https://bugs.freedesktop.org/show_bug.cgi?id=101202

Our test case relies on the outcome of the family property from freetype though,
it was changed in 2.7.1:

  - PCF family names are made more `colourful'; they now include the
    foundry  and information  whether they contain  wide characters.
    For example,  you no longer get `Fixed' but  rather `Sony Fixed'
    or `Misc Fixed Wide'.

https://bugs.freedesktop.org/show_bug.cgi?id=47704

PATH_MAX isn't defined on GNU/Hurd. according to the porting guidelines
(https://www.gnu.org/software/hurd/hurd/porting/guidelines.html)
allocate a memory dynamically instead of relying on the length of
a string with PATH_MAX.

https://bugs.freedesktop.org/show_bug.cgi?id=97512

To support the one of changes in gperf 3.1:
* The 'len' parameter of the hash function and of the lookup function is now
  of type 'size_t' instead of 'unsigned int'. This makes it safe to call these
  functions with strings of length > 4 GB, on 64-bit machines.

Khem Raj authored Dec 14, 2016 and Akira TAGOH committed Dec 20, 2016

glibc 2.25+ has now defined these macros in <limits.h>
https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a



Create an alias for FC_CHAR_WIDTH for ABI compatibility

Signed-off-by: Khem Raj <raj.khem@gmail.com>

Validation fails when the FcValueList contains more than font->num.
this logic was wrong because font->num contains a number of the elements
in FcPatternElt but FcValue in FcValueList.

This corrects 7a4a5bd7.

Patch from Tobias Stoeckmann

Masamichi Hosoda authored Aug 24, 2016 and Akira TAGOH committed Sep 23, 2016

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c8342b4a7b6cdcc4cb1261bf2b008f6df257b5c6
http://git.ghostscript.com/?p=urw-core35-fonts.git;a=commit;h=79bcdfb34fbce12b592cce389fa7a19da6b5b018

Masamichi Hosoda authored Aug 24, 2016 and Akira TAGOH committed Sep 16, 2016

`Helvetica Condensed' is not PostScript base 35 fonts.
`Helvetica Narrow' is PostScript base 35 fonts.

Alan Coopersmith authored Aug 10, 2016 and Akira TAGOH committed Aug 15, 2016

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Tobias Stoeckmann authored Jun 25, 2016 and Akira TAGOH committed Aug 05, 2016

The cache files are insufficiently validated. Even though the magic
number at the beginning of the file as well as time stamps are checked,
it is not verified if contained offsets are in legal ranges or are
even pointers.

The lack of validation allows an attacker to trigger arbitrary free()
calls, which in turn allows double free attacks and therefore arbitrary
code execution. Due to the conversion from offsets into pointers through
macros, this even allows to circumvent ASLR protections.

This attack vector allows privilege escalation when used with setuid
binaries like fbterm. A user can create ~/.fonts or any other
system-defined user-private font directory, run fc-cache and adjust
cache files in ~/.cache/fontconfig. The execution of setuid binaries will
scan these files and therefore are prone to attacks.

If it's not about code execution, an endless loop can be created by
letting linked lists become circular linked lists.

This patch verifies that:

- The file is not larger than the maximum addressable space, which
  basically only affects 32 bit systems. This allows out of boundary
  access into unallocated memory.
- Offsets are always positive or zero
- Offsets do not point outside file boundaries
- No pointers are allowed in cache files, every "pointer or offset"
  field must be an offset or NULL
- Iterating linked lists must not take longer than the amount of elements
  specified. A violation of this rule can break a possible endless loop.

If one or more of these points are violated, the cache is recreated.
This is current behaviour.

Even though this patch fixes many issues, the use of mmap() shall be
forbidden in setuid binaries. It is impossible to guarantee with these
checks that a malicious user does not change cache files after
verification. This should be handled in a different patch.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Fix a crash issue when FcWeightFromOpenType() gets a number more than it expects.

python is required to build fontconfig from the scratch

https://bugs.freedesktop.org/show_bug.cgi?id=91406

Erik de Castro Lopo authored May 28, 2016 and Akira TAGOH committed May 30, 2016

These fixes are needed for the test suite to pass when compiled
with Address Sanitizer.

For Serif:
  Cambria, Constantia, Elephant, MS Serif

For Sans Serif:
  Arial Unicode MS, Britannic, Calibri, Candara, Century Gothic, Corbel,
  Haettenschweiler, MS Sans Serif, Tahoma, Twentieth Century

For Monospace:
  Consolas, Fixedsys, Terminal

This is an issue on Android M, which denies non-root users access to link().

Patch from Rodger Combs

fc-blanks.py now works on both python2 and 3

This reverts commit f44bfad2.

Align the 'wght' axis default value to OS/2 weight value and
adjust accordingly.  This makes both default=1.0 and default=400
models to work.