* [ptxdist] [PATCH v2] cairo: Fix CVEs & try to get rid of gtkdoc dependencies.
@ 2022-05-17 9:23 Christian Melki
0 siblings, 0 replies; only message in thread
From: Christian Melki @ 2022-05-17 9:23 UTC (permalink / raw)
To: ptxdist
Since the autoconf update, gtk-doc dependencies seems to
have become hard when running autoreconf.
Several other build environments default to building gtk-doc.
I'd prefer not to so this is an effort to disable doc
building entirely.
* Add patch to remove doc building.
* Remove gtk-doc options from rulefile.
* Plug CVEs: CVE-2017-7475, CVE-2018-19876, CVE-2019-6461,
CVE-2019-6462, CVE-2020-35492.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
...to-get-rid-of-gtkdocize-dependencies.patch | 89 +++++++++++++++++++
...-of-Service-Attack-due-to-Logical-Pr.patch | 32 +++++++
.../0006-CVE-CVE-2018-19876.patch | 36 ++++++++
...tial-infinite-loop-in-function-_arc_.patch | 29 ++++++
...rtion-in-function-_cairo_arc_in_dire.patch | 29 ++++++
.../0009-Fix-stack-buffer-overflow.patch | 59 ++++++++++++
patches/cairo-1.16.0/series | 8 +-
rules/cairo.make | 3 -
8 files changed, 281 insertions(+), 4 deletions(-)
create mode 100644 patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch
create mode 100644 patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
create mode 100644 patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch
create mode 100644 patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch
create mode 100644 patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
create mode 100644 patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch
diff --git a/patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch b/patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch
new file mode 100644
index 000000000..d37eaf278
--- /dev/null
+++ b/patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch
@@ -0,0 +1,89 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Thu, 12 May 2022 19:40:34 +0200
+Subject: [PATCH] Try to get rid of gtkdocize dependencies.
+
+gtk-doc (gtkdocize) looks like a bugged hard dependency
+under autoconf > 2.69.
+Cut docs out.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ Makefile.am | 8 +++-----
+ autogen.sh | 7 -------
+ configure.ac | 5 -----
+ 3 files changed, 3 insertions(+), 17 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 03fa3523649f..1c5a8e8f5b47 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -16,8 +16,8 @@ EXTRA_DIST += \
+
+ ACLOCAL_AMFLAGS = -I build ${ACLOCAL_FLAGS}
+
+-DIST_SUBDIRS = src doc util boilerplate test perf
+-SUBDIRS = src doc util
++DIST_SUBDIRS = src util boilerplate test perf
++SUBDIRS = src util
+ # libpng is required for our test programs
+ if CAIRO_HAS_PNG_FUNCTIONS
+ SUBDIRS += boilerplate test perf
+@@ -25,8 +25,6 @@ endif
+
+ configure: cairo-version.h
+
+-doc:
+- cd doc && $(MAKE) $(AM_MAKEFLAGS) $@
+ test retest recheck: all
+ cd test && $(MAKE) $(AM_MAKEFLAGS) $@
+ perf: all
+@@ -34,7 +32,7 @@ perf: all
+ check-valgrind: all
+ cd test && $(MAKE) $(AM_MAKEFLAGS) check-valgrind
+ cd perf && $(MAKE) $(AM_MAKEFLAGS) check-valgrind
+-.PHONY: doc test retest recheck perf check-valgrind
++.PHONY: test retest recheck perf check-valgrind
+
+
+ EXTRA_DIST += \
+diff --git a/autogen.sh b/autogen.sh
+index 4b10251db941..c80d2b9e5688 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -13,13 +13,6 @@ if test -z $AUTORECONF; then
+ exit 1
+ fi
+
+-GTKDOCIZE=`which gtkdocize`
+-if test -z $GTKDOCIZE; then
+- echo "*** No GTK-Doc found, documentation won't be generated ***"
+-else
+- gtkdocize || exit $?
+-fi
+-
+ # create dummy */Makefile.am.features and ChangeLog to make automake happy
+ > boilerplate/Makefile.am.features
+ > src/Makefile.am.features
+diff --git a/configure.ac b/configure.ac
+index 5e33c96ea8b3..8d4cf0fe1ab1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -22,9 +22,6 @@ m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) dnl Workaround for Automake 1.12
+ LT_PREREQ([2.2])
+ LT_INIT([win32-dll])
+
+-# Api documentation
+-GTK_DOC_CHECK([1.15],[--flavour no-tmpl])
+-
+ AC_SYS_LARGEFILE
+
+ dnl ===========================================================================
+@@ -890,8 +887,6 @@ util/cairo-script/examples/Makefile
+ util/cairo-sphinx/Makefile
+ util/cairo-trace/Makefile
+ util/cairo-trace/cairo-trace
+-doc/Makefile
+-doc/public/Makefile
+ ])
+ AC_CONFIG_COMMANDS([cairo-trace],
+ [chmod a+x util/cairo-trace/cairo-trace])
diff --git a/patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch b/patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
new file mode 100644
index 000000000..cc9add93c
--- /dev/null
+++ b/patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
@@ -0,0 +1,32 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:03:07 +0200
+Subject: [PATCH] Cairo: Fix Denial-of-Service Attack due to Logical Problem in
+ Program
+
+https://bugs.freedesktop.org/show_bug.cgi?id=100763
+
+CVE: CVE-2017-7475
+Upstream-Status: Submitted
+
+Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-ft-font.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b47b1..7de310ac5531 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -1207,7 +1207,7 @@ _get_bitmap_surface (FT_Bitmap *bitmap,
+ width = bitmap->width;
+ height = bitmap->rows;
+
+- if (width == 0 || height == 0) {
++ if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ *surface = (cairo_image_surface_t *)
+ cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ return (*surface)->base.status;
diff --git a/patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch b/patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch
new file mode 100644
index 000000000..7eb9f9a9b
--- /dev/null
+++ b/patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch
@@ -0,0 +1,36 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:06:54 +0200
+Subject: [PATCH] CVE: CVE-2018-19876 Upstream-Status: Backport Signed-off-by:
+ Ross Burton <ross.burton@intel.com>
+
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 7de310ac5531..51eff850a924 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+ free (coords);
+ free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+ free (ft_mm_var);
++#endif
+ }
+ }
+
diff --git a/patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch b/patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch
new file mode 100644
index 000000000..42fa25a1b
--- /dev/null
+++ b/patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch
@@ -0,0 +1,29 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:09:24 +0200
+Subject: [PATCH] There is a potential infinite-loop in function
+ _arc_error_normalized().
