Accepting request 55068 from home:jnweiger:branches:M17N

looks good thanks for the update OBS-URL: https://build.opensuse.org/request/show/55068 OBS-URL: https://build.opensuse.org/package/show/M17N/freetype2?expand=0&rev=40
2010-12-08 12:07:58 +00:00 · 2010-12-08 12:07:58 +00:00 · e3508cd4d6
commit e3508cd4d6
parent 1b3c9f4276
14 changed files with 148 additions and 39 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -23,3 +23,5 @@
 *.zst filter=lfs diff=lfs merge=lfs -text
 ## Specific LFS patterns
 bnc628213_test.otf filter=lfs diff=lfs merge=lfs -text
+bnc633938_badbdf.0 filter=lfs diff=lfs merge=lfs -text
+bug-641580_CVE-2010-3311.cff filter=lfs diff=lfs merge=lfs -text
--- a/bnc628213_1797.diff
+++ b/bnc628213_1797.diff
@ -1,5 +1,11 @@
--- freetype-2.4.1/src/cff/cffgload.c.orig	2010-07-15 18:26:45.000000000 +0200
-+++ freetype-2.4.1/src/cff/cffgload.c	2010-08-06 16:56:07.736041000 +0200
+---
+ src/cff/cffgload.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+Index: freetype-2.4.2/src/cff/cffgload.c
+===================================================================
+--- freetype-2.4.2.orig/src/cff/cffgload.c
+++ freetype-2.4.2/src/cff/cffgload.c
@@ -204,7 +204,7 @@
     2, /* hsbw */
     0,
--- a/bnc633938_badbdf.0
+++ b/bnc633938_badbdf.0
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fabd6513c25b7048c5401b745941d491b7f5f32c0c66a916b94a332756e0e207
+size 19964
--- a/bnc641580_CVE-2010-3311.diff
+++ b/bnc641580_CVE-2010-3311.diff
@ -0,0 +1,38 @@
+Index: freetype-2.4.2/src/base/ftstream.c
+===================================================================
+--- freetype-2.4.2.orig/src/base/ftstream.c
+++ freetype-2.4.2/src/base/ftstream.c
+@@ -70,8 +70,16 @@
+   {
+     FT_Error  error = FT_Err_Ok;
+ 
+    /* note that seeking to the first position after the file is valid */
+    if ( pos > stream->size )
+    {
+      FT_ERROR(( "FT_Stream_Seek:"
+                 " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
+                 pos, stream->size ));
+      error = FT_Err_Invalid_Stream_Operation;
+    }
+ 
+-    if ( stream->read )
+    if ( !error && stream->read )
+     {
+       if ( stream->read( stream, pos, 0, 0 ) )
+       {
+@@ -82,15 +90,6 @@
+         error = FT_Err_Invalid_Stream_Operation;
+       }
+     }
+-    /* note that seeking to the first position after the file is valid */
+-    else if ( pos > stream->size )
+-    {
+-      FT_ERROR(( "FT_Stream_Seek:"
+-                 " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
+-                 pos, stream->size ));
+-
+-      error = FT_Err_Invalid_Stream_Operation;
+-    }
+ 
+     if ( !error )
+       stream->pos = pos;
--- a/bug-641580_CVE-2010-3311.cff
+++ b/bug-641580_CVE-2010-3311.cff
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:11712ea61abedc4006c8fe7b446589e9c97fb9b117b4b6c13f0a4f22d2a1a62a
+size 7751
--- a/bugzilla-308961-cmex-workaround.patch
+++ b/bugzilla-308961-cmex-workaround.patch
@ -1,7 +1,11 @@
-Index: freetype-2.4.3/src/base/ftobjs.c
+---
+ src/base/ftobjs.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: freetype-2.4.2/src/base/ftobjs.c
 ===================================================================
--- freetype-2.4.3.orig/src/base/ftobjs.c	2010-10-29 15:58:01.000000000 +0200
-+++ freetype-2.4.3/src/base/ftobjs.c	2010-10-29 16:01:57.187258621 +0200
+--- freetype-2.4.2.orig/src/base/ftobjs.c
+++ freetype-2.4.2/src/base/ftobjs.c
@@ -2153,6 +2153,11 @@
 
