11 changed files with 157 additions and 272 deletions
--- a/.freetype.metadata
+++ b/.freetype.metadata
@ -1,3 +1,3 @@
-0181862673f7216ad2b5074f95fc131209e30b27 SOURCES/freetype-2.10.4.tar.xz
-9c86a3225cabc659914095c5f97b4844001bb733 SOURCES/freetype-doc-2.10.4.tar.xz
-d16eef3cb775532995db5826c4f4f6dbe883cc5b SOURCES/ft2demos-2.10.4.tar.xz
+2d8d5917a1983ebd04921f2993a88858d6f72dec SOURCES/freetype-2.13.2.tar.xz
+dbed086b3dba1d748e15b28103081ed30d24e3f3 SOURCES/freetype-doc-2.13.2.tar.xz
+655c82a431fae7f53a964bda8a7c0671531d05a4 SOURCES/ft2demos-2.13.2.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
-SOURCES/freetype-2.10.4.tar.xz
-SOURCES/freetype-doc-2.10.4.tar.xz
-SOURCES/ft2demos-2.10.4.tar.xz
+SOURCES/freetype-2.13.2.tar.xz
+SOURCES/freetype-doc-2.13.2.tar.xz
+SOURCES/ft2demos-2.13.2.tar.xz
--- a/SOURCES/freetype-2.10.1-debughook.patch
+++ b/SOURCES/freetype-2.10.1-debughook.patch
@ -1,13 +0,0 @@
-diff --git a/include/freetype/ftmodapi.h b/include/freetype/ftmodapi.h
-index 8d039c4f3..88488bfe8 100644
--- a/include/freetype/ftmodapi.h
-+++ b/include/freetype/ftmodapi.h
-@@ -623,7 +623,7 @@ FT_BEGIN_HEADER
-    *     it is bytecode interpreter's execution context, `TT_ExecContext`,
-    *     which is declared in FreeType's internal header file `tttypes.h`.
-    */
-  typedef FT_Error
-+  typedef void
-   (*FT_DebugHook_Func)( void*  arg );
- 
- 
--- a/SOURCES/freetype-2.10.4-avoid-invalid-face-index.patch
+++ b/SOURCES/freetype-2.10.4-avoid-invalid-face-index.patch
@ -1,43 +0,0 @@
-From 53dfdcd8198d2b3201a23c4bad9190519ba918db Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Thu, 17 Mar 2022 19:24:16 +0100
-Subject: [PATCH] [sfnt] Avoid invalid face index.
-
-Fixes #1138.
-
-* src/sfnt/sfobjs.c (sfnt_init_face), src/sfnt/sfwoff2.c (woff2_open_font):
-Check `face_index` before decrementing.
---
- src/sfnt/sfobjs.c  | 2 +-
- src/sfnt/sfwoff2.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c
-index f9d4d3858..9771c35df 100644
--- a/src/sfnt/sfobjs.c
-+++ b/src/sfnt/sfobjs.c
-@@ -566,7 +566,7 @@
-     face_index = FT_ABS( face_instance_index ) & 0xFFFF;
- 
-     /* value -(N+1) requests information on index N */
-    if ( face_instance_index < 0 )
-+    if ( face_instance_index < 0 && face_index > 0 )
-       face_index--;
- 
-     if ( face_index >= face->ttc_header.count )
-diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c
-index cb1e0664a..165b875e5 100644
--- a/src/sfnt/sfwoff2.c
-+++ b/src/sfnt/sfwoff2.c
-@@ -2085,7 +2085,7 @@
-     /* Validate requested face index. */
-     *num_faces = woff2.num_fonts;
-     /* value -(N+1) requests information on index N */
-    if ( *face_instance_index < 0 )
-+    if ( *face_instance_index < 0 && face_index > 0 )
-       face_index--;
- 
-     if ( face_index >= woff2.num_fonts )
-- 
-2.35.1
-
--- a/SOURCES/freetype-2.10.4-covscan.patch
+++ b/SOURCES/freetype-2.10.4-covscan.patch
@ -1,45 +0,0 @@
--- freetype-2.10.4/builds/unix/freetype-config.in
-+++ freetype-2.10.4/builds/unix/freetype-config.in
-@@ -32,9 +32,6 @@ cflags=`%PKG_CONFIG% --cflags freetype2`
- dynamic_libs=`pkgconf --libs freetype2`
- static_libs=`pkgconf --static --libs freetype2`
- 
-orig_prefix=$prefix
-orig_exec_prefix=$exec_prefix
-
- orig_includedir=$includedir
- orig_libdir=$libdir
- 
--- freetype-2.10.4/ft2demos-2.10.4/src/ftbench.c
