From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 17 May 2022 11:23:41 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nqtQb-00GiYM-Cs for lore@lore.pengutronix.de; Tue, 17 May 2022 11:23:41 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nqtQa-0002iZ-CQ; Tue, 17 May 2022 11:23:40 +0200 Received: from mail-db8eur05on2086.outbound.protection.outlook.com ([40.107.20.86] helo=EUR05-DB8-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nqtQL-0002iF-Ek for ptxdist@pengutronix.de; Tue, 17 May 2022 11:23:29 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J855g/UA5O5bKp2t91Sv6IC/wOWXTs4UVnQDzeKpJkB3yqaUgACIZPHfBmptwl/zq4DIZgX9wYvnTqelZDerkOQ8rcW7k9nwdw1d2VYbDub9C/Z63I1PrUyjme7t1CiJYmOjJXmysTWj8Pss29YoLAQpq1T/EkSmmi1GEN2F2c5v5LDcq43BWqdgzyrbAT+XWW2urXnnnL8Bc7q4nGsDi0mdGmVaqZggyiZAuzDigq1KPYKtu8fPdQvTAb7qfSzvJu4R+9MkkK9s57O7GlkQFz07WhM8mcj/+I7bPSN5zvr2BH3HBhgqn61zUk87o7SxksSpkM9Hu0veZ1FGkGAeEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZlgRQiSiOYHPHqyAWjckRewywennb0liu3I8St/amBw=; b=Zcdw+QDUNerO91Jtvj1zLe/NvBBnOQVUtbycdUwOCU3JPbwXZ4PeNpafXOwXYlFhlhSTIbK8+gIsxD91XbXqdrDnHYlCn6Pfg1FSLD866NvRKPTQJm+e1TZxm4r20HWOft7Tnpk2JBbjbnP0d6d64Yd6T2wLnc+Y4R2QXF1nWvstG0W2K9OCzNR1BH7kt5X2i0J6uXe03VXprWbNHKBJbW3P28q2P27OEdeaYTyoz+RnR9L/gpZvJCZqfF8pqASa/2HHNZN8oAob8Jr2xvUZ215nLhiaF/+LjC7WTHIDvflF+SKooUoo3k28Fnzq5XFGVOTD1Kba08ugqsqK97K7PA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZlgRQiSiOYHPHqyAWjckRewywennb0liu3I8St/amBw=; b=aE5yJIcgduZ3OmzwK/07EYf38Nqbgzyh7ha49hk0/X6PDCo/HX0X6spPdTY7DU0UqsblsxpJRZMGricLN81MLBxgXvhRdH4muvdVa1T59fZGjoyfPbebdZMjGPKk+f3E94IQIX989bPaZtG+m4I5EESvvWY2K9Tbj9T2qdRWxZE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AS8P251MB0135.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:402::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.18; Tue, 17 May 2022 09:23:22 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af%9]) with mapi id 15.20.5250.018; Tue, 17 May 2022 09:23:22 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Tue, 17 May 2022 11:23:09 +0200 Message-Id: <20220517092309.1710289-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV3P280CA0032.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:9::33) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 39497463-210b-4889-5a64-08da37e6e361 X-MS-TrafficTypeDiagnostic: AS8P251MB0135:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4pnrYE/HlCqJ/nTVZIoc4RZSqZjwkL5CE86YaLBhiK8DTOzk6r//RpJuqCf6apMHy5/PXpDEJWgeMWed4KQEapre8/vpNZaLcZfcYQTSt3+jVoSH5KxlPiByMmOXA25Y9xP+7fr4xd5/Nm1+pS+dHGNmx59Nm+E9reewFPl96WSWBpRqzAWoroClhp3SkusBxlHyBb5oXp5aFrwoWh+9jUD8TmhHcPAZdeWEzgVHzMnRjSstTwutMOXrVfG/o5WSv7JffD4te/xvtKjVwb6mQJmCWPf/V3CVXGqDjcn1ixOEM+IUwm6GHhTNJhs0t3zb8RUBgDUwOPAn7UDF0ZBrERdj+FesJfRSIQpudFXJhCAyeFMQqjD3QX0Jzx6KVGyHaNcHKHRr4iPUs70GMVAWKK3C1nvpSeSnsVK4/ERe6S7FiPtewbl4BEGaRy+4jxatSvy5NCRdAKf/YYqJa93ECw8YuwEXDSWRCd8XZAyMeLFqDhc7LJjnthCdMsZcS57H1g7DvxVJjK3+9HsGej3HZxqfViCw+WcksnHnsF7+ko9iYBqFdtD59PZIVTx3sQBMu3P3+YyMhk/qrLK7cra15inkHI/BIG3ejwzjVAQJ1rd4m1pNmGZt8NHjw/J6Y/N6WJ/jrYFTOnOMashpTXKhO9CI/s/aWQpIAW9sktKm7U2qQ6CxpBEVWAi3fiC7ZdFmGRT1gn1/FmKvq7Hw1dZulTLZ7cpVfkg64F36a+Cs8eQ= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(39830400003)(376002)(366004)(136003)(346002)(396003)(186003)(6666004)(52116002)(30864003)(2906002)(26005)(6512007)(44832011)(6486002)(1076003)(8936002)(508600001)(316002)(66476007)(8676002)(83380400001)(6916009)(41300700001)(2616005)(36756003)(66556008)(86362001)(66946007)(38350700002)(38100700002)(6506007)(5660300002)(26583001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?qx9iuwD/PtSVcO754h+Hk8mMAZssJ1GQ5aaeicx9nkLv0a6Ae0Bqhg0aD+z5?= =?us-ascii?Q?TFfuVGvQ861OaXFPCO+d3G5gYeu4lqaQyGxgOMoaMxzUHZCpK9E1ujJtTEzq?= =?us-ascii?Q?wgSNuQj3q2a/bu06UfhYk4btWGbJRutjj/1pP/MF0yJu+fnSOFivKr8MOO8f?= =?us-ascii?Q?noZ8nf32RScW5K3sBvhsoy7e34CA17huXS8MO0MSMasY6QY32Z8Nv8H6XS6l?= =?us-ascii?Q?5ayqEIPqdVnRDyBVYa999Qy8/hM93/fMaeUrSI0O/O4WJ0hHP9wx9uXeKv8q?= =?us-ascii?Q?a+dWXp3Det+HklXG2lhuv27d8bHSpZMuOtVUcDg7aMpwSCe6l3g1fsROxriJ?= =?us-ascii?Q?/XigZEZ+seNMCItSq8N4qOESsPO16xNWjTterccMI8/UpVzbuAj6n7qxPlBy?= =?us-ascii?Q?SCgmiaNum9eJycd6Z6Ew5OPbirxoCk5amDH3EERgmfoQaYwTpPRDcgzQfR9O?= =?us-ascii?Q?veAdFjx/wlbdwXEIn0N5CMr+qHnIz+h3FwMvlw6sQm833GMPh6yP93QDqwpu?= =?us-ascii?Q?cCnMSl5adStCpejb19p1Vfh+1I76mDQorqyXPbbdUpzIuETfiJWoWaz/BcF3?= =?us-ascii?Q?j0EKinXy5crfCva7IT8MWlzZxQXCqFesP1uyBPXyLOzFNGui/kTzJcH9dmhx?= =?us-ascii?Q?/NPJLNNrFxbxfKPADaAxpXvHgaunmYuDS9Bk3DF9XN/RXdrA0OT3F3brN64K?= =?us-ascii?Q?HyPKSTUUhsyqwKDmTTLCDy17AnUUJJBFNJJq5oSuZ0Sfg/hMbSk8uu9rASOk?= =?us-ascii?Q?QlOLpgGqnjfXZdhhNNG3sHXF6ndx/insDW0AKZpx/lf3Pdoid81qpA9MX8Es?= =?us-ascii?Q?Mlq/TCQXUg+XfmRXSX2J2Bnqh1AUs7z7WQTGTwJSdQnV1hV8osQiQuenMo/o?= =?us-ascii?Q?uIpCV44CcI0B9Mak4y0dLFnu90Egex/bZ3RjaltoDIhJIOPb3gzUWqBuD8NL?= =?us-ascii?Q?hS8esLuv1/B5bAUwBCBFYJwBTlD61UDz0Bw/9Y7Tsb0yFw78kJBhYumIRGv2?= =?us-ascii?Q?0rLyFxRCKgKHckFQZnxr965Pn5rbzab5cTSkVufizyE2PoJStnxKE2GJQAdZ?= =?us-ascii?Q?EUqaVP6PGkAKMih3lqo18nu/f2VeqaI5Phw7QbjlscPIhpnGZvarWU674Kov?= =?us-ascii?Q?OtXgCT+FK5mnpkF62bE2ZwJOJFzrEf9JDfiedT+r4E7Djbppitplb4UVCwWI?= =?us-ascii?Q?KZOYF3AuaNc9iUpTaT3MlZeLZQC6ITAulgYGw2HztMoffXTEFZa+Gm5DafpM?= =?us-ascii?Q?xzCv7e8WZKi0f3jiPKg1QSW+8oMEW/tZatF6W9ejjYtF6KlSQ3yRkAk8KfFj?= =?us-ascii?Q?yXg3UVvAhW2ttdROzhK/JI4v6L5eckWA648qmjMwO093ngOPzdZgdREcuVX6?= =?us-ascii?Q?zigxkMcoynLACPXodCEEImwicxwMyuTsAJwSkgUBMEEa8h4pfVrMFoVmbZna?= =?us-ascii?Q?g74r6d8FCMK1kxLDXsIldP+S+I7MnCOnFCHRk0arU81xO05c4KFFLubpSlPB?= =?us-ascii?Q?cjdRyR6VyLpqwN0vXcVrmZyDiwAKYBjvDw3ZhfU2uGK35VvUr5C+N1kZ9iDw?= =?us-ascii?Q?B9DzjShTvVcMHK177ze/dighFxe2v3hTez5oz6AmieGWxYsQhSp58S3cr7V5?= =?us-ascii?Q?3MfXrCp2RBe+KaUxI0dYGS8d113cOTx/9eLhwuYtYfPTFV4ZNCFkjKcsscPe?= =?us-ascii?Q?qRJggxDoO/Vz7qmZd4XE+5gjNNf8UMF/ZOgp8EbTwpAA3pNjSuaUqPTz7xKs?= =?us-ascii?Q?Mu76gV8UN9LM9XCb9il7bs0a7tiVjr7rLH3MyadjFPZc7J8VvoU6?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 39497463-210b-4889-5a64-08da37e6e361 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2022 09:23:22.4722 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Pf7Cc4r9wVZKs9HT7iYhDP/eS4vVZE1dTKYf8KGXJ8cj6MN4Igrn6b8xtykKAKF54t4Nr5RiZXy0M/UjTpeTs7x+W/qCsxrSJGDKdfCAA7g= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P251MB0135 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH v2] cairo: Fix CVEs & try to get rid of gtkdoc dependencies. X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Since