     if ( FT_IS_SCALABLE( face ) )
--- a/fix-build.patch
+++ b/fix-build.patch
@ -1,7 +1,12 @@
-Index: freetype-2.4.3/autogen.sh
+---
+ autogen.sh                |    2 +-
+ builds/unix/configure.raw |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+Index: freetype-2.4.2/autogen.sh
 ===================================================================
--- freetype-2.4.3.orig/autogen.sh	2010-02-13 07:54:14.000000000 +0100
-+++ freetype-2.4.3/autogen.sh	2010-10-29 16:05:43.356557850 +0200
+--- freetype-2.4.2.orig/autogen.sh
+++ freetype-2.4.2/autogen.sh
@@ -150,7 +150,7 @@ sed -e "s;@VERSION@;$freetype_major$free
   < configure.raw > configure.ac
 
@ -11,10 +16,10 @@ Index: freetype-2.4.3/autogen.sh
 run autoconf --force
 
 chmod +x mkinstalldirs
-Index: freetype-2.4.3/builds/unix/configure.raw
+Index: freetype-2.4.2/builds/unix/configure.raw
 ===================================================================
--- freetype-2.4.3.orig/builds/unix/configure.raw	2010-10-03 20:34:42.000000000 +0200
-+++ freetype-2.4.3/builds/unix/configure.raw	2010-10-29 16:06:54.225383610 +0200
+--- freetype-2.4.2.orig/builds/unix/configure.raw
+++ freetype-2.4.2/builds/unix/configure.raw
@@ -650,7 +650,7 @@ AC_SUBST([FT2_EXTRA_LIBS])
 AC_SUBST([SYSTEM_ZLIB])
 
--- a/freetype2-bitmap-foundry.patch
+++ b/freetype2-bitmap-foundry.patch
@ -1,7 +1,11 @@
-Index: freetype-2.4.3/src/pcf/pcfread.c
+---
+ src/pcf/pcfread.c |   30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+
+Index: freetype-2.4.2/src/pcf/pcfread.c
 ===================================================================
--- freetype-2.4.3.orig/src/pcf/pcfread.c	2010-06-24 20:16:51.000000000 +0200
-+++ freetype-2.4.3/src/pcf/pcfread.c	2010-10-29 16:12:07.904258618 +0200
+--- freetype-2.4.2.orig/src/pcf/pcfread.c
+++ freetype-2.4.2/src/pcf/pcfread.c
@@ -1175,8 +1175,34 @@ THE SOFTWARE.
       prop = pcf_find_property( face, "FAMILY_NAME" );
       if ( prop && prop->isString )
--- a/freetype2.changes
+++ b/freetype2.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Dec  7 17:53:52 UTC 2010 - jw@novell.com
+
+- several old patches got lost, reapplying:
+  * added bnc641580_CVE-2010-3311.diff for bnc#641580
+  * bnc633943_CVE-2010-3054 nothing to do. 
+  * bnc633938_CVE-2010-3053 nothing to do. 
+
 -------------------------------------------------------------------
 Mon Dec  6 01:34:41 UTC 2010 - cristian.rodriguez@opensuse.org

--- a/freetype2.spec
+++ b/freetype2.spec
@ -48,6 +48,8 @@ Patch200:       freetype2-subpixel.patch
 Patch201:       use_unix.diff 

 Patch1000:      bnc628213_1797.diff
+Patch1015:	bnc641580_CVE-2010-3311.diff
+Source1015:     bug-641580_CVE-2010-3311.cff

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -112,6 +114,10 @@ It also contains a small tutorial for using that library.
 #%patch1008 -p1
 #%patch1009 -p1
 #%patch1010 -p1
+# bnc633938_CVE-2010-3053.diff
+#%patch1013 -p1
+# bnc641580_CVE-2010-3311.diff
+%patch1015 -p1

