.3653 for openSUSE:13.2:Update checked in at 2015-03-30 16:18:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/freetype2.3653 (Old)
and /work/SRC/openSUSE:13.2:Update/.freetype2.3653.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freetype2.3653"
Changes:
--------
New Changes file:
--- /dev/null 2015-03-12 01:14:30.992027505 +0100
+++ /work/SRC/openSUSE:13.2:Update/.freetype2.3653.new/freetype2.changes 2015-03-30 16:18:43.000000000 +0200
@@ -0,0 +1,1246 @@
+-------------------------------------------------------------------
+Fri Feb 20 10:13:37 UTC 2015 - nadvornik@suse.com
+
+- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857,
+ bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862,
+ bnc#916863, bnc#916864, bnc#916865, bnc#916867, bnc#916868,
+ bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874,
+ bnc#916879, bnc#916881)
+ - CVE-2014-9656.patch
+ - CVE-2014-9657.patch
+ - CVE-2014-9658.patch
+ - CVE-2014-9659.patch
+ - CVE-2014-9660.patch
+ - CVE-2014-9661.patch
+ - CVE-2014-9662.patch
+ - CVE-2014-9663.patch
+ - CVE-2014-9664.patch
+ - CVE-2014-9665.patch
+ - CVE-2014-9666.patch
+ - CVE-2014-9667.patch
+ - CVE-2014-9668.patch
+ - CVE-2014-9669.patch
+ - CVE-2014-9670.patch
+ - CVE-2014-9671.patch
+ - CVE-2014-9672.patch
+ - CVE-2014-9673.patch
+ - CVE-2014-9674.patch
+ - CVE-2014-9675.patch
+
+-------------------------------------------------------------------
+Thu Mar 13 03:14:26 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Improve don-t-mark-libpng-as-required-library.patch: also handle
+ Requires.private case (freetype does not include png headers)
+
+-------------------------------------------------------------------
+Sun Mar 9 18:39:56 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Update to version 2.5.3
+ * IMPORTANT BUG FIXES
+ - A vulnerability was identified and fixed in the new CFF
+ driver (cf. http://savannah.nongnu.org/bugs/?41697; it
+ doesn't have a CVE number yet). All users should upgrade.
+ - More bug fixes related to correct positioning of
+ composite glyphs.
+ - Many fixes to better protect against malformed input.
+ * IMPORTANT CHANGES
+ - FreeType can now use the HarfBuzz library to greatly improve
+ the auto-hinting of fonts that use OpenType features:
+ Many glyphs that are part of such features but don't have
+ cmap entries are now handled properly, for example small
+ caps or superscripts. Define the configuration macro
+ FT_CONFIG_OPTION_USE_HARFBUZZ to activate HarfBuzz support.
+ You need HarfBuzz version 0.9.19 or newer. Note that HarfBuzz
+ depends on FreeType; this currently causes a chicken-and-egg
+ problem that can be solved as follows in case HarfBuzz
+ is not yet installed on your system.
+ 1. Compile and install FreeType without the configuration
+ macro FT_CONFIG_OPTION_USE_HARFBUZZ.
+ 2. Compile and install HarfBuzz.
+ 3. Define macro FT_CONFIG_OPTION_USE_HARFBUZZ, then
+ compile and install FreeType again.
+ With FreeType's `configure' script the procedure boils
+ down to configure, build, and install Freetype, then
+ configure, compile, and install HarfBuzz, then configure,
+ compile, and install FreeType again (after executing
+ `make distclean').
+ - All libraries FreeType depends on are now checked
+ using the `pkg-config' configuration files first,
+ followed by alternative methods.
+ - The new value `auto' for the various `--with-XXX'
+ library options (for example `--with-harfbuzz=auto')
+ makes the `configure' script automatically link to the
+ libraries it finds. This is now the default.
+ - In case FreeType's `configure' script can't find a
+ library, you can pass environment variables to circumvent
+ pkg-config, and those variables have been harmonized as
+ a consequence of the changes mentioned above:
+ LIBZ -> removed; use LIBZ_CFLAGS and LIBZ_LIBS
+ LIBBZ2 -> removed; use BZIP2_CFLAGS and BZIP2_LIBS
+ LIBPNG_LDFLAGS -> LIBPNG_LIBS
+ `./configure --help' shows all available environment variables.
+ - The `freetype-config' script now understands
+ option `--static' to emit static linking information.
+- Due to buildsystem changes, rename and rebase
+ don-t-mark-libpng-as-required-library-in-freetype-co.patch to
+ don-t-mark-libpng-as-required-library.patch
+
+-------------------------------------------------------------------
+Thu Dec 12 16:45:13 UTC 2013 - hrvoje.senjan@gmail.com
+
+- Added patches:
+ * don-t-mark-libpng-as-required-library-in-freetype-co.patch: it's
+ private in pkgconfig file, and causes issues in downstream
+ packages
+- As per patch, remove libpng-devel Requires from devel package
+
+-------------------------------------------------------------------
+Wed Dec 11 07:13:14 UTC 2013 - arvidjaar@gmail.com
+
+- freetype2 pkgconfig now includes -lpng16; make sure freetype2-devel
+ Requires libpng-devel
+
+-------------------------------------------------------------------
+Tue Dec 10 03:04:59 UTC 2013 - hrvoje.senjan@gmail.com
+
+- Update to version 2.5.2
+ * Fixed bug that made FreeType crash on some popular (but not
+ fully conformant) fonts like `ahronbd.ttf'
+ * Another round of improvements to correct positioning and hinting
+ of composite glyphs in TrueType fonts
+ * Fixed bug introduced in version 2.5.1: handling embedded
+ bitmap strikes of TrueType fonts, caused garbage display
+ under some circumstances
+ * Fixed `ftgrid' demo program compilation in non-development
+ builds
+- Droped fix-compile-in-non-debug.patch, included in this release
+
+-------------------------------------------------------------------
+Wed Nov 27 19:31:42 UTC 2013 - hrvoje.senjan@gmail.com
+
+- Update to version 2.5.1
+ * For some WinFNT files, the last glyph wasn't displayed but
+ incorrectly marked as invalid.
+ * The vertical size of glyphs was incorrectly set after a call to
+ `FT_GlyphSlot_Embolden', resulting in clipped glyphs.
+ * Many fields of the `PCLT' table in SFNT based fonts (if accessed
+ with `FT_Get_Sfnt_Table') were computed incorrectly.
+ * In TrueType fonts, hinting of composite glyphs could sometimes
+ deliver incorrect positions of components or even distorted
+ shapes.
+ * WOFF font format support has been added.
+ * The auto-hinter now supports Hebrew. Greek and Cyrillic support
+ has been improved.
+ * Support for the forthcoming `OS/2' SFNT table version 5, as can
+ be found e.g. in the `Sitka' font family for Windows 8.1.
+ * The header file layout has been changed. After installation,
+ all files are now located in `<prefix>/include/freetype2'.
+ Applications that use (a) `freetype-config' or FreeType's
+ `pkg-config' file to get the include directory for the compiler,
+ and (b) the documented way for header inclusion like
+ #include
From f0292bb9920aa1dbfed5f53861e7c7a89b35833a Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Mon, 24 Nov 2014 09:51:21 +0000 Subject: [sfnt] Fix Savannah bug #43680.
