From: Davide Gardenal <[email protected]> CVE: CVE-2022-27404
Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 Signed-off-by: Davide Gardenal <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- .../freetype/freetype/CVE-2022-27404.patch | 48 +++++++++++++++++++ .../freetype/freetype_2.11.1.bb | 4 +- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch b/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch new file mode 100644 index 0000000000..3335fbda06 --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch @@ -0,0 +1,48 @@ +From 53dfdcd8198d2b3201a23c4bad9190519ba918db Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <[email protected]> +Date: Thu, 17 Mar 2022 19:24:16 +0100 +Subject: [PATCH] [sfnt] Avoid invalid face index. + +Fixes #1138. + +* src/sfnt/sfobjs.c (sfnt_init_face), src/sfnt/sfwoff2.c (woff2_open_font): +Check `face_index` before decrementing. + +Upstream-Status: Backport +https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db + +Signed-off-by: Davide Gardenal <[email protected]> +--- + src/sfnt/sfobjs.c | 2 +- + src/sfnt/sfwoff2.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c +index f9d4d3858..9771c35df 100644 +--- a/src/sfnt/sfobjs.c ++++ b/src/sfnt/sfobjs.c +@@ -566,7 +566,7 @@ + face_index = FT_ABS( face_instance_index ) & 0xFFFF; + + /* value -(N+1) requests information on index N */ +- if ( face_instance_index < 0 ) ++ if ( face_instance_index < 0 && face_index > 0 ) + face_index--; + + if ( face_index >= face->ttc_header.count ) +diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c +index cb1e0664a..165b875e5 100644 +--- a/src/sfnt/sfwoff2.c ++++ b/src/sfnt/sfwoff2.c +@@ -2085,7 +2085,7 @@ + /* Validate requested face index. */ + *num_faces = woff2.num_fonts; + /* value -(N+1) requests information on index N */ +- if ( *face_instance_index < 0 ) ++ if ( *face_instance_index < 0 && face_index > 0 ) + face_index--; + + if ( face_index >= woff2.num_fonts ) +-- +GitLab + diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb index 5055ff185c..257c5c6d9a 100644 --- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb @@ -12,7 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \ file://docs/FTL.TXT;md5=9f37b4e6afa3fef9dba8932b16bd3f97 \ file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" -SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz" +SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \ + file://CVE-2022-27404.patch \ + " SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165746): https://lists.openembedded.org/g/openembedded-core/message/165746 Mute This Topic: https://lists.openembedded.org/mt/91170100/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
