From b693f6d3d48b281fbbf71fd56996c85e23c3a9c9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Eren=20T=C3=BCrkay?= Date: Fri, 28 Dec 2012 01:00:00 +0200 Subject: [PATCH] freetype: update to 2.4.11 which includes fixes for CVE-2012-{5668, 5669, 5670} MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Multiple security issues were reported by Mateusz Jurczyk of Google security team. These have been fixed in freetype 2.4.11. Details are as follows. * CVE-2012-5668: NULL Pointer Dereference in bdf_free_font Bug: https://savannah.nongnu.org/bugs/?37905 Patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a * CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs Bug: https://savannah.nongnu.org/bugs/?37906 Patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d * CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs Bug: https://savannah.nongnu.org/bugs/?37907 Patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8 For original e-mail and CVE assignment, see the following URLs: http://www.openwall.com/lists/oss-security/2012/12/25/1 http://www.openwall.com/lists/oss-security/2012/12/25/2 Signed-off-by: Eren Türkay Signed-off-by: Saul Wold --- .../{freetype-2.4.10 => freetype-2.4.11}/no-hardcode.patch | 0 .../freetype/{freetype_2.4.10.bb => freetype_2.4.11.bb} | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-graphics/freetype/{freetype-2.4.10 => freetype-2.4.11}/no-hardcode.patch (100%) rename meta/recipes-graphics/freetype/{freetype_2.4.10.bb => freetype_2.4.11.bb} (91%) diff --git a/meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch b/meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch similarity index 100% rename from meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch rename to meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch diff --git a/meta/recipes-graphics/freetype/freetype_2.4.10.bb b/meta/recipes-graphics/freetype/freetype_2.4.11.bb similarity index 91% rename from meta/recipes-graphics/freetype/freetype_2.4.10.bb rename to meta/recipes-graphics/freetype/freetype_2.4.11.bb index 35d6d221f3..53fde1d948 100644 --- a/meta/recipes-graphics/freetype/freetype_2.4.10.bb +++ b/meta/recipes-graphics/freetype/freetype_2.4.11.bb @@ -18,8 +18,8 @@ PR = "r0" SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \ file://no-hardcode.patch" -SRC_URI[md5sum] = "13286702e9390a91661f980608adaff1" -SRC_URI[sha256sum] = "0c8e242c33c45928de560d7d595db06feb41d1b22167e37260ceabe72f9e992f" +SRC_URI[md5sum] = "b93435488942486c8d0ca22e8f768034" +SRC_URI[sha256sum] = "ef9d0bcb64647d9e5125dc7534d7ca371c98310fec87677c410f397f71ffbe3f" S = "${WORKDIR}/freetype-${PV}" -- 2.40.1