This adds an additional constraint to make the fix from 2013-01-25
really work.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_image)
From eca0f067068020870a429fe91f6329e499390d55 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Mon, 24 Nov 2014 09:22:08 +0000 Subject: [truetype] Fix Savannah bug #43679.
* src/truetype/ttpload.c (tt_face_load_hdmx): Check minimum size of `record_size'. --- diff --git a/src/truetype/ttpload.c b/src/truetype/ttpload.c index 9723a51..9991925 100644 --- a/src/truetype/ttpload.c +++ b/src/truetype/ttpload.c @@ -508,9 +508,9 @@ record_size = FT_NEXT_ULONG( p ); /* The maximum number of bytes in an hdmx device record is the */ - /* maximum number of glyphs + 2; this is 0xFFFF + 2; this is */ - /* the reason why `record_size' is a long (which we read as */ - /* unsigned long for convenience). In practice, two bytes */ + /* maximum number of glyphs + 2; this is 0xFFFF + 2, thus */ + /* explaining why `record_size' is a long (which we read as */ + /* unsigned long for convenience). In practice, two bytes are */ /* sufficient to hold the size value. */ /* */ /* There are at least two fonts, HANNOM-A and HANNOM-B version */ @@ -522,8 +522,10 @@ record_size &= 0xFFFFU; /* The limit for `num_records' is a heuristic value. */ - - if ( version != 0 || num_records > 255 || record_size > 0x10001L ) + if ( version != 0 || + num_records > 255 || + record_size > 0x10001L || + record_size < 4 ) { error = FT_THROW( Invalid_File_Format ); goto Fail; -- cgit v0.9.0.2 ++++++ CVE-2014-9658.patch ++++++
From f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Mon, 24 Nov 2014 08:31:32 +0000 Subject: [sfnt] Fix Savannah bug #43672.
* src/sfnt/ttkern.c (tt_face_load_kern): Use correct value for minimum table length test. --- diff --git a/src/sfnt/ttkern.c b/src/sfnt/ttkern.c index 32c4008..455e7b5 100644 --- a/src/sfnt/ttkern.c +++ b/src/sfnt/ttkern.c @@ -99,7 +99,7 @@ length = FT_NEXT_USHORT( p ); coverage = FT_NEXT_USHORT( p ); - if ( length <= 6 ) + if ( length <= 6 + 8 ) break; p_next += length; -- cgit v0.9.0.2 ++++++ CVE-2014-9659.patch ++++++
From 2cdc4562f873237f1c77d43540537c7a721d3fd8 Mon Sep 17 00:00:00 2001 From: Dave Arnold
Date: Thu, 04 Dec 2014 05:10:16 +0000 Subject: [cff] Fix Savannah bug #43661.
* src/cff/cf2intrp.c (cf2_interpT2CharString)
From af8346172a7b573715134f7a51e6c5c60fa7f2ab Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Sat, 22 Nov 2014 12:29:10 +0000 Subject: [bdf] Fix Savannah bug #43660.
* src/bdf/bdflib.c (_bdf_parse_glyphs) <"ENDFONT">: Check
`_BDF_GLYPH_BITS'.
---
Index: freetype-2.5.3/src/bdf/bdflib.c
===================================================================
--- freetype-2.5.3.orig/src/bdf/bdflib.c
+++ freetype-2.5.3/src/bdf/bdflib.c
@@ -1543,6 +1543,14 @@
/* Check for the ENDFONT field. */
if ( ft_strncmp( line, "ENDFONT", 7 ) == 0 )
{
+ if ( p->flags & _BDF_GLYPH_BITS )
+ {
+ /* Missing ENDCHAR field. */
+ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "ENDCHAR" ));
+ error = FT_THROW( Corrupted_Font_Glyphs );
+ goto Exit;
+ }
+
/* Sort the glyphs by encoding. */
ft_qsort( (char *)font->glyphs,
font->glyphs_used,
++++++ CVE-2014-9661.patch ++++++
From: Werner Lemberg
From 5f201ab5c24cb69bc96b724fd66e739928d6c5e2 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Sat, 22 Nov 2014 08:16:39 +0000 Subject: [cff] Fix Savannah bug #43658.
* src/cff/cf2ft.c (cf2_builder_lineTo, cf2_builder_cubeTo): Handle return values of point allocation routines. --- diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c index cb8d31c..ebba469 100644 --- a/src/cff/cf2ft.c +++ b/src/cff/cf2ft.c @@ -142,6 +142,8 @@ cf2_builder_lineTo( CF2_OutlineCallbacks callbacks, const CF2_CallbackParams params ) { + FT_Error error; + /* downcast the object pointer */ CF2_Outline outline = (CF2_Outline)callbacks; CFF_Builder* builder; @@ -156,15 +158,27 @@ { /* record the move before the line; also check points and set */ /* `path_begun' */ - cff_builder_start_point( builder, - params->pt0.x, - params->pt0.y ); + error = cff_builder_start_point( builder, + params->pt0.x, + params->pt0.y ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } } /* `cff_builder_add_point1' includes a check_points call for one point */ - cff_builder_add_point1( builder, - params->pt1.x, - params->pt1.y ); + error = cff_builder_add_point1( builder, + params->pt1.x, + params->pt1.y ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } } @@ -172,6 +186,8 @@ cf2_builder_cubeTo( CF2_OutlineCallbacks callbacks, const CF2_CallbackParams params ) { + FT_Error error; + /* downcast the object pointer */ CF2_Outline outline = (CF2_Outline)callbacks; CFF_Builder* builder; @@ -186,13 +202,25 @@ { /* record the move before the line; also check points and set */ /* `path_begun' */ - cff_builder_start_point( builder, - params->pt0.x, - params->pt0.y ); + error = cff_builder_start_point( builder, + params->pt0.x, + params->pt0.y ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } } /* prepare room for 3 points: 2 off-curve, 1 on-curve */ - cff_check_points( builder, 3 ); + error = cff_check_points( builder, 3 ); + if ( error ) + { + if ( !*callbacks->error ) + *callbacks->error = error; + return; + } cff_builder_add_point( builder, params->pt1.x, -- cgit v0.9.0.2 ++++++ CVE-2014-9663.patch ++++++
From 9bd20b7304aae61de5d50ac359cf27132bafd4c1 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Sat, 22 Nov 2014 05:24:45 +0000 Subject: [sfnt] Fix Savannah bug #43656.
* src/sfnt/ttcmap.c (tt_cmap4_validate): Fix order of validity tests. --- diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c index 712bd4f..fb863c3 100644 --- a/src/sfnt/ttcmap.c +++ b/src/sfnt/ttcmap.c @@ -845,9 +845,6 @@ p = table + 2; /* skip format */ length = TT_NEXT_USHORT( p ); - if ( length < 16 ) - FT_INVALID_TOO_SHORT; - /* in certain fonts, the `length' field is invalid and goes */ /* out of bound. We try to correct this here... */ if ( table + length > valid->limit ) @@ -858,6 +855,9 @@ length = (FT_UInt)( valid->limit - table ); } + if ( length < 16 ) + FT_INVALID_TOO_SHORT; + p = table + 6; num_segs = TT_NEXT_USHORT( p ); /* read segCountX2 */ -- cgit v0.9.0.2 ++++++ CVE-2014-9664.patch ++++++
From dd89710f0f643eb0f99a3830e0712d26c7642acd Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Fri, 21 Nov 2014 21:19:28 +0000 Subject: [type1, type42] Fix Savannah bug #43655.
