From patchwork Tue Jan 27 06:50:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79752 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4154CD25944 for ; Tue, 27 Jan 2026 06:50:25 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4657.1769496623149567590 for ; Mon, 26 Jan 2026 22:50:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kVajfZGw; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-47edd6111b4so60247105e9.1 for ; Mon, 26 Jan 2026 22:50:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769496621; x=1770101421; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=gYs1Vx5bOBlP7xikODaxFSzVpfrsyVUF03bz61ayPqE=; b=kVajfZGweAM7SqQrqE1UniMgTJesVicaTiwT4EkvtdCScbP/EpTXf37v+DpV+m3xpJ 53Rfz2wkuJpZ44TlUbTM0TWNWTZ37RBgxYLV7eTBdb0SucLFs4Dm2Gh5zNLYCggrs9uB 13Ss+dK4Mfw81+siIIH5ZwKqTel5yNesCKGhOh+DZaqs0wNf+OLb+vjG4Kwt9gB088SG 1NaT6IGtQvN1SYuliktrO6O0AMjrqCvBP+WSaxQNLKQxiPcCcBLC5QXWmVUp4Y2zCOik 22YracZe8baGrBtBSF3KJNQnbYFLsS9OSLy5fVICQSGvp6ZJRsforshkdyXbBL4/ngXj dZ7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769496621; x=1770101421; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gYs1Vx5bOBlP7xikODaxFSzVpfrsyVUF03bz61ayPqE=; b=uCpIRhVAbtCJr2OgOagne0Q0QXegO7YJYtW/cKARCQbIGnBkxHKEUBG4Ux3dHAbcRF b6K+GgeSdweSc/O6rYdlxa1rO+DfDmAThGUkOrbCsduVu7xG0kRn/W92eTsU/U3BWZmu SseMJhr/YsRvOI+YjSb7ylzIXZ/omPYvaMrxz9Y9VOHLmpTNikVjr532TokTemSy9MRd JxXikDr1ZRuuU2OqI1IlR91RvV0iYgx9hunhat0LR4Edwnm/9sEarOF17PgjXADr/53q 5pxG6uHxPfkLxBnvpHli8a88+SbO9VhbGO9xqTvB5rFEiz7afWLrCAjoGntgd4s275l1 +VJw== X-Gm-Message-State: AOJu0Yyemq6WsOal4d2F3JII71vLk44vMp1ggiAkcMO1WS6ME+nXhoEj KOM78/9CTu/x7CJc+XhRml0k4dfueg2v7l0Lex60Oqar89DkeVsBqWYl06HxWw== X-Gm-Gg: AZuq6aKNG85kS3JIcqLhMIi0tzxVM/UXaV4y4VUtKXA7RBUtzh27G5PmtqqsFuLWUMy adOi+fvlq0iaubFd79N4CscUzyWz2TmaSUxH9e3vGScMkJEqy35Q/+66bDxKKylE6ggFVOoO3hQ cs8Chbenonj2S4umBX7hf0ikpwuO2T7saB/2iunqKC0T524EzSNjcziKB+pkH2lhg4WxBFzGKbf XK2ADyJ6jeNOPhd4MZOiFV2yh7+4TgfqlYha+FjTJSOgzdt9T99Aq2x8EZ1NjwgzJOWumjsBH9A MI3+yl5V799JCyXrf3eX8fC1vCjnvEUBsHtSSWq65zkE3+pD1JpoovUXOR6ZWTzoWsJL2ZXWgOM csVY2omfLOKvuUMetOacfiYNqA9qEuYnWODE6St8YMxKoju2MoRYZfMTUdDIEdqJ4djqQLtK6mZ lnA8V9PqIy X-Received: by 2002:a5d:5d83:0:b0:435:8ff3:cd5d with SMTP id ffacd0b85a97d-435dd0aff4cmr766824f8f.32.1769496620892; Mon, 26 Jan 2026 22:50:20 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24bf8sm35191925f8f.11.2026.01.26.22.50.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 22:50:20 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v2 1/4] fontforge: upgrade 20230101 -> 20251009 Date: Tue, 27 Jan 2026 07:50:15 +0100 Message-ID: <20260127065019.1324332-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 27 Jan 2026 06:50:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123908 Drop patches that are inluded in this release. libxi has been removed as a dependency, because the project has dropped the x11 drawing backend, it implements everything in gtk. Changelog: https://github.com/fontforge/fontforge/releases/tag/20251009 Signed-off-by: Gyorgy Sarvari --- v2: gtkmm3 has no native version currently. Disable GUI for native builds, and make gtkmm3 as a target-only dependency. v1: https://lists.openembedded.org/g/openembedded-devel/message/123870 ...ons-containing-invalid-directives-hs.patch | 385 ------------------ .../CVE-2024-25081_CVE-2024-25082.patch | 181 -------- ...orge_20230101.bb => fontforge_20251009.bb} | 21 +- 3 files changed, 8 insertions(+), 579 deletions(-) delete mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/0001-Fix-Translations-containing-invalid-directives-hs.patch delete mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081_CVE-2024-25082.patch rename meta-oe/recipes-graphics/fontforge/{fontforge_20230101.bb => fontforge_20251009.bb} (74%) diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/0001-Fix-Translations-containing-invalid-directives-hs.patch b/meta-oe/recipes-graphics/fontforge/fontforge/0001-Fix-Translations-containing-invalid-directives-hs.patch deleted file mode 100644 index 6d133254ed..0000000000 --- a/meta-oe/recipes-graphics/fontforge/fontforge/0001-Fix-Translations-containing-invalid-directives-hs.patch +++ /dev/null @@ -1,385 +0,0 @@ -From e6ccc8a8cf1391010a8220836a732da9fab19c69 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Thu, 7 Sep 2023 12:35:12 -0700 -Subject: [PATCH] Fix Translations containing invalid directives %hs - -Found with gettext 0.22 -Older versions of msgfmt were more sloppy, thus allowing such mistakes to cause bugs at runtime. - -https://bugs.gentoo.org/908868 -https://savannah.gnu.org/bugs/index.php?64333 -https://github.com/fontforge/fontforge/issues/5251 - -Upstream-Status: Pending -Signed-off-by: Khem Raj ---- - fontforgeexe/searchview.c | 2 +- - po/ca.po | 4 ++-- - po/de.po | 4 ++-- - po/en_GB.po | 4 ++-- - po/fr.po | 40 +++++++++++++++++++-------------------- - po/hr.po | 4 ++-- - po/it.po | 8 ++++---- - po/ja.po | 4 ++-- - po/ko.po | 4 ++-- - po/pl.po | 4 ++-- - po/uk.po | 4 ++-- - po/vi.po | 4 ++-- - 12 files changed, 43 insertions(+), 43 deletions(-) - -diff --git a/fontforgeexe/searchview.c b/fontforgeexe/searchview.c -index 1cb39a221..7e1c109cb 100644 ---- a/fontforgeexe/searchview.c -+++ b/fontforgeexe/searchview.c -@@ -516,7 +516,7 @@ return( true ); - if ( ask_if_difficult==2 && !searcher->isvisible ) - return( false ); - if ( gwwv_ask(_("Bad Reference"),(const char **) buttons,1,1, -- _("The %1$s in the search dialog contains a reference to %2$.20hs which does not exist in the new font.\nShould I remove the reference?"), -+ _("The %1$s in the search dialog contains a reference to %2$.20s which does not exist in the new font.\nShould I remove the reference?"), - i==0?_("Search Pattern"):_("Replace Pattern"), - r->sc->name)==1 ) - return( false ); -diff --git a/po/ca.po b/po/ca.po -index e2349b6ef..6c920b7c0 100644 ---- a/po/ca.po -+++ b/po/ca.po -@@ -12347,11 +12347,11 @@ msgstr "Tai" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"Al diàleg de cerca, %1$s conté una referència a %2$.20hs\n" -+"Al diàleg de cerca, %1$s conté una referència a %2$.20s\n" - "que no existeix en el nou tipus.\n" - "Voleu eliminar la referència?" - -diff --git a/po/de.po b/po/de.po -index 41430ffae..8a31aeaa2 100644 ---- a/po/de.po -+++ b/po/de.po -@@ -15765,11 +15765,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"%1$s im Suchdialog enthält eine Referenz auf %2$.20hs, die in der neuen " -+"%1$s im Suchdialog enthält eine Referenz auf %2$.20s, die in der neuen " - "Schrift nicht existiert.\n" - "Soll der Referenz entfernt werden?" - -diff --git a/po/en_GB.po b/po/en_GB.po -index 9bd2d62bb..fce64c97d 100644 ---- a/po/en_GB.po -+++ b/po/en_GB.po -@@ -728,11 +728,11 @@ msgstr "Template Colour" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"The %1$s in the search dialogue contains a reference to %2$.20hs which does " -+"The %1$s in the search dialogue contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - -diff --git a/po/fr.po b/po/fr.po -index 26e446b38..d130f89bc 100644 ---- a/po/fr.po -+++ b/po/fr.po -@@ -291,7 +291,7 @@ msgstr "chaîne %1$.30s pour %2$.30s" - #. GT: $4 is the changed flag ('*' for the changed items) - #, c-format - msgid "%1$.80s at %2$d from %3$.90s%4$s" --msgstr "%1$.80s à %2$d de %3$.90hs%4$s" -+msgstr "%1$.80s à %2$d de %3$.90s%4$s" - - #. GT: This is the title for a window showing a bitmap character - #. GT: It will look something like: -@@ -302,7 +302,7 @@ msgstr "%1$.80s à %2$d de %3$.90hs%4$s" - #. GT: $4 is the font name - #, c-format - msgid "%1$.80s at %2$d size %3$d from %4$.80s" --msgstr "%1$.80s (%2$d) taille %3$d de %4$.80hs" -+msgstr "%1$.80s (%2$d) taille %3$d de %4$.80s" - - #, c-format - msgid "%1$s from lookup subtable %2$.50s" -@@ -7433,7 +7433,7 @@ msgid "" - "Reverting the file will lose those changes.\n" - "Is that what you want?" - msgstr "" --"La fonte %1$.40s dans le fichier %2$.40hs a été modifiée.\n" -+"La fonte %1$.40s dans le fichier %2$.40s a été modifiée.\n" - "Revenir vous fera perdre toutes les modifications.\n" - "Voulez vous vraiment revenir ?" - -@@ -19077,11 +19077,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"Dans %1$s du dialogue de recherche il y a une référence vers %2$.20hs qui " -+"Dans %1$s du dialogue de recherche il y a une référence vers %2$.20s qui " - "n'existe pas dans la nouvelle fonte.\n" - "Faut-il supprimer la référence ?" - -@@ -19925,7 +19925,7 @@ msgid "" - "The fonts %1$.30s and %2$.30s have a different number of glyphs or different " - "encodings" - msgstr "" --"Les fontes %1$.30s et %2$.30hs n'ont pas le même nombre de glyphes ou des " -+"Les fontes %1$.30s et %2$.30s n'ont pas le même nombre de glyphes ou des " - "codages différents" - - #, c-format -@@ -19933,7 +19933,7 @@ msgid "" - "The fonts %1$.30s and %2$.30s use different types of splines (one quadratic, " - "one cubic)" - msgstr "" --"Les fontes %1$.30s et %2$.30hs utilisent des courbes de Bézier d'ordres " -+"Les fontes %1$.30s et %2$.30s utilisent des courbes de Bézier d'ordres " - "différents (quadratique et cubique)" - - msgid "The generated font won't work with ATM" -@@ -19968,8 +19968,8 @@ msgid "" - "The glyph %1$.30s in font %2$.30s has a different hint mask on its contours " - "than in %3$.30s" - msgstr "" --"Le glyphe %1$.30s dans la police %2$.30hs a un masque de hints différent que " --"dans %3$.30hs" -+"Le glyphe %1$.30s dans la police %2$.30s a un masque de hints différent que " -+"dans %3$.30s" - - #, c-format - msgid "" -@@ -19984,8 +19984,8 @@ msgid "" - "The glyph %1$.30s in font %2$.30s has a different number of references than " - "in %3$.30s" - msgstr "" --"Le glyphe %1$.30s de la fonte %2$.30hs a un nombre de références différent " --"dans %3$.30hs" -+"Le glyphe %1$.30s de la fonte %2$.30s a un nombre de références différent " -+"dans %3$.30s" - - #, c-format - msgid "" -@@ -20457,7 +20457,7 @@ msgstr "" - #, c-format - msgid "The outlines of glyph %2$.30s were not found in the font %1$.60s" - msgstr "" --"Le contours du glyphe %2$.30s n'ont pas été trouvés dans la police %1$.60hs" -+"Le contours du glyphe %2$.30s n'ont pas été trouvés dans la police %1$.60s" - - msgid "The paths that make up this glyph intersect one another" - msgstr "Les chemins qui composent ce glyphe se coupent les uns les autres" -@@ -21042,7 +21042,7 @@ msgstr "Il y a déjà une sous-table avec ce nom, changez de nom SVP" - - #, c-format - msgid "There is already an anchor point named %1$.40s in %2$.40s." --msgstr "Il y a déjà une ancre appelée %1$.40s dans %2$.40hs." -+msgstr "Il y a déjà une ancre appelée %1$.40s dans %2$.40s." - - msgid "There is another glyph in the font with this name" - msgstr "Il y a un autre glyphe dans la fonte avec ce nom" -@@ -21441,8 +21441,8 @@ msgid "" - "been able to find is %1$.20s-%2$.20s-%4$d.