Your message dated Sun, 19 Jun 2022 12:33:52 +0000
with message-id <[email protected]>
and subject line Bug#1013094: fixed in freetype 2.12.1+dfsg-3
has caused the Debian Bug report #1013094,
regarding libfreetype6: Multiple wild free when gzip and plain svgDoc are mixed
in font.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1013094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013094
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libfreetype6
Version: 2.12.1+dfsg-2
Severity: important
Tags: patch upstream
X-Debbugs-Cc: [email protected]
With FreeType commit f93a897afedf4a634c74d3d2871519e675ee0d83 (which was
released in FreeType 2.12.0) support for OT-SVG was added. However, this
implementation contained a bug where if the `SVG ` table contained a mix of
compressed and uncompressed documents the uncompressed documents may be free'd
every time they are used. In general these documents were not malloc'ed so this
was also a wild free.
This issue has been fixed upstream with FreeType commit
c26872ed59cba3af2f407b5eefc92fcec92aa52b "[svg] Clear correct flags for doc
ownership" which landed after 2.12.1 was released (this commit is not yet in a
tagged release). The patch itself is almost trivial:
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index eeda69c3e..f66273f3d 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -605,7 +605,7 @@
FT_FREE( doc->svg_document );
- slot->internal->load_flags &= ~FT_GLYPH_OWN_GZIP_SVG;
+ slot->internal->flags &= ~FT_GLYPH_OWN_GZIP_SVG;
}
}
#endif
and should be applied to the current 2.12.1 packages in bookworm and sid.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-1-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libfreetype6 depends on:
ii libbrotli1 1.0.9-2+b3
ii libc6 2.33-7
ii libpng16-16 1.6.37-5
ii zlib1g 1:1.2.11.dfsg-4
libfreetype6 recommends no packages.
libfreetype6 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: freetype
Source-Version: 2.12.1+dfsg-3
Done: Hugh McMaster <[email protected]>
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Jun 2022 21:55:46 +1000
Source: freetype
Architecture: source
Version: 2.12.1+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Hugh McMaster <[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Closes: 1013094
Changes:
freetype (2.12.1+dfsg-3) unstable; urgency=medium
.
* debian/control: Raise Standards-Version to 4.6.1 (no changes needed).
* debian/patches:
- ftbench: Exit if the number of glyphs is zero (CVE-2022-31782).
- Fix a wild free in certain OT-SVG fonts (Closes: #1013094).
Thanks to Ben Wagner for providing a patch.
- Harden the demos by appending CPPFLAGS to CFLAGS.
Checksums-Sha1:
0af98d7aac484568b9908e2a2aa8e90dede4c793 3713 freetype_2.12.1+dfsg-3.dsc
19ee6d878b47ec7aba78ce18c789f0b80a65a8e4 44068
freetype_2.12.1+dfsg-3.debian.tar.xz
655112d03a96f0f1bcd1bd71874612c1b5fb11d4 8720
freetype_2.12.1+dfsg-3_amd64.buildinfo
Checksums-Sha256:
23a551d286339047ab29e270a780cc091d43a40e7ef83ffbeb8ccd011575d7c8 3713
freetype_2.12.1+dfsg-3.dsc
aafab76c3bf3e024d70273bbca59cd2aa1164cfdf9876397a507b988b47d260b 44068
freetype_2.12.1+dfsg-3.debian.tar.xz
2362ce2d9b061d732950cd10fdf6fb9bc3bb444a0ca49e24019cda9275ba0b2c 8720
freetype_2.12.1+dfsg-3_amd64.buildinfo
Files:
eac5e6f8b3613f35e33c6d20ba05e5b4 3713 libs optional freetype_2.12.1+dfsg-3.dsc
ee2e2c104bc448313056e51940d373df 44068 libs optional
freetype_2.12.1+dfsg-3.debian.tar.xz
3ba2330f240cfe6d9abd286159080936 8720 libs optional
freetype_2.12.1+dfsg-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJOBAEBCgA4FiEEOiCBPKV5RoaMUVIRWsYQdMXoG8QFAmKvEhMaHGh1Z2gubWNt
YXN0ZXJAb3V0bG9vay5jb20ACgkQWsYQdMXoG8Rftw/6AhPhEfR6KB5Ay786R3Uf
DOSNfYlc1uvobjSA1vbz8D073jApg+jOV2C55o/e2NF0OX3MMVktMGgcv2elOt3R
4XKUmqayL6N+VIeJw1hUxsdC+J6+LFQb112MaJGXCQQ5VKVlw3M0WztBTAM7Sve0
WgE0UIOZkU3BWGSPNRmBUdC7znOwLz1nTGkjylBIWocRe2pafkPfSs8tpKIlHu2s
9rIPz5P3QpxdP/T0SG16F1xKPBBWsC91q7MEWrGZGK3nApRTd4XG6TP8s4IPV6Kz
0lqLG+JZTrmdWkKmbI+tPk6qoLrj1/YQdCmttv4qy/P1sJF6JbPkVHZBjJ2Ww5Bw
4/pyKDyZt1Ym+RfHf8LHPCJHC27G+qDIPN7QXbpqX8RNwS+WKDxVdggHlOO4HcEL
X8fE039w870S0veOrpeOnHARIbij4LNJGo2BSNPYLTvCL7BOrvDRug4OmX2/dbDi
/gdClSKTTswLotYiQEs6Er9jtAwyZX87z9suVGrObw74nROC0bYzAIttZg/ddal1
gRZ5haKZJtTaN7X2EE44zVZHyYLMpbhyTEhH2enhP3+pieLNA5Z2os5Eie/C4G+B
K1I2v7e1uUfKC+m2/VmndP0D3LV2806aDLyOzYFWSO0kJQksO5Cs+CJuFmNMXak8
bFIgLwSILIyjqJPSPSUTNV8=
=sTn5
-----END PGP SIGNATURE-----
--- End Message ---
