pool/fontforge
SHA256
12
0
Fork 2
Code Issues Pull Requests Activity

Accepting request 1280084 from M17N

Browse Source 
- Update to version 20230101+git59.770356c9b:
  * Add contour draw option to H.Metrics. (#5496)
  * Fix memory corruption in SFUnicodeRanges() (#5537)
  * Bump GitHub CI runner to Ubuntu 22 (#5551)
  * Fix CI for Ubuntu 24 (#5531)
  * Avoid crashes in Python scripts when objects are accessed in
    invalid state (#5483)
  * fix memleak in function utf7toutf8_copy (#5495)
  * Modernize fixed pitch flag computation (#5506)
  * Segfault fix and complete implementation of "Don't generate
    FFTM tables" (#5509)
  * Make SmallCaps() translate symbols, too.  Update
    documentation accordingly. (#5517)
  * Fix function PyFFFont_addSmallCaps. (#5519)
  * Warning rollup (probably some hidden bugs!) from clang trunk
    (#5492)
  * Update mm.c (#5386)
  * fix memleak in function DlgCreate8 (#5491)
  * Fix Python font.appendSFNTName() function (#5494)
  * Allow hyphen and special characters in Feature File glyph names
    (#5358)
  * Update CI runner to macOS 13 (#5482)
  * add math device tables to Python API (#5348)
  * Only install GUI-specific files if ENABLE_GUI is set (#5451)
  * Fix resource leak in unParseTTInstrs (#5476)
  * Use PyConfig API on Python 3.8 (#5404)
  * Use sysconfig for Python module locations (#5423)
  * More crowdin fix
  * Python script shall trigger no asserts (#5410)
  * crowdin: update to java 17 (#5447)

OBS-URL: https://build.opensuse.org/request/show/1280084
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fontforge?expand=0&rev=61
This commit is contained in:
Ana Guerrero
2025-05-27 16:49:52 +00:00
committed by Git OBS Bridge
parent b99dde5e8f b0f8261351
commit 45a14c5410
10 changed files with 110 additions and 9041 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
20230101.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

8803
642d8a3db6d4bc0e70b429622fdf01ecb09c4c10.patch
View File

File diff suppressed because it is too large Load Diff

17
_service Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0"?>
<services>
<service name="obs_scm" mode="manual">
<param name="scm">git</param>
<param name="url">https://github.com/fontforge/fontforge.git</param>
<param name="revision">master</param>
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="changesgenerate">enable</param>
</service>
<service name="tar" mode="buildtime"/>
<service name="recompress" mode="buildtime">
<param name="file">*.tar</param>
<param name="compression">zst</param>
</service>
<service name="set_version" mode="manual" />
</services>

4
_servicedata Normal file
View File

@@ -0,0 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/fontforge/fontforge.git</param>
<param name="changesrevision">770356c9b52c003939a36ed3df711b08805efb3c</param></service></servicedata>

3
fontforge-20230101+git59.770356c9b.obscpio Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:215082d941d21a78503cb5beaadd25e543270b6429f96bc69c9cd2a16e8af0ad
size 51817486