* src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c (t42_parse_charstrings): Fix boundary testing.
From 73be9f9ab67842cfbec36ee99e8d2301434c84ca Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Mon, 24 Nov 2014 06:30:05 +0000 Subject: [type1, type42] Another fix for Savannah bug #43655.
* src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c (t42_parse_charstrings): Add another boundary testing. --- diff --git a/src/type1/t1load.c b/src/type1/t1load.c --- a/src/type1/t1load.c +++ b/src/type1/t1load.c @@ -1596,6 +1596,11 @@ } T1_Skip_PS_Token( parser ); + if ( parser->root.cursor >= limit ) + { + error = FT_THROW( Invalid_File_Format ); + goto Fail; + } if ( parser->root.error ) return; @@ -1604,7 +1604,7 @@ FT_PtrDist len; - if ( cur + 1 >= limit ) + if ( cur + 2 >= limit ) { error = FT_THROW( Invalid_File_Format ); goto Fail; diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c --- a/src/type42/t42parse.c +++ b/src/type42/t42parse.c @@ -849,6 +849,12 @@ break; T1_Skip_PS_Token( parser ); + if ( parser->root.cursor >= limit ) + { + FT_ERROR(( "t42_parse_charstrings: out of bounds\n" )); + error = FT_THROW( Invalid_File_Format ); + goto Fail; + } if ( parser->root.error ) return; @@ -858,7 +858,7 @@ FT_PtrDist len; - if ( cur + 1 >= limit ) + if ( cur + 2 >= limit ) { FT_ERROR(( "t42_parse_charstrings: out of bounds\n" )); error = FT_THROW( Invalid_File_Format ); -- cgit v0.9.0.2 ++++++ CVE-2014-9665.patch ++++++
From 54abd22891bd51ef8b533b24df53b3019b5cee81 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Sat, 15 Nov 2014 08:05:22 +0000 Subject: [sfnt] Fix Savannah bug #43597.
* src/sfnt/pngshim.c (Load_SBit_Png): Protect against too large bitmaps.
From b3500af717010137046ec4076d1e1c0641e33727 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Wed, 19 Nov 2014 20:28:21 +0000 Subject: Change some fields in `FT_Bitmap' to unsigned type.
This doesn't break ABI. * include/ftimage.h (FT_Bitmap): Make `rows', `width', `num_grays', `pixel_mode', and `palette_mode' unsigned types. * src/base/ftbitmap.c: Updated. (FT_Bitmap_Copy): Fix casts. * src/cache/ftcsbits.c, src/raster/ftraster.c, src/sfnt/pngshim.c: Updated. --- Index: freetype-2.5.3/src/sfnt/pngshim.c =================================================================== --- freetype-2.5.3.orig/src/sfnt/pngshim.c +++ freetype-2.5.3/src/sfnt/pngshim.c @@ -205,11 +205,11 @@ goto Exit; } - if ( !populate_map_and_metrics && - ( x_offset + metrics->width > map->width || - y_offset + metrics->height > map->rows || - pix_bits != 32 || - map->pixel_mode != FT_PIXEL_MODE_BGRA ) ) + if ( !populate_map_and_metrics && + ( (FT_UInt)x_offset + metrics->width > map->width || + (FT_UInt)y_offset + metrics->height > map->rows || + pix_bits != 32 || + map->pixel_mode != FT_PIXEL_MODE_BGRA ) ) { error = FT_THROW( Invalid_Argument ); goto Exit; @@ -269,6 +269,13 @@ map->pitch = map->width * 4; map->num_grays = 256; + /* reject too large bitmaps similarly to the rasterizer */ + if ( map->rows > 0x7FFF || map->width > 0x7FFF ) + { + error = FT_THROW( Array_Too_Large ); + goto DestroyExit; + } + size = map->rows * map->pitch; error = ft_glyphslot_alloc_bitmap( slot, size ); Index: freetype-2.5.3/include/ftimage.h =================================================================== --- freetype-2.5.3.orig/include/ftimage.h +++ freetype-2.5.3/include/ftimage.h @@ -318,13 +318,13 @@ FT_BEGIN_HEADER /* */ typedef struct FT_Bitmap_ { - int rows; - int width; + unsigned int rows; + unsigned int width; int pitch; unsigned char* buffer; - short num_grays; - char pixel_mode; - char palette_mode; + unsigned short num_grays; + unsigned char pixel_mode; + unsigned char palette_mode; void* palette; } FT_Bitmap; Index: freetype-2.5.3/src/base/ftbitmap.c =================================================================== --- freetype-2.5.3.orig/src/base/ftbitmap.c +++ freetype-2.5.3/src/base/ftbitmap.c @@ -62,7 +62,7 @@ if ( pitch < 0 ) pitch = -pitch; - size = (FT_ULong)( pitch * source->rows ); + size = (FT_ULong)pitch * source->rows; if ( target->buffer ) { @@ -72,7 +72,7 @@ if ( target_pitch < 0 ) target_pitch = -target_pitch; - target_size = (FT_ULong)( target_pitch * target->rows ); + target_size = (FT_ULong)target_pitch * target->rows; if ( target_size != size ) (void)FT_QREALLOC( target->buffer, target_size, size ); @@ -106,7 +106,7 @@ int pitch; int new_pitch; FT_UInt bpp; - FT_Int i, width, height; + FT_UInt i, width, height; unsigned char* buffer = NULL; @@ -144,17 +144,17 @@ if ( ypixels == 0 && new_pitch <= pitch ) { /* zero the padding */ - FT_Int bit_width = pitch * 8; - FT_Int bit_last = ( width + xpixels ) * bpp; + FT_UInt bit_width = pitch * 8; + FT_UInt bit_last = ( width + xpixels ) * bpp; if ( bit_last < bit_width ) { FT_Byte* line = bitmap->buffer + ( bit_last >> 3 ); FT_Byte* end = bitmap->buffer + pitch; - FT_Int shift = bit_last & 7; + FT_UInt shift = bit_last & 7; FT_UInt mask = 0xFF00U >> shift; - FT_Int count = height; + FT_UInt count = height; for ( ; count > 0; count--, line += pitch, end += pitch ) @@ -180,7 +180,7 @@ if ( bitmap->pitch > 0 ) { - FT_Int len = ( width * bpp + 7 ) >> 3; + FT_UInt len = ( width * bpp + 7 ) >> 3; for ( i = 0; i < bitmap->rows; i++ ) @@ -189,7 +189,7 @@ } else { - FT_Int len = ( width * bpp + 7 ) >> 