 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
--- a/ft2-stream-compat.diff
+++ b/ft2-stream-compat.diff
@ -1,7 +1,11 @@
-Index: freetype-2.4.3/src/base/ftstream.c
+---
+ src/base/ftstream.c |   58 ++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 56 insertions(+), 2 deletions(-)
+
+Index: freetype-2.4.2/src/base/ftstream.c
 ===================================================================
--- freetype-2.4.3.orig/src/base/ftstream.c	2010-08-04 15:52:01.000000000 +0200
-+++ freetype-2.4.3/src/base/ftstream.c	2010-10-29 16:41:31.418258733 +0200
+--- freetype-2.4.2.orig/src/base/ftstream.c
+++ freetype-2.4.2/src/base/ftstream.c
@@ -44,6 +44,17 @@
     stream->close  = 0;
   }
@ -56,26 +60,27 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Error )
   FT_Stream_ExtractFrame( FT_Stream  stream,
-@@ -210,6 +229,8 @@
+@@ -210,7 +229,9 @@
     return error;
   }
 
+-
 +  FT_BASE_DEF( FT_Error )
 +  FT_Extract_Frame( FT_Stream, FT_ULong, FT_Byte** ) __attribute__((weak, alias("FT_Stream_ExtractFrame")));
- 
+ 
   FT_BASE_DEF( void )
   FT_Stream_ReleaseFrame( FT_Stream  stream,
-@@ -229,6 +250,9 @@
+                           FT_Byte**  pbytes )
+@@ -229,6 +250,8 @@
     *pbytes = 0;
   }
 
 +  FT_BASE_DEF( void )
 +  FT_Release_Frame( FT_Stream, FT_Byte** ) __attribute__((weak, alias("FT_Stream_ReleaseFrame")));
-+	 
 
   FT_BASE_DEF( FT_Error )
   FT_Stream_EnterFrame( FT_Stream  stream,
-@@ -307,6 +331,8 @@
+@@ -307,6 +330,8 @@
     return error;
   }
 
@ -84,7 +89,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( void )
   FT_Stream_ExitFrame( FT_Stream  stream )
-@@ -337,6 +363,8 @@
+@@ -337,6 +362,8 @@
     stream->limit  = 0;
   }
 
@ -93,7 +98,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Char )
   FT_Stream_GetChar( FT_Stream  stream )
-@@ -353,6 +381,8 @@
+@@ -353,6 +380,8 @@
     return result;
   }
 
@ -102,7 +107,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Short )
   FT_Stream_GetShort( FT_Stream  stream )
-@@ -372,6 +402,8 @@
+@@ -372,6 +401,8 @@
     return result;
   }
 
@ -111,7 +116,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Short )
   FT_Stream_GetShortLE( FT_Stream  stream )
-@@ -391,6 +423,8 @@
+@@ -391,6 +422,8 @@
     return result;
   }
 
@ -120,7 +125,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Long )
   FT_Stream_GetOffset( FT_Stream  stream )
-@@ -409,6 +443,8 @@
+@@ -409,6 +442,8 @@
     return result;
   }
 
@ -129,7 +134,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Long )
   FT_Stream_GetLong( FT_Stream  stream )
-@@ -427,6 +463,8 @@
+@@ -427,6 +462,8 @@
     return result;
   }
 
@ -138,7 +143,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Long )
   FT_Stream_GetLongLE( FT_Stream  stream )
-@@ -445,6 +483,8 @@
+@@ -445,6 +482,8 @@
     return result;
   }
 
@ -147,7 +152,7 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Char )
   FT_Stream_ReadChar( FT_Stream  stream,
-@@ -482,6 +522,8 @@
+@@ -482,6 +521,8 @@
     return 0;
   }
 
@ -156,12 +161,13 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Short )
   FT_Stream_ReadShort( FT_Stream  stream,
-@@ -529,6 +571,8 @@
+@@ -529,6 +570,9 @@
     return 0;
   }
 
 +  FT_BASE_DEF( FT_Short )
 +  FT_Read_Short( FT_Stream, FT_Error* ) __attribute__((weak, alias("FT_Stream_ReadShort")));
+
 
   FT_BASE_DEF( FT_Short )
   FT_Stream_ReadShortLE( FT_Stream  stream,
@ -192,16 +198,17 @@ Index: freetype-2.4.3/src/base/ftstream.c
 
