!57 fix CVE-2025-27363

From: @zppzhangpan Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock
fix CVE-2025-27363
2025-03-18 06:42:04 +00:00 · 2025-03-17 07:39:01 +00:00 · 2024-12-17 02:21:08 +00:00 · 2024-09-23 16:10:25 +08:00 · 2023-12-29 07:14:24 +00:00 · 2023-12-28 17:49:15 +08:00
10 changed files with 96 additions and 64 deletions
--- a/As.I.Lay.Dying.ttf
+++ b/As.I.Lay.Dying.ttf
--- a/backport-CVE-2023-2004.patch
+++ b/backport-CVE-2023-2004.patch
@ -1,37 +0,0 @@
-From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Mon, 14 Nov 2022 19:18:19 +0100
-Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
- overflow.
-
-Reported as
-
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
---
- src/truetype/ttgxvar.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
-index aad3e29..a69a9b5 100644
--- a/src/truetype/ttgxvar.c
-+++ b/src/truetype/ttgxvar.c
-@@ -42,6 +42,7 @@
- #include <ft2build.h>
- #include <freetype/internal/ftdebug.h>
- #include FT_CONFIG_CONFIG_H
-+#include <freetype/internal/ftcalc.h>
- #include <freetype/internal/ftstream.h>
- #include <freetype/internal/sfnt.h>
- #include <freetype/tttags.h>
-@@ -1075,7 +1076,7 @@
-                 delta == 1 ? "" : "s",
-                 vertical ? "VVAR" : "HVAR" ));
- 
-    *avalue += delta;
-+    *avalue = ADD_INT(*avalue, delta );
- 
-   Exit:
-     return error;
-- 
-2.33.0
-
--- a/backport-CVE-2025-27363.patch
+++ b/backport-CVE-2025-27363.patch
@ -0,0 +1,36 @@
+From 73720c7c9958e87b3d134a7574d1720ad2d24442 Mon Sep 17 00:00:00 2001
+From: Alexei Podtelezhnikov <apodtele@gmail.com>
+Date: Sun, 23 Jun 2024 10:58:00 -0400
+Subject: [PATCH] * src/truetype/ttgload.c (load_truetype_glyph): Unsigned fix.
+
+Reference:https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442
+Conflict:NA
+
+---
+ src/truetype/ttgload.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
+index 8cddc394c..b656ccf04 100644
+--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
+@@ -1738,14 +1738,14 @@
+       if ( FT_IS_NAMED_INSTANCE( FT_FACE( face ) ) ||
+            FT_IS_VARIATION( FT_FACE( face ) )      )
+       {
+-        short        i, limit;
+        FT_UShort    i, limit;
+         FT_SubGlyph  subglyph;
+ 
+         FT_Outline  outline = { 0, 0, NULL, NULL, NULL, 0 };
+         FT_Vector*  unrounded = NULL;
+ 
+ 
+-        limit = (short)gloader->current.num_subglyphs;
+        limit = (FT_UShort)gloader->current.num_subglyphs;
+ 
+         /* construct an outline structure for              */
+         /* communication with `TT_Vary_Apply_Glyph_Deltas' */
+-- 
+GitLab
+
--- a/freetype-2.12.1.tar.xz
+++ b/freetype-2.12.1.tar.xz
--- a/freetype-2.13.2.tar.xz
+++ b/freetype-2.13.2.tar.xz
--- a/freetype-doc-2.12.1.tar.xz
+++ b/freetype-doc-2.12.1.tar.xz
--- a/freetype-doc-2.13.2.tar.xz
+++ b/freetype-doc-2.13.2.tar.xz
--- a/freetype.spec
+++ b/freetype.spec
@ -2,16 +2,20 @@