3; + FT_UInt len = ( width * bpp + 7 ) >> 3; for ( i = 0; i < bitmap->rows; i++ ) @@ -220,7 +220,8 @@ { FT_Error error; unsigned char* p; - FT_Int i, x, y, pitch; + FT_Int i, x, pitch; + FT_UInt y; FT_Int xstr, ystr; @@ -459,8 +460,8 @@ case FT_PIXEL_MODE_LCD_V: case FT_PIXEL_MODE_BGRA: { - FT_Int pad; - FT_Long old_size; + FT_Int pad; + FT_ULong old_size; old_size = target->rows * target->pitch; Index: freetype-2.5.3/src/cache/ftcsbits.c =================================================================== --- freetype-2.5.3.orig/src/cache/ftcsbits.c +++ freetype-2.5.3/src/cache/ftcsbits.c @@ -142,12 +142,12 @@ goto BadGlyph; } - /* Check that our values fit into 8-bit containers! */ + /* Check whether our values fit into 8-bit containers! */ /* If this is not the case, our bitmap is too large */ /* and we will leave it as `missing' with sbit.buffer = 0 */ -#define CHECK_CHAR( d ) ( temp = (FT_Char)d, temp == d ) -#define CHECK_BYTE( d ) ( temp = (FT_Byte)d, temp == d ) +#define CHECK_CHAR( d ) ( temp = (FT_Char)d, (FT_Int) temp == (FT_Int) d ) +#define CHECK_BYTE( d ) ( temp = (FT_Byte)d, (FT_UInt)temp == (FT_UInt)d ) /* horizontal advance in pixels */ xadvance = ( slot->advance.x + 32 ) >> 6; Index: freetype-2.5.3/src/raster/ftraster.c =================================================================== --- freetype-2.5.3.orig/src/raster/ftraster.c +++ freetype-2.5.3/src/raster/ftraster.c @@ -2550,7 +2550,7 @@ e1 = TRUNC( e1 ); - if ( e1 >= 0 && e1 < ras.target.rows ) + if ( e1 >= 0 && (ULong)e1 < ras.target.rows ) { PByte p; @@ -2644,7 +2644,7 @@ /* bounding box instead */ if ( pxl < 0 ) pxl = e1; - else if ( TRUNC( pxl ) >= ras.target.rows ) + else if ( (ULong)( TRUNC( pxl ) ) >= ras.target.rows ) pxl = e2; /* check that the other pixel isn't set */ @@ -2659,9 +2659,9 @@ if ( ras.target.pitch > 0 ) bits += ( ras.target.rows - 1 ) * ras.target.pitch; - if ( e1 >= 0 && - e1 < ras.target.rows && - *bits & f1 ) + if ( e1 >= 0 && + (ULong)e1 < ras.target.rows && + *bits & f1 ) return; } else @@ -2673,7 +2673,7 @@ e1 = TRUNC( pxl ); - if ( e1 >= 0 && e1 < ras.target.rows ) + if ( e1 >= 0 && (ULong)e1 < ras.target.rows ) { bits -= e1 * ras.target.pitch; if ( ras.target.pitch > 0 ) ++++++ CVE-2014-9666.patch ++++++
From 257c270bd25e15890190a28a1456e7623bba4439 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Wed, 12 Nov 2014 20:42:13 +0000 Subject: [sfnt] Fix Savannah bug #43591.
* src/sfnt/ttsbit.c (tt_sbit_decoder_init): Protect against addition and multiplication overflow. --- diff --git a/src/sfnt/ttsbit.c b/src/sfnt/ttsbit.c index da6b01b..b37bd7d 100644 --- a/src/sfnt/ttsbit.c +++ b/src/sfnt/ttsbit.c @@ -394,9 +394,11 @@ p += 34; decoder->bit_depth = *p; - if ( decoder->strike_index_array > face->sbit_table_size || - decoder->strike_index_array + 8 * decoder->strike_index_count > - face->sbit_table_size ) + /* decoder->strike_index_array + */ + /* 8 * decoder->strike_index_count > face->sbit_table_size ? */ + if ( decoder->strike_index_array > face->sbit_table_size || + decoder->strike_index_count > + ( face->sbit_table_size - decoder->strike_index_array ) / 8 ) error = FT_THROW( Invalid_File_Format ); } -- cgit v0.9.0.2 ++++++ CVE-2014-9667.patch ++++++
From 677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Wed, 12 Nov 2014 20:26:44 +0000 Subject: [sfnt] Fix Savannah bug #43590.
* src/sfnt/ttload.c (check_table_dir, tt_face_load_font_dir): Protect against addition overflow. --- diff --git a/src/sfnt/ttload.c b/src/sfnt/ttload.c index 0a3cd29..8338150 100644 --- a/src/sfnt/ttload.c +++ b/src/sfnt/ttload.c @@ -207,7 +207,10 @@ } /* we ignore invalid tables */ - if ( table.Offset + table.Length > stream->size ) + + /* table.Offset + table.Length > stream->size ? */ + if ( table.Length > stream->size || + table.Offset > stream->size - table.Length ) { FT_TRACE2(( "check_table_dir: table entry %d invalid\n", nn )); continue; @@ -395,7 +398,10 @@ entry->Length = FT_GET_ULONG(); /* ignore invalid tables */ - if ( entry->Offset + entry->Length > stream->size ) + + /* entry->Offset + entry->Length > stream->size ? */ + if ( entry->Length > stream->size || + entry->Offset > stream->size - entry->Length ) continue; else { -- cgit v0.9.0.2 ++++++ CVE-2014-9668.patch ++++++
From f46add13895337ece929b18bb8f036431b3fb538 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Wed, 12 Nov 2014 20:06:08 +0000 Subject: [sfnt] Fix Savannah bug #43589.
* src/sfnt/sfobjs.c (woff_open_font): Protect against addition overflow. --- diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c index cfea9cd..70b988d 100644 --- a/src/sfnt/sfobjs.c +++ b/src/sfnt/sfobjs.c @@ -567,8 +567,10 @@ if ( table->Offset != woff_offset || - table->Offset + table->CompLength > woff.length || - sfnt_offset + table->OrigLength > woff.totalSfntSize || + table->CompLength > woff.length || + table->Offset > woff.length - table->CompLength || + table->OrigLength > woff.totalSfntSize || + sfnt_offset > woff.totalSfntSize - table->OrigLength || table->CompLength > table->OrigLength ) { error = FT_THROW( Invalid_Table ); -- cgit v0.9.0.2 ++++++ CVE-2014-9669.patch ++++++
From 602040b1112c9f94d68e200be59ea7ac3d104565 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Wed, 12 Nov 2014 19:51:20 +0000 Subject: [sfnt] Fix Savannah bug #43588.
