!46 [sync] PR-45: enable make check

From: @openeuler-sync-bot Reviewed-by: @open123bot Signed-off-by: @open123bot
enable make check
2023-11-15 02:30:21 +00:00 · 2023-11-15 10:29:23 +08:00 · 2023-04-18 01:14:18 +00:00 · 2023-04-18 09:04:22 +08:00 · 2022-12-02 08:54:19 +00:00 · 2022-11-29 09:10:24 +00:00
15 changed files with 84 additions and 58 deletions
--- a/As.I.Lay.Dying.ttf
+++ b/As.I.Lay.Dying.ttf
--- a/CVE-2020-15999.patch
+++ b/CVE-2020-15999.patch
@ -1,45 +0,0 @@
-From a3bab162b2ae616074c8877a04556932998aeacd Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Mon, 19 Oct 2020 23:45:28 +0200
-Subject: [sfnt] Fix heap buffer overflow (#59308).
- This is CVE-2020-15999.
- * src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier.
-reference：https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
---
- src/sfnt/pngshim.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c
-index 523b30a..5502108 100644
--- a/src/sfnt/pngshim.c
-+++ b/src/sfnt/pngshim.c
-@@ -328,6 +328,13 @@
- 
-     if ( populate_map_and_metrics )
-     {
-+      /* reject too large bitmaps similarly to the rasterizer */
-+      if ( imgHeight > 0x7FFF || imgWidth > 0x7FFF )
-+      {
-+        error = FT_THROW( Array_Too_Large );
-+        goto DestroyExit;
-+      }
-+
-       metrics->width  = (FT_UShort)imgWidth;
-       metrics->height = (FT_UShort)imgHeight;
- 
-@@ -336,13 +343,6 @@
-       map->pixel_mode = FT_PIXEL_MODE_BGRA;
-       map->pitch      = (int)( map->width * 4 );
-       map->num_grays  = 256;
-
-      /* reject too large bitmaps similarly to the rasterizer */
-      if ( map->rows > 0x7FFF || map->width > 0x7FFF )
-      {
-        error = FT_THROW( Array_Too_Large );
-        goto DestroyExit;
-      }
-     }
- 
-     /* convert palette/gray image to rgb */
-- 
-2.27.0
--- a/backport-CVE-2023-2004.patch
+++ b/backport-CVE-2023-2004.patch
@ -0,0 +1,37 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index aad3e29..a69a9b5 100644
+--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
+@@ -42,6 +42,7 @@
+ #include <ft2build.h>
+ #include <freetype/internal/ftdebug.h>
+ #include FT_CONFIG_CONFIG_H
+#include <freetype/internal/ftcalc.h>
+ #include <freetype/internal/ftstream.h>
+ #include <freetype/internal/sfnt.h>
+ #include <freetype/tttags.h>
+@@ -1075,7 +1076,7 @@
+                 delta == 1 ? "" : "s",
+                 vertical ? "VVAR" : "HVAR" ));
+ 
+-    *avalue += delta;
+    *avalue = ADD_INT(*avalue, delta );
+ 
+   Exit:
+     return error;
+-- 
+2.33.0
+
--- a/backport-freetype-2.2.1-enable-valid.patch
+++ b/backport-freetype-2.2.1-enable-valid.patch
@ -7,6 +7,7 @@ Enable modules gxvalid and otvalid

 Conflict:NA
 Reference:https://src.fedoraproject.org/rpms/freetype/c/cbf2c99f7813750cb82deb367a37e50dbb709395
+
 --- freetype-2.2.1/modules.cfg.orig	2006-07-07 21:01:09.000000000 -0400
 +++ freetype-2.2.1/modules.cfg	2006-07-07 21:01:54.000000000 -0400
@@ -110,7 +110,7 @@
--- a/backport-freetype-2.3.0-enable-spr.patch
+++ b/backport-freetype-2.3.0-enable-spr.patch
@ -9,8 +9,8 @@ Reference:https://src.fedoraproject.org/rpms/freetype/c/c1c64f8cf9264592bca747c9
 --- freetype-2.3.0/include/freetype/config/ftoption.h.spf	2007-01-18 14:27:34.000000000 -0500
 +++ freetype-2.3.0/include/freetype/config/ftoption.h	2007-01-18 14:27:48.000000000 -0500
@@ -92,7 +92,7 @@
-    * macro is not defined, FreeType offers alternative LCD rendering
-    * technology that produces excellent output without LCD filtering.
+    * When this macro is not defined, FreeType offers alternative LCD
+    * rendering technology that produces excellent output.
    */
 -/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */
 +#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING
--- a/backport-freetype-2.5.2-more-demos.patch
+++ b/backport-freetype-2.5.2-more-demos.patch
@ -14,4 +14,4 @@
 +  EXES += fttimer
   # EXES += testname
 