   FT_BASE_DEF( FT_Long )
   FT_Stream_ReadLongLE( FT_Stream  stream,
-@@ -717,6 +767,8 @@
+@@ -717,6 +767,9 @@
     return 0;
   }
 
 +  FT_BASE_DEF( FT_Long )
 +  FT_Read_LongLE( FT_Stream, FT_Error* ) __attribute__((weak, alias("FT_Stream_ReadLongLE")));
+
 
   FT_BASE_DEF( FT_Error )
   FT_Stream_ReadFields( FT_Stream              stream,
-@@ -860,5 +912,6 @@
+@@ -860,5 +913,6 @@
     return error;
   }
 
--- a/ft2demos.changes
+++ b/ft2demos.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Dec  7 17:52:34 UTC 2010 - jw@novell.com
+
+- Several old patches got lost. Reapplying:
+ * added bnc641580_CVE-2010-3311.diff incl. test-case for bnc#641580
+ * bnc633943_CVE-2010-3054 nothing to do.
+ * bnc633938_CVE-2010-3053 nothing to do.
+ * bnc633938_badbdf.0 regression test added.
+
 -------------------------------------------------------------------
 Fri Oct 29 16:25:22 UTC 2010 - fisiu@opensuse.org

--- a/ft2demos.spec
+++ b/ft2demos.spec
@ -47,6 +47,9 @@ Patch201:       use_unix.diff
 Patch1000:      bnc628213_1797.diff
 Source1000:     bnc628213_test.otf
 Source1004:     bnc629447_sigsegv31.ttf
+Source1013:	bnc633938_badbdf.0
+Patch1015:	bnc641580_CVE-2010-3311.diff
+Source1015:     bug-641580_CVE-2010-3311.cff

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -87,6 +90,10 @@ pushd ../ft2demos-%{version}
 #%patch1011 -p1
 #%patch1012 -p1
 popd
+# bnc633938_CVE-2010-3053.diff
+#%patch1013 -p1
+# bnc641580_CVE-2010-3311.diff
+%patch1015 -p1

 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
@ -120,6 +127,8 @@ popd
 %check
 $RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1000}
 $RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1004} |& grep -v "couldn't load font resource" && echo "should fail"
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1013} |& grep -v "couldn't load font resource" && echo "should fail"
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1015} |& grep -v "couldn't load font resource" && echo "should fail"

 %clean

--- a/use_unix.diff
+++ b/use_unix.diff
@ -1,7 +1,12 @@
-Index: freetype-2.4.3/builds/toplevel.mk
+---
+ builds/toplevel.mk    |    2 +-
+ builds/unix/detect.mk |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+Index: freetype-2.4.2/builds/toplevel.mk
 ===================================================================
--- freetype-2.4.3.orig/builds/toplevel.mk	2010-07-12 00:33:23.000000000 +0200
-+++ freetype-2.4.3/builds/toplevel.mk	2010-10-29 16:19:37.525259301 +0200
+--- freetype-2.4.2.orig/builds/toplevel.mk
+++ freetype-2.4.2/builds/toplevel.mk
@@ -120,7 +120,7 @@ ifdef check_platform
   #
   # Note: This test is duplicated in `builds/unix/detect.mk'.
@ -11,10 +16,10 @@ Index: freetype-2.4.3/builds/toplevel.mk
                      $(wildcard /usr/sbin/init) \
                      $(wildcard /hurd/auth))
   ifneq ($(is_unix),)
-Index: freetype-2.4.3/builds/unix/detect.mk
+Index: freetype-2.4.2/builds/unix/detect.mk
 ===================================================================
--- freetype-2.4.3.orig/builds/unix/detect.mk	2009-03-14 14:45:26.000000000 +0100
-+++ freetype-2.4.3/builds/unix/detect.mk	2010-10-29 16:20:02.456789596 +0200
+--- freetype-2.4.2.orig/builds/unix/detect.mk
+++ freetype-2.4.2/builds/unix/detect.mk
@@ -18,7 +18,7 @@ ifeq ($(PLATFORM),ansi)
 
   # Note: this test is duplicated in "builds/toplevel.mk".