 %{!?with_xfree86:%define with_xfree86 1}

+%bcond_without harfbuzz
+
 Name:           freetype
-Version:        2.12.1
-Release:        2
+Version:        2.13.2
+Release:        3
 Summary:        FreeType is a freely available software library to render fonts
-License:        (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
-URL:            http://www.freetype.org
-Source0:        http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.xz
-Source1:        http://download.savannah.gnu.org/releases/freetype/freetype-doc-%{version}.tar.xz
-Source2:        http://download.savannah.gnu.org/releases/freetype/ft2demos-%{version}.tar.xz
+License:        (FTL OR GPL-2.0-or-later) AND BSD-3-Clause AND MIT AND MIT-Modern-Variant AND Zlib
+URL:            https://www.freetype.org
+Source0:        https://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.xz
+Source1:        https://download.savannah.gnu.org/releases/freetype/freetype-doc-%{version}.tar.xz
+Source2:        https://download.savannah.gnu.org/releases/freetype/ft2demos-%{version}.tar.xz
 Source3:        ftconfig.h
+#from tests/scripts/download-test-fonts.py:https://github.com/python-pillow/Pillow/files/6622147/As.I.Lay.Dying.zip
+Source4:        As.I.Lay.Dying.ttf

 Patch1:         backport-freetype-2.5.2-more-demos.patch
 Patch6000:      backport-freetype-2.3.0-enable-spr.patch
@ -20,13 +24,20 @@ Patch6002:      backport-freetype-2.6.5-libtool.patch
 Patch6003:      backport-freetype-2.8-multilib.patch
 Patch6004:      backport-freetype-2.10.0-internal-outline.patch
 Patch6005:      backport-freetype-2.10.1-debughook.patch
-Patch6006:      backport-CVE-2023-2004.patch
+Patch6006:      backport-CVE-2025-27363.patch

-BuildRequires:  gcc libX11-devel libpng-devel zlib-devel bzip2-devel
+BuildRequires: gcc meson
+BuildRequires: pkgconfig(bzip2)
+BuildRequires: pkgconfig(libbrotlidec)
+BuildRequires: pkgconfig(libpng)
+BuildRequires: pkgconfig(zlib)
+%if %{with harfbuzz}
+BuildRequires: pkgconfig(harfbuzz) >= 2.0.0
+%endif

-Provides:       %{name}-bytecode 
+Provides:       %{name}-bytecode = %{version}-%{release}
 %if %{?_with_subpixel_rendering:1}%{!?_with_subpixel_rendering:0}
-Provides:       %{name}-subpixel
+Provides:       %{name}-subpixel = %{version}-%{release}
 %endif

 %description
@ -42,25 +53,20 @@ The FreeType engine is a free and portable font rendering engine,developed to pr

 %package        devel
 Summary:        FreeType development libraries and header files
-Requires:       %{name} = %{version}-%{release} pkgconf
+Requires:       %{name} = %{version}-%{release}

 %description    devel
 The freetype-devel package includes the static libraries and header files
 for the FreeType font rendering engine.Install freetype-devel if you want to develop programs which will use
 FreeType.

-%package        help
-Summary:        Documents for freetype
-Buildarch:      noarch
-
-%description    help
-Man pages and other related for freetype documents.
+%package_help

 %prep
-%setup   -q  -b 1 -a 2
+%setup -q -b 1 -a 2

 pushd ft2demos-%{version}
-%patch1  -p1 -b .more-demos
+%patch1 -p1 -b .more-demos
 popd
 %patch6000 -p1
 %patch6001 -p1
@ -71,7 +77,16 @@ popd
 %patch6006 -p1

 %build
-%configure --disable-static --with-zlib=yes --with-bzip2=yes --with-png=yes --enable-freetype-config --with-harfbuzz=no
+%configure --disable-static \
+	--with-zlib=yes \
+	--with-bzip2=yes \
+	--with-png=yes \
+%if %{with harfbuzz}
+	--with-harfbuzz=yes \
+%else
+	--with-harfbuzz=no \
+%endif
+	--enable-freetype-config
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' builds/unix/libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' builds/unix/libtool
 %make_build
@ -82,7 +97,8 @@ make TOP_DIR=".."
 %endif

