Broken dependencies: fontforge
by Fedora Koji Build System
fontforge has broken dependencies in the epel-5 tree:
On x86_64:
fontforge-20080828-1.1.el5.i386 requires libpython2.4.so.1.0
Please resolve this as soon as possible.
10 years, 1 month
Broken dependencies: fontforge
by Fedora Koji Build System
fontforge has broken dependencies in the epel-5 tree:
On x86_64:
fontforge-20080828-1.1.el5.i386 requires libpython2.4.so.1.0
Please resolve this as soon as possible.
10 years, 1 month
[Bug 1050805] Review Request: glyphicons-halflings-fonts - Precisely prepared monochromatic icons and symbols
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1050805
Eric Christensen <sparks(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|fedora-review? |fedora-review+
--- Comment #4 from Eric Christensen <sparks(a)redhat.com> ---
Package Review
==============
Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
===== MUST items =====
Generic:
[x]: Package is licensed with an open-source compatible license and meets
other legal requirements as defined in the legal section of Packaging
Guidelines.
[x]: License field in the package spec file matches the actual license.
Note: There is no build directory. Running licensecheck on vanilla
upstream sources. No licenses found. Please check the source files for
licenses manually.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
(~1MB) or number of files.
Note: Documentation size is 10240 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least one
supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
Note: No rpmlint messages.
[x]: If (and only if) the source package includes the text of the license(s)
in its own file, then that file, containing the text of the license(s)
for the package is included in %doc.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not own files or directories owned by other packages.
[x]: All build dependencies are listed in BuildRequires, except for any that
are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install' ' DESTDIR=... doesn't
work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package do not use a name that already exist
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as provided
in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
%{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local
===== SHOULD items =====
Generic:
[!]: Dist tag is present (not strictly required in GL).
[x]: If the source package does not include license text(s) as a separate file
from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and requires are sane (see attachments).
[x]: Package functions as described.
[x]: Latest version is packaged.
[x]: Package does not include license text files separate from upstream.
[!]: Description and summary sections in the package spec file contains
translations for supported Non-English languages, if available.
[?]: Package should compile and build into binary rpms on all supported
architectures.
[!]: %check is present and all tests pass.
[x]: Packages should try to preserve timestamps of original installed files.
[x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file
[x]: Sources can be downloaded from URI in Source: tag
[x]: Reviewer should test that the package builds in mock.
[x]: Buildroot is not present
[x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin.
[x]: SourceX is a working URL.
[x]: Spec use %global instead of %define unless justified.
===== EXTRA items =====
Generic:
[x]: Rpmlint is run on all installed packages.
Note: No rpmlint messages.
[x]: Spec file according to URL is the same as in SRPM.
fonts:
[!]: Run repo-font-audit on all fonts in package.
Note: Cannot find repo-font-audit, install fontpackages-tools package to
make a comprehensive font review.
See: url: undefined
[!]: Run ttname on all fonts in package.
Note: Cannot find ttname command, install ttname package to make a
comprehensive font review.
See: url: undefined
Rpmlint
-------
Checking: glyphicons-halflings-fonts-3.1.0-20140211git728067b.1.noarch.rpm
glyphicons-halflings-fonts-3.1.0-20140211git728067b.1.src.rpm
2 packages and 0 specfiles checked; 0 errors, 0 warnings.
Rpmlint (installed packages)
----------------------------
# rpmlint glyphicons-halflings-fonts
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
# echo 'rpmlint-done:'
Requires
--------
glyphicons-halflings-fonts (rpmlib, GLIBC filtered):
fontpackages-filesystem
Provides
--------
glyphicons-halflings-fonts:
font(glyphiconshalflings)
glyphicons-halflings-fonts
Source checksums
----------------
https://github.com/twbs/bootstrap/raw/728067b586d2d989c07e8a6265f06fa8631...
