diff --git a/freetype-fix-cve-CVE-2025-27363.patch b/freetype-fix-cve-CVE-2025-27363.patch new file mode 100644 index 0000000000000000000000000000000000000000..a67c5763c7729111b19ca24cd7125a3f27ea01ee --- /dev/null +++ b/freetype-fix-cve-CVE-2025-27363.patch @@ -0,0 +1,49 @@ +From ba1c02cf415a589d20aefe6ef3037e38bdeb92d6 Mon Sep 17 00:00:00 2001 +From: zhuhongbo +Date: Mon, 14 Jul 2025 14:33:55 +0800 +Subject: [PATCH] fix cve CVE-2025-27363 + +--- + include/freetype/internal/ftmemory.h | 7 +++---- + src/sfnt/ttload.c | 3 +++ + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/include/freetype/internal/ftmemory.h b/include/freetype/internal/ftmemory.h +index 59e5b58..58f5e16 100644 +--- a/include/freetype/internal/ftmemory.h ++++ b/include/freetype/internal/ftmemory.h +@@ -336,14 +336,13 @@ extern "C++" + #define FT_RENEW_ARRAY( ptr, curcnt, newcnt ) \ + FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) ) + +-#define FT_QNEW( ptr ) \ +- FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) ) ++#define FT_QNEW( ptr ) FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) ) + + #define FT_QNEW_ARRAY( ptr, count ) \ +- FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) ) ++ FT_MEM_SET_ERROR( FT_MEM_QNEW_ARRAY( ptr, count ) ) + + #define FT_QRENEW_ARRAY( ptr, curcnt, newcnt ) \ +- FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) ) ++ FT_MEM_SET_ERROR( FT_MEM_QRENEW_ARRAY( ptr, curcnt, newcnt ) ) + + + FT_BASE( FT_Pointer ) +diff --git a/src/sfnt/ttload.c b/src/sfnt/ttload.c +index f9e4a8d..bdab757 100644 +--- a/src/sfnt/ttload.c ++++ b/src/sfnt/ttload.c +@@ -960,6 +960,9 @@ + } + } + ++ /* mark the string as not yet converted */ ++ entry->string = NULL; ++ + entry++; + } + +-- +2.39.3 + diff --git a/freetype.spec b/freetype.spec index 444c1a159364d5d19b35eb7feeb1acfe0fad9815..d0aef2c5b59ff3502e5d1c02bbe4a9ec8f8323c2 100644 --- a/freetype.spec +++ b/freetype.spec @@ -7,7 +7,7 @@ Summary: A free and portable font rendering engine Name: freetype Version: 2.8 -Release: 14%{?dist}.1 +Release: 15%{?dist}.1 License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement Group: System Environment/Libraries URL: http://www.freetype.org @@ -53,6 +53,7 @@ Patch13: freetype-2.8-bw-hinting.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1890210 Patch14: freetype-2.8-png-bitmap-size.patch Patch15: freetype-2.8-png-memory-leak.patch +Patch16: freetype-fix-cve-CVE-2025-27363.patch BuildRequires: libX11-devel BuildRequires: libpng-devel @@ -125,6 +126,7 @@ popd %patch13 -p1 -b .bw-hinting %patch14 -p1 -b .png-bitmap-size %patch15 -p1 -b .png-memory-leak +%patch16 -p1 -b .cve-CVE-2025-27363 %build @@ -240,6 +242,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la} %{_mandir}/man1/* %changelog +* Mon Jul 14 2025 zhuhongbo - 2.8-15.el7_9.1 +- fix: fix cve CVE-2025-27363 + * Fri Oct 30 2020 Marek Kasik - 2.8-14.el7_9.1 - Test bitmap size earlier for PNGs - Fix memory leak in pngshim.c