-+++ freetype-2.10.4/ft2demos-2.10.4/src/ftbench.c
-@@ -749,6 +749,7 @@
-         {
-           fprintf( stderr,
-                    "couldn't allocate memory to pre-load font file\n" );
-+          fclose( file );
- 
-           return 1;
-         }
-@@ -758,9 +759,12 @@
-           fprintf( stderr, "read error\n" );
-           free( memory_file );
-           memory_file = NULL;
-+          fclose( file );
- 
-           return 1;
-         }
-+
-+        fclose( file );
-       }
- 
-       error = FT_New_Memory_Face( lib,
--- freetype-2.10.4/ft2demos-2.10.4/src/ftgrid.c
-+++ freetype-2.10.4/ft2demos-2.10.4/src/ftgrid.c
-@@ -662,6 +662,7 @@
-         break;
- 
-       default:
-+        free( t );
-         return;
-     }
- 
--- a/SOURCES/freetype-2.10.4-guard-face-size.patch
+++ b/SOURCES/freetype-2.10.4-guard-face-size.patch
@ -1,27 +0,0 @@
-From 0c2bdb01a2e1d24a3e592377a6d0822856e10df2 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sat, 19 Mar 2022 09:37:28 +0100
-Subject: [PATCH] * src/base/ftobjs.c (FT_Request_Size): Guard `face->size`.
-
-Fixes #1140.
---
- src/base/ftobjs.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
-index 6492a1517..282c9121a 100644
--- a/src/base/ftobjs.c
-+++ b/src/base/ftobjs.c
-@@ -3409,6 +3409,9 @@
-     if ( !face )
-       return FT_THROW( Invalid_Face_Handle );
- 
-+    if ( !face->size )
-+      return FT_THROW( Invalid_Size_Handle );
-+
-     if ( !req || req->width < 0 || req->height < 0 ||
-          req->type >= FT_SIZE_REQUEST_TYPE_MAX )
-       return FT_THROW( Invalid_Argument );
-- 
-2.35.1
-
--- a/SOURCES/freetype-2.10.4-png-memory-leak.patch
+++ b/SOURCES/freetype-2.10.4-png-memory-leak.patch
@ -1,43 +0,0 @@
-From 007c109b4594c5e63948bd08b4d5011ad76ffb10 Mon Sep 17 00:00:00 2001
-From: Ben Wagner <bungeman@google.com>
-Date: Fri, 23 Oct 2020 08:29:14 +0200
-Subject: [PATCH] * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak
- (#59322).
-
-The issue is that `rows` is allocated but will not be freed in the
-event that the call to `png_read_image` fails and calls `longjmp`.
---
- ChangeLog          | 7 +++++++
- src/sfnt/pngshim.c | 1 +
- 2 files changed, 8 insertions(+)
-
-diff --git a/ChangeLog b/ChangeLog
-index 42f7c34ba..ff048b8ab 100644
--- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,10 @@
-+2020-10-23  Ben Wagner  <bungeman@google.com>
-+
-+	* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak (#59322).
-+
-+	The issue is that `rows` is allocated but will not be freed in the
-+	event that the call to `png_read_image` fails and calls `longjmp`.
-+
- 2020-10-20  Werner Lemberg  <wl@gnu.org>
- 
- 	* Version 2.10.4 released.
-diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c
-index f55016122..d4e43a9f4 100644
--- a/src/sfnt/pngshim.c
-+++ b/src/sfnt/pngshim.c
-@@ -443,6 +443,7 @@
-     png_read_end( png, info );
- 
-   DestroyExit:
-+    FT_FREE( rows );
-     png_destroy_read_struct( &png, &info, NULL );
-     FT_Stream_Close( &stream );
- 
-- 
-2.26.2
-
--- a/SOURCES/freetype-2.10.4-properly-guard-face_index.patch
+++ b/SOURCES/freetype-2.10.4-properly-guard-face_index.patch
@ -1,46 +0,0 @@
-From 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sat, 19 Mar 2022 06:40:17 +0100
-Subject: [PATCH] * src/base/ftobjs.c (ft_open_face_internal): Properly guard
- `face_index`.
-
-We must ensure that the cast to `FT_Int` doesn't change the sign.
-
-Fixes #1139.
---
- src/base/ftobjs.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-From d014387ad4a5dd04d8e7f99587c7dacb70261924 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sat, 19 Mar 2022 09:30:45 +0100
-Subject: [PATCH 2/2] * src/base/ftobjs.c (ft_open_face_internal): Thinko.
-
---
- src/base/ftobjs.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
-index 2c0f0e6c9..10952a6c6 100644
--- a/src/base/ftobjs.c
-+++ b/src/base/ftobjs.c
-@@ -2527,6 +2527,16 @@
- #endif
- 
- 
-+    /* only use lower 31 bits together with sign bit */
-+    if ( face_index > 0 )
-+      face_index &= 0x7FFFFFFFL;
-+    else
-+    {
-+      face_index  = -face_index;
-+      face_index &= 0x7FFFFFFFL;
-+      face_index  = -face_index;
-+    }
-+
- #ifdef FT_DEBUG_LEVEL_TRACE
-     FT_TRACE3(( "FT_Open_Face: " ));
-     if ( face_index < 0 )
-- 
-2.35.1
-
--- a/SOURCES/freetype-2.13.2-SAST-findings.patch
+++ b/SOURCES/freetype-2.13.2-SAST-findings.patch
@ -0,0 +1,75 @@
+diff --git a/src/autofit/afglobal.c b/src/autofit/afglobal.c
+index b7403fa65..1fd5a0be3 100644
+--- a/src/autofit/afglobal.c
+++ b/src/autofit/afglobal.c
+@@ -245,6 +245,12 @@
+         af_shaper_get_coverage( globals, style_class, gstyles, 0 );
+     }
+ 
+    if ( dflt >= sizeof (af_style_classes) / sizeof (AF_StyleClass) )
+    {
+      error = FT_THROW( Invalid_Offset );
+      goto Exit;
+    }
+
+     /* ... and finally the default OpenType features of the default script */
+     af_shaper_get_coverage( globals, af_style_classes[dflt], gstyles, 1 );
+ 
+diff --git a/src/tools/apinames.c b/src/tools/apinames.c
+index 5a49b0649..feefb4ee7 100644
+--- a/src/tools/apinames.c
+++ b/src/tools/apinames.c
+@@ -182,6 +182,7 @@ names_dump( FILE*         out,
+   case OUTPUT_WATCOM_LBC:
+     {
+       const char*  dot;
+      char  temp[512];
+ 
+ 
+       if ( !dll_name )
+@@ -195,7 +196,6 @@ names_dump( FILE*         out,
+       dot = strchr( dll_name, '.' );
+       if ( dot )
+       {
+-        char  temp[512];
+         int   len = dot - dll_name;
+ 
+ 
+diff --git a/src/ftbench.c b/src/ftbench.c
+index ec5c46c..7d96f60 100644
+--- a/ft2demos-2.13.2/src/ftbench.c
+++ b/ft2demos-2.13.2/src/ftbench.c
+@@ -907,6 +907,7 @@
+         {
+           fprintf( stderr,
+                    "couldn't allocate memory to pre-load font file\n" );
+          fclose( file );
+ 
+           return 1;
+         }
+@@ -916,9 +917,11 @@
+           fprintf( stderr, "read error\n" );
+           free( memory_file );
+           memory_file = NULL;
+          fclose( file );
+ 
+           return 1;
+         }
+        fclose( file );
+       }
+ 
+       error = FT_New_Memory_Face( lib,
+diff --git a/src/ftgrid.c b/src/ftgrid.c
+index bae4826..1a8f421 100644
+--- a/ft2demos-2.13.2/src/ftgrid.c
+++ b/ft2demos-2.13.2/src/ftgrid.c
+@@ -420,6 +420,9 @@
+     if ( !line )
+       return;
+ 
+    if (bit->mode == gr_pixel_mode_mono)
+      memset( line, 0, (size_t)( pitch * bit->rows * scale * scale ));
+
+     switch( bit->mode )
+     {
+       case gr_pixel_mode_mono:
--- a/SOURCES/freetype-2.5.2-more-demos.patch
+++ b/SOURCES/freetype-2.5.2-more-demos.patch
@ -14,4 +14,4 @@
 +  EXES += fttimer
   # EXES += testname
 
-   exes: $(EXES:%=$(BIN_DIR_2)/%$E)
+   # Not all demo programs have a man page; we thus check for existence in a
--- a/SPECS/freetype.spec
+++ b/SPECS/freetype.spec
@ -3,9 +3,9 @@

 Summary: A free and portable font rendering engine
 Name: freetype
-Version: 2.10.4
-Release: 9%{?dist}
-License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
+Version: 2.13.2
+Release: 8%{?dist}
+License: (FTL OR GPL-2.0-or-later) AND BSD-3-Clause AND MIT AND MIT-Modern-Variant AND LicenseRef-Fedora-Public-Domain AND Zlib
 URL: http://www.freetype.org
 Source:  http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.xz
 Source1: http://download.savannah.gnu.org/releases/freetype/freetype-doc-%{version}.tar.xz
@ -24,22 +24,8 @@ Patch3:  freetype-2.6.5-libtool.patch
 Patch4:  freetype-2.8-multilib.patch

 Patch5:  freetype-2.10.0-internal-outline.patch
-# Revert ABI/API change
-Patch6:  freetype-2.10.1-debughook.patch

-Patch7:  freetype-2.10.4-png-memory-leak.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1964066
-Patch8:  freetype-2.10.4-covscan.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=2077989
-Patch9:  freetype-2.10.4-avoid-invalid-face-index.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=2077991
-Patch10: freetype-2.10.4-properly-guard-face_index.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=2077985
-Patch11: freetype-2.10.4-guard-face-size.patch
+Patch6:  freetype-2.13.2-SAST-findings.patch

 BuildRequires:  gcc
 BuildRequires: libX11-devel
@ -92,22 +78,17 @@ FreeType.
 %prep
 %setup -q -b 1 -a 2

-%patch0  -p1 -b .enable-spr
-%patch1  -p1 -b .enable-valid
+%patch 0  -p1 -b .enable-spr
+%patch 1  -p1 -b .enable-valid

 pushd ft2demos-%{version}
-%patch2  -p1 -b .more-demos
+%patch 2  -p1 -b .more-demos
 popd

-%patch3 -p1 -b .libtool
-%patch4 -p1 -b .multilib
-%patch5 -p1 -b .internal-outline
-%patch6 -p1 -b .debughook
-%patch7 -p1 -b .png-memory-leak
-%patch8 -p1 -b .covscan
-%patch9 -p1 -b .avoid-invalid-face-index
-%patch10 -p1 -b .properly-guard-face_index
-%patch11 -p1 -b .guard-face-size
+%patch 3 -p1 -b .libtool
+%patch 4 -p1 -b .multilib
+%patch 5 -p1 -b .internal-outline
+%patch 6 -p1 -b .SAST-findings

 %build

@ -201,7 +182,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}

 %files
 %{!?_licensedir:%global license %%doc}
-%license docs/LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
+%license LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
 %{_libdir}/libfreetype.so.*
 %doc README

@ -249,28 +230,74 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
 %{_mandir}/man1/*

 %changelog
-* Tue May 31 2022 Marek Kasik <mkasik@redhat.com> - 2.10.4-9
- Guard face->size
- Resolves: #2079280
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.13.2-8
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Mon Sep 30 2024 Marek Kasik <mkasik@redhat.com> - 2.13.2-7
+- Fix SAST Automation findings
+- Resolves: RHEL-44737
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.13.2-6
+- Bump release for June 2024 mass rebuild
+
+* Tue Feb  6 2024 Marek Kasik <mkasik@redhat.com> - 2.13.2-5
+- Migrated to SPDX license
+
+* Tue Jan 30 2024 Marek Kasik <mkasik@redhat.com> - 2.13.2-4
+- Remove a patch which causes FTBFS
+- Resolves: #2261113
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.13.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.13.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Jan 16 2024 Marek Kasik <mkasik@redhat.com> - 2.13.2-1
+- Update to 2.13.2
+- Resolves: #2217137
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.13.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 27 2023 Marek Kasik <mkasik@redhat.com> - 2.13.1-1
+- Update to 2.13.1
+- Resolves: #2217137
+
+* Sat Feb 25 2023 Marek Kasik <mkasik@redhat.com> - 2.13.0-1
+- Update to 2.13.0
+- Resolves: #2168496
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.12.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.12.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jul  8 2022 Marek Kasik <mkasik@redhat.com> - 2.12.1-2
+- Clear correct flags for doc ownership
+- Resolves: #2104570
+
+* Mon May  2 2022 Marek Kasik <mkasik@redhat.com> - 2.12.1-1
+- Update to 2.12.1
+- Resolves: #2080714

-* Mon May 30 2022 Marek Kasik <mkasik@redhat.com> - 2.10.4-8
- Properly guard "face_index"
- Resolves: #2079262
+* Mon Apr 25 2022 Marek Kasik <mkasik@redhat.com> - 2.12.0-1
+- Update to 2.12.0
+- Resolves: #2070686

-* Thu May 26 2022 Marek Kasik <mkasik@redhat.com> - 2.10.4-7
- Avoid invalid face index
- Resolves: #2079271
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.10.4-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Sat Dec 4 2021 Diego Herrera <dherrera@redhat.com> - 2.11.1-1
+- Update to 2.11.1

-* Wed May 26 2021 Marek Kasik <mkasik@redhat.com> - 2.10.4-5
- Backport fixes for issues found by Coverity scan
- Resolves: #1964066
+* Thu Jul 22 2021 Marek Kasik <mkasik@redhat.com> - 2.11.0-1
+- Update to 2.11.0

-* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.10.4-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.10.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

 * Fri Feb 5 2021 Akira TAGOH <tagoh@redhat.com> - 2.10.4-3
 - Enable HarfBuzz support