git.openpandora.org / openembedded.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7301d2a)
pango-1.24.4: Address flaw in handling Opentype fonts
authorHolger Hans Peter Freyther <zecke@selfish.org>
Sun, 21 Mar 2010 02:25:53 +0000 (10:25 +0800)
committerHolger Hans Peter Freyther <zecke@selfish.org>
Sun, 21 Mar 2010 02:25:53 +0000 (10:25 +0800)
Addresses CVE-2010-0421. This CVE applies to all versions of pango < 1.27.1
so when someone upgrades pango to 1.26.x he needs to apply the same patch.

recipes/pango/pango-1.24.4/CVE-2010-0421.patch [new file with mode: 0644] patch | blob
recipes/pango/pango.inc patch | blob | history
recipes/pango/pango_1.24.4.bb patch | blob | history

diff --git a/recipes/pango/pango-1.24.4/CVE-2010-0421.patch b/recipes/pango/pango-1.24.4/CVE-2010-0421.patch
new file mode 100644 (file)
index 0000000..b3656d7
--- /dev/null
+++ b/recipes/pango/pango-1.24.4/CVE-2010-0421.patch
@@ -0,0 +1,32 @@
+CVE-2010-0421
+--- a/pango/opentype/harfbuzz-gdef.c
++++ b/pango/opentype/harfbuzz-gdef.c
+@@ -923,7 +923,7 @@ HB_Error  HB_GDEF_Build_ClassDefinition(
+           goto Fail1;
+       }
+-      if ( gcrr[count - 1].End != num_glyphs - 1 )
++      if ( gcrr[count - 1].End + 1 < num_glyphs )
+       {
+       if ( ALLOC_ARRAY( ngc[count],
+                         ( num_glyphs - gcrr[count - 1].End + 2 ) / 4,
+@@ -938,7 +938,9 @@ HB_Error  HB_GDEF_Build_ClassDefinition(
+                       HB_UShort ) )
+         goto Fail2;
+   }
+-      
++  else
++    num_glyphs = 1;
++
+   gdef->LastGlyph = num_glyphs - 1;
+   gdef->MarkAttachClassDef_offset = 0L;
+@@ -996,6 +998,8 @@ _HB_GDEF_Add_Glyph_Property( HB_GDEFHead
+   HB_ClassRangeRecord*  gcrr;
+   HB_UShort**            ngc;
++  if ( glyphID >= gdef->LastGlyph )
++    return 0;
+   error = _HB_OPEN_Get_Class( &gdef->GlyphClassDef, glyphID, &class, &index );
+   if ( error && error != HB_Err_Not_Covered )
diff --git a/recipes/pango/pango.inc b/recipes/pango/pango.inc
index 545f0c0..d0b1875 100644 (file)
--- a/recipes/pango/pango.inc
+++ b/recipes/pango/pango.inc
@@ -17,6 +17,8 @@ PACKAGES_DYNAMIC = "pango-module-*"
 
 RRECOMMENDS_${PN} = "pango-module-basic-x pango-module-basic-fc" 
 
+INC_PR = "r0"
+
 # seems to go wrong with default cflags
 FULL_OPTIMIZATION_arm = "-O2"
 
diff --git a/recipes/pango/pango_1.24.4.bb b/recipes/pango/pango_1.24.4.bb
index ce81d89..7211534 100644 (file)
--- a/recipes/pango/pango_1.24.4.bb
+++ b/recipes/pango/pango_1.24.4.bb
@@ -1,2 +1,6 @@
 require pango.inc
 
+PR = "${INC_PR}.1"
+
+SRC_URI += "file://CVE-2010-0421.patch;patch=1"
+
Clone of mainline OpenEmbedded repository