:
CHECKSUM(SHA256) this package :
bd18efd3efd70fec8ad09611a20cdbf99440b2c1d40085c29be036f891d65358
CHECKSUM(SHA256) upstream package :
bd18efd3efd70fec8ad09611a20cdbf99440b2c1d40085c29be036f891d65358
https://github.com/twbs/bootstrap/raw/728067b586d2d989c07e8a6265f06fa8631...
:
CHECKSUM(SHA256) this package :
13964e59d8e91ad8b02719bc498917a5ca09673ce24106267cf458c5972bb0fe
CHECKSUM(SHA256) upstream package :
13964e59d8e91ad8b02719bc498917a5ca09673ce24106267cf458c5972bb0fe
Generated by fedora-review 0.5.1 (bb9bf27) last change: 2013-12-13
Command line :/usr/bin/fedora-review -b 1050805
Buildroot used: fedora-20-x86_64
Active plugins: Generic, fonts, Shell-api
Disabled plugins: Java, C/C++, Python, SugarActivity, Ocaml, Perl, Haskell, R,
PHP, Ruby
Disabled flags: EXARCH, EPEL5, BATCH, DISTTAG
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lw52VNBmW7&a=cc_unsubscribe
10 years, 1 month
[freetype/f20] Fix various CVEs
by mkasik
commit 026a552e731c47525ca9e64bdb8242b18bf733c5
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Tue Mar 11 14:12:40 2014 +0100
Fix various CVEs
Add freetype-2.5.0-CVE-2014-2240.patch
(Return when `hintMask' is invalid.)
Add freetype-2.5.0-CVE-2014-2241.patch
(Don't call non-existing subroutines.)
Resolves: #1074647
freetype-2.5.0-CVE-2014-2240.patch | 25 +++++++++++++++++
freetype-2.5.0-CVE-2014-2241.patch | 52 ++++++++++++++++++++++++++++++++++++
freetype.spec | 16 ++++++++++-
3 files changed, 92 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.5.0-CVE-2014-2240.patch b/freetype-2.5.0-CVE-2014-2240.patch
new file mode 100644
index 0000000..d838de3
--- /dev/null
+++ b/freetype-2.5.0-CVE-2014-2240.patch
@@ -0,0 +1,25 @@
+From 0eae6eb0645264c98812f0095e0f5df4541830e6 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold(a)adobe.com>
+Date: Fri, 28 Feb 2014 06:40:01 +0000
+Subject: Fix Savannah bug #41697, part 1.
+
+* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
+invalid. In this case, it is not safe to use the length of
+`hStemHintArray'; the exception has already been recorded in
+`hintMask'.
+---
+diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c
+index 5f44161..79f84fc 100644
+--- a/src/cff/cf2hints.c
++++ b/src/cff/cf2hints.c
+@@ -781,6 +781,8 @@
+ cf2_hintmask_setAll( hintMask,
+ cf2_arrstack_size( hStemHintArray ) +
+ cf2_arrstack_size( vStemHintArray ) );
++ if ( !cf2_hintmask_isValid( hintMask ) )
++ return; /* too many stem hints */
+ }
+
+ /* begin by clearing the map */
+--
+cgit v0.9.0.2
diff --git a/freetype-2.5.0-CVE-2014-2241.patch b/freetype-2.5.0-CVE-2014-2241.patch
new file mode 100644
index 0000000..3e6cd60
--- /dev/null
+++ b/freetype-2.5.0-CVE-2014-2241.patch
@@ -0,0 +1,52 @@
+From 135c3faebb96f8f550bd4f318716f2e1e095a969 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold(a)adobe.com>
+Date: Fri, 28 Feb 2014 06:42:42 +0000
+Subject: Fix Savannah bug #41697, part 2.
+
+* src/cff/cf2ft.c (cf2_initLocalRegionBuffer,
+cf2_initGlobalRegionBuffer): It is possible for a charstring to call
+a subroutine if no subroutines exist. This is an error but should
+not trigger an assert. Split the assert to account for this.