 %install
-%make_install gnulocaledir=$RPM_BUILD_ROOT%{_datadir}/locale
+%make_install
+%delete_la
 {
  for ftdemo in ftbench ftchkwd ftmemchk ftpatchk fttimer ftdump ftlint ftmemchk ftvalid ; do
      builds/unix/libtool --mode=install install -m 755 ft2demos-%{version}/bin/$ftdemo $RPM_BUILD_ROOT/%{_bindir}
@ -112,12 +128,14 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
  exit 0
 }

-%post -p /sbin/ldconfig
-
-%postun  -p /sbin/ldconfig
+%check
+mkdir -p tests/data/
+cp %{SOURCE4} tests/data/
+meson setup out -Dtests=enabled
+meson compile -C out
+meson test -C out

 %files
-%{!?_licensedir:%global license %%doc}
 %license LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
 %{_libdir}/libfreetype.so.*

@ -130,7 +148,6 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
 %{_libdir}/libfreetype.so
 %{_libdir}/pkgconfig/freetype2.pc
 %{_bindir}/freetype-config
-%exclude %{_libdir}/*.{a,la}

 %files help
 %doc docs/design
@ -142,6 +159,22 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
 %{_mandir}/man1/*

 %changelog
+* Mon Mar 17 2025 zhangpan <zhangpan103@h-partners.com> - 2.13.2-3
+- fix CVE-2025-27363
+
+* Sun Aug 11 2024 Funda Wang <fundawang@yeah.net> - 2.13.2-2
+- Cleanup spec
+- Conditioned build harfbuzz support
+
+* Thu Dec 28 2023 Paul Thomas <paulthomas100199@gmail.com> - 2.13.2-1
+- update to version 2.13.2
+
+* Wed Sep 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.13.1-2
+- enable check
+
+* Fri Jul 14 2023 zhangpan <zhangpan103@h-partners.com> - 2.13.1-1
+- update to 2.13.1
+
 * Mon Apr 17 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.1-2
 - fix CVE-2023-2004

--- a/ft2demos-2.12.1.tar.xz
+++ b/ft2demos-2.12.1.tar.xz
--- a/ft2demos-2.13.2.tar.xz
+++ b/ft2demos-2.13.2.tar.xz
Author	SHA1	Message	Date
openeuler-ci-bot	fee3da6f93	!57 fix CVE-2025-27363 From: @zppzhangpan Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock	2025-03-18 06:42:04 +00:00
zhangpan	ef058e8f2d	fix CVE-2025-27363	2025-03-17 07:39:01 +00:00
openeuler-ci-bot	5a913d2016	!54 [sync] PR-50: Cleanup spec From: @openeuler-sync-bot Reviewed-by: @weidongkl Signed-off-by: @weidongkl	2024-12-17 02:21:08 +00:00
Funda Wang	e1b419913f	Cleanup spec (cherry picked from commit ba6a15a9a2ba4b6ceee8cbbda046f8e3383804a1)	2024-09-23 16:10:25 +08:00
openeuler-ci-bot	edc0b40349	!49 update to version 2.13.2 From: @paulthomas100199 Reviewed-by: @open-bot Signed-off-by: @open-bot	2023-12-29 07:14:24 +00:00
lwg	b8aa4cbfb7	update to version 2.13.2	2023-12-28 17:49:15 +08:00
openeuler-ci-bot	daf2f94186	!42 enable check From: @zhouwenpei Reviewed-by: @open-bot Signed-off-by: @open-bot	2023-10-18 02:02:44 +00:00
zhouwenpei	d47f500e34	enable check	2023-09-28 02:05:57 +00:00
openeuler-ci-bot	ad6465a624	!41 update to 2.13.1 From: @zppzhangpan Reviewed-by: @t_feng Signed-off-by: @t_feng	2023-07-26 09:31:03 +00:00
zhangpan	78799d21c1	update to 2.13.1	2023-07-14 07:31:22 +00:00