From: Davide Gardenal <[email protected]> CVE: CVE-2022-27406
Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 Signed-off-by: Davide Gardenal <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- .../freetype/freetype/CVE-2022-27406.patch | 32 +++++++++++++++++++ .../freetype/freetype_2.11.1.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch b/meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch new file mode 100644 index 0000000000..49f76c643f --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch @@ -0,0 +1,32 @@ +From 0c2bdb01a2e1d24a3e592377a6d0822856e10df2 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <[email protected]> +Date: Sat, 19 Mar 2022 09:37:28 +0100 +Subject: [PATCH] * src/base/ftobjs.c (FT_Request_Size): Guard `face->size`. + +Fixes #1140. + +Upstream-Status: Backport +https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2 + +Signed-off-by: Davide Gardenal <[email protected]> +--- + src/base/ftobjs.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c +index 6492a1517..282c9121a 100644 +--- a/src/base/ftobjs.c ++++ b/src/base/ftobjs.c +@@ -3409,6 +3409,9 @@ + if ( !face ) + return FT_THROW( Invalid_Face_Handle ); + ++ if ( !face->size ) ++ return FT_THROW( Invalid_Size_Handle ); ++ + if ( !req || req->width < 0 || req->height < 0 || + req->type >= FT_SIZE_REQUEST_TYPE_MAX ) + return FT_THROW( Invalid_Argument ); +-- +GitLab + diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb index 02a81a4f4f..5b464d3d70 100644 --- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb @@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \ file://CVE-2022-27404.patch \ file://CVE-2022-27405.patch \ + file://CVE-2022-27406.patch \ " SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165748): https://lists.openembedded.org/g/openembedded-core/message/165748 Mute This Topic: https://lists.openembedded.org/mt/91170102/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
