From unknown Sun Jun 22 20:57:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#30493] [PATCH] gnu: freetype: Fix CVE-2018-6942. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 16 Feb 2018 21:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 30493 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 30493@debbugs.gnu.org Cc: Marius Bakke X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.151881661625855 (code B ref -1); Fri, 16 Feb 2018 21:31:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Feb 2018 21:30:16 +0000 Received: from localhost ([127.0.0.1]:47291 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1emna7-0006it-9m for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:16 -0500 Received: from eggs.gnu.org ([208.118.235.92]:45203) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1emna3-0006ha-Hi for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emnZx-00033N-1R for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:02 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:60207) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emnZw-000337-UL for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:00 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36154) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emnZv-0003L1-Bx for guix-patches@gnu.org; Fri, 16 Feb 2018 16:30:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emnZr-0002rt-VG for guix-patches@gnu.org; Fri, 16 Feb 2018 16:29:59 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:35145) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emnZr-0002r2-RA for guix-patches@gnu.org; Fri, 16 Feb 2018 16:29:55 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 55D2D20EC4; Fri, 16 Feb 2018 16:29:55 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Fri, 16 Feb 2018 16:29:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=gkYSz0Esu58Zm7JpO8Owmkj6jiFHtl29Qeg12HZVk xg=; b=A2epbaheWNIFQHTrEOKur4j92XeA0zJHckQo5HpMCN3CDbl5Z0TNib2Fi +HeE+6bH8EWB6lri8H0kuyNs4WRzGid8ncCuypJGk43YbUS4k7sfo11f0XHu3K/i qJYnm1ZnojwcEUCaDvM0lKWDB1egUVIBPlmDewRkyrwNu89rYULiFtAUNzvaabRq E18Wm0KkkZRZq/46Ld5RU+1ELwd+fjmKRXLeTCo0Rmq4hw749SrGkqkgsFgTyARQ uqibwKjhPbiFYu9KDyYYwRawjsS0gdibAcyEPxj98la3VA2zQQ+vntkybALDjt5q bd9+w8sqcObqIMtUe1AY21zIVx+pw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=gkYSz0Esu58Zm7JpO 8Owmkj6jiFHtl29Qeg12HZVkxg=; b=V2sJZhxFIqkiKxq8tzDT1UTLaLWeOY2mc KxCykuUV5XftcLKFBKIXq1Yelo1pxZ6G61Zm4nKU/TtgXd7UpHx+xFCPtzU6Gf9x GBqXyO/taVG5vuPvdx0dW8744TpEGYTLcwuuFRVRwoul0e56TXYhsZguaX22QFgw NH6c8KUCwOQujm3hB61YcbVgAqXVxgjyt3MeuL43Jw6d/Ot9cKYJr8Sth+aRdQao Fbjhk8tR5fMXd81PxSmpKOrNvkFTlcbuvCCwTGRWpCXJ+pL89p6I81/rJ6qvYeE/ zBL80mNoCiUU66/BDJC+GgWJwpwNp++7HRGwFM0ZkapN4H0akFzBA== X-ME-Sender: Received: from localhost (ip-86-49-250-168.net.upcbroadband.cz [86.49.250.168]) by mail.messagingengine.com (Postfix) with ESMTPA id C74C87E4C4; Fri, 16 Feb 2018 16:29:54 -0500 (EST) From: Marius Bakke Date: Fri, 16 Feb 2018 22:29:51 +0100 Message-Id: <20180216212951.23088-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.16.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.3 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.3 (----) * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/fontutils.scm (freetype)[replacement]: New field. (freetype/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/fontutils.scm | 8 ++++++ gnu/packages/patches/freetype-CVE-2018-6942.patch | 31 +++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 gnu/packages/patches/freetype-CVE-2018-6942.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7fe374208..4ee869e0b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -652,6 +652,7 @@ dist_patch_DATA = \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \ + %D%/packages/patches/freetype-CVE-2018-6942.