* src/sfnt/ttcmap.c (tt_cmap8_validate, tt_cmap10_validate, tt_cmap12_validate, tt_cmap13_validate, tt_cmap14_validate): Protect against overflow in additions and multiplications. --- diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c index f9acf5d..712bd4f 100644 --- a/src/sfnt/ttcmap.c +++ b/src/sfnt/ttcmap.c @@ -1669,7 +1669,8 @@ p = is32 + 8192; /* skip `is32' array */ num_groups = TT_NEXT_ULONG( p ); - if ( p + num_groups * 12 > valid->limit ) + /* p + num_groups * 12 > valid->limit ? */ + if ( num_groups > (FT_UInt32)( valid->limit - p ) / 12 ) FT_INVALID_TOO_SHORT; /* check groups, they must be in increasing order */ @@ -1694,7 +1695,12 @@ if ( valid->level >= FT_VALIDATE_TIGHT ) { - if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ) + FT_UInt32 d = end - start; + + + /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */ + if ( d > TT_VALID_GLYPH_COUNT( valid ) || + start_id >= TT_VALID_GLYPH_COUNT( valid ) - d ) FT_INVALID_GLYPH_ID; count = (FT_UInt32)( end - start + 1 ); @@ -1892,7 +1898,9 @@ count = TT_NEXT_ULONG( p ); if ( length > (FT_ULong)( valid->limit - table ) || - length < 20 + count * 2 ) + /* length < 20 + count * 2 ? */ + length < 20 || + ( length - 20 ) / 2 < count ) FT_INVALID_TOO_SHORT; /* check glyph indices */ @@ -2079,7 +2087,9 @@ num_groups = TT_NEXT_ULONG( p ); if ( length > (FT_ULong)( valid->limit - table ) || - length < 16 + 12 * num_groups ) + /* length < 16 + 12 * num_groups ? */ + length < 16 || + ( length - 16 ) / 12 < num_groups ) FT_INVALID_TOO_SHORT; /* check groups, they must be in increasing order */ @@ -2101,7 +2111,12 @@ if ( valid->level >= FT_VALIDATE_TIGHT ) { - if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ) + FT_UInt32 d = end - start; + + + /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */ + if ( d > TT_VALID_GLYPH_COUNT( valid ) || + start_id >= TT_VALID_GLYPH_COUNT( valid ) - d ) FT_INVALID_GLYPH_ID; } @@ -2401,7 +2416,9 @@ num_groups = TT_NEXT_ULONG( p ); if ( length > (FT_ULong)( valid->limit - table ) || - length < 16 + 12 * num_groups ) + /* length < 16 + 12 * num_groups ? */ + length < 16 || + ( length - 16 ) / 12 < num_groups ) FT_INVALID_TOO_SHORT; /* check groups, they must be in increasing order */ @@ -2787,7 +2804,9 @@ num_selectors = TT_NEXT_ULONG( p ); if ( length > (FT_ULong)( valid->limit - table ) || - length < 10 + 11 * num_selectors ) + /* length < 10 + 11 * num_selectors ? */ + length < 10 || + ( length - 10 ) / 11 < num_selectors ) FT_INVALID_TOO_SHORT; /* check selectors, they must be in increasing order */ @@ -2823,7 +2842,8 @@ FT_ULong lastBase = 0; - if ( defp + numRanges * 4 > valid->limit ) + /* defp + numRanges * 4 > valid->limit ? */ + if ( numRanges > (FT_ULong)( valid->limit - defp ) / 4 ) FT_INVALID_TOO_SHORT; for ( i = 0; i < numRanges; ++i ) @@ -2850,7 +2870,8 @@ FT_ULong i, lastUni = 0; - if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ) + /* numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ? */ + if ( numMappings > ( (FT_ULong)( valid->limit - ndp ) ) / 4 ) FT_INVALID_TOO_SHORT; for ( i = 0; i < numMappings; ++i ) -- cgit v0.9.0.2 ++++++ CVE-2014-9670.patch ++++++
From ef1eba75187adfac750f326b563fe543dd5ff4e6 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Thu, 06 Nov 2014 22:25:05 +0000 Subject: Fix Savannah bug #43548.
* src/pcf/pcfread (pcf_get_encodings): Add sanity checks for row and column values. --- diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c index 8db31bd..668c962 100644 --- a/src/pcf/pcfread.c +++ b/src/pcf/pcfread.c @@ -830,6 +830,15 @@ THE SOFTWARE. if ( !PCF_FORMAT_MATCH( format, PCF_DEFAULT_FORMAT ) ) return FT_THROW( Invalid_File_Format ); + /* sanity checks */ + if ( firstCol < 0 || + firstCol > lastCol || + lastCol > 0xFF || + firstRow < 0 || + firstRow > lastRow || + lastRow > 0xFF ) + return FT_THROW( Invalid_Table ); + FT_TRACE4(( "pdf_get_encodings:\n" )); FT_TRACE4(( " firstCol %d, lastCol %d, firstRow %d, lastRow %d\n", -- cgit v0.9.0.2 ++++++ CVE-2014-9671.patch ++++++
From 0e2f5d518c60e2978f26400d110eff178fa7e3c3 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Thu, 06 Nov 2014 21:32:46 +0000 Subject: Fix Savannah bug #43547.
* src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset' values. --- diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c index f63377b..8db31bd 100644 --- a/src/pcf/pcfread.c +++ b/src/pcf/pcfread.c @@ -154,6 +154,21 @@ THE SOFTWARE. break; } + /* we now check whether the `size' and `offset' values are reasonable: */ + /* `offset' + `size' must not exceed the stream size */ + tables = face->toc.tables; + for ( n = 0; n < toc->count; n++ ) + { + /* we need two checks to avoid overflow */ + if ( ( tables->size > stream->size ) || + ( tables->offset > stream->size - tables->size ) ) + { + error = FT_THROW( Invalid_Table ); + goto Exit; + } + tables++; + } + #ifdef FT_DEBUG_LEVEL_TRACE { -- cgit v0.9.0.2 ++++++ CVE-2014-9672.patch ++++++
From 18a8f0d9943369449bc4de92d411c78fb08d616c Mon Sep 17 00:00:00 2001 From: suzuki toshiya
Date: Wed, 26 Nov 2014 07:11:38 +0000 Subject: Fix Savannah bug #43540.
