summaryrefslogtreecommitdiff
path: root/recipes
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-03-21 10:25:53 +0800
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-03-21 10:25:53 +0800
commitcb1278efa38d7791b6ca9e9e3e61d4f1b7ee1a2e (patch)
tree709ea518321d9184991b96aa89bb7b715384a727 /recipes
parent7301d2aeb445a4a0f589cc7579e3995fe3a3ad17 (diff)
pango-1.24.4: Address flaw in handling Opentype fonts
Addresses CVE-2010-0421. This CVE applies to all versions of pango < 1.27.1 so when someone upgrades pango to 1.26.x he needs to apply the same patch.
Diffstat (limited to 'recipes')
-rw-r--r--recipes/pango/pango-1.24.4/CVE-2010-0421.patch32
-rw-r--r--recipes/pango/pango.inc2
-rw-r--r--recipes/pango/pango_1.24.4.bb4
3 files changed, 38 insertions, 0 deletions
diff --git a/recipes/pango/pango-1.24.4/CVE-2010-0421.patch b/recipes/pango/pango-1.24.4/CVE-2010-0421.patch
new file mode 100644
index 0000000000..b3656d7b61
--- /dev/null
+++ b/recipes/pango/pango-1.24.4/CVE-2010-0421.patch
@@ -0,0 +1,32 @@
+CVE-2010-0421
+--- a/pango/opentype/harfbuzz-gdef.c
++++ b/pango/opentype/harfbuzz-gdef.c
+@@ -923,7 +923,7 @@ HB_Error HB_GDEF_Build_ClassDefinition(
+ goto Fail1;
+ }
+
+- if ( gcrr[count - 1].End != num_glyphs - 1 )
++ if ( gcrr[count - 1].End + 1 < num_glyphs )
+ {
+ if ( ALLOC_ARRAY( ngc[count],
+ ( num_glyphs - gcrr[count - 1].End + 2 ) / 4,
+@@ -938,7 +938,9 @@ HB_Error HB_GDEF_Build_ClassDefinition(
+ HB_UShort ) )
+ goto Fail2;
+ }
+-
++ else
++ num_glyphs = 1;
++
+ gdef->LastGlyph = num_glyphs - 1;
+
+ gdef->MarkAttachClassDef_offset = 0L;
+@@ -996,6 +998,8 @@ _HB_GDEF_Add_Glyph_Property( HB_GDEFHead
+ HB_ClassRangeRecord* gcrr;
+ HB_UShort** ngc;
+
++ if ( glyphID >= gdef->LastGlyph )
++ return 0;
+
+ error = _HB_OPEN_Get_Class( &gdef->GlyphClassDef, glyphID, &class, &index );
+ if ( error && error != HB_Err_Not_Covered )
diff --git a/recipes/pango/pango.inc b/recipes/pango/pango.inc
index 545f0c0fa8..d0b18755b9 100644
--- a/recipes/pango/pango.inc
+++ b/recipes/pango/pango.inc
@@ -17,6 +17,8 @@ PACKAGES_DYNAMIC = "pango-module-*"
RRECOMMENDS_${PN} = "pango-module-basic-x pango-module-basic-fc"
+INC_PR = "r0"
+
# seems to go wrong with default cflags
FULL_OPTIMIZATION_arm = "-O2"
diff --git a/recipes/pango/pango_1.24.4.bb b/recipes/pango/pango_1.24.4.bb
index ce81d89263..7211534593 100644
--- a/recipes/pango/pango_1.24.4.bb
+++ b/recipes/pango/pango_1.24.4.bb
@@ -1,2 +1,6 @@
require pango.inc
+PR = "${INC_PR}.1"
+
+SRC_URI += "file://CVE-2010-0421.patch;patch=1"
+