diff options
| author | Davide Gardenal <davidegarde2000@gmail.com> | 2022-05-13 11:57:11 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-20 10:08:06 +0100 |
| commit | 7f44415639d8a386cbe3889c34c6129a0ce07c83 (patch) | |
| tree | fa787e19f64bdae35bb5cbf7814da6798a5474ce | |
| parent | 8c489602f218bcf21de0d3c9f8cf620ea5f06430 (diff) | |
| download | poky-7f44415639d8a386cbe3889c34c6129a0ce07c83.tar.gz | |
freetype: backport patch for CVE-2022-27404
CVE: CVE-2022-27404
Upstream issue:
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
(From OE-Core rev: af45711f0ab36a1b63fa338755f9a51b227393d1)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch | 48 | ||||
| -rw-r--r-- | meta/recipes-graphics/freetype/freetype_2.11.1.bb | 4 |
2 files changed, 51 insertions, 1 deletions
diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch b/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch new file mode 100644 index 0000000000..3335fbda06 --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | From 53dfdcd8198d2b3201a23c4bad9190519ba918db Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Werner Lemberg <wl@gnu.org> | ||
| 3 | Date: Thu, 17 Mar 2022 19:24:16 +0100 | ||
| 4 | Subject: [PATCH] [sfnt] Avoid invalid face index. | ||
| 5 | |||
| 6 | Fixes #1138. | ||
| 7 | |||
| 8 | * src/sfnt/sfobjs.c (sfnt_init_face), src/sfnt/sfwoff2.c (woff2_open_font): | ||
| 9 | Check `face_index` before decrementing. | ||
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db | ||
| 13 | |||
| 14 | Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> | ||
| 15 | --- | ||
| 16 | src/sfnt/sfobjs.c | 2 +- | ||
| 17 | src/sfnt/sfwoff2.c | 2 +- | ||
| 18 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c | ||
| 21 | index f9d4d3858..9771c35df 100644 | ||
| 22 | --- a/src/sfnt/sfobjs.c | ||
| 23 | +++ b/src/sfnt/sfobjs.c | ||
| 24 | @@ -566,7 +566,7 @@ | ||
| 25 | face_index = FT_ABS( face_instance_index ) & 0xFFFF; | ||
| 26 | |||
| 27 | /* value -(N+1) requests information on index N */ | ||
| 28 | - if ( face_instance_index < 0 ) | ||
| 29 | + if ( face_instance_index < 0 && face_index > 0 ) | ||
| 30 | face_index--; | ||
| 31 | |||
| 32 | if ( face_index >= face->ttc_header.count ) | ||
| 33 | diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c | ||
| 34 | index cb1e0664a..165b875e5 100644 | ||
| 35 | --- a/src/sfnt/sfwoff2.c | ||
| 36 | +++ b/src/sfnt/sfwoff2.c | ||
| 37 | @@ -2085,7 +2085,7 @@ | ||
| 38 | /* Validate requested face index. */ | ||
| 39 | *num_faces = woff2.num_fonts; | ||
| 40 | /* value -(N+1) requests information on index N */ | ||
| 41 | - if ( *face_instance_index < 0 ) | ||
| 42 | + if ( *face_instance_index < 0 && face_index > 0 ) | ||
| 43 | face_index--; | ||
| 44 | |||
| 45 | if ( face_index >= woff2.num_fonts ) | ||
| 46 | -- | ||
| 47 | GitLab | ||
| 48 | |||
diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb index 5055ff185c..257c5c6d9a 100644 --- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb | |||
| @@ -12,7 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \ | |||
| 12 | file://docs/FTL.TXT;md5=9f37b4e6afa3fef9dba8932b16bd3f97 \ | 12 | file://docs/FTL.TXT;md5=9f37b4e6afa3fef9dba8932b16bd3f97 \ |
| 13 | file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" | 13 | file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" |
| 14 | 14 | ||
| 15 | SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz" | 15 | SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \ |
| 16 | file://CVE-2022-27404.patch \ | ||
| 17 | " | ||
| 16 | SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" | 18 | SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" |
| 17 | 19 | ||
| 18 | UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" | 20 | UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" |
