Bug 227568

Summary: print/freetype2: Fix CVE-2018-6942 (v2.9)
Product: Ports & Packages Reporter: lightside <lightside>
Component: Individual Port(s)Assignee: freebsd-gnome (Nobody) <gnome>
Status: Closed Not Accepted    
Severity: Affects Some People CC: gnome, ports-secteam
Priority: --- Keywords: patch
Version: LatestFlags: bugzilla: maintainer-feedback? (gnome)
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227936
Attachments:
Description Flags
Proposed patch (since 466285 revision) lightside: maintainer-approval? (gnome)

Description lightside 2018-04-17 01:42:18 UTC 
Created attachment 192577 [details]
Proposed patch (since 466285 revision)

Patch for print/freetype2 port with upstream fix for CVE-2018-6942:
"An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef

Based on message about CVE-2018-6942 in docs/CHANGES file:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=632a11f91f0d932ac498e9e6ca022c9903ab05e9
Comment 1 lightside 2018-04-17 02:30:02 UTC 
(In reply to comment #0)
For reference:
The TT_CONFIG_OPTION_GX_VAR_SUPPORT defined by default in include/freetype/config/ftoption.h file:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/config/ftoption.h?h=VER-2-9#n680
which used before Ins_GETVARIATION function definition:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/truetype/ttinterp.c?h=VER-2-9#n7507
Comment 2 lightside 2018-05-02 20:04:04 UTC 
The FreeType was updated to 2.9.1 version:
https://sourceforge.net/projects/freetype/files/freetype2/2.9.1
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?h=VER-2-9-1

The update for print/freetype2 port was proposed in bug 227936, therefore this PR was closed.
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-05-02 23:30:27 UTC 
A commit references this bug:

Author: jbeich
Date: Wed May  2 23:30:10 UTC 2018
New revision: 468891
URL: https://svnweb.freebsd.org/changeset/ports/468891

Log:
  print/freetype2: apply CVE-2018-6942 fix

  PR:		227568
  Submitted by:	lightside@gmx.com
  Obtained from:	upstream (freetype 2.9.1)
  Approved by:	ports-secteam blanket

Changes:
  branches/2018Q2/print/freetype2/Makefile
  branches/2018Q2/print/freetype2/files/patch-CVE-2018-6942