CVE: CVE-2022-27405 Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
Signed-off-by: Davide Gardenal <davide.garde...@huawei.com> --- .../freetype/freetype/CVE-2022-27405.patch | 41 +++++++++++++++++++ .../freetype/freetype_2.11.1.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch b/meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch new file mode 100644 index 0000000000..582a985221 --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch @@ -0,0 +1,41 @@ +From 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <w...@gnu.org> +Date: Sat, 19 Mar 2022 06:40:17 +0100 +Subject: [PATCH] * src/base/ftobjs.c (ft_open_face_internal): Properly guard + `face_index`. + +We must ensure that the cast to `FT_Int` doesn't change the sign. + +Fixes #1139. + +Upstream-Status: Backport +https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 + +Signed-off-by: Davide Gardenal <davide.garde...@huawei.com> +--- + src/base/ftobjs.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c +index 2c0f0e6c9..10952a6c6 100644 +--- a/src/base/ftobjs.c ++++ b/src/base/ftobjs.c +@@ -2527,6 +2527,15 @@ + #endif + + ++ /* only use lower 31 bits together with sign bit */ ++ if ( face_index > 0 ) ++ face_index &= 0x7FFFFFFFL; ++ else ++ { ++ face_index &= 0x7FFFFFFFL; ++ face_index = -face_index; ++ } ++ + #ifdef FT_DEBUG_LEVEL_TRACE + FT_TRACE3(( "FT_Open_Face: " )); + if ( face_index < 0 ) +-- +GitLab + diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb index 257c5c6d9a..02a81a4f4f 100644 --- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb @@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \ file://CVE-2022-27404.patch \ + file://CVE-2022-27405.patch \ " SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165553): https://lists.openembedded.org/g/openembedded-core/message/165553 Mute This Topic: https://lists.openembedded.org/mt/91077293/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-