[OE-core] [PATCH] libxfont: bump versions to 1.5.3 and 2.0.2
Ovidiu Panait
ovidiu.panait at windriver.com
Fri Nov 3 17:56:26 UTC 2017
Bump libxfont version to 1.5.3 and libxfont2 version to 2.0.2 in order to
eliminate CVE-2017-13720 and CVE-2017-13722 vulnerabilities.
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2
and 2.x before 2.0.2, an attacker with access to an X connection can cause
a buffer over-read during pattern matching of fonts, leading to information
disclosure or a crash (denial of service). This occurs because '\0'
characters are incorrectly skipped in situations involving ? characters.
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2
and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used
by local attackers authenticated to an Xserver for a buffer over-read, for
information disclosure or a crash of the X server.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13720
https://nvd.nist.gov/vuln/detail/CVE-2017-13722
Upstream patches:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
Signed-off-by: Ovidiu Panait <ovidiu.panait at windriver.com>
---
.../xorg-lib/{libxfont2_2.0.1.bb => libxfont2_2.0.2.bb} | 4 ++--
.../xorg-lib/{libxfont_1.5.2.bb => libxfont_1.5.3.bb} | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-graphics/xorg-lib/{libxfont2_2.0.1.bb => libxfont2_2.0.2.bb} (80%)
rename meta/recipes-graphics/xorg-lib/{libxfont_1.5.2.bb => libxfont_1.5.3.bb} (81%)
diff --git a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.1.bb b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
similarity index 80%
rename from meta/recipes-graphics/xorg-lib/libxfont2_2.0.1.bb
rename to meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
index 4bfb290..08d1123 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.1.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
@@ -15,8 +15,8 @@ XORG_PN = "libXfont2"
BBCLASSEXTEND = "native"
-SRC_URI[md5sum] = "0d9f6dd9c23bf4bcbfb00504b566baf5"
-SRC_URI[sha256sum] = "e9fbbb475ddd171b3a6a54b989cbade1f6f874fc35d505ebc5be426bc6e4db7e"
+SRC_URI[md5sum] = "d39e6446e46f939486d1a8b856e8b67b"
+SRC_URI[sha256sum] = "94088d3b87f7d42c7116d9adaad155859e93330c6e47f5989f2de600b9a6c111"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
diff --git a/meta/recipes-graphics/xorg-lib/libxfont_1.5.2.bb b/meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
similarity index 81%
rename from meta/recipes-graphics/xorg-lib/libxfont_1.5.2.bb
rename to meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
index b11dda5..5b15a4e 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont_1.5.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
@@ -18,8 +18,8 @@ XORG_PN = "libXfont"
BBCLASSEXTEND = "native"
-SRC_URI[md5sum] = "254ee42bd178d18ebc7a73aacfde7f79"
-SRC_URI[sha256sum] = "02945ea68da447102f3e6c2b896c1d2061fd115de99404facc2aca3ad7010d71"
+SRC_URI[md5sum] = "9ba75bf38ba62a6ad52550ab716da9b3"
+SRC_URI[sha256sum] = "ab85c10fd2683481dfef672a77fe60e6a2039558cbc0e9bf56b5e1df471c93d0"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
--
2.10.2
More information about the Openembedded-core
mailing list