Updating link to change in openSUSE:Factory/freetype2 revision 28.0

OBS-URL: https://build.opensuse.org/package/show/M17N/freetype2?expand=0&rev=511721564890c158528fd1cf42ff27eb
2010-08-13 21:59:21 +00:00 · 2010-08-13 21:59:21 +00:00 · 2518a636eb
commit 2518a636eb
parent 0408452f0b
14 changed files with 130 additions and 13 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -21,3 +21,5 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+## Specific LFS patterns
+bnc628213_test.otf filter=lfs diff=lfs merge=lfs -text
--- a/bnc628213_1797.diff
+++ b/bnc628213_1797.diff
@ -0,0 +1,30 @@
+--- freetype-2.4.1/src/cff/cffgload.c.orig	2010-07-15 18:26:45.000000000 +0200
+++ freetype-2.4.1/src/cff/cffgload.c	2010-08-06 16:56:07.736041000 +0200
+@@ -204,7 +204,7 @@
+     2, /* hsbw */
+     0,
+     0,
+-    0,
+    1,
+     5, /* seac */
+     4, /* sbw */
+     2  /* setcurrentpoint */
+@@ -2041,6 +2041,9 @@
+             if ( Rand >= 0x8000L )
+               Rand++;
+ 
+	    if ( args - stack >= CFF_MAX_OPERANDS )
+	      goto Stack_Overflow;
+
+             args[0] = Rand;
+             seed    = FT_MulFix( seed, 0x10000L - seed );
+             if ( seed == 0 )
+@@ -2166,6 +2169,8 @@
+         case cff_op_dup:
+           FT_TRACE4(( " dup\n" ));
+ 
+	  if ( args + 1 - stack >= CFF_MAX_OPERANDS )
+	    goto Stack_Overflow;
+           args[1] = args[0];
+           args += 2;
+           break;
--- a/bnc628213_test.otf
+++ b/bnc628213_test.otf
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:291c5cbd0b5d1742ac5637a53fa3be8fb63a6dcbb12423e160bc2724b645636a
+size 40029
--- a/bnc629447_sigsegv31.ttf
+++ b/bnc629447_sigsegv31.ttf
--- a/freetype-2.4.1.tar.bz2
+++ b/freetype-2.4.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:45c954e96f52737c0cc62e9a538a4df850c7d1dd73fb25ffe131ae7cb899be3e
-size 1432560
--- a/freetype-2.4.2.tar.bz2
+++ b/freetype-2.4.2.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9a987aef8c50d9bcfdfdc9f012f8bd0de6095cc1a5524e62c1a037deb8dacbfe
+size 1433843
--- a/freetype-doc-2.4.1.tar.bz2
+++ b/freetype-doc-2.4.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7c65e143f81a419c80812b4caf71d5b56b9e15c7dfa08ef4261dff89e67bc7ef
-size 104273
--- a/freetype-doc-2.4.2.tar.bz2
+++ b/freetype-doc-2.4.2.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6d40093c0bbb6f182120524f36a3099e925a87458ecca38c71dc447325191774
+size 104322
--- a/freetype2.changes
+++ b/freetype2.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Aug 12 09:43:18 UTC 2010 - jw@novell.com
+
+- bnc#628213: added bnc628213_1797.diff
+- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2
+- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito.
+
+-------------------------------------------------------------------
+Mon Aug  9 12:48:18 CEST 2010 - tiwai@suse.de
+
+- updated to version 2.4.2:
+  Another serious bug in the CFF font module has been found,
+  together with more exploitable vulnerabilities in the T42 font
+  driver. 
+
 -------------------------------------------------------------------
 Tue Jul 20 17:50:44 CEST 2010 - tiwai@suse.de