\n" - "Shall I use that or let you search?" - msgstr "" --"Cette fonte est basée sur le jeu de caractères %1$.20s-%2$.20hs-%3$d, mais " --"ce que j'ai trouvé de mieux c'est %1$.20hs-%2$.20hs-%4$d.\n" -+"Cette fonte est basée sur le jeu de caractères %1$.20s-%2$.20s-%3$d, mais " -+"ce que j'ai trouvé de mieux c'est %1$.20s-%2$.20s-%4$d.\n" - "Devrais-je utiliser cette valeur ou préférez vous chercher ?" - - msgid "" -@@ -21770,7 +21770,7 @@ msgid "" - "with a 0 offset for this combination. Would you like to alter this kerning " - "class entry (or create a kerning pair for just these two glyphs)?" - msgstr "" --"Cette paire de crénage (%.20s et %.20hs) est dans une classe de crénage\n" -+"Cette paire de crénage (%.20s et %.20s) est dans une classe de crénage\n" - "avec un déplacement de 0 pour cette combinaison. Voulez-vous modifier cette " - "partie\n" - "de la classe de crénage (ou créer une nouvelle paire rien que pour ces 2 " -@@ -24551,8 +24551,8 @@ msgid "" - "referred to.\n" - "It will not be copied." - msgstr "" --"Vous essayer de coller une référence vers %1$s dans %2$hs.\n" --"Mais %1$hs n'existe pas dans cette fonte, et FontForge ne trouve pas le " -+"Vous essayer de coller une référence vers %1$s dans %2$s.\n" -+"Mais %1$s n'existe pas dans cette fonte, et FontForge ne trouve pas le " - "glyphe auquel il se référait.\n" - "Le glyphe ne sera pas copié." - -@@ -24562,8 +24562,8 @@ msgid "" - "But %1$s does not exist in this font.\n" - "Would you like to copy the original splines (or delete the reference)?" - msgstr "" --"Vous essayer de coller une référence vers %1$s dans %2$hs.\n" --"Mais %1$hs n'existe pas dans cette fonte.\n" -+"Vous essayer de coller une référence vers %1$s dans %2$s.\n" -+"Mais %1$s n'existe pas dans cette fonte.\n" - "Voulez vous copier le contour d'origine (ou supprimer la référence)?" - - msgid "" -diff --git a/po/hr.po b/po/hr.po -index d261d4ca7..ac41b9250 100644 ---- a/po/hr.po -+++ b/po/hr.po -@@ -20156,11 +20156,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"%1$s u dijaloškom okviru traženja sadrži referencu na %2$.20hs koja ne " -+"%1$s u dijaloškom okviru traženja sadrži referencu na %2$.20s koja ne " - "postoji u fontu.\n" - "Želiš li dozvoliti uklanjanje reference?" - -diff --git a/po/it.po b/po/it.po -index e13711485..d0c3ea987 100644 ---- a/po/it.po -+++ b/po/it.po -@@ -2303,7 +2303,7 @@ msgid "" - "Reverting the file will lose those changes.\n" - "Is that what you want?" - msgstr "" --"Il font %1$.40s nel file %2$.40hs è stato modificato.\n" -+"Il font %1$.40s nel file %2$.40s è stato modificato.\n" - "Ripristinando il file perderai tutte le modifiche.\n" - "È quello che vuoi fare?" - -@@ -5835,7 +5835,7 @@ msgid "" - "The glyph %1$.30s has a different number of contours in font %2$.30s than in " - "%3$.30s" - msgstr "" --"Il glifo %1$.30s ha un diverso numero di contorni nel font %2$.30hs rispetto " -+"Il glifo %1$.30s ha un diverso numero di contorni nel font %2$.30s rispetto " - "a %3$.30s" - - #, c-format -@@ -6235,8 +6235,8 @@ msgid "" - "been able to find is %1$.20s-%2$.20s-%4$d.\n" - "Shall I use that or let you search?" - msgstr "" --"Questo font è basato sulla codifica di caratteri %1$.20s-%2$.20hs-%3$d, ma " --"il migliore che io abbia trovato è %1$.20hs-%2$.20hs-%4$d.\n" -+"Questo font è basato sulla codifica di caratteri %1$.20s-%2$.20s-%3$d, ma " -+"il migliore che io abbia trovato è %1$.20s-%2$.20s-%4$d.\n" - "Devo usare questo valore o preferisci cercare tu stesso?" - - msgid "" -diff --git a/po/ja.po b/po/ja.po -index ed9f5a645..206ae82d1 100644 ---- a/po/ja.po -+++ b/po/ja.po -@@ -11458,11 +11458,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"%1$s には, 新しいフォントには含まれないグリフ %2$.20hs への参照が含まれていま" -+"%1$s には, 新しいフォントには含まれないグリフ %2$.20s への参照が含まれていま" - "す.\n" - "参照を削除しますか?" - -diff --git a/po/ko.po b/po/ko.po -index 971b4db03..4d5c8d40d 100644 ---- a/po/ko.po -+++ b/po/ko.po -@@ -20920,11 +20920,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"검색 대화 상자의 %1$s에는 새 글꼴에 없는 %2$.20hs에 대한 참조가 포함되어 있" -+"검색 대화 상자의 %1$s에는 새 글꼴에 없는 %2$.20s에 대한 참조가 포함되어 있" - "다.\n" - "참조를 제거해야 하는가?" - -diff --git a/po/pl.po b/po/pl.po -index 2bbbf00be..c1fd5a454 100644 ---- a/po/pl.po -+++ b/po/pl.po -@@ -19552,11 +19552,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"%1$s w okienku wyszukiwania zawiera odwołanie do %2$.20hs, który nie " -+"%1$s w okienku wyszukiwania zawiera odwołanie do %2$.20s, który nie " - "istnieje w nowym foncie.