+---
+diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c
+index df5f8fb..82bac75 100644
+--- a/src/cff/cf2ft.c
++++ b/src/cff/cf2ft.c
+@@ -521,7 +521,7 @@
+ CF2_UInt idx,
+ CF2_Buffer buf )
+ {
+- FT_ASSERT( decoder && decoder->globals );
++ FT_ASSERT( decoder );
+
+ FT_ZERO( buf );
+
+@@ -529,6 +529,8 @@
+ if ( idx >= decoder->num_globals )
+ return TRUE; /* error */
+
++ FT_ASSERT( decoder->globals );
++
+ buf->start =
+ buf->ptr = decoder->globals[idx];
+ buf->end = decoder->globals[idx + 1];
+@@ -594,7 +596,7 @@
+ CF2_UInt idx,
+ CF2_Buffer buf )
+ {
+- FT_ASSERT( decoder && decoder->locals );
++ FT_ASSERT( decoder );
+
+ FT_ZERO( buf );
+
+@@ -602,6 +604,8 @@
+ if ( idx >= decoder->num_locals )
+ return TRUE; /* error */
+
++ FT_ASSERT( decoder->locals );
++
+ buf->start =
+ buf->ptr = decoder->locals[idx];
+ buf->end = decoder->locals[idx + 1];
+--
+cgit v0.9.0.2
diff --git a/freetype.spec b/freetype.spec
index 74cee3c..93a8113 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.5.0
-Release: 4%{?dist}
+Release: 5%{?dist}
License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -35,6 +35,10 @@ Patch91: freetype-2.5.0.1.patch
# https://bugzilla.gnome.org/show_bug.cgi?id=686709
Patch92: 0001-Fix-vertical-size-of-emboldened-glyphs.patch
+# https://bugzilla.gnome.org/show_bug.cgi?id=1074647
+Patch93: freetype-2.5.0-CVE-2014-2240.patch
+Patch94: freetype-2.5.0-CVE-2014-2241.patch
+
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
BuildRequires: libX11-devel
@@ -102,6 +106,9 @@ popd
%patch92 -p1 -b .emboldened-glyphs
+%patch93 -p1 -b .CVE-2014-2240
+%patch94 -p1 -b .CVE-2014-2241
+
%build
%configure --disable-static
@@ -222,6 +229,13 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Tue Mar 11 2014 Marek Kasik <mkasik(a)redhat.com> - 2.5.0-5
+- Add freetype-2.5.0-CVE-2014-2240.patch
+ (Return when `hintMask' is invalid.)
+- Add freetype-2.5.0-CVE-2014-2241.patch
+ (Don't call non-existing subroutines.)
+- Resolves: #1074647
+
* Fri Sep 20 2013 Marek Kasik <mkasik(a)redhat.com> - 2.5.0-4
- Fix vertical size of emboldened glyphs
10 years, 1 month
[freetype] Enable support for bzip2 compressed fonts
by mkasik
commit 9dac2f4ec26a8b798b9cb6859b64b4ce37570973
Author: Marek Kasik <mkasik(a)redhat.com>
Date: Tue Mar 11 13:17:52 2014 +0100
Enable support for bzip2 compressed fonts
freetype.spec | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
---
diff --git a/freetype.spec b/freetype.spec
index 86c00e8..8bcc7f8 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.5.3
-Release: 1%{?dist}
+Release: 2%{?dist}
License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -33,6 +33,8 @@ Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
BuildRequires: libX11-devel
BuildRequires: libpng-devel
+BuildRequires: zlib-devel
+BuildRequires: bzip2-devel
Provides: %{name}-bytecode
%if %{?_with_subpixel_rendering:1}%{!?_with_subpixel_rendering:0}
@@ -212,6 +214,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/*
%changelog
+* Tue Mar 11 2014 Marek Kasik <mkasik(a)redhat.com> - 2.5.3-2
+- Enable support for bzip2 compressed fonts
+
* Tue Mar 11 2014 Marek Kasik <mkasik(a)redhat.com> - 2.5.3-1
- Update to 2.5.3
- Resolves: #1073923
10 years, 1 month