!14 [sync] PR-11: Fix CVE-2019-19308

From: @openeuler-sync-bot Reviewed-by: @orange-snn Signed-off-by: @orange-snn
2022-02-25 09:04:26 +00:00 · 2022-02-25 09:04:26 +00:00 · 98e2544314
commit 98e2544314
parent 258295f87b 59af712b12
3 changed files with 187 additions and 1 deletions
--- a/CVE-2019-19308-pre.patch
+++ b/CVE-2019-19308-pre.patch
@ -0,0 +1,110 @@
+From cbe443a8db3b7f09b2653d588c2ddd76d47fa496 Mon Sep 17 00:00:00 2001
+From: Cosimo Cecchi <cosimoc@gnome.org>
+Date: Sun, 1 Dec 2019 14:07:30 -0800
+Subject: [PATCH] Move utility to get font name to sushi-font-loader
+
+We'll use this from sushi-font-widget as well.
+---
+ src/font-model.c        |  3 ++-
+ src/font-utils.c        | 11 +----------
+ src/font-utils.h        |  1 -
+ src/sushi-font-loader.c | 14 ++++++++++++++
+ src/sushi-font-loader.h |  3 +++
+ 5 files changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/src/font-model.c b/src/font-model.c
+index 658cba8..e66c401 100644
+--- a/src/font-model.c
+++ b/src/font-model.c
+@@ -33,6 +33,7 @@
+ 
+ #include "font-model.h"
+ #include "font-utils.h"
+#include "sushi-font-loader.h"
+ 
+ struct _FontViewModel
+ {
+@@ -137,7 +138,7 @@ font_view_model_has_face (FontViewModel *self,
+     g_autofree gchar *match_name = NULL;
+ 
+     n_items = g_list_model_get_n_items (G_LIST_MODEL (self->model));
+-    match_name = font_utils_get_font_name (face);
+    match_name = sushi_get_font_name (face, TRUE);
+ 
+     for (idx = 0; idx < n_items; idx++) {
+         FontViewModelItem *item = g_list_model_get_item (G_LIST_MODEL (self->model), idx);
+diff --git a/src/font-utils.c b/src/font-utils.c
+index 5a75fb3..6a41d26 100644
+--- a/src/font-utils.c
+++ b/src/font-utils.c
+@@ -22,15 +22,6 @@
+ 
+ #include "sushi-font-loader.h"
+ 
+-gchar *
+-font_utils_get_font_name (FT_Face face)
+-{
+-    if (g_strcmp0 (face->style_name, "Regular") == 0)
+-        return g_strdup (face->family_name);
+-
+-    return g_strconcat (face->family_name, ", ", face->style_name, NULL);
+-}
+-
+ gchar *
+ font_utils_get_font_name_for_file (FT_Library library,
+                                    GFile *file,
+@@ -49,7 +40,7 @@ font_utils_get_font_name_for_file (FT_Library library,
+         return NULL;
+     }
+ 
+-    name = font_utils_get_font_name (face);
+    name = sushi_get_font_name (face, TRUE);
+     FT_Done_Face (face);
+ 
+     return name;
+diff --git a/src/font-utils.h b/src/font-utils.h
+index 6f73bb4..1787bbb 100644
+--- a/src/font-utils.h
+++ b/src/font-utils.h
+@@ -25,7 +25,6 @@
+ #include FT_FREETYPE_H
+ #include <gio/gio.h>
+ 
+-gchar * font_utils_get_font_name (FT_Face face);
+ gchar * font_utils_get_font_name_for_file (FT_Library library,
+                                            GFile *file,
+                                            gint face_index);
+diff --git a/src/sushi-font-loader.c b/src/sushi-font-loader.c
+index f7cf1de..e7da560 100644
+--- a/src/sushi-font-loader.c
+++ b/src/sushi-font-loader.c
+@@ -172,3 +172,17 @@ sushi_new_ft_face_from_uri_finish (GAsyncResult *result,
+ 
+   return create_face_from_contents (job, contents, error);
+ }
+
+/**
+ * sushi_get_font_name: (skip)
+ *
+ */
+gchar *
+sushi_get_font_name (FT_Face face,
+                     gboolean short_form)
+{
+  if (short_form && g_strcmp0 (face->style_name, "Regular") == 0)
+    return g_strdup (face->family_name);
+
+  return g_strconcat (face->family_name, ", ", face->style_name, NULL);
+}
+diff --git a/src/sushi-font-loader.h b/src/sushi-font-loader.h
+index 82aab03..b078e4a 100644
+--- a/src/sushi-font-loader.h
+++ b/src/sushi-font-loader.h
+@@ -46,4 +46,7 @@ FT_Face sushi_new_ft_face_from_uri_finish (GAsyncResult *result,
+                                            gchar **contents,
+                                            GError **error);
+ 
+gchar * sushi_get_font_name (FT_Face face,
+                             gboolean short_form);
+
+ #endif /* __SUSHI_FONT_LOADER_H__ */
--- a/CVE-2019-19308.patch
+++ b/CVE-2019-19308.patch
@ -0,0 +1,71 @@
+From 9661683379806e2bad6a52ce6dde776a33f4f981 Mon Sep 17 00:00:00 2001
+From: Cosimo Cecchi <cosimoc@gnome.org>
+Date: Sun, 1 Dec 2019 15:22:25 -0800
+Subject: [PATCH] Fallback to basename when no family name (CVE-2019-19308)
+
+Instead of possibly returning an empty string, which will cause
+issues later on.