172
fontforge-CVE-2024-25081-CVE-2024-25082.patch
View File

@@ -1,172 +0,0 @@
commit 216eb14b558df344b206bf82e2bdaf03a1f2f429 (HEAD -> 216eb14b558df344b206bf82e2bdaf03a1f2f429_CVE-2024-25081_CVE-2024-25082)
Author: Peter Kydas <pk@canva.com>
Date: Tue Feb 6 20:03:04 2024 +1100
fix splinefont shell command injection (#5367)
diff -Nura fontforge-20230101/fontforge/splinefont.c fontforge-20230101_new/fontforge/splinefont.c
--- fontforge-20230101/fontforge/splinefont.c 2023-01-01 13:25:21.000000000 +0800
+++ fontforge-20230101_new/fontforge/splinefont.c 2024-03-04 21:23:26.813893591 +0800
@@ -788,11 +788,14 @@
char *Unarchive(char *name, char **_archivedir) {
char *dir = getenv("TMPDIR");
- char *pt, *archivedir, *listfile, *listcommand, *unarchivecmd, *desiredfile;
+ char *pt, *archivedir, *listfile, *desiredfile;
char *finalfile;
int i;
int doall=false;
static int cnt=0;
+ gchar *command[5];
+ gchar *stdoutresponse = NULL;
+ gchar *stderrresponse = NULL;
*_archivedir = NULL;
@@ -827,18 +830,30 @@
listfile = malloc(strlen(archivedir)+strlen("/" TOC_NAME)+1);
sprintf( listfile, "%s/" TOC_NAME, archivedir );
- listcommand = malloc( strlen(archivers[i].unarchive) + 1 +
- strlen( archivers[i].listargs) + 1 +
- strlen( name ) + 3 +
- strlen( listfile ) +4 );
- sprintf( listcommand, "%s %s %s > %s", archivers[i].unarchive,
- archivers[i].listargs, name, listfile );
- if ( system(listcommand)!=0 ) {
- free(listcommand); free(listfile);
- ArchiveCleanup(archivedir);
-return( NULL );
+ command[0] = archivers[i].unarchive;
+ command[1] = archivers[i].listargs;
+ command[2] = name;
+ command[3] = NULL; // command args need to be NULL-terminated
+
+ if ( g_spawn_sync(
+ NULL,
+ command,
+ NULL,
+ G_SPAWN_SEARCH_PATH,
+ NULL,
+ NULL,
+ &stdoutresponse,
+ &stderrresponse,
+ NULL,
+ NULL
+ ) == FALSE) { // did not successfully execute
+ ArchiveCleanup(archivedir);
+ return( NULL );
}
- free(listcommand);
+ // Write out the listfile to be read in later
+ FILE *fp = fopen(listfile, "wb");
+ fwrite(stdoutresponse, strlen(stdoutresponse), 1, fp);
+ fclose(fp);
desiredfile = ArchiveParseTOC(listfile, archivers[i].ars, &doall);
free(listfile);
@@ -847,22 +862,28 @@
return( NULL );
}
- /* I tried sending everything to stdout, but that doesn't work if the */
- /* output is a directory file (ufo, sfdir) */
- unarchivecmd = malloc( strlen(archivers[i].unarchive) + 1 +
- strlen( archivers[i].listargs) + 1 +
- strlen( name ) + 1 +
- strlen( desiredfile ) + 3 +
- strlen( archivedir ) + 30 );
- sprintf( unarchivecmd, "( cd %s ; %s %s %s %s ) > /dev/null", archivedir,
- archivers[i].unarchive,
- archivers[i].extractargs, name, doall ? "" : desiredfile );
- if ( system(unarchivecmd)!=0 ) {
- free(unarchivecmd); free(desiredfile);
- ArchiveCleanup(archivedir);
-return( NULL );
+ command[0] = archivers[i].unarchive;
+ command[1] = archivers[i].extractargs;
+ command[2] = name;
+ command[3] = doall ? "" : desiredfile;
+ command[4] = NULL;
+
+ if ( g_spawn_sync(
+ (gchar*)archivedir,
+ command,
+ NULL,
+ G_SPAWN_SEARCH_PATH,
+ NULL,
+ NULL,
+ &stdoutresponse,
+ &stderrresponse,
+ NULL,
+ NULL
+ ) == FALSE) { // did not successfully execute
+ free(desiredfile);
+ ArchiveCleanup(archivedir);
+ return( NULL );
}
- free(unarchivecmd);
finalfile = malloc( strlen(archivedir) + 1 + strlen(desiredfile) + 1);
sprintf( finalfile, "%s/%s", archivedir, desiredfile );
@@ -885,8 +906,12 @@
char *Decompress(char *name, int compression) {
char *dir = getenv("TMPDIR");
- char buf[1500];
char *tmpfn;
+ gchar *command[4];
+ gint stdout_pipe;
+ gchar buffer[4096];
+ gssize bytes_read;
+ GByteArray *binary_data = g_byte_array_new();
if ( dir==NULL ) dir = P_tmpdir;
tmpfn = malloc(strlen(dir)+strlen(GFileNameTail(name))+2);
@@ -894,11 +919,41 @@
strcat(tmpfn,"/");
strcat(tmpfn,GFileNameTail(name));
*strrchr(tmpfn,'.') = '\0';
- snprintf( buf, sizeof(buf), "%s < %s > %s", compressors[compression].decomp, name, tmpfn );
- if ( system(buf)==0 )
-return( tmpfn );
- free(tmpfn);
-return( NULL );
+
+ command[0] = compressors[compression].decomp;
+ command[1] = "-c";
+ command[2] = name;
+ command[3] = NULL;
+
+ // Have to use async because g_spawn_sync doesn't handle nul-bytes in the output (which happens with binary data)
+ if (g_spawn_async_with_pipes(
+ NULL,
+ command,
+ NULL,
+ G_SPAWN_DO_NOT_REAP_CHILD | G_SPAWN_SEARCH_PATH,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &stdout_pipe,
+ NULL,
+ NULL) == FALSE) {
+ //command has failed
+ return( NULL );
+ }
+
+ // Read binary data from pipe and output to file
+ while ((bytes_read = read(stdout_pipe, buffer, sizeof(buffer))) > 0) {
+ g_byte_array_append(binary_data, (guint8 *)buffer, bytes_read);
+ }
+ close(stdout_pipe);
+
+ FILE *fp = fopen(tmpfn, "wb");
+ fwrite(binary_data->data, sizeof(gchar), binary_data->len, fp);
+ fclose(fp);
+ g_byte_array_free(binary_data, TRUE);
+
+ return(tmpfn);
}
static char *ForceFileToHaveName(FILE *file, char *exten) {