\n" - "Czy usunąć to odwołanie?" - -diff --git a/po/uk.po b/po/uk.po -index e3768acc3..3302a1005 100644 ---- a/po/uk.po -+++ b/po/uk.po -@@ -19860,11 +19860,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"%1$s у діалоговому вікні пошуку містить посилання на %2$.20hs, якого не " -+"%1$s у діалоговому вікні пошуку містить посилання на %2$.20s, якого не " - "існує у новому шрифті.\n" - "Вилучити це посилання?" - -diff --git a/po/vi.po b/po/vi.po -index 6aee8bb3f..f5eb739e6 100644 ---- a/po/vi.po -+++ b/po/vi.po -@@ -17109,11 +17109,11 @@ msgstr "" - - #, c-format - msgid "" --"The %1$s in the search dialog contains a reference to %2$.20hs which does " -+"The %1$s in the search dialog contains a reference to %2$.20s which does " - "not exist in the new font.\n" - "Should I remove the reference?" - msgstr "" --"Trong hộp thoại tìm kiếm, %1$s chứa một tham chiếu đến %2$.20hs mà không tồn " -+"Trong hộp thoại tìm kiếm, %1$s chứa một tham chiếu đến %2$.20s mà không tồn " - "tại trong phông mới.\n" - "Bạn có muốn gỡ bỏ tham chiếu này không?" - --- -2.42.0 - diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081_CVE-2024-25082.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081_CVE-2024-25082.patch deleted file mode 100644 index 40f85e9f33..0000000000 --- a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081_CVE-2024-25082.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 216eb14b558df344b206bf82e2bdaf03a1f2f429 Mon Sep 17 00:00:00 2001 -From: Peter Kydas -Date: Tue, 6 Feb 2024 20:03:04 +1100 -Subject: [PATCH] fix splinefont shell command injection (#5367) - -CVE: CVE-2024-25081 -CVE: CVE-2024-25082 -Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429] -Signed-off-by: Peter Marko ---- - fontforge/splinefont.c | 123 +++++++++++++++++++++++++++++------------ - 1 file changed, 89 insertions(+), 34 deletions(-) - -diff --git a/fontforge/splinefont.c b/fontforge/splinefont.c -index 239fdc035..647daee10 100644 ---- a/fontforge/splinefont.c -+++ b/fontforge/splinefont.c -@@ -788,11 +788,14 @@ return( name ); - - char *Unarchive(char *name, char **_archivedir) { - char *dir = getenv("TMPDIR"); -- char *pt, *archivedir, *listfile, *listcommand, *unarchivecmd, *desiredfile; -+ char *pt, *archivedir, *listfile, *desiredfile; - char *finalfile; - int i; - int doall=false; - static int cnt=0; -+ gchar *command[5]; -+ gchar *stdoutresponse = NULL; -+ gchar *stderrresponse = NULL; - - *_archivedir = NULL; - -@@ -827,18 +830,30 @@ return( NULL ); - listfile = malloc(strlen(archivedir)+strlen("/" TOC_NAME)+1); - sprintf( listfile, "%s/" TOC_NAME, archivedir ); - -- listcommand = malloc( strlen(archivers[i].unarchive) + 1 + -- strlen( archivers[i].listargs) + 1 + -- strlen( name ) + 3 + -- strlen( listfile ) +4 ); -- sprintf( listcommand, "%s %s %s > %s", archivers[i].unarchive, -- archivers[i].listargs, name, listfile ); -- if ( system(listcommand)!=0 ) { -- free(listcommand); free(listfile); -- ArchiveCleanup(archivedir); --return( NULL ); -+ command[0] = archivers[i].unarchive; -+ command[1] = archivers[i].listargs; -+ command[2] = name; -+ command[3] = NULL; // command args need to be NULL-terminated -+ -+ if ( g_spawn_sync( -+ NULL, -+ command, -+ NULL, -+ G_SPAWN_SEARCH_PATH, -+ NULL, -+ NULL, -+ &stdoutresponse, -+ &stderrresponse, -+ NULL, -+ NULL -+ ) == FALSE) { // did not successfully execute -+ ArchiveCleanup(archivedir); -+ return( NULL ); - } -- free(listcommand); -+ // Write out the listfile to be read in later -+ FILE *fp = fopen(listfile, "wb"); -+ fwrite(stdoutresponse, strlen(stdoutresponse), 1, fp); -+ fclose(fp); - - desiredfile = ArchiveParseTOC(listfile, archivers[i].ars, &doall); - free(listfile); -@@ -847,22 +862,28 @@ return( NULL ); - return( NULL ); - } - -- /* I tried sending everything to stdout, but that doesn't work if the */ -- /* output is a directory file (ufo, sfdir) */ -- unarchivecmd = malloc( strlen(archivers[i].unarchive) + 1 + -- strlen( archivers[i].listargs) + 1 + -- strlen( name ) + 1 + -- strlen( desiredfile ) + 3 + -- strlen( archivedir ) + 30 ); -- sprintf( unarchivecmd, "( cd %s ; %s %s %s %s ) > /dev/null", archivedir, -- archivers[i].unarchive, -- archivers[i].extractargs, name, doall ? "" : desiredfile ); -- if ( system(unarchivecmd)!