GNU bug report logs - #30493
[PATCH] gnu: freetype: Fix CVE-2018-6942.

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Fri, 16 Feb 2018 21:31:02 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#30493: closed ([PATCH] gnu: freetype: Fix CVE-2018-6942.)
Date: Tue, 20 Feb 2018 16:32:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 20 Feb 2018 17:31:40 +0100
with message-id <87y3jnbp1v.fsf <at> fastmail.com>
and subject line Re: [bug#30493] [PATCH] gnu: freetype: Fix CVE-2018-6942.
has caused the debbugs.gnu.org bug report #30493,
regarding [PATCH] gnu: freetype: Fix CVE-2018-6942.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
30493: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=30493
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Marius Bakke <mbakke <at> fastmail.com>
To: guix-patches <at> gnu.org
Cc: Marius Bakke <mbakke <at> fastmail.com>
Subject: [PATCH] gnu: freetype: Fix CVE-2018-6942.
Date: Fri, 16 Feb 2018 22:29:51 +0100

* gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/fontutils.scm (freetype)[replacement]: New field.
(freetype/fixed): New variable.
---
 gnu/local.mk                                      |  1 +
 gnu/packages/fontutils.scm                        |  8 ++++++
 gnu/packages/patches/freetype-CVE-2018-6942.patch | 31 +++++++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 gnu/packages/patches/freetype-CVE-2018-6942.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 7fe374208..4ee869e0b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -652,6 +652,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/freeimage-CVE-2015-0852.patch		\
   %D%/packages/patches/freeimage-CVE-2016-5684.patch		\
   %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch	\
+  %D%/packages/patches/freetype-CVE-2018-6942.patch		\
   %D%/packages/patches/fuse-overlapping-headers.patch				\
   %D%/packages/patches/gawk-shell.patch				\
   %D%/packages/patches/gcc-arm-bug-71399.patch			\
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 387c4689d..84c8497f0 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -53,6 +53,7 @@
 (define-public freetype
   (package
    (name "freetype")
+   (replacement freetype/fixed)
    (version "2.8")
    (source (origin
             (method url-fetch)
@@ -78,6 +79,13 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
    (license license:freetype)           ; some files have other licenses
    (home-page "https://www.freetype.org/")))
 
+(define freetype/fixed
+  (package/inherit freetype
+                   (source
+                    (origin
+                      (inherit (package-source freetype))
+                      (patches (search-patches "freetype-CVE-2018-6942.patch"))))))
+
 (define-public ttfautohint
   (package
     (name "ttfautohint")
diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch
new file mode 100644
index 000000000..680f35776
--- /dev/null
+++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch
@@ -0,0 +1,31 @@
+Fix CVE-2018-6942:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
+https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html
+
+Copied from upstream (ChangeLog section removed):
+https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
+
+diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
+index d855aaa..551f14a 100644
+--- a/src/truetype/ttinterp.c
++++ b/src/truetype/ttinterp.c
+@@ -7532,8 +7532,16 @@
+       return;
+     }
+ 
+-    for ( i = 0; i < num_axes; i++ )
+-      args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++    if ( coords )
++    {
++      for ( i = 0; i < num_axes; i++ )
++        args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++    }
++    else
++    {
++      for ( i = 0; i < num_axes; i++ )
++        args[i] = 0;
++    }
+   }
+ 
+ 
-- 
2.16.1




[Message part 3 (message/rfc822, inline)]
From: Marius Bakke <mbakke <at> fastmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 30493-done <at> debbugs.gnu.org
Subject: Re: [bug#30493] [PATCH] gnu: freetype: Fix CVE-2018-6942.
Date: Tue, 20 Feb 2018 17:31:40 +0100

[Message part 4 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Marius Bakke <mbakke <at> fastmail.com> skribis:
>
>> * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> * gnu/packages/fontutils.scm (freetype)[replacement]: New field.
>> (freetype/fixed): New variable.
>
> LGTM, thanks!

Pushed as b1989c12501e880afab62d3ff961791906fef350.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 95 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.