+
+We store the GFile that was loaded to create the FT_Face into its
+generic client data structure, and load the basename from it when
+we don't have a family name.
+
+https://gitlab.gnome.org/GNOME/gnome-font-viewer/issues/17
+---
+ src/sushi-font-loader.c | 30 +++++++++++++++++++++++++++---
+ 1 file changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/src/sushi-font-loader.c b/src/sushi-font-loader.c
+index e7da560..df28c1a 100644
+--- a/src/sushi-font-loader.c
+++ b/src/sushi-font-loader.c
+@@ -67,6 +67,13 @@ font_load_job_free (FontLoadJob *job)
+ 
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC (FontLoadJob, font_load_job_free)
+ 
+static void
+face_data_finalizer (void *object)
+{
+  FT_Face face = object;
+  g_clear_object (&face->generic.data);
+}
+
+ static FT_Face
+ create_face_from_contents (FontLoadJob *job,
+                            gchar **contents,
+@@ -88,6 +95,9 @@ create_face_from_contents (FontLoadJob *job,
+     return NULL;
+   }
+ 
+  retval->generic.data = g_object_ref (job->file);
+  retval->generic.finalizer = face_data_finalizer;
+
+   *contents = g_steal_pointer (&job->face_contents);
+   return retval;
+ }
+@@ -181,8 +191,22 @@ gchar *
+ sushi_get_font_name (FT_Face face,
+                      gboolean short_form)
+ {
+-  if (short_form && g_strcmp0 (face->style_name, "Regular") == 0)
+-    return g_strdup (face->family_name);
+  const char *style_name = face->style_name;
+  const char *family_name = face->family_name;
+
+  if (family_name == NULL) {
+    /* Try to get the basename of the file this was loaded from */
+    GFile *file = face->generic.data;
+    if (G_IS_FILE (file))
+      return g_file_get_basename (file);
+
+    /* Use an empty string as the last fallback */
+    return g_strdup ("");
+  }
+
+  if (style_name == NULL ||
+      (short_form && g_strcmp0 (style_name, "Regular") == 0))
+    return g_strdup (family_name);
+ 
+-  return g_strconcat (face->family_name, ", ", face->style_name, NULL);
+  return g_strconcat (family_name, ", ", style_name, NULL);
+ }
--- a/gnome-font-viewer.spec
+++ b/gnome-font-viewer.spec
@ -1,10 +1,12 @@
 Name:             gnome-font-viewer
 Version:          3.34.0
-Release:          1
+Release:          2
 Summary:          Utility for previewing fonts for GNOME
 License:          GPLv2+
 URL:              http://www.gnome.org/gnome-3/
 Source0:          http://ftp.gnome.org/pub/GNOME/sources/gnome-font-viewer/3.34/gnome-font-viewer-%{version}.tar.xz
+Patch0:           CVE-2019-19308-pre.patch
+Patch1:           CVE-2019-19308.patch
 BuildRequires:    meson >= 0.40.1 pkgconfig(glib-2.0) >= 2.35.1 pkgconfig(gtk+-3.0) >= 3.20.0 pkgconfig(harfbuzz) >= 0.9.9
 BuildRequires:    pkgconfig(fontconfig) pkgconfig(freetype2) pkgconfig(gnome-desktop-3.0) gettext desktop-file-utils
 BuildRequires:    libappstream-glib
@ -41,6 +43,9 @@ appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/org.gnome
 %{_datadir}/thumbnailers/gnome-font-viewer.thumbnailer

 %changelog
+* Fri Feb 25 2022 yaoxin <yaoxin30@huawei.com> - 3.34.0-2
+- Fix CVE-2019-19308
+
 * Thu Jun 17 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 3.34.0-1
 - Upgrade to 3.34.0