=0 ) { -- free(unarchivecmd); free(desiredfile); -- ArchiveCleanup(archivedir); --return( NULL ); -+ command[0] = archivers[i].unarchive; -+ command[1] = archivers[i].extractargs; -+ command[2] = name; -+ command[3] = doall ? "" : desiredfile; -+ command[4] = NULL; -+ -+ if ( g_spawn_sync( -+ (gchar*)archivedir, -+ command, -+ NULL, -+ G_SPAWN_SEARCH_PATH, -+ NULL, -+ NULL, -+ &stdoutresponse, -+ &stderrresponse, -+ NULL, -+ NULL -+ ) == FALSE) { // did not successfully execute -+ free(desiredfile); -+ ArchiveCleanup(archivedir); -+ return( NULL ); - } -- free(unarchivecmd); - - finalfile = malloc( strlen(archivedir) + 1 + strlen(desiredfile) + 1); - sprintf( finalfile, "%s/%s", archivedir, desiredfile ); -@@ -885,20 +906,54 @@ struct compressors compressors[] = { - - char *Decompress(char *name, int compression) { - char *dir = getenv("TMPDIR"); -- char buf[1500]; - char *tmpfn; -- -+ gchar *command[4]; -+ gint stdout_pipe; -+ gchar buffer[4096]; -+ gssize bytes_read; -+ GByteArray *binary_data = g_byte_array_new(); -+ - if ( dir==NULL ) dir = P_tmpdir; - tmpfn = malloc(strlen(dir)+strlen(GFileNameTail(name))+2); - strcpy(tmpfn,dir); - strcat(tmpfn,"/"); - strcat(tmpfn,GFileNameTail(name)); - *strrchr(tmpfn,'.') = '\0'; -- snprintf( buf, sizeof(buf), "%s < %s > %s", compressors[compression].decomp, name, tmpfn ); -- if ( system(buf)==0 ) --return( tmpfn ); -- free(tmpfn); --return( NULL ); -+ -+ command[0] = compressors[compression].decomp; -+ command[1] = "-c"; -+ command[2] = name; -+ command[3] = NULL; -+ -+ // Have to use async because g_spawn_sync doesn't handle nul-bytes in the output (which happens with binary data) -+ if (g_spawn_async_with_pipes( -+ NULL, -+ command, -+ NULL, -+ G_SPAWN_DO_NOT_REAP_CHILD | G_SPAWN_SEARCH_PATH, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ &stdout_pipe, -+ NULL, -+ NULL) == FALSE) { -+ //command has failed -+ return( NULL ); -+ } -+ -+ // Read binary data from pipe and output to file -+ while ((bytes_read = read(stdout_pipe, buffer, sizeof(buffer))) > 0) { -+ g_byte_array_append(binary_data, (guint8 *)buffer, bytes_read); -+ } -+ close(stdout_pipe); -+ -+ FILE *fp = fopen(tmpfn, "wb"); -+ fwrite(binary_data->data, sizeof(gchar), binary_data->len, fp); -+ fclose(fp); -+ g_byte_array_free(binary_data, TRUE); -+ -+ return(tmpfn); - } - - static char *ForceFileToHaveName(FILE *file, char *exten) { diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb similarity index 74% rename from meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb rename to meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb index af77ec913e..ab3af19cda 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb @@ -7,23 +7,24 @@ LIC_FILES_CHKSUM = " \ " DEPENDS = "python3 glib-2.0 pango giflib tiff libxml2 jpeg libtool uthash gettext-native libspiro" -DEPENDS:append:class-target = " libxi" +DEPENDS:append:class-target = " gtkmm3" inherit cmake pkgconfig python3native python3targetconfig features_check gettext gtk-icon-cache mime mime-xdg -REQUIRED_DISTRO_FEATURES:append:class-target = " x11" +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -# tag 20220308 -SRCREV = "a1dad3e81da03d5d5f3c4c1c1b9b5ca5ebcfcecf" -SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ +SRCREV = "c41bdb922285f35defd1e1385adfd13bde1ab32a" +SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https;tag=${PV} \ file://0001-include-sys-select-on-non-glibc-platforms.patch \ file://0001-fontforgeexe-Use-env-to-find-fontforge.patch \ file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ - file://0001-Fix-Translations-containing-invalid-directives-hs.patch \ - file://CVE-2024-25081_CVE-2024-25082.patch \ " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" + +# gui requires gtkmm3, which has no native version at the time of writing this comment +EXTRA_OECMAKE:append:class-native = " -DENABLE_GUI=OFF" + PACKAGECONFIG = "readline" PACKAGECONFIG[readline] = "-DENABLE_READLINE=ON,-DENABLE_READLINE=OFF,readline" @@ -31,12 +32,6 @@ CFLAGS += "-fno-strict-aliasing" LDFLAGS += "-lpython${PYTHON_BASEVERSION}${PYTHON_ABI}" BUILD_LDFLAGS += "-lpython${PYTHON_BASEVERSION}${PYTHON_ABI}" -#do_configure:prepend() { -# uthash sources are expected in uthash/src -# mkdir -p ${S}/uthash/src -# cp ${STAGING_INCDIR}/ut*.h ${S}/uthash/src -#} - PACKAGES =+ "${PN}-python" FILES:${PN} += " \ From patchwork Tue Jan 27 06:50:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79753 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F125D25952 for ; Tue, 27 Jan 2026 06:50:25 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4658.1769496623400414747 for ; Mon, 26 Jan 2026 22:50:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=m4vCUp7y; spf=pass (domain: gmail.com, ip: 209.85.128.50, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4805ef35864so15305545e9.0 for ; Mon, 26 Jan 2026 22:50:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769496622; x=1770101422; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YBWSNdvfgoPwFj9uDTvgTWMAmcJqIM8c0VPMyyV25hY=; b=m4vCUp7yrv5jFaQ1TOTiV9YWKQWaAEc5oe9l6jFG4r/ADlpg6PuJjyaq5f8AhcLht/ vM1Cz+SUnJq70eb3xPWqUrcOIEg9SWy4/IWl6mjHX200dtcEKAdMDohrQadZbYN16ulI gErmwvQFTjwMQkjBz33kthK2kW+wAqyLaWdAanzr1mDXNtVxCjlaNmcASXa+5xILNY8+ unxaJ4TA9RCvPH9GkQ4ix2ib1FMGyzXP7SlydVtHyoDjKKhf5NupAyDGoygsfvuUkaZK KfECwrYzOssKd7r9+0f/34Ub9AEkJOMghU99HI/BFqD0Crog6nkn8+37GJVwPVERonpD 5wNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769496622; x=1770101422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YBWSNdvfgoPwFj9uDTvgTWMAmcJqIM8c0VPMyyV25hY=; b=MEmt96PESh2AD73Sqq9WJ4+0MIDfqytQfcr002FJvK3rFIun4Orj7mSMnWkoKKr5Db 