rpms/freetype-freeworld/devel freetype-2.5.3-hintmap.patch, NONE, 1.1 freetype-2.5.3-hintmask.patch, NONE, 1.1 freetype-freeworld.spec, 1.36, 1.37
Kevin Kofler
kkofler at rpmfusion.org
Fri Dec 12 04:58:16 CET 2014
Author: kkofler
Update of /cvs/free/rpms/freetype-freeworld/devel
In directory old02.ovh.rpmfusion.lan:/tmp/cvs-serv1423/devel
Modified Files:
freetype-freeworld.spec
Added Files:
freetype-2.5.3-hintmap.patch freetype-2.5.3-hintmask.patch
Log Message:
* Fri Dec 12 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.5.3-3
- Add freetype-2.5.3-hintmask.patch from Fedora freetype (rh#1172634)
(Don't append to stem arrays after hintmask is constructed.)
- Add freetype-2.5.3-hintmap.patch from Fedora freetype (rh#1172634)
(Suppress an assert when hintMap.count == 0 in specific situations.)
freetype-2.5.3-hintmap.patch:
cf2hints.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- NEW FILE freetype-2.5.3-hintmap.patch ---
>From f89396cb6284954ff98b5dcbfc38e144deccdc83 Mon Sep 17 00:00:00 2001
From: Dave Arnold <darnold at adobe.com>
Date: Thu, 04 Dec 2014 05:17:26 +0000
Subject: [cff] Modify an FT_ASSERT.
* src/cff/cf2hints.c (cf2_hintmap_map): After the fix for Savannah
bug #43661, the test font `...aspartam.otf' still triggers an
FT_ASSERT. Since hintmap still works with count==0, ...
(cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): ... add that term to
suppress the assert.
---
diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c
index 28a892b..040d193 100644
--- a/src/cff/cf2hints.c
+++ b/src/cff/cf2hints.c
@@ -304,9 +304,6 @@
cf2_hintmap_map( CF2_HintMap hintmap,
CF2_Fixed csCoord )
{
- FT_ASSERT( hintmap->isValid ); /* must call Build before Map */
- FT_ASSERT( hintmap->lastIndex < CF2_MAX_HINT_EDGES );
-
if ( hintmap->count == 0 || ! hintmap->hinted )
{
/* there are no hints; use uniform scale and zero offset */
@@ -317,6 +314,7 @@
/* start linear search from last hit */
CF2_UInt i = hintmap->lastIndex;
+ FT_ASSERT( hintmap->lastIndex < CF2_MAX_HINT_EDGES );
/* search up */
while ( i < hintmap->count - 1 &&
@@ -1694,7 +1692,8 @@
if ( glyphpath->elemIsQueued )
{
- FT_ASSERT( cf2_hintmap_isValid( &glyphpath->hintMap ) );
+ FT_ASSERT( cf2_hintmap_isValid( &glyphpath->hintMap ) ||
+ glyphpath->hintMap.count == 0 );
cf2_glyphpath_pushPrevElem( glyphpath,
&glyphpath->hintMap,
@@ -1780,7 +1779,8 @@
if ( glyphpath->elemIsQueued )
{
- FT_ASSERT( cf2_hintmap_isValid( &glyphpath->hintMap ) );
+ FT_ASSERT( cf2_hintmap_isValid( &glyphpath->hintMap ) ||
+ glyphpath->hintMap.count == 0 );
cf2_glyphpath_pushPrevElem( glyphpath,
&glyphpath->hintMap,
--
cgit v0.9.0.2
freetype-2.5.3-hintmask.patch:
cf2hints.c | 5 ++++-
cf2intrp.c | 22 ++++++++++++++--------
2 files changed, 18 insertions(+), 9 deletions(-)
--- NEW FILE freetype-2.5.3-hintmask.patch ---
>From 2cdc4562f873237f1c77d43540537c7a721d3fd8 Mon Sep 17 00:00:00 2001
From: Dave Arnold <darnold at adobe.com>
Date: Thu, 04 Dec 2014 05:10:16 +0000
Subject: [cff] Fix Savannah bug #43661.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdHSTEM,
cf2_cmdVSTEM, cf2_cmdHINTMASK>: Don't append to stem arrays after
hintmask is constructed.
* src/cff/cf2hints.c (cf2_hintmap_build): Add defensive code to
avoid reading past end of hintmask.