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 387c4689d..84c8497f0 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -53,6 +53,7 @@ (define-public freetype (package (name "freetype") + (replacement freetype/fixed) (version "2.8") (source (origin (method url-fetch) @@ -78,6 +79,13 @@ anti-aliased glyph bitmap generation with 256 gray levels.") (license license:freetype) ; some files have other licenses (home-page "https://www.freetype.org/"))) +(define freetype/fixed + (package/inherit freetype + (source + (origin + (inherit (package-source freetype)) + (patches (search-patches "freetype-CVE-2018-6942.patch")))))) + (define-public ttfautohint (package (name "ttfautohint") diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch new file mode 100644 index 000000000..680f35776 --- /dev/null +++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch @@ -0,0 +1,31 @@ +Fix CVE-2018-6942: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 +https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html + +Copied from upstream (ChangeLog section removed): +https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef + +diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c +index d855aaa..551f14a 100644 +--- a/src/truetype/ttinterp.c ++++ b/src/truetype/ttinterp.c +@@ -7532,8 +7532,16 @@ + return; + } + +- for ( i = 0; i < num_axes; i++ ) +- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ if ( coords ) ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ } ++ else ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = 0; ++ } + } + + -- 2.16.1 From unknown Sun Jun 22 20:57:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#30493] [PATCH] gnu: freetype: Fix CVE-2018-6942. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 19 Feb 2018 21:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 30493 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Marius Bakke Cc: 30493@debbugs.gnu.org Received: via spool by 30493-submit@debbugs.gnu.org id=B30493.151907550710910 (code B ref 30493); Mon, 19 Feb 2018 21:26:01 +0000 Received: (at 30493) by debbugs.gnu.org; 19 Feb 2018 21:25:07 +0000 Received: from localhost ([127.0.0.1]:51741 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ensvr-0002pu-ED for submit@debbugs.gnu.org; Mon, 19 Feb 2018 16:25:07 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:58898) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ensvn-0002pk-6s for 30493@debbugs.gnu.org; Mon, 19 Feb 2018 16:25:06 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id B563710A2B; Mon, 19 Feb 2018 22:25:02 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g9Faz-Z5ULjt; Mon, 19 Feb 2018 22:25:01 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 3BCCC3C75; Mon, 19 Feb 2018 22:25:01 +0100 (CET) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20180216212951.23088-1-mbakke@fastmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 1 =?UTF-8?Q?Vent=C3=B4se?= an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 19 Feb 2018 22:25:00 +0100 In-Reply-To: <20180216212951.23088-1-mbakke@fastmail.com> (Marius Bakke's message of "Fri, 16 Feb 2018 22:29:51 +0100") Message-ID: <87d110ekpf.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Marius Bakke skribis: > * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file. > * gnu/local.mk (dist_patch_DATA): Register it. > * gnu/packages/fontutils.scm (freetype)[replacement]: New field. > (freetype/fixed): New variable. LGTM, thanks! Ludo'. From unknown Sun Jun 22 20:57:48 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Marius Bakke Subject: bug#30493: closed (Re: [bug#30493] [PATCH] gnu: freetype: Fix CVE-2018-6942.) Message-ID: References: <87y3jnbp1v.fsf@fastmail.com> <20180216212951.23088-1-mbakke@fastmail.com> X-Gnu-PR-Message: they-closed 30493 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 30493@debbugs.gnu.org Date: Tue, 20 Feb 2018 16:32:04 +0000 Content-Type: multipart/mixed; boundary="----------=_1519144324-19060-1" This is a multi-part message in MIME format... ------------=_1519144324-19060-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #30493: [PATCH] gnu: freetype: Fix CVE-2018-6942. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 30493@debbugs.gnu.org. --=20 30493: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D30493 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1519144324-19060-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 30493-done) by debbugs.gnu.org; 20 Feb 2018 16:31:47 +0000 Received: from localhost ([127.0.0.1]:53082 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eoApX-0004wx-Gj for submit@debbugs.gnu.org; Tue, 20 Feb 2018 11:31:47 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:50345) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eoApT-0004wo-2h for 30493-done@debbugs.gnu.org; Tue, 20 Feb 2018 11:31:45 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 8487520D54; Tue, 20 Feb 2018 11:31:42 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Tue, 20 Feb 2018 11:31:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=UJ97CNcV8VIo/8R+TCkg0hotzgiff1voCvixiz9vcs4=; b=I8Fr/dVx H2e7MmkyiNQkZGbthM5eYKJxN0EQaQ3pkhLy6t1fs7e1hN1L4eOf9t+xJu3oODRP GbLVst03bnR61tXwzMpgnTjM+ur6urRMhbFm8HzQVe/8+8yWbbjQ4zHAq2nAS0q1 YZq/Wy5Bs6vUZxH6GMTHX44rWYAdPyP9wZQGUsc73gNVLXHsJFggZb6SkYegxz46 CbfzjZO4r19D6A64x3K81At0m0r31gK9knUC64GL/LcwJfd0g8vf9O5/TX/+Az+9 RLptfyZZoFY5xjyj4OKPZ2kP0adFCdV63lGyrltmb3bMtijR0maRm0oWRdLou0HZ ZeCBEs4LGGSToQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=UJ97CNcV8VIo/8R+TCkg0hotzgiff 1voCvixiz9vcs4=; b=Ipps8B7FO7CwruRpCGFe2FYLp9cIW+9ZfMMKB7v0UHTQU aCWVj2UfK45k3fZOxzhV4g5gm7bC69M+QZj5mTbPxJtU5V21K7MkfGCVgum+RBJq lQQYkQPnxwPkPQX/uyRZKHPOdnL5r4VO8V1vkQEghKJHrCnw5onLZIWTZ/1hNQjo cicCj1ujiMvo7cv3Xag+cbekdf1JIi8LKagVkyC5+VgsKAKpZGx+KRsUf+3kQzIu vXYvn8wbFe5CLc1oD1MXMlTt+C7WLhudymebKbDAV3/DV0JmqCb8Yt1gaspU5axs PSI2OejlgGj02COZI4GGPCQc4+vp0cgROMbDAm9Eg== X-ME-Sender: Received: from localhost (cm-84.211.227.176.getinternet.no [84.211.227.176]) by mail.messagingengine.com (Postfix) with ESMTPA id E0D3F7E1F4; Tue, 20 Feb 2018 11:31:41 -0500 (EST) From: Marius Bakke To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#30493] [PATCH] gnu: freetype: Fix CVE-2018-6942. In-Reply-To: <87d110ekpf.fsf@gnu.org> References: <20180216212951.23088-1-mbakke@fastmail.com> <87d110ekpf.fsf@gnu.org> User-Agent: Notmuch/0.26 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) Date: Tue, 20 Feb 2018 17:31:40 +0100 Message-ID: <87y3jnbp1v.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 30493-done Cc: 30493-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Marius Bakke skribis: > >> * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Register it. >> * gnu/packages/fontutils.scm (freetype)[replacement]: New field. >> (freetype/fixed): New variable. > > LGTM, thanks! Pushed as b1989c12501e880afab62d3ff961791906fef350. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlqMTWwACgkQoqBt8qM6 VPrL4Qf9E3k2fPIsIaVSlk8FMv3b7wQlwm+zH2jFICDdvRoolGdLioqjQ6Ge1XKv sI8+D6y5l3kOZ4+kzzXRJAYfyMa+CSGMNeqMac86TvXQ8r423alqXf0RcTZoUG45 WgwhXFIJp33JymmOofa9h/DnpM3GHTYGDOEdVtB+WWI9xKntZAh6q4W93a09L75J KqXUzT3WIQ3VZXn922NSO/IjpVzGy3ki0ciSSENsAfxV6jRaIk8w0GyVRPMO6Zgq Fj7n3I4LKynAEtPFd+EtVamTaYHGZF9VF0u8c/+2ULIbJscF+8Hb7WqjoGgrxLCm bH6l2ET4qLfUwJe1ZlFHrdhraqNh3g== =kLy2 -----END PGP SIGNATURE----- --=-=-=-- ------------=_1519144324-19060-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 16 Feb 2018 21:30:16 +0000 Received: from localhost ([127.0.0.1]:47291 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1emna7-0006it-9m for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:16 -0500 Received: from eggs.gnu.org ([208.118.235.92]:45203) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1emna3-0006ha-Hi for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emnZx-00033N-1R for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:02 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:60207) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emnZw-000337-UL for submit@debbugs.gnu.org; Fri, 16 Feb 2018 16:30:00 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36154) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1emnZv-0003L1-Bx for guix-patches@gnu.org; Fri, 16 Feb 2018 16:30:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1emnZr-0002rt-VG for guix-patches@gnu.org; Fri, 16 Feb 2018 16:29:59 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:35145) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1emnZr-0002r2-RA for guix-patches@gnu.org; Fri, 16 Feb 2018 16:29:55 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 55D2D20EC4; Fri, 16 Feb 2018 16:29:55 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Fri, 16 Feb 2018 16:29:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=gkYSz0Esu58Zm7JpO8Owmkj6jiFHtl29Qeg12HZVk xg=; b=A2epbaheWNIFQHTrEOKur4j92XeA0zJHckQo5HpMCN3CDbl5Z0TNib2Fi +HeE+6bH8EWB6lri8H0kuyNs4WRzGid8ncCuypJGk43YbUS4k7sfo11f0XHu3K/i qJYnm1ZnojwcEUCaDvM0lKWDB1egUVIBPlmDewRkyrwNu89rYULiFtAUNzvaabRq E18Wm0KkkZRZq/46Ld5RU+1ELwd+fjmKRXLeTCo0Rmq4hw749SrGkqkgsFgTyARQ uqibwKjhPbiFYu9KDyYYwRawjsS0gdibAcyEPxj98la3VA2zQQ+vntkybALDjt5q bd9+w8sqcObqIMtUe1AY21zIVx+pw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=gkYSz0Esu58Zm7JpO 8Owmkj6jiFHtl29Qeg12HZVkxg=; b=V2sJZhxFIqkiKxq8tzDT1UTLaLWeOY2mc KxCykuUV5XftcLKFBKIXq1Yelo1pxZ6G61Zm4nKU/TtgXd7UpHx+xFCPtzU6Gf9x GBqXyO/taVG5vuPvdx0dW8744TpEGYTLcwuuFRVRwoul0e56TXYhsZguaX22QFgw NH6c8KUCwOQujm3hB61YcbVgAqXVxgjyt3MeuL43Jw6d/Ot9cKYJr8Sth+aRdQao Fbjhk8tR5fMXd81PxSmpKOrNvkFTlcbuvCCwTGRWpCXJ+pL89p6I81/rJ6qvYeE/ zBL80mNoCiUU66/BDJC+GgWJwpwNp++7HRGwFM0ZkapN4H0akFzBA== X-ME-Sender: Received: from localhost (ip-86-49-250-168.net.upcbroadband.cz [86.49.250.168]) by mail.messagingengine.com (Postfix) with ESMTPA id C74C87E4C4; Fri, 16 Feb 2018 16:29:54 -0500 (EST) From: Marius Bakke To: guix-patches@gnu.org Subject: [PATCH] gnu: freetype: Fix CVE-2018-6942. Date: Fri, 16 Feb 2018 22:29:51 +0100 Message-Id: <20180216212951.23088-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.16.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.3 (----) X-Debbugs-Envelope-To: submit Cc: Marius Bakke X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.3 (----) * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/fontutils.scm (freetype)[replacement]: New field. (freetype/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/fontutils.scm | 8 ++++++ gnu/packages/patches/freetype-CVE-2018-6942.patch | 31 +++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 gnu/packages/patches/freetype-CVE-2018-6942.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7fe374208..4ee869e0b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -652,6 +652,7 @@ dist_patch_DATA = \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \ + %D%/packages/patches/freetype-CVE-2018-6942.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 387c4689d..84c8497f0 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -53,6 +53,7 @@ (define-public freetype (package (name "freetype") + (replacement freetype/fixed) (version "2.8") (source (origin (method url-fetch) @@ -78,6 +79,13 @@ anti-aliased glyph bitmap generation with 256 gray levels.") (license license:freetype) ; some files have other licenses (home-page "https://www.freetype.org/"))) +(define freetype/fixed + (package/inherit freetype + (source + (origin + (inherit (package-source freetype)) + (patches (search-patches "freetype-CVE-2018-6942.patch")))))) + (define-public ttfautohint (package (name "ttfautohint") diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch new file mode 100644 index 000000000..680f35776 --- /dev/null +++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch @@ -0,0 +1,31 @@ +Fix CVE-2018-6942: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 +https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html + +Copied from upstream (ChangeLog section removed): +https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef + +diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c +index d855aaa..551f14a 100644 +--- a/src/truetype/ttinterp.c ++++ b/src/truetype/ttinterp.c +@@ -7532,8 +7532,16 @@ + return; + } + +- for ( i = 0; i < num_axes; i++ ) +- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ if ( coords ) ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ } ++ else ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = 0; ++ } + } + + -- 2.16.1 ------------=_1519144324-19060-1--