Fedora has issued an advisory today (May 7): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ The issues are fixed upstream in 2.12.0.
Status comment: (none) => Fixed upstream in 2.12.0CC: (none) => nicolas.salguero
Suggested advisory: ======================== The updated packages fix security vulnerabilities: FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. (CVE-2022-27404) FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. (CVE-2022-27405) FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. (CVE-2022-27406) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ ======================== Updated packages in core/updates_testing: ======================== freetype2-demos-2.10.4-1.1.mga8 lib(64)freetype6-2.10.4-1.1.mga8 lib(64)freetype2-devel-2.10.4-1.1.mga8 from SRPM: freetype2-2.10.4-1.1.mga8.src.rpm Updated packages in tainted/updates_testing: ======================== freetype2-demos-2.10.4-1.1.mga8.tainted lib(64)freetype6-2.10.4-1.1.mga8.tainted lib(64)freetype2-devel-2.10.4-1.1.mga8.tainted from SRPM: freetype2-2.10.4-1.1.mga8.tainted.src.rpm
Status: NEW => ASSIGNEDStatus comment: Fixed upstream in 2.12.0 => (none)Assignee: bugsquad => qa-bugsSource RPM: freetype2-2.9.1-4.1.mga7.src.rpm => freetype2-2.10.4-1.mga8.src.rpm
Hmmmm, On lib64freetype2-devel-2.10.4-1.1.mga8.tainted I get "Cannot be selected" And lib64freetype6-2.10.4-1.1.mga8.tainted is not there, I see only a regular 2.10.4-2
CC: (none) => herman.viaene
It's on both kernel.org and princeton, but not listed in the hdlist file. Adding sysadmins to the cc list and adding the feedback tag till they can fix it.
Keywords: (none) => feedbackCC: (none) => davidwhodgins, sysadmin-bugs
No. the bug is that no-one caught the fact at mga8 release time that core/release has: lib(64)freetype6-2.10.4-2.mga8 but tainted/release have: lib(64)freetype6-2.10.4-1.mga8.tainted and svn branching was apparently done on "-1.mga8" so the fix is to set %mkrel 2 (and keep the subrel at 1) and submit new builds to core and tainted
Keywords: feedback => (none)
Updated packages in core/updates_testing: ======================== freetype2-demos-2.10.4-2.1.mga8 lib(64)freetype6-2.10.4-2.1.mga8 lib(64)freetype2-devel-2.10.4-2.1.mga8 from SRPM: freetype2-2.10.4-2.1.mga8.src.rpm Updated packages in tainted/updates_testing: ======================== freetype2-demos-2.10.4-2.1.mga8.tainted lib(64)freetype6-2.10.4-2.1.mga8.tainted lib(64)freetype2-devel-2.10.4-2.1.mga8.tainted from SRPM: freetype2-2.10.4-2.1.mga8.tainted.src.rpm
mga8, x64 Made sure that the core packages were already installed. Development tools/utilities: $ ls /usr/bin/ft* /usr/bin/ftbench* /usr/bin/ftgamma* /usr/bin/ftmulti* /usr/bin/ftvalid* /usr/bin/ftdiff* /usr/bin/ftgrid* /usr/bin/ftp* /usr/bin/ftview* /usr/bin/ftdump* /usr/bin/ftlint* /usr/bin/ftstring* Used ftview to examine a couple of installed TTF fonts. That produces a gui including a bitmapped image of a repeated sequence of symbols at pointsize 10 on this display. According to the documentation the displayed size is dependent on the resolution of the display. Using something like $ ftview -d 1280x960 font <font.ttf> only doubles the size of the axes, showing four times the number of characters. Updated the core version successfully. $ ftview pt -e unic font arial.ttf <This showed the whole character set and reported pointsize 10. $ ftview -e unic -m 'Rumpelstiltskin' font cowboys.ttf <Supplied string echoed throughout the image in the correct font with Unicode encoding.> Supplying a larger xdpi value enlarges the displayed characters without enlarging the window. $ ftview -e 'unic' -r 144 -m 'Abracadabra' font gemelli.ttf Cannot do much else here. System supplied and imported fonts are handled fine. OK for core version.
CC: (none) => tarazed25
Taking a step back. Need to test some of the 269 packages which require lib64freetype6. Later.
Ran Calibre using existing library. $ strace -o calibre.trace calibre Converted a PDF to DOCX format and saved files. Opened the DOCX version and browsed. Crashed out - no exit button. $ ll *.trace -rw-r--r-- 1 lcl lcl 10033483 May 11 19:54 calibre.trace $ grep freetype calibre.trace openat(AT_FDCWD, "/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 13 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 15 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 15 $ strace -o stellarium.trace stellarium Selected the moon to display all the information available and the same for an Intelsat. $ grep freetype stellarium.trace openat(AT_FDCWD, "/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 7 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 14 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 14 No complaints on the command line regarding font rendering. So, this looks good for the core version of freetype2.
Had no luck with qarepo with tainted updates ticked. Reverted to the longhand way, enabling tainted updates testing, `urpmi.update -a` and then $ sudo urpmi --searchmedia "Tainted Updates Testing" freetype2-demos etc. $ rpm -q lib64freetype6 lib64freetype6-2.10.4-2.1.mga8.tainted $ ftview -e 'unic' -r 144 -m 'Abracadabra' font /usr/share/tuxtype/fonts/Loma.ttf That looks perfectly OK. $ strace -o calibre.trace calibre Converted a PDF to EPUB format. Clicked on EPUB under formats and was able to read the converted book. $ grep freetype calibre.trace openat(AT_FDCWD, "/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 13 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 15 openat(AT_FDCWD, "/usr/lib64/libfreetype.so.6.17.4", O_RDONLY) = 15 Leaving it there. Good for tainted updates as well.
Whiteboard: (none) => MGA8-64-OK
@Len: I have had a time or two when qarepo would not find tainted packages after testing the core updates. I found that if you clear out the QA Testing folder before going after the tainted versions, it will help. Oh, and be sure the "tainted" is included in the package list you are using. Validating. Advisory in Comment 1, with revised package list in Comment 5.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm
@TJ, re comment 10. Thanks for the tip. I do always clear and update to start with then add the package list, so missing "tainted" in names probably was the reason. Too much running on auto-pilot. :-;
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0184.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED