From 699e4cb77fb54a5f487bd729afe9c4bc72878b9c Mon Sep 17 00:00:00 2001
From: Kalev Lember <kalevlember@gmail.com>
Date: Sat, 30 Jul 2011 14:44:11 +0300
Subject: [PATCH] Update to 2.4.5

Synced patches with Fedora native freetype 2.4.5-2.
---
 .gitignore                           |  2 +
 freetype-2.1.10-enable-ft2-bci.patch | 11 ----
 freetype-2.3.11-more-demos.patch     |  6 +-
 freetype-2.4.2-CVE-2010-3311.patch   | 37 +++++++++++
 freetype-2.4.5-CVE-2011-0226.patch   | 99 ++++++++++++++++++++++++++++
 mingw32-freetype.spec                | 35 ++++------
 sources                              |  4 +-
 7 files changed, 157 insertions(+), 37 deletions(-)
 delete mode 100644 freetype-2.1.10-enable-ft2-bci.patch
 create mode 100644 freetype-2.4.2-CVE-2010-3311.patch
 create mode 100644 freetype-2.4.5-CVE-2011-0226.patch

diff --git a/.gitignore b/.gitignore
index 52a6868..73e1dce 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 freetype-2.3.11.tar.bz2
 freetype-doc-2.3.11.tar.gz
+/freetype-2.4.5.tar.bz2
+/freetype-doc-2.4.5.tar.bz2
diff --git a/freetype-2.1.10-enable-ft2-bci.patch b/freetype-2.1.10-enable-ft2-bci.patch
deleted file mode 100644
index b1766a0..0000000
--- a/freetype-2.1.10-enable-ft2-bci.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- freetype-2.1.10/include/freetype/config/ftoption.h.enable-ft2-bci	2005-10-12 13:50:40.000000000 -0400
-+++ freetype-2.1.10/include/freetype/config/ftoption.h	2005-10-12 14:18:50.000000000 -0400
-@@ -436,7 +436,7 @@
-   /*   Do not #undef this macro here, since the build system might         */
-   /*   define it for certain configurations only.                          */
-   /*                                                                       */
--/* #define TT_CONFIG_OPTION_BYTECODE_INTERPRETER */
-+#define TT_CONFIG_OPTION_BYTECODE_INTERPRETER
- 
- 
-   /*************************************************************************/
diff --git a/freetype-2.3.11-more-demos.patch b/freetype-2.3.11-more-demos.patch
index 4b0046e..181eafe 100644
--- a/freetype-2.3.11-more-demos.patch
+++ b/freetype-2.3.11-more-demos.patch
@@ -1,6 +1,6 @@
-diff -up freetype-2.3.11/ft2demos-2.3.11/Makefile.more-demos freetype-2.3.11/ft2demos-2.3.11/Makefile
---- freetype-2.3.11/ft2demos-2.3.11/Makefile.more-demos	2009-10-22 16:02:26.000000000 -0400
-+++ freetype-2.3.11/ft2demos-2.3.11/Makefile	2009-10-22 16:02:32.000000000 -0400
+diff -up ft2demos-2.3.11/Makefile.more-demos freetype-2.3.11/ft2demos-2.3.11/Makefile
+--- ft2demos-2.3.11/Makefile.more-demos	2009-10-22 16:02:26.000000000 -0400
++++ ft2demos-2.3.11/Makefile	2009-10-22 16:02:32.000000000 -0400
 @@ -288,10 +288,10 @@ else
    # Note that ttdebug only works if the FreeType's `truetype' driver has
    # been compiled with TT_CONFIG_OPTION_BYTECODE_INTERPRETER defined.
diff --git a/freetype-2.4.2-CVE-2010-3311.patch b/freetype-2.4.2-CVE-2010-3311.patch
new file mode 100644
index 0000000..7f51a95
--- /dev/null
+++ b/freetype-2.4.2-CVE-2010-3311.patch
@@ -0,0 +1,37 @@
+--- freetype-2.4.2/src/base/ftstream.c	2010-08-04 15:52:01.000000000 +0200
++++ freetype-2.4.2/src/base/ftstream.c	2010-10-06 18:47:07.000000000 +0200
+@@ -59,8 +59,17 @@
+   {
+     FT_Error  error = FT_Err_Ok;
+ 
++    /* note that seeking to the first position after the file is valid */
++    if ( pos > stream->size )
++    {
++      FT_ERROR(( "FT_Stream_Seek:"
++                 " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
++                 pos, stream->size ));
+ 
+-    if ( stream->read )
++      error = FT_Err_Invalid_Stream_Operation;
++    }
++
++    if ( !error && stream->read )
+     {
+       if ( stream->read( stream, pos, 0, 0 ) )
+       {
+@@ -71,15 +80,6 @@
+         error = FT_Err_Invalid_Stream_Operation;
+       }
+     }
+-    /* note that seeking to the first position after the file is valid */
+-    else if ( pos > stream->size )
+-    {
+-      FT_ERROR(( "FT_Stream_Seek:"
+-                 " invalid i/o; pos = 0x%lx, size = 0x%lx\n",
+-                 pos, stream->size ));
+-
+-      error = FT_Err_Invalid_Stream_Operation;
+-    }
+ 
+     if ( !error )
+       stream->pos = pos;
diff --git a/freetype-2.4.5-CVE-2011-0226.patch b/freetype-2.4.5-CVE-2011-0226.patch
new file mode 100644
index 0000000..f0afa21
--- /dev/null
+++ b/freetype-2.4.5-CVE-2011-0226.patch
@@ -0,0 +1,99 @@
+--- freetype-2.4.5/src/psaux/t1decode.c	2010-11-23 19:28:53.000000000 +0100
++++ freetype-2.4.5/src/psaux/t1decode.c	2011-07-20 15:00:39.000000000 +0200
+@@ -28,6 +28,8 @@
+ 
+ #include "psauxerr.h"
+ 
++/* ensure proper sign extension */
++#define Fix2Int( f )  ( (FT_Int)(FT_Short)( (f) >> 16 ) )
+ 
+   /*************************************************************************/
+   /*                                                                       */
+@@ -662,7 +664,7 @@
+         if ( large_int )
+           FT_TRACE4(( " %ld", value ));
+         else
+-          FT_TRACE4(( " %ld", (FT_Int32)( value >> 16 ) ));
++          FT_TRACE4(( " %ld", Fix2Int( value ) ));
+ #endif
+ 
+         *top++       = value;
+@@ -684,8 +686,8 @@
+ 
+         top -= 2;
+ 
+-        subr_no = (FT_Int)( top[1] >> 16 );
+-        arg_cnt = (FT_Int)( top[0] >> 16 );
++        subr_no = Fix2Int( top[1] );
++        arg_cnt = Fix2Int( top[0] );
+ 
+         /***********************************************************/
+         /*                                                         */
+@@ -862,7 +864,7 @@
+             if ( arg_cnt != 1 || blend == NULL )
+               goto Unexpected_OtherSubr;
+ 
+-            idx = (FT_Int)( top[0] >> 16 );
++            idx = Fix2Int( top[0] );
+ 
+             if ( idx < 0                                           ||
+                  idx + blend->num_designs > decoder->len_buildchar )
+@@ -930,7 +932,7 @@
+             if ( arg_cnt != 2 || blend == NULL )
+               goto Unexpected_OtherSubr;
+ 
+-            idx = (FT_Int)( top[1] >> 16 );
++            idx = Fix2Int( top[1] );
+ 
+             if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )
+               goto Unexpected_OtherSubr;
+@@ -951,7 +953,7 @@
+             if ( arg_cnt != 1 || blend == NULL )
+               goto Unexpected_OtherSubr;
+ 
+-            idx = (FT_Int)( top[0] >> 16 );
++            idx = Fix2Int( top[0] );
+ 
+             if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )
+               goto Unexpected_OtherSubr;
+@@ -1009,11 +1011,15 @@
+           break;
+ 
+         default:
+-          FT_ERROR(( "t1_decoder_parse_charstrings:"
+-                     " unknown othersubr [%d %d], wish me luck\n",
+-                     arg_cnt, subr_no ));
+-          unknown_othersubr_result_cnt = arg_cnt;
+-          break;
++          if ( arg_cnt >= 0 && subr_no >= 0 )
++          {
++            FT_ERROR(( "t1_decoder_parse_charstrings:"
++                       " unknown othersubr [%d %d], wish me luck\n",
++                       arg_cnt, subr_no ));
++            unknown_othersubr_result_cnt = arg_cnt;
++            break;
++          }
++          /* fall through */
+ 
+         Unexpected_OtherSubr:
+           FT_ERROR(( "t1_decoder_parse_charstrings:"
+@@ -1139,8 +1145,8 @@
+                                   top[0],
+                                   top[1],
+                                   top[2],
+-                                  (FT_Int)( top[3] >> 16 ),
+-                                  (FT_Int)( top[4] >> 16 ) );
++                                  Fix2Int( top[3] ),
++                                  Fix2Int( top[4] ) );
+ 
+         case op_sbw:
+           FT_TRACE4(( " sbw" ));
+@@ -1324,7 +1330,7 @@
+ 
+             FT_TRACE4(( " callsubr" ));
+ 
+-            idx = (FT_Int)( top[0] >> 16 );
++            idx = Fix2Int( top[0] );
+             if ( idx < 0 || idx >= (FT_Int)decoder->num_subrs )
+             {
+               FT_ERROR(( "t1_decoder_parse_charstrings:"
diff --git a/mingw32-freetype.spec b/mingw32-freetype.spec
index 0a9b56f..ced80e7 100644
--- a/mingw32-freetype.spec
+++ b/mingw32-freetype.spec
@@ -4,37 +4,32 @@
 %define __find_requires %{_mingw32_findrequires}
 %define __find_provides %{_mingw32_findprovides}
 
-# Patented bytecode interpreter and patented subpixel rendering
-# disabled by default.  Pass '--with bytecode_interpreter' and '--with
-# subpixel_rendering' on rpmbuild command-line to enable them.
-
-%define _with_subpixel_rendering 1}
-%define _without_subpixel_rendering 0}
-%{!?_with_bytecode_interpreter: %{!?_without_bytecode_interpreter: %define _without_bytecode_interpreter --without-bytecode_interpreter}}
+# Patented subpixel rendering disabled by default.
+# Pass '--with subpixel_rendering' on rpmbuild command-line to enable.
 %{!?_with_subpixel_rendering: %{!?_without_subpixel_rendering: %define _without_subpixel_rendering --without-subpixel_rendering}}
 
 %define with_xfree86 0
 
 Name:           mingw32-freetype
-Version:        2.3.11
-Release:        2%{?dist}
+Version:        2.4.5
+Release:        1%{?dist}
 Summary:        Free and portable font rendering engine
 
 License:        FTL or GPLv2+
 URL:            http://www.freetype.org
-Source:         http://mirrors.aixtools.net/sv/freetype/freetype-%{version}.tar.bz2
-Source1:        http://mirrors.aixtools.net/sv/freetype/freetype-doc-%{version}.tar.gz
+Source0:        http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.bz2
+Source1:        http://download.savannah.gnu.org/releases/freetype/freetype-doc-%{version}.tar.bz2
 #Source2:        http://download.savannah.gnu.org/releases/freetype/ft2demos-%{version}.tar.bz2
 Group:          Development/Libraries
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 # Patches from native Fedora package.
-#Patch5:         ft2demos-2.1.9-mathlib.patch
-Patch20:        freetype-2.1.10-enable-ft2-bci.patch
 Patch21:        freetype-2.3.0-enable-spr.patch
 Patch46:        freetype-2.2.1-enable-valid.patch
 #Patch47:        freetype-2.3.11-more-demos.patch
 Patch88:        freetype-multilib.patch
+Patch89:        freetype-2.4.2-CVE-2010-3311.patch
+Patch90:        freetype-2.4.5-CVE-2011-0226.patch
 
 BuildArch:      noarch
 
@@ -54,14 +49,6 @@ MinGW Windows Freetype library.
 %prep
 %setup -q -n freetype-%{version} -b 1 -a 1
 
-#pushd ft2demos-%{version}
-#%patch5 -p1 -b .mathlib
-#popd
-
-%if %{?_with_bytecode_interpreter:1}%{!?_with_bytecode_interpreter:0}
-%patch20  -p1 -b .enable-ft2-bci
-%endif
-
 %if %{?_with_subpixel_rendering:1}%{!?_with_subpixel_rendering:0}
 %patch21  -p1 -b .enable-spr
 %endif
@@ -70,6 +57,8 @@ MinGW Windows Freetype library.
 #%patch47  -p1 -b .more-demos
 
 %patch88 -p1 -b .multilib
+%patch89 -p1 -b .CVE-2010-3311
+%patch90 -p1 -b .CVE-2011-0226
 
 
 %build
@@ -108,6 +97,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Sat Jul 30 2011 Kalev Lember <kalevlember@gmail.com> - 2.4.5-1
+- Update to 2.4.5
+- Synced patches with Fedora native freetype 2.4.5-2
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.11-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 
diff --git a/sources b/sources
index 70a4986..eae347f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-519c7cbf5cbd72ffa822c66844d3114c  freetype-2.3.11.tar.bz2
-a329c92c1d8c16464023149393851166  freetype-doc-2.3.11.tar.gz
+90428a6d8ec4876cd1eb94858c2a59b0  freetype-2.4.5.tar.bz2
+bb6fc58b62762eaaea9688443d5d8477  freetype-doc-2.4.5.tar.bz2