-   exes: $(EXES:%=$(BIN_DIR_2)/%$E)
+   # Not all demo programs have a man page; we thus check for existence in a
--- a/backport-freetype-2.6.5-libtool.patch
+++ b/backport-freetype-2.6.5-libtool.patch
@ -5,6 +5,7 @@ Subject: Don't show path of non-existing libtool file

 Conflict:NA
 Reference:https://src.fedoraproject.org/rpms/freetype/c/928ba6125d73435fddd73f9bf155e0f2a813bab7
+
 --- freetype-2.8/builds/unix/freetype-config.in.orig	2017-03-30 12:20:23.000000001 +0200
 +++ freetype-2.8/builds/unix/freetype-config.in	2017-05-16 13:25:39.223041128 +0200
@@ -205,7 +205,7 @@ if test "$echo_libs" = "yes" ; then
--- a/backport-freetype-2.8-multilib.patch
+++ b/backport-freetype-2.8-multilib.patch
@ -9,6 +9,7 @@ Resolves: #1497443

 Conflict:NA
 Reference:https://src.fedoraproject.org/rpms/freetype/c/1007098e54f9449281f83516f0272afa5d20ec29?branch=rawhide
+
 --- freetype-2.9/builds/unix/freetype-config.in
 +++ freetype-2.9/builds/unix/freetype-config.in
@@ -13,45 +13,25 @@ LC_ALL=C
--- a/freetype-2.10.2.tar.xz
+++ b/freetype-2.10.2.tar.xz
--- a/freetype-2.12.1.tar.xz
+++ b/freetype-2.12.1.tar.xz
--- a/freetype-doc-2.10.2.tar.xz
+++ b/freetype-doc-2.10.2.tar.xz
--- a/freetype-doc-2.12.1.tar.xz
+++ b/freetype-doc-2.12.1.tar.xz
--- a/freetype.spec
+++ b/freetype.spec
@ -3,7 +3,7 @@
 %{!?with_xfree86:%define with_xfree86 1}

 Name:           freetype
-Version:        2.10.2
+Version:        2.12.1
 Release:        3
 Summary:        FreeType is a freely available software library to render fonts
 License:        (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
@ -12,29 +12,36 @@ Source0:        http://download.savannah.gnu.org/releases/freetype/freetype-%{ve
 Source1:        http://download.savannah.gnu.org/releases/freetype/freetype-doc-%{version}.tar.xz
 Source2:        http://download.savannah.gnu.org/releases/freetype/ft2demos-%{version}.tar.xz
 Source3:        ftconfig.h
+#from tests/scripts/download-test-fonts.py:https://github.com/python-pillow/Pillow/files/6622147/As.I.Lay.Dying.zip
+Source4:        As.I.Lay.Dying.ttf

-Patch1:         freetype-2.5.2-more-demos.patch
-Patch2:         CVE-2020-15999.patch
+Patch1:         backport-freetype-2.5.2-more-demos.patch
 Patch6000:      backport-freetype-2.3.0-enable-spr.patch
 Patch6001:      backport-freetype-2.2.1-enable-valid.patch
 Patch6002:      backport-freetype-2.6.5-libtool.patch
 Patch6003:      backport-freetype-2.8-multilib.patch
 Patch6004:      backport-freetype-2.10.0-internal-outline.patch
 Patch6005:      backport-freetype-2.10.1-debughook.patch
+Patch6006:      backport-CVE-2023-2004.patch

-BuildRequires:  gcc libX11-devel libpng-devel zlib-devel bzip2-devel
+BuildRequires:  gcc libX11-devel libpng-devel zlib-devel bzip2-devel meson

-Provides:       %{name}-bytecode %{name}-demos
+Provides:       %{name}-bytecode 
 %if %{?_with_subpixel_rendering:1}%{!?_with_subpixel_rendering:0}
 Provides:       %{name}-subpixel
 %endif

-Obsoletes:      %{name}-demos
-
 %description
 FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality
 output (glyph images) of most vector and bitmap font formats