5U3NC/NrvPhasm89C265T48MwBpdrFy4cDFgt1NWfYx0AWKuBn690KkLRhXJVunv2gfg VgRyQ4SN2YNM25d+KetLk1hWZ8hvuYky3nQRiF4S7sLMQCicLubdhn5Twt4IEOEWlKN1 2+PdRfzMtxJAVIfyTBugryHpAfmFxPtxk+9zubgupzBrR81T5765Q7DbIdvs0u40Ku+k JpMu6ZJSic3bwwtBjyhv4gE7tBxj6yLPdg9dV79UxF5XiBf3sFNmJUqECgsTFZVEHlme s7Zw== X-Gm-Message-State: AOJu0Yyrr5rHNrTm3PzHm1nvyXHDsFPz6SICe/8zlTvM0xuhxHjknaM/ kagYEfkrUSaT4ln/QsCIX2gdhLQrAQJyhoHiakRk13xzgZBxkbEFGB2C8o2WJg== X-Gm-Gg: AZuq6aIR3JvWEoblOBPncq0GrVV3O6shGM/ebe0GX8i7hDNCJsl5dDry4nk0pugWBry RoY4iSscNnHy1azV3g9Ml7RblY/zAKBOlN2fvL6LcpS2kRzSXMiE0vflY47L/qXLH1qhHHXbV3I lwyP/pJ8tjUXLgnttFgzoD0yPQeikKABHHAoi46PDZ4orNm+Ztc6QJs3QWySkI/n+7KrClqA34x 9Aeo0bGttLpdsZB5/yZlH6b6eDd19WCm23UV/AVXiiCE1NWq94ThcbGX6TfZbLQ434g+3ABn+AO MVmvk4rYR8uMTL0n8dTUOztovQG1C74Q6vwsYUvtFZeuLxOVaYzVR/03zeBKvIyGkmO2+ZVCm/Q IQf09FAXH5e/ccsGwkTYpQQJe9hUHC4a2+r5LyNTS7JJBUiCt29r+4Bl4ZeyTXqR/UyJAMN+tJg 5Z61+/qY1J X-Received: by 2002:a05:600c:699b:b0:47e:e8de:7420 with SMTP id 5b1f17b1804b1-48069c47cc6mr7350625e9.22.1769496621585; Mon, 26 Jan 2026 22:50:21 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24bf8sm35191925f8f.11.2026.01.26.22.50.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 22:50:21 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v2 2/4] fontforge: patch CVE-2025-15279 Date: Tue, 27 Jan 2026 07:50:16 +0100 Message-ID: <20260127065019.1324332-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260127065019.1324332-1-skandigraun@gmail.com> References: <20260127065019.1324332-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 27 Jan 2026 06:50:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123909 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15279 Pick the patch that mentions this vulnerability ID explicitly. Also, this patch has caused some regression - pick the patch also that fixed that regression. Signed-off-by: Gyorgy Sarvari --- v2: no change v1: https://lists.openembedded.org/g/openembedded-devel/message/123871 .../fontforge/CVE-2025-15279-1.patch | 42 +++++++++++++++++++ .../fontforge/CVE-2025-15279-2.patch | 35 ++++++++++++++++ .../fontforge/fontforge_20251009.bb | 4 +- 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch new file mode 100644 index 0000000000..17f33f41ff --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch @@ -0,0 +1,42 @@ +From ce71f0cdce556f56c5207a33a1be3830a73cc04f Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Thu, 8 Jan 2026 15:47:43 +0100 +Subject: [PATCH] Fix CVE-2025-15279: Heap buffer overflow in BMP RLE + decompression (#5720) + +From: Ahmet Furkan Kavraz <55850855+ahmetfurkankavraz@users.noreply.github.com> + +CVSS: 7.8 (High) +ZDI-CAN-27517 +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15279 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7d67700cf8888e0bb37b453ad54ed932c8587073] +Signed-off-by: Gyorgy Sarvari +--- + gutils/gimagereadbmp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c +index 5a137e28a..133336787 100644 +--- a/gutils/gimagereadbmp.c ++++ b/gutils/gimagereadbmp.c +@@ -181,12 +181,18 @@ static int readpixels(FILE *file,struct bmpheader *head) { + int ii = 0; + while ( iiheight*head->width ) { + int cnt = getc(file); ++ if (cnt < 0 || ii + cnt > head->height * head->width) { ++ return 0; ++ } + if ( cnt!=0 ) { + int ch = getc(file); + while ( --cnt>=0 ) + head->byte_pixels[ii++] = ch; + } else { + cnt = getc(file); ++ if (cnt < 0 || ii + cnt > head->height * head->width) { ++ return 0; ++ } + if ( cnt>= 3 ) { + int odd = cnt&1; + while ( --cnt>=0 ) diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch new file mode 100644 index 0000000000..840a37a8a9 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch @@ -0,0 +1,35 @@ +From 4cd078071e2487f052ec997ee13bb910d796587b Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Mon, 12 Jan 2026 22:45:16 +0100 +Subject: [PATCH] Fix CVE-2025-15279: Move bounds check inside cnt >= 3 block + (#5723) + +From: Ahmet Furkan Kavraz <55850855+ahmetfurkankavraz@users.noreply.github.com> + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15279 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/720ea95020c964202928afd2e93b0f5fac11027e] +Signed-off-by: Gyorgy Sarvari +--- + gutils/gimagereadbmp.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c +index 133336787..ad365158c 100644 +--- a/gutils/gimagereadbmp.c ++++ b/gutils/gimagereadbmp.c +@@ -190,10 +190,10 @@ static int readpixels(FILE *file,struct bmpheader *head) { + head->byte_pixels[ii++] = ch; + } else { + cnt = getc(file); +- if (cnt < 0 || ii + cnt > head->height * head->width) { +- return 0; +- } + if ( cnt>= 3 ) { ++ if (ii + cnt > head->height * head->width) { ++ return 0; ++ } + int odd = cnt&1; + while ( --cnt>=0 ) + head->byte_pixels[ii++] = getc(file); diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb index ab3af19cda..e6533079d5 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb @@ -18,7 +18,9 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https;tag=$ file://0001-include-sys-select-on-non-glibc-platforms.patch \ file://0001-fontforgeexe-Use-env-to-find-fontforge.patch \ file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ -" + file://CVE-2025-15279-1.patch \ + file://CVE-2025-15279-2.patch \ + " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" From patchwork Tue Jan 27 06:50:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79751 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40D08D25953 for ; Tue, 27 Jan 2026 06:50:25 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4509.1769496624047070808 for ; Mon, 26 Jan 2026 22:50:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lFA4QQOS; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-47ee76e8656so77086395e9.0 for ; Mon, 26 Jan 2026 22:50:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769496622; x=1770101422; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FCYMgcLmV18tG/OXPnfuJkKRgpGKxJBEPTA4nyPPazQ=; b=lFA4QQOSs++1dN7x4mQxM2OJ3yfLwGgDYcp6yWKjZKBPR7PECYRtWJ0xb7hooLPxKb DosukHsg1hNzT86ltBnanwVL0HmMl8cfQeHj/SCq/jkYoAm9yVW8mdijTsrUo9nrpiAt j7hBXt1DkUVTDYWSWgn8uMyIEkrEs2ccMB6ojfmGqyLmXYTG7qgpXsHeWb/JR6bzQ8aM UnYCu5fWrhUQjcaO8wr1QjY1SmcOYmAlnBdiTVmQJT2oAo2N1WC+JzJuj/pk4piVkvTg XgbxQfj5K+WiTqvW8sgKW/9LSrHwd2vKzKtqRZTR4qOWrEe3YPCt7HvZzXNt/fFUY7AK 5vkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769496622; x=1770101422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=FCYMgcLmV18tG/OXPnfuJkKRgpGKxJBEPTA4nyPPazQ=; b=TkAjkYUNIrV5W2bdPbn4i+EFfNuw5gADYFcrFJzpnibSJXP0zMTh4hRegvVIAcIGuU E1gGSAV3izuYiDue3lKNOP+i2RaVMyzohm6Ukal0DNwmt1KxQ++5iWfE65XzC39chZ8C Fk9rpIksOTOYWLQJTbOThwbgUG1cRFi6QEZRLSx+1bVU5p8snL12sSF3XlYx8Tc9yUOC rsY9ZkkqCDdBosXC+VcghSjyEbhqb9QxoYpEQN3nPkM93vSt2jW7vaiNJGFcJUq+HTYl MLlqEwCVJAt2Z+aYUkYdZE80HSeF0+VwWCGTgVjY6Xi2mI9h3+r5EFCmTNndg3tjxVbG Sx7Q== X-Gm-Message-State: AOJu0YxYyhZ7kXt6Hcf71FIfNZOu6QfXuGdARa9Toyvf3vCsqEI/0rDE /6VSDV0X10Gts3bFKHxYGHJlT7D5F1AnFLiWE+LcfmmAOxE8c5tsFD99mk6QKA== X-Gm-Gg: AZuq6aLegjpuaHzx4gmWPkwqFeFFCRdVcq04IZruaO1Hlqjql+edr9LVMvbwoostxc8 YmwKg0KAPpsQX95atVsA0s1Oq9FI4j2LI1yeBh+gAVzvOuD7+gJfBwj/GJQsHq9bHxEzl0MY49u /4YYrMXYeh/ybAk//vV2fZpcGXuqDq7IzDryDMmFHtoMe7bu15DjqqBdo1w/mQcXLlTiJdcEux2 SZrHz+UbhllWxx7QayfXuvjKMz0GkW26XUDxdulZYIJnlJP0bfESPxO08uLztKleI9ixZvz+GG3 /DM+3drIA5J1KxzYxtCw0yj0b5sSjm2Wvfo5t3IVXgW3sLFzI11RFGJ+aL7uFVIS9pOrIeL8o2I bQtFO7D3NKrRW4opm2ahbny3du4ZFZUKFpr1E2js1JqcTkrCKuDjSCqyIT51BUI00U6a5QNbsmB 8dk9Sf0fB90RoKmz683IU= X-Received: by 2002:a05:6000:40cb:b0:435:a48a:123f with SMTP id ffacd0b85a97d-435dd1cd8f7mr907793f8f.42.1769496622238; Mon, 26 Jan 2026 22:50:22 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24bf8sm35191925f8f.11.2026.01.26.22.50.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 22:50:21 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v2 3/4] fontforge: patch CVE-2025-15275 Date: Tue, 27 Jan 2026 07:50:17 +0100 Message-ID: <20260127065019.1324332-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260127065019.1324332-1-skandigraun@gmail.com> References: <20260127065019.1324332-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 27 Jan 2026 06:50:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123910 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275 Pick the patch that mentions this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari --- v2: no change v1: https://lists.openembedded.org/g/openembedded-devel/message/123873 .../fontforge/fontforge/CVE-2025-15275.patch | 34 +++++++++++++++++++ .../fontforge/fontforge_20251009.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch new file mode 100644 index 0000000000..d3d00fd9ac --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch @@ -0,0 +1,34 @@ +From 8aed4d992db246a537d07862f31dd04698c3f7e2 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Fri, 9 Jan 2026 16:58:23 +0100 +Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing + (#5721) + +From: Ahmet Furkan Kavraz <55850855+ahmetfurkankavraz@users.noreply.github.com> + +Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15275 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7195402701ace7783753ef9424153eff48c9af44] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 149941148..e19d3a30f 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -3585,6 +3585,10 @@ static ImageList *SFDGetImage(FILE *sfd) { + getint(sfd,&image_type); + getint(sfd,&bpl); + getint(sfd,&clutlen); ++ if ( clutlen < 0 || clutlen > 256 ) { ++ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen); ++ return NULL; ++ } + gethex(sfd,&trans); + image = GImageCreate(image_type,width,height); + base = image->list_len==0?image->u.image:image->u.images[0]; diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb index e6533079d5..4203c1ef58 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https;tag=$ file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ file://CVE-2025-15279-1.patch \ file://CVE-2025-15279-2.patch \ + file://CVE-2025-15275.patch \ " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" From patchwork