Merge ../fontforge into el5

Conflicts:
	.gitignore
	fontforge.spec
	sources

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: fontforge
-# $Id$
-NAME := fontforge
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON	:= $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

fontforge-20061025-CVE-2010-4259.patch

@@ -0,0 +1,50 @@
+--- fontforge/fontforge/fvimportbdf.c	15 Apr 2010 10:47:36 -0000	1.58
++++ fontforge/fontforge/fvimportbdf.c	3 Dec 2010 21:03:38 -0000
+@@ -560,7 +560,7 @@
+ 	}
+     
+ 	if ( strcmp(tok,"FONT")==0 ) {
+-	    if ( sscanf(buf,"-%*[^-]-%[^-]-%[^-]-%[^-]-%*[^-]-", family, weight, italic )!=0 ) {
++	    if ( sscanf(buf,"-%*[^-]-%99[^-]-%99[^-]-%99[^-]-%*[^-]-", family, weight, italic )!=0 ) {
+ 		char *pt=buf;
+ 		int dcnt=0;
+ 		while ( *pt=='-' && dcnt<7 ) { ++pt; ++dcnt; }
+@@ -616,26 +616,30 @@
+ 	    sscanf(buf, "%d", &defs->metricsset );
+ 	else if ( strcmp(tok,"VVECTOR")==0 )
+ 	    sscanf(buf, "%*d %d", &defs->vertical_origin );
++	/* For foundry, fontname and encname, only copy up to the buffer size */
+ 	else if ( strcmp(tok,"FOUNDRY")==0 )
+-	    sscanf(buf, "%[^\"]", foundry );
++	    sscanf(buf, "%99[^\"]", foundry );
+ 	else if ( strcmp(tok,"FONT_NAME")==0 )
+-	    sscanf(buf, "%[^\"]", fontname );
++	    sscanf(buf, "%99[^\"]", fontname );
+ 	else if ( strcmp(tok,"CHARSET_REGISTRY")==0 )
+-	    sscanf(buf, "%[^\"]", encname );
++	    sscanf(buf, "%99[^\"]", encname );
+ 	else if ( strcmp(tok,"CHARSET_ENCODING")==0 ) {
+ 	    enc = 0;
+ 	    if ( sscanf(buf, " %d", &enc )!=1 )
+ 		sscanf(buf, "%d", &enc );
++	/* These properties should be copied up to the buffer length too */
+ 	} else if ( strcmp(tok,"FAMILY_NAME")==0 ) {
+-	    strcpy(family,buf);
++	    strncpy(family,buf,99);
+ 	} else if ( strcmp(tok,"FULL_NAME")==0 || strcmp(tok,"FACE_NAME")==0 ) {
+-	    strcpy(full,buf);
++	    strncpy(full,buf,99);
+ 	} else if ( strcmp(tok,"WEIGHT_NAME")==0 )
+-	    strcpy(weight,buf);
++	    strncpy(weight,buf,99);
+ 	else if ( strcmp(tok,"SLANT")==0 )
+-	    strcpy(italic,buf);
++	    strncpy(italic,buf,99);
+ 	else if ( strcmp(tok,"COPYRIGHT")==0 ) {
+-	    strcpy(comments,buf);
++		/* LS: Assume the size of the passed-in buffer is 1000, see below in
++		 * COMMENT */
++	    strncpy(comments,buf,999);
+ 	    found_copyright = true;
+ 	} else if ( strcmp(tok,"COMMENT")==0 && !found_copyright ) {
+ 	    char *pt = comments+strlen(comments);

fontforge-20061025-fsSel.patch

@@ -0,0 +1,11 @@
+--- fontforge-20061025/fontforge/tottf.c.fsSel	2006-12-09 21:36:24.000000000 +0330
++++ fontforge-20061025/fontforge/tottf.c	2006-12-09 21:41:45.000000000 +0330
+@@ -3090,7 +3090,7 @@
+     os2->fsSel = (at->head.macstyle&1?32:0)|(at->head.macstyle&2?1:0);
+     if ( sf->fullname!=NULL && strstrmatch(sf->fullname,"outline")!=NULL )
+ 	os2->fsSel |= 8;
+-    if ( os2->fsSel==0 ) os2->fsSel = 64;		/* Regular */
++    if ( os2->fsSel==0 && sf->pfminfo.weight == 400) os2->fsSel = 64;		/* Regular */
+     if ( os2->version>=4 ) {
+ 	if ( strstrmatch(sf->fontname,"Obli")==0 ) {
+ 	    os2->fsSel &= ~1;		/* Turn off Italic */

fontforge-20061025-usFirstCharIndex.patch

@@ -0,0 +1,10 @@
+--- fontforge-20061025/fontforge/tottf.c.usFirstCharIndex	2006-10-05 07:29:12.000000000 +0330
++++ fontforge-20061025/fontforge/tottf.c	2006-11-25 13:59:52.000000000 +0330
+@@ -3187,7 +3187,6 @@
+ 	os2->firstcharindex = 0xf000 + first;	/* This gets mapped to space */
+ 	os2->lastcharindex  = 0xf000 + last;
+     } else {
+-	if ( first>13 && format!=ff_otf && format!=ff_otfcid ) first = 13;	/* We give the font an extra char mapped to cr (13) */
+ 	os2->firstcharindex = first;
+ 	os2->lastcharindex = last;
+ 	OS2FigureCodePages(sf, os2->ulCodePage);

fontforge.spec

@@ -3,7 +3,7 @@
 
 Name:           fontforge
 Version:        20080828
-Release:        1%{?dist}
+Release:        1.1%{?dist}
 Summary:        Outline and bitmap font editor
 
 Group:          Applications/Publishing
@@ -13,6 +13,7 @@ Source0:        http://downloads.sourceforge.net/fontforge/fontforge_full-%{vers
 Source1:        fontforge.desktop
 Source2:        http://downloads.sourceforge.net/fontforge/fontforge_htdocs-%{docs_version}.tar.bz2
 Source3:	fontforge.xml
+Patch0:		fontforge-20061025-CVE-2010-4259.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Requires:       xdg-utils
@@ -29,6 +30,7 @@ BuildRequires:  libuninameslist-devel
 BuildRequires:  libXt-devel
 BuildRequires:  xorg-x11-proto-devel
 BuildRequires:  gettext
+BuildRequires:  python-devel
 
 Obsoletes:      pfaedit
 Provides:       pfaedit
@@ -51,6 +53,7 @@ to compile applications against fontforge.
 
 %prep
 %setup -q -n %{name}-%{version}
+%patch0 -p1 -b .CVE-2010-4259
 
 mkdir htdocs
 tar xjf %{SOURCE2} -C htdocs
@@ -136,6 +139,10 @@ update-mime-database %{_datadir}/mime &> /dev/null || :
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Mon Aug 20 2012 Jonathan Ciesla <limburgher@gmail.com> - 20080828-1.1
+- Add patch to fix CVE-2010-4259 (fixes #659359)
+- Added python-requires BuildRequires.
+
 * Wed Sep 03 2008 Kevin Fenzi <kevin@tummy.com> - 20080828-1
 - Upgrade to 20080828
 - Add Requires on autotrace. Fixes 460668
@@ -181,6 +188,7 @@ update-mime-database %{_datadir}/mime &> /dev/null || :
 
 * Fri Dec 22 2006 Roozbeh Pournader <roozbeh@farsiweb.info> - 20061220-1
 - Update to upstream 20061220
+>>>>>>> 52bff30f7a8e5bf074279795bc62f2ab720eb1e3
 
 * Sat Dec 09 2006 Roozbeh Pournader <roozbeh@farsiweb.info> - 20061025-2
 - Add patch to fix fsSelection problem with DejaVu ExtraLight