gnu: freetype: Fix CVE-2018-6942.
* gnu/packages/patches/freetype-CVE-2018-6942.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/fontutils.scm (freetype)[replacement]: New field. (freetype/fixed): New variable.
This commit is contained in:
Marius Bakke
parent
fb9d035015
commit
b1989c1250
|
|
@ -655,6 +655,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
|
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
|
||||||
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
|
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
|
||||||
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
|
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
|
||||||
|
%D%/packages/patches/freetype-CVE-2018-6942.patch \
|
||||||
%D%/packages/patches/fuse-overlapping-headers.patch \
|
%D%/packages/patches/fuse-overlapping-headers.patch \
|
||||||
%D%/packages/patches/gawk-shell.patch \
|
%D%/packages/patches/gawk-shell.patch \
|
||||||
%D%/packages/patches/gcc-arm-bug-71399.patch \
|
%D%/packages/patches/gcc-arm-bug-71399.patch \
|
||||||
|
|
|
||||||
|
|
@ -54,6 +54,7 @@
|
||||||
(package
|
(package
|
||||||
(name "freetype")
|
(name "freetype")
|
||||||
(version "2.8.1")
|
(version "2.8.1")
|
||||||
|
(replacement freetype/fixed)
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "mirror://savannah/freetype/freetype-"
|
(uri (string-append "mirror://savannah/freetype/freetype-"
|
||||||
|
|
@ -78,6 +79,13 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
|
||||||
(license license:freetype) ; some files have other licenses
|
(license license:freetype) ; some files have other licenses
|
||||||
(home-page "https://www.freetype.org/")))
|
(home-page "https://www.freetype.org/")))
|
||||||
|
|
||||||
|
(define freetype/fixed
|
||||||
|
(package/inherit freetype
|
||||||
|
(source
|
||||||
|
(origin
|
||||||
|
(inherit (package-source freetype))
|
||||||
|
(patches (search-patches "freetype-CVE-2018-6942.patch"))))))
|
||||||
|
|
||||||
(define-public ttfautohint
|
(define-public ttfautohint
|
||||||
(package
|
(package
|
||||||
(name "ttfautohint")
|
(name "ttfautohint")
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
Fix CVE-2018-6942:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
|
||||||
|
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html
|
||||||
|
|
||||||
|
Copied from upstream (ChangeLog section removed):
|
||||||
|
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
|
||||||
|
|
||||||
|
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
|
||||||
|
index d855aaa..551f14a 100644
|
||||||
|
--- a/src/truetype/ttinterp.c
|
||||||
|
+++ b/src/truetype/ttinterp.c
|
||||||
|
@@ -7532,8 +7532,16 @@
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- for ( i = 0; i < num_axes; i++ )
|
||||||
|
- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
|
||||||
|
+ if ( coords )
|
||||||
|
+ {
|
||||||
|
+ for ( i = 0; i < num_axes; i++ )
|
||||||
|
+ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ for ( i = 0; i < num_axes; i++ )
|
||||||
|
+ args[i] = 0;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue