Accepting request 348015 from X11:XOrg

- U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
  Negative DWIDTH is legal. This was broken by the fix for
  CVE-2015-1804. Fixed upstream with commit 1a73d6 (boo#958383).

OBS-URL: https://build.opensuse.org/request/show/348015
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libXfont?expand=0&rev=15

U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch

@@ -0,0 +1,37 @@
+From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Date: Mon Jul 13 14:43:06 2015 -0400
+Subject: [PATCH]bdfReadCharacters: Allow negative DWIDTH values
+Patch-mainline: Upstream
+Git-commit: 1a73d6828dfa03924f2d68644fb5b99afd9c78e2
+Git-repo: git://anongit.freedesktop.org/git/xorg/lib/libXfont
+References: boo#958383
+Signed-off-by: Egbert Eich <eich@suse.com>
+
+The fix for CVE-2015-1804 prevent DWIDTH to be negative.
+However, the spec states that "DWIDTH [...] is a vector indicating the
+position of the next glyph’s origin relative to the origin of this glyph."
+
+So negative values are correct.
+
+Found by trying to compile XTS.
+
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/bitmap/bdfread.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
+index a0ace8f..eccd7b7 100644
+--- a/src/bitmap/bdfread.c
++++ b/src/bitmap/bdfread.c
+@@ -426,7 +426,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
+ 	    goto BAILOUT;
+ 	}
+ 	/* xCharInfo metrics are stored as INT16 */
+-	if ((wx < 0) || (wx > INT16_MAX)) {
++	if ((wx < INT16_MIN) || (wx > INT16_MAX)) {
+ 	    bdfError("character '%s' has out of range width, %d\n",
+ 		     charName, wx);
+ 	    goto BAILOUT;

libXfont.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Dec  8 15:57:08 UTC 2015 - eich@suse.com
+
+- U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
+  Negative DWIDTH is legal. This was broken by the fix for
+  CVE-2015-1804. Fixed upstream with commit 1a73d6 (boo#958383).
+
 -------------------------------------------------------------------
 Wed Mar 18 09:23:04 UTC 2015 - sndirsch@suse.com
 

libXfont.spec

@@ -29,6 +29,7 @@ Url:            http://xorg.freedesktop.org/
 #Git-Web:	http://cgit.freedesktop.org/xorg/lib/libXfont/
 Source:         %{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
+Patch0:         U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:	autoconf >= 2.60, automake, libtool
 BuildRequires:  pkgconfig
@@ -82,6 +83,7 @@ in %lname.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --disable-static