fix CVE-2023-2004

2023-04-17 09:33:08 +00:00 · 2023-04-17 09:33:08 +00:00 · 7138813857
commit 7138813857
parent 5a82e11f4b
2 changed files with 43 additions and 1 deletions
--- a/backport-CVE-2023-2004.patch
+++ b/backport-CVE-2023-2004.patch
@ -0,0 +1,37 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index aad3e29..a69a9b5 100644
+--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
+@@ -42,6 +42,7 @@
+ #include <ft2build.h>
+ #include <freetype/internal/ftdebug.h>
+ #include FT_CONFIG_CONFIG_H
+#include <freetype/internal/ftcalc.h>
+ #include <freetype/internal/ftstream.h>
+ #include <freetype/internal/sfnt.h>
+ #include <freetype/tttags.h>
+@@ -1075,7 +1076,7 @@
+                 delta == 1 ? "" : "s",
+                 vertical ? "VVAR" : "HVAR" ));
+ 
+-    *avalue += delta;
+    *avalue = ADD_INT(*avalue, delta );
+ 
+   Exit:
+     return error;
+-- 
+2.33.0
+
--- a/freetype.spec
+++ b/freetype.spec
@ -4,7 +4,7 @@

 Name:           freetype
 Version:        2.12.1
-Release:        1
+Release:        2
 Summary:        FreeType is a freely available software library to render fonts
 License:        (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
 URL:            http://www.freetype.org
@ -20,6 +20,7 @@ Patch6002:      backport-freetype-2.6.5-libtool.patch
 Patch6003:      backport-freetype-2.8-multilib.patch
 Patch6004:      backport-freetype-2.10.0-internal-outline.patch
 Patch6005:      backport-freetype-2.10.1-debughook.patch
+Patch6006:      backport-CVE-2023-2004.patch

 BuildRequires:  gcc libX11-devel libpng-devel zlib-devel bzip2-devel

@ -67,6 +68,7 @@ popd
 %patch6003 -p1
 %patch6004 -p1
 %patch6005 -p1
+%patch6006 -p1

 %build
 %configure --disable-static --with-zlib=yes --with-bzip2=yes --with-png=yes --enable-freetype-config --with-harfbuzz=no
@ -140,6 +142,9 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
 %{_mandir}/man1/*

 %changelog
+* Mon Apr 17 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.1-2
+- fix CVE-2023-2004
+
 * Tue Nov 29 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2.12.1-1
 - update to 2.12.1