GNU bug report logs -
#30493
[PATCH] gnu: freetype: Fix CVE-2018-6942.
Previous Next
Reported by: Marius Bakke <mbakke <at> fastmail.com>
Date: Fri, 16 Feb 2018 21:31:02 UTC
Severity: normal
Tags: patch
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 30493 in the body.
You can then email your comments to 30493 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#30493; Package
guix-patches.
(Fri, 16 Feb 2018 21:31:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Marius Bakke <mbakke <at> fastmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 16 Feb 2018 21:31:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/fontutils.scm (freetype)[replacement]: New field.
(freetype/fixed): New variable.
---
gnu/local.mk | 1 +
gnu/packages/fontutils.scm | 8 ++++++
gnu/packages/patches/freetype-CVE-2018-6942.patch | 31 +++++++++++++++++++++++
3 files changed, 40 insertions(+)
create mode 100644 gnu/packages/patches/freetype-CVE-2018-6942.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 7fe374208..4ee869e0b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -652,6 +652,7 @@ dist_patch_DATA = \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
+ %D%/packages/patches/freetype-CVE-2018-6942.patch \
%D%/packages/patches/fuse-overlapping-headers.patch \
%D%/packages/patches/gawk-shell.patch \
%D%/packages/patches/gcc-arm-bug-71399.patch \
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 387c4689d..84c8497f0 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -53,6 +53,7 @@
(define-public freetype
(package
(name "freetype")
+ (replacement freetype/fixed)
(version "2.8")
(source (origin
(method url-fetch)
@@ -78,6 +79,13 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
(license license:freetype) ; some files have other licenses
(home-page "https://www.freetype.org/")))
+(define freetype/fixed
+ (package/inherit freetype
+ (source
+ (origin
+ (inherit (package-source freetype))
+ (patches (search-patches "freetype-CVE-2018-6942.patch"))))))
+
(define-public ttfautohint
(package
(name "ttfautohint")
diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch
new file mode 100644
index 000000000..680f35776
--- /dev/null
+++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch
@@ -0,0 +1,31 @@
+Fix CVE-2018-6942:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
+https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html
+
+Copied from upstream (ChangeLog section removed):
+https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
+
+diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
+index d855aaa..551f14a 100644
+--- a/src/truetype/ttinterp.c
++++ b/src/truetype/ttinterp.c
+@@ -7532,8 +7532,16 @@
+ return;
+ }
+
+- for ( i = 0; i < num_axes; i++ )
+- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++ if ( coords )
++ {
++ for ( i = 0; i < num_axes; i++ )
++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++ }
++ else
++ {
++ for ( i = 0; i < num_axes; i++ )
++ args[i] = 0;
++ }
+ }
+
+
--
2.16.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#30493; Package
guix-patches.
(Mon, 19 Feb 2018 21:26:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 30493 <at> debbugs.gnu.org (full text, mbox):
Marius Bakke <mbakke <at> fastmail.com> skribis:
> * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/fontutils.scm (freetype)[replacement]: New field.
> (freetype/fixed): New variable.
LGTM, thanks!
Ludo'.
Reply sent
to
Marius Bakke <mbakke <at> fastmail.com>:
You have taken responsibility.
(Tue, 20 Feb 2018 16:32:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Marius Bakke <mbakke <at> fastmail.com>:
bug acknowledged by developer.
(Tue, 20 Feb 2018 16:32:04 GMT)
Full text and
rfc822 format available.
Message #13 received at 30493-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:
> Marius Bakke <mbakke <at> fastmail.com> skribis:
>
>> * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> * gnu/packages/fontutils.scm (freetype)[replacement]: New field.
>> (freetype/fixed): New variable.
>
> LGTM, thanks!
Pushed as b1989c12501e880afab62d3ff961791906fef350.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 21 Mar 2018 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 95 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.