rpms/fontforge
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import OL fontforge-20230101-14.el10_1

Browse Source
This commit is contained in:
eabdullin 2026-02-10 06:42:45 +00:00
parent 827620ec7c
commit fc735fd70e
12 changed files with 504 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.fontforge.metadata
View File

@ -1 +0,0 @@
cca54440dd47414055507a5007cd9b663699f3e2 SOURCES/fontforge-20200314.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/fontforge-20200314.tar.gz
fontforge-20230101.tar.gz

181
0001-Fix-errors-in-French-and-Italian-translations.patch Normal file
View File

@ -0,0 +1,181 @@
From 472e238cafcff113c7be9815a13ff864540d5ef9 Mon Sep 17 00:00:00 2001
From: Yaakov Selkowitz <yselkowi@redhat.com>
Date: Thu, 6 Jul 2023 19:15:53 -0400
Subject: [PATCH] Fix errors in French and Italian translations
With gettext-0.22, these mismatches trigger errors:
'msgstr' is not a valid C format string, unlike 'msgid'. Reason: In the
directive number 2, the argument size specifier is invalid.
---
po/fr.po | 36 ++++++++++++++++++------------------
po/it.po | 8 ++++----
2 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/po/fr.po b/po/fr.po
index 26e446b38..cb492d7a0 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -291,7 +291,7 @@ msgstr "chaîne %1$.30s pour %2$.30s"
#. GT: $4 is the changed flag ('*' for the changed items)
#, c-format
msgid "%1$.80s at %2$d from %3$.90s%4$s"
-msgstr "%1$.80s à %2$d de %3$.90hs%4$s"
+msgstr "%1$.80s à %2$d de %3$.90s%4$s"
#. GT: This is the title for a window showing a bitmap character
#. GT: It will look something like:
@@ -302,7 +302,7 @@ msgstr "%1$.80s à %2$d de %3$.90hs%4$s"
#. GT: $4 is the font name
#, c-format
msgid "%1$.80s at %2$d size %3$d from %4$.80s"
-msgstr "%1$.80s (%2$d) taille %3$d de %4$.80hs"
+msgstr "%1$.80s (%2$d) taille %3$d de %4$.80s"
#, c-format
msgid "%1$s from lookup subtable %2$.50s"
@@ -7433,7 +7433,7 @@ msgid ""
"Reverting the file will lose those changes.\n"
"Is that what you want?"
msgstr ""
-"La fonte %1$.40s dans le fichier %2$.40hs a été modifiée.\n"
+"La fonte %1$.40s dans le fichier %2$.40s a été modifiée.\n"
"Revenir vous fera perdre toutes les modifications.\n"
"Voulez vous vraiment revenir ?"
@@ -19925,7 +19925,7 @@ msgid ""
"The fonts %1$.30s and %2$.30s have a different number of glyphs or different "
"encodings"
msgstr ""
-"Les fontes %1$.30s et %2$.30hs n'ont pas le même nombre de glyphes ou des "
+"Les fontes %1$.30s et %2$.30s n'ont pas le même nombre de glyphes ou des "
"codages différents"
#, c-format
@@ -19933,7 +19933,7 @@ msgid ""
"The fonts %1$.30s and %2$.30s use different types of splines (one quadratic, "
"one cubic)"
msgstr ""
-"Les fontes %1$.30s et %2$.30hs utilisent des courbes de Bézier d'ordres "
+"Les fontes %1$.30s et %2$.30s utilisent des courbes de Bézier d'ordres "
"différents (quadratique et cubique)"
msgid "The generated font won't work with ATM"
@@ -19968,8 +19968,8 @@ msgid ""
"The glyph %1$.30s in font %2$.30s has a different hint mask on its contours "
"than in %3$.30s"
msgstr ""
-"Le glyphe %1$.30s dans la police %2$.30hs a un masque de hints différent que "
-"dans %3$.30hs"
+"Le glyphe %1$.30s dans la police %2$.30s a un masque de hints différent que "
+"dans %3$.30s"
#, c-format
msgid ""
@@ -19984,8 +19984,8 @@ msgid ""
"The glyph %1$.30s in font %2$.30s has a different number of references than "
"in %3$.30s"
msgstr ""
-"Le glyphe %1$.30s de la fonte %2$.30hs a un nombre de références différent "
-"dans %3$.30hs"
+"Le glyphe %1$.30s de la fonte %2$.30s a un nombre de références différent "
+"dans %3$.30s"
#, c-format
msgid ""
@@ -20457,7 +20457,7 @@ msgstr ""
#, c-format
msgid "The outlines of glyph %2$.30s were not found in the font %1$.60s"
msgstr ""
-"Le contours du glyphe %2$.30s n'ont pas été trouvés dans la police %1$.60hs"
+"Le contours du glyphe %2$.30s n'ont pas été trouvés dans la police %1$.60s"
msgid "The paths that make up this glyph intersect one another"
msgstr "Les chemins qui composent ce glyphe se coupent les uns les autres"
@@ -21042,7 +21042,7 @@ msgstr "Il y a déjà une sous-table avec ce nom, changez de nom SVP"
#, c-format
msgid "There is already an anchor point named %1$.40s in %2$.40s."
-msgstr "Il y a déjà une ancre appelée %1$.40s dans %2$.40hs."
+msgstr "Il y a déjà une ancre appelée %1$.40s dans %2$.40s."
msgid "There is another glyph in the font with this name"
msgstr "Il y a un autre glyphe dans la fonte avec ce nom"
@@ -21441,8 +21441,8 @@ msgid ""
"been able to find is %1$.20s-%2$.20s-%4$d.\n"
"Shall I use that or let you search?"
msgstr ""
-"Cette fonte est basée sur le jeu de caractères %1$.20s-%2$.20hs-%3$d, mais "
-"ce que j'ai trouvé de mieux c'est %1$.20hs-%2$.20hs-%4$d.\n"
+"Cette fonte est basée sur le jeu de caractères %1$.20s-%2$.20s-%3$d, mais "
+"ce que j'ai trouvé de mieux c'est %1$.20s-%2$.20s-%4$d.\n"
"Devrais-je utiliser cette valeur ou préférez vous chercher ?"
msgid ""
@@ -21770,7 +21770,7 @@ msgid ""
"with a 0 offset for this combination. Would you like to alter this kerning "
"class entry (or create a kerning pair for just these two glyphs)?"
msgstr ""
-"Cette paire de crénage (%.20s et %.20hs) est dans une classe de crénage\n"
+"Cette paire de crénage (%.20s et %.20s) est dans une classe de crénage\n"
"avec un déplacement de 0 pour cette combinaison. Voulez-vous modifier cette "
"partie\n"
"de la classe de crénage (ou créer une nouvelle paire rien que pour ces 2 "
@@ -24551,8 +24551,8 @@ msgid ""
"referred to.\n"
"It will not be copied."
msgstr ""
-"Vous essayer de coller une référence vers %1$s dans %2$hs.\n"
-"Mais %1$hs n'existe pas dans cette fonte, et FontForge ne trouve pas le "
+"Vous essayer de coller une référence vers %1$s dans %2$s.\n"
+"Mais %1$s n'existe pas dans cette fonte, et FontForge ne trouve pas le "
"glyphe auquel il se référait.\n"
"Le glyphe ne sera pas copié."
@@ -24562,8 +24562,8 @@ msgid ""
"But %1$s does not exist in this font.\n"
"Would you like to copy the original splines (or delete the reference)?"
msgstr ""
-"Vous essayer de coller une référence vers %1$s dans %2$hs.\n"
-"Mais %1$hs n'existe pas dans cette fonte.\n"
+"Vous essayer de coller une référence vers %1$s dans %2$s.\n"
+"Mais %1$s n'existe pas dans cette fonte.\n"
"Voulez vous copier le contour d'origine (ou supprimer la référence)?"
msgid ""
diff --git a/po/it.po b/po/it.po
index e13711485..d0c3ea987 100644
--- a/po/it.po
+++ b/po/it.po
@@ -2303,7 +2303,7 @@ msgid ""
"Reverting the file will lose those changes.\n"
"Is that what you want?"
msgstr ""
-"Il font %1$.40s nel file %2$.40hs è stato modificato.\n"
+"Il font %1$.40s nel file %2$.40s è stato modificato.\n"
"Ripristinando il file perderai tutte le modifiche.\n"
"È quello che vuoi fare?"
@@ -5835,7 +5835,7 @@ msgid ""
"The glyph %1$.30s has a different number of contours in font %2$.30s than in "
"%3$.30s"
msgstr ""
-"Il glifo %1$.30s ha un diverso numero di contorni nel font %2$.30hs rispetto "
+"Il glifo %1$.30s ha un diverso numero di contorni nel font %2$.30s rispetto "
"a %3$.30s"
#, c-format
@@ -6235,8 +6235,8 @@ msgid ""
"been able to find is %1$.20s-%2$.20s-%4$d.\n"
"Shall I use that or let you search?"
msgstr ""
-"Questo font è basato sulla codifica di caratteri %1$.20s-%2$.20hs-%3$d, ma "
-"il migliore che io abbia trovato è %1$.20hs-%2$.20hs-%4$d.\n"
+"Questo font è basato sulla codifica di caratteri %1$.20s-%2$.20s-%3$d, ma "
+"il migliore che io abbia trovato è %1$.20s-%2$.20s-%4$d.\n"
"Devo usare questo valore o preferisci cercare tu stesso?"
msgid ""
--
2.41.0

