diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-03-21 10:25:53 +0800 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-03-21 10:25:53 +0800 |
commit | cb1278efa38d7791b6ca9e9e3e61d4f1b7ee1a2e (patch) | |
tree | 709ea518321d9184991b96aa89bb7b715384a727 /recipes | |
parent | 7301d2aeb445a4a0f589cc7579e3995fe3a3ad17 (diff) |
pango-1.24.4: Address flaw in handling Opentype fonts
Addresses CVE-2010-0421. This CVE applies to all versions of pango < 1.27.1
so when someone upgrades pango to 1.26.x he needs to apply the same patch.
Diffstat (limited to 'recipes')
-rw-r--r-- | recipes/pango/pango-1.24.4/CVE-2010-0421.patch | 32 | ||||
-rw-r--r-- | recipes/pango/pango.inc | 2 | ||||
-rw-r--r-- | recipes/pango/pango_1.24.4.bb | 4 |
3 files changed, 38 insertions, 0 deletions
diff --git a/recipes/pango/pango-1.24.4/CVE-2010-0421.patch b/recipes/pango/pango-1.24.4/CVE-2010-0421.patch new file mode 100644 index 0000000000..b3656d7b61 --- /dev/null +++ b/recipes/pango/pango-1.24.4/CVE-2010-0421.patch @@ -0,0 +1,32 @@ +CVE-2010-0421 +--- a/pango/opentype/harfbuzz-gdef.c ++++ b/pango/opentype/harfbuzz-gdef.c +@@ -923,7 +923,7 @@ HB_Error HB_GDEF_Build_ClassDefinition( + goto Fail1; + } + +- if ( gcrr[count - 1].End != num_glyphs - 1 ) ++ if ( gcrr[count - 1].End + 1 < num_glyphs ) + { + if ( ALLOC_ARRAY( ngc[count], + ( num_glyphs - gcrr[count - 1].End + 2 ) / 4, +@@ -938,7 +938,9 @@ HB_Error HB_GDEF_Build_ClassDefinition( + HB_UShort ) ) + goto Fail2; + } +- ++ else ++ num_glyphs = 1; ++ + gdef->LastGlyph = num_glyphs - 1; + + gdef->MarkAttachClassDef_offset = 0L; +@@ -996,6 +998,8 @@ _HB_GDEF_Add_Glyph_Property( HB_GDEFHead + HB_ClassRangeRecord* gcrr; + HB_UShort** ngc; + ++ if ( glyphID >= gdef->LastGlyph ) ++ return 0; + + error = _HB_OPEN_Get_Class( &gdef->GlyphClassDef, glyphID, &class, &index ); + if ( error && error != HB_Err_Not_Covered ) diff --git a/recipes/pango/pango.inc b/recipes/pango/pango.inc index 545f0c0fa8..d0b18755b9 100644 --- a/recipes/pango/pango.inc +++ b/recipes/pango/pango.inc @@ -17,6 +17,8 @@ PACKAGES_DYNAMIC = "pango-module-*" RRECOMMENDS_${PN} = "pango-module-basic-x pango-module-basic-fc" +INC_PR = "r0" + # seems to go wrong with default cflags FULL_OPTIMIZATION_arm = "-O2" diff --git a/recipes/pango/pango_1.24.4.bb b/recipes/pango/pango_1.24.4.bb index ce81d89263..7211534593 100644 --- a/recipes/pango/pango_1.24.4.bb +++ b/recipes/pango/pango_1.24.4.bb @@ -1,2 +1,6 @@ require pango.inc +PR = "${INC_PR}.1" + +SRC_URI += "file://CVE-2010-0421.patch;patch=1" + |