80
fontforge.changes
View File

@@ -1,3 +1,81 @@
-------------------------------------------------------------------
Mon May 26 06:39:39 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
- Update to version 20230101+git59.770356c9b:
* Add contour draw option to H.Metrics. (#5496)
* Fix memory corruption in SFUnicodeRanges() (#5537)
* Bump GitHub CI runner to Ubuntu 22 (#5551)
* Fix CI for Ubuntu 24 (#5531)
* Avoid crashes in Python scripts when objects are accessed in
invalid state (#5483)
* fix memleak in function utf7toutf8_copy (#5495)
* Modernize fixed pitch flag computation (#5506)
* Segfault fix and complete implementation of "Don't generate
FFTM tables" (#5509)
* Make SmallCaps() translate symbols, too. Update
documentation accordingly. (#5517)
* Fix function PyFFFont_addSmallCaps. (#5519)
* Warning rollup (probably some hidden bugs!) from clang trunk
(#5492)
* Update mm.c (#5386)
* fix memleak in function DlgCreate8 (#5491)
* Fix Python font.appendSFNTName() function (#5494)
* Allow hyphen and special characters in Feature File glyph names
(#5358)
* Update CI runner to macOS 13 (#5482)
* add math device tables to Python API (#5348)
* Only install GUI-specific files if ENABLE_GUI is set (#5451)
* Fix resource leak in unParseTTInstrs (#5476)
* Use PyConfig API on Python 3.8 (#5404)
* Use sysconfig for Python module locations (#5423)
* More crowdin fix
* Python script shall trigger no asserts (#5410)
* crowdin: update to java 17 (#5447)
* try fix crowdin
* Fix generated feature file bugs (#5384)
* Defer crowdin update to the end of the pipeline (#5409)
* Fix export of supplementary plane characters in font name to
TTF (#5396)
* Don't attempt to copy anchors into NULL font (#5405)
* Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379)
* Compare vertical metrics check when generating TTC (#5372)
* Fix data corruption on SFD reading (#5380)
* doc: added missing sudo to installation instructions (#5300)
* Remove `psaltnames` for multi-code-point names (#5305)
* Support suplementary planes in SFD (emojis etc.) (#5364)
* Fix the lists of Windows language IDs (#5359)
* fix splinefont shell command injection (#5367)
* Bulk tester (#5365)
* add `font.style_set_names` attribute to Python API (#5354)
* Fix typos in the FAQ (#5355)
* Autoselect internal WOFF2 format (#5346)
* fix segfault triggered by Python `del c[i:j]` (#5352)
* add `font` attributes, method to Python docs (#5353)
* Always set `usDefaultChar` to 0 (.notdef) (#5242)
* Fix generateFontPostHook being called instead of
generateFontPreHook (#5226)
* nltransform of anchor points (#5345)
* Don't require individual tuple encapsulation in
fontforge.font.bitmapSizes setter (#5138)
* Fix CMake function _get_git_version() (#5342)
* Handle failed iconv conversion. Unhandled execution path was
UB, causing a segfault for me (#5329)
* Fix crash in parsegvar() due to insufficient buffer (#5339)
* Quiet strict prototypes warnings. (#5313)
* harmonizing can now no longer produce zero handles, the
computation of harmonization is now numerically robust (#5262)
* Fix glyph file names uXXXXX (#5333)
* Fix lookup flags parsing (#5338)
* Duplicate libfontforge.dll for "py" and "pyhook" tests. (#5335)
* Use consistent Python in MacOS GitHub runner (#5331)
* Update po files from Croudin sources after fixing problems
* Fix GinHub CI runners (#5328)
* Update local scripts directory (#5180)
- Remove patches already included by upstream:
* fontforge-CVE-2024-25081-CVE-2024-25082.patch
* 642d8a3db6d4bc0e70b429622fdf01ecb09c4c10.patch
* use-sysconfig-not-distutils.patch
-------------------------------------------------------------------
Thu Nov 21 20:31:36 UTC 2024 - Dirk Müller <dmueller@suse.com>
@@ -722,7 +800,7 @@ Tue Apr 10 2001 - Scott Pakin <pakin@uiuc.edu>
- Upgraded from 210301 to 020401.
-------------------------------------------------------------------
Thu Mar 22 2001 Scott Pakin <pakin@uiuc.edu>
Thu Mar 22 2001 - Scott Pakin <pakin@uiuc.edu>
- Initial release