45
5720.patch Normal file
View File

@ -0,0 +1,45 @@
From c8c96212cf28d011f8294c66dc4bda70e9c09256 Mon Sep 17 00:00:00 2001
From: Ahmet Furkan Kavraz <kavraz@amazon.com>
Date: Wed, 7 Jan 2026 14:46:09 +0000
Subject: [PATCH] Fix CVE-2025-15279: Heap buffer overflow in BMP RLE
decompression
The readpixels() function reads RLE count values from BMP files without
validating buffer bounds. A malicious BMP can specify excessive counts
causing heap buffer overflow during pixel decompression, potentially
leading to remote code execution.
Add bounds checking after each count read to ensure ii + cnt does not
exceed the allocated buffer size (head->height * head->width). Return 0
on validation failure to trigger error handling.
CVE-2025-15279
CVSS: 7.8 (High)
ZDI-CAN-27517
---
gutils/gimagereadbmp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c
index 5a137e28af..133336787c 100644
--- a/gutils/gimagereadbmp.c
+++ b/gutils/gimagereadbmp.c
@@ -181,12 +181,18 @@ static int readpixels(FILE *file,struct bmpheader *head) {
int ii = 0;
while ( ii<head->height*head->width ) {
int cnt = getc(file);
+ if (cnt < 0 || ii + cnt > head->height * head->width) {
+ return 0;
+ }
if ( cnt!=0 ) {
int ch = getc(file);
while ( --cnt>=0 )
head->byte_pixels[ii++] = ch;
} else {
cnt = getc(file);
+ if (cnt < 0 || ii + cnt > head->height * head->width) {
+ return 0;
+ }
if ( cnt>= 3 ) {
int odd = cnt&1;
while ( --cnt>=0 )

28
5721.patch Normal file
View File

@ -0,0 +1,28 @@
From 9edd1cc5223d959687ccfd834433af5e830c56c2 Mon Sep 17 00:00:00 2001
From: Ahmet Furkan Kavraz <kavraz@amazon.com>
Date: Thu, 8 Jan 2026 08:42:53 +0000
Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing
Validate clutlen parameter (0-256) before use to prevent heap buffer
overflow when writing to fixed-size clut array.
Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543
---
fontforge/sfd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fontforge/sfd.c b/fontforge/sfd.c
index 6b980a4785..0590c119f3 100644
--- a/fontforge/sfd.c
+++ b/fontforge/sfd.c
@@ -3653,6 +3653,10 @@ static ImageList *SFDGetImage(FILE *sfd) {
getint(sfd,&image_type);
getint(sfd,&bpl);
getint(sfd,&clutlen);
+ if ( clutlen < 0 || clutlen > 256 ) {
+ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen);
+ return NULL;
+ }
gethex(sfd,&trans);
image = GImageCreate(image_type,width,height);
base = image->list_len==0?image->u.image:image->u.images[0];

27
5722.patch Normal file
View File

@ -0,0 +1,27 @@
From f99b1c886c0d9324440517a7a4253c5432e284ad Mon Sep 17 00:00:00 2001
From: Ahmet Furkan Kavraz <kavraz@amazon.com>
Date: Thu, 8 Jan 2026 15:38:57 +0000
Subject: [PATCH] Fix CVE-2025-15269: Use-after-free in SFD ligature parsing
Prevent circular linked list in LigaCreateFromOldStyleMultiple by clearing
the next pointer after shallow copy. The shallow copy propagates liga's
modified next pointer from previous iterations, creating a cycle that
causes double-free when the list is traversed and freed.
Fixes: CVE-2025-15269 | ZDI-25-1195 | ZDI-CAN-28564
---
fontforge/sfd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fontforge/sfd.c b/fontforge/sfd.c
index 6b980a4785..48b2b5f651 100644
--- a/fontforge/sfd.c
+++ b/fontforge/sfd.c
@@ -4711,6 +4711,7 @@ static PST1 *LigaCreateFromOldStyleMultiple(PST1 *liga) {
while ( (pt = strrchr(liga->pst.u.lig.components,';'))!=NULL ) {
new = chunkalloc(sizeof( PST1 ));
*new = *liga;
+ new->pst.next = NULL;
new->pst.u.lig.components = copy(pt+1);
last->pst.next = (PST *) new;
last = new;

35
5723.patch Normal file
View File

@ -0,0 +1,35 @@
From a0eedb850e1216cece0f9be61bfd45ddfc4a719d Mon Sep 17 00:00:00 2001
From: Ahmet Furkan Kavraz <kavraz@amazon.com>
Date: Fri, 9 Jan 2026 13:39:17 +0000
Subject: [PATCH] Fix CVE-2025-15279: Move bounds check inside cnt >= 3 block
Move the bounds check to inside the 'if (cnt >= 3)' block. This fixes
the issue where cnt == 0, cnt == 1, and cnt == 2 require different ii
calculations (end-of-line, end-of-bitmap, delta) and the bounds check
before the conditional would incorrectly reject valid operations.
CVE-2025-15279
CVSS: 7.8 (High)
ZDI-CAN-27517
---
gutils/gimagereadbmp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c
index 133336787c..ad365158cc 100644
--- a/gutils/gimagereadbmp.c
+++ b/gutils/gimagereadbmp.c
@@ -190,10 +190,10 @@ static int readpixels(FILE *file,struct bmpheader *head) {
head->byte_pixels[ii++] = ch;
} else {
cnt = getc(file);
- if (cnt < 0 || ii + cnt > head->height * head->width) {
- return 0;
- }
if ( cnt>= 3 ) {
+ if (ii + cnt > head->height * head->width) {
+ return 0;
+ }
int odd = cnt&1;
while ( --cnt>=0 )
head->byte_pixels[ii++] = getc(file);

0
SOURCES/Fix_Splinefont_shell_invocation.patch → Fix_Splinefont_shell_invocation.patch
View File

27
SOURCES/fontforge-20200314-Call-gdk_set_allowed_backends-before-gdk_init.patch
View File

@ -1,27 +0,0 @@
From ee14a6389d19e2f45219134058e07f10585fa6d3 Mon Sep 17 00:00:00 2001
From: Jeremy Tan <jtanx@outlook.com>
Date: Thu, 2 Apr 2020 18:03:47 +0800
Subject: [PATCH] Call gdk_set_allowed_backends before gdk_init
Fixes #4247
---
fontforgeexe/startui.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fontforgeexe/startui.c b/fontforgeexe/startui.c
index 06f5200a4..114bb7fb6 100644
--- a/fontforgeexe/startui.c
+++ b/fontforgeexe/startui.c
@@ -1182,8 +1182,8 @@ int fontforge_main( int argc, char **argv ) {
#endif
}
#ifdef FONTFORGE_CAN_USE_GDK
- gdk_init(&argc, &argv);
gdk_set_allowed_backends("win32,quartz,x11");
+ gdk_init(&argc, &argv);
#endif
ensureDotFontForgeIsSetup();
#if defined(__MINGW32__) && !defined(_NO_LIBCAIRO)
--
2.26.0

