packages/freetype
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:0ffd5c2f93106c8390119c78e294c8737995a108
Branches Tags
packages:main
...
compare: packages:e26e9b83d50123c31519286698b4a08f8d1ce53c
Branches Tags
packages:main

10 Commits
0ffd5c2f93 ... e26e9b83d5

Author SHA1 Message Date
openeuler-ci-bot
e26e9b83d5
!64 update CVE-2025-27363 patch 
From: @zppzhangpan 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2025-04-14 08:59:39 +00:00
zhangpan
245bafa9cd update CVE-2025-27363 patch 2025-04-14 07:23:45 +00:00
openeuler-ci-bot
8502dfe89e
!58 fix CVE-2025-27363 
From: @zppzhangpan 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
 2025-03-18 06:53:38 +00:00
zhangpan
43af155eef fix CVE-2025-27363 2025-03-17 07:00:34 +00:00
openeuler-ci-bot
8dd3d24f7d
!48 [sync] PR-45: enable make check 
From: @openeuler-sync-bot 
Reviewed-by: @open123bot 
Signed-off-by: @open123bot
 2023-11-15 02:30:08 +00:00
zppzhangpan
119c42bbc7 enable make check 
(cherry picked from commit ad8a31b1cddc4a7208bf3a1bfd1112eba7d71008)
 2023-11-15 10:29:30 +08:00
openeuler-ci-bot
4f81e4053b
!38 [sync] PR-37: fix CVE-2023-2004 
From: @openeuler-sync-bot 
Reviewed-by: @leeffo 
Signed-off-by: @leeffo
 2023-04-18 01:14:18 +00:00
zhouwenpei
7381ce2575 fix CVE-2023-2004 
(cherry picked from commit 71388138579df4d9cc28b1ce5b9b32f00daf2b0a)
 2023-04-18 09:04:22 +08:00
openeuler-ci-bot
568e1d43e5
!31 update to 2.12.1 
From: @zhouwenpei 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2022-12-02 08:54:19 +00:00
zhouwenpei
95ad36b6a0 update to 2.12.1 2022-11-29 09:10:24 +00:00
14 changed files with 110 additions and 149 deletions
Show Stats Expand all files Collapse all files

BIN
As.I.Lay.Dying.ttf Normal file
View File

Binary file not shown.

39
backport-0001-CVE-2022-27405.patch
View File

@ -1,39 +0,0 @@
From 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 19 Mar 2022 06:40:17 +0100
Subject: [PATCH] * src/base/ftobjs.c (ft_open_face_internal): Properly guard
`face_index`.
We must ensure that the cast to `FT_Int` doesn't change the sign.
Fixes #1139.
Conflict:NA
Reference:https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
---
src/base/ftobjs.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 2c0f0e6c9..10952a6c6 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -2527,6 +2527,15 @@
#endif
+ /* only use lower 31 bits together with sign bit */
+ if ( face_index > 0 )
+ face_index &= 0x7FFFFFFFL;
+ else
+ {
+ face_index &= 0x7FFFFFFFL;
+ face_index = -face_index;
+ }
+
#ifdef FT_DEBUG_LEVEL_TRACE
FT_TRACE3(( "FT_Open_Face: " ));
if ( face_index < 0 )
--
GitLab

26
backport-0002-CVE-2022-27405.patch
View File

@ -1,26 +0,0 @@
From d014387ad4a5dd04d8e7f99587c7dacb70261924 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 19 Mar 2022 09:30:45 +0100
Subject: [PATCH] * src/base/ftobjs.c (ft_open_face_internal): Thinko.
Conflict:NA
Reference:https://gitlab.freedesktop.org/freetype/freetype/-/commit/d014387ad4a5dd04d8e7f99587c7dacb70261924
---
src/base/ftobjs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 10952a6c6..6492a1517 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -2532,6 +2532,7 @@
face_index &= 0x7FFFFFFFL;
else
{
+ face_index = -face_index;
face_index &= 0x7FFFFFFFL;
face_index = -face_index;
}
--
GitLab

45
backport-CVE-2022-27404.patch
View File

@ -1,45 +0,0 @@
From 53dfdcd8198d2b3201a23c4bad9190519ba918db Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Thu, 17 Mar 2022 19:24:16 +0100
Subject: [PATCH] [sfnt] Avoid invalid face index.
Fixes #1138.
* src/sfnt/sfobjs.c (sfnt_init_face), src/sfnt/sfwoff2.c (woff2_open_font):
Check `face_index` before decrementing.
Conflict:NA
Reference:https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db
---
src/sfnt/sfobjs.c | 2 +-
src/sfnt/sfwoff2.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c
index f9d4d3858..9771c35df 100644
--- a/src/sfnt/sfobjs.c
+++ b/src/sfnt/sfobjs.c
@@ -566,7 +566,7 @@
face_index = FT_ABS( face_instance_index ) & 0xFFFF;
/* value -(N+1) requests information on index N */
- if ( face_instance_index < 0 )
+ if ( face_instance_index < 0 && face_index > 0 )
face_index--;
if ( face_index >= face->ttc_header.count )
diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c
index cb1e0664a..165b875e5 100644
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@@ -2085,7 +2085,7 @@
/* Validate requested face index. */
*num_faces = woff2.num_fonts;
/* value -(N+1) requests information on index N */
- if ( *face_instance_index < 0 )
+ if ( *face_instance_index < 0 && face_index > 0 )
face_index--;
if ( face_index >= woff2.num_fonts )
--
GitLab

30
backport-CVE-2022-27406.patch
View File

@ -1,30 +0,0 @@
From 0c2bdb01a2e1d24a3e592377a6d0822856e10df2 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 19 Mar 2022 09:37:28 +0100
Subject: [PATCH] * src/base/ftobjs.c (FT_Request_Size): Guard `face->size`.
Fixes #1140.
Conflict:NA
Reference:https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2
---
src/base/ftobjs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 6492a1517..282c9121a 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -3409,6 +3409,9 @@
if ( !face )
return FT_THROW( Invalid_Face_Handle );
+ if ( !face->size )
+ return FT_THROW( Invalid_Size_Handle );
+
if ( !req || req->width < 0 || req->height < 0 ||
req->type >= FT_SIZE_REQUEST_TYPE_MAX )
return FT_THROW( Invalid_Argument );
--
GitLab

37
backport-CVE-2023-2004.patch Normal file
View File

@ -0,0 +1,37 @@
From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Mon, 14 Nov 2022 19:18:19 +0100
Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
---
src/truetype/ttgxvar.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index aad3e29..a69a9b5 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -42,6 +42,7 @@
#include <ft2build.h>
#include <freetype/internal/ftdebug.h>
#include FT_CONFIG_CONFIG_H
+#include <freetype/internal/ftcalc.h>
#include <freetype/internal/ftstream.h>
#include <freetype/internal/sfnt.h>
#include <freetype/tttags.h>
@@ -1075,7 +1076,7 @@
delta == 1 ? "" : "s",
vertical ? "VVAR" : "HVAR" ));
- *avalue += delta;
+ *avalue = ADD_INT(*avalue, delta );
Exit:
return error;
--
2.33.0

44
backport-Minimal-stop-gap-fix-for-CVE-2025-27363.patch Normal file
View File

@ -0,0 +1,44 @@
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Date: Fri, 14 Mar 2025 08:55:06 -0400
Subject: [PATCH] Minimal stop-gap fix for CVE-2025-27363
Origin: https://www.openwall.com/lists/oss-security/2025/03/14/3
Bug: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-27363
Reference:https://salsa.debian.org/debian/freetype/-/merge_requests/4
Conflict:NA
---
src/truetype/ttgload.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 2ca63d65a3a3..7ce6d2a6fb29 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1948,7 +1948,7 @@
short i, limit;
FT_SubGlyph subglyph;
- FT_Outline outline;
+ FT_Outline outline = { 0, 0, NULL, NULL, NULL, 0 };
FT_Vector* points = NULL;
char* tags = NULL;
short* contours = NULL;
@@ -1957,6 +1957,13 @@
limit = (short)gloader->current.num_subglyphs;
+ /* make sure this isn't negative as we're going to add 4 later */
+ if ( limit < 0 )
+ {
+ error = FT_THROW( Invalid_Argument );
+ goto Exit;
+ }
+
/* construct an outline structure for */
/* communication with `TT_Vary_Apply_Glyph_Deltas' */
outline.n_points = (short)( gloader->current.num_subglyphs + 4 );
--
2.47.2

BIN
freetype-2.11.0.tar.xz
View File

Binary file not shown.

