1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch
new file mode 100644
index 0000000000..609d73d3f7
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch
@@ -0,0 +1,31 @@
+From 9b6b5754b57c12b820e01305eb69b8863a161e5a Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Sat, 15 Dec 2012 00:34:41 +0000
+Subject: [bdf] Fix Savannah bug #37905.
+* src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in
+case of allocation error; this value gets used in a loop in
+`bdf_free_font'.
+Upstream-Status: Pending
+Signed-off-by: Eren Turkay <eren@hambedded.org>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
+index ed08a6e..8d7f9a0 100644
+--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
+@@ -2169,7 +2169,10 @@
+       p->cnt = p->font->props_size = _bdf_atoul( p->list.field[1], 0, 10 );
+ 
+       if ( FT_NEW_ARRAY( p->font->props, p->cnt ) )
+      {
+        p->font->props_size = 0;
+         goto Exit;
+      }
+ 
+       p->flags |= _BDF_PROPS;
+       *next     = _bdf_parse_properties;
+--
+cgit v0.9.0.2

diff --git a/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch new file mode 100644 index 0000000000..609d73d3f7 --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch
@@ -0,0 +1,31 @@
	1	From 9b6b5754b57c12b820e01305eb69b8863a161e5a Mon Sep 17 00:00:00 2001
	2	From: Werner Lemberg <wl@gnu.org>
	3	Date: Sat, 15 Dec 2012 00:34:41 +0000
	4	Subject: [bdf] Fix Savannah bug #37905.
	5
	6	* src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in
	7	case of allocation error; this value gets used in a loop in
	8	`bdf_free_font'.
	9
	10	Upstream-Status: Pending
	11
	12	Signed-off-by: Eren Turkay <eren@hambedded.org>
	13	Signed-off-by: Scott Garman <scott.a.garman@intel.com>
	14	---
	15	diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
	16	index ed08a6e..8d7f9a0 100644
	17	--- a/src/bdf/bdflib.c
	18	+++ b/src/bdf/bdflib.c
	19	@@ -2169,7 +2169,10 @@
	20	p->cnt = p->font->props_size = _bdf_atoul( p->list.field[1], 0, 10 );
	21
	22	if ( FT_NEW_ARRAY( p->font->props, p->cnt ) )
	23	+ {
	24	+ p->font->props_size = 0;
	25	goto Exit;
	26	+ }
	27
	28	p->flags \|= _BDF_PROPS;
	29	*next = _bdf_parse_properties;
	30	--
	31	cgit v0.9.0.2