+%package demos 
+Summary: A collection of freetype demos 
+Requires: %{name} = %{version}-%{release} 
+
+%description demos 
+The FreeType engine is a free and portable font rendering engine,developed to provide advanced font support for a variety of platforms and environments.The demos package includes a set of useful small utilities showing various capabilities of the FreeType library.
+
 %package        devel
 Summary:        FreeType development libraries and header files
 Requires:       %{name} = %{version}-%{release} pkgconf
@ -57,13 +64,13 @@ Man pages and other related for freetype documents.
 pushd ft2demos-%{version}
 %patch1  -p1 -b .more-demos
 popd
-%patch2 -p1
 %patch6000 -p1
 %patch6001 -p1
 %patch6002 -p1
 %patch6003 -p1
 %patch6004 -p1
 %patch6005 -p1
+%patch6006 -p1

 %build
 %configure --disable-static --with-zlib=yes --with-bzip2=yes --with-png=yes --enable-freetype-config --with-harfbuzz=no
@ -111,10 +118,19 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co

 %postun  -p /sbin/ldconfig

+%check
+mkdir -p tests/data/
+cp %{SOURCE4} tests/data/
+meson setup out -Dtests=enabled
+meson compile -C out
+meson test -C out
+
 %files
-%defattr(-,root,root)
-%license docs/LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
+%{!?_licensedir:%global license %%doc}
+%license LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
 %{_libdir}/libfreetype.so.*
+
+%files demos 
 %{_bindir}/ft*

 %files devel
@ -135,6 +151,21 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
 %{_mandir}/man1/*

 %changelog
+* Tue Nov 14 2023 zhangpan <zhangpan103@h-partners.com> - 2.12.1-3
+- enable make check
+
+* Mon Apr 17 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.1-2
+- fix CVE-2023-2004
+
+* Tue Nov 29 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.1-1
+- update to 2.12.1
+
+* Sat May 14 2022 wangkerong <wangkerong@h-paerners.com> - 2.11.0-2
+- fix CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
+
+* Fri Dec 10 2021 dongyuzhen <dongyuzhen@huawei.com> - 2.11.0-1
+- update to 2.11.0
+
 * Tue Apr 13 2021 hanhui<hanhui15@huawei.com> - 2.10.2-3
 - Type:bugfix
 - CVE:NA
--- a/ft2demos-2.10.2.tar.xz
+++ b/ft2demos-2.10.2.tar.xz
--- a/ft2demos-2.12.1.tar.xz
+++ b/ft2demos-2.12.1.tar.xz
Author	SHA1	Message	Date
openeuler-ci-bot	6c3cbd7a41	!46 [sync] PR-45: enable make check From: @openeuler-sync-bot Reviewed-by: @open123bot Signed-off-by: @open123bot	2023-11-15 02:30:21 +00:00
zppzhangpan	f19d7b5ba9	enable make check (cherry picked from commit ad8a31b1cddc4a7208bf3a1bfd1112eba7d71008)	2023-11-15 10:29:23 +08:00
openeuler-ci-bot	4f81e4053b	!38 [sync] PR-37: fix CVE-2023-2004 From: @openeuler-sync-bot Reviewed-by: @leeffo Signed-off-by: @leeffo	2023-04-18 01:14:18 +00:00
zhouwenpei	7381ce2575	fix CVE-2023-2004 (cherry picked from commit 71388138579df4d9cc28b1ce5b9b32f00daf2b0a)	2023-04-18 09:04:22 +08:00
openeuler-ci-bot	568e1d43e5	!31 update to 2.12.1 From: @zhouwenpei Reviewed-by: @t_feng Signed-off-by: @t_feng	2022-12-02 08:54:19 +00:00
zhouwenpei	95ad36b6a0	update to 2.12.1	2022-11-29 09:10:24 +00:00
openeuler-ci-bot	0ffd5c2f93	!29 [sync] PR-26: fix CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 From: @openeuler-sync-bot Reviewed-by: @t_feng Signed-off-by: @t_feng	2022-05-17 01:05:41 +00:00
wangkerong	9a2093f1f9	fix CVE-2022-27454,CVE-2022-27455,CVE-2022-27456 (cherry picked from commit 24a44d48cf871c3aabceb40fbd58ebcdd6841fa9)	2022-05-16 20:20:36 +08:00
openeuler-ci-bot	2cadd9981f	!23 update to 2.11.0 Merge pull request !23 from dongyuzhen/openEuler-22.03-LTS-Next	2021-12-14 08:20:45 +00:00
dongyuzhen	29746540d7	update to 2.11.0	2021-12-10 15:59:40 +08:00