From 1e922576f25960246066650a17c6159f09186d89 Mon Sep 17 00:00:00 2001
From: weidongkl <weidong@uniontech.com>
Date: Thu, 24 Jul 2025 16:55:54 +0800
Subject: [PATCH] fix CVE-2022-31782

Signed-off-by: weidongkl <weidong@uniontech.com>
---
 backport-CVE-2022-31782.patch | 27 +++++++++++++++++++++++++++
 freetype.spec                 |  7 ++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-31782.patch

diff --git a/backport-CVE-2022-31782.patch b/backport-CVE-2022-31782.patch
new file mode 100644
index 0000000..2db1c6f
--- /dev/null
+++ b/backport-CVE-2022-31782.patch
@@ -0,0 +1,27 @@
+From 3541af5e7805a4d897b8a1b199eb5037b9f1a477 Mon Sep 17 00:00:00 2001
+From: Alexei Podtelezhnikov <apodtele@gmail.com>
+Date: Tue, 24 May 2022 18:24:18 +0000
+Subject: [PATCH] * src/ftbench.c (main): Check the number of glyphs.
+
+Fixes #8.
+---
+ src/ftbench.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/ftbench.c b/src/ftbench.c
+index c57b5282..7dfe8ea4 100644
+--- a/src/ftbench.c
++++ b/src/ftbench.c
+@@ -1242,6 +1242,9 @@
+     if ( get_face( &face ) )
+       goto Exit;
+ 
++    if ( !face->num_glyphs )
++      goto Exit;
++
+     if ( first_index >= face->num_glyphs )
+       first_index = face->num_glyphs - 1;
+     if ( last_index >= face->num_glyphs )
+-- 
+GitLab
+
diff --git a/freetype.spec b/freetype.spec
index c7232e2..68884bd 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -4,7 +4,7 @@
 
 Name:           freetype
 Version:        2.10.2
-Release:        6
+Release:        7
 Summary:        FreeType is a freely available software library to render fonts
 License:        (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
 URL:            http://www.freetype.org
@@ -27,6 +27,7 @@ Patch6008:      backport-0002-CVE-2022-27405.patch
 Patch6009:      backport-CVE-2022-27406.patch
 Patch6010:      backport-CVE-2023-2004.patch
 Patch6011:      backport-CVE-2025-27363.patch
+Patch6012:      backport-CVE-2022-31782.patch 
 
 BuildRequires:  gcc libX11-devel libpng-devel zlib-devel bzip2-devel
 
@@ -76,6 +77,7 @@ popd
 %patch6009 -p1
 %patch6010 -p1
 %patch6011 -p1
+%patch6012 -p1
 
 %build
 %configure --disable-static --with-zlib=yes --with-bzip2=yes --with-png=yes --enable-freetype-config --with-harfbuzz=no
@@ -150,6 +152,9 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_includedir}/freetype2/freetype/co
 %{_mandir}/man1/*
 
 %changelog
+* Thu Jul 24 2025 weidongkl <weidong@uniontech.com> - 2.10.2-7
+- fix CVE-2022-31782
+
 * Tue Mar 18 2025 zhangpan <zhangpan103@h-partners.com> - 2.10.2-6
 - fix CVE-2025-27363
 
-- 
Gitee