helium-3rd-party/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky synced 2026-04-02 02:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

harfbuzz: Fix CVE-2026-22693

Browse Source 
Pick patch mentioned in NVD report [1]

[1] https://nvd.nist.gov/vuln/detail/CVE-2026-22693

(From OE-Core rev: 541482f93d8447f7a027bacb99a6782ac5ed2a6e)

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Hugo SIMELIERE 2026-03-02 08:06:32 +01:00 committed by Richard Purdie
parent 5a3a169888
commit b095ae1907
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
meta/recipes-graphics/harfbuzz/files/CVE-2026-22693.patch Normal file
View File

@ -0,0 +1,33 @@
From 95d38abd1293cae1f2aa700a3949288fd2c9a4c4 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Fri, 9 Jan 2026 04:54:42 -0700
Subject: [PATCH] [cmap] malloc fail test (#5710)
Fixes https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww
Upstream-Status: Backport [https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae]
CVE: CVE-2026-22693
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
---
src/hb-ot-cmap-table.hh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh
index e2e258185..2f7d72700 100644
--- a/src/hb-ot-cmap-table.hh
+++ b/src/hb-ot-cmap-table.hh
@@ -1534,6 +1534,10 @@ struct SubtableUnicodesCache {
{
SubtableUnicodesCache* cache =
(SubtableUnicodesCache*) hb_malloc (sizeof(SubtableUnicodesCache));
+
+ if (unlikely (!cache))
+ return nullptr;
+
new (cache) SubtableUnicodesCache (source_table);
return cache;
}
--
2.43.0

4
meta/recipes-graphics/harfbuzz/harfbuzz_8.3.0.bb
View File

@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \
file://src/hb-ucd.cc;beginline=1;endline=15;md5=29d4dcb6410429195df67efe3382d8bc \ file://src/hb-ucd.cc;beginline=1;endline=15;md5=29d4dcb6410429195df67efe3382d8bc \
" "
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz \
file://CVE-2026-22693.patch \
"
SRC_URI[sha256sum] = "109501eaeb8bde3eadb25fab4164e993fbace29c3d775bcaa1c1e58e2f15f847" SRC_URI[sha256sum] = "109501eaeb8bde3eadb25fab4164e993fbace29c3d775bcaa1c1e58e2f15f847"
DEPENDS += "glib-2.0-native" DEPENDS += "glib-2.0-native"