Accepting request 998792 from M17N

bsc#1200264, CVE-2022-31782 OBS-URL: https://build.opensuse.org/request/show/998792 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freetype2?expand=0&rev=97
2022-08-24 13:10:44 +00:00 · 2022-08-24 13:10:44 +00:00 · 0cb2999ca8
commit 0cb2999ca8
parent cc6afb32ff c890a54654
4 changed files with 27 additions and 2 deletions
--- a/CVE-2022-31782.patch
+++ b/CVE-2022-31782.patch
@ -0,0 +1,12 @@
+--- a/src/ftbench.c
+++ b/src/ftbench.c
+@@ -1242,6 +1242,9 @@
+     if ( get_face( &face ) )
+       goto Exit;
+ 
+    if ( !face->num_glyphs )
+      goto Exit;
+
+     if ( first_index >= face->num_glyphs )
+       first_index = face->num_glyphs - 1;
+     if ( last_index >= face->num_glyphs )
--- a/freetype2.changes
+++ b/freetype2.changes
@ -70,6 +70,8 @@ Fri Apr  8 17:06:49 UTC 2022 - Dirk Müller <dmueller@suse.com>
  - The `ftdump` demo  program shows more information  for Type1 fonts
    if option `-n` is given.
  - `ftgrid` can now display embedded bitmap strikes.
+  - fixes bsc#1198830 (CVE-2022-27404), bsc#1198832 (CVE-2022-27405),
+    bsc#1198823 (CVE-2022-27406)

 -------------------------------------------------------------------
 Thu Dec  2 22:07:29 UTC 2021 - Dirk Müller <dmueller@suse.com>
@ -107,8 +109,9 @@ Fri Jul 23 07:10:11 UTC 2021 - Ismail Dönmez <ismail@i10z.com>
 Tue Oct 20 09:38:30 UTC 2020 - Ismail Dönmez <idonmez@suse.com>

 - Update to version 2.10.4
-  * Fix a heap buffer overflow has been found  in the handling of embedded
-    PNG bitmaps, introduced in FreeType version 2.6 (CVE-2020-15999 bsc#1177914)
+  * Fix a heap buffer overflow has been found  in the handling of
+    embedded PNG bitmaps, introduced in FreeType version 2.6
+    (CVE-2020-15999 bsc#1177914)
  * Minor improvements to the B/W rasterizer.
  * Auto-hinter support for Medefaidrin script.
  * Fix various  memory leaks (mainly  for CFF) and other  issues that
--- a/ft2demos.changes
+++ b/ft2demos.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Aug 23 09:29:39 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Add CVE-2022-31782.patch
+  * Fix bsc#1200264, CVE-2022-31782: heap-based buffer overflow in
+    ftbench.c 
+
 -------------------------------------------------------------------
 Fri Aug 12 12:30:19 UTC 2022 - Stephan Kulow <coolo@suse.com>

--- a/ft2demos.spec
+++ b/ft2demos.spec
@ -40,6 +40,8 @@ NoSource:       1000
 Patch201:       overflow.patch
 # PATCH-FIX-OPENSUSE don-t-mark-libpng-as-required-library.patch -- it is private in .pc
 Patch202:       don-t-mark-libpng-as-required-library.patch
+# PATCH-FIX-UPSTREAM CVE-2022-31782.patch -- exit if face->num_glyphs is zero
+Patch203:       CVE-2022-31782.patch
 Patch308961:    bugzilla-308961-cmex-workaround.patch
 BuildRequires:  libpng-devel
 BuildRequires:  pkgconfig
@ -173,6 +175,7 @@ This tool is part of the FreeType project
 %patch308961 -p 1
 pushd ../ft2demos-%{version}
 %patch201 -p1
+%patch203 -p1
 popd
 %patch202 -p1