Tue Jan 27 06:50:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79754 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06E4BD25944 for ; Tue, 27 Jan 2026 06:50:35 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4659.1769496624658528366 for ; Mon, 26 Jan 2026 22:50:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MPWDwa+3; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-47ee07570deso40297395e9.1 for ; Mon, 26 Jan 2026 22:50:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769496623; x=1770101423; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YJKVzu82VYfhv1YSGYn/AjshpR7RCq0xz4BtaUXh6TE=; b=MPWDwa+33CaVALG85XL6suxKU0mWmbZVfvnPn+h/0TNs4y1lfcuqtS5WZAJN5sCRnH YwHkK4YqJfChkTJwE92879/bRMOw+e4liVSZr4+87TQeccdMnSoguAT2GiKR5Imm9/XG 0eePpKiBZdUO9T59pkGvOS8jRZAVfXS5UKPPF7JURXlmpvh2tFtm+d72T+b4zK6mz15G ZyMyGH1VUW9NcPc+9Lt8BtRnCl+fLG1VHR6l7I5BbcVifwebmsn/n5SK1os9QwirYWIf 25mCkF7cE2q+KJHIbPsKvYe2rzqC1vVNutiO6wM8cjTYH1N8q8r0pS1s+yPrcTxxinya 5bkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769496623; x=1770101423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YJKVzu82VYfhv1YSGYn/AjshpR7RCq0xz4BtaUXh6TE=; b=m8m21OGmc71yR82Fxr4Zz9JO0sTKNrtb05w6t3HtNlow+kEjQrQpfkEpubWDZ14EVy +npTXhWGkhgC21qfy9jdiVSGUKpKIfzPvPwPS/wZ9XSJX7BWs0OHlvoj3evyF83azfrp oXOEfNUx/sFeXBsCJnFpFKimDPuuQagDHeenWz6F4lM9Xv1gAbTGen8Em02TgGYPv8Y9 dnINP0dLMAMFjlBURPxyVFot49vFJtrmnBaq17XJxL8VPz4pzpc2vIPS1tw4eUhxeSx9 0RHjSjjV5MsqX8/0oPM/yuuObDaOEiFnw8yNYlStiFDx/yEuR4FmjxzEjFRG+uoYfQY7 T7kA== X-Gm-Message-State: AOJu0YxxGHW6LK9SoOxalyQYJA5U0d2vkDMsjpzR3qy+VIZM48SXLlk8 qT7KKzVeGu+5Qnd5PJmCEM4GYtRfQzIVTdj4RCbTodwv2wMk3Usb4DNbAR49Og== X-Gm-Gg: AZuq6aKodiMzGv/MlsQcc0E5cDH9OL6BvgV3y3ReBL21eK5ZGg0AGP3MGfGppi9MDBZ 4Zw/rCtnBZjErnyHwlqf2f0HgJ7wqAjb7v6kavSNKukrYhF5pUn7gKz9fXf2yW/YiMwnfUASnRD +ve58nDwyD1XEJ/kVxLWILocLIzEoY2HOLV+jhiAttYg8TZ8QsyA+1t4PA1X0BTqx40N0G23uvC lhRAiGaWJDtUesC2KQJCV8ZP3t3mkR0OX1ItJYFGLfR1fGPRaN/bhFOFczIon3O8EN9FuFyHnOq /sNL++z8c5en4SCG1YUygmRpXw12bDKW+iGgPUZCgjn9uv9LVMdEXfFU3ODsZRRH8hPc7zD3b3s TRpJ/nr54GtxpGeCW62GdemnT5CVHWTFgdBiaXgtcJbcN6+v5CE2S3PNHVq2YrPliUH3AObvE4x 6rOBQUiUsc X-Received: by 2002:a05:600c:64ce:b0:475:dd8d:2f52 with SMTP id 5b1f17b1804b1-48069c92cacmr6623975e9.32.1769496622906; Mon, 26 Jan 2026 22:50:22 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435b1c24bf8sm35191925f8f.11.2026.01.26.22.50.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Jan 2026 22:50:22 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v2 4/4] fontforge: patch CVE-2025-15269 Date: Tue, 27 Jan 2026 07:50:18 +0100 Message-ID: <20260127065019.1324332-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260127065019.1324332-1-skandigraun@gmail.com> References: <20260127065019.1324332-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 27 Jan 2026 06:50:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123911 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15269 Pick the patch that refers to this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari --- v2: no change v1: https://lists.openembedded.org/g/openembedded-devel/message/123872 .../fontforge/fontforge/CVE-2025-15269.patch | 36 +++++++++++++++++++ .../fontforge/fontforge_20251009.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch new file mode 100644 index 0000000000..a3e26d407a --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch @@ -0,0 +1,36 @@ +From 6a23476bc5eea880f3f24496710a6133c92a198b Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Sat, 10 Jan 2026 20:06:53 +0100 +Subject: [PATCH] Fix CVE-2025-15269: Use-after-free in SFD ligature parsing + (#5722) + +From: Ahmet Furkan Kavraz <55850855+ahmetfurkankavraz@users.noreply.github.com> + +Prevent circular linked list in LigaCreateFromOldStyleMultiple by clearing +the next pointer after shallow copy. The shallow copy propagates liga's +modified next pointer from previous iterations, creating a cycle that +causes double-free when the list is traversed and freed. + +Fixes: CVE-2025-15269 | ZDI-25-1195 | ZDI-CAN-28564 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15269 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/6aea6db5da332d8ac94e3501bb83c1b21f52074d] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index e19d3a30f..be4220515 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -4647,6 +4647,7 @@ static PST1 *LigaCreateFromOldStyleMultiple(PST1 *liga) { + while ( (pt = strrchr(liga->pst.u.lig.components,';'))!=NULL ) { + new = chunkalloc(sizeof( PST1 )); + *new = *liga; ++ new->pst.next = NULL; + new->pst.u.lig.components = copy(pt+1); + last->pst.next = (PST *) new; + last = new; diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb index 4203c1ef58..cc45740153 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb @@ -21,6 +21,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https;tag=$ file://CVE-2025-15279-1.patch \ file://CVE-2025-15279-2.patch \ file://CVE-2025-15275.patch \ + file://CVE-2025-15269.patch \ " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF"