summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavide Gardenal <davidegarde2000@gmail.com>2022-05-13 11:57:11 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-05-20 10:08:06 +0100
commit7f44415639d8a386cbe3889c34c6129a0ce07c83 (patch)
treefa787e19f64bdae35bb5cbf7814da6798a5474ce
parent8c489602f218bcf21de0d3c9f8cf620ea5f06430 (diff)
downloadpoky-7f44415639d8a386cbe3889c34c6129a0ce07c83.tar.gz
freetype: backport patch for CVE-2022-27404
CVE: CVE-2022-27404 Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 (From OE-Core rev: af45711f0ab36a1b63fa338755f9a51b227393d1) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch48
-rw-r--r--meta/recipes-graphics/freetype/freetype_2.11.1.bb4
2 files changed, 51 insertions, 1 deletions
diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch b/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
new file mode 100644
index 0000000000..3335fbda06
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
@@ -0,0 +1,48 @@
1From 53dfdcd8198d2b3201a23c4bad9190519ba918db Mon Sep 17 00:00:00 2001
2From: Werner Lemberg <wl@gnu.org>
3Date: Thu, 17 Mar 2022 19:24:16 +0100
4Subject: [PATCH] [sfnt] Avoid invalid face index.
5
6Fixes #1138.
7
8* src/sfnt/sfobjs.c (sfnt_init_face), src/sfnt/sfwoff2.c (woff2_open_font):
9Check `face_index` before decrementing.
10
11Upstream-Status: Backport
12https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db
13
14Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
15---
16 src/sfnt/sfobjs.c | 2 +-
17 src/sfnt/sfwoff2.c | 2 +-
18 2 files changed, 2 insertions(+), 2 deletions(-)
19
20diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c
21index f9d4d3858..9771c35df 100644
22--- a/src/sfnt/sfobjs.c
23+++ b/src/sfnt/sfobjs.c
24@@ -566,7 +566,7 @@
25 face_index = FT_ABS( face_instance_index ) & 0xFFFF;
26
27 /* value -(N+1) requests information on index N */
28- if ( face_instance_index < 0 )
29+ if ( face_instance_index < 0 && face_index > 0 )
30 face_index--;
31
32 if ( face_index >= face->ttc_header.count )
33diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c
34index cb1e0664a..165b875e5 100644
35--- a/src/sfnt/sfwoff2.c
36+++ b/src/sfnt/sfwoff2.c
37@@ -2085,7 +2085,7 @@
38 /* Validate requested face index. */
39 *num_faces = woff2.num_fonts;
40 /* value -(N+1) requests information on index N */
41- if ( *face_instance_index < 0 )
42+ if ( *face_instance_index < 0 && face_index > 0 )
43 face_index--;
44
45 if ( face_index >= woff2.num_fonts )
46--
47GitLab
48
diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb
index 5055ff185c..257c5c6d9a 100644
--- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb
@@ -12,7 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \
12 file://docs/FTL.TXT;md5=9f37b4e6afa3fef9dba8932b16bd3f97 \ 12 file://docs/FTL.TXT;md5=9f37b4e6afa3fef9dba8932b16bd3f97 \
13 file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" 13 file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec"
14 14
15SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz" 15SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \
16 file://CVE-2022-27404.patch \
17 "
16SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" 18SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8"
17 19
18UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" 20UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"