161
SOURCES/fontforge-20200314-minor-backward-compatible-sphinx-changes.patch
View File

@ -1,161 +0,0 @@
From 1a03ca2de0b4c99ee72b330b56e89cc90fe773ae Mon Sep 17 00:00:00 2001
From: Jeremy Tan <jtanx@outlook.com>
Date: Sat, 4 Apr 2020 11:43:34 +1100
Subject: [PATCH] Minor changes for backwards compatibility with older versions
of Sphinx
Closes #4256
---
doc/sphinx/conf.py | 3 +++
doc/sphinx/techref/splinefont.rst | 26 ++++++++++++-------------
doc/sphinx/ui/misc/fontforge-themes.rst | 2 +-
3 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/doc/sphinx/conf.py b/doc/sphinx/conf.py
index 4b22e2eaf6..f2df68676e 100644
--- a/doc/sphinx/conf.py
+++ b/doc/sphinx/conf.py
@@ -68,6 +68,9 @@
# Don't copy source rst files into the output
html_copy_source = False
+# Set the main page
+master_doc = 'index'
+
# Custom roles must be in the prolog, not the epilog!
rst_prolog = '''
.. role:: small
diff --git a/doc/sphinx/techref/splinefont.rst b/doc/sphinx/techref/splinefont.rst
index 98248f7a5e..60399d3912 100644
--- a/doc/sphinx/techref/splinefont.rst
+++ b/doc/sphinx/techref/splinefont.rst
@@ -195,7 +195,7 @@ The bounding box of a :ref:`Spline <splinefont.Spline>`,
:ref:`SplineChar <splinefont.SplineChar>`, :ref:`RefChar <splinefont.RefChar>`,
:ref:`Image <splinefont.ImageList>`, or whatever else needs a bounding box.
-.. code-block::
+.. code-block:: default
:name: splinefont.BDFFloat
typedef struct bdffloat {
@@ -206,7 +206,7 @@ The bounding box of a :ref:`Spline <splinefont.Spline>`,
The floating selection in a :ref:`BDFChar <splinefont.BDFChar>`.
-.. code-block::
+.. code-block:: default
:name: splinefont.Undoes
typedef struct undoes {
@@ -277,7 +277,7 @@ both the splines and the bitmaps of a character.
ut_mult is used when doing a copy from the FontView where you are copying more
than one character.
-.. code-block::
+.. code-block:: default
:name: splinefont.BDFChar
typedef struct bdfchar {
@@ -318,7 +318,7 @@ represented by a byte rather than a bit. There is a clut for this in the BDFFont
The last thing in the BDFChar is a (/an optional) floating selection. Only
present if the user has made a selection or done a paste or something like that.
-.. code-block::
+.. code-block:: default
:name: splinefont.BDFFont
typedef struct bdffont {
@@ -345,7 +345,7 @@ contains a count of the number of entries in the array, and then the array
itself. Currently the number of entries here is always 16, but that could
change.
-.. code-block::
+.. code-block:: default
:name: splinefont.SplinePoint
enum pointtype { pt_curve, pt_corner, pt_tangent };
@@ -405,7 +405,7 @@ drawing it. They are cached so they don't need to be regenerated each time.
There's a different set of lines for every scale (as there is a different amount
of visible detail). They get freed and regenerated if the Spline changes.
-.. code-block::
+.. code-block:: default
:name: splinefont.Spline
typedef struct spline1d {
@@ -439,7 +439,7 @@ some are used in other places too.
The Spline1D structures give the equations for the x and y coordinates
respectively (splines[0] is for x, splines[1] is for y).
-.. code-block::
+.. code-block:: default
:name: splinefont.SplinePointList
typedef struct splinepointlist {
@@ -463,7 +463,7 @@ to). A SplinePointList is a connected path. There are three cases:
Generally a series of paths will make up a character, and they are linked
together on the next field.
-.. code-block::
+.. code-block:: default
:name: splinefont.RefChar
typedef struct refchar {
@@ -498,7 +498,7 @@ themselves). The selected field indicates that the reference is selected. The bb
field provides a transformed bounding box. And the sc field points to the
SplineChar we are referring to.
-.. code-block::
+.. code-block:: default
:name: splinefont.KernPair
typedef struct kernpair {
@@ -514,7 +514,7 @@ offset between them (or rather the difference from what their respective left
and right bearings would lead you to believe it should be). Next points to the
next kernpair.
-.. code-block::
+.. code-block:: default
:name: splinefont.Hints
typedef struct hints {
@@ -532,7 +532,7 @@ y space) of where the stem starts, and width is how long it is. Width may be
negative (in which case base is where the stem ends). Next points to the next
hint for the character.
-.. code-block::
+.. code-block:: default
:name: splinefont.ImageList
typedef struct imagelist {
@@ -551,7 +551,7 @@ not support any other transformations on images). The bounding box is after the
transformations have been applied. The next field points to the next image, and
selected indicates whether this one is selected or not.
-.. code-block::
+.. code-block:: default
:name: splinefont.SplineChar
typedef struct splinechar {
@@ -623,7 +623,7 @@ follow this one. For instance the combination "VA" might need kerning, then the
SplineChar representing "V" would have a pointer to a
:ref:`KernPair <splinefont.KernPair>` with data on "A".
-.. code-block::
+.. code-block:: default
:name: splinefont.SplineFont
typedef struct splinefont {
diff --git a/doc/sphinx/ui/misc/fontforge-themes.rst b/doc/sphinx/ui/misc/fontforge-themes.rst
index 8df505634f..5bf3f6edd5 100644
--- a/doc/sphinx/ui/misc/fontforge-themes.rst
+++ b/doc/sphinx/ui/misc/fontforge-themes.rst
@@ -4,7 +4,7 @@ FontForge color schemes
The following are some suggestions for color schemes. You simply copy these into
your ~/.Xdefaults file and then run
-.. code-block::
+.. code-block:: default
:name: fontforge-themes.shell
$ xrdb ~/.Xdefaults

