diff options
| author | Eren Türkay <eren@hambedded.org> | 2012-12-28 01:00:00 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2012-12-31 09:43:27 +0000 |
| commit | 09359e6ec00901abfe49157f1f9730117b4d284b (patch) | |
| tree | d1cd22cbaf34dd341908e5ea85deb2f743671af8 /meta | |
| parent | 4b5705c426743e812d6da25ff37c335e073bfb12 (diff) | |
| download | poky-09359e6ec00901abfe49157f1f9730117b4d284b.tar.gz | |
freetype: update to 2.4.11 which includes fixes for CVE-2012-{5668, 5669, 5670}
Multiple security issues were reported by Mateusz Jurczyk of Google
security team. These have been fixed in freetype 2.4.11. Details are as
follows.
* CVE-2012-5668: NULL Pointer Dereference in bdf_free_font
Bug: https://savannah.nongnu.org/bugs/?37905
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a
* CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37906
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d
* CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37907
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8
For original e-mail and CVE assignment, see the following URLs:
http://www.openwall.com/lists/oss-security/2012/12/25/1
http://www.openwall.com/lists/oss-security/2012/12/25/2
(From OE-Core rev: b693f6d3d48b281fbbf71fd56996c85e23c3a9c9)
Signed-off-by: Eren Türkay <eren@hambedded.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch (renamed from meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-graphics/freetype/freetype_2.4.11.bb (renamed from meta/recipes-graphics/freetype/freetype_2.4.10.bb) | 4 |
2 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch b/meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch index 0f21d1ff26..0f21d1ff26 100644 --- a/meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch +++ b/meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch | |||
diff --git a/meta/recipes-graphics/freetype/freetype_2.4.10.bb b/meta/recipes-graphics/freetype/freetype_2.4.11.bb index 35d6d221f3..53fde1d948 100644 --- a/meta/recipes-graphics/freetype/freetype_2.4.10.bb +++ b/meta/recipes-graphics/freetype/freetype_2.4.11.bb | |||
| @@ -18,8 +18,8 @@ PR = "r0" | |||
| 18 | SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \ | 18 | SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \ |
| 19 | file://no-hardcode.patch" | 19 | file://no-hardcode.patch" |
| 20 | 20 | ||
| 21 | SRC_URI[md5sum] = "13286702e9390a91661f980608adaff1" | 21 | SRC_URI[md5sum] = "b93435488942486c8d0ca22e8f768034" |
| 22 | SRC_URI[sha256sum] = "0c8e242c33c45928de560d7d595db06feb41d1b22167e37260ceabe72f9e992f" | 22 | SRC_URI[sha256sum] = "ef9d0bcb64647d9e5125dc7534d7ca371c98310fec87677c410f397f71ffbe3f" |
| 23 | 23 | ||
| 24 | S = "${WORKDIR}/freetype-${PV}" | 24 | S = "${WORKDIR}/freetype-${PV}" |
| 25 | 25 | ||