+
+CVE: CVE-2019-6461
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-arc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index 390397bae104..f9249dbeb3c8 100644
+--- a/src/cairo-arc.c
++++ b/src/cairo-arc.c
+@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+ do {
+ angle = M_PI / i++;
+ error = _arc_error_normalized (angle);
+- } while (error > tolerance);
++ } while (error > tolerance && error > __DBL_EPSILON__);
+
+ return angle;
+ }
diff --git a/patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch b/patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
new file mode 100644
index 000000000..9a64b69c2
--- /dev/null
+++ b/patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
@@ -0,0 +1,29 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:10:14 +0200
+Subject: [PATCH] There is an assertion in function _cairo_arc_in_direction().
+
+CVE: CVE-2019-6462
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-arc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index f9249dbeb3c8..1bde774a418d 100644
+--- a/src/cairo-arc.c
++++ b/src/cairo-arc.c
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
+
+- assert (angle_max >= angle_min);
++ if (angle_max < angle_min)
++ return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch b/patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch
new file mode 100644
index 000000000..2ed134b8b
--- /dev/null
+++ b/patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch
@@ -0,0 +1,59 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:10:57 +0200
+Subject: [PATCH] Fix stack buffer overflow.
+
+CVE: CVE-2020-35492
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 16:48:19 +0100
+Subject: [PATCH] Fix mask usage in image-compositor
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-image-compositor.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
+index bbf4cf2281da..2352c478e6f0 100644
+--- a/src/cairo-image-compositor.c
++++ b/src/cairo-image-compositor.c
+@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ unsigned num_spans)
+ {
+ cairo_image_span_renderer_t *r = abstract_renderer;
+- uint8_t *m;
++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+ int x0;
+
+ if (num_spans == 0)
+ return CAIRO_STATUS_SUCCESS;
+
+ x0 = spans[0].x;
+- m = r->_buf;
++ m = base;
+ do {
+ int len = spans[1].x - spans[0].x;
+ if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ spans[0].x, y,
+ spans[1].x - spans[0].x, h);
+
+- m = r->_buf;
++ m = base;
+ x0 = spans[1].x;
+ } else if (spans[0].coverage == 0x0) {
+ if (spans[0].x != x0) {
+@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ #endif
+ }
+
+- m = r->_buf;
++ m = base;
+ x0 = spans[1].x;
+ } else {
+ *m++ = spans[0].coverage;
diff --git a/patches/cairo-1.16.0/series b/patches/cairo-1.16.0/series
index dc125547f..14d2bdd8f 100644
--- a/patches/cairo-1.16.0/series
+++ b/patches/cairo-1.16.0/series
@@ -3,4 +3,10 @@
0001-only-build-GL-surface-tests-if-GLX-is-enabled.patch
0002-Makefile.sources-move-font-variations.c-a-test-code-.patch
0003-regrouping-of-test-sources-with-new-fc_font_test_sou.patch
-# dfb78163a7d65338b42965982e516176 - git-ptx-patches magic
+0004-Try-to-get-rid-of-gtkdocize-dependencies.patch
+0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
+0006-CVE-CVE-2018-19876.patch
+0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch
+0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
+0009-Fix-stack-buffer-overflow.patch
+# 18e712a3360b410aa7fccdee8d659405 - git-ptx-patches magic
diff --git a/rules/cairo.make b/rules/cairo.make
index e9e395b26..594f31ad8 100644
--- a/rules/cairo.make
+++ b/rules/cairo.make
@@ -39,9 +39,6 @@ CAIRO_CONF_OPT := \
$(CROSS_AUTOCONF_USR) \
--enable-shared \
--disable-static \
- --disable-gtk-doc \
- --disable-gtk-doc-html \
- --disable-gtk-doc-pdf \
$(GLOBAL_LARGE_FILE_OPTION) \
--enable-atomic \
--disable-gcov \
--
2.34.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-17 9:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-17 9:23 [ptxdist] [PATCH v2] cairo: Fix CVEs & try to get rid of gtkdoc dependencies Christian Melki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox