[PATCH] gnu: libxfont@2: Update replacement to 2.0.3 [fixes CVE-2017-16611].

  • Done
  • quality assurance status badge
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Submitted by
Marius Bakke
Severity
normal

Debbugs page

M
M
Marius Bakke wrote on 28 Nov 2017 09:02
(address . guix-patches@gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
20171128170217.30059-1-mbakke@fastmail.com
* gnu/packages/xorg.scm (libxfont2/fixed): Rename to ...
(libxfont2-2.0.3): ... this. Make public.
[version]: New field.
[source]: Add URI and SHA256. Remove patches.
(libxfont2)[replacement]: Change LIBXFONT2/FIXED to LIBXFONT2-2.0.3.
* gnu/packages/patches/libxfont-CVE-2017-13720.patch,
gnu/packages/patches/libxfont-CVE-2017-13722.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
gnu/local.mk | 2 -
gnu/packages/patches/libxfont-CVE-2017-13720.patch | 36 ---------------
gnu/packages/patches/libxfont-CVE-2017-13722.patch | 53 ----------------------
gnu/packages/xorg.scm | 16 +++++--
4 files changed, 12 insertions(+), 95 deletions(-)
delete mode 100644 gnu/packages/patches/libxfont-CVE-2017-13720.patch
delete mode 100644 gnu/packages/patches/libxfont-CVE-2017-13722.patch

Toggle diff (155 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 26845954e..0a46bfd3d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -841,8 +841,6 @@ dist_patch_DATA = \
%D%/packages/patches/libvirt-CVE-2017-1000256.patch \
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
%D%/packages/patches/libxcb-python-3.5-compat.patch \
- %D%/packages/patches/libxfont-CVE-2017-13720.patch \
- %D%/packages/patches/libxfont-CVE-2017-13722.patch \
%D%/packages/patches/libxml2-CVE-2016-4658.patch \
%D%/packages/patches/libxml2-CVE-2016-5131.patch \
%D%/packages/patches/libxml2-CVE-2017-0663.patch \
diff --git a/gnu/packages/patches/libxfont-CVE-2017-13720.patch b/gnu/packages/patches/libxfont-CVE-2017-13720.patch
deleted file mode 100644
index 093617106..000000000
--- a/gnu/packages/patches/libxfont-CVE-2017-13720.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2017-13720.
-
-Copied from upstream source repository:
-<https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608>
-
-
-From d1e670a4a8704b8708e493ab6155589bcd570608 Mon Sep 17 00:00:00 2001
-From: Michal Srb <msrb@suse.com>
-Date: Thu, 20 Jul 2017 13:38:53 +0200
-Subject: Check for end of string in PatternMatch (CVE-2017-13720)
-
-If a pattern contains '?' character, any character in the string is skipped,
-even if it is '\0'. The rest of the matching then reads invalid memory.
-
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-Signed-off-by: Julien Cristau <jcristau@debian.org>
-
-diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c
-index 4ce2473..996b7d1 100644
---- a/src/fontfile/fontdir.c
-+++ b/src/fontfile/fontdir.c
-@@ -400,8 +400,10 @@ PatternMatch(char *pat, int patdashes, char *string, int stringdashes)
- }
- }
- case '?':
-- if (*string++ == XK_minus)
-+ if ((t = *string++) == XK_minus)
- stringdashes--;
-+ if (!t)
-+ return 0;
- break;
- case '\0':
- return (*string == '\0');
---
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/libxfont-CVE-2017-13722.patch b/gnu/packages/patches/libxfont-CVE-2017-13722.patch
deleted file mode 100644
index 458fdfd1a..000000000
--- a/gnu/packages/patches/libxfont-CVE-2017-13722.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix CVE-2017-13722.
-
-Copied from upstream source repository:
-<https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd>
-
-From 672bb944311392e2415b39c0d63b1e1902905bcd Mon Sep 17 00:00:00 2001
-From: Michal Srb <msrb@suse.com>
-Date: Thu, 20 Jul 2017 17:05:23 +0200
-Subject: pcfGetProperties: Check string boundaries (CVE-2017-13722)
-
-Without the checks a malformed PCF file can cause the library to make
-atom from random heap memory that was behind the `strings` buffer.
-This may crash the process or leak information.
-
-Signed-off-by: Julien Cristau <jcristau@debian.org>
-
-diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c
-index dab1c44..ae34c28 100644
---- a/src/bitmap/pcfread.c
-+++ b/src/bitmap/pcfread.c
-@@ -45,6 +45,7 @@ from The Open Group.
-
- #include <stdarg.h>
- #include <stdint.h>
-+#include <string.h>
-
- void
- pcfError(const char* message, ...)
-@@ -311,11 +312,19 @@ pcfGetProperties(FontInfoPtr pFontInfo, FontFilePtr file,
- if (IS_EOF(file)) goto Bail;
- position += string_size;
- for (i = 0; i < nprops; i++) {
-+ if (props[i].name >= string_size) {
-+ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].name, string_size);
-+ goto Bail;
-+ }
- props[i].name = MakeAtom(strings + props[i].name,
-- strlen(strings + props[i].name), TRUE);
-+ strnlen(strings + props[i].name, string_size - props[i].name), TRUE);
- if (isStringProp[i]) {
-+ if (props[i].value >= string_size) {
-+ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].value, string_size);
-+ goto Bail;
-+ }
- props[i].value = MakeAtom(strings + props[i].value,
-- strlen(strings + props[i].value), TRUE);
-+ strnlen(strings + props[i].value, string_size - props[i].value), TRUE);
- }
- }
- free(strings);
---
-cgit v0.10.2
-
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 1c1ddd4bf..8c32608f8 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4892,7 +4892,7 @@ new API's in libXft, or the legacy API's in libX11.")
(package
(inherit libxfont)
(version "2.0.1")
- (replacement libxfont2/fixed)
+ (replacement libxfont2-2.0.3)
(source (origin
(method url-fetch)
(uri (string-append "mirror://xorg/individual/lib/libXfont2-"
@@ -4901,14 +4901,22 @@ new API's in libXft, or the legacy API's in libX11.")
(base32
"0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9"))))))
-(define libxfont2/fixed
+;; Fixes the following security vulnerabilities:
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
+(define-public libxfont2-2.0.3
(package
(inherit libxfont2)
+ (version "2.0.3")
(source
(origin
(inherit (package-source libxfont2))
- (patches (search-patches "libxfont-CVE-2017-13720.patch"
- "libxfont-CVE-2017-13722.patch"))))))
+ (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0klwmimmhm3axpj8pwn5l41lbggh47r5aazhw63zxkbwfgyvg2hf"))))))
(define-public libxi
(package
--
2.15.0
L
L
Leo Famulari wrote on 28 Nov 2017 10:17
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 29488@debbugs.gnu.org)
20171128181733.GD14200@jasmine.lan
On Tue, Nov 28, 2017 at 06:02:17PM +0100, Marius Bakke wrote:
Toggle quote (9 lines)
> * gnu/packages/xorg.scm (libxfont2/fixed): Rename to ...
> (libxfont2-2.0.3): ... this. Make public.
> [version]: New field.
> [source]: Add URI and SHA256. Remove patches.
> (libxfont2)[replacement]: Change LIBXFONT2/FIXED to LIBXFONT2-2.0.3.
> * gnu/packages/patches/libxfont-CVE-2017-13720.patch,
> gnu/packages/patches/libxfont-CVE-2017-13722.patch: Delete files.
> * gnu/local.mk (dist_patch_DATA): Remove them.

LGTM, thanks!
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlodqD0ACgkQJkb6MLrK
fwgAphAAyjgNJ1551clHre6z+zDFkwnF7NKfoU+dYln76xn2VP+B4WpVmkDTYKra
qHcyE9nfcpRHzA9S915Tj69OTQ8YD9ChytMWfwCDHeaf2Nh2dLOytSo/6TQwX52v
tkYDsbE50KZnLvLgpKE+gakT1GqTHRdqk3x2228yW8mN8c8nudIr6cDldcjdnX+c
GaQVKqwt3us1YELRKtPh+Foof1TPcX5GmUxZVbaDFKoViEAVjQkq9WPa6RoLx6HR
85LAt1WhMCjZ/F7lSZv3jbxQzqQ2zaavEMWcYrOj9Jawk/ahAsYUa3UeJV7PXsOX
cJmTV+Qze9cuUwvDmR7NOuPBgh519xoxQfRAAtCby6uSdt+EZYNScSOaN6pw4csG
tsm7QN7jv4g/FCZEiJSajFTdPvuXYEgWUtrHpf7MZ0x6QUUps4DcgS3Qz9OHoBRh
QcwLRhkV+h5KSmhkGKu/IysCsRHhwOCY8zj+e+A0Q1KmDbIr6DK0Y6dPaswLZcD8
TUrZ26zaix+HhAjhE4NjJs+QmFqxlLZzMHH+iJEoQyqTW/MsXusxU9O4T+pTFO0w
MBVZ476HDk9TW+pt+hLgJHIy+mGQ2QPgwT4khECTqp72c6V/0z3aP5SNXQQEfGk+
PMREZUM8rCDhiM2xVH1QCph0cmNMySHyQGEJluYcAoKURk7Ub1M=
=s0c0
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 30 Nov 2017 06:43
control message for bug #29488
(address . control@debbugs.gnu.org)
87609r4yjd.fsf@gnu.org
tags 29488 fixed
close 29488
?
Your comment

This issue is archived.

To comment on this conversation send an email to 29488@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 29488
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch