printing/fontforge
SHA256
5
0
Fork 0
forked from pool/fontforge
Code Pull Requests Activity

Compare commits

base: printing:main
Branches Tags
printing:main printing:slfo-1.2 printing:slfo-main pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: printing:slfo-1.2
Branches Tags
printing:main printing:slfo-1.2 printing:slfo-main pool:factory pool:slfo-1.2 pool:slfo-main

2 Commits
main ... slfo-1.2

Author SHA256 Message Date
Ana Guerrero
0a5fbba259 Accepting request 1226063 from M17N 
OBS-URL: https://build.opensuse.org/request/show/1226063
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fontforge?expand=0&rev=59
 2024-11-25 22:19:45 +00:00
Takashi Iwai
673c75694f - add use-sysconfig-not-distutils.patch: fix build with python 3.13 
* Merge/Simplify improvements
- drop fix-return-statement.patch. obsolete
- updated to 20161005 [bsc#1014793]:
  * This release introduces a new icon set, new functionality for
    custom icon selection graphics, support for GlyphOrderAndAliasDB
    typefaces, stroke expansion, handling of CID ranges, and the
- updated to 20150824: This fixes a few bugs, including some in
  U. F. O. kerning classes and FreeType rasterization, and adds
- updated to 20150430: this release includes a few bug fixes,
- also repackage the broken gnulib links to fix build with
  * fixes a few crashes, enhances round-tripping of information in
- remove %requires_ge libpng16-16 as it seems fontforge is not so
- %requires_ge libpng16-16 to avoid
  * removed obsolete fontforge-missing-closedir.diff
  * removed obsolete libpng14.diff
  * Fix various error messages.
  * Remove some obsolete documentation.
  * Technical fixes to stroking code.
  * FontForge was using the wrong MIME type for svg files.
    W3C has changed it and it's now "image/svg+xml" not
  * etc. on
- fix -devel package dependencies
- remove BuildPreRequires
- fix gcc warning for strncat
- install icon

OBS-URL: https://build.opensuse.org/package/show/M17N/fontforge?expand=0&rev=94
 2024-11-24 09:08:01 +00:00
10 changed files with 9042 additions and 113 deletions
Expand all files Collapse all files

BIN
20230101.tar.gz LFS Normal file
View File

Binary file not shown.

8803
642d8a3db6d4bc0e70b429622fdf01ecb09c4c10.patch Normal file
View File

File diff suppressed because it is too large Load Diff

17
_service
View File

@@ -1,17 +0,0 @@
<?xml version="1.0"?>
<services>
<service name="obs_scm" mode="manual">
<param name="scm">git</param>
<param name="url">https://github.com/fontforge/fontforge.git</param>
<param name="revision">master</param>
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="changesgenerate">enable</param>
</service>
<service name="tar" mode="buildtime"/>
<service name="recompress" mode="buildtime">
<param name="file">*.tar</param>
<param name="compression">zst</param>
</service>
<service name="set_version" mode="manual" />
</services>

4
_servicedata
View File

@@ -1,4 +0,0 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/fontforge/fontforge.git</param>
<param name="changesrevision">770356c9b52c003939a36ed3df711b08805efb3c</param></service></servicedata>

3
fontforge-20230101+git59.770356c9b.obscpio
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:215082d941d21a78503cb5beaadd25e543270b6429f96bc69c9cd2a16e8af0ad
size 51817486

172
fontforge-CVE-2024-25081-CVE-2024-25082.patch Normal file
View File

@@ -0,0 +1,172 @@
commit 216eb14b558df344b206bf82e2bdaf03a1f2f429 (HEAD -> 216eb14b558df344b206bf82e2bdaf03a1f2f429_CVE-2024-25081_CVE-2024-25082)
Author: Peter Kydas <pk@canva.com>
Date: Tue Feb 6 20:03:04 2024 +1100
fix splinefont shell command injection (#5367)
diff -Nura fontforge-20230101/fontforge/splinefont.c fontforge-20230101_new/fontforge/splinefont.c
--- fontforge-20230101/fontforge/splinefont.c 2023-01-01 13:25:21.000000000 +0800
+++ fontforge-20230101_new/fontforge/splinefont.c 2024-03-04 21:23:26.813893591 +0800
@@ -788,11 +788,14 @@
char *Unarchive(char *name, char **_archivedir) {
char *dir = getenv("TMPDIR");
- char *pt, *archivedir, *listfile, *listcommand, *unarchivecmd, *desiredfile;
+ char *pt, *archivedir, *listfile, *desiredfile;
char *finalfile;
int i;
int doall=false;
static int cnt=0;
+ gchar *command[5];
+ gchar *stdoutresponse = NULL;
+ gchar *stderrresponse = NULL;
*_archivedir = NULL;
@@ -827,18 +830,30 @@
listfile = malloc(strlen(archivedir)+strlen("/" TOC_NAME)+1);
sprintf( listfile, "%s/" TOC_NAME, archivedir );
- listcommand = malloc( strlen(archivers[i].unarchive) + 1 +
- strlen( archivers[i].listargs) + 1 +
- strlen( name ) + 3 +
- strlen( listfile ) +4 );
- sprintf( listcommand, "%s %s %s > %s", archivers[i].unarchive,
- archivers[i].listargs, name, listfile );
- if ( system(listcommand)!=0 ) {
- free(listcommand); free(listfile);
- ArchiveCleanup(archivedir);
-return( NULL );
+ command[0] = archivers[i].unarchive;
+ command[1] = archivers[i].listargs;
+ command[2] = name;
+ command[3] = NULL; // command args need to be NULL-terminated
+
+ if ( g_spawn_sync(
+ NULL,
+ command,
+ NULL,
+ G_SPAWN_SEARCH_PATH,
+ NULL,
+ NULL,
+ &stdoutresponse,
+ &stderrresponse,
+ NULL,
+ NULL
+ ) == FALSE) { // did not successfully execute
+ ArchiveCleanup(archivedir);
+ return( NULL );
}
- free(listcommand);
+ // Write out the listfile to be read in later
+ FILE *fp = fopen(listfile, "wb");
+ fwrite(stdoutresponse, strlen(stdoutresponse), 1, fp);
+ fclose(fp);
desiredfile = ArchiveParseTOC(listfile, archivers[i].ars, &doall);
free(listfile);
@@ -847,22 +862,28 @@
return( NULL );
}
- /* I tried sending everything to stdout, but that doesn't work if the */
- /* output is a directory file (ufo, sfdir) */
- unarchivecmd = malloc( strlen(archivers[i].unarchive) + 1 +
- strlen( archivers[i].listargs) + 1 +
- strlen( name ) + 1 +
- strlen( desiredfile ) + 3 +
- strlen( archivedir ) + 30 );
- sprintf( unarchivecmd, "( cd %s ; %s %s %s %s ) > /dev/null", archivedir,
- archivers[i].unarchive,
- archivers[i].extractargs, name, doall ? "" : desiredfile );
- if ( system(unarchivecmd)!=0 ) {
- free(unarchivecmd); free(desiredfile);
- ArchiveCleanup(archivedir);
-return( NULL );
+ command[0] = archivers[i].unarchive;
+ command[1] = archivers[i].extractargs;
+ command[2] = name;
+ command[3] = doall ? "" : desiredfile;
+ command[4] = NULL;
+
+ if ( g_spawn_sync(
+ (gchar*)archivedir,
+ command,
+ NULL,
+ G_SPAWN_SEARCH_PATH,
+ NULL,
+ NULL,
+ &stdoutresponse,
+ &stderrresponse,
+ NULL,
+ NULL
+ ) == FALSE) { // did not successfully execute
+ free(desiredfile);
+ ArchiveCleanup(archivedir);
+ return( NULL );
}
- free(unarchivecmd);
finalfile = malloc( strlen(archivedir) + 1 + strlen(desiredfile) + 1);
sprintf( finalfile, "%s/%s", archivedir, desiredfile );
@@ -885,8 +906,12 @@
char *Decompress(char *name, int compression) {
char *dir = getenv("TMPDIR");
- char buf[1500];
char *tmpfn;
+ gchar *command[4];
+ gint stdout_pipe;
+ gchar buffer[4096];
+ gssize bytes_read;
+ GByteArray *binary_data = g_byte_array_new();
if ( dir==NULL ) dir = P_tmpdir;
tmpfn = malloc(strlen(dir)+strlen(GFileNameTail(name))+2);
@@ -894,11 +919,41 @@
strcat(tmpfn,"/");
strcat(tmpfn,GFileNameTail(name));
*strrchr(tmpfn,'.') = '\0';
- snprintf( buf, sizeof(buf), "%s < %s > %s", compressors[compression].decomp, name, tmpfn );
- if ( system(buf)==0 )
-return( tmpfn );
- free(tmpfn);
-return( NULL );
+
+ command[0] = compressors[compression].decomp;
+ command[1] = "-c";
+ command[2] = name;
+ command[3] = NULL;
+
+ // Have to use async because g_spawn_sync doesn't handle nul-bytes in the output (which happens with binary data)
+ if (g_spawn_async_with_pipes(
+ NULL,
+ command,
+ NULL,
+ G_SPAWN_DO_NOT_REAP_CHILD | G_SPAWN_SEARCH_PATH,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &stdout_pipe,
+ NULL,
+ NULL) == FALSE) {
+ //command has failed
+ return( NULL );
+ }
+
+ // Read binary data from pipe and output to file
+ while ((bytes_read = read(stdout_pipe, buffer, sizeof(buffer))) > 0) {
+ g_byte_array_append(binary_data, (guint8 *)buffer, bytes_read);
+ }
+ close(stdout_pipe);
+
+ FILE *fp = fopen(tmpfn, "wb");
+ fwrite(binary_data->data, sizeof(gchar), binary_data->len, fp);
+ fclose(fp);
+ g_byte_array_free(binary_data, TRUE);
+
+ return(tmpfn);
}
static char *ForceFileToHaveName(FILE *file, char *exten) {

82
fontforge.changes
View File

@@ -1,81 +1,3 @@
-------------------------------------------------------------------
Mon May 26 06:39:39 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
- Update to version 20230101+git59.770356c9b:
* Add contour draw option to H.Metrics. (#5496)
* Fix memory corruption in SFUnicodeRanges() (#5537)
* Bump GitHub CI runner to Ubuntu 22 (#5551)
* Fix CI for Ubuntu 24 (#5531)
* Avoid crashes in Python scripts when objects are accessed in
invalid state (#5483)
* fix memleak in function utf7toutf8_copy (#5495)
* Modernize fixed pitch flag computation (#5506)
* Segfault fix and complete implementation of "Don't generate
FFTM tables" (#5509)
* Make SmallCaps() translate symbols, too. Update
documentation accordingly. (#5517)
* Fix function PyFFFont_addSmallCaps. (#5519)
* Warning rollup (probably some hidden bugs!) from clang trunk
(#5492)
* Update mm.c (#5386)
* fix memleak in function DlgCreate8 (#5491)
* Fix Python font.appendSFNTName() function (#5494)
* Allow hyphen and special characters in Feature File glyph names
(#5358)
* Update CI runner to macOS 13 (#5482)
* add math device tables to Python API (#5348)
* Only install GUI-specific files if ENABLE_GUI is set (#5451)
* Fix resource leak in unParseTTInstrs (#5476)
* Use PyConfig API on Python 3.8 (#5404)
* Use sysconfig for Python module locations (#5423)
* More crowdin fix
* Python script shall trigger no asserts (#5410)
* crowdin: update to java 17 (#5447)
* try fix crowdin
* Fix generated feature file bugs (#5384)
* Defer crowdin update to the end of the pipeline (#5409)
* Fix export of supplementary plane characters in font name to
TTF (#5396)
* Don't attempt to copy anchors into NULL font (#5405)
* Treat FT_PIXEL_MODE_MONO as 2 grey levels (#5379)
* Compare vertical metrics check when generating TTC (#5372)
* Fix data corruption on SFD reading (#5380)
* doc: added missing sudo to installation instructions (#5300)
* Remove `psaltnames` for multi-code-point names (#5305)
* Support suplementary planes in SFD (emojis etc.) (#5364)
* Fix the lists of Windows language IDs (#5359)
* fix splinefont shell command injection (#5367)
* Bulk tester (#5365)
* add `font.style_set_names` attribute to Python API (#5354)
* Fix typos in the FAQ (#5355)
* Autoselect internal WOFF2 format (#5346)
* fix segfault triggered by Python `del c[i:j]` (#5352)
* add `font` attributes, method to Python docs (#5353)
* Always set `usDefaultChar` to 0 (.notdef) (#5242)
* Fix generateFontPostHook being called instead of
generateFontPreHook (#5226)
* nltransform of anchor points (#5345)
* Don't require individual tuple encapsulation in
fontforge.font.bitmapSizes setter (#5138)
* Fix CMake function _get_git_version() (#5342)
* Handle failed iconv conversion. Unhandled execution path was
UB, causing a segfault for me (#5329)
* Fix crash in parsegvar() due to insufficient buffer (#5339)
* Quiet strict prototypes warnings. (#5313)
* harmonizing can now no longer produce zero handles, the
computation of harmonization is now numerically robust (#5262)
* Fix glyph file names uXXXXX (#5333)
* Fix lookup flags parsing (#5338)
* Duplicate libfontforge.dll for "py" and "pyhook" tests. (#5335)
* Use consistent Python in MacOS GitHub runner (#5331)
* Update po files from Croudin sources after fixing problems
* Fix GinHub CI runners (#5328)
* Update local scripts directory (#5180)
- Remove patches already included by upstream:
* fontforge-CVE-2024-25081-CVE-2024-25082.patch
* 642d8a3db6d4bc0e70b429622fdf01ecb09c4c10.patch
* use-sysconfig-not-distutils.patch
-------------------------------------------------------------------
Thu Nov 21 20:31:36 UTC 2024 - Dirk Müller <dmueller@suse.com>
@@ -185,8 +107,6 @@ Sun Mar 20 21:20:14 UTC 2022 - Dirk Müller <dmueller@suse.com>
* UFO include path is altered, please update your fonts if needed
* FontForge is now compiled with -Wall by default
* Cidmaps are now bundled
* Move help to gutils, help to avoid not validate strings before launching issue.
(CVE-2017-17521, bsc#1073014)
- drop fix-return-statement.patch. obsolete
-------------------------------------------------------------------
@@ -800,7 +720,7 @@ Tue Apr 10 2001 - Scott Pakin <pakin@uiuc.edu>
- Upgraded from 210301 to 020401.
-------------------------------------------------------------------
Thu Mar 22 2001 - Scott Pakin <pakin@uiuc.edu>
Thu Mar 22 2001 Scott Pakin <pakin@uiuc.edu>
- Initial release

4
fontforge.obsinfo
View File

@@ -1,4 +0,0 @@
name: fontforge
version: 20230101+git59.770356c9b
mtime: 1745220260
commit: 770356c9b52c003939a36ed3df711b08805efb3c

13
fontforge.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package fontforge
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,16 +17,21 @@
Name: fontforge
Version: 20230101+git59.770356c9b
Version: 20230101
Release: 0
Summary: A Font Editor
License: GPL-3.0-or-later
URL: https://fontforge.org/
Source0: fontforge-20230101+git59.770356c9b.tar.zst
Source0: https://github.com/fontforge/fontforge/archive/%{version}.tar.gz
# workaround for bug 930076, imho upstream should fix this
# https://github.com/fontforge/fontforge/issues/2270
Patch0: fontforge-version.patch
Patch1: add-bitmap-transform-support.patch
# PATCH-FIX-UPSTREAM fontforge-CVE-2024-25081-CVE-2024-25082.patch CVE-2024-25081 CVE-2024-25082 bsc#1220404 bsc#1220405 qzhao@suse.com -- Fix Splinefont shell invocation.
Patch2: fontforge-CVE-2024-25081-CVE-2024-25082.patch
Patch3: https://github.com/fontforge/fontforge/commit/642d8a3db6d4bc0e70b429622fdf01ecb09c4c10.patch
# PATCH-FIX-UPSTREAM: taken from https://github.com/fontforge/fontforge/commit/8c75293e924602ed09a9481b0eeb67ba6c623a81
Patch4: use-sysconfig-not-distutils.patch
BuildRequires: cairo-devel
BuildRequires: cmake
BuildRequires: fdupes
@@ -46,7 +51,7 @@ BuildRequires: libxml2-devel
BuildRequires: pango-devel
BuildRequires: pkgconfig
BuildRequires: python3-Sphinx
BuildRequires: python3-devel >= 3.8
BuildRequires: python3-devel
BuildRequires: readline-devel
BuildRequires: update-desktop-files
BuildRequires: woff2-devel

54
use-sysconfig-not-distutils.patch Normal file
View File

@@ -0,0 +1,54 @@
From 8c75293e924602ed09a9481b0eeb67ba6c623a81 Mon Sep 17 00:00:00 2001
From: Maxim Iorsh <iorsh@users.sourceforge.net>
Date: Mon, 7 Oct 2024 11:44:00 +0300
Subject: [PATCH] Use sysconfig for Python module locations (#5423)
* Use sysconfig for Python module locations
* [TEMP] Use iorsh/fontforgebuilds repo
* [TEMP] Use iorsh/fontforgebuilds repo in Appveyor
* Update
* Revert "[TEMP] Use iorsh/fontforgebuilds repo in Appveyor"
This reverts commit 6fa80455b8b1e7cf43419c73e4de714f7925d9f8.
* test
* Cleanup
* test
* Removed debug prints
---------
Co-authored-by: Jeremy Tan <jtanx@outlook.com>
---
.github/workflows/main.yml | 24 +++++++++----------
.github/workflows/scripts/ffosxbuild.sh | 7 ++++--
.github/workflows/scripts/setup_linux_deps.sh | 2 +-
CMakeLists.txt | 6 -----
osx/CMakeLists.txt | 2 +-
pyhook/CMakeLists.txt | 5 +++-
6 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/pyhook/CMakeLists.txt b/pyhook/CMakeLists.txt
index dd48054aa7..53708f1099 100644
--- a/pyhook/CMakeLists.txt
+++ b/pyhook/CMakeLists.txt
@@ -20,8 +20,11 @@ target_link_libraries(psMat_pyhook PRIVATE Python3::Module)
# FindPython3 provides Python3_SITEARCH, but this is an absolute path
# So do it ourselves, getting the prefix-relative path instead
if(NOT DEFINED PYHOOK_INSTALL_DIR)
+ if(APPLE)
+ set(_PYHOOK_SYSCONFIG_PREFIX " 'posix_prefix',")
+ endif()
execute_process(
- COMMAND "${Python3_EXECUTABLE}" -c "import distutils.sysconfig as sc; print(sc.get_python_lib(prefix='', plat_specific=True,standard_lib=False))"
+ COMMAND "${Python3_EXECUTABLE}" -c "import sysconfig as sc; print(sc.get_path('platlib',${_PYHOOK_SYSCONFIG_PREFIX} vars={'platbase': '.'}))"
RESULT_VARIABLE _pyhook_install_dir_result
OUTPUT_VARIABLE PYHOOK_INSTALL_DIR
OUTPUT_STRIP_TRAILING_WHITESPACE)