247
SPECS/fontforge.spec → fontforge.spec
View File

@ -1,25 +1,33 @@
%global gettext_package FontForge
%global gittag0 20200314
Name: fontforge
Version: 20200314
Release: 6%{?dist}
Version: 20230101
Release: 14%{?dist}
Summary: Outline and bitmap font editor
License: GPLv3+
License: GPL-3.0-or-later
URL: http://fontforge.github.io/
Source0: https://github.com/fontforge/%{name}/archive/%{gittag0}.tar.gz#/%{name}-%{version}.tar.gz
# https://github.com/fontforge/fontforge/pull/4253
Patch0: fontforge-20200314-Call-gdk_set_allowed_backends-before-gdk_init.patch
# https://github.com/fontforge/fontforge/pull/4257
Patch1: fontforge-20200314-minor-backward-compatible-sphinx-changes.patch
Source0: https://github.com/fontforge/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
# Fix translations with gettext-0.22, https://github.com/fontforge/fontforge/pull/5257
Patch0: 0001-Fix-errors-in-French-and-Italian-translations.patch
# https://github.com/fontforge/fontforge/pull/5367
# Fixes CVE-2024-25081 and CVE-2024-25082
Patch2: Fix_Splinefont_shell_invocation.patch
Patch1: https://patch-diff.githubusercontent.com/raw/fontforge/fontforge/pull/5367.patch#/Fix_Splinefont_shell_invocation.patch
# CVE-2025-15279 https://github.com/fontforge/fontforge/pull/5720
# https://sourceforge.net/p/fontforge/patches/32/
Patch2: https://patch-diff.githubusercontent.com/raw/fontforge/fontforge/pull/5720.patch
# CVE-2025-15275 https://github.com/fontforge/fontforge/pull/5721
# https://sourceforge.net/p/fontforge/patches/37/
Patch3: https://patch-diff.githubusercontent.com/raw/fontforge/fontforge/pull/5721.patch
# CVE-2025-15269 https://github.com/fontforge/fontforge/pull/5722
# https://sourceforge.net/p/fontforge/patches/40/
Patch4: https://patch-diff.githubusercontent.com/raw/fontforge/fontforge/pull/5722.patch
# CVE-2025-15279 https://github.com/fontforge/fontforge/pull/5723
# https://sourceforge.net/p/fontforge/patches/32/
Patch5: https://patch-diff.githubusercontent.com/raw/fontforge/fontforge/pull/5723.patch
Requires: xdg-utils
Requires: autotrace
Requires: (autotrace or potrace)
Requires: hicolor-icon-theme
BuildRequires: gcc-c++
@ -31,7 +39,6 @@ BuildRequires: giflib-devel
BuildRequires: libxml2-devel
BuildRequires: freetype-devel
BuildRequires: desktop-file-utils
BuildRequires: libuninameslist-devel
BuildRequires: libXt-devel
BuildRequires: xorg-x11-proto-devel
BuildRequires: gettext
@ -41,11 +48,16 @@ BuildRequires: libspiro-devel
BuildRequires: python3-devel
BuildRequires: readline-devel
BuildRequires: libappstream-glib
BuildRequires: woff2-devel
# F25 build is failing add following to fix
BuildRequires: shared-mime-info
# F33 onward need now
BuildRequires: gtk3-devel
BuildRequires: python3-sphinx
BuildRequires: make
%py_provides python3-fontforge
%py_provides python3-psMat
%description
FontForge (former PfaEdit) is a font editor for outline and bitmap
@ -71,34 +83,19 @@ This package contains documentation files for %{name}.
%prep
%setup -q
%patch -P 0 -p1
%patch -P 1 -p1
%patch -P 2 -p1
%autosetup -p1
# Remove tests that requires Internet access
sed -i '45d;83d;101d;102d;114d;115d;125d' tests/CMakeLists.txt
rm tests/test003.pe tests/test130.pe tests/test0101.py tests/test929.py
# Remove tests for s390x
rm tests/test0004.py tests/test1009.py tests/test1010.py
# Remove desktop-file-validate warning
sed -i '5d' desktop/org.fontforge.FontForge.desktop
sed -i '45d;82d;101d;127d' tests/CMakeLists.txt
%build
rm -rf build && mkdir build
pushd build
export CFLAGS="%{optflags} -fno-strict-aliasing"
%cmake .. -DCMAKE_BUILD_TYPE=Release
%{make_build}
popd
%cmake -DCMAKE_BUILD_TYPE=Release \
-DENABLE_WOFF2=ON
%cmake_build
%install
pushd build
%{make_install}
popd
%cmake_install
desktop-file-install \
--dir $RPM_BUILD_ROOT%{_datadir}/applications \
@ -116,7 +113,7 @@ appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/*.appdata.xml
%find_lang %{gettext_package}
%check
pushd build
pushd %{__cmake_builddir}
make check
popd
@ -129,7 +126,6 @@ popd
%{_datadir}/fontforge
%{_datadir}/icons/hicolor/*/apps/org.fontforge.FontForge*
%{_mandir}/man1/*.1*
%{_datadir}/pixmaps/org.fontforge.FontForge*
%{_datadir}/mime/packages/fontforge.xml
%{_metainfodir}/org.fontforge.FontForge.appdata.xml
%{python3_sitearch}/fontforge.so
@ -142,43 +138,172 @@ popd
%doc %{_pkgdocdir}
%changelog
* Thu Apr 04 2024 Parag Nemade <pnemade AT redhat DOT com> - 20200314-6
- Resolves: RHEL-26715 - fontforge: various flaws
(CVE-2024-25081 and CVE-2024-25082)
* Tue Jan 27 2026 Parag Nemade <pnemade AT redhat DOT com> - 20230101-14
- Resolves: RHEL-138159
CVE-2025-15279 GUtils BMP File Parsing Heap-based Buffer Overflow
- Resolves: RHEL-138144
CVE-2025-15275 SFD File Parsing Heap-based Buffer Overflow
- Resolves: RHEL-138126
CVE-2025-15269 SFD File Parsing Use-After-Free
* Mon Dec 14 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-5
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 20230101-13
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 20230101-12
- Bump release for June 2024 mass rebuild
* Tue Apr 16 2024 Parag Nemade <pnemade AT redhat DOT com> - 20230101-11
- Resolves: RHEL-31498 various flaws
CVE-2024-25081 and CVE-2024-25082
- Add gating.yaml file
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230101-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230101-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Aug 10 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 20230101-8
- Drop unused libuninameslist dependency
* Tue Aug 08 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 20230101-7
- Allow potrace as an alternative to autotrace
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20230101-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 07 2023 Parag Nemade <pnemade AT redhat DOT com> - 20230101-5
- Fix fr.po and it.po translations issue
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 20230101-4
- Rebuilt for Python 3.12
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20230101-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 02 2023 Parag Nemade <pnemade AT redhat DOT com> - 20230101-2
- Update license tag to SPDX format
- Fix test failure
* Mon Jan 02 2023 Parag Nemade <pnemade AT redhat DOT com> - 20230101-1
- Update to 20230101 version (#2157290)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20220308-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 20220308-2
- Rebuilt for Python 3.11
* Thu Mar 10 2022 Parag Nemade <pnemade AT redhat DOT com> - 20220308-1
- Update to 20220308 version (#2062047)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20201107-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20201107-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 20201107-4
- Rebuilt for Python 3.10
* Mon Feb 01 2021 Parag Nemade <pnemade AT redhat DOT com> - 20201107-3
- The %%find_lang should run as part of %%install only
* Mon Dec 07 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-4
- Minor changes for backwards compatibility with older versions of Sphinx
Resolves: rhbz#1646212
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20201107-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Apr 08 2020 Parag Nemade <pnemade AT redhat DOT com> - 20170731-15
- Resolves:rh#1821664 - out-of-bounds write in sfd.c
* Wed Nov 25 2020 Parag Nemade <pnemade AT redhat DOT com> - 20201107-1
- Update to 20201107 version (#1895648)
- removed %%gittag0 macro, as it cause problem to automated package update script
* Thu Jan 16 2020 Parag Nemade <pnemade AT redhat DOT com> - 20170731-14
- Resolves:rh#1790974 - out-of-bounds write in sfd.c
* Sun Nov 22 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 20200314-10
- Add py_provides macros to provide python3-fontforge, python3-psMat, etc.
* Sun Jun 02 2019 Parag Nemade <pnemade AT redhat DOT com> - 20170731-13
- Resolves:rh#1665940 - harden the missing splinerefigure.c file
* Wed Aug 05 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-9
- Fix FTBFS bug by fixing glossary.rst and using new CMake macros
* Fri May 31 2019 Parag Nemade <pnemade AT redhat DOT com> - 20170731-12