* src/base/ftmac.c (parse_fond): Prevent a buffer overrun caused by a font including too many (> 63) strings to store names[] table. --- diff --git a/src/base/ftmac.c b/src/base/ftmac.c index 9b49da8..184a2e1 100644 --- a/src/base/ftmac.c +++ b/src/base/ftmac.c @@ -440,9 +440,10 @@ style = (StyleTable*)p; p += sizeof ( StyleTable ); string_count = EndianS16_BtoN( *(short*)(p) ); + string_count = FT_MIN( 64, string_count ); p += sizeof ( short ); - for ( i = 0; i < string_count && i < 64; i++ ) + for ( i = 0; i < string_count; i++ ) { names[i] = p; p += names[i][0]; @@ -459,7 +460,7 @@ ps_name[ps_name_len] = 0; } if ( style->indexes[face_index] > 1 && - style->indexes[face_index] <= FT_MIN( string_count, 64 ) ) + style->indexes[face_index] <= string_count ) { unsigned char* suffixes = names[style->indexes[face_index] - 1]; -- cgit v0.9.0.2 ++++++ CVE-2014-9673.patch ++++++
From 35252ae9aa1dd9343e9f4884e9ddb1fee10ef415 Mon Sep 17 00:00:00 2001 From: suzuki toshiya
Date: Wed, 26 Nov 2014 06:52:23 +0000 Subject: Fix Savannah bug #43539.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Fix integer overflow by a broken POST table in resource-fork. --- Index: freetype-2.5.3/src/base/ftobjs.c =================================================================== --- freetype-2.5.3.orig/src/base/ftobjs.c +++ freetype-2.5.3/src/base/ftobjs.c @@ -1627,6 +1627,11 @@ goto Exit2; if ( FT_READ_LONG( rlen ) ) goto Exit; + if ( rlen < 0 ) + { + error = FT_THROW( Invalid_Offset ); + goto Exit2; + } if ( FT_READ_USHORT( flags ) ) goto Exit; FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", @@ -1644,7 +1649,14 @@ rlen = 0; if ( ( flags >> 8 ) == type ) + { + if ( 0x7FFFFFFFL - rlen < len ) + { + error = FT_THROW( Array_Too_Large ); + goto Exit2; + } len += rlen; + } else { if ( pfb_lenpos + 3 > pfb_len + 2 ) @@ -1673,6 +1685,11 @@ } error = FT_ERR( Cannot_Open_Resource ); + if ( rlen > 0x7FFFFFFFL - pfb_pos ) + { + error = FT_THROW( Array_Too_Large ); + goto Exit2; + } if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len ) goto Exit2; ++++++ CVE-2014-9674.patch ++++++
From 240c94a185cd8dae7d03059abec8a5662c35ecd3 Mon Sep 17 00:00:00 2001 From: suzuki toshiya
Date: Wed, 26 Nov 2014 06:43:29 +0000 Subject: Fix Savannah bug #43538.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Fix integer overflow by a broken POST table in resource-fork. --- Index: freetype-2.5.3/src/base/ftobjs.c =================================================================== --- freetype-2.5.3.orig/src/base/ftobjs.c +++ freetype-2.5.3/src/base/ftobjs.c @@ -1583,9 +1583,9 @@ FT_Memory memory = library->memory; FT_Byte* pfb_data = NULL; int i, type, flags; - FT_Long len; - FT_Long pfb_len, pfb_pos, pfb_lenpos; - FT_Long rlen, temp; + FT_ULong len; + FT_ULong pfb_len, pfb_pos, pfb_lenpos; + FT_ULong rlen, temp; if ( face_index == -1 ) @@ -1601,11 +1601,34 @@ error = FT_Stream_Seek( stream, offsets[i] ); if ( error ) goto Exit; - if ( FT_READ_LONG( temp ) ) + if ( FT_READ_ULONG( temp ) ) goto Exit; + + /* FT2 allocator takes signed long buffer length, + * too large value causing overflow should be checked + */ + FT_TRACE4(( " POST fragment #%d: length=0x%08x\n", + i, temp)); + if ( 0x7FFFFFFFUL < temp || pfb_len + temp + 6 < pfb_len ) + { + FT_TRACE2(( " too long fragment length makes" + " pfb_len confused: temp=0x%08x\n", temp )); + error = FT_THROW( Invalid_Offset ); + goto Exit; + } + pfb_len += temp + 6; } + FT_TRACE2(( " total buffer size to concatenate %d" + " POST fragments: 0x%08x\n", + resource_cnt, pfb_len + 2)); + if ( pfb_len + 2 < 6 ) { + FT_TRACE2(( " too long fragment length makes" + " pfb_len confused: pfb_len=0x%08x\n", pfb_len )); + error = FT_THROW( Array_Too_Large ); + goto Exit; + } if ( FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 ) ) goto Exit; @@ -1625,21 +1648,30 @@ error = FT_Stream_Seek( stream, offsets[i] ); if ( error ) goto Exit2; - if ( FT_READ_LONG( rlen ) ) + if ( FT_READ_ULONG( rlen ) ) goto Exit; - if ( rlen < 0 ) + + /* FT2 allocator takes signed long buffer length, + * too large fragment length causing overflow should be checked + */ + if ( 0x7FFFFFFFUL < rlen ) { error = FT_THROW( Invalid_Offset ); goto Exit2; } + if ( FT_READ_USHORT( flags ) ) goto Exit; FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", i, offsets[i], rlen, flags )); + error = FT_ERR( Array_Too_Large ); /* postpone the check of rlen longer than buffer until FT_Stream_Read() */ if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */ + { + FT_TRACE3(( " Skip POST fragment #%d because it is a comment\n", i )); continue; + } /* the flags are part of the resource, so rlen >= 2. */ /* but some fonts declare rlen = 0 for empty fragment */ @@ -1649,16 +1681,11 @@ rlen = 0; if ( ( flags >> 8 ) == type ) - { - if ( 0x7FFFFFFFL - rlen < len ) - { - error = FT_THROW( Array_Too_Large ); - goto Exit2; - } len += rlen; - } else { + FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer" + " 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos )); if ( pfb_lenpos + 3 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_lenpos ] = (FT_Byte)( len ); @@ -1669,6 +1696,8 @@ if ( ( flags >> 8 ) == 5 ) /* End of font mark */ break; + FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer" + " 0x%p + 0x%08x\n", i, pfb_data, pfb_pos )); if ( pfb_pos + 6 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_pos++] = 0x80; @@ -1684,21 +1713,18 @@ pfb_data[pfb_pos++] = 0; } - error = FT_ERR( Cannot_Open_Resource ); - if ( rlen > 0x7FFFFFFFL - pfb_pos ) - { - error = FT_THROW( Array_Too_Large ); - goto Exit2; - } if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len ) goto Exit2; + FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer" + " 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos )); error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen ); if ( error ) goto Exit2; pfb_pos += rlen; } + error = FT_ERR( Array_Too_Large ); if ( pfb_pos + 2 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_pos++] = 0x80; @@ -1719,6 +1745,13 @@ aface ); Exit2: + if ( error == FT_ERR( Array_Too_Large ) ) + FT_TRACE2(( " Abort due to too-short buffer to store" + " all POST fragments\n" )); + else if ( error == FT_ERR( Invalid_Offset ) ) + FT_TRACE2(( " Abort due to invalid offset in a POST fragment\n" )); + if ( error ) + error = FT_ERR( Cannot_Open_Resource ); FT_FREE( pfb_data ); Exit: ++++++ CVE-2014-9675.patch ++++++
From 2c4832d30939b45c05757f0a05128ce64c4cacc7 Mon Sep 17 00:00:00 2001 From: Werner Lemberg
Date: Fri, 07 Nov 2014 06:42:33 +0000 Subject: Fix Savannah bug #43535.