the autoconf update, gtk-doc dependencies seems to have become hard when running autoreconf. Several other build environments default to building gtk-doc. I'd prefer not to so this is an effort to disable doc building entirely. * Add patch to remove doc building. * Remove gtk-doc options from rulefile. * Plug CVEs: CVE-2017-7475, CVE-2018-19876, CVE-2019-6461, CVE-2019-6462, CVE-2020-35492. Signed-off-by: Christian Melki --- ...to-get-rid-of-gtkdocize-dependencies.patch | 89 +++++++++++++++++++ ...-of-Service-Attack-due-to-Logical-Pr.patch | 32 +++++++ .../0006-CVE-CVE-2018-19876.patch | 36 ++++++++ ...tial-infinite-loop-in-function-_arc_.patch | 29 ++++++ ...rtion-in-function-_cairo_arc_in_dire.patch | 29 ++++++ .../0009-Fix-stack-buffer-overflow.patch | 59 ++++++++++++ patches/cairo-1.16.0/series | 8 +- rules/cairo.make | 3 - 8 files changed, 281 insertions(+), 4 deletions(-) create mode 100644 patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch create mode 100644 patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch create mode 100644 patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch create mode 100644 patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch create mode 100644 patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch create mode 100644 patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch diff --git a/patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch b/patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch new file mode 100644 index 000000000..d37eaf278 --- /dev/null +++ b/patches/cairo-1.16.0/0004-Try-to-get-rid-of-gtkdocize-dependencies.patch @@ -0,0 +1,89 @@ +From: Christian Melki +Date: Thu, 12 May 2022 19:40:34 +0200 +Subject: [PATCH] Try to get rid of gtkdocize dependencies. + +gtk-doc (gtkdocize) looks like a bugged hard dependency +under autoconf > 2.69. +Cut docs out. + +Signed-off-by: Christian Melki +--- + Makefile.am | 8 +++----- + autogen.sh | 7 ------- + configure.ac | 5 ----- + 3 files changed, 3 insertions(+), 17 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 03fa3523649f..1c5a8e8f5b47 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -16,8 +16,8 @@ EXTRA_DIST += \ + + ACLOCAL_AMFLAGS = -I build ${ACLOCAL_FLAGS} + +-DIST_SUBDIRS = src doc util boilerplate test perf +-SUBDIRS = src doc util ++DIST_SUBDIRS = src util boilerplate test perf ++SUBDIRS = src util + # libpng is required for our test programs + if CAIRO_HAS_PNG_FUNCTIONS + SUBDIRS += boilerplate test perf +@@ -25,8 +25,6 @@ endif + + configure: cairo-version.h + +-doc: +- cd doc && $(MAKE) $(AM_MAKEFLAGS) $@ + test retest recheck: all + cd test && $(MAKE) $(AM_MAKEFLAGS) $@ + perf: all +@@ -34,7 +32,7 @@ perf: all + check-valgrind: all + cd test && $(MAKE) $(AM_MAKEFLAGS) check-valgrind + cd perf && $(MAKE) $(AM_MAKEFLAGS) check-valgrind +-.PHONY: doc test retest recheck perf check-valgrind ++.PHONY: test retest recheck perf check-valgrind + + + EXTRA_DIST += \ +diff --git a/autogen.sh b/autogen.sh +index 4b10251db941..c80d2b9e5688 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -13,13 +13,6 @@ if test -z $AUTORECONF; then + exit 1 + fi + +-GTKDOCIZE=`which gtkdocize` +-if test -z $GTKDOCIZE; then +- echo "*** No GTK-Doc found, documentation won't be generated ***" +-else +- gtkdocize || exit $? +-fi +- + # create dummy */Makefile.am.features and ChangeLog to make automake happy + > boilerplate/Makefile.am.features + > src/Makefile.am.features +diff --git a/configure.ac b/configure.ac +index 5e33c96ea8b3..8d4cf0fe1ab1 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -22,9 +22,6 @@ m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) dnl Workaround for Automake 1.12 + LT_PREREQ([2.2]) + LT_INIT([win32-dll]) + +-# Api documentation +-GTK_DOC_CHECK([1.15],[--flavour no-tmpl]) +- + AC_SYS_LARGEFILE + + dnl =========================================================================== +@@ -890,8 +887,6 @@ util/cairo-script/examples/Makefile + util/cairo-sphinx/Makefile + util/cairo-trace/Makefile + util/cairo-trace/cairo-trace +-doc/Makefile +-doc/public/Makefile + ]) + AC_CONFIG_COMMANDS([cairo-trace], + [chmod a+x util/cairo-trace/cairo-trace]) diff --git a/patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch b/patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch new file mode 100644 index 000000000..cc9add93c --- /dev/null +++ b/patches/cairo-1.16.0/0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch @@ -0,0 +1,32 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:03:07 +0200 +Subject: [PATCH] Cairo: Fix Denial-of-Service Attack due to Logical Problem in + Program + +https://bugs.freedesktop.org/show_bug.cgi?id=100763 + +CVE: CVE-2017-7475 +Upstream-Status: Submitted + +Signed-off-by: Fan Xin + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-ft-font.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61b47b1..7de310ac5531 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -1207,7 +1207,7 @@ _get_bitmap_surface (FT_Bitmap *bitmap, + width = bitmap->width; + height = bitmap->rows; + +- if (width == 0 || height == 0) { ++ if (width == 0 || height == 0 || bitmap->buffer == NULL) { + *surface = (cairo_image_surface_t *) + cairo_image_surface_create_for_data (NULL, format, 0, 0, 0); + return (*surface)->base.status; diff --git a/patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch b/patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch new file mode 100644 index 000000000..7eb9f9a9b --- /dev/null +++ b/patches/cairo-1.16.0/0006-CVE-CVE-2018-19876.patch @@ -0,0 +1,36 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:06:54 +0200 +Subject: [PATCH] CVE: CVE-2018-19876 Upstream-Status: Backport Signed-off-by: + Ross Burton + +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Mon, 19 Nov 2018 12:33:07 +0100 +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 7de310ac5531..51eff850a924 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + diff --git a/patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch b/patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch new file mode 100644 index 000000000..42fa25a1b --- /dev/null +++ b/patches/cairo-1.16.0/0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch @@ -0,0 +1,29 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:09:24 +0200 +Subject: [PATCH] There is a potential infinite-loop in function + _arc_error_normalized(). + +CVE: CVE-2019-6461 +Upstream-Status: Pending +Signed-off-by: Ross Burton + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-arc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cairo-arc.c b/src/cairo-arc.c +index 390397bae104..f9249dbeb3c8 100644 +--- a/src/cairo-arc.c ++++ b/src/cairo-arc.c +@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +- } while (error > tolerance); ++ } while (error > tolerance && error > __DBL_EPSILON__); + + return angle; + } diff --git a/patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch b/patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch new file mode 100644 index 000000000..9a64b69c2 --- /dev/null +++ b/patches/cairo-1.16.0/0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch @@ -0,0 +1,29 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:10:14 +0200 +Subject: [PATCH] There is an assertion in function _cairo_arc_in_direction(). + +CVE: CVE-2019-6462 +Upstream-Status: Pending +Signed-off-by: Ross Burton + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-arc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/cairo-arc.c b/src/cairo-arc.c +index f9249dbeb3c8..1bde774a418d 100644 +--- a/src/cairo-arc.c ++++ b/src/cairo-arc.c +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; + +- assert (angle_max >= angle_min); ++ if (angle_max < angle_min) ++ return; + + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch b/patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch new file mode 100644 index 000000000..2ed134b8b --- /dev/null +++ b/patches/cairo-1.16.0/0009-Fix-stack-buffer-overflow.patch @@ -0,0 +1,59 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:10:57 +0200 +Subject: [PATCH] Fix stack buffer overflow. + +CVE: CVE-2020-35492 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-image-compositor.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index bbf4cf2281da..2352c478e6f0 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; diff --git a/patches/cairo-1.16.0/series b/patches/cairo-1.16.0/series index dc125547f..14d2bdd8f 100644 --- a/patches/cairo-1.16.0/series +++ b/patches/cairo-1.16.0/series @@ -3,4 +3,10 @@ 0001-only-build-GL-surface-tests-if-GLX-is-enabled.patch 0002-Makefile.sources-move-font-variations.c-a-test-code-.patch 0003-regrouping-of-test-sources-with-new-fc_font_test_sou.patch -# dfb78163a7d65338b42965982e516176 - git-ptx-patches magic +0004-Try-to-get-rid-of-gtkdocize-dependencies.patch +0005-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch +0006-CVE-CVE-2018-19876.patch +0007-There-is-a-potential-infinite-loop-in-function-_arc_.patch +0008-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch +0009-Fix-stack-buffer-overflow.patch +# 18e712a3360b410aa7fccdee8d659405 - git-ptx-patches magic diff --git a/rules/cairo.make b/rules/cairo.make index e9e395b26..594f31ad8 100644 --- a/rules/cairo.make +++ b/rules/cairo.make @@ -39,9 +39,6 @@ CAIRO_CONF_OPT := \ $(CROSS_AUTOCONF_USR) \ --enable-shared \ --disable-static \ - --disable-gtk-doc \ - --disable-gtk-doc-html \ - --disable-gtk-doc-pdf \ $(GLOBAL_LARGE_FILE_OPTION) \ --enable-atomic \ --disable-gcov \ -- 2.34.1