From b1989c12501e880afab62d3ff961791906fef350 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 16 Feb 2018 22:28:58 +0100 Subject: gnu: freetype: Fix CVE-2018-6942. * gnu/packages/patches/freetype-CVE-2018-6942.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/fontutils.scm (freetype)[replacement]: New field. (freetype/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/fontutils.scm | 8 ++++++ gnu/packages/patches/freetype-CVE-2018-6942.patch | 31 +++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 gnu/packages/patches/freetype-CVE-2018-6942.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index f1834e3687..35c7fb470a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -655,6 +655,7 @@ dist_patch_DATA = \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \ + %D%/packages/patches/freetype-CVE-2018-6942.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 664cbdb902..a04441a005 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -54,6 +54,7 @@ (package (name "freetype") (version "2.8.1") + (replacement freetype/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://savannah/freetype/freetype-" @@ -78,6 +79,13 @@ anti-aliased glyph bitmap generation with 256 gray levels.") (license license:freetype) ; some files have other licenses (home-page "https://www.freetype.org/"))) +(define freetype/fixed + (package/inherit freetype + (source + (origin + (inherit (package-source freetype)) + (patches (search-patches "freetype-CVE-2018-6942.patch")))))) + (define-public ttfautohint (package (name "ttfautohint") diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch new file mode 100644 index 0000000000..680f357765 --- /dev/null +++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch @@ -0,0 +1,31 @@ +Fix CVE-2018-6942: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 +https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html + +Copied from upstream (ChangeLog section removed): +https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef + +diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c +index d855aaa..551f14a 100644 +--- a/src/truetype/ttinterp.c ++++ b/src/truetype/ttinterp.c +@@ -7532,8 +7532,16 @@ + return; + } + +- for ( i = 0; i < num_axes; i++ ) +- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ if ( coords ) ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ } ++ else ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = 0; ++ } + } + + -- cgit v1.2.3