Accepting request 311565 from M17N

1

OBS-URL: https://build.opensuse.org/request/show/311565
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freetype2?expand=0&rev=69

freetype-2.5.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:387bcc4b780b12484aa2ec9f7db1a55d8286eb5639f45fbc0fbba7a4e5a1afb9
-size 1714529

freetype-2.6.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8469fb8124764f85029cc8247c31e132a2c5e51084ddce2a44ea32ee4ae8347e
+size 1726219

freetype-doc-2.5.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:68becbae3578a8101e9f3c55f10e435fb75535011d3f7a523719371e86e368e7
-size 108133

freetype-doc-2.6.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4868ec0b2b6890a1db296b00ce302ebf311b93b08aabd7ffca902e9c16b3e470
+size 477177

freetype2.changes

@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Thu Jun 11 08:54:13 UTC 2015 - idonmez@suse.com
+
+- Update to version 2.6
+  * Thread safety improvements
+  * Thai script support has been added to the auto-hinter.
+  * Arabic script support has been added to the auto-hinter.
+  * Following OpenType version 1.7,  advance widths and side bearing
+    values in  CFFs (wrapped  in an SFNT  structure) are  now always
+    taken from the `hmtx' table.
+  * Following OpenType  version 1.7, the  PostScript font name  of a
+    CFF font (wrapped in an SFNT structure) is now always taken from
+    the `name'  table.  This is  also true for  OpenType Collections
+    (i.e., TTCs using  CFFs subfonts instead of TTFs),  where it may
+    have a significant difference.
+  * Fonts natively hinted for  ClearType are now supported, properly
+    handling selector index 3 of the INSTCTRL bytecode instruction.
+  * Major improvements to the GX TrueType variation font handling.
+
+-------------------------------------------------------------------
+Tue Jun  9 08:18:50 UTC 2015 - fstrba@suse.com
+
+- Merge with the version 2.5.5 from openSUSE:Factory
+- Removed patches:
+  * CVE-2014-9656.patch
+  * CVE-2014-9657.patch
+  * CVE-2014-9658.patch
+  * CVE-2014-9659.patch
+  * CVE-2014-9660.patch
+  * CVE-2014-9661.patch
+  * CVE-2014-9662.patch
+  * CVE-2014-9663.patch
+  * CVE-2014-9664.patch
+  * CVE-2014-9665.patch
+  * CVE-2014-9666.patch
+  * CVE-2014-9667.patch
+  * CVE-2014-9668.patch
+  * CVE-2014-9669.patch
+  * CVE-2014-9670.patch
+  * CVE-2014-9671.patch
+  * CVE-2014-9672.patch
+  * CVE-2014-9673.patch
+  * CVE-2014-9674.patch
+  * CVE-2014-9675.patch
+    - Integrated in the 2.5.5 release
+- Modified patches:
+  * don-t-mark-libpng-as-required-library.patch
+  * bugzilla-308961-cmex-workaround.patch
+  * freetype2-subpixel.patch
+  * freetype2-bitmap-foundry.patch
+  * overflow.patch
+    - Adapt to the new version of sources
+
+-------------------------------------------------------------------
+Wed Jun  3 08:14:53 UTC 2015 - fstrba@suse.com
+
+- Modified patch:
+  * CVE-2014-9671.patch
+    - Adapt the code to correspond to the current git master of
+      freetype2 (fixes bsc#933247)
+
 -------------------------------------------------------------------
 Fri Apr 10 07:34:20 UTC 2015 - fstrba@suse.com
 
@@ -6,6 +67,35 @@ Fri Apr 10 07:34:20 UTC 2015 - fstrba@suse.com
   applied.
 - Run spec-cleaner on the spec file.
 
+-------------------------------------------------------------------
+Fri Feb 20 10:13:37 UTC 2015 - nadvornik@suse.com
+
+- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857,
+  bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862,
+  bnc#916863, bnc#916864, bnc#916865, bnc#916867, bnc#916868,
+  bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874,
+  bnc#916879, bnc#916881)
+  - CVE-2014-9656.patch
+  - CVE-2014-9657.patch
+  - CVE-2014-9658.patch
+  - CVE-2014-9659.patch
+  - CVE-2014-9660.patch
+  - CVE-2014-9661.patch
+  - CVE-2014-9662.patch
+  - CVE-2014-9663.patch
+  - CVE-2014-9664.patch
+  - CVE-2014-9665.patch
+  - CVE-2014-9666.patch
+  - CVE-2014-9667.patch
+  - CVE-2014-9668.patch
+  - CVE-2014-9669.patch
+  - CVE-2014-9670.patch
+  - CVE-2014-9671.patch
+  - CVE-2014-9672.patch
+  - CVE-2014-9673.patch
+  - CVE-2014-9674.patch
+  - CVE-2014-9675.patch
+
 -------------------------------------------------------------------
 Sat Jan  3 22:58:50 UTC 2015 - hrvoje.senjan@gmail.com
 
@@ -69,6 +159,12 @@ Mon Dec  8 15:43:58 UTC 2014 - hrvoje.senjan@gmail.com
   http://savannah.nongnu.org/bugs/?43774, "Freetype 2.5.4 does not
   load ungzipped PCF fonts"
 
+-------------------------------------------------------------------
+Thu Mar 27 09:57:06 UTC 2014 - nadvornik@suse.com
+
+- get 2.5.3 from Factory as it fixes 
+  CVE-2014-2240 CVE-2014-2241 (bnc#867620)
+
 -------------------------------------------------------------------
 Thu Mar 13 03:14:26 UTC 2014 - hrvoje.senjan@gmail.com
 

freetype2.spec

@@ -17,9 +17,9 @@
 
 
 #
-%define doc_version 2.5.5
+%define doc_version 2.6
 Name:           freetype2
-Version:        2.5.5
+Version:        2.6
 Release:        0
 Summary:        A TrueType Font Library
 License:        SUSE-Freetype or GPL-2.0+

ft2demos-2.5.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b87c7deb5d9b1fddb8520c091a5491cc63ecac4de25139e1da38aebee82195ea
-size 182006

ft2demos-2.6.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f8f4bc2a2e76e0dbe61838e452c5a7daf1d4bd9dfa44691940bf308f776d32b6
+size 190240

ft2demos.changes

@@ -1,8 +1,91 @@
+-------------------------------------------------------------------
+Thu Jun 11 08:56:22 UTC 2015 - idonmez@suse.com
+
+- Update to version 2.6
+  * ftgrid can now display GX and MM fonts.
+  * Anti-aliasing rendering  modes can now be  selected (with keys
+    F5 and F6).
+  * The display of point numbers can be toggled with key `D'.
+  * ftdump now display information on MM and GX variation axes.
+  * ftmulti can now handle up  to six MM  or GX axes.
+- Refresh overflow.patch
+
+-------------------------------------------------------------------
+Tue Jun  9 08:18:50 UTC 2015 - fstrba@suse.com
+
+- Merge with the version 2.5.5 from openSUSE:Factory
+- Removed patches:
+  * CVE-2014-9656.patch
+  * CVE-2014-9657.patch
+  * CVE-2014-9658.patch
+  * CVE-2014-9659.patch
+  * CVE-2014-9660.patch
+  * CVE-2014-9661.patch
+  * CVE-2014-9662.patch
+  * CVE-2014-9663.patch
+  * CVE-2014-9664.patch
+  * CVE-2014-9665.patch
+  * CVE-2014-9666.patch
+  * CVE-2014-9667.patch
+  * CVE-2014-9668.patch
+  * CVE-2014-9669.patch
+  * CVE-2014-9670.patch
+  * CVE-2014-9671.patch
+  * CVE-2014-9672.patch
+  * CVE-2014-9673.patch
+  * CVE-2014-9674.patch
+  * CVE-2014-9675.patch
+    - Integrated in the 2.5.5 release
+- Modified patches:
+  * don-t-mark-libpng-as-required-library.patch
+  * bugzilla-308961-cmex-workaround.patch
+  * freetype2-subpixel.patch
+  * freetype2-bitmap-foundry.patch
+  * overflow.patch
+    - Adapt to the new version of sources
+
+-------------------------------------------------------------------
+Wed Jun  3 08:14:53 UTC 2015 - fstrba@suse.com
+
+- Modified patch:
+  * CVE-2014-9671.patch
+    - Adapt the code to correspond to the current git master of
+      freetype2 (fixes bsc#933247)
+
 -------------------------------------------------------------------
 Fri Apr 10 07:34:20 UTC 2015 - fstrba@suse.com
 
 - Run spec-cleaner on the spec file.
 
+-------------------------------------------------------------------
+Fri Feb 20 10:13:37 UTC 2015 - nadvornik@suse.com
+
+- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857,
+  bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862,
+  bnc#916863, bnc#916864, bnc#916865, bnc#916867, bnc#916868,
+  bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874,
+  bnc#916879, bnc#916881)
+  - CVE-2014-9656.patch
+  - CVE-2014-9657.patch
+  - CVE-2014-9658.patch
+  - CVE-2014-9659.patch
+  - CVE-2014-9660.patch
+  - CVE-2014-9661.patch
+  - CVE-2014-9662.patch
+  - CVE-2014-9663.patch
+  - CVE-2014-9664.patch
+  - CVE-2014-9665.patch
+  - CVE-2014-9666.patch
+  - CVE-2014-9667.patch
+  - CVE-2014-9668.patch
+  - CVE-2014-9669.patch
+  - CVE-2014-9670.patch
+  - CVE-2014-9671.patch
+  - CVE-2014-9672.patch
+  - CVE-2014-9673.patch
+  - CVE-2014-9674.patch
+  - CVE-2014-9675.patch
+
 -------------------------------------------------------------------
 Sat Jan  3 22:58:50 UTC 2015 - hrvoje.senjan@gmail.com
 
@@ -66,6 +149,12 @@ Mon Dec  8 15:43:58 UTC 2014 - hrvoje.senjan@gmail.com
   http://savannah.nongnu.org/bugs/?43774, "Freetype 2.5.4 does not
   load ungzipped PCF fonts"
 
+-------------------------------------------------------------------
+Wed May  7 14:41:16 CEST 2014 - ro@suse.de
+
+- mark bnc628213_test.otf as NoSource to avoid triggering
+  clamav check 
+
 -------------------------------------------------------------------
 Thu Mar 13 03:14:26 UTC 2014 - hrvoje.senjan@gmail.com
 

ft2demos.spec

@@ -16,9 +16,9 @@
 #
 
 
-%define freetype_version 2.5.5
+%define freetype_version 2.6
 Name:           ft2demos
-Version:        2.5.5
+Version:        2.6
 Release:        0
 Summary:        Freetype2 Utilities and Demo Programs
 License:        GPL-2.0+
@@ -41,6 +41,8 @@ BuildRequires:  libpng-devel
 BuildRequires:  xorg-x11-devel
 Supplements:    fonts-config
 Conflicts:      dtc
+# silence our clamav check
+NoSource:       1000
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description

overflow.patch

@@ -1,6 +1,8 @@
---- ft2demos-2.5.4/src/ttdebug.c	2014-05-11 12:50:48.876613439 +0200
-+++ ft2demos-2.5.4.new/src/ttdebug.c	2014-12-08 16:39:09.744778704 +0100
-@@ -1905,11 +1905,11 @@
+Index: ft2demos-2.6/src/ttdebug.c
+===================================================================
+--- ft2demos-2.6.orig/src/ttdebug.c
++++ ft2demos-2.6/src/ttdebug.c
+@@ -1910,11 +1910,11 @@
  
        FT_Library_Version( library, &major, &minor, &patch );
  
@@ -9,8 +11,8 @@
                           "ttdebug (FreeType) %d.%d",
                           major, minor );
        if ( patch )
--        offset = snprintf( version_string + offset, 64 - offset,
-+        offset = snprintf( version_string + offset, sizeof(version_string) - offset,
+-        offset = snprintf( version_string + offset, (size_t)( 64 - offset ),
++        offset = snprintf( version_string + offset, (size_t)( sizeof(version_string) - offset ),
                             ".%d",
                             patch );
      }