* src/bdf/bdflib.c (_bdf_strncmp): New macro that checks one character more than `strncmp'. s/ft_strncmp/_bdf_strncmp/ everywhere. --- Index: freetype-2.5.3/src/bdf/bdflib.c =================================================================== --- freetype-2.5.3.orig/src/bdf/bdflib.c +++ freetype-2.5.3/src/bdf/bdflib.c @@ -169,6 +169,18 @@ sizeof ( _bdf_properties[0] ); + /* An auxiliary macro to parse properties, to be used in conditionals. */ + /* It behaves like `strncmp' but also tests the following character */ + /* whether it is a whitespace or NULL. */ + /* `property' is a constant string of length `n' to compare with. */ +#define _bdf_strncmp( name, property, n ) \ + ( ft_strncmp( name, property, n ) || \ + !( name[n] == ' ' || \ + name[n] == '\0' || \ + name[n] == '\n' || \ + name[n] == '\r' || \ + name[n] == '\t' ) ) + /* Auto correction messages. */ #define ACMSG1 "FONT_ASCENT property missing. " \ "Added `FONT_ASCENT %hd'.\n" @@ -1408,7 +1420,7 @@ /* If the property happens to be a comment, then it doesn't need */ /* to be added to the internal hash table. */ - if ( ft_strncmp( name, "COMMENT", 7 ) != 0 ) + if ( _bdf_strncmp( name, "COMMENT", 7 ) != 0 ) { /* Add the property to the font property table. */ error = hash_insert( fp->name, @@ -1426,13 +1438,13 @@ /* FONT_ASCENT and FONT_DESCENT need to be assigned if they are */ /* present, and the SPACING property should override the default */ /* spacing. */ - if ( ft_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 ) + if ( _bdf_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 ) font->default_char = fp->value.l; - else if ( ft_strncmp( name, "FONT_ASCENT", 11 ) == 0 ) + else if ( _bdf_strncmp( name, "FONT_ASCENT", 11 ) == 0 ) font->font_ascent = fp->value.l; - else if ( ft_strncmp( name, "FONT_DESCENT", 12 ) == 0 ) + else if ( _bdf_strncmp( name, "FONT_DESCENT", 12 ) == 0 ) font->font_descent = fp->value.l; - else if ( ft_strncmp( name, "SPACING", 7 ) == 0 ) + else if ( _bdf_strncmp( name, "SPACING", 7 ) == 0 ) { if ( !fp->value.atom ) { @@ -1490,7 +1502,7 @@ memory = font->memory; /* Check for a comment. */ - if ( ft_strncmp( line, "COMMENT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 ) { linelen -= 7; @@ -1507,7 +1519,7 @@ /* The very first thing expected is the number of glyphs. */ if ( !( p->flags & _BDF_GLYPHS ) ) { - if ( ft_strncmp( line, "CHARS", 5 ) != 0 ) + if ( _bdf_strncmp( line, "CHARS", 5 ) != 0 ) { FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "CHARS" )); error = FT_THROW( Missing_Chars_Field ); @@ -1541,7 +1553,7 @@ } /* Check for the ENDFONT field. */ - if ( ft_strncmp( line, "ENDFONT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "ENDFONT", 7 ) == 0 ) { if ( p->flags & _BDF_GLYPH_BITS ) { @@ -1563,7 +1575,7 @@ } /* Check for the ENDCHAR field. */ - if ( ft_strncmp( line, "ENDCHAR", 7 ) == 0 ) + if ( _bdf_strncmp( line, "ENDCHAR", 7 ) == 0 ) { p->glyph_enc = 0; p->flags &= ~_BDF_GLYPH_BITS; @@ -1579,7 +1591,7 @@ goto Exit; /* Check for the STARTCHAR field. */ - if ( ft_strncmp( line, "STARTCHAR", 9 ) == 0 ) + if ( _bdf_strncmp( line, "STARTCHAR", 9 ) == 0 ) { /* Set the character name in the parse info first until the */ /* encoding can be checked for an unencoded character. */ @@ -1613,7 +1625,7 @@ } /* Check for the ENCODING field. */ - if ( ft_strncmp( line, "ENCODING", 8 ) == 0 ) + if ( _bdf_strncmp( line, "ENCODING", 8 ) == 0 ) { if ( !( p->flags & _BDF_GLYPH ) ) { @@ -1799,7 +1811,7 @@ } /* Expect the SWIDTH (scalable width) field next. */ - if ( ft_strncmp( line, "SWIDTH", 6 ) == 0 ) + if ( _bdf_strncmp( line, "SWIDTH", 6 ) == 0 ) { if ( !( p->flags & _BDF_ENCODING ) ) goto Missing_Encoding; @@ -1815,7 +1827,7 @@ } /* Expect the DWIDTH (scalable width) field next. */ - if ( ft_strncmp( line, "DWIDTH", 6 ) == 0 ) + if ( _bdf_strncmp( line, "DWIDTH", 6 ) == 0 ) { if ( !( p->flags & _BDF_ENCODING ) ) goto Missing_Encoding; @@ -1843,7 +1855,7 @@ } /* Expect the BBX field next. */ - if ( ft_strncmp( line, "BBX", 3 ) == 0 ) + if ( _bdf_strncmp( line, "BBX", 3 ) == 0 ) { if ( !( p->flags & _BDF_ENCODING ) ) goto Missing_Encoding; @@ -1911,7 +1923,7 @@ } /* And finally, gather up the bitmap. */ - if ( ft_strncmp( line, "BITMAP", 6 ) == 0 ) + if ( _bdf_strncmp( line, "BITMAP", 6 ) == 0 ) { unsigned long bitmap_size; @@ -1986,7 +1998,7 @@ p = (_bdf_parse_t *) client_data; /* Check for the end of the properties. */ - if ( ft_strncmp( line, "ENDPROPERTIES", 13 ) == 0 ) + if ( _bdf_strncmp( line, "ENDPROPERTIES", 13 ) == 0 ) { /* If the FONT_ASCENT or FONT_DESCENT properties have not been */ /* encountered yet, then make sure they are added as properties and */ @@ -2027,12 +2039,12 @@ } /* Ignore the _XFREE86_GLYPH_RANGES properties. */ - if ( ft_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 ) + if ( _bdf_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 ) goto Exit; /* Handle COMMENT fields and properties in a special way to preserve */ /* the spacing. */ - if ( ft_strncmp( line, "COMMENT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 ) { name = value = line; value += 7; @@ -2096,7 +2108,7 @@ /* Check for a comment. This is done to handle those fonts that have */ /* comments before the STARTFONT line for some reason. */ - if ( ft_strncmp( line, "COMMENT", 7 ) == 0 ) + if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 ) { if ( p->opts->keep_comments != 0 && p->font != 0 ) { @@ -2122,7 +2134,7 @@ { memory = p->memory; - if ( ft_strncmp( line, "STARTFONT", 9 ) != 0 ) + if ( _bdf_strncmp( line, "STARTFONT", 9 ) != 0 ) { /* we don't emit an error message since this code gets */ /* explicitly caught one level higher */ @@ -2170,7 +2182,7 @@ } /* Check for the start of the properties. */ - if ( ft_strncmp( line, "STARTPROPERTIES", 15 ) == 0 ) + if ( _bdf_strncmp( line, "STARTPROPERTIES", 15 ) == 0 ) { if ( !( p->flags & _BDF_FONT_BBX ) ) { @@ -2199,7 +2211,7 @@ } /* Check for the FONTBOUNDINGBOX field. */ - if ( ft_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 ) + if ( _bdf_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 ) { if ( !( p->flags & _BDF_SIZE ) ) { @@ -2230,7 +2242,7 @@ } /* The next thing to check for is the FONT field. */ - if ( ft_strncmp( line, "FONT", 4 ) == 0 ) + if ( _bdf_strncmp( line, "FONT", 4 ) == 0 ) { error = _bdf_list_split( &p->list, (char *)" +", line, linelen ); if ( error ) @@ -2265,7 +2277,7 @@ } /* Check for the SIZE field. */ - if ( ft_strncmp( line, "SIZE", 4 ) == 0 ) + if ( _bdf_strncmp( line, "SIZE", 4 ) == 0 ) { if ( !( p->flags & _BDF_FONT_NAME ) ) { @@ -2319,7 +2331,7 @@ } /* Check for the CHARS field -- font properties are optional */ - if ( ft_strncmp( line, "CHARS", 5 ) == 0 ) + if ( _bdf_strncmp( line, "CHARS", 5 ) == 0 ) { char nbuf[128]; ++++++ baselibs.conf ++++++ libfreetype6 obsoletes "freetype2-<targettype> < <version>" provides "freetype2-<targettype> = <version>" freetype2-devel requires -freetype2-<targettype> requires "libfreetype6-<targettype>" requires "zlib-devel-<targettype>" ++++++ bugzilla-308961-cmex-workaround.patch ++++++ --- src/base/ftobjs.c | 5 +++++ 1 file changed, 5 insertions(+) Index: freetype-2.4.11/src/base/ftobjs.c =================================================================== --- freetype-2.4.11.orig/src/base/ftobjs.c +++ freetype-2.4.11/src/base/ftobjs.c @@ -2187,10 +2187,15 @@ /* some checks */ if ( FT_IS_SCALABLE( face ) ) { + if ( face->family_name && strncmp(face->family_name, "CMEX", 4 ) == 0){ + face->underline_position = (FT_Short)( -face->units_per_EM / 10 ); + face->underline_thickness = (FT_Short)( face->units_per_EM / 30 ); + } + if ( face->height < 0 ) face->height = (FT_Short)-face->height; if ( !FT_HAS_VERTICAL( face ) ) face->max_advance_height = (FT_Short)face->height; ++++++ don-t-mark-libpng-as-required-library.patch ++++++
From cef195062aa7f509a60b8765661ba4babd85b79c Mon Sep 17 00:00:00 2001 From: Hrvoje Senjan
Date: Sun, 9 Mar 2014 20:09:12 +0100 Subject: [PATCH 1/1] Don't mark libpng as required library
It is private in .pc anyway --- diff --git a/builds/unix/configure b/builds/unix/configure index 4ae00dd..c3101e2 100755 --- a/builds/unix/configure +++ b/builds/unix/configure @@ -13692,7 +13692,6 @@ esac # entries in Requires.private are separated by commas; REQUIRES_PRIVATE="$zlib_reqpriv, \ $bzip2_reqpriv, \ - $libpng_reqpriv, \ $harfbuzz_reqpriv" # beautify REQUIRES_PRIVATE=`echo "$REQUIRES_PRIVATE" \ @@ -13718,7 +13717,6 @@ LIBS_PRIVATE=`echo "$LIBS_PRIVATE" \ LIBS_CONFIG="-lfreetype \ $ZLIB_LIBS \ $BZIP2_LIBS \ - $LIBPNG_LIBS \ $HARFBUZZ_LIBS \ $ft2_extra_libs" # remove -L/usr/lib and -L/usr/lib64 since `freetype-config' adds them later diff --git a/builds/unix/configure.raw b/builds/unix/configure.raw index dd7e576..bac2645 100644 --- a/builds/unix/configure.raw +++ b/builds/unix/configure.raw @@ -914,7 +914,6 @@ esac # entries in Requires.private are separated by commas; REQUIRES_PRIVATE="$zlib_reqpriv, \ $bzip2_reqpriv, \ - $libpng_reqpriv, \ $harfbuzz_reqpriv" # beautify REQUIRES_PRIVATE=`echo "$REQUIRES_PRIVATE" \ @@ -940,7 +939,6 @@ LIBS_PRIVATE=`echo "$LIBS_PRIVATE" \ LIBS_CONFIG="-lfreetype \ $ZLIB_LIBS \ $BZIP2_LIBS \ - $LIBPNG_LIBS \ $HARFBUZZ_LIBS \ $ft2_extra_libs" # remove -L/usr/lib and -L/usr/lib64 since `freetype-config' adds them later ++++++ freetype2-bitmap-foundry.patch ++++++ --- src/pcf/pcfread.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) Index: freetype-2.4.11/src/pcf/pcfread.c =================================================================== --- freetype-2.4.11.orig/src/pcf/pcfread.c +++ freetype-2.4.11/src/pcf/pcfread.c @@ -1173,12 +1173,38 @@ THE SOFTWARE. goto Exit; prop = pcf_find_property( face, "FAMILY_NAME" ); if ( prop && prop->isString ) { - if ( FT_STRDUP( root->family_name, prop->value.atom ) ) - goto Exit; + int l = ft_strlen( prop->value.atom ) + 1; + int wide = 0; + PCF_Property foundry_prop = pcf_find_property( face, "FOUNDRY" ); + PCF_Property point_size_prop = pcf_find_property( face, "POINT_SIZE" ); + PCF_Property average_width_prop = pcf_find_property( face, "AVERAGE_WIDTH" ); + if ( point_size_prop != NULL && average_width_prop != NULL) { + if ( average_width_prop->value.l >= point_size_prop->value.l ) { + /* This font is at least square shaped or even wider */ + wide = 1; + l += ft_strlen( " Wide"); + } + } + if ( foundry_prop != NULL && foundry_prop->isString) { + l += ft_strlen( foundry_prop->value.atom ) + 1; + if ( FT_NEW_ARRAY( root->family_name, l ) ) + goto Exit; + ft_strcpy( root->family_name, foundry_prop->value.atom ); + strcat( root->family_name, " "); + strcat( root->family_name, prop->value.atom ); + } + else { + if ( FT_NEW_ARRAY( root->family_name, l ) ) + goto Exit; + ft_strcpy( root->family_name, prop->value.atom ); + } + if ( wide != 0) { + strcat( root->family_name, " Wide"); + } } else root->family_name = NULL; /* ++++++ freetype2-subpixel.patch ++++++ Index: freetype-2.4.11/include/config/ftoption.h =================================================================== --- freetype-2.4.11.orig/include/config/ftoption.h +++ freetype-2.4.11/include/config/ftoption.h @@ -92,7 +92,7 @@ FT_BEGIN_HEADER /* This is done to allow FreeType clients to run unmodified, forcing */ /* them to display normal gray-level anti-aliased glyphs. */ /* */ -/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */ +#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING /*************************************************************************/ @@ -577,7 +577,7 @@ FT_BEGIN_HEADER /* This option requires TT_CONFIG_OPTION_BYTECODE_INTERPRETER to be */ /* defined. */ /* */ -/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING */ +#define TT_CONFIG_OPTION_SUBPIXEL_HINTING /*************************************************************************/ ++++++ overflow.patch ++++++ diff -Naur ft2demos-2.5.1/src/ttdebug.c ft2demos-2.5.1.new/src/ttdebug.c --- ft2demos-2.5.1/src/ttdebug.c 2013-11-05 12:31:57.452397772 +0100 +++ ft2demos-2.5.1.new/src/ttdebug.c 2013-12-08 23:40:31.756506259 +0100 @@ -1905,11 +1905,11 @@ FT_Library_Version( library, &major, &minor, &patch ); - offset = snprintf( version_string, 64 + 1, + offset = snprintf( version_string, sizeof(version_string), "ttdebug (FreeType) %d.%d", major, minor ); if ( patch ) - offset = snprintf( version_string + offset, 64 + 1 - offset, + offset = snprintf( version_string + offset, sizeof(version_string) - offset, ".%d", patch ); } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org