From cf9a7e4cc66fc3813d4957ad68d2d40c15109af7 Mon Sep 17 00:00:00 2001 From: Davide Gardenal Date: Fri, 13 May 2022 11:58:01 +0200 Subject: freetype: backport patch for CVE-2022-27406 CVE: CVE-2022-27406 Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 (From OE-Core rev: 2c1df19405e2f52b06feec0506ad56cef7d4c6c1) Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie --- .../freetype/freetype/CVE-2022-27406.patch | 32 ++++++++++++++++++++++ meta/recipes-graphics/freetype/freetype_2.11.1.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch b/meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch new file mode 100644 index 0000000000..49f76c643f --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch @@ -0,0 +1,32 @@ +From 0c2bdb01a2e1d24a3e592377a6d0822856e10df2 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg +Date: Sat, 19 Mar 2022 09:37:28 +0100 +Subject: [PATCH] * src/base/ftobjs.c (FT_Request_Size): Guard `face->size`. + +Fixes #1140. + +Upstream-Status: Backport +https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2 + +Signed-off-by: Davide Gardenal +--- + src/base/ftobjs.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c +index 6492a1517..282c9121a 100644 +--- a/src/base/ftobjs.c ++++ b/src/base/ftobjs.c +@@ -3409,6 +3409,9 @@ + if ( !face ) + return FT_THROW( Invalid_Face_Handle ); + ++ if ( !face->size ) ++ return FT_THROW( Invalid_Size_Handle ); ++ + if ( !req || req->width < 0 || req->height < 0 || + req->type >= FT_SIZE_REQUEST_TYPE_MAX ) + return FT_THROW( Invalid_Argument ); +-- +GitLab + diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb index 02a81a4f4f..5b464d3d70 100644 --- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb @@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \ file://CVE-2022-27404.patch \ file://CVE-2022-27405.patch \ + file://CVE-2022-27406.patch \ " SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" -- cgit v1.2.3-54-g00ecf