- Resolves:rh#1665940 - Fixed covscan patch to fix some font packages build
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20200314-8
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 20 2019 Parag Nemade <pnemade AT redhat DOT com> - 20170731-11
- Resolves:rh#1682233 - Fixed gating.yml rule
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20200314-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sat May 18 2019 Parag Nemade <pnemade AT redhat DOT com> - 20170731-10
- Resolves:rh#1682233 - fontforge changes blocked until gating tests are added
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 20200314-6
- Rebuilt for Python 3.9
* Mon May 13 2019 Parag Nemade <pnemade AT redhat DOT com> - 20170731-9
- Resolves:rh#1665940 - fontforge: Use after free during dejavu-fonts build
* Sat May 02 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-5
- Resolves:rhbz#1830502 - Add missing WOFF2 support
* Tue Oct 30 2018 Parag Nemade <pnemade AT redhat DOT com> - 20170731-8
- Resolves:rh#1644224 - fix some issues from covscan patch
* Wed Apr 15 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-4
- Resolves:rhbz#1823525 - fontforge fails to build with Sphinx 3.0.0
* Sat Sep 22 2018 Parag Nemade <pnemade AT redhat DOT com> - 20170731-7
- Resolves:rh#1602497 - Fix some covscan issues
* Thu Apr 02 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-3
- Fix the GDK backend UI issues
- Move back to using GDK backend
* Fri Mar 27 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-2
- Enabled X11 and 2012 theme
* Wed Mar 25 2020 Parag Nemade <pnemade AT redhat DOT com> - 20200314-1
- Update to 20200314 version (#1813578)
* Sun Feb 16 2020 Parag Nemade <pnemade AT redhat DOT com> - 20190801-6
- another fix for rh#1790042 - CVE-2020-5395:out-of-bounds write in sfd.c
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190801-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 16 2020 Parag Nemade <pnemade AT redhat DOT com> - 20190801-4
- Resolves:rh#1790042 - CVE-2020-5395:out-of-bounds write in sfd.c
* Tue Aug 27 2019 Kevin Fenzi <kevin@scrye.com> - 20190801-3
- Rebuild for new libspiro
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 20190801-2
- Rebuilt for Python 3.8
* Thu Aug 15 2019 Parag Nemade <pnemade AT redhat DOT com> - 20190801-1
- Update to 20190801 version (#1739819)
- Upstream moved to use Glib's GHashTable over uthash
- Upstream dropped requiring bundling copy of gnulib
* Fri Aug 02 2019 Parag Nemade <pnemade AT redhat DOT com> - 20190413-4
- Fix the conditional for rh#1728058
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20190413-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 23 2019 Parag Nemade <pnemade AT redhat DOT com> - 20190413-2
- make the code compatible with python-3.8 (rh#1728058)
* Sat Apr 13 2019 Parag Nemade <pnemade AT redhat DOT com> - 20190413-1
- Update to 20190413 version (#1689629)
* Mon Mar 25 2019 Parag Nemade <pnemade AT redhat DOT com> - 20190317-1
- Update to 20190317 release (#1689629)
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 20170731-12
- Rebuild for readline 8.0
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20170731-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jul 23 2018 Miro Hrončok <mhroncok@redhat.com> - 20170731-10
- Rebuilt for #1595421
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20170731-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jul 04 2018 Kevin Fenzi <kevin@scrye.com> - -8
- Update bundled gnulib. Fixes bug #1596037
* Thu Jun 28 2018 Miro Hrončok <mhroncok@redhat.com> - 20170731-7
- Rebuilt for Python 3.7.0 final (#1595421)
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 20170731-6
- Rebuilt for Python 3.7
* Sun Feb 11 2018 Sandro Mani <manisandro@gmail.com> - 20170731-5
- Rebuild (giflib)

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (fontforge-20230101.tar.gz) = 67c21f7e55a78097ef7d7d9abac3add2017400015a6a9dfd56674d933bdba963cb6c4e631ae066026fe1862298d60dd968dec61a9bbee7253dd2f7d105655178