- Very unfortunately, FreeType 2.3.8 contained a change that broke its official ABI. The end result is that programs compiled against previous versions of the library, but dynamically linked to 2.3.8 can experience memory corruption if they call the `FT_Get_PS_Font_Info' function. We recommend all users to upgrade to 2.3.9 as soon as possible, or to downgrade to a previous release of the library if this is not an option. The origin of the bug is that a new field was added to the publicly defined `PS_FontInfoRec' structure. Unfortunately, objects of this type can be stack or heap allocated by callers of `FT_Get_PS_Font_Info', resulting in a memory buffer overwrite with its implementation in 2.3.8. If you want to know whether your code is vulnerable to this issue, simply search for the substrings `PS_FontInfo' and `PS_Font_Info' in your source code. If none is found, your code is safe and is not affected. The FreeType team apologizes for the problem.
Note that this only affects Rawhide/F11, F9 has 2.3.5, F10 has 2.3.7.
And FWIW, the impact on Rawhide should be low to none due to the mass rebuild. Still, I think it should probably be upgraded to 2.3.9.
This upgrade will also require rebuilding all freetype-using applcations, correct? At least the ones with 'PS_FontInfo' or 'PS_Font_Info'.
Any idea how to find all such packages?
Built 2.3.9. Doesn't look that bad: $ repoquery --whatrequires freetype mythtv-setup-0:0.22-0.1.svn.r19722.fc11.i386 fontconfig-0:2.6.97-5.g945d6a4.fc11.i586 libotf-0:0.9.8-2.fc11.i586 librsvg2-0:2.22.3-2.fc11.i586 pango-0:1.23.0-3.fc11.i586 mythtv-frontend-0:0.22-0.1.svn.r19722.fc11.i386 libgnomeprint22-devel-0:2.18.5-3.fc11.i586 gimp-2:2.6.5-4.fc11.i586 libmyth-0:0.22-0.1.svn.r19722.fc11.i386 freetype-devel-0:2.3.8-2.1.fc11.i586 freetype-demos-0:2.3.8-2.1.fc11.i586 pango, librsvg2, and libgnomeprint22 are not affected. fontconfig *is* affected. Remains: libmyth-0:0.22-0.1.svn.r19722.fc11.i386 mythtv-setup-0:0.22-0.1.svn.r19722.fc11.i386 mythtv-frontend-0:0.22-0.1.svn.r19722.fc11.i386 libotf-0:0.9.8-2.fc11.i586 gimp-2:2.6.5-4.fc11.i586 Not hard to check.
> repoquery --whatrequires freetype Uh, that's not a complete way to get all packages depending on freetype. You're missing the --alldeps. Your list is just the list of packages with explicit Requires: freetype. When I run repoquery --repoid=rawhide --whatrequires --alldeps freetype | wc -l, I get: 1122 That means there are 1122 (!) packages which link against freetype.
It's not the linking that matters, it's the headers. So we should be searching for BuildRequires: freetype2-devel.
# repoquery --alldeps --repoid=rawhide-source --archlist=src --whatrequires freetype-devel | sort adonthell-0:0.3.5-0.6.fc11.src agg-0:2.5-7.fc11.src alfont-0:2.0.6-5.fc11.src amanith-0:0.3-11.fc11.src asc-0:2.2.0.0-3.fc11.src autotrace-0:0.31.1-20.fc11.src bacula-0:2.4.4-3.fc11.src blender-0:2.48a-15.fc11.src cairo-0:1.8.6-2.fc11.src cegui-0:0.6.2-3.fc11.src ClanLib06-0:0.6.5-14.fc11.src Coin2-0:2.5.0-5.fc11.src crystalspace-0:1.2.1-5.fc11.src cvsgraph-0:1.6.1-7.fc11.src directfb-0:1.2.7-4.fc11.src dvdauthor-0:0.6.14-8.fc11.src dvipng-0:1.11-2.fc11.src e16-0:0.16.8.15-2.fc11.src emacs-1:22.3-8.fc11.src esc-0:1.0.1-12.fc11.src evas-0:0.9.9.050-2.fc11.src extremetuxracer-0:0.4-2.fc11.src fbdesk-0:1.4.1-5.fc11.src firefox-0:3.1-0.7.beta2.fc11.src fontconfig-0:2.6.97-5.g945d6a4.fc11.src fontforge-0:20090224-1.fc11.src fontmatrix-0:0.4.2-4.fc11.src foobillard-0:3.0a-12.src ftgl-0:2.1.2-10.fc11.src ganglia-0:3.1.2-2.fc11.src gbdfed-0:1.4-2.fc11.src gd-0:2.0.35-8.fc11.src gimp-2:2.6.5-4.fc11.src glyph-keeper-0:0.32-5.fc11.src gnash-0:0.8.5-3.fc11.src gnubg-1:0.9.0.1-7.fc11.src GraphicsMagick-0:1.1.14-4.fc11.src graphviz-0:2.20.3-3.fc11.src grass-0:6.3.0-10.fc11.src ImageMagick-0:6.4.9.6-1.fc11.src imlib2-0:1.4.2-4.fc11.src inkscape-0:0.47-0.5.20090301svn.fc11.src Inventor-0:2.1.5-35.fc11.src Io-language-0:20071010-10.fc11.src java-1.6.0-openjdk-1:1.6.0.0-14.b14.fc11.src k3d-0:0.6.7.0-9.fc11.src kdebase3-0:3.5.10-8.fc11.src kismet-0:0.0.2008.05.R1-3.fc10.src koffice-2:1.6.3-20.20090306svn.fc11.src lesstif-0:0.95.0-28.fc11.src libAfterImage-0:1.18-3.fc11.src libgdiplus-0:2.4-2.RC1.fc11.src libotf-0:0.9.8-2.fc11.src libpst-0:0.6.29-1.fc11.src librsvg2-0:2.22.3-2.fc11.src libtwin-0:0.0.3-2.fc11.src libXfont-0:1.4.0-3.fc11.src libXft-0:2.1.13-2.fc11.src lush-0:1.2.1-5.fc11.src mapnik-0:0.5.2-0.10.svn780.fc11.src mapserver-0:5.2.1-6.fc11.src neverball-0:1.4.0-16.fc11.src nut-0:2.4.1-2.fc11.src ocaml-camlimages-0:3.0.1-7.fc11.src ogre-0:1.6.1-3.fc11.src openoffice.org-1:3.1.0-4.1.fc11.src openvrml-0:0.17.10-2.0.fc11.src oyranos-0:0.1.9-3.fc11.src pango-0:1.23.0-3.fc11.src paraview-0:3.4.0-4.fc11.src perl-GD-0:2.39-2.fc11.src perl-Imager-0:0.67-3.fc11.src petitboot-0:0.2-3.fc11.src php-0:5.2.9-1.fc11.src pl-0:5.7.6-4.fc11.src plplot-0:5.9.2-3.fc11.src plt-scheme-1:4.1.2-2.fc11.src pymol-0:1.2-2.20090226svn3616.fc11.src python-imaging-0:1.1.6-14.fc11.src python-matplotlib-0:0.98.5.2-4.fc11.src q-0:7.11-4.fc11.src qt-1:4.5.0-3.fc11.src qt3-0:3.3.8b-23.fc11.src raidem-0:0.3.1-10.fc11.src rcssserver3d-0:0.6-11.fc11.src rrdtool-0:1.3.6-2.fc11.src rxvt-unicode-0:9.06-1.fc11.src scribus-0:1.3.5-0.9.12516svn.fc11.src SDL_ttf-0:2.0.9-5.fc11.src seamonkey-0:1.1.14-4.fc11.src slim-0:1.3.1-5.fc11.src spicebird-0:0.7-6.fc11.src stellarium-0:0.10.1-4.fc11.src sunbird-0:0.9-6.fc11.src TeXmacs-0:1.0.7.1-2.fc11.src Thunar-0:1.0.0-1.fc11.src thunderbird-0:3.0-1.beta2.fc11.src tigervnc-0:0.0.90-0.3.20090303svn3631.fc11.src torsmo-0:0.18-9.fc11.src ttf2pt1-0:3.4.4-8.fc11.src ttmkfdir-0:3.0.9-30.fc11.src tuxpaint-1:0.9.20-3.fc11.src tuxpuck-0:0.8.2-7.fc11.src tvtime-0:1.0.2-5.fc11.src vdr-0:1.6.0-16.fc11.src vdr-text2skin-0:1.1-24.cvsext0.10.fc11.src vtk-0:5.0.4-26.fc11.src WebKit-0:1.1.1-1.fc11.src wesnoth-0:1.5.12-1.fc11.src wmx-0:7-4.fc11.src xdvik-0:22.84.14-5.fc11.src xdvipdfmx-0:0.4-4.fc11.src xmbdfed-0:4.7-4.fc11.src xorg-x11-font-utils-1:7.2-7.fc11.src xorg-x11-xfs-1:1.0.5-4.fc11.src xournal-0:0.4.2.1-3.fc11.src xpdf-1:3.02-12.fc11.src xulrunner-0:1.9.1-0.9.beta2.fc11.src
That should be everything, though I'm not 100% sure about it. Unpacking and searching these sources for 'PS_FontInfo' and 'PS_Font_Info' will show what to rebuild.
This problem is greatly exaggerated!!! I was actually running F10 over freetype 2.3.8 since it was released. So I guess none of that long list of packages ever called `FT_Get_PS_Font_Info'.
I just realized this. Rawhide was massively rebuild against freetype 2.3.8. So, according to this bug report, rawhide is not compatible with new 2.3.9 right now and we should see the hell on earth. Luckily these long lists of packages have nothing to do with freetype directly. The announcement recommends to "search for the substrings `PS_FontInfo' and PS_Font_Info' in your source code". I kinda feel that would be pango, fontconfig, and just a handful of others. Or just do another mass-rebuild.
Alexei, the scope and implications of this bug are very well understood. Please don't add comments that do not add any information. Thanks.
After inspecting the ABI-breaking change in 2.3.8, I'm fairly confident that we don't need to recompile any of the packages. 2.3.7->2.3.8 could cause memory corruption, but 2.3.8->2.3.9 is fairly safe. I'll ask 2.3.9 to be tagged in F11 and close this bug.
Tagged.