1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch
new file mode 100644
index 0000000000..e4a991e984
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch
@@ -0,0 +1,31 @@
+From 07bdb6e289c7954e2a533039dc93c1c136099d2d Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Sat, 15 Dec 2012 01:02:23 +0000
+Subject: [bdf] Fix Savannah bug #37906.
+* src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for
+checking `glyph_enc'.
+Upstream-Status: Pending
+Signed-off-by: Eren Turkay <eren@hambedded.org>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
+index 8d7f9a0..f9c06ca 100644
+--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
+@@ -1628,8 +1628,9 @@
+ 
+       /* Check that the encoding is in the Unicode range because  */
+       /* otherwise p->have (a bitmap with static size) overflows. */
+-      if ( p->glyph_enc > 0                               &&
+-           (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
+      if ( p->glyph_enc > 0                                      &&
+           (size_t)p->glyph_enc >= sizeof ( p->have ) /
+                                   sizeof ( unsigned long ) * 32 )
+       {
+         FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" ));
+         error = BDF_Err_Invalid_File_Format;
+--
+cgit v0.9.0.2

diff --git a/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch new file mode 100644 index 0000000000..e4a991e984 --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch
@@ -0,0 +1,31 @@
	1	From 07bdb6e289c7954e2a533039dc93c1c136099d2d Mon Sep 17 00:00:00 2001
	2	From: Werner Lemberg <wl@gnu.org>
	3	Date: Sat, 15 Dec 2012 01:02:23 +0000
	4	Subject: [bdf] Fix Savannah bug #37906.
	5
	6	* src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for
	7	checking `glyph_enc'.
	8
	9	Upstream-Status: Pending
	10
	11	Signed-off-by: Eren Turkay <eren@hambedded.org>
	12	Signed-off-by: Scott Garman <scott.a.garman@intel.com>
	13	---
	14	diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
	15	index 8d7f9a0..f9c06ca 100644
	16	--- a/src/bdf/bdflib.c
	17	+++ b/src/bdf/bdflib.c
	18	@@ -1628,8 +1628,9 @@
	19
	20	/* Check that the encoding is in the Unicode range because */
	21	/* otherwise p->have (a bitmap with static size) overflows. */
	22	- if ( p->glyph_enc > 0 &&
	23	- (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
	24	+ if ( p->glyph_enc > 0 &&
	25	+ (size_t)p->glyph_enc >= sizeof ( p->have ) /
	26	+ sizeof ( unsigned long ) * 32 )
	27	{
	28	FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" ));
	29	error = BDF_Err_Invalid_File_Format;
	30	--
	31	cgit v0.9.0.2