Bug 489928

Summary: FreeType 2.3.8 is not binary compatible to version 2.3.7
Product: [Fedora] Fedora Reporter: acount closed by user <a1459440>
Component: freetypeAssignee: Behdad Esfahbod <behdad>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: rawhideCC: adam, behdad, fonts-bugs, kevin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=667610
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-16 22:19:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description acount closed by user 2009-03-12 15:31:48 UTC 
- Very unfortunately, FreeType 2.3.8 contained a change that broke
      its  official ABI.  The  end result  is  that programs  compiled
      against previous versions of the library, but dynamically linked
      to  2.3.8 can  experience  memory corruption  if  they call  the
      `FT_Get_PS_Font_Info' function.

      We recommend all users to  upgrade to 2.3.9 as soon as possible,
      or to downgrade to a previous  release of the library if this is
      not an option.

      The  origin of the  bug is  that a  new field  was added  to the
      publicly  defined  `PS_FontInfoRec'  structure.   Unfortunately,
      objects of this  type can be stack or  heap allocated by callers
      of   `FT_Get_PS_Font_Info',  resulting   in   a  memory   buffer
      overwrite with its implementation in 2.3.8.

      If  you want to  know whether  your code  is vulnerable  to this
      issue,  simply  search  for  the  substrings  `PS_FontInfo'  and
      `PS_Font_Info' in your source code.  If none is found, your code
      is safe and is not affected.

      The FreeType team apologizes for the problem.
Comment 1 Kevin Kofler 2009-03-12 15:42:54 UTC 
Note that this only affects Rawhide/F11, F9 has 2.3.5, F10 has 2.3.7.
Comment 2 Kevin Kofler 2009-03-12 15:44:21 UTC 
And FWIW, the impact on Rawhide should be low to none due to the mass rebuild. Still, I think it should probably be upgraded to 2.3.9.
Comment 3 Adam Goode 2009-03-13 00:46:04 UTC 
This upgrade will also require rebuilding all freetype-using applcations, correct? At least the ones with 'PS_FontInfo' or 'PS_Font_Info'.
Comment 4 Behdad Esfahbod 2009-03-13 22:05:38 UTC 
Any idea how to find all such packages?
Comment 5 Behdad Esfahbod 2009-03-13 22:26:07 UTC 
Built 2.3.9.

Doesn't look that bad:

$ repoquery --whatrequires freetype
mythtv-setup-0:0.22-0.1.svn.r19722.fc11.i386
fontconfig-0:2.6.97-5.g945d6a4.fc11.i586
libotf-0:0.9.8-2.fc11.i586
librsvg2-0:2.22.3-2.fc11.i586
pango-0:1.23.0-3.fc11.i586
mythtv-frontend-0:0.22-0.1.svn.r19722.fc11.i386
libgnomeprint22-devel-0:2.18.5-3.fc11.i586
gimp-2:2.6.5-4.fc11.i586
libmyth-0:0.22-0.1.svn.r19722.fc11.i386
freetype-devel-0:2.3.8-2.1.fc11.i586
freetype-demos-0:2.3.8-2.1.fc11.i586


pango, librsvg2, and libgnomeprint22 are not affected.
fontconfig *is* affected.  Remains:

libmyth-0:0.22-0.1.svn.r19722.fc11.i386
mythtv-setup-0:0.22-0.1.svn.r19722.fc11.i386
mythtv-frontend-0:0.22-0.1.svn.r19722.fc11.i386
libotf-0:0.9.8-2.fc11.i586
gimp-2:2.6.5-4.fc11.i586

Not hard to check.
Comment 6 Kevin Kofler 2009-03-13 22:31:55 UTC 
> repoquery --whatrequires freetype

Uh, that's not a complete way to get all packages depending on freetype. You're missing the --alldeps. Your list is just the list of packages with explicit Requires: freetype.

When I run repoquery --repoid=rawhide --whatrequires --alldeps freetype | wc -l, I get:
1122
That means there are 1122 (!) packages which link against freetype.
Comment 7 Adam Goode 2009-03-14 00:03:37 UTC 
It's not the linking that matters, it's the headers. So we should be searching for BuildRequires: freetype2-devel.
Comment 8 Adam Goode 2009-03-14 00:06:57 UTC 
# repoquery --alldeps --repoid=rawhide-source --archlist=src --whatrequires freetype-devel | sort
adonthell-0:0.3.5-0.6.fc11.src
agg-0:2.5-7.fc11.src
alfont-0:2.0.6-5.fc11.src
amanith-0:0.3-11.fc11.src
asc-0:2.2.0.0-3.fc11.src
autotrace-0:0.31.1-20.fc11.src
bacula-0:2.4.4-3.fc11.src
blender-0:2.48a-15.fc11.src
cairo-0:1.8.6-2.fc11.src
cegui-0:0.6.2-3.fc11.src
ClanLib06-0:0.6.5-14.fc11.src
Coin2-0:2.5.0-5.fc11.src
crystalspace-0:1.2.1-5.fc11.src
cvsgraph-0:1.6.1-7.fc11.src
directfb-0:1.2.7-4.fc11.src
dvdauthor-0:0.6.14-8.fc11.src
dvipng-0:1.11-2.fc11.src
e16-0:0.16.8.15-2.fc11.src
emacs-1:22.3-8.fc11.src
esc-0:1.0.1-12.fc11.src
evas-0:0.9.9.050-2.fc11.src
extremetuxracer-0:0.4-2.fc11.src
fbdesk-0:1.4.1-5.fc11.src
firefox-0:3.1-0.7.beta2.fc11.src
fontconfig-0:2.6.97-5.g945d6a4.fc11.src
fontforge-0:20090224-1.fc11.src
fontmatrix-0:0.4.2-4.fc11.src
foobillard-0:3.0a-12.src
ftgl-0:2.1.2-10.fc11.src
ganglia-0:3.1.2-2.fc11.src
gbdfed-0:1.4-2.fc11.src
gd-0:2.0.35-8.fc11.src
gimp-2:2.6.5-4.fc11.src
glyph-keeper-0:0.32-5.fc11.src
gnash-0:0.8.5-3.fc11.src
gnubg-1:0.9.0.1-7.fc11.src
GraphicsMagick-0:1.1.14-4.fc11.src
graphviz-0:2.20.3-3.fc11.src
grass-0:6.3.0-10.fc11.src
ImageMagick-0:6.4.9.6-1.fc11.src
imlib2-0:1.4.2-4.fc11.src
inkscape-0:0.47-0.5.20090301svn.fc11.src
Inventor-0:2.1.5-35.fc11.src
Io-language-0:20071010-10.fc11.src
java-1.6.0-openjdk-1:1.6.0.0-14.b14.fc11.src
k3d-0:0.6.7.0-9.fc11.src
kdebase3-0:3.5.10-8.fc11.src
kismet-0:0.0.2008.05.R1-3.fc10.src
koffice-2:1.6.3-20.20090306svn.fc11.src
lesstif-0:0.95.0-28.fc11.src
libAfterImage-0:1.18-3.fc11.src
libgdiplus-0:2.4-2.RC1.fc11.src
libotf-0:0.9.8-2.fc11.src
libpst-0:0.6.29-1.fc11.src
librsvg2-0:2.22.3-2.fc11.src
libtwin-0:0.0.3-2.fc11.src
libXfont-0:1.4.0-3.fc11.src
libXft-0:2.1.13-2.fc11.src
lush-0:1.2.1-5.fc11.src
mapnik-0:0.5.2-0.10.svn780.fc11.src
mapserver-0:5.2.1-6.fc11.src
neverball-0:1.4.0-16.fc11.src
nut-0:2.4.1-2.fc11.src
ocaml-camlimages-0:3.0.1-7.fc11.src
ogre-0:1.6.1-3.fc11.src
openoffice.org-1:3.1.0-4.1.fc11.src
openvrml-0:0.17.10-2.0.fc11.src
oyranos-0:0.1.9-3.fc11.src
pango-0:1.23.0-3.fc11.src
paraview-0:3.4.0-4.fc11.src
perl-GD-0:2.39-2.fc11.src
perl-Imager-0:0.67-3.fc11.src
petitboot-0:0.2-3.fc11.src
php-0:5.2.9-1.fc11.src
pl-0:5.7.6-4.fc11.src
plplot-0:5.9.2-3.fc11.src
plt-scheme-1:4.1.2-2.fc11.src
pymol-0:1.2-2.20090226svn3616.fc11.src
python-imaging-0:1.1.6-14.fc11.src
python-matplotlib-0:0.98.5.2-4.fc11.src
q-0:7.11-4.fc11.src
qt-1:4.5.0-3.fc11.src
qt3-0:3.3.8b-23.fc11.src
raidem-0:0.3.1-10.fc11.src
rcssserver3d-0:0.6-11.fc11.src
rrdtool-0:1.3.6-2.fc11.src
rxvt-unicode-0:9.06-1.fc11.src
scribus-0:1.3.5-0.9.12516svn.fc11.src
SDL_ttf-0:2.0.9-5.fc11.src
seamonkey-0:1.1.14-4.fc11.src
slim-0:1.3.1-5.fc11.src
spicebird-0:0.7-6.fc11.src
stellarium-0:0.10.1-4.fc11.src
sunbird-0:0.9-6.fc11.src
TeXmacs-0:1.0.7.1-2.fc11.src
Thunar-0:1.0.0-1.fc11.src
thunderbird-0:3.0-1.beta2.fc11.src
tigervnc-0:0.0.90-0.3.20090303svn3631.fc11.src
torsmo-0:0.18-9.fc11.src
ttf2pt1-0:3.4.4-8.fc11.src
ttmkfdir-0:3.0.9-30.fc11.src
tuxpaint-1:0.9.20-3.fc11.src
tuxpuck-0:0.8.2-7.fc11.src
tvtime-0:1.0.2-5.fc11.src
vdr-0:1.6.0-16.fc11.src
vdr-text2skin-0:1.1-24.cvsext0.10.fc11.src
vtk-0:5.0.4-26.fc11.src
WebKit-0:1.1.1-1.fc11.src
wesnoth-0:1.5.12-1.fc11.src
wmx-0:7-4.fc11.src
xdvik-0:22.84.14-5.fc11.src
xdvipdfmx-0:0.4-4.fc11.src
xmbdfed-0:4.7-4.fc11.src
xorg-x11-font-utils-1:7.2-7.fc11.src
xorg-x11-xfs-1:1.0.5-4.fc11.src
xournal-0:0.4.2.1-3.fc11.src
xpdf-1:3.02-12.fc11.src
xulrunner-0:1.9.1-0.9.beta2.fc11.src
Comment 9 Adam Goode 2009-03-14 00:16:32 UTC 
That should be everything, though I'm not 100% sure about it.

Unpacking and searching these sources for 'PS_FontInfo' and 'PS_Font_Info' will show what to rebuild.
Comment 10 Alexei Podtelezhnikov 2009-03-14 09:25:10 UTC 
This problem is greatly exaggerated!!! I was actually running F10 over freetype 2.3.8 since it was released. So I guess none of that long list of packages ever called `FT_Get_PS_Font_Info'.
Comment 11 Alexei Podtelezhnikov 2009-03-14 09:53:19 UTC 
I just realized this. Rawhide was massively rebuild against freetype 2.3.8. So, according to this bug report, rawhide is not compatible with new 2.3.9 right now and we should see the hell on earth. 

Luckily these long lists of packages have nothing to do with freetype directly. The announcement recommends to "search  for  the  substrings  `PS_FontInfo'  and PS_Font_Info' in your source code". I kinda feel that would be pango, fontconfig, and just a handful of others. Or just do another mass-rebuild.
Comment 12 Behdad Esfahbod 2009-03-14 20:52:24 UTC 
Alexei, the scope and implications of this bug are very well understood.  Please don't add comments that do not add any information.  Thanks.
Comment 13 Behdad Esfahbod 2009-03-14 21:05:42 UTC 
After inspecting the ABI-breaking change in 2.3.8, I'm fairly confident that we don't need to recompile any of the packages.  2.3.7->2.3.8 could cause memory corruption, but 2.3.8->2.3.9 is fairly safe.

I'll ask 2.3.9 to be tagged in F11 and close this bug.
Comment 14 Behdad Esfahbod 2009-03-16 22:19:35 UTC 
Tagged.