---
diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c
index 81049f4..28a892b 100644
--- a/src/cff/cf2hints.c
+++ b/src/cff/cf2hints.c
@@ -794,9 +794,12 @@
maskPtr = cf2_hintmask_getMaskPtr( &tempHintMask );
/* use the hStem hints only, which are first in the mask */
- /* TODO: compare this to cffhintmaskGetBitCount */
bitCount = cf2_arrstack_size( hStemHintArray );
+ /* Defense-in-depth. Should never return here. */
+ if ( bitCount > hintMask->bitCount )
+ return;
+
/* synthetic embox hints get highest priority */
if ( font->blues.doEmBoxHints )
{
diff --git a/src/cff/cf2intrp.c b/src/cff/cf2intrp.c
index 5610917..a269606 100644
--- a/src/cff/cf2intrp.c
+++ b/src/cff/cf2intrp.c
@@ -4,7 +4,7 @@
/* */
/* Adobe's CFF Interpreter (body). */
/* */
-/* Copyright 2007-2013 Adobe Systems Incorporated. */
+/* Copyright 2007-2014 Adobe Systems Incorporated. */
/* */
/* This software, and all works of authorship, whether in source or */
/* object code form as indicated by the copyright notice(s) included */
@@ -593,8 +593,11 @@
/* never add hints after the mask is computed */
if ( cf2_hintmask_isValid( &hintMask ) )
+ {
FT_TRACE4(( "cf2_interpT2CharString:"
" invalid horizontal hint mask\n" ));
+ break;
+ }
cf2_doStems( font,
opStack,
@@ -614,8 +617,11 @@
/* never add hints after the mask is computed */
if ( cf2_hintmask_isValid( &hintMask ) )
+ {
FT_TRACE4(( "cf2_interpT2CharString:"
" invalid vertical hint mask\n" ));
+ break;
+ }
cf2_doStems( font,
opStack,
@@ -1141,15 +1147,16 @@
/* `cf2_hintmask_read' (which also traces the mask bytes) */
FT_TRACE4(( op1 == cf2_cmdCNTRMASK ? " cntrmask" : " hintmask" ));
- /* if there are arguments on the stack, there this is an */
- /* implied cf2_cmdVSTEMHM */
- if ( cf2_stack_count( opStack ) != 0 )
+ /* never add hints after the mask is computed */
+ if ( cf2_stack_count( opStack ) > 1 &&
+ cf2_hintmask_isValid( &hintMask ) )
{
- /* never add hints after the mask is computed */
- if ( cf2_hintmask_isValid( &hintMask ) )
- FT_TRACE4(( "cf2_interpT2CharString: invalid hint mask\n" ));
+ FT_TRACE4(( "cf2_interpT2CharString: invalid hint mask\n" ));
+ break;
}
+ /* if there are arguments on the stack, there this is an */
+ /* implied cf2_cmdVSTEMHM */
cf2_doStems( font,
opStack,
&vStemHintArray,
--
cgit v0.9.0.2
Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/devel/freetype-freeworld.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- freetype-freeworld.spec 1 Sep 2014 02:25:23 -0000 1.36
+++ freetype-freeworld.spec 12 Dec 2014 03:58:15 -0000 1.37
@@ -1,7 +1,7 @@
Summary: A free and portable font rendering engine
Name: freetype-freeworld
Version: 2.5.3
-Release: 2%{?dist}
+Release: 3%{?dist}
License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
URL: http://www.freetype.org
Source: http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.bz2
@@ -11,6 +11,11 @@
# Enable otvalid and gxvalid modules
Patch46: freetype-2.2.1-enable-valid.patch
+## Security fixes:
+# https://bugzilla.gnome.org/show_bug.cgi?id=1172634
+Patch93: freetype-2.5.3-hintmask.patch
+Patch94: freetype-2.5.3-hintmap.patch
+
Provides: freetype-bytecode
Provides: freetype-subpixel
@@ -39,6 +44,9 @@
%patch46 -p1 -b .enable-valid
+%patch93 -p1 -b .hintmask
+%patch94 -p1 -b .hintmap
+
%build
%configure --disable-static
@@ -77,6 +85,12 @@
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%changelog
+* Fri Dec 12 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> 2.5.3-3
+- Add freetype-2.5.3-hintmask.patch from Fedora freetype (rh#1172634)
+ (Don't append to stem arrays after hintmask is constructed.)
+- Add freetype-2.5.3-hintmap.patch from Fedora freetype (rh#1172634)
+ (Suppress an assert when hintMap.count == 0 in specific situations.)
+
* Mon Sep 01 2014 Sérgio Basto <sergio at serjux.com> - 2.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
More information about the rpmfusion-commits
mailing list