BIN
freetype-2.12.1.tar.xz Normal file
View File

Binary file not shown.

BIN
freetype-doc-2.11.0.tar.xz
View File

Binary file not shown.

BIN
freetype-doc-2.12.1.tar.xz Normal file
View File

Binary file not shown.

38
freetype.spec
View File

@ -3,8 +3,8 @@
%{!?with_xfree86:%define with_xfree86 1}
Name: freetype
Version: 2.11.0
Release: 2
Version: 2.12.1
Release: 5
Summary: FreeType is a freely available software library to render fonts
License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
URL: http://www.freetype.org
@ -12,6 +12,8 @@ Source0: http://download.savannah.gnu.org/releases/freetype/freetype-%{ve
Source1: http://download.savannah.gnu.org/releases/freetype/freetype-doc-%{version}.tar.xz
Source2: http://download.savannah.gnu.org/releases/freetype/ft2demos-%{version}.tar.xz
Source3: ftconfig.h
#from tests/scripts/download-test-fonts.py:https://github.com/python-pillow/Pillow/files/6622147/As.I.Lay.Dying.zip
Source4: As.I.Lay.Dying.ttf
Patch1: backport-freetype-2.5.2-more-demos.patch
Patch6000: backport-freetype-2.3.0-enable-spr.patch
@ -20,12 +22,10 @@ Patch6002: backport-freetype-2.6.5-libtool.patch
Patch6003: backport-freetype-2.8-multilib.patch
Patch6004: backport-freetype-2.10.0-internal-outline.patch
Patch6005: backport-freetype-2.10.1-debughook.patch
Patch6006: backport-CVE-2022-27404.patch
Patch6007: backport-0001-CVE-2022-27405.patch
Patch6008: backport-0002-CVE-2022-27405.patch
Patch6009: backport-CVE-2022-27406.patch
Patch6006: backport-CVE-2023-2004.patch
Patch6007: backport-Minimal-stop-gap-fix-for-CVE-2025-27363.patch
BuildRequires: gcc libX11-devel libpng-devel zlib-devel bzip2-devel
BuildRequires: gcc libX11-devel libpng-devel zlib-devel bzip2-devel meson
Provides: %{name}-bytecode
%if %{?_with_subpixel_rendering:1}%{!?_with_subpixel_rendering:0}
@ -73,8 +73,6 @@ popd
%patch6005 -p1
%patch6006 -p1
%patch6007 -p1
%patch6008 -p1
%patch6009 -p1
%build
%configure --disable-static --with-zlib=yes --with-bzip2=yes --with-png=yes --enable-freetype-config --with-harfbuzz=no
@ -122,6 +120,13 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
%postun -p /sbin/ldconfig
%check
mkdir -p tests/data/
cp %{SOURCE4} tests/data/
meson setup out -Dtests=enabled
meson compile -C out
meson test -C out
%files
%{!?_licensedir:%global license %%doc}
%license LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
@ -148,6 +153,21 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
%{_mandir}/man1/*
%changelog
* Mon Apr 14 2025 zhangpan <zhangpan103@h-partners.com> - 2.12.1-5
- update CVE-2025-27363 patch
* Mon Mar 17 2025 zhangpan <zhangpan103@h-partners.com> - 2.12.1-4
- fix CVE-2025-27363
* Tue Nov 14 2023 zhangpan <zhangpan103@h-partners.com> - 2.12.1-3
- enable make check
* Mon Apr 17 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.1-2
- fix CVE-2023-2004
* Tue Nov 29 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.1-1
- update to 2.12.1
* Sat May 14 2022 wangkerong <wangkerong@h-paerners.com> - 2.11.0-2
- fix CVE-2022-27404,CVE-2022-27405,CVE-2022-27406

BIN
ft2demos-2.11.0.tar.xz
View File

Binary file not shown.

BIN
ft2demos-2.12.1.tar.xz Normal file
View File

Binary file not shown.