4
fontforge.obsinfo Normal file
View File

@@ -0,0 +1,4 @@
name: fontforge
version: 20230101+git59.770356c9b
mtime: 1745220260
commit: 770356c9b52c003939a36ed3df711b08805efb3c

11
fontforge.spec
View File

@@ -17,21 +17,16 @@
Name: fontforge
Version: 20230101
Version: 20230101+git59.770356c9b
Release: 0
Summary: A Font Editor
License: GPL-3.0-or-later
URL: https://fontforge.org/
Source0: https://github.com/fontforge/fontforge/archive/%{version}.tar.gz
Source0: fontforge-20230101+git59.770356c9b.tar.zst
# workaround for bug 930076, imho upstream should fix this
# https://github.com/fontforge/fontforge/issues/2270
Patch0: fontforge-version.patch
Patch1: add-bitmap-transform-support.patch
# PATCH-FIX-UPSTREAM fontforge-CVE-2024-25081-CVE-2024-25082.patch CVE-2024-25081 CVE-2024-25082 bsc#1220404 bsc#1220405 qzhao@suse.com -- Fix Splinefont shell invocation.
Patch2: fontforge-CVE-2024-25081-CVE-2024-25082.patch
Patch3: https://github.com/fontforge/fontforge/commit/642d8a3db6d4bc0e70b429622fdf01ecb09c4c10.patch
# PATCH-FIX-UPSTREAM: taken from https://github.com/fontforge/fontforge/commit/8c75293e924602ed09a9481b0eeb67ba6c623a81
Patch4: use-sysconfig-not-distutils.patch
BuildRequires: cairo-devel
BuildRequires: cmake
BuildRequires: fdupes
@@ -51,7 +46,7 @@ BuildRequires: libxml2-devel
BuildRequires: pango-devel
BuildRequires: pkgconfig
BuildRequires: python3-Sphinx
BuildRequires: python3-devel
BuildRequires: python3-devel >= 3.8
BuildRequires: readline-devel
BuildRequires: update-desktop-files
BuildRequires: woff2-devel

54
use-sysconfig-not-distutils.patch
View File

@@ -1,54 +0,0 @@
From 8c75293e924602ed09a9481b0eeb67ba6c623a81 Mon Sep 17 00:00:00 2001
From: Maxim Iorsh <iorsh@users.sourceforge.net>
Date: Mon, 7 Oct 2024 11:44:00 +0300
Subject: [PATCH] Use sysconfig for Python module locations (#5423)
* Use sysconfig for Python module locations
* [TEMP] Use iorsh/fontforgebuilds repo
* [TEMP] Use iorsh/fontforgebuilds repo in Appveyor
* Update
* Revert "[TEMP] Use iorsh/fontforgebuilds repo in Appveyor"
This reverts commit 6fa80455b8b1e7cf43419c73e4de714f7925d9f8.
* test
* Cleanup
* test
* Removed debug prints
---------
Co-authored-by: Jeremy Tan <jtanx@outlook.com>
---
.github/workflows/main.yml | 24 +++++++++----------
.github/workflows/scripts/ffosxbuild.sh | 7 ++++--
.github/workflows/scripts/setup_linux_deps.sh | 2 +-
CMakeLists.txt | 6 -----
osx/CMakeLists.txt | 2 +-
pyhook/CMakeLists.txt | 5 +++-
6 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/pyhook/CMakeLists.txt b/pyhook/CMakeLists.txt
index dd48054aa7..53708f1099 100644
--- a/pyhook/CMakeLists.txt
+++ b/pyhook/CMakeLists.txt
@@ -20,8 +20,11 @@ target_link_libraries(psMat_pyhook PRIVATE Python3::Module)
# FindPython3 provides Python3_SITEARCH, but this is an absolute path
# So do it ourselves, getting the prefix-relative path instead
if(NOT DEFINED PYHOOK_INSTALL_DIR)
+ if(APPLE)
+ set(_PYHOOK_SYSCONFIG_PREFIX " 'posix_prefix',")
+ endif()
execute_process(
- COMMAND "${Python3_EXECUTABLE}" -c "import distutils.sysconfig as sc; print(sc.get_python_lib(prefix='', plat_specific=True,standard_lib=False))"
+ COMMAND "${Python3_EXECUTABLE}" -c "import sysconfig as sc; print(sc.get_path('platlib',${_PYHOOK_SYSCONFIG_PREFIX} vars={'platbase': '.'}))"
RESULT_VARIABLE _pyhook_install_dir_result
OUTPUT_VARIABLE PYHOOK_INSTALL_DIR
OUTPUT_STRIP_TRAILING_WHITESPACE)