--- a/freetype2.spec
+++ b/freetype2.spec
@ -1,5 +1,5 @@
 #
-# spec file for package freetype2 (Version 2.4.1)
+# spec file for package freetype2 (Version 2.4.2)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -28,7 +28,7 @@ AutoReqProv:    on
 Obsoletes:      freetype2-64bit
 %endif
 #
-Version:        2.4.1
+Version:        2.4.2
 Release:        1
 Url:            http://www.freetype.org
 Summary:        A TrueType Font Library
@ -45,6 +45,9 @@ Patch9:         fix-build.patch
 Patch308961:    bugzilla-308961-cmex-workaround.patch
 Patch200:       freetype2-subpixel.patch
 Patch201:       use_unix.diff 
+
+Patch1000:      bnc628213_1797.diff
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -92,6 +95,22 @@ It also contains a small tutorial for using that library.
 %patch200 -p 1 -b .subpixel
 %endif
 %patch201 -p1
+
+# bnc628213_1797.diff
+%patch1000 -p1	
+# bnc629447_CVE-2010-2805..8.diff
+#%patch1001 -p1	
+#%patch1002 -p1	
+#%patch1003 -p1	
+#%patch1004 -p1	
+# bnc619562_CVE-2010-2497..2541.diff
+#%patch1005 -p1
+#%patch1006 -p1
+#%patch1007 -p1
+#%patch1008 -p1
+#%patch1009 -p1
+#%patch1010 -p1
+
 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
 cp /usr/share/automake*/config.{guess,sub} builds/unix
--- a/ft2demos-2.4.1.tar.bz2
+++ b/ft2demos-2.4.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f4820605e177d2807af2ba05a436452749890f1d955629e817eb8a0cc30571ed
-size 161184
--- a/ft2demos-2.4.2.tar.bz2
+++ b/ft2demos-2.4.2.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:95453d269d338fc93b74a6cbc5f4a3ec55a008d14478b15c8ff13cf388ece3fc
+size 161201
--- a/ft2demos.changes
+++ b/ft2demos.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Aug 12 09:53:12 UTC 2010 - jw@novell.com
+
+- bnc#628213: added bnc628213_1797.diff + regression test
+- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2
+- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito.
+  added sigsegv31.ttf regression test
+
+-------------------------------------------------------------------
+Mon Aug  9 12:48:18 CEST 2010 - tiwai@suse.de
+
+- updated to version 2.4.2:
+  Another serious bug in the CFF font module has been found,
+  together with more exploitable vulnerabilities in the T42 font
+  driver.
+
 -------------------------------------------------------------------
 Tue Jul 20 17:50:44 CEST 2010 - tiwai@suse.de

--- a/ft2demos.spec
+++ b/ft2demos.spec
@ -1,5 +1,5 @@
 #
-# spec file for package ft2demos (Version 2.4.1)
+# spec file for package ft2demos (Version 2.4.2)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -24,7 +24,7 @@ License:        GPLv2+
 Group:          Productivity/Publishing/Other
 AutoReqProv:    on
 Supplements:    fonts-config
-Version:        2.4.1
+Version:        2.4.2
 Release:        1
 %define freetype_version %{version}
 Url:            http://www.freetype.org
@ -43,6 +43,11 @@ Patch308961:    bugzilla-308961-cmex-workaround.patch
 Patch50:        ft2demos-build-testname.patch
 Patch200:       freetype2-subpixel.patch
 Patch201:       use_unix.diff
+
+Patch1000:      bnc628213_1797.diff
+Source1000:     bnc628213_test.otf
+Source1004:     bnc629447_sigsegv31.ttf
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -63,6 +68,26 @@ popd
 %patch200 -p 1 -b .subpixel
 %endif
 %patch201 -p1
+
+# bnc628213_1797.diff
+%patch1000 -p1		
+# bnc629447_CVE-2010-2805..8.diff
+#%patch1001 -p1	
+#%patch1002 -p1	
+#%patch1003 -p1	
+#%patch1004 -p1	
+# bnc619562_CVE-2010-2497..2541.diff
+#%patch1005 -p1
+#%patch1006 -p1
+#%patch1007 -p1
+#%patch1008 -p1
+#%patch1009 -p1
+#%patch1010 -p1
+pushd ../ft2demos-%{version}
+#%patch1011 -p1
+#%patch1012 -p1
+popd
+
 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
 cp /usr/share/automake*/config.{guess,sub} builds/unix
@ -92,6 +117,10 @@ pushd ../ft2demos-%{version}/bin/.libs
    install -m 755 ft* $RPM_BUILD_ROOT%{_bindir}
 popd

+%check
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1000}
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1004} |& grep -v "couldn't load font resource" && echo "should fail"
+
 %clean

 %files