From 12a5e33a8790afa56e62745b00d0a2fd779bfab7 Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Mon, 17 Mar 2025 07:01:49 +0000
Subject: [PATCH] fix CVE-2025-27363

(cherry picked from commit ef058e8f2dab2fb7835492c6fd0efcca132c626e)
---
 backport-CVE-2025-27363.patch | 36 +++++++++++++++++++++++++++++++++++
 freetype.spec                 | 21 ++++++++++++--------
 2 files changed, 49 insertions(+), 8 deletions(-)
 create mode 100644 backport-CVE-2025-27363.patch

diff --git a/backport-CVE-2025-27363.patch b/backport-CVE-2025-27363.patch
new file mode 100644
index 0000000..85e22d6
--- /dev/null
+++ b/backport-CVE-2025-27363.patch
@@ -0,0 +1,36 @@
+From 73720c7c9958e87b3d134a7574d1720ad2d24442 Mon Sep 17 00:00:00 2001
+From: Alexei Podtelezhnikov <apodtele@gmail.com>
+Date: Sun, 23 Jun 2024 10:58:00 -0400
+Subject: [PATCH] * src/truetype/ttgload.c (load_truetype_glyph): Unsigned fix.
+
+Reference:https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442
+Conflict:NA
+
+---
+ src/truetype/ttgload.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
+index 8cddc394c..b656ccf04 100644
+--- a/src/truetype/ttgload.c
++++ b/src/truetype/ttgload.c
+@@ -1738,14 +1738,14 @@
+       if ( FT_IS_NAMED_INSTANCE( FT_FACE( face ) ) ||
+            FT_IS_VARIATION( FT_FACE( face ) )      )
+       {
+-        short        i, limit;
++        FT_UShort    i, limit;
+         FT_SubGlyph  subglyph;
+ 
+         FT_Outline  outline = { 0, 0, NULL, NULL, NULL, 0 };
+         FT_Vector*  unrounded = NULL;
+ 
+ 
+-        limit = (short)gloader->current.num_subglyphs;
++        limit = (FT_UShort)gloader->current.num_subglyphs;
+ 
+         /* construct an outline structure for              */
+         /* communication with `TT_Vary_Apply_Glyph_Deltas' */
+-- 
+GitLab
+
diff --git a/freetype.spec b/freetype.spec
index a3f91d8..4e19032 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -6,7 +6,7 @@
 
 Name:           freetype
 Version:        2.13.2
-Release:        2
+Release:        3
 Summary:        FreeType is a freely available software library to render fonts
 License:        (FTL OR GPL-2.0-or-later) AND BSD-3-Clause AND MIT AND MIT-Modern-Variant AND Zlib
 URL:            https://www.freetype.org
@@ -24,6 +24,7 @@ Patch6002:      backport-freetype-2.6.5-libtool.patch
 Patch6003:      backport-freetype-2.8-multilib.patch
 Patch6004:      backport-freetype-2.10.0-internal-outline.patch
 Patch6005:      backport-freetype-2.10.1-debughook.patch
+Patch6006:      backport-CVE-2025-27363.patch
 
 BuildRequires: gcc meson
 BuildRequires: pkgconfig(bzip2)
@@ -65,14 +66,15 @@ FreeType.
 %setup -q -b 1 -a 2
 
 pushd ft2demos-%{version}
-%patch -P1  -p1 -b .more-demos
+%patch1 -p1 -b .more-demos
 popd
-%patch -P6000 -p1
-%patch -P6001 -p1
-%patch -P6002 -p1
-%patch -P6003 -p1
-%patch -P6004 -p1
-%patch -P6005 -p1
+%patch6000 -p1
+%patch6001 -p1
+%patch6002 -p1
+%patch6003 -p1
+%patch6004 -p1
+%patch6005 -p1
+%patch6006 -p1
 
 %build
 %configure --disable-static \
@@ -157,6 +159,9 @@ meson test -C out
 %{_mandir}/man1/*
 
 %changelog
+* Mon Mar 17 2025 zhangpan <zhangpan103@h-partners.com> - 2.13.2-3
+- fix CVE-2025-27363
+
 * Sun Aug 11 2024 Funda Wang <fundawang@yeah.net> - 2.13.2-2
 - Cleanup spec
 - Conditioned build harfbuzz support
-- 
Gitee