This change is to patch the upstream fix for the security issue with CVE-2018-6942.
Change-Id: I749b3099ec34c0f05520c84199adc0848a4bf3af
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5242
Tested-by: michellew <michellew@vmware.com>
Reviewed-by: Ashok Venkiteswaran
Reviewed-by: Sharath George
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,39 @@ |
0 |
+diff --git a/ChangeLog b/ChangeLog |
|
1 |
+index 15ef4ae..fff4a41 100644 |
|
2 |
+--- a/ChangeLog |
|
3 |
+@@ -1,5 +1,13 @@ |
|
4 |
+ 2018-01-27 Werner Lemberg <wl@gnu.org> |
|
5 |
+ |
|
6 |
++ * src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference. |
|
7 |
++ |
|
8 |
++ Reported as |
|
9 |
++ |
|
10 |
++ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736 |
|
11 |
++ |
|
12 |
++2018-01-27 Werner Lemberg <wl@gnu.org> |
|
13 |
++ |
|
14 |
+ * src/truetype/ttgxvar.c (tt_set_mm_blend): Minor. |
|
15 |
+ |
|
16 |
+ 2018-01-27 Werner Lemberg <wl@gnu.org> |
|
17 |
+diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c |
|
18 |
+index d855aaa..551f14a 100644 |
|
19 |
+--- a/src/truetype/ttinterp.c |
|
20 |
+@@ -7532,8 +7532,16 @@ |
|
21 |
+ return; |
|
22 |
+ } |
|
23 |
+ |
|
24 |
+- for ( i = 0; i < num_axes; i++ ) |
|
25 |
+- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ |
|
26 |
++ if ( coords ) |
|
27 |
++ { |
|
28 |
++ for ( i = 0; i < num_axes; i++ ) |
|
29 |
++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ |
|
30 |
++ } |
|
31 |
++ else |
|
32 |
++ { |
|
33 |
++ for ( i = 0; i < num_axes; i++ ) |
|
34 |
++ args[i] = 0; |
|
35 |
++ } |
|
36 |
+ } |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: software font engine. |
2 | 2 |
Name: freetype2 |
3 | 3 |
Version: 2.7.1 |
4 |
-Release: 4%{?dist} |
|
4 |
+Release: 5%{?dist} |
|
5 | 5 |
License: BSD/GPL |
6 | 6 |
URL: http://www.freetype.org/ |
7 | 7 |
Group: System Environment/Libraries |
... | ... |
@@ -13,6 +13,7 @@ Patch0: CVE-2017-7857-and-CVE-2017-7858.patch |
13 | 13 |
Patch1: CVE-2017-7864.patch |
14 | 14 |
Patch2: CVE-2017-8287.patch |
15 | 15 |
Patch3: freetype2-CVE-2017-8105.patch |
16 |
+Patch4: CVE-2018-6942.patch |
|
16 | 17 |
BuildRequires: libtool |
17 | 18 |
BuildRequires: zlib-devel |
18 | 19 |
|
... | ... |
@@ -65,6 +66,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} |
65 | 65 |
%{_libdir}/pkgconfig/*.pc |
66 | 66 |
|
67 | 67 |
%changelog |
68 |
+* Sat Jun 09 2018 Tapas Kundu <tkundu@vmware.com> 2.7.1-5 |
|
69 |
+- CVE-2018-6942 |
|
68 | 70 |
* Fri Nov 03 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 2.7.1-4 |
69 | 71 |
- CVE-2017-8105 |
70 